As one of its final acts in the wee hours of Saturday morning, the U.S. Congress approved legislation criminalizing the practice of pretexting for confidential telephone information.
The Telephone Records and Privacy Protection Act of 2006 targets both those who do the pretexting and the Internet sites that sell the telephone records. Pretexting for financial records is already illegal but the law is vague on pretexting for telephone records.
The legislation specifically criminalizes making false or fraudulent statements to a telephone service provider, providing false or fraudulent documents to a telephone service provider or accessing customer accounts through the Internet or by fraudulent computer-related activities without prior authorization.
The bill will also prohibit the unauthorized sale or transfer of confidential phone records information or the receipt of such information with the knowledge that it was fraudulently obtained.
It will also create new penalties of up to 10 years in prison and a fine of up to $500,000 for any person who sells, transfers, purchases or receives confidential phone records without the consent of the phone customer.
President Bush is expected to sign the bill.
Pretexters use false pretenses to obtain personal telephone records, and a small online cottage industry is flourishing selling the records.
HP highlighted the practice earlier this year when it revealed pretexting was used to obtain the personal telephone records of board members and journalists in the company’s efforts to plug boardroom leaks.
“This bill will make it a crime to buy and sell Americans’ private phone records,” Sen. Ted Stevens (R-Alaska), a co-sponsor of the bill, said in a statement. “Congress has taken an important step to protect our nation’s consumers from unscrupulous companies who sell private telephone records to anyone willing to pay for them.”
The House passed the legislation in April, but a jurisdictional dispute between the Senate Judicial Committee and the Senate Commerce Committee kept the bill on hold until the last, late hours of the 109th Congress. Ultimately, the Senate passed the House version.
“This data fraud can adversely affect Americans’ lives,” Rep. Lamar Smith, the House sponsor of the bill, said in a statement. “A careful study of these records may reveal details of our medical or financial life. It may even identify our occupation or physical location — a serious concern for undercover police officers and victims of stalking or domestic violence.”
“Sales of fraudulently obtained phone records flourished because the possibility of criminal prosecution was remote,” Smith continued. “The bill’s unanimous support in both houses sends a strong message to data thieves — this activity will not be tolerated.”
In the aftermath of the HP pretexting scandal, former Chairman Patricia Dunn, general counsel Ann Baskins and HP lawyer Kevin Hunsaker all resigned. Dunn and Hunsaker are facing criminal charges in California, along with three private investigators HP hired to conduct its investigation.
California Attorney General Bill Lockyer charged all five with conspiracy, fraudulent wire communications, wrongful use of computer data, and identity theft. All four counts carry a maximum prison sentence of three years plus a maximum fine of $10,000 for each of the three underlying felonies.
The House Energy and Commerce Committee also held a hearing on HP’s actions in investigating its boardroom leaks.
Last week, Lockyer and HP reached a settlement over the state’s civil lawsuit related to the company’s leak probe investigation. HP agreed to pay $14.5 million to help finance a new law enforcement fund to fight violations of privacy and intellectual property rights. HP also agreed to adopt certain corporate governance reforms.