The House Committee on Energy and Commerce unleashed its full investigative
and subpoena powers Friday on online data brokers selling confidential phone
records. The panel “demanded” the brokers disclose how they are obtaining
the records.
The committee sent demand letters to First Source Information Specialists of
Tamarac, Fla., which manages the datafind.org, locatecell.com,
celltolls.com, peoplesearchamerica.com sites, and PDJ Services of
Granbury, Texas, which operates phonebust.com.
“It is very disconcerting that certain online data broker companies are
exploiting consumers’ personal records and selling the information to
whomever pays for the records,” the letters state.
“With the exception of
the legitimate activities of law enforcement authorities, who in any event
have legal means for acquiring such information, we struggle to find any
ethical justification for marketing this data.”
First Source is also under a Federal Communications Commission (FCC)
citation for failing to comply with an FCC subpoena seeking the same
information.
“I can only guess at the excuses that will be offered by people who profit
by engaging in an obvious fraud, by invading personal privacy and by
assisting criminal behavior,” Energy and Commerce Committee Chairman Joe
Barton (R-Texas) said at a hearing
last week.
The committee wants to know all methods used by the data brokers to acquire
the information they sell and if any efforts are made to obtain consent from
consumers before selling their confidential data.
In particular, the committee aims to find out if the data brokers’ employees
pose as telephone company customers in order to seek account information, a
practice known as “pretexting.”
The telephone carriers maintain their customer records are secure and that
the data brokers are obtaining the data through pretexting. Current law
contains criminal penalties for obtaining another person’s financial records
under false pretexts, but similar penalties do not exist specifically for
telephone records.
Under the Telecommunications Act of 1996, telephone carriers are obligated
to protect the Customer Proprietary Network Information (CPNI) of consumers.
The CPNI is considered sensitive personal data, because it includes logs of
calls that individuals or businesses initiate and receive on their phones.
In August, the Electronic Privacy Information Center (EPIC) revealed that
the carriers’ confidential consumer data is available over the Internet.
EPIC petitioned the FCC to force the agency to establish stricter rules to
protect consumer data.
Since then, the FCC has launched an investigation into the matter, and
lawmakers have introduced a raft of bills to curb the practice. The House
has already held a hearing and the Senate Commerce Committee has a Wednesday
hearing on the matter scheduled.
“In essence, within literally a matter of hours, someone who purchases such
information from a data broker Web site can gain unauthorized access to an
individual’s daily calls and contacts, home and billing addresses, and other
valuable confidential information,” the House letter states.