WASHINGTON — Wireless carriers today said pretexting for telephone records should be criminalized, but were silent when it came to backing a bill imposing additional requirements on carriers to protect consumer records.
Though far less publicized and attended than Thursday’s hearing on Hewlett-Packard’s pretexting scandal, the same House investigative panel met again Friday morning to hear testimony from the nation’s six largest wireless carriers.
The House Energy and Commerce’s Subcommittee on Oversight and Investigations began looking into pretexting earlier this year. The practice involves lying to dupe carriers into revealing the personal telephone numbers of consumers.
The carriers insist the problem is with pretexters, not their security of consumers’ personal telephone records.
“The Hewlett-Packard scandal and the eye-opening testimony we heard yesterday again brings home the fact that pretexting is a serious problem that must be fought on multiple fronts,” Kentucky Republican Ed Whitfield said Friday as he opened the second day of the pretexting hearings.
As the panel repeatedly stressed Thursday, Whitfield used Friday’s hearing to plug the committee’s anti-pretexting legislation that has yet to receive a floor vote.
The committee’s bill not only criminalizes the practice of pretexting, it also requires carriers to conduct periodic audits and submit annual reports of their anti-pretexting efforts.
“The carriers…have to play an important role in solving this problem and better protect the information,” the panel’s chairman, Republican Ed Whitfield of Kentucky, said.
Illinois Democrat Jan Schakowsky also plugged the panel’s bill, noting how “easy [carriers] made it for scam artists to get the personal phone logs of others.”
In their testimony, Cingular Wireless, Verizon Wireless, Sprint/Nextel, T-Mobile USA, Alltel Wireless and U.S. Cellular all stressed their increased efforts to curb pretexting.
“We should be clear exactly what we’re talking about,” Michael Holden, Verizon Wireless’s senior counsel told lawmakers.
“Terms like ‘pretexting’ and ‘data brokers’ mask the serious nature of crimes being committed. We are talking about thieves who are perpetuating serious fraud, theft and invasions of privacy.”
Holden said Verizon Wireless was the first carrier to file lawsuits against pretexters and the company continues to work with law enforcement officials to prosecute data thieves.
All the other carriers told similar tales of their efforts against pretexters and the increased training and security they have put in place.
Specifically asked if they supported the panel’s bill, all six carriers sidestepped the issue.
They enthusiastically endorsed tougher criminal and civil sanctions against pretexters but refused to venture an opinion on the carrier-responsibility part of the bill, promising to have their government affairs offices get back to the committee in writing.
Nor were the carriers supportive of the Federal Communications Commission’s proposals to require carriers to use consumer-set passwords, audits and encryption to better protect consumer data.
“We don’t support mandatory passwords,” Holden said. “That should be the customer’s choice. Ironically, the better the security, the more customers get locked out.”
Charles Wunsch, Sprint/Nextel’s vice president for corporate transactions and business law, added, “Pretexters will just go to the password reset function. Encryption and audit trails don’t make sense to us.”