AUSWR
The Association of U S West Retirees
 

 

 

House Panel to Press Cellphone Industry on Improving Protection of Customer Records
By Matt Richtel and Ken Belson
New York Times
Wednesday, February 1, 2006

The cellphone's emergence as a primary communications device has spawned a cottage industry of con artists seeking to trick mobile phone companies into giving away the phone numbers and calling records of unwitting subscribers.

That is the premise of a Congressional hearing, scheduled today, into the extent of the problem, whether carriers are doing enough to protect subscriber data, and the possibility of enacting tighter regulations to thwart thieves.

In the last two weeks, the nation's four biggest cellular carriers Cingular, Verizon Wireless, Sprint Nextel and T-Mobile have filed lawsuits against so-called cellphone data brokers.  In one case, a federal judge in Trenton issued a preliminary injunction yesterday against the owners of  LocateCell.com, prohibiting them from trying to obtain information about Verizon Wireless customers and providing information on Verizon Wireless customers to any third parties.

In general, these brokers, several of whom operate Web sites, reportedly dial customer service centers, pose as subscribers and obtain calling records, which are then sold to private detectives, divorce lawyers and others.  In some cases, these brokers also offer to retrieve land line data, which can also be vulnerable.

While these activities have elicited lawsuits and calls for action on Capitol Hill and from state attorneys general, cellphone companies say that the problem is limited and that they are beefing up measures to counter it.

"We've stepped up the awareness of the issue in the company and we've stepped up the alertness of our representatives," said Mark Siegel, a spokesman for Cingular, the country's largest cellphone company.

But security experts say that imposters posing as cellphone customers are only as successful as the gaps they are able to expose in the carriers' call centers.  Some cellphone companies may do a poor job of training their call center operators, particularly if the workers are overseas.  Other companies may lose company records left unprotected on laptops and other hardware.

In still other companies, employees may be funneling call records to these Web site companies, something the carriers maintain would result in the employee's dismissal.

On Monday, the Federal Communications Commission, citing concern that call records can be obtained by unauthorized users, recommended fining AT&T and Alltel $100,000 each for failing to certify that they complied with rules to protect customer records.

The methods that these unauthorized users are said to employ are more an old-school swindle than a high-tech security breach.

Lawsuits filed by carriers like Sprint Nextel accuse a handful of brokers of calling customer service centers, posing as customers by presenting personal information like Social Security numbers, or persuading operators to bypass security measures to give away call records.

On the Web site of LocateCell, customers can pay $110 for an individual's call records.

LocateCell could not be reached for comment.  A company called All Star Investigations, which was sued on Monday by Sprint Nextel, says on its Web site that it caters to "attorneys, insurance companies, corporate clients and private individuals."

All Star Investigations could not be reached for comment. In some cases, the people buying the call records may have legitimate need for them.  Lawyers, for instance, may need records as part of an investigation.  The question is whether the companies obtaining the records have systems in place to confirm that the person requesting the information has a right to it.

"People who sell this data need to have a verification system, and they don't," said John Pescatore, a security analyst at Gartner.  "The enforcement is lax."

At the same time, consumers may expect more protection for their cellphone numbers and records than for their traditional phone lines because there is no public directory of cellphone numbers.

"Wireline numbers are in reverse directories and other places, but because there aren't similar wireless directories databases, there is a market opportunity, and entrepreneurs and crooks go after market opportunities," said Bob Atkinson, director of policy research at the Columbia Institute for Tele-Information and a former director of the Common Carrier Bureau at the Federal Communications Commission.

Betsy Broder, assistant director of the Federal Trade Commission's division of privacy and identity protection, said the agency had the authority to force companies to forfeit gains received from using deception to get private information.  She said the F.T.C. had used that authority in cases in 1999 and 2002 to go after swindlers who got individual records from financial institutions.

As for companies seeking cellphone records, "we're investigating companies right now," Ms. Broder said.  She declined to give any specific information about the inquiries.

Laws are in place to prohibit the use of deceptive tactics to obtain phone records, according to Terry Lane, a spokesman for the House Energy and Commerce Committee, which scheduled today's hearings.  Mr. Lane said that the F.T.C. could impose civil penalties for the deceptive trade practices, but that Congress might want to strengthen those penalties.

"I mean to make it very illegal," Representative Joe L. Barton, Republican of Texas, chairman of the House Energy and Commerce Committee, said in a statement.  He added, "Telephone companies may not be doing enough to protect consumer privacy."

http://www.nytimes.com/2006/02/01/technology/01cell.html?_r=1&oref=slogin