Selected Laws Governing the Disclosure of
Customer Phone Records by Telecommunications
Carriers, a recently released Congressional Research Service report, summarizes the laws, legislation and congressional actions related to telephone call log records. The Federation of American Scientists has a database of some of these CRS reports, which are selectively released by members of Congress.

The Los Angeles County Superior Court has ruled that church personnel files of priests accused of molesting children may be released to the public, whether or not there was a criminal prosecution. The decision affects a small number of clergy but tips the balance in favor of the public right to know over privacy, which could affect many other cases.

Santa Clara County, California is continuing to fight a Superior Court determination that its GIS mapping should be easily available to the public at low cost. Meanwhile, Greenwich, Connecticut has assented to that state’s Supreme Court ruling and will post aerial photographs of the town on its Web site. Both government agencies used the specious defense that freely available geographic information systems maps were a security risk.

Folks in North Carolina may want to comment at the blog of a county Register who removed vital records from the Internet, then wrote about it.

The state police can demand lists of email activity conducted by a business if they deem it relevant to an investigation, according to an opinion by the Nebraska Attorney General. This includes “non content” records retained by providers of electronic communication services, such as ISP records of email headers, but not the email message.

Search the New York local civil court records by index number, party name, attorney/firm or judge. Some courts are online now and others will be added through the year.

Appeals filed with the Minnesota Supreme Court and the Minnesota Court of Appeals are now searchable online. More extensive information is available for cases filed after March 2003.

The Federal Communications Commission has issued new rules related to the disclosure of the personal telephone records of consumers. There are some specific new requirements for the carriers:

- Carriers are prohibited from releasing a customer’s phone call records when a customer calls the carrier except when the customer provides a password.

- Carriers are required to notify the customer when their password is changed

- Carriers must obtain explicit consent from a customer before disclosing a customer’s proprietary network information to a carrier’s joint venture partners or independent contractors

Read the full order and Commissioner comments.

The Federal Trade Commission has settled another telephone pretexting case, Federal Trade Commission, Plaintiff, v. Information Search, Inc. and David J. Kacala, individually and as an officer of Information Search, Inc., Defendants. The FTC will collect $3000 from the telephone information broker, who is also required to abandon the now illegal practice of impersonating telephone subscribers to get toll call records from the telecommunications carrier. The Commission had previously filed suit against Information Search, Inc. for obtaining personal financial bank account records in violation of the federal law known as Gramm-Leach-Bliley.

The Federal Trade Commission testified today at the Committee on Energy and Commerce on, Combating Pretexting: H.R. 936, Prevention of Fraudulent Access to Phone Records Act. The text of the testimony of other participants is not yet available.

The Federal Trade Commission has sought a permanent injunction against Action Research Group and Eye In the Sky Investigations for obtaining and selling to third parties confidential customer phone records in violation of the FTC Act prohibiting deceptive acts.
Federal Trade Commission, Plaintiff, v. Action Research Group, Inc., Joseph Depante, Matthew Depante, Bryan Wagner, Cassandra Selvage, and Eye in the Sky Investigations, Inc., Defendants. (United States District Court for the Middle District of Florida Orlando Division)

Meanwhile, the Federal Communications Commission is getting resistance from telephone companies over proposed rules requiring that customers use a password to access their account information and that the companies get a customer’s permission before they release information for telemarketing.

The Justice Department is objecting to two of the FCC proposals.

The first would tell phone companies to destroy customer records as soon as the records no longer are needed for legitimate business purposes. The government wants the records preserved for possible use in criminal investigations.

Secondly, the two departments want phone companies to notify law enforcement officials first, before customers, when customers’ private billing information has been disclosed improperly.

Private investigator, Bryan Wagner, of Littleton, Colorado pleaded guilty on Friday to identity theft and conspiracy charges in United States District Court in San Jose. His sentencing is now scheduled for June 20 in San Jose federal court.

The private investigator admitted to the two felony counts as part of a plea deal based on his obtaining the SSN’s and telephone toll records of journalists, former Hewlett-Packard directors, and their family members.

Mr. Wagner admitted to “pretexting” the telephone companies into releasing their records. He admitted to using personal information to set up online accounts in the names of several people to access their telephone toll logs and billing records.

Mr. Wagner’s lawyer, Stephen Naratil, stated his client was the “little guy” who was tricked by others into thinking the investigative method he used was legal. He also said that Mr. Wagner would testify for prosecutors as they pursue other figures in the case.

The four other defendants associated with this case have all pleaded not guilty. You can read more about this here.

What’s your opinion on this?

The Federal Trade Commission announced a settlement of its complaint against Integrity Security & Investigation Services for “unfair or deceptive acts or practices in or affecting commerce” by obtaining telephone customer data and credit card purchase records. Four other similar cases against other data brokers are still pending. The FTC has little enforcement authority in this area and the cost for each investigation must be very high for the immediate results.

The settlement bars the defendants from obtaining or selling consumers’ phone records or personal information unless authorized by law or court order. It bars them from pretexting – obtaining records using false pretenses – or hiring others who pretext to obtain phone or financial records. Under the terms of the settlement, the defendants will give up $2,700 in ill-gotten gains – the entire amount they earned from selling the phone records and credit card transaction reports.

The order also requires the defendant to “appear and provide truthful testimony in any trial, deposition, or other proceeding related to or associated with the transactions or the occurrences that are the subject of the Complaint, without the service of a subpoena…”

The FTC action and states’ attorney generals lawsuits shine an ever brighter spotlight on data gathering techniques, which has prompted congressional hearings and more specific state laws banning pretexting to obtain telephone records. No doubt, other industries and research methods will be targeted as a “consumer protection” concern without consideration for other overriding interests.

The legitimate corporate governance issues that prompted the leak investigation by Hewlett-Packard has fallen from the front pages, now covered with the long expected indictments by the California Attorney General, Bill Lockyer, who is a current candidate for State Treasurer. As I mentioned a few weeks ago, Lockyer is charging various parties, from HP’s Patricia Dunn to the individuals who obtained the telephone records, with violations of several criminal statutes. The complaint lists the accusations.

The Federal Trade Commission testified last week on telephone record acquisition before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations. Joel Winston, an FTC Associate Director, requested that Congress “enact specific prohibitions against telephone records pretexting and to allow the Commission to seek civil penalties against violators…” Winston advocated for an exemption for law enforcement, which have been among the recipients of the data broker’s services, according to those who previously testified before Congress. A law enforcement privilege could further disadvantage criminal defendants, whose representatives would not be accorded the same access.

News and Opinion, in print, audio and video on HP and corporate governance related to telephone records

C-Span, Congressional Hearings on Telephone Pretexting

It is little surprise that Governor Schwarzenegger signed SB 202, Privacy: telephone calling pattern record or list, making the acquisition of a telephone subscriber’s phone call records a crime.[Read more at Computerworld]

Any person who purchases, sells, offers to purchase or
sell, or conspires to purchase or sell any telephone calling pattern record or list, without the written consent of the subscriber, or any person who procures or obtains through fraud or deceit, or attempts to procure or obtain through fraud or deceit any telephone calling pattern record or list shall be punished by a fine not exceeding two thousand five hundred dollars ($2,500), or by imprisonment in a county jail not exceeding one year, or by both a fine and imprisonment. If the person has previously been convicted of a violation of this section, he or she is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in a county jail not exceeding one year, or by both a fine and imprisonment.

The prohibition applies to telephone numbers called by the subscriber, not reverse address or telephone information. The California Association of Licensed Investigators (CALI) supported the bill and urged the governor to sign it.

Other states have restricted access to telephone records, among them are Michigan, Maine, Oklahoma, Arizona, Washington and Florida. Other state legislation on telephone records is collected at the National Conference of State Legislatures Web site.

Listen to the live Webcast, Hewlett-Packard’s Pretexting Scandal, followed in relentless pursuit by Internet Data Brokers and Pretexting: Who Has Access to Your Private Records? — Hearings of The U.S House Committee on Energy and Commerce Subcommittee on Oversight and Investigations. The HP broadcast is Thursday, September 28, 2006. The data broker show follows on Friday, September 29, 2006. Both Hearings begin at 10:00AM.