The Senate Commerce Committee today announced it will hold a Consumer Affairs, Product Safety, and Insurance Subcommittee hearing on Protecting Consumers’ Phone Records on Wednesday, February 8, 2006, 2:30 p.m. in room 562 of the Dirksen Building. Senator George Allen (R-Va.), Chairman of the Consumer Affairs Subcommittee, will chair the hearing.
The hearing will examine unauthorized third party access to phone records, potential legislative solutions, and will assess the proper roles of the Federal Communications Commission and the Federal Trade Commission.
SUBCOMMITTEE CHAIRMAN GEORGE ALLEN
Good afternoon. I call this hearing of the Senate Subcommittee on Consumer Affairs, Product Safety, and Insurance to order. This hearing will examine ways to protect consumers’ phone records from being fraudulently obtained and sold into the public domain.
I wanted to take action as soon as I heard that unscrupulous marketers were obtaining and selling confidential, personal phone billing records. This fraudulent and criminal activity must be prosecuted and stopped to protect innocent people. Especially of concern to me are the rights of some women who have had their privacy violated by stalkers who use the information to get details of their personal lives and harms law enforcement investigations.
In recent months, a number of websites have popped up selling consumer phone records for as little as $100-dollars. Experts say that the records are usually obtained by “data brokers” who pose as customers requesting their records or computer hackers who surreptitiously retrieve the data online. Senators heard testimony today from the Federal Communications Commission, the Federal Trade Commission, telecommunications industry officials and privacy experts.
We can not allow these unscrupulous and deceptive practices to continue. That is why Chairman Stevens and I, along with my Ranking Member, Senator Pryor, decided that a hearing was the way to adequately begin to protect innocent individuals from becoming prey to conniving people willing to make a quick buck by violating one’s security and privacy. This fraud can be as harmful and disconcerting as when a third-party uses false pretenses to obtain an innocent person’s confidential financial records.
I believe that in protecting consumers we must ensure that our approach is sensible and effective. With legislation, we will send a clear message to the bad actors that this fraudulent and deceptive behavior will be enforced to the fullest extent of the law and they will be punished using federal laws and State Attorneys General.
Chairman Ted Stevens
The recent reports detailing the ease with which third parties can access private phone records are alarming. These reports have shown us that it is important that Congress ensure that Americans’ phone records are protected and that there will be severe penalties for invading phone record privacy.
I have been working on crafting a legislative solution to address this growing problem and assess the proper role of government. As we move forward, I look forward to continuing to work with industry, the relevant federal agencies, and other Members of Congress to ensure that all phone records are kept safe.
This hearing is an important step as this Committee addresses this issue. But we are not alone in this fight, and I look forward to hearing the thoughts of the federal agencies with oversight, the industry, and concerned public interest groups.
SENATOR CONRAD BURNS
SUBCOMMITTEE ON CONSUMER AFFAIRS, PRODUCT SAFETY, AND INSURANCE
Good afternoon Chairman Allen, Ranking Member Pryor, members of the Committee, and distinguished panelists. Thank you for holding this important hearing on protecting consumers’ phone records. First, I am very disturbed about the disclosure and sale of personal telephone records through data brokers pre-texting or by data brokers obtaining access to consumers’ accounts online by overcoming carriers’ data security protocols.
As an original cosponsor of the Consumer Telephone Records Protection Act of 2006, I’m proud to say my bill will close existing loopholes and will make you pay a hefty price in both money and jail time if you access someone’s private records without their permission. Importantly, this bill criminalizes the act of pretexting, adding a new violation for fraud and related activity connected with obtaining confidential phone records from a company that provides telephone service. Specifically, the Consumer Telephone Records Protection Act of 2006 proposes that for each occurrence the illegal actor can be fined up to $250,000 and/or imprisoned for up to 5 years. These penalties can be doubled for aggravated cases. The criminal violations in this bill, along with action taken by the FCC and further Congressional Action, if needed, will restore consumers’ confidence that their personal information is safe when they sign up for phone service with a telecommunications company.
Next, I want to applaud Chairman Martin for the action that the FCC has undertaken pursuant to its statutory authority to protect consumers’ personal telephone records. Chairman Martin recently appeared before the House of Representatives and testified that any noncompliance by telecommunications carriers with the customer proprietary network information (CPNI) obligations under section 222 of the Communications Act and the Commission’s rules will result in strong enforcement action by the FCC. Section 222 of the Communications Act to was written to protect consumers’ privacy . Specifically, it provides that carriers must protect the confidentiality of customer proprietary network information. CPNI includes, among other things, customers’ calling activities and history, and billing records.
Under FTC Law, it is already considered an illegal deceptive business practice to use false pretenses to gather a consumer’s financial information. The FTC has the power to pursue actions against phone record pretexters based on its authority to prevent deceptive and unfair business practices, but without this statutory authority spelled out in a statute, a question of statutory interpretation regarding FTC authority could be litigated. Furthermore, even if the FTC’s authority to pursue actions against pretexters of phone records is assumed, the FTC is not authorized to immediately impose civil penalties against third party data brokers.
Unfortunately, in today’s information age, there are those who are constantly seeking new way s to navigate the gray areas of our laws in hopes of finding something they can use to their advantage. My bill will shine a bright light on this particular gray area, wiping it out, and protect Americans from these rats who invade someone’s privacy.
Thank you all for your time and concern and I look forward to working with the members of this committee, panel and other interested parties as this discussion moves forward.
Gordon H. SmithSenator
Opening Statement as Prepared
Senator Gordon H. Smith
February 8, 2006Thank you Senators Allen and Stevens for holding this important hearing on protecting consumer’s phone records.
The deceptive practice of “pretexting” has gotten a lot of attention recently. Pretexting is nothing more than lying to get something that you are not lawfully entitled to obtain – and it is illegal.
The Federal Trade Commission has the authority to pursue companies or individuals that engage in pretexting or other deceptive practices under Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.”
Using this authority, the FTC has brought civil actions against U.S. businesses that use false pretenses to gather information on consumers. Unfortunately, the FTC lacks authority to pursue bad actors operating overseas.
We need to give the FTC the necessary tools to go after these fraudsters no matter where they operate.
I have sponsored the U.S. SAFE WEB Act with Senators Inouye, McCain, Nelson of Florida, Burns, Dorgan, and Pryor. This important bill will provide the FTC with the tools to protect consumers from cross-border fraud and deception, including pretexting.
Our bill has already passed the Commerce Committee by unanimous consent and I urge quick passage on the floor of the Senate so we can more effectively pursue those individuals who continue to deceive and defraud U.S. consumers.
One last point -- like consumers, phone companies are victims of the fraud perpetrated by pretexters. Additional regulation of phone companies will not change the fraudulent behavior of pretexters. Enforcement is the key.
Thank you Mr. Chairman
Daniel K. InouyeSenator
It was troubling to learn that unscrupulous data brokers have made a business of selling consumers’ personal phone records. Equally disturbing is the fact that the Federal Trade Commission (FTC) received numerous complaints about these egregious practices and refused to act on them.
While many recent identity theft scams have employed tech-savvy tactics of hackers, the sale of consumer phone records is simply the work of swindlers. It is well within the FTC’s current authority to address this problem. I understand the FTC found numerous instances of cell phone record sales in other investigations related to financial services and chose to turn a blind eye.
Unfortunately, the FTC’s inaction resulted from a lack of attention, not a lack of authority. Nonetheless, if further clarity and additional authority are necessary, this Committee should not hesitate to provide it.
The Federal Communications Commission (FCC) has a key role to play as well. The FCC must ensure that telecommunications providers are doing all that is necessary to protect the confidentiality of consumers phone records, or what is also known as customer proprietary network information (CPNI). The FCC appears to be taking this matter seriously.
Next week, the FCC will consider ways to strengthen CPNI safeguards through rulemaking. In addition, FCC Chairman Kevin Martin has recommended specific Congressional action to address this problem, including enhancing the FCC’s enforcement authority.
We also need to keep in mind emerging services, such as Voice over Internet Protocol (VoIP). They, too, must be subject to the same privacy requirements. Consumers have every right to expect that their personal data will be protected regardless of the communications service they choose to utilize.
It is my hope that the recent press attention to this matter has served as a wake up call, and that, in the interest of consumer privacy and public safety, the FTC and FCC do everything they can to eliminate these egregious practices as quickly as possible. I can assure both agencies that this Committee will be a willing and cooperative partner in their efforts.
Witness Panel 1
The Honorable Charles E. SchumerUnited States SenatorNew York
Senator Allen, Senator Pryor, and members of the Consumer Affairs Subcommittee – thank you for giving me the opportunity to speak to you today about an issue that I know is of great concern to all of us – protecting the very private and personal information that is kept as a part of people’s telephone records.
When a person talks on the phone – whether it’s their cell phone or their home phone – they have an expectation of privacy. No one thinks that information about who they are calling and when they are calling them, as well as all of the personal information kept by phone companies for billing purposes, are available for sale to anyone with $100.
Sadly, we now know that this is all too true. The activities of web sites such as locatecell.com and of “pretexters,” who pose as telephone customers to get people’s personal phone record information from the phone companies, have made some of our most personal and confidential information vulnerable to criminals who want that information for nefarious purposes. Even worse, unauthorized access to this information can put law enforcement officers and victims of domestic abuse in danger.
A former spouse or a stalker can find out who their target is calling, and intensely personal information like who their doctor is, or whether the person is seeing a psychologist. Targets of criminal investigations can find out if someone is talking to law enforcement authorities about them, and in a particularly frightening scenario, the FBI recently was able to obtain the cell phone records of one of its agents online in just three hours.
We have a law that protects our financial information – the Gramm-Leach-Bliley Act. But there is no federal law that makes it a criminal offense to steal someone’s phone records. So far, the cell phone companies have had to go after pretexters with civil lawsuits; or prosecutors have to cobble together a case from the patchwork of consumer protection laws. But if all that pretexters really face are civil fines, they could just look at them as a cost of doing business. What these thieves do is a crime – and it ought to be treated like a crime.
That’s why I introduced – with Judiciary Chairman Arlen Specter and Senator Bill Nelson from the Commerce Committee – a bipartisan bill that will make stealing a person’s phone records a felony. It’s called the Consumer Telephone Records Protection Act, and I’m happy to report that among our cosponsors are eight members of the Commerce Committee from both sides of the aisle.
Three of the major wireless carriers (Verizon Wireless, T-Mobile, and Sprint-Nextel), along with groups like Consumers Union and MoveOn.org have endorsed this bill.
The bill makes it a crime to fraudulently buy somebody’s phone records; it prohibits the sale or transfer of those records; and it specifically prohibits employees of the phone companies from selling this information. We are also looking at enhanced penalties when the records are used to commit a crime of domestic violence, or if they are used to do harm to law enforcement officers. The bill also contains an enhanced penalty for multiple offenses, aimed at the web sites and companies that make a business out of stealing people’s phone records.
All of the bipartisan support, as well as the support from industry and consumer groups, shows the need to do something about this now. I am pleased that the Commerce Committee is looking into how it can help put a stop to this deplorable practice, and I look forward to working together with you to find a solution that will stop pretexters and protect the privacy of American citizens.
Witness Panel 2
Ms. Kris MonteithChief of Enforcement BureauFederal Communications Commission
Ms. Lydia ParnesDirector, Bureau of Consumer ProtectionFederal Trade Commission
Mr. Marc RotenbergPresident and Executive DirectorElectronic Privacy Information Center
Mr. Robert DouglasChief Executive OfficerPrivacyToday.com
Ms. Cindy SouthworthDirector of Technology and Director of the Safety Net ProjectNational Network to End Domestic Violence