House Declines to Take Up Pretexting Bill
House leaders decided not to take up a pretexting bill (HR-4943) Fri., despite calls by House Commerce Committee Chmn. Barton (R-Tex.) and other members in a high-profile, 2- day hearing into the Hewlett-Packard corporate spy scandal. “The bill won’t be on the floor,” a spokesman for House Majority Leader Boehner (R-O.) said Fri. Barton, pointing to a poster showing a picture from Gone with the Wind, told a House panel the bill wasn’t “gone.”
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
“It has been found; it’s alive and well,” Barton said: “There’s a reasonable chance that we may get it up today.” House Oversight Subcommittee Chmn. Whitfield (R-Ky.) summoned to Fri.’s panel a number of wireless carriers to explain how they're stepping up security to fight pretexting -- getting private phone records by assuming a false identity. He also invited an investigator, who refused to testify, a journalist whose phone records were stolen, and FCC and FTC officials.
Whitfield scolded private eye Doug Atkin for invoking the 5th Amendment and refusing to answer questions. Atkin refused to produce documents in response to the committee’s subpoena, Whitfield said, demanding an explanation for the record from the witness’s lawyer. Whitfield closely questioned N.Y. Post reporter Christopher Byron, who said his phone records were disclosed 4 years ago when he was doing a story for a financial magazine.
It took over 50 phone calls for the pretexter who stole Byron’s records to get the data, Byron said. “We now know that this practice is referred to among phone records thieves as ‘dialing for dummies,” Byron said. It amounts to a “kind of crapshoot in which the pretexter phones up customer service ‘800 numbers’ of telephone companies again and again, trying one ruse after the next” until connecting with someone who provides the information.
The FCC stopped short of endorsing congressional efforts in its written testimony. Rep. Stupak (D-Mich.) questioned FCC Enforcement Bureau Chief Kris Monteith on the agency’s silence on the matter. Chmn. Martin hasn’t looked at the legislation, Monteith said, and the agency has no position on the bill. Martin has said he would back banning improper access to consumer phone records such as the bill implies, he said.
But federal legislation would “further assist the FTC’s enforcement” by imposing specific bars on pretexting, said Joel Winston, the agency’s assoc. dir.-privacy. The legislation should exempt law enforcement authorities and include civil and criminal penalties, he said. This would send a “strong message to this industry: pretexting for telephone records is clearly and unequivocally illegal.”
The FCC said it has asked nearly 20 wireline and wireless carriers to document their customer data security procedures and practices, identify security and disclosure problems and list changes made in response to the data broker issue. Supplemental requests for information have been sent to the 9 largest carriers and an in-depth analysis is underway, said Monteith. The FCC also asked carriers also whether any private consumer cellphone data related to the HP pretexting scandal was given out without authorization, he said.
Wireless companies have told the FCC they're stepping up security and authentication to ensure consumer privacy, Monteith said. The FCC is working with the FTC, sharing what it learns of fraudulent behavior. A Notice of Proposed Rulemaking tentatively concluded that the Commission should require carriers to certify annually that their security procedures comply with FCC rules. Martin will ask commissioners to vote on it in the fall, Monteith said.
Wireless companies told the committee they're fighting pretexting with passwords and new, more complex methods of authentication. “These people are thieves, plain and simple,” said Cingular Assoc. Gen. Counsel Thomas Meiss. After consumers complained of pretexting, Cingular told its workers to watch for pretexters. The company has 6 suits against over 30 defendants, and changed its account access policy so no call record details can be provided over the phone to anyone, not even a verified customer, Meiss said. Cingular sued several data brokers over consumer complaints. Verizon Wireless said it was the first public entity to take action on incidents of theft of cellphone records and has filed several suits on the subject.
Phone carriers have made it clear they oppose Title II of the bill, which requires them to better protect consumer data, said Rep. Schakowsky (D-Ill.). Though companies are “more than happy to have us go after the pretexters who dupe them, many have been fighting our efforts to require them to correct their security problems,” she said: “With today’s hearing, we are saying loud and clear that it is time for the phone companies to guard their customers’ information.”