Congress Targets Pretexting

U.S. lawmakers promised to push ahead legislation aimed at cracking down on pretexting, despite some objections from telecom carriers and the U.S. Department of Justice.

Nearly all the members of the House of Representatives Energy and Commerce Committee pledged to push the Prevention of Fraudulent Access to Phone Records Act, which would give the U.S. Federal Trade Commission (FTC) authority to file lawsuits against pretexters and the people who hire them.

The bill would also require the Federal Communications Commission (FCC) to draw up new rules for telecom carriers to protect private phone records, and it would prevent carriers from sharing customer information with third parties without permission.

Despite some concerns about the bill, lawmakers said consumers need protection against pretexting, the practice of posing as a telecom customer to obtain phone records and other private information. "Someone with bad intentions and a few bucks can get a hold of almost anybody's cell phone records," said Representative Fred Upton, a Michigan Republican.

President George Bush signed a bill creating criminal penalties for pretexting in January. But proponents of the Prevention of Fraudulent Access to Phone Records Act say the extra protections in the bill are also needed.

The Energy and Commerce Committee approved the same bill during the last session of Congress, but the legislation apparently was held up on the House floor because of concerns from federal law enforcement agencies that the bill could slow efforts to get information on terrorism suspects.

Lawmakers from both parties complained that they received little explanation about why the bill died last year. Thomas Navin, chief of the FCC's Wireline Bureau, said the Department of Justice was concerned that the FCC would set up rules that consumers are notified too soon after their phone records were accessed by someone else. The DOJ wanted a delay of seven days before consumers were notified, he said.

But Representative Ed Markey, a Massachusetts Democrat, said consumers should be notified immediately. "I don't think the Department of Justice should be listened to on that issue," he said. "I think [victims] should be listened to on that issue."

Markey pointed to news reports this week saying the DOJ's Federal Bureau of Investigation may have violated the law and its internal rules while collecting telephone, data and other personal records through the Patriot Act. "There is still a lack of respect for the law of our country," he said.

Beyond the law enforcement concerns, representatives of trade groups the United States Telecom Association and CTIA-The Wireless Association said the bill could prevent them from sharing customer information with third parties that market complementary products. CTIA members don't share customers' personal information with unrelated groups, but the carriers to use third-party vendors to market wireless-related products, said Steve Largent, CTIA's president and CEO.

But Representative Joe Barton, a Texas Republican, questioned industry concerns about language in the bill that could require carriers to get opt-in permission from customers to share their personal data.

"It seems if we want to protect privacy, we should change this from opt out to opt in," he said.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon