PIs Selling Phone Records Sued By The FTC

carl writes "According to an MSNBC article, the FTC has sued five different background investigation firms for selling confidential phone records." From the article: "In the lawsuits announced Wednesday, the FTC charged the companies used 'false pretenses, fraudulent statements, fraudulent or stolen documents or other misrepresentations, including posing as a customer of a telecommunications carrier' to get the phone records. The companies advertised on their Web sites that they could get the confidential phone records of any individual and make them available for a fee, the agency said."

PLS...

I suppose I could RTFA, but what does 'Pls' stand for?

Re:PLS...

I just realized, it isn't "Pls", as in short for 'Please', but it is P.I.s, as in Private Investigators.

Never mind me...

And another thing... Why do I have to wait for over 5 minutes between posting anonymous replies? I realize it's flood protection, but 2 replies within 5 minutes would hardly make a flood. Something more reasonable, like a minute or two would be better.

Re:PLS...

[szembek]

Not a troll, a valid question. PIs is not an intuitive acronym. And unless yer name is Magnum... don't use it!

Don't forget

[nizo]

... the FTC charged the companies used "false pretenses, fraudulent statements, fraudulent or stolen documents or other misrepresentations, including posing as a customer of a telecommunications carrier to get the phone records.

(Emphasis mine)

So when is the FTC going to charge carriers with improperly handling private information? I hope they don't forget to nail the carriers to the wall for handing out this information in the first place. If they wouldn't just give the information away to every Tom, Dick, and Harry that called without verifiying they are who they say they are, there wouldn't be as much of a problem would there? Some simple ways to avoid giving the information to the wrong person might include calling them back on their cellphone or sending the information to the address that gets the bills. Selling this information is wrong, but the carriers are just as culpable for giving it out without proper verification.

Re:SBC gives this stuff out for free

[CastrTroy]

In order to get the point accross, some reporter bought the Canadian Privacy Minister's phone records and sent them to her. She was amazed that this kind of information was available. It amazes me that a lot of the time the people in charge don't even know what is going on, or what is even possible. By the time the press had gotten wind of bittorrent, I had already been using it for a year.

Re:You can't really secure against social engineer

[Bob3141592]

There isn't really much way to be "secure" against social engineering because it exploits the one system you can't secure - the human mind.

Why not? When you establish service with a company, they should require you to provide them with a security question and answer of your choosing, and not simply ask you to select a common one from a list. Then when someone calls to access information from your account, they simply read back the question to you, and wait for the answer. If it matches, fine, they can presume it's you. If you don't know the answer, then they don't give out any information. If you've forgotten, they can mail it to the billing address on record (or email it to the address on record) and you can call them back later. Why wouldn't that work?