Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Judge Bars Unauthorized Sales of Phone Records

Posted by kdawson on from the look-me-in-the-eye dept.

The Register delivers the good news that a US federal judge had slapped down the practice of pretexting and ordered a Wyoming company to pay almost $200,000; AccuSearch was also permanently barred from selling individuals' phone records without their permission. The FTC had filed suit in 2006 against the company and four others. AccuSearch had advertised a service that made phone records of any individual available for a fee. The current article makes no mention of whatever became of the other four accused data brokers.

69 comments

  1. What? This is unheard of! by Phantombrain · · Score: 3, Insightful

    Since when has the US government cared about the privacy of individuals?

    --
    echo YOUR_OPINION > /dev/null
    1. Re:What? This is unheard of! by Dr.+Hellno · · Score: 4, Funny
      If I may, I'll take off my top hat and replace it with my tinfoil cap for a second:

      It seems probable to me that the reason this happened is phone records which show calls

      from politicians to call girls

      from lobbyists to politicians

      and of course

      conference calls between the three.

    2. Re:What? This is unheard of! by AndGodSed · · Score: 1

      Since... uh no you got me.

      --

      Seven Days with Ubuntu Unity

    3. Re:What? This is unheard of! by technicalandsocial · · Score: 1

      I would guess pressure had something to do with it:
      http://www.cippic.ca/en/news/documents/Judgement.pdf

      Someone made a request to Accusearch for information on Canada's privacy commissioner, and they got it. The case made it to the Canadian court system. And if you wonder why affairs in Canada would affect the US;

      Canada now has a "do not fly list" ("Passenger protect") -- yet they don't want one
      Canada is now starting a war against drugs -- yet they don't want one

  2. Paint me stupid. by palegray.net · · Score: 5, Insightful

    How in the hell did this firm gain access to peoples' phone records in the first place? I guess I don't know enough about how this works, but I thought it was illegal for the phone company to provide such records to a private firm without a court order. Hell, even cops have to get warrants to go through phone records, right?

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    1. Re:Paint me stupid. by corsec67 · · Score: 4, Interesting

      In the current government, who cares about a "warrant"? Not like that means anything anymore. Especially to a phone company.

      --
      If I have nothing to hide, don't search me
    2. Re:Paint me stupid. by KillerCow · · Score: 1

      How in the hell did this firm gain access to peoples' phone records in the first place?


      Say you want the phone records for John Smith.

      1. Call the phone company.
      2. Pretend to be John Smith
      3. Ask them to send a copy of your phone records.
    3. Re:Paint me stupid. by CodeBuster · · Score: 2, Informative

      Indeed this is what is meant by "pretexting" in the summary. For more detailed information, including sample conversation transcripts and other stories of pretexting and the early hacking days of Kevin Mitnick, you may want to take a look at The Art of Deception . The more recent examples of similar types of activities include spamming and phishing of course, but the old phone pretexting techniques are still just as serviceable today as they were before, during, and even after the golden age of phone preaking because many people (unfortunately) simply never learn.

    4. Re:Paint me stupid. by Doc+Daneeka · · Score: 5, Informative

      The company, AccuSearch, was calling up phone companies and pretending to be certain persons in order to gain their account information. They then sold the relevant information to an interested third party. The private firm was misrepresenting itself in order to gain sensitive information.

      "FTC attorneys argued that using false pretenses, fraudulent statements and fraudulent or stolen documents to induce carriers to disclose records was illegal."

      So, they didn't need a warrant because they were pretending to be a customer trying to access their account records.

    5. Re:Paint me stupid. by palegray.net · · Score: 5, Insightful

      I'd like to see criminal charges pressed for this sort of behavior. Surely the employees taking these actions couldn't possibly use the defense of "I was just doing my job." That would be like low level dope peddlers claiming they only sold their product under duress from their "boss." Anyone care to do a little digging on exactly what criminal statutes might have been broken here?

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    6. Re:Paint me stupid. by Kaenneth · · Score: 1

      Same way that guy on Dateline (or whatever show that "Have a seat" guy is on) catches child 'predators'.

      The government requires 'Warrants', has rules against 'Entrapment', etc. However, if a private party does the work, they hands it over to them, magically it's accepable as evidence.

      Just like the Blackwater contractors, it's not the Government, so it's OK.

      Corporations don't just get favors from Government, sometimes they give them.

      How many warrentless wiretaps is the spectrum auction worth?

      I am just joking, but sometimes I wonder if I'm paranoid enough. (Giger counters illegal in New York?, asset fortfiture laws? 'Real' ID?)

      I knew someone who contributed to the Bush campaign, she wants the second coming (of Jesus) to happen and she's looking forward to the events in Revelations, such as the battle of Armegeddon.

    7. Re:Paint me stupid. by mwvdlee · · Score: 2, Insightful

      So all of this could've been avoided if the phone companies would only send records to the addresses registered in their system for the client requesting their phone records?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    8. Re:Paint me stupid. by penix1 · · Score: 2, Insightful

      It doesn't take digging to find out what the violated statute is. It is fraud. Wire fraud if done over the phone like it usually is. The thing I don't get is how the phone companies can justify giving phone records for one phone number to someone calling from another. The reply should be, "Call us back from the phone you want the records to." It won't stop all the fraud but it will make it that much harder.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
    9. Re:Paint me stupid. by Loconut1389 · · Score: 1

      for the most part, but social engineering always works.
      Our mail almost always comes within an hour timeframe. It wouldn't take much for someone to sit on my porch and smoke a cigarette until the mail comes. The mailman would gladly hand it to someone who looked like they lived there. You then avoid the messing with a mailbox charge and the clank of incoming mail. We have a mailbox on the porch- not a street box- I imagine it would be easier to steal from a street box- though 'more' illegal.

    10. Re:Paint me stupid. by BVis · · Score: 1

      I knew someone who contributed to the Bush campaign, she wants the second coming (of Jesus) to happen and she's looking forward to the events in Revelations, such as the battle of Armegeddon.
      Lots of people feel that way. I don't see how it's relevant.

      For the record, I'm not an evangelical, but I think that people's beliefs should be respected insofar as they don't infringe on other people's rights to have different ones. RAmen.
      --
      Never underestimate the power of stupid people in large groups.
    11. Re:Paint me stupid. by Anonymous Coward · · Score: 0

      people's beliefs should be respected insofar as they don't infringe on other people's rights to have different ones. Very nice, but remember:

      Never underestimate the power of stupid people in large groups.
    12. Re:Paint me stupid. by Tanktalus · · Score: 1

      Ok, so I call up using a Skype account where I can fake the caller ID.

      No, someone else already had this right. Only send to the mail address on file. Still not perfect, but it should stop this corporations from being able to get out-of-region phone records (ok, if they're in NYC, they could sit on someone's porch in NYC, but that might get suspicious. They won't likely fly to Los Angeles or Toronto to get phone records from those areas.)

    13. Re:Paint me stupid. by aproposofwhat · · Score: 1

      people's beliefs should be respected insofar as they don't infringe on other people's rights to have different ones

      Wrong, wrong, wrong.

      If someone believes something that is patently stupid, why is it deserving of respect?

      Just because it's a religion?

      Sorry, but I respect people based on how they act towards others, not because they subscribe to a particular belief system, and their being religious reduces the respect that I have for them, whichever sky monster they subscribe to.

      The idea that religious beliefs should all be equally deserving of respect is moral relativism in a shiny new coat, and should be derided as such.

      --
      One swallow does not a fellatrix make
    14. Re:Paint me stupid. by FuzzyDaddy · · Score: 1
      Only send to the mail address on file.

      I know someone whose ex wanted to get her mail, so he filled out a mail forwarding card and forged the signature. It's not hard to do. They'll forward to anywhere in the country based on a little slip of paper.

      --
      It's not wasting time, I'm educating myself.
    15. Re:Paint me stupid. by BVis · · Score: 1

      If someone believes something that is patently stupid, why is it deserving of respect?

      Just because it's a religion?
      Because by accepting that people believe different things than you do, you reduce their ability to tell YOU that what you believe is wrong. Not to mention the fact that arguing over religion is a waste of time.

      And what is "moral relativism"? Morals are ALWAYS relative, as far as I can tell. What works for you doesn't necessarily work for me, and vice versa. Personally, what I believe is that while religion can be easily twisted into a destructive force, there are some good things that come out of a common belief, such as a stronger community.

      You wouldn't happen to be an objectivist, would you?
      --
      Never underestimate the power of stupid people in large groups.
    16. Re:Paint me stupid. by aproposofwhat · · Score: 1
      Oh, I accept that other people believe different things than I do, but I see no need to respect their belief systems and to give them equal weight to my own.

      And no - I'm not an objectivist (though I am often objectionable) - I'm more of a meld between Wittgenstinian and Utilitarian, which is where I get my moral code from.

      Strangely, the moral code that fits best with what can be deduced from utilitarian principles was promulgated by one Jesus of Nazareth some 2000 years ago, but it was immediately corrupted by Saul of Tarsus and became the whole church thing that blights our world today.

      --
      One swallow does not a fellatrix make
    17. Re:Paint me stupid. by Anonymous Coward · · Score: 1, Insightful

      As long as legitimate customers have access to their accounts, so will anyone else who cares to look.

      Changing your address won't work. People get around that problem by simply forwarding your mail, which anyone can do to anyone else, for free even! And then restoring it to the old address when they get what they want. Or yeah, simply stopping by your house and grabbing your mail.

      All of the security, encryption, firewalls and passwords in the world won't stop someone from calling you on the phone and just simply asking for what they want. And probably 70% of the time it works.

    18. Re:Paint me stupid. by BVis · · Score: 1

      You don't have to give them any weight whatsoever as far as your own decisions go. But just because they believe something else doesn't make them 'wrong', it just makes them different. I'm not asking you to respect their beliefs, but to respect what those beliefs mean to them, no matter how bizarre they might seem to you. Most of the time this involves simply keeping your mouth shut, so it's actually LESS effort for you.

      --
      Never underestimate the power of stupid people in large groups.
    19. Re:Paint me stupid. by ThreeSpace · · Score: 1

      It's the phone company. Do you think they'd use CallerID? More likely, they'd be using ANI which is way more difficult to forge.

    20. Re:Paint me stupid. by Darth+Eggbert · · Score: 1

      I currently work for one of the ILECs, and have for over 3 years, and the FCC has forced us to beef up some of our procedures. They have recently decreed that we can only send duplicate copies of bills to the address on file, as long as it has been that way for at least 30 days (a billing cycle). You also can no longer access your online account unless you have a security code that is hardcopied to you via snail mail.

      All this is great, right?

      Well you can't imagin how much this has pissed customers off. If people wonder why we didn't do this before, it's not because we wern't worried about account security, its because upping security on accounts allways has a very negitive backlash from inconvienced customers. And nobody every beleives that it's a FCC mandate.

      Darth Eggbert

      --
      Fear the power of NTie!
    21. Re:Paint me stupid. by Devistater · · Score: 1

      You must not be keeping up on /. news :)
      http://yro.slashdot.org/article.pl?sid=02/07/18/1245202
      http://yro.slashdot.org/article.pl?sid=01/10/03/1628242

      They probably would have been ok if they made themselves as an affiliate of the phone companies (they could say they were selling cell phone batteries or something).
      Then they could buy/sell/trade for all the customer information they want, names, addresses, who they call, what times, the phone numbers they call, etc. All without a warrant. No pre-texting nessasary.

      It all happened when the FCC decided to make it opt OUT, rather than the way it was previously, which was opt IN.

      So, call up your phone company (cell or landline) and tell them you want to opt OUT of sharing your CPNI (customer proprietary network information) with others.

    22. Re:Paint me stupid. by ih8bills · · Score: 1

      That is a crime-- but rarely enforced. The Post Office makes a lame, half-assed attempt to "verify" the order via a pair of "confirmation letters" which is about as effective as screen doors on a submarine... The victim can and should complain to the Postal Inspection Service.

    23. Re:Paint me stupid. by Anonymous Coward · · Score: 0

      You are stupid and I have huge uncircumcised genitalia - let's PAR-tay!

    24. Re:Paint me stupid. by FuzzyDaddy · · Score: 1

      They actually kept the forged card as some leverage in their future dealings with the ex.

      --
      It's not wasting time, I'm educating myself.
    25. Re:Paint me stupid. by ih8bills · · Score: 1

      Only trouble with that is...the authorities would question their motive for waiting to file a complaint. They WON'T be drawn into divorce battles-- tampering with the mail is a Felony offense... but they are not anyone's "tool".

  3. Other data brokers? by hawks5999 · · Score: 4, Funny

    The current article makes no mention of whatever became of the other four accused data brokers They all now go by their original names:

    NSA

    CIA

    FBI

    DHS

    1. Re:Other data brokers? by gbobeck · · Score: 2, Interesting

      I thought their real names were the following:

      AT&T
      AARP
      ACM (thats Association For Computing Machinery)
      Publisher's Clearinghouse

      --
      Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
  4. Wtf by Anonymous Coward · · Score: 0, Flamebait

    Why do the trolls and crapflooders have to keep saying "nigger" lately? Really now wtf is wrong with you people?

    1. Re:Wtf by palegray.net · · Score: 3, Informative

      Please do not feed the trolls. It only incites them to further stupidity. Please reference the official Wikipedia article on the topic for further information. You may also be interested in The Psychology of Trolling. This has been an online discussion tactics PSA. Thank you, HAND, YMMV, IANAL, FWIW.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    2. Re:Wtf by Anonymous Coward · · Score: 0

      Canadians are cool

      Depends which sort of Canadian you mean.

      RON PAUL 2008
  5. Not such a big deal by Anonymous Coward · · Score: 4, Interesting

    The 3 letter agencies don't have to buy their phone records

    1. Re:Not such a big deal by Anonymous Coward · · Score: 0

      The don't have to, but they still do, just in case it is more convenient than getting a warrant.

  6. Since its inception, actually.... by Anonymous Coward · · Score: 0

    ...contrary to the deranged, misleading, false ramblings of liberal Chicken Littles.

  7. Re:We, the users of Slashdot by Artuir · · Score: 1

    Hm. Coward, indeed.

  8. Paint me stupid too by erareno · · Score: 2, Interesting

    This is how spammers get your number, I'm guessing? If so, does this mean no more phone spam? *Awaits the inevitable denial of such high hopes*

    1. Re:Paint me stupid too by servognome · · Score: 2, Informative

      Sorry to dash your hopes, but there are a bunch of ways you "willingly" authorize companies to sell your number. Just look at the little text on cell phone bill/credit card application/airline ticket/etc.

      --
      D6 63 0D 70 89 81 BB 8E 7B 7C 5F 5D 54 EA AB 73
    2. Re:Paint me stupid too by TheThiefMaster · · Score: 1
      You mean like

      tick which of the following you don't want us to contact you on:
      O Phone text O email
      and which of these you do:
      O Post O Phone call
      and which of the following you would not like us to not send you our newsletter on: ...
      and tick 1,3 and A if you don't want us to sell all your private data to some dodgy firm, making sure to erase the pre-printed tick in 4. Note that if you opt to not have us contact you above, you agree to let us sell all your details regardless of what you tick here... Grr
    3. Re:Paint me stupid too by FredFredrickson · · Score: 1

      Yeah, My guess is even with this court order, all they need for authorization is an opt out mail that has a timeout of 1 month. If you choose not to read your junk mail carefully, you silently consent to all sorts of horrid things. And for some- maybe they never even get the letter...

      --
      Belief? Hope? Preference?The Existential Vortex
  9. OK, that's a start. by ScentCone · · Score: 4, Insightful

    But a judge telling a firm that they can't do it any more isn't NEARLY as good as congress making it a big ol' Federal No-No. So, c'mon, Pelosi. Reid? Where's all of that protect-the-little-guy stuff? Hillary? Obama? Where are the firey populist bits about how they'll use their party's control of congress to work on this sort of thing? Well, first things first. Like... hearings on steroid use in baseball leagues.

    --
    Don't disappoint your bird dog. Go to the range.
    1. Re:OK, that's a start. by rhizome · · Score: 1

      But a judge telling a firm that they can't do it any more isn't NEARLY as good as congress making it a big ol' Federal No-No. So, c'mon, Pelosi. Reid? Where's all of that protect-the-little-guy stuff?

      It's in the same place the FTC went when they were looking for a club to use against these guys.

      Articles...they's good for readin', Jethro!

      --
      When I was a kid, we only had one Darth.
    2. Re:OK, that's a start. by Doc+Daneeka · · Score: 1

      We don't need more laws when the current ones are already adequate. We just need the enforcing agencies to start upholding the law. Merely throwing more laws at the ills of society will not cure them. I would have to agree that Congress often does not focus on the important things but it is another thing to be asking them to go off on more tangents making things already illegal go on "Double Secret Probation".

    3. Re:OK, that's a start. by Anonymous Coward · · Score: 0

      Yeah it sure is Uncle Jedd!

    4. Re:OK, that's a start. by Anonymous Coward · · Score: 0

      Because a soundbyte of ambiguous language concerning hope or a call to support ones nations troops gets more voter response than actually mentioning the core of the issues?

    5. Re:OK, that's a start. by kmac06 · · Score: 1

      RTFA. It's already illegal you twit.

    6. Re:OK, that's a start. by rhizome · · Score: 1

      Yeah it sure is Uncle Jedd!

      You might want to find a newer article that describes developments in that story since last Thursday, of which there have been "some."

      --
      When I was a kid, we only had one Darth.
  10. Now for email by timeOday · · Score: 1

    We need the same protections for email - who emails whom should be private. As it stands, I'm not even sure the contents of emails are protected.

    1. Re:Now for email by ih8bills · · Score: 1

      Of course not--email is like broadcasting-- anyone between you & the intended recipient can read it anytime they like. Is not even hard to do-- any 3rd grader could probably figure it out. Unless it is encrypted before it's sent.

  11. Meh by SeaFox · · Score: 2, Insightful

    Perhaps I would be more impressed if the ruling said that all companies, including phone carriers, had to get customer approval before selling records via an opt-in waiver separate from their service agreement. I imagine most carriers have some sentence in the fine print saying that by taking their service you're agreeing by default to let them use your data.

    Oh, wait. They do. Hence we all have to run around to every company we do business with and make phone calls, check boxes on online forms, and send postcards to opt-out of their information selling.

    1. Re:Meh by rtb61 · · Score: 1
      It is far more logical to make it illegal across the board to sell private information, without notifying the recipient of every sale of private information, including the name and details of the individual who sold the data, the name and details of the individual who bought the data and the company they represent, the full extent of the data traded, and what they intend to do with the data, and this should be done for each and every transaction, no exemptions.

      They should also implement realistic data retention and correction laws, where companies that hold a private individuals data, notify the individual upon a yearly basis, with full details of the data held and how the data was obtained.

      lets work to make privacy invasion just a bit more expensive to do than the profits they can generate by it.

      Otherwise how long before companies like google start to offer money to ISP's for the records of all your internet traffic, and that is not unrealistic as they have already worked on handling all email traffic for ISP's so they could invade the privacy of everyone's email on the face of the planet, sending or receiving, they were going to get you one way or the other.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:Meh by Devistater · · Score: 1

      Yeah, ever since the FCC changed the rules to make sharing CPNI (Customer Proprietary Network Information) an opt OUT process instead of opt IN, thats what you need to do. You are one of the few people that know about and recognize this, most people don't know about it.

      http://yro.slashdot.org/article.pl?sid=02/07/18/1245202
      http://yro.slashdot.org/article.pl?sid=01/10/03/1628242

    3. Re:Meh by ih8bills · · Score: 1

      While I agree whole-heartedly with the principle and the idea... I'm afraid it is wayyyyy too late for 99% of the US population to opt out of anything. There are entire companies in the US that make all of their income by selling/trading your personal information. In some States (like mine) you have to opt out of the bloody Registry of Motor Vehicles selling your name/address--I just did that 2 days ago... :( Credit-card companies (especially STORE-cards like JC Penney/Sears) Magazine subscriptions-- EVERYBODY sells lists to EVERYBODY ELSE. These companies provide mailing lists/phone number lists/email lists ... they are broken down by any criteria you want. Geographical area/ age/sex / number of rug rats /veteran/cancer survivor/ charity donor/ ANYTHING THEY WANT. Lists are generated electronically-- or hard-copied-- or burned to disc. If you want a list of all the left-handed/myopic/sewer-workers/who are Korean War veterans in the Metro-Chicago area-- it takes about 15 seconds (if that)

  12. Wait... by Shifty+Jim · · Score: 1, Interesting

    This was legal to begin with? Umm... Yeah.

    --
    "To surrender to ignorance and call it God has always been premature, and it remains premature today." -Isaac Asimov
  13. See laws on CDR's by thule · · Score: 2, Informative

    I wish I could find the article I read awhile back that explained the law around log files. Traditionally, call detail records (CDR's) were not owned by you, the customer. CDR's were/are owned by the phone company. They could use the data anyway they wanted, including selling it. There are some states (Washington?) that created laws that stated that CDR's are not owned by the phone company, but are partially owned by the customer and are therefore considered private information.

    If you run a web server, who owns those log files, you or the person that connects to your server? If some officer called up asking if some IP address connected to your server, you could request a warrant for this information or just turn it over.

  14. Well, it's not so bad by cgomezr · · Score: 1

    I don't think bars can sell records in the Europe, with or without authorization. It makes no difference whether their clients are judges or not.

  15. Now let's get Intelius by LouTheTroll · · Score: 1

    Here's another one: http://www.intelius.com/phone-search-name.html

  16. NO NO NO!! by onkelonkel · · Score: 1

    People's beliefs should NOT be respected.

    No belief is ever, in any way, deserving of or entitled to "Respect"

    What we ought to respect is a persons right to believe whatever they like. Their beliefs can be agreed or disagreed with, applauded or ridiculed, depending on their congruence with observed reality and, yes, your own beliefs.

    There are people who believe the earth is flat, that a God has decided that women should be subservient to men, or that it's ok to have sex with children. Do you automatically respect those beliefs?

    --
    None of them can see the clouds; The polished wings don't care.
    1. Re:NO NO NO!! by BVis · · Score: 1

      I misspoke. I meant 'respect a person's right to believe what they want'.

      This includes NOT ridiculing those beliefs for its own sake. I find it's best to smile, nod, and say nothing when it's obvious from my perspective that what someone believes is patently ridiculous. If you want to pick a fight, go for it, I respect your right to believe that that's the correct course of action. Personally, I find that arguing with a zealot accomplishes two things: pisses you off, and convinces the zealot that you're working against whatever they believe in, so they have to believe twice as hard. Nobody wins, and there's ten minutes of your life you're never going to get back.

      --
      Never underestimate the power of stupid people in large groups.
    2. Re:NO NO NO!! by onkelonkel · · Score: 1

      Right you are. The only reasons to argue with a zealot are to deliberately annoy them, or (more difficult, but scores higher)use facts and reason to get close enough to one of their core beliefs that they go into cognitive dissonance.

      If you want to be nice, my Mum told me a simple substitution trick - instead of saying "Bullshit", say "Amazing".

      "all the Jews left the World Trade Center an hour before the planes hit" - "Amazing"

      "Bill Gates will send me a dollar for every e-mail I forward to him" - "Amazing"

      "God has a special plan just for me" - "Amazing" It works every time.

      --
      None of them can see the clouds; The polished wings don't care.
  17. ANI by Anonymous Coward · · Score: 0

    Phone companies don't use caller ID. They use ANI, which isn't so easily spoofable (it's used to bill you, so they actually care about it being correct).

  18. Hmm. Does it prevent - by Geminii · · Score: 1

    - the company giving the records, gratis, to a second company coincidentally owned by the same people, which then sells the records for profit?