Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Judge Bars Unauthorized Sales of Phone Records

Posted by kdawson on from the look-me-in-the-eye dept.

The Register delivers the good news that a US federal judge had slapped down the practice of pretexting and ordered a Wyoming company to pay almost $200,000; AccuSearch was also permanently barred from selling individuals' phone records without their permission. The FTC had filed suit in 2006 against the company and four others. AccuSearch had advertised a service that made phone records of any individual available for a fee. The current article makes no mention of whatever became of the other four accused data brokers.

18 of 69 comments (clear)

  1. What? This is unheard of! by Phantombrain · · Score: 3, Insightful

    Since when has the US government cared about the privacy of individuals?

    --
    echo YOUR_OPINION > /dev/null
    1. Re:What? This is unheard of! by Dr.+Hellno · · Score: 4, Funny
      If I may, I'll take off my top hat and replace it with my tinfoil cap for a second:

      It seems probable to me that the reason this happened is phone records which show calls

      from politicians to call girls

      from lobbyists to politicians

      and of course

      conference calls between the three.

  2. Paint me stupid. by palegray.net · · Score: 5, Insightful

    How in the hell did this firm gain access to peoples' phone records in the first place? I guess I don't know enough about how this works, but I thought it was illegal for the phone company to provide such records to a private firm without a court order. Hell, even cops have to get warrants to go through phone records, right?

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    1. Re:Paint me stupid. by corsec67 · · Score: 4, Interesting

      In the current government, who cares about a "warrant"? Not like that means anything anymore. Especially to a phone company.

      --
      If I have nothing to hide, don't search me
    2. Re:Paint me stupid. by CodeBuster · · Score: 2, Informative

      Indeed this is what is meant by "pretexting" in the summary. For more detailed information, including sample conversation transcripts and other stories of pretexting and the early hacking days of Kevin Mitnick, you may want to take a look at The Art of Deception . The more recent examples of similar types of activities include spamming and phishing of course, but the old phone pretexting techniques are still just as serviceable today as they were before, during, and even after the golden age of phone preaking because many people (unfortunately) simply never learn.

    3. Re:Paint me stupid. by Doc+Daneeka · · Score: 5, Informative

      The company, AccuSearch, was calling up phone companies and pretending to be certain persons in order to gain their account information. They then sold the relevant information to an interested third party. The private firm was misrepresenting itself in order to gain sensitive information.

      "FTC attorneys argued that using false pretenses, fraudulent statements and fraudulent or stolen documents to induce carriers to disclose records was illegal."

      So, they didn't need a warrant because they were pretending to be a customer trying to access their account records.

    4. Re:Paint me stupid. by palegray.net · · Score: 5, Insightful

      I'd like to see criminal charges pressed for this sort of behavior. Surely the employees taking these actions couldn't possibly use the defense of "I was just doing my job." That would be like low level dope peddlers claiming they only sold their product under duress from their "boss." Anyone care to do a little digging on exactly what criminal statutes might have been broken here?

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    5. Re:Paint me stupid. by mwvdlee · · Score: 2, Insightful

      So all of this could've been avoided if the phone companies would only send records to the addresses registered in their system for the client requesting their phone records?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    6. Re:Paint me stupid. by penix1 · · Score: 2, Insightful

      It doesn't take digging to find out what the violated statute is. It is fraud. Wire fraud if done over the phone like it usually is. The thing I don't get is how the phone companies can justify giving phone records for one phone number to someone calling from another. The reply should be, "Call us back from the phone you want the records to." It won't stop all the fraud but it will make it that much harder.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  3. Other data brokers? by hawks5999 · · Score: 4, Funny

    The current article makes no mention of whatever became of the other four accused data brokers They all now go by their original names:

    NSA

    CIA

    FBI

    DHS

    1. Re:Other data brokers? by gbobeck · · Score: 2, Interesting

      I thought their real names were the following:

      AT&T
      AARP
      ACM (thats Association For Computing Machinery)
      Publisher's Clearinghouse

      --
      Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
  4. Not such a big deal by Anonymous Coward · · Score: 4, Interesting

    The 3 letter agencies don't have to buy their phone records

  5. Re:Wtf by palegray.net · · Score: 3, Informative

    Please do not feed the trolls. It only incites them to further stupidity. Please reference the official Wikipedia article on the topic for further information. You may also be interested in The Psychology of Trolling. This has been an online discussion tactics PSA. Thank you, HAND, YMMV, IANAL, FWIW.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  6. Paint me stupid too by erareno · · Score: 2, Interesting

    This is how spammers get your number, I'm guessing? If so, does this mean no more phone spam? *Awaits the inevitable denial of such high hopes*

    1. Re:Paint me stupid too by servognome · · Score: 2, Informative

      Sorry to dash your hopes, but there are a bunch of ways you "willingly" authorize companies to sell your number. Just look at the little text on cell phone bill/credit card application/airline ticket/etc.

      --
      D6 63 0D 70 89 81 BB 8E 7B 7C 5F 5D 54 EA AB 73
  7. OK, that's a start. by ScentCone · · Score: 4, Insightful

    But a judge telling a firm that they can't do it any more isn't NEARLY as good as congress making it a big ol' Federal No-No. So, c'mon, Pelosi. Reid? Where's all of that protect-the-little-guy stuff? Hillary? Obama? Where are the firey populist bits about how they'll use their party's control of congress to work on this sort of thing? Well, first things first. Like... hearings on steroid use in baseball leagues.

    --
    Don't disappoint your bird dog. Go to the range.
  8. Meh by SeaFox · · Score: 2, Insightful

    Perhaps I would be more impressed if the ruling said that all companies, including phone carriers, had to get customer approval before selling records via an opt-in waiver separate from their service agreement. I imagine most carriers have some sentence in the fine print saying that by taking their service you're agreeing by default to let them use your data.

    Oh, wait. They do. Hence we all have to run around to every company we do business with and make phone calls, check boxes on online forms, and send postcards to opt-out of their information selling.

  9. See laws on CDR's by thule · · Score: 2, Informative

    I wish I could find the article I read awhile back that explained the law around log files. Traditionally, call detail records (CDR's) were not owned by you, the customer. CDR's were/are owned by the phone company. They could use the data anyway they wanted, including selling it. There are some states (Washington?) that created laws that stated that CDR's are not owned by the phone company, but are partially owned by the customer and are therefore considered private information.

    If you run a web server, who owns those log files, you or the person that connects to your server? If some officer called up asking if some IP address connected to your server, you could request a warrant for this information or just turn it over.