New Pretexting Bill Introduced in U.S. Congress

Two U.S. representatives have introduced a law that would give the U.S. Federal Trade Commission the authority to investigate and prosecute imposters who gain access to other people’s private telephone records.

The bill, introduced Wednesday by Reps. Jay Inslee, a Washington state Democrat, and Marsha Blackburn, a Tennessee Republican, comes in addition to a bill signed into law by President George Bush in January criminalizing the phone records scheme known as pretexting.

The new pretexting bill is important because the FTC has more expertise and interest in prosecuting identity-theft cases than many local prosecutors, a spokeswoman for Inslee said.

Ken Springer, the founder and president of Corporate Resolutions, a private investigations firm, applauded the pretexting legislation. State prosecutors have been targeting similar tactics to get personal bank records for about 10 years, and reputable private investigation firms haven’t used pretexting for many years, he said.

“You’ve got to play by the rules,” said Springer, a former special agent with the FBI. “It’s not a gray area. You can’t use it.”

Although corporate customers may demand that private investigators use all means necessary, Springer tells clients they should consider that the details of their investigations could wind up in the media. “The risk-reward [balance] is something they should consider,” he said.

After a pretexting scandal at Hewlett-Packard in late 2006, “corporate America got the message,” he said. Still, the new pretexting bill can give customers faith that their records are protected, he said.

Inslee and Blackburn introduced a similar bill in January 2006, but it didn’t come up for a vote on the floor of the House of Representatives. Their Consumer Telephone Records Protection Act would make it illegal for anyone to knowingly obtain confidential phone records by making false or fraudulent statements to a telephone company, or to knowingly sell or receive confidential phone records knowing such information was obtained fraudulently.

The bill would also require telephone companies to notify customers when their phone records fall into the wrong hands.

In January, Bush signed a law making pretexting illegal, punishable with up to 10 years in prison and fines. Fines and prison sentences would increase if the violations involve more than 50 telephone customers.

Congress began investigating pretexting in early 2006, after media reports and a complaint from privacy advocacy group the Electronic Privacy Information Center showed that several companies were selling private phone records online for less than US$100.

Then in September, HP revealed that investigators it hired had used pretexting to try to discover the source of board leaks. California prosecutors charged former HP board Chairwoman Patricia Dunn, former HP legal counsel Kevin Hunsaker, and three investigators with felonies late last year.

-Grant Gross, IDG News Service (Washington Bureau)

Related Links:

• Spying Scandal at Hewlett-Packard

Keep checking in at our CSO Security Feed page for updated news coverage.