WASHINGTON, DC -- In anticipation of hearings in the House Energy and Commerce Committee at the end of September, Rep. Ed Markey (D-MA), the top Democrat on the House Telecommunications and Internet Subcommittee of the Energy and Commerce Committee released the following statement about the Hewlett Packard privacy debacle.  Rep. Markey, also the co-chair of the Congressional Privacy Caucus, has sponsored and cosponsored a number of bills to protect personal privacy, including tightening and clarifying anti-pretexting laws.  One such bill to ensure phone companies did a better job in protecting phone records and that clarified that use of pretexting to obtain phone records is illegal is H.R. 4943, the "Prevention of Fraudulent Access to Phone Records Act.”  This legislation passed the House Energy and Commerce Committee unanimously and then was removed from the House Floor schedule at the last moment by GOP leaders, and has not received a floor vote yet.   Mr. Markey has also sponsored legislation to prohibit the commercial sale of Social Security Numbers.

Markey said, “Clearly the problem of corporations using private detectives and information brokers to obtain illicit access to telephone records and other personal information is not limited to Hewlett-Packard.  Congress needs to be asking exactly how widespread this practice is, and whether companies are skirting or even violating the law by prying into the details of people's telephone records or other personal information.  Congress also needs to move forward on privacy legislation that would address the use of such private investigators and better prevent this type of 'Big Brother' intrusion into peoples' personal lives."

“It looks to me like Global Information was clearly engaged in pretexting, and the fact that they have various banks, financial services, and other companies as clients raises the logical question of whether or not they were performing similar services for them,” Markey stated. 

On January 13, 2006, the Chairman of the Federal Trade Commission responded in writing in response to Markey’s call to thwart pretexting practices then ongoing in the marketplace.  In that letter, the Chairman wrote that the 'Commission may still bring a law enforcement action against a pretexter of telephone records if it has reason to believe that the pretexter's activities constitute an unfair or deceptive practice under Section 5 of the FTC Act.' The letter is available at: /imo/media/doc/iss_telecom_ltr060113_FTC.pdf

Markey continued, “Clearly the FTC does not believe it needs additional authority to prosecute pretexting.  In addition, the Federal Communications Commission possesses authority with respect to telecommunications carriers and has a current proceeding ongoing to promulgate new rules directing such carriers to tighten their internal controls and security to prevent unauthorized disclosure of consumer telephone records.”

Nothwithstanding the current legal prohibitions on pretexting, Congress is currently consideration two bills that would established further restrictions aimed at curbing the ability to successfully carry out such practices.

Earlier this year the House Energy and Commerce approved H.R. 4943, the "Prevention of Fraudulent Access to Phone Records Act" to create additional legal obligations on the phone companies to protect phone records.  Rep. Markey was an original cosponsor of this bill and voted for its passage.  However, following its approval by the Committee, this bill was mysteriously pulled from the schedule, reportedly due to concerns from the intelligence community that it might interfere with their domestic spying program.  Rep. Markey sent a letter to Speaker Hastert about the disappearance of this bill, which Speaker Hastert never responded to.   (That letter is available here: /imo/media/doc/Letter%20to%20Hastert.pdf )

Here's a brief CRS summary of these bills: 

Prevention of Fraudulent Access to Phone Records Act - Makes it unlawful to attempt to obtain, or cause to be disclosed to any person, customer proprietary network information (CPNI) relating to any other person by: (1) making a false or fraudulent statement to an officer, employee, or agent of a telecommunications carrier; or (2) providing any document or other information to such officer, employee, or agent that the presenter knows or should have known to be forged, lost, stolen, or otherwise fraudulently obtained, or to contain a false or fraudulent statement or representation. Prohibits also: (1) the solicitation of another person to fraudulently obtain such information; and (2) the sale or other disclosure of CPNI obtained under false pretenses. Provides for enforcement through the Federal Trade Commission (FTC).

Amends the Communications Act of 1934 to expand responsibilities of telecommunications carriers with respect to the confidentiality of subscriber (customer) calling records, both cellular and land-line based. Allows a carrier to use individual calling records only for purposes such as increasing business or publishing directories, and prohibits a carrier from otherwise disclosing CPNI without express prior authorization by the subscriber. Directs the Federal Communications Commission (FCC) to prescribe regulations adopting more stringent security standards for CPNI (including detailed customer telephone records) to detect and prevent confidentiality violations. Provides penalties for such violations.

Social Security Number Protection Act:  In July, the House Energy and Commerce Committee voted to approve, H.R. 1078, a bill introduced by Rep. Markey that would bar commercial purchases or sales of Social Security Numbers in violation of rules required to be issued by the FTC, and provide for enforcement of this prohibition by the FTC and the State Attorneys General.  For some reason, the Committee report on this bill has not been formally filed.  When this happens, H.R. 1078 will be referred to the House Ways and Means Committee for further action.  H.R. 1078, by banning sales of Social Security Numbers, would make it much more difficult for pretexters to operate, since knowing what a person’s Social Security Number is critical to both verifying that the information being obtained actually relates to the person they are interested in, and to actually enabling illicit access to the customer account.

For more information, please go to http://markey.house.gov

September 22, 2006

CONTACT: Israel Klein