Rep. Smith Introduces Bill to Criminalize Pretexting to Obtain Consumer Phone or VOIP Records

February 8, 2006. Rep. Lamar Smith (R-TX) and others introduced HR 4709, the "Law Enforcement and Phone Privacy Protection Act of 2006". The bill would criminalize the practice of pretexting to obtain confidential consumer records from telecommunications carriers and VOIP service providers. It would also criminalize the sale, transfer, or purchase of such confidential records, without the authorization of the consumer.

The bill was referred to the House Judiciary Committee (HJC), which is scheduled to mark it up on Wednesday, February 15, 2006.

This bill would add a new Section 1039 to Title 18, the criminal code. This bill contains no proposed changes to Title 47, regarding communications. The HJC has jurisdiction over criminal law bills, but not communications bills.

The bill provides that "Whoever knowingly and intentionally obtains, or attempts to obtain, confidential phone records information of a covered entity, by--
  (1) making false or fraudulent statements or representations to an employee of a covered entity;
  (2) making such false or fraudulent statements or representations to a customer of a covered entity;
  (3) providing a document to a covered entity knowing that such document is false or fraudulent; or
  (4) accessing customer accounts of a covered entity via the Internet without prior authorization from the customer to whom such confidential records information relates;
shall be fined under this title, imprisoned for not more than 20 years, or both."

Second, the bill provides that "any person, including any employee of a covered entity or any data broker, who knowingly and intentionally sells, transfers, or attempts to sell or transfer, confidential phone records information of a covered entity, without authorization from the customer to whom such confidential phone records information relates, shall be fined under this title, imprisoned for not more than 5 years, or both."

Third, the bill provides that "any person who purchases confidential phone records information of a covered entity, knowing such information was obtained fraudulently or without prior authorization from the customer to whom such confidential records information relates, shall be fined under this title, imprisoned not more than 5 years, or both."

The bill exempts law enforcement agencies from these prohibitions.

The bill has bipartisan support on the HJC. The original cosponsors of this bill who are HJC members are Rep. John Conyers (D-MI), Rep. Bob Goodlatte (R-VA), Rep. Bobby Scott (D-VA), Rep. Chris Cannon (R-UT), and Rep. Zoe Lofgren (D-CA). The other original cosponsors of the bill are Rep. Joe Wilson (R-SC), Rep. Stephanie Herseth (D-SD), and Rep. Dave Reichert (R-WA).

The sponsors of the bill stated in a joint release that "There are few things more personal than our phone call records. Dishonest individuals and businesses are posing as cell phone customers to access the personal call records of other individuals. These people have flourished in a gray area of the law. But that is about to stop. These practices assault our individual privacy, and may even contribute to stalking or other crimes of violence. In the wrong hands, this information can be used to target police officers, their families, and confidential informants."

Other House Crime Bills. There are other pending House bills that would amend the criminal code to address pretexting and phone records.

Rep. Dan Lipinski (D-IL) introduced HR 4657, the "Secure Telephone Operations Act of 2006" on January 31, 2006. This short bill provides that "Whoever knowingly sells telephone customer proprietary network information shall be fined under this title or imprisoned not more than 10 years, or both." It further provides that the term "telephone customer proprietary network information", or CPNI, has the same meaning as in 47 U.S.C. § 222.

Rep. Leonard Boswell (D-IA) introduced HR 4714, the "Phone Records Protection Act of 2006", on February 8, 2006. It provides that "Whoever knowingly and intentionally sells or fraudulently transfers or uses, or attempts to sell or fraudulently transfer or use, the records of a customer of a telephone service provider shall be fined in accordance with this title, imprisoned for not more than 10 years, or both."

House FTC Bills. Other pending House bills would prohibit certain pretexting practices, and give civil enforcement authority to the Federal Trade Commission (FTC). The House Commerce Committee (HCC) has jurisdiction of the FTC and the FTC Act.

Rep. Marsha Blackburn (R-TN), a member of the HCC, introduced HR 4662, the "Consumer Telephone Records Protection Act of 2006", on January 31, 2006. This bill now has 34 cosponsors.

This bill provides that "It shall be unlawful for any person to obtain or attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed to any person, customer proprietary network information relating to any other person by -- (1) making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a telecommunications carrier; or (2) by providing, through any means including the Internet, any document or other information to a telecommunications carrier or an officer, employee, or agent of a telecommunications carrier, knowing that the document or other information is forged, counterfeit, lost, or stolen, was obtained fraudulently or without the customer's consent, or contains a false, fictitious, or fraudulent statement or representation."

This bill also provides that it is unlawful to request a person to obtain customer proprietary network information (CPNI) under false pretenses, and to sell CPNI obtained under false pretenses.

Rep. Janice Schakowsky (D-IL), also a member of the HCC, introduced HR 4678, the "Stop Attempted Fraud Against Everyone's Cell and Land Line (SAFE CALL) Act" on January 31, 2006. This bill would give civil enforcement authority to the FTC.

This bill provides that "It shall be unlawful for any person to obtain or attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed to any person, customer proprietary network information relating to any other person by -- (A) making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a telecommunications carrier; or (B) by providing any document or other information to a telecommunications carrier or an officer, employee, or agent of a telecommunications carrier, knowing that the document or other information is forged, counterfeit, lost, or stolen, was fraudulently obtained, or contains a false, fictitious, or fraudulent statement or representation."

Other House Bills. There are also bills pending in the House, that were introduced early last year, that address the issue of wireless carriers' disclosure of subscribers' numbers in directory assistance service databases. See, for example, HR 83, the "Wireless Privacy Protection Act of 2005", and HR 1139, the "Wireless 411 Privacy Act".

There are also numerous broader data security and privacy bills pending in the House. See, for example, HR 1080, the "Information Protection and Security Act ", HR 1263, the "Consumer Privacy Protection Act of 2005", HR 3140, the "Consumer Data Security and Notification Act of 2005", HR 3374, the "Consumer Notification and Financial Data Protection Act of 2005 ", HR 3375, the "Financial Data Security Act of 2005 ", HR 4127, the "Data Accountability and Trust Act (DATA)", HR 4731, the "Eliminate Warehousing of Consumer Internet Data Act of 2006".

Recent Hearings. The Senate Commerce Committee (SCC) held a hearing on February 8, 2006, titled "Protecting Consumers’ Phone Records". See, SCC web page with hyperlinks to opening statements of Senators and prepared statements of witnesses.

The House Commerce Committee (HCC) held a hearing on February 1, 2006, titled "Phone Records For Sale: Why Aren't Phone Records Safe From Pretexting?". See, HCC web page with hyperlinks to prepared testimony of witnesses.