Panel to Press Cellphone Industry on Improving Protection of
By Matt Richtel and Ken Belson
New York Times
Wednesday, February 1, 2006
The cellphone's emergence as a primary communications device
has spawned a cottage industry of con artists seeking to
trick mobile phone companies into giving away the phone
numbers and calling records of unwitting subscribers.
That is the premise of a Congressional hearing, scheduled
today, into the extent of the problem, whether carriers are
doing enough to protect subscriber data, and the possibility
of enacting tighter regulations to thwart thieves.
In the last two weeks, the nation's four biggest cellular
carriers — Cingular, Verizon Wireless, Sprint Nextel and
T-Mobile — have filed lawsuits against so-called cellphone
data brokers. In one case, a federal judge in Trenton
issued a preliminary injunction yesterday against the owners
of LocateCell.com, prohibiting them from trying to obtain
information about Verizon Wireless customers and providing
information on Verizon Wireless customers to any third
In general, these brokers, several of whom operate Web
sites, reportedly dial customer service centers, pose as
subscribers and obtain calling records, which are then sold
to private detectives, divorce lawyers and others. In some
cases, these brokers also offer to retrieve land line data,
which can also be vulnerable.
While these activities have elicited lawsuits and calls for
action on Capitol Hill and from state attorneys general,
cellphone companies say that the problem is limited and that
they are beefing up measures to counter it.
"We've stepped up the awareness of the issue in the company
and we've stepped up the alertness of our representatives,"
said Mark Siegel, a spokesman for Cingular, the country's
largest cellphone company.
But security experts say that imposters posing as cellphone
customers are only as successful as the gaps they are able
to expose in the carriers' call centers. Some cellphone
companies may do a poor job of training their call center
operators, particularly if the workers are overseas. Other
companies may lose company records left unprotected on
laptops and other hardware.
In still other companies, employees may be funneling call
records to these Web site companies, something the carriers
maintain would result in the employee's dismissal.
On Monday, the Federal Communications Commission, citing
concern that call records can be obtained by unauthorized
users, recommended fining AT&T and Alltel $100,000 each for
failing to certify that they complied with rules to protect
The methods that these unauthorized users are said to employ
are more an old-school swindle than a high-tech security
Lawsuits filed by carriers like Sprint Nextel accuse a
handful of brokers of calling customer service centers,
posing as customers by presenting personal information like
Social Security numbers, or persuading operators to bypass
security measures to give away call records.
On the Web site of LocateCell, customers can pay $110 for an
individual's call records.
LocateCell could not be reached for comment. A company
called All Star Investigations, which was sued on Monday by
Sprint Nextel, says on its Web site that it caters to
"attorneys, insurance companies, corporate clients and
All Star Investigations could not be reached for comment. In
some cases, the people buying the call records may have
legitimate need for them. Lawyers, for instance, may need
records as part of an investigation. The question is
whether the companies obtaining the records have systems in
place to confirm that the person requesting the information
has a right to it.
"People who sell this data need to have a verification
system, and they don't," said John Pescatore, a security
analyst at Gartner. "The enforcement is lax."
At the same time, consumers may expect more protection for
their cellphone numbers and records than for their
traditional phone lines because there is no public directory
of cellphone numbers.
"Wireline numbers are in reverse directories and other
places, but because there aren't similar wireless
directories databases, there is a market opportunity, and
entrepreneurs and crooks go after market opportunities,"
said Bob Atkinson, director of policy research at the
Columbia Institute for Tele-Information and a former
director of the Common Carrier Bureau at the Federal
Betsy Broder, assistant director of the Federal Trade
Commission's division of privacy and identity protection,
said the agency had the authority to force companies to
forfeit gains received from using deception to get private
information. She said the F.T.C. had used that authority in
cases in 1999 and 2002 to go after swindlers who got
individual records from financial institutions.
As for companies seeking cellphone records, "we're
investigating companies right now," Ms. Broder said. She
declined to give any specific information about the
Laws are in place to prohibit the use of deceptive tactics
to obtain phone records, according to Terry Lane, a
spokesman for the House Energy and Commerce Committee, which
scheduled today's hearings. Mr. Lane said that the F.T.C.
could impose civil penalties for the deceptive trade
practices, but that Congress might want to strengthen those
"I mean to make it very illegal," Representative Joe L.
Barton, Republican of Texas, chairman of the House Energy
and Commerce Committee, said in a statement. He added,
"Telephone companies may not be doing enough to protect