There was no mistaking that this story had hit the fan after my interview with security consultant Rob Douglas was interrupted by another call on his second line from the office of U.S. Sen. Bill Nelson (D-Fla.). (I don't mind noting that Douglas told the senator's guy that he'd have to wait.)

The sleazy sale of personal telephone records online has been a festering privacy issue for years, but Congress and much of the media awakened to the matter with an almost violent shudder last week after a widely circulated story in the Chicago Sun-Times. Multiple pieces of legislation were filed with an urgency reserved only for those injustices that touch the rawest of public nerves. Nelson is cosponsoring one such crackdown with Sen. Charles Schumer (D-N.Y.) and Sen. Arlen Specter (R-Pa.).

For those just dialing in, here's the crux: A phone number and a hundred bucks can buy you a month's worth of call info for just about anyone - spouse, colleague, enemy, cop, FBI agent, you name it - in as little as an hour from dozens of Web sites (none of which I care to publicize). One blogger demonstrated the ease of these purchases by acquiring the cell phone records of Gen. Wesley Clark, a 2004 presidential candidate. The FBI had earlier done the same for one of its agents before issuing a bureau-wide warning about the threat.

Douglas knew his phone would be hopping. A former private investigator, he has monitored data privacy issues for years, advised corporations and government agencies about such problems, and offered expert testimony before Congress. I had two questions for him: How in the name of Alexander Graham Bell do these Web sites manage to acquire private phone records? And what can be done about it?

As for the first question, the primary collection method is called "pretexting": "They bamboozle, sweet-talk or browbeat the [phone company's] customer service representative ... to provide the account records," Douglas says.

But first they need help.

"Invariably, all of these companies have contractual arrangements with the legitimate information brokers/data miners like ChoicePoint, Accurint, Acxiom and LexisNexis," Douglas says. When the rogue sellers receive an order, they turn to the databases of the legit companies to create a profile of the target detailed enough to convince a customer service rep they're dealing with the actual customer.