Judge whacks firm for pretexting, bars sale of consumer telephone numbers

Chalk up one win for keeping private information private – at least for the moment. 

A Federal judge today barred what he called an illegal operation of an information broker who advertised and sold confidential consumer telephone records to third parties without the consumers’ knowledge or consent – a nefarious operation known as pretexting.   

In entering summary judgment for the Federal Trade Commission against AccuSearch  doing business as Abika.com, Judge William F. Downes of the U.S. District Court for the District of Wyoming also required the defendants to give up nearly $200,000 in ill-gotten gains derived from the consumer phone records they sold, and ordered that the individuals whose records were sold be notified. 

In May 2006, the FTC charged AccuSearch, and its principal, Jay Patel, with violating federal law by selling consumers’ phone records to third parties without the consumers’ knowledge or authorization. According to the FTC complaint, the defendants advertised on their Web site that they could obtain the confidential phone records of any individual – including details of outgoing and incoming calls – and make that information available to their clients for a fee. To obtain such information, which is not legally available to the public, the FTC alleged that the defendants caused others to use “false pretenses, fraudulent statements, fraudulent or stolen documents or other misrepresentations, including posing as a customer of a telecommunications carrier,” to induce the telecommunications carriers to disclose the confidential records.

Consumers whose phone records were sold by defendants suffered substantial injury as a result of those sales. The FTC charged that the defendants’ practices were unfair in violation of the FTC Act. In today’s ruling, the judge found that the defendants’ obtaining and selling of confidential phone records without consumers’ knowledge or consent was “necessarily accomplished through illegal means,” and that defendants knew that the phone records were being obtained surreptitiously, the FTC said in a release.   

 The court further found that this practice caused substantial injury to consumers, including: serious health and safety risks experienced by some consumers from stalkers and abusers; economic harm associated with changing telephone carriers and upgrading security on their accounts; and a host of “substantial and real” emotional harms. The court concluded that consumers had no way to avoid these harms. “In fact,” Judge Downes wrote, “the evidence presented before the court indicates that confidential consumer phone records were sold through Abika.com despite considerable efforts by consumers to maintain the privacy of those records.”  

Judge Downes also rejected the defendants’ claimed immunity under Section 230 of the Communications Decency Act, 47 U.S.C. § 230, a federal statute that confers immunity on interactive computer service providers for publishing information content provided by a third party. The court found that the defendants failed to establish two of the three necessary elements of a CDA defense, holding that the FTC’s lawsuit did not seek to “treat” defendants as a publisher within the meaning of the CDA, and that the defendants participated in the creation or development of the information content, the FTC said.  

Following his opinion, Judge Downes permanently barred the defendants from obtaining, causing others to obtain, marketing, or selling consumers’ telephone records except as permitted by law. The order also bars the defendants from purchasing, marketing, or selling consumer personal information unless the information was lawfully obtained. The order prohibits the defendants from making deceptive statements to obtain consumers’ personal information and from buying such information from third parties.  

The defendants have appealed the order to the Tenth Circuit Court of Appeals, so this ruling might not be the last we hear of this.   

The practice of pretexting largely became public when Hewlett-Packard got mired in a mudfest when it admitted it had hired investigators who used pretexting to gain access to reporters' and board members' phone records in an effort to find the source of board leaks in 2006.  Since then FCC has strengthened rules against the practice. 

The FCC in 2007 required carriers to notify customers immediately when there are changes to their accounts, such as a new password, a new address or an online account opened.  The FCC order also requires carriers to notify customers and law enforcement officials if there's been an unauthorized disclosure of phone records.

Carriers will also be required to obtain "explicit consent" from a customer before disclosing phone records.

Layer 8 in a box

Check out these other hot stories 

Small military robots gain advanced “sight” for more challenging roles 

10 crazy USB gifts Robot planes to track weather, climate 

Star Trek-like Ion engines to rocket space agency’s Mercury shot 

State of US science report shows disturbing trends; challenges 

Fill ‘er up, with oranges? 

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.