Your phone records available online

The Internet makes everything better?and if you don't believe me, just ask Chicago private investigator Ernie Rizzo, who routinely goes online to track down cell phone records. They help him answer such burning questions as whether a suburban police chief is having an affair, the answer to which is worth quite a bit of money to the police chief's wife. To Rizzo, such tools are like manna from heaven.

"I would say the most powerful investigative tool right now is cell records," Rizzo said. "I use it a couple times a week. A few hundred bucks a week is well worth the money."

Most people believe that their phone records are confidential, but it turns out that they are easily available to anyone with an Internet connection, a credit card, and US$150 to burn. Not even Canadian Privacy Commissioner Jennifer Stoddart is safe, as she found out in November when a reporter obtained both her personal and professional phone logs from a US-based company. The situation has gotten so bad that both the FBI and the Chicago Police Department have warned agents and undercover officers about the dangers posed by cell phones when the records are so easily available to criminals, gangsters, and terrorists. This has been a problem for some time (we covered it, in fact, a few months back), but it's now coming to the attention of the major media.

How, you ask, is this possible? Aren't your cell phone records private? The short answer is no?the Electronic Privacy Information Center (EPIC) last August identified more than 40 web sites that offer to sell calling records without the knowledge of the person making the calls. Verizon is suing several of these companies in court, but their actions are currently little more than a drop in the bucket.

How these web sites get this information is even more interesting. Three main ways are used to obtain the data: pretexting, hacking, and good-old-fashioned bribery. Pretexting is simply the art of social engineering, in which the online data broker calls the phone company and gains access to a customer's records by pretending to be that customer. This is made easier by the fact that most of these data brokers subscribe to other databases that give them access to customers' Social Security numbers, dates of birth, etc. Hacking is another popular option, especially now that most phone companies allow customers to manage their accounts online. Many customers never bother to set up these accounts, leaving them easy targets for determined hackers. Finally, when all else fails, throw money at the problem. Big payouts to individuals inside the phone companies can ensure that a data broker has access to any records it cannot get through other means.

Not surprisingly, the phone companies want the government to stay out of the matter; they would prefer to avoid regulation at all costs. This is why BellSouth, Verizon, AT&T (formerly SBC), and the industry group CTIA all favor increased law enforcement activity, but don't want to see any new regulation or legislation. Whatever your stance on government regulation, it does appear that at least one bit of legislation is necessary. As Senator Charles Schumer (D-NY) points out, pretexting is only illegal when financial information is involved, and is not currently outlawed when it comes to phone records. Schumer's state recently passed a strict new data protection law, but we still have nothing like this at the national level. Has the time for the long-delayed federal data protection law finally come?