Sunday, January 08, 2006

Cell phone call records available online

America's Blog has brought up a story that was published in the mainstream media last year (in the Washington Post) and a few days ago (in the Chicago Sun-Times) but which for some reason hasn't resulted in an uproar. The story is that there are sites on the Internet from which you can purchase copies of calling records for cell phones and land lines, such as John in DC, who runs America's Blog, purchased his own cell phone records, and indeed got a list of all the numbers he had called.

Cingular thinks this is an "infinitesimally small problem" for them.

How are sites such as Locatecell getting their information? They could be purchasing it from insiders, they are no doubt using "pretexting" (social engineering) to persuade customer support representatives to give them the information, or gaining access to customer account information via the web (Verizon Wireless had another major security hole in their online billing system last year, similar to one in 2001 which they took two weeks to act upon).

Whichever mechanisms are used, it is clear that privacy is being violated and likely that laws are being broken, yet there seems to be little visible interest on the part of the telephone companies in going after the criminals--perhaps because doing so might expose how poorly they are securing the information.

The Electronic Privacy Information Center (EPIC) has a good collection of material on this issue here. (Updated January 9: They filed a case against, which admits to using "pretexting" as their method to obtain the information.)

(Thanks to cowmix for bringing this to my attention.)

1 comment:

Jim Lippard said...

EPIC's filed "case" was just an FTC complaint, not a lawsuit. AT&T has just filed a lawsuit against 25 unnamed data brokers.