The National Security Agency may not be the only one looking at your phone records. As the agency’s controversial program of collecting Americans’ calling data continues to draw heat, new questions have emerged about whether federal and local law enforcement officials are possibly skirting privacy laws by obtaining phone records from companies that get the information in a questionable manner and then hawk it over the Internet.
Recently, Congress has been investigating such so-called data brokers for the ways in which they gather their information. Some of them use people inside the phone company who are willing to divulge the data. But more commonly, these businesses obtain phone records through an illegal practice known as “pretexting,” in which someone calls up the phone company and impersonates a subscriber to con the service representative into releasing copies of the records.
The possible connection with law enforcement came to light when the data brokers were asked as part of the Congressional inquiry to submit letters revealing their client lists. One data broker listed as clients the FBI and unspecified “foreign governments,” while another claimed to have done work for the Department of Homeland Security. Neither company will reveal the extent of the data they gave out. Both the FBI and the Department of Homeland Security deny any wrongdoing.
It remains an open question whether law enforcement obtaining the private phone records of Americans in this fashion is actually illegal. While most data brokers claim there is no specific law against the sale of phone records, as there is with banking records, and therefore it should not be illegal, the Federal Trade Commission and numerous state attorneys general disagree. Collectively, they have brought more than a dozen cases against data brokers based on state and federal statutes governing unfair and deceptive trade practices.
Information brokers insist they provide a valuable service to creditors, attorneys and private investigators “to catch bad people” — among them stalkers, fugitives from the law, and deadbeat dads. Although data acquired through pretexting is not admissible in court, such information can be useful as an investigative shortcut, without having to wait for a warrant or subpoena.
To protect your own phone records, the most secure way is to call your cellphone carrier and ask to have call details removed from your bill. The drawback is that if you have a discrepancy over minutes used, it will be more difficult to dispute, since there will be no record of your individual calls. Another way to protect your account is with a password that only you know and doesn’t contain biographical information. You should also avoid giving out your cellphone number, Social Security number, and other personal data online, when at all possible. And don't throw phone bills in the trash without shredding them first.