By Jonathan Krim
Washington Post Staff Writer
They're not just after your credit card or Social Security numbers.
Fueled by the ease of online commerce, snoops are on the trail of
other personal information, too. One of the hottest markets: records
of phone calls, especially from cell phones.
A tool long used by law enforcement and private investigators to help
locate criminals or debt-skippers, phone records are a part of the sea
of personal data routinely bought and sold online in an
Internet-driven, I-can-find-out-anything-about-you world. Legal
experts say many of the methods for acquiring such information are
illegal, but they receive scant attention from authorities.
Think your mate is cheating? For $110, Locatecell.com will provide you
with the outgoing calls from his or her cell phone for the last
billing cycle, up to 100 calls. All you need to supply is the name,
address and the number for the phone you want to trace. Order online,
and get results within hours.
Carlos F. Anderson, a licensed private investigator in Florida, offers
a similar service for $165, for all major telephone carriers.
"This report provides all the calls with dates, times, and duration on
the billing statement," according to Anderson's Web site, which adds,
"Incoming Calls and Call Location are provided if available."
Learning who someone talked to on the phone cannot enable the kind of
financial fraud made easier when a Social Security or credit card
number is purloined. Instead, privacy advocates say, the intrusion is
"This is a person's associations," said Daniel J. Solove, a George
Washington University Law School professor who specializes in privacy
issues. "Who their physicians are, are they seeing a psychiatrist,
companies they do business with ... it's a real wealth of data to find
out the people that a person interacts with."
Such records could be used by criminals, such as stalkers or abusive
spouses trying to find victims.
Unlike Social Security numbers, which are on many public documents
that have been scooped up for years by data brokers, the only
repository of telephone call records is the phone companies.
Wireless carriers say they are aware that unauthorized people seek to
get their customers' call records and sell them, but the companies say
they take steps to prevent it.
"There are probably 100 such sites" known to security officials at
Verizon Wireless that offer to sell phone records, said Jeffrey
Nelson, a company spokesman, who said Verizon is always trying to
respond to abusive practices. He said that the company views all such
activity as illegal and that "we have historically, and will continue
to, change policies to reflect the changing nature of criminal
activity," though he declined to be specific.
Mark Siegel, a spokesman for Cingular Wireless, said his company
constantly is on guard against people trying to get at customer
information. But he called the acquisition of call records "an
infinitesimally small problem" at his firm.
Some experts in the field aren't so sure.
"Information security by carriers to protect customer records is
practically nonexistent and is routinely defeated," said Robert
Douglas, a former private investigator and now a privacy consultant
who has tracked the issue for several years.
Experts say data brokers and private investigators who offer cell
phone records for sale probably get them using one of three
They might have someone on the inside at the carrier who sells the
data. Spokesmen for the telephone companies said strict rules
prohibiting such activity make this unlikely. But Joel Winston,
associate director of the Federal Trade Commission's Financial
Practices Division, said other types of data-theft investigations have
shown that "finding someone on the inside to bribe is not that
Another method is "pretexting," in which the data broker or
investigator pretends to be the cell phone account holder and
persuades the carrier's employees to release the information. The
availability of Social Security numbers makes it easier to convince a
customer service agent that the caller is the account holder.
Finally, someone seeking call data can try to get access to consumer
Telephone companies, like other service firms, are encouraging their
customers to manage their accounts over the Internet. Typically, the
online capability is set up in advance, waiting to be activated by the
customer. But many customers never do.
If the person seeking the records can figure out how to activate
online account management in the name of a real customer before that
customer does, the call records are there for the taking.
Federal law expressly prohibits pretexting for financial data -- which
at one time was a primary means of stealing credit card and other
account information -- but does not cover telephone records, which are
covered by a patchwork of state and federal laws governing access to
Some privacy advocates argue that the federal pretexting law needs to
At the very least, "there need to be audit trails to detect employee
access to this personal information and a data retention schedule that
mandates deletion of records" after a certain period of time, said
Chris Jay Hoofnagle, West Coast director of the Electronic Privacy
The center filed a complaint with the Federal Trade Commission
yesterday against one data broker, Intelligent e-Commerce Inc. of
Encinitas, Calif., saying it misrepresented its right to obtain the
information. The firm, which operates the Web site
http://www.bestpeoplesearch.com , advertises a variety of personal
data for sale, including cell phone records.
The company, which says on its Web site that it uses a licensed
private investigator to get the information, said through its lawyer
that it seeks to comply with all local, state and federal laws.
Attorney Larry Slade said he does not know how the company acquires
the phone records.
Phone companies view all these tactics as illegal, even if they are
used to help track down criminal activity. Instead, carriers say, they
require court orders before releasing customer records.
If someone uses pretexting to gain access to records, "these people
are acting criminally, posing as someone they are not," Nelson
said. He added that Verizon is preparing legal action against one data
The FTC views pretexting as a deceptive practice even without a
specific ban on its use for telephone records, Winston said.
But he said the agency has never taken such a case to court and does
not know how widespread the problem is. He said the FTC must focus its
resources on the practices of data thieves that can cause the most
damage to large numbers of consumers, such as financial fraud.
Many of the vendors of call records are unregulated data brokers, such
as Data Find Solutions Inc. of Knoxville, Tenn., which operates
Locatecell.com. Company officials did not return calls seeking
At the Florida office of private investigator Anderson, a man who
answered the phone and identified himself only as Mike said, "I don't
really think we're going to reveal our sources" of phone
records. "There's a lot of ways of doing it."
At Reliatrace Locate Services of Wisconsin, a man who declined to give
his name said only that his firm buys the data from another firm.
There is active debate within the private investigator community about
the propriety of getting phone records. In at least one online
discussion group for the industry, some members defended the practice
as legitimate while others said it was illegal, according to
transcripts provided to The Washington Post.
"I do not know of any legal way to obtain a person's telephonic
history," Robert Townsend, head of the National Association of Legal
Investigators, said in an interview. Townsend added that he thinks
only a small minority of licensed investigators engage in the practice
of acquiring and selling the data.
Copyright 2005 The Washington Post Company
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new