Remember that what’s happening right now with telephone records is really just one skirmish in the overall war over privacy.  The fact remains that data brokers only get telephone records from telephone companies because they are able to provide other people’s identifying information, including name, address, date of birth, mother’s maiden name and most importantly, social security number (or even just the last four digits.)  From a privacy perspective, it therefore isn’t enough to go after just the telephone records, there has to be more focus on protecting all elements that identify us.

Right now, under the Telecommunications Act of 1996 (Section 222 of Title 47, US Code), it is the duty of telephone carriers to maintain the privacy of telephone records.  However, this law, in and of itself, has not prevented data brokers from basically creating a business model to obtain this information under false pretenses.  Eleven states have passed laws over the past year to specifically make pretexting in order to obtain telephone records a crime (interestingly, in CA where the HP case takes place, no such law is currently in place; however, such a bill is currently awaiting signature.)  The telephone companies most certainly welcome these new laws criminalizing the procurement, sale and purchase of fraudulently obtained telephone records, because this enables them to better meet the requirements of Section 222.

The FTC has not been oblivious to these developments – in May of this year, it filed a suit against five web-based operations that obtained and sold consumers’ confidential telephone records to third parties.