No doubt, you’ve read about the ease with which just about anyone can obtain your telephone records—the list of long-distance numbers you’ve dialed, and, in the case of cellular records, all incoming and outgoing calls, both local and long distance.
Private investigators, identity thieves, terrorists and government investigators can retrieve these records simply by calling up your telephone provider and pretending to be you.
It’s called "pretexting" and it’s perfectly legal. Hundreds of companies on and off the Internet advertise their ability to obtain telephone records of almost anyone living in the US or Canada.
But pretexting may not be legal for much longer. Last week, Congress passed the Law Enforcement and Phone Privacy Protection Act. The bill, which will become law if signed by President Bush, creates federal criminal penalties for "pretexters" who access telephone records
The bill is far from perfect—it bans only pretexting by private companies. Government agencies can continue to impersonate you to obtain your telephone records, ignoring procedures put in place 20 years ago to shield this information from government investigators without good cause.
Moreover, the bill doesn’t require telephone companies to take any precautions at all to guard customer data, nor does it require them to destroy the data after a certain amount of time. (Indeed, the FBI wants a law to force telephone companies and Internet Service providers to retain their records for at least a year, perhaps longer).
Finally, the bill doesn’t cover any other kinds of records—only telephone records. Data brokers that trade other personal information are unaffected by the new law.
Still, the law, if signed by President Bush, will be a tiny step toward restricting the wholesale trade in your personal data that goes on daily, without your knowledge, oversight or compensation. And any step in that direction is to be welcomed.