110th CONGRESS
1st Session
H. R. 852
To prohibit the obtaining of customer information from telecommunications
carriers by false pretenses, and the sale or disclosure of such records
obtained by false pretenses.
IN THE HOUSE OF REPRESENTATIVES
February 6, 2007
Mr. INSLEE (for himself and Mrs. BLACKBURN) introduced the following bill;
which was referred to the Committee on Energy and Commerce
A BILL
To prohibit the obtaining of customer information from telecommunications
carriers by false pretenses, and the sale or disclosure of such records
obtained by false pretenses.
Be it enacted by the Senate and House of Representatives of the United
States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the `Consumer Telephone Records Protection Act
of 2007'.
SEC. 2. FINDINGS.
(1) customer telephone records may be accessed without authorization of
the customer by--
(A) an employee of the telephone company selling the data;
(B) `pretexting', whereby a data broker or other person pretends to
be the owner of the phone and convinces the telephone company's employees
to release the data to them; or
(C) unauthorized access of accounts via the Internet; and
(2) because telephone companies encourage customers to manage their accounts
online, many set up the online capability in advance. Many customers never
access their Internet accounts, however. If someone seeking the information
activates the account before the customer, he or she can gain unfettered
access to the telephone records and call logs of that customer.
SEC. 3. UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN CONNECTION WITH OBTAINING
CONFIDENTIAL PHONE RECORDS INFORMATION OF A COVERED ENTITY.
(a) Prohibition on Obtaining Confidential Phone Records Information Under
False Pretenses- It shall be unlawful for any person in interstate or foreign
commerce to knowingly and intentionally obtain, or attempt to obtain, confidential
phone records information of a covered entity, by--
(1) making false or fraudulent statements or representations to an employee
of a covered entity;
(2) making such false or fraudulent statements or representations to a
customer of a covered entity;
(3) providing a document to a covered entity knowing that such document
is false or fraudulent; or
(4) accessing customer accounts of a covered entity via the Internet,
or by means of conduct that violates section 1030 of this title, without
prior authorization from the customer to whom such confidential phone
records information relates.
(b) Prohibition on Sale or Transfer of Confidential Phone Records Information-
(1) Except as otherwise permitted by applicable law, it shall be unlawful
for any person in interstate or foreign commerce to knowingly and intentionally
sell or transfer, or attempt to sell or transfer, confidential phone records
information of a covered entity, without prior authorization from the
customer to whom such confidential phone records information relates,
or knowing or having reason to know such information was obtained fraudulently.
(2) For purposes of this subsection, the exceptions specified in section
222(d) of the Communications Act of 1934 (47 U.S.C. 222(d)) shall apply
for the use of confidential phone records information by any covered entity,
as defined in section 7.
(c) Prohibition on Purchase or Receipt of Confidential Phone Records Information-
(1) Except as otherwise permitted by applicable law, it shall be unlawful
for any person in interstate or foreign commerce to knowingly and intentionally
purchase or receive, or attempt to purchase or receive, confidential phone
records information of a covered entity, without prior authorization from
the customer to whom such confidential phone records information relates,
or knowing or having reason to know such information was obtained fraudulently.
(2) For purposes of this subsection, the exceptions specified in section
222(d) of the Communications Act of 1934 (47 U.S.C. 222(d)) shall apply
for the use of confidential phone records information by any covered entity,
as defined in section 7.
SEC. 4. NONAPPLICABILITY TO LAW ENFORCEMENT AGENCIES.
Section 3 shall not prohibit any lawfully authorized investigative, protective,
or intelligence activity of a law enforcement agency of the United States,
a State, or political subdivision of a State, or of an intelligence agency
of the United States.
SEC. 5. TELECOMMUNICATIONS CARRIER NOTIFICATION REQUIREMENT.
Section 222 of the Communications Act of 1934 (47 U.S.C. 222) is amended--
(1) by redesignating subsection (h) as subsection (i); and
(2) by inserting after subsection (g) the following new subsection:
`(h) Notice of Violations- The Commission shall by regulation require each
telecommunications carrier to notify the customer of any incidents in which
such telecommunications carrier becomes or is made aware in which customer
proprietary network information relating to such customer is disclosed to
someone other than the customer in violation of this section or section
3 of the Consumer Telephone Records Protection Act of 2006.'.
SEC. 6. ENFORCEMENT BY THE FEDERAL TRADE COMMISSION.
A violation of section 3 shall be treated as an unfair or deceptive act
or practice in violation of section 5 of the Federal Trade Commission Act
(15 U.S.C. 45). All of the functions and powers of the Federal Trade Commission
under that Act are available to the Commission to enforce compliance by
any person with such section, irrespective of whether that person is engaged
in commerce or meets any other jurisdictional tests in the Federal Trade
Commission Act, including the power to enforce the provisions of such section
in the same manner as if the violation had been a violation of a Federal
Trade Commission trade regulation rule.
SEC. 7. DEFINITIONS.
As used in this Act, the following definitions apply:
(1) CONFIDENTIAL PHONE RECORDS INFORMATION- The term `confidential phone
records information' means information that--
(A) relates to the quantity, technical configuration, type, destination,
location, or amount of use of a service offered by a covered entity,
subscribed to by any customer of that covered entity, and kept by or
on behalf of that covered entity solely by virtue of the relationship
between that covered entity and the customer;
(B) is made available to a covered entity by a customer solely by virtue
of the relationship between that covered entity and the customer; or
(C) is contained in any bill, itemization, or account statement provided
to a customer by or on behalf of a covered entity solely by virtue of
the relationship between that covered entity and the customer.
(2) COVERED ENTITY- The term `covered entity'--
(A) has the same meaning given the term `telecommunications carrier'
in section 3 of the Communications Act of 1934 (47 U.S.C. 153); and
(B) includes any provider of IP-enabled voice service.
(3) CUSTOMER- The term `customer' means, with respect to a covered entity,
any individual, partnership, association, joint stock company, trust,
or corporation, or authorized representative of such customer, to whom
the covered entity provides a product or service.
(4) IP-ENABLED VOICE SERVICE- The term `IP-enabled voice service' means
the provision of real-time voice communications offered to the public,
or such class of users as to be effectively available to the public, transmitted
through customer premises equipment using TCP/IP protocol, or a successor
protocol, (whether part of a bundle of services or separately) with interconnection
capability such that the service can originate traffic to, or terminate
traffic from, the public switched telephone network, or a successor network.
END
