Posted by Ronnie London
Whatever the role the of FCC may be with respect to “pretexting” involving personally identifiable information by FCC regulatees, the Federal Trade Commission has served notice that the fact that such information originates with FCC regulatees, such as telecom carriers, will not impede FTC enforcement actions on grounds that deceptively obtaining and/or selling consumers’ confidential phone records without their knowledge or consent constitutes an unfair and deceptive trade practice. “Pretexting” generally involves an entity illicitly obtaining under false pretenses personal information from a source that possesses it for lawful purposes, then selling it to facilitate identity theft and/or for commercial profit from purchases by third parties. Last week, the FTC filed a complaint in the United States District Court for the Middle District of Florida in Orlando seeking a preliminary and permanent injunction, and restitution to the extent necessary and feasible, against Action Research Group, Inc., Eye in the Sky Investigations, Inc., and their principals, on grounds that defendants engaged in unlawful pretexting in violation of Federal Trade Act’s prohibitions on deceptive and unfair acts and practices.
The complaint is interesting, as is the enforcement action generally, in that, according to the FTC, the defendants’ acts constituted deceptive and unfair activity largely because they violated provisions against impermissible use of phone records found in the Telecommunications Act of 1996, a statute the FCC, not the FTC, is primarily empowered to implement. Specifically, the FTC complaint cites the restriction in Section 222 of the Telecom Act that customers’ phone records may be disclosed only “upon affirmative written request by the customer,” and alleges that since at least 2005, the defendants have acquired personal data including lists of calls made and the dates, times, and duration of the calls, and sold it to third parties without the knowledge or consent of the customers. The FTC alleges the defendants used and/or caused others to use fraudulent statements, fraudulent or stolen documents or other misrepresentations, including posing as an account holder or as an employee of the phone company, to obtain the information. Among other things, the FTC alleges the ensuing sale of the ill-gotten personal information to third parties constitutes an invasion of privacy that could endanger the health and safety the unwitting victims.