Re: phone records for sale.
You can get records of most kinds from various private investigators and data brokers for a fee. I first found out about this in the mid-90s, but I'm sure they existed before that. Where the data collection is illegal, the reputable firms assure you that they are not doing anything illegal, which is correct; they farm it out to contractors with more cunning than scruples, and they don't ask questions. Records of all kinds are available, including subscriber information for a specific mobile or pager number, or land lines marked as unlisted. Mitnick managed to pretext as a law enforcement agent and attempted to get an informant's drivers license record faxed to him, according to "The Fugitive Game". Apparently informants are specifically marked in the records, which alerted a DMV clerk that something was amiss. A book I recently read reports that DEA agents have given up informant names and other info to murderous cartels for as little as $50 a pop, so to speak. A well-intentioned law might stop wholesale retail operations, but I have doubts it would stop the suitably motivated. I'd rather not have to try to restrict the activities of some other party who has my information, I'd rather prevent information from leaking to other parties in the first place. The case of utilities delivered to one's residence is particularly problematic as far as privacy goes. -- "If I could remember the names of these particles, I would have been a botanist" -- Enrico Fermi -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: phone records for sale.
| 18 USC 2702(c) says | | A provider described in subsection (a) may divulge a record or | other information pertaining to a subscriber to or customer of | such service (not including the contents of communications | covered by subsection (a)(1) or (a)(2)) ... | | (6) to any person other than a governmental entity. | | The first time I read that last clause, I couldn't believe it; I | actually went and looked up the legislative history. I found that | Congress wanted to permit sale for marketing or financial reasons, but | wanted to limit the power of the government. (The Supreme Court had | ruled previously that individuals had no expectation of privacy for | phone numbers they'd dialed, since they were being given voluntarily to | a third party -- the phone company.) Where two parties exchange information voluntarily, deciding who ought to have control of what can get ... interesting. Here's a more complex case: Vendors have long claimed the right use their own customer lists for marketing purposes. But suppose you buy using a credit card. Then information about your purchase is known not just to you and the vendor you dealt with, but the credit card company (construed broadly - there's the issuing bank, the vendor's bank, various clearing houses...). Can the credit card company use the same information for marketing - selling, say, a list of a vendor's customers who used a credit card to the vendor's competitors? The same vendors who claim that you have no right to tell them what they can do with the transaction information incidental to you doing business with them make a very different set of arguments when its "their" information being sold by someone else. This issue came up a number of years ago, but I haven't heard anything recent about it. I'm not sure how it came out - the credit card companies may have decided to back off because the profit wasn't worth the conflicts. We're in the midst of battles, not yet resolved as far as I know, about whether a search engine can let company A put ads up in reponse to searches for competitor company B. Can an ISP sell lists of people who visited ford.com from among their customers to GM? Information doesn't want to be free - in today's economy, information wants to be charged for everywhere, from everyone. -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: phone records for sale.
I got curious about this issue, and did a little digging into what's going on here. It turns out that the FCC is looking into this problem at EPIC's request. EPIC filed a petition for rulemaking on this subject with the FCC - which went out for public comment at the end of the year. The petition itself contains copious material about the practices and methods - which you can download. Use the FCC ECFS template: http://gullfoss2.fcc.gov/prod/ecfs/comsrch_v2.cgi and enter "RM-11277" without the quotes, and click on Retrieve Document List. I found both the original petition and the replies from service providers fascinating. -- Joseph Adler -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perry E. Metzger Sent: Friday, January 06, 2006 9:34 AM To: cryptography@metzdowd.com Subject: phone records for sale. The Chicago Sun Times reports that, for the right price, you can buy just about anyone's cell phone records: http://www.suntimes.com/output/news/cst-nws-privacy05.html Quite disturbing. Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: phone records for sale.
On Fri, 2006-01-06 at 09:34, Perry E. Metzger wrote: > http://www.suntimes.com/output/news/cst-nws-privacy05.html > > Quite disturbing. More disturbing than even the people at Chicago Sun Times realize apparently. ;) Hope no-one was sniffing their email. 'It was as simple as e-mailing the telephone number to the service along with a credit card number.' - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: phone records for sale.
In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > >The Chicago Sun Times reports that, for the right price, you can buy >just about anyone's cell phone records: > >http://www.suntimes.com/output/news/cst-nws-privacy05.html > >Quite disturbing. Yes, but it's also bad reporting -- the newspaper neglected to call the cell phone companies and ask what their privacy policies are. What happened may have been 100% legal and explicitly permitted by law... 18 USC 2702(a)(3) says a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity. 18 USC 2702(c) says A provider described in subsection (a) may divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by subsection (a)(1) or (a)(2)) ... (6) to any person other than a governmental entity. See http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_2702000-.html for the full text. The first time I read that last clause, I couldn't believe it; I actually went and looked up the legislative history. I found that Congress wanted to permit sale for marketing or financial reasons, but wanted to limit the power of the government. (The Supreme Court had ruled previously that individuals had no expectation of privacy for phone numbers they'd dialed, since they were being given voluntarily to a third party -- the phone company.) If the phone companies are not giving it out voluntarily, perhaps they're being tricked or perhaps they have corrupt employees. From my experience, one way you authenticate yourself to a cell phone company is by social security number, and those aren't exactly hard to find. That possibility suggests using stronger authentication, but of course that gets in the way of customer service for the 99.99% of queries that are legitimate. (I've had to call my company from abroad, more than once, on fairly urgent matters. I had no easy access to, say, my last bill.) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
phone records for sale.
The Chicago Sun Times reports that, for the right price, you can buy just about anyone's cell phone records: http://www.suntimes.com/output/news/cst-nws-privacy05.html Quite disturbing. Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
