AccuSearch Fined ~$200,000 For Pretexting & Selling Phone Numbers

Yesterday the U.S. Federal Trade Commission (FTC) announced AccuSearch, Inc., was guilty of violating federal law by selling consumer phone records to third parties without consumers’ knowledge or authorization.

Over the years I have talked to many organizations, not only the marketing heads but also the information security officers, who expressed the belief that the phone numbers they possessed for their consumers were the organizations’ property and that they could sell them as a revenue avenue. I’ve even had folks not only in the U.S., but also in Japan and the EU countries tell me that often sales staff are hired based upon how many customer/consumer phone numbers, and related personally identifiable information (PII), they were bringing with them into the company.
AccuSearch was using a type of social engineering called pretexting to obtain confidential information, including phone numbers, from telecommunications companies.
This judgment demonstrates that these types of practices and beliefs put the business at risk, is illegal, as well as being bad privacy practice.
It would be interesting to have a discussion with your marketing folks to see if they have ever done something similar to this, are currently doing something like this, or are planning to. You may be surprised.

“A federal judge has barred the illegal operation of an information broker who advertised and sold confidential consumer telephone records to third parties without the consumers‚Äô knowledge or consent. In entering summary judgment for the Federal Trade Commission, Judge William F. Downes of the U.S. District Court for the District of Wyoming also required the defendants to give up nearly $200,000 in ill-gotten gains derived from the consumer phone records they sold, and ordered that the individuals whose records were sold be notified.
In May 2006, the FTC charged AccuSearch, Inc., doing business as, and its principal, Jay Patel, with violating federal law by selling consumers’ phone records to third parties without the consumers’ knowledge or authorization. According to the FTC complaint, the defendants advertised on their Web site that they could obtain the confidential phone records of any individual – including details of outgoing and incoming calls – and make that information available to their clients for a fee. To obtain such information, which is not legally available to the public, the FTC alleged that the defendants caused others to use “false pretenses, fraudulent statements, fraudulent or stolen documents or other misrepresentations, including posing as a customer of a telecommunications carrier,” to induce the telecommunications carriers to disclose the confidential records. Consumers whose phone records were sold by defendants suffered substantial injury as a result of those sales. The FTC charged that the defendants’ practices were unfair in violation of the FTC Act.
In his ruling, Judge Downes found that the defendants’ obtaining and selling of confidential phone records without consumers’ knowledge or consent was “necessarily accomplished through illegal means,” and that defendants knew that the phone records were being obtained surreptitiously. The court further found that this practice caused substantial injury to consumers, including: serious health and safety risks experienced by some consumers from stalkers and abusers; economic harm associated with changing telephone carriers and upgrading security on their accounts; and a host of “substantial and real” emotional harms. The court concluded that consumers had no way to avoid these harms. “In fact,” Judge Downes wrote, “the evidence presented before the court indicates that confidential consumer phone records were sold through despite considerable efforts by consumers to maintain the privacy of those records.” Finally, the court found no countervailing benefits to consumers or competition that could be derived from defendants’ practice.
Judge Downes also rejected the defendants‚Äô claimed immunity under Section 230 of the Communications Decency Act, 47 U.S.C. ¬ß 230, a federal statute that confers immunity on interactive computer service providers for publishing information content provided by a third party. The court found that the defendants failed to establish two of the three necessary elements of a CDA defense, holding that the FTC’s lawsuit did not seek to ‚Äútreat‚Äù defendants as a publisher within the meaning of the CDA, and that the defendants participated in the creation or development of the information content.
Following his opinion, Judge Downes permanently barred the defendants from obtaining, causing others to obtain, marketing, or selling consumers’ telephone records except as permitted by law. The order also bars the defendants from purchasing, marketing, or selling consumer personal information unless the information was lawfully obtained. The order prohibits the defendants from making deceptive statements to obtain consumers’ personal information and from buying such information from third parties.
The judge’s order requires the defendants to give up the $199,692.71 in ill-gotten gains they earned through illegally obtaining and selling the records. The order also authorizes the FTC to notify the individuals whose phone records were sold by defendants, to the extent that those consumers can be located. The order allows the FTC to use the forfeited ill-gotten gains for this purpose. Finally, the order contains certain bookkeeping and record keeping requirements to allow the FTC to monitor compliance.”

Tags: , , , , , , , , , , ,

Leave a Reply