The Arizona House of Representatives on Tuesday gave final approval to legislation making it a crime for people to use fraud or deceit to get someone else’s cellular phone records.
That kind of information, available from Internet web sites for as little as $100, covers not only a list of incoming and outgoing calls but also could even include information transmitted from the phone about the person’s location when the call was made.
Rep. Jonathan Paton, RTucson, sponsor of the measure, called the Internet services “a boon for stalkers and bad people across the nation.’’
House Bill 2785, which now goes to the governor, would impose jail sentences of up to a year both on Internet companies that sell this information and individuals who buy someone else’s phone account “knowing that the record has been obtained without the authorization of the customer.’’
The same measure also requires the cellular providers to establish “reasonable procedures’’ to ensure that its own customer service representatives aren’t giving out information to people who are not legally entitled to have it.
But there may be less to that provision than it appears.
Susan Bitter Smith, who lobbies on behalf of Cingular and Alltel and helped craft the legislation, said the law simply mandates companies to “do things we’re already doing.’’
In fact, the legislation spells out that providers need not do anything more than they already are required to do under federal law. And it limits the ability of customers to sue their cell companies if someone does get access to their information.
Smith conceded that if these customer records were truly secure, it would be far more difficult — if not impossible — for unauthorized parties to obtain access to someone’s phone calls in the first place. And Smith said that’s why companies are voluntarily exploring new security measures like passwords or requiring written requests for information.
At the heart of the problem is that companies in the business of selling information are able to get cellular providers to cough up personal information on its customers’ calling habits.
Attorney General Terry Goddard, who has heard recordings of people trying to get those records from phone companies, said the callers are creative. “They get them by pretending to be deaf and requiring extra consumer attention,’’ he said.
Goddard said these web site operators should be prosecuted. But he also said the cell companies themselves share in the blame.
“I can’t see any justification for the lack of security,’’ said Goddard.
Paton, however, said cell companies are doing what they can, which is why the legislation is not aimed at forcing them to do more. ‘‘We’re going after the bad actors,’’ he said.
Like Smith, he acknowledged that the security procedures these companies now have does not ensure that only authorized customers get access to phone records. But Paton said he does not believe forcing more restrictive procedures is a good idea.
“If you make it impossible for them to interact with their customers, the customers are going to be upset because they can’t even get some simple information from their cell phone company,’’ he said. And Paton said a prohibition against sending this information only to the address of the person paying the bill is not the answer.
“People move and they do different things,’’ he said.
The legislation contains exceptions to allow release of information required by law, to government agencies if there is imminent danger of death or serious injury and to the National Center for Missing and Exploited Children.