Caslon Analytics elephant logo link to home page title for Pretexting note

home | about | site use | services | guides | profiles | papers | timeline |::| Analysphere | Ketupa

overview

USA

Australia














related pages icon
related
Guides:

Privacy

Secrecy &
Confidentiality

Security
& Infocrime



related pages icon
related
Profiles:

Identity
Crime

Stalking

Australian
privacy
regimes

Aust & NZ
telecoms


section heading icon     US

This page considers pretexting in the USA.

In the US federal law prohibits pretexting for financial information, but it does not specifically ban the practice in relation to phone records or forbid online sale of phone records. Carriers are required by the Telecommunications Act of 1996 to protect Customer Proprietary Network Information (CPNI) and have accordingly claimed on occasion that they are victimised by pretexters.

EPIC commented that

Banning the commercial sale of private consumer information is a necessary complement to banning pretexting, as it would "dry up the market" for illegally obtained telephone records. Such a prohibition would also allow consumers and consumer protection agencies to go after those who advertise privacy-invasive services without having to prove the specific techniques that the data brokers have used

Section 6821 of the Gramm-Leach-Bliley Act (15 USC) makes it a crime to commit pretexting against a financial institution, broadly defined under the Act, but does not provide for private action: enforcement is a federal responsibility. The FTC has initiated a handful of enforcement actions under that Act, notably against a Canadian company, generally resulting in administrative penalties. Critics have accordingly argued that federal legislation must specify that pretexting to obtain mobile phone records - or other records where there is no financial loss - is just as serious as pretexting for financial data.

Supporters of the existing US regime note that breaking into online accounts violates the Computer Fraud & Abuse Act (18 USC 1030), although a caution is supplied in Jennifer Granick's 2006 article Faking It: Calculating Loss in Computer Crime Sentencing. It has been argued that pretexting that deceives network operators to provide 'private' information violates the Wire Fraud Act (18 USC 1343).

There have however been no definitive cases regarding pretexting in relation to those enactments or the FTC's broader power to prevent "unfair, deceptive or fraudulent business activities", including anti-phishing cases highlighted here.






     next page  (Australia)



this site
the web

Google

version of August 2006
© Caslon Analytics