While CTIA and the U.S. wireless industry are not familiar with the details from the British voice mail hacking beyond the news stories, Americans should know that there are several laws in the U.S. and measures taken by wireless carriers that protect consumers’ privacy.
Based on media reports, it appears the British voice mail hacking was done through pretexting, which is a federal crime in the U.S.. Pretexting occurs when someone pretends to be the customer and contacts the carrier’s customer service representative to obtain or reset the customer’s voice mail password. This allows the fictitious customer access to the voice mails. In addition, the Federal Communications Commission (FCC) has specific regulations that require carriers to report their efforts to secure Customer Proprietary Network Information (CPNI). As a result, carriers will not reset passwords or send billing records to anyone other than the customer and this information can only be sent to their device or to their billing or e-mail address.
Many forms of spoofing are also against the law in the U.S. Spoofing occurs which is when an individual deliberately manipulates the caller name and phone number that is transmitted via the network and appears on caller ID screens. When we originally wrote a blog post educating consumers about spoofing, the practice was legal but there were bills in Congress and FCC regulations that CTIA advocated to ban these practices. On December 22, 2010, the Truth in Caller ID Act of 2009 was signed into law, which made “manipulation of caller identification information” illegal when it was done to deceit, cause harm or wrongfully obtain information of value.
Our carrier members are dedicated to keeping their customer’s information protected because, quite simply, they want to keep them happy. Since customers in the U.S. have a number of options throughout the wireless ecosystem, including carriers, a happy customer is vital to their businesses.
In addition to complying with all laws, carriers share best practices and augment their systems to address new and evolving threats. These practices include limiting the number of people that have access to customer records, voice mail systems and call records. Accounts that have access to this information are also routinely subjected to technical audits for signs they have been compromised or misuse by an employee.
Carriers continue to actively protect their customers’ privacy. Even though pretexting and spoofing are illegal in the U.S., CTIA recommends consumers take these simple precautionary measures:
- Keep your wireless device with you at all times. Use the lock feature, so that if someone takes your phone, s/he cannot use it to access your voice mail.
- Don’t give your device to a person you don’t know. If you lose your device, contact your carrier immediately so they can turn off service and prevent others from accessing your voice mails (or other personal information).
- Create a voice mail password and change it periodically, using passwords that are hard to guess.
- Limit the number of messages allowed in your voice mail and delete once you’ve listened to them.
- If you are prone to losing things like your phone, consider purchasing one that allows you to remotely wipe the data clean from your device.
If you are a victim of pretexting or caller ID spoofing, contact the FCC to register a complaint.