This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
Verizon Wireless today apologized to President-elect Barack Obama after discovering that employees had snooped into his cell phone records in the latest example of a VIP’s private information being accessed by nosy staffers.
An Obama aide said that employees didn't listen to voicemails or read emails, but it's unclear exactly what records were accessed and when – or how many employees were involved. Verizon didn't return phone and email requests for comment but said in a statement that the snoops would be disciplined.
The incident highlights how insecure information is and reminds cell phone and Internet users that telecom workers can easily access and peek at their accounts. But it's unclear how widespread the practice is, and the problem isn’t limited to phone and data transmissions. Two State Department contractors were fired earlier this year after accessing the passport files of Obama and his primary rival (and reportedly his designated Secretary of State) Hillary Clinton. Employees at New-York Presbyterian Hospital were suspended after they tried to flip through former President Bill Clinton’s medical chart after his 2004 bypass surgery, and UCLA Medical Center staff were fired after looking at celebrity records.
"I can't say this is a massive problem, but it's probably something that happens all the time and we don’t know much about it," says Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, a civil liberties group in San Francisco
Some businesses, particularly hospitals, now have access controls, including passwords, that restrict records to certain employees during limited windows, says Ari Schwartz, vice president of the Washington nonprofit Center for Democracy and Technology. Others have audit trails to discourage furtive searches. "But the problem with just having audit trails is that you only see it after the fact, when they've been accessed by so many people that it rises to that level of concern," Schwartz says, noting the UCLA cases.
It's not clear what privacy measures Verizon has in place, but "it says something about Verizon that they said something about this at all," Schwartz says. The snooping "could be happening at Obama's credit card companies and banks. That it came out and they're [Verizon] investigating is a good sign. But where we stand is scary for a regular person if they have their records looked at and [do] not have the same thing happen."
Part of the reason is that there are legal gaps, Tien says. Nosing around in Obama's records is unseemly, but it doesn’t violate the federal Electronic Communications Privacy Act unless it involves accessing stored communications, such as voicemails or emails, Tien says. In other words, taking a peek at, say, his subscriber information, such as how he paid for the service and even the numbers he dialed or received calls from, may violate company policy, but not that law. State laws on communications privacy vary.
"There's no question that everyone's instinct is right that . . .this is an invasion of privacy," Tien says. "Patterns of who called who when can be really revealing to who you are and are not what you want folks to access without authorization.
"To the extent that this kind of unauthorized access to a person's phone records isn’t currently a matter that's really given protection," he adds, "maybe its time that it was, because it really is a violation of privacy to have those kind of records looked at."
Image by chrisphoto via Flickr
