SPRINGFIELD – Responding to alarming reports about sensitive personal and corporate information being easily retrieved from discarded cell phones, Governor Rod R. Blagojevich today sent a letter to two federal regulatory bodies, urging them to require cell phone companies to develop effective ways to completely delete a customer’s information.
“Recent reports now indicate that when a cell phone’s memory is erased, sensitive information that is supposed to have been deleted can be easily restored,” wrote the Governor in a letter to the chairperson of the Federal Trade Commission (FTC), Deborah Platt Majoras, and the chairman of the Federal Communications Commission (FCC), Kevin J. Martin. “Current federal laws require cell phone companies to protect their customer’s personal information, but clearly there’s a gap. I urge both of your agencies to require cell phone companies to develop more effective methods to completely delete a customer’s information.”
Recent media reports about the ease in which sensitive information that was supposed to have been deleted from discarded or reset cell phones, was retrieved using inexpensive software that is found on the Internet, have raised alarm about confidential information falling in the wrong hands or being used for unlawful purposes.
According to one of those reports software experts who bought 10 discarded phones on eBay were able to easily retrieve, among other things:
· A company’s plan to win a multimillion-dollar federal transportation contract;
· Emails about another company’s payments for a software license;
· Detailed information about a man’s prescription drugs and utility payments.
· Bank accounts number and passwords from several individuals.
The media reports indicated that instructions provided by manufacturers to delete a customer’s information are often hard to use or even find, whereas the tools to retrieve supposedly deleted information are easy to use and find for hackers and identity thieves.
Gov. Blagojevich has taken aggressive steps to protect private information from identity theft, including enacting legislation recently that made Illinois one of the first states in the nation to outlaw “pretexting”, an unlawful practice that allows an individual pretending to be an account holder to obtain cell phone records, long distance call records and other personal records.
This year, Gov. Blagojevich also enacted other pieces of legislation to protect personal information and combat identity theft, including:
SB2310, which allows Illinois residents to put a security freeze on their credit report if they believe their personal information has been compromised;
HB4179, which prohibits identity theft offenders from changing their names; and
HB4438 and HB4449, which give state employees and agencies additional requirements for properly disposing of personal information and notifying residents if their information has been compromised.
The text of the Governor’s letter to the FTC and the FCC follows:
September 5, 2006
Deborah Platt Majoras
Federal Trade Commission
600 Pennsylvania Avenue, N.W.
Washington, D.C. 20580
Kevin J. Martin
Federal Communications Commission
445 12th Street, S.W.
Washington, DC 20554
Dear Chairperson Majoras and Chairman Martin:
I am writing today regarding the need for greater protections and privacy for cell phone users.
Recent reports now indicate that when a cell phone’s memory is erased, sensitive information that is supposed to have been deleted can be easily restored by anyone using inexpensive software that can be downloaded from the Internet.
More alarming are the examples of the types of information that are all too easily available: information containing a company’s plan to win a multimillion-dollar federal contract, an individual’s personal medical history, and emails about a firm’s software license.
There is a clear cause for alarm when a person’s or company’s most sensitive information – information that was supposed to have been eliminated when their cell phones are reset or discarded - can easily end up in the wrong hands or used for unlawful purposes.
Here in Illinois we’ve taken aggressive steps to protect private information from identity thieves, including enacting legislation that made Illinois one of the first states in the nation to outlaw the practice of “pretexting”, where an individual pretends to be an account holder to unlawfully obtain cell phone records, long distance records and other personal information.
Current federal laws require cell phone companies to protect their customers’ personal information, but clearly there’s a gap. The Federal Communications Commission and the Federal Trade Commission are charged with monitoring and regulating telephone companies and protect consumers.
I urge both of your agencies to require cell phone companies to develop more effective methods to completely delete a customer’s information.
Rod R. Blagojevich