[109th Congress Public Law 476]
[From the U.S. Government Printing Office]


[DOCID: f:publ476.109]

[[Page 3567]]

          TELEPHONE RECORDS AND PRIVACY PROTECTION ACT OF 2006

[[Page 120 STAT. 3568]]

Public Law 109-476
109th Congress

                                 An Act


 
To amend title 18, United States Code, to strengthen protections for law 
enforcement officers and the public by providing criminal penalties for 
     the fraudulent acquisition or unauthorized disclosure of phone 
            records. <<NOTE: Jan. 12, 2007 -  [H.R. 4709]>> 

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled, <<NOTE: Telephone 
Records and Privacy Protection Act of 2006.>> 

SECTION 1. <<NOTE: 18 USC 1 note.>> SHORT TITLE.

    This Act may be cited as the ``Telephone Records and Privacy 
Protection Act of 2006''.

SEC. 2. <<NOTE: 18 USC 1039 note.>> FINDINGS.

    Congress finds that--
            (1) telephone records can be of great use to criminals 
        because the information contained in call logs may include a 
        wealth of personal data;
            (2) call logs may reveal the names of telephone users' 
        doctors, public and private relationships, business associates, 
        and more;
            (3) call logs are typically maintained for the exclusive use 
        of phone companies, their authorized agents, and authorized 
        consumers;
            (4) telephone records have been obtained without the 
        knowledge or consent of consumers through the use of a number of 
        fraudulent methods and devices that include--
                    (A) telephone company employees selling data to 
                unauthorized data brokers;
                    (B) ``pretexting'', whereby a data broker or other 
                person represents that they are an authorized consumer 
                and convinces an agent of the telephone company to 
                release the data; or
                    (C) gaining unauthorized Internet access to account 
                data by improperly activating a consumer's account 
                management features on a phone company's webpage or 
                contracting with an Internet-based data broker who 
                trafficks in such records; and
            (5) the unauthorized disclosure of telephone records not 
        only assaults individual privacy but, in some instances, may 
        further acts of domestic violence or stalking, compromise the 
        personal safety of law enforcement officers, their families, 
        victims of crime, witnesses, or confidential informants, and 
        undermine the integrity of law enforcement investigations.

[[Page 120 STAT. 3569]]

SEC. 3. FRAUD AND RELATED ACTIVITY IN CONNECTION WITH OBTAINING 
            CONFIDENTIAL PHONE RECORDS INFORMATION OF A COVERED ENTITY.

    (a) Offense.--Chapter 47 of title 18, United States Code, is amended 
by inserting after section 1038 the following:

``Sec. 1039. Fraud and related activity in connection with obtaining 
                        confidential phone records information of a 
                        covered entity

    ``(a) Criminal Violation.--Whoever, in interstate or foreign 
commerce, knowingly and intentionally obtains, or attempts to obtain, 
confidential phone records information of a covered entity, by--
            ``(1) making false or fraudulent statements or 
        representations to an employee of a covered entity;
            ``(2) making such false or fraudulent statements or 
        representations to a customer of a covered entity;
            ``(3) providing a document to a covered entity knowing that 
        such document is false or fraudulent; or
            ``(4) accessing customer accounts of a covered entity via 
        the Internet, or by means of conduct that violates section 1030 
        of this title, without prior authorization from the customer to 
        whom such confidential phone records information relates;

shall be fined under this title, imprisoned for not more than 10 years, 
or both.
    ``(b) Prohibition on Sale or Transfer of Confidential Phone Records 
Information.--
            ``(1) Except as otherwise permitted by applicable law, 
        whoever, in interstate or foreign commerce, knowingly and 
        intentionally sells or transfers, or attempts to sell or 
        transfer, confidential phone records information of a covered 
        entity, without prior authorization from the customer to whom 
        such confidential phone records information relates, or knowing 
        or having reason to know such information was obtained 
        fraudulently, shall be fined under this title, imprisoned not 
        more than 10 years, or both.
            ``(2) <<NOTE: Applicability.>> For purposes of this 
        subsection, the exceptions specified in section 222(d) of the 
        Communications Act of 1934 shall apply for the use of 
        confidential phone records information by any covered entity, as 
        defined in subsection (h).

    ``(c) Prohibition on Purchase or Receipt of Confidential Phone 
Records Information.--
            ``(1) Except as otherwise permitted by applicable law, 
        whoever, in interstate or foreign commerce, knowingly and 
        intentionally purchases or receives, or attempts to purchase or 
        receive, confidential phone records information of a covered 
        entity, without prior authorization from the customer to whom 
        such confidential phone records information relates, or knowing 
        or having reason to know such information was obtained 
        fraudulently, shall be fined under this title, imprisoned not 
        more than 10 years, or both.
            ``(2) <<NOTE: Applicability.>> For purposes of this 
        subsection, the exceptions specified in section 222(d) of the 
        Communications Act of 1934 shall apply for the use of 
        confidential phone records information by any covered entity, as 
        defined in subsection (h).

    ``(d) Enhanced Penalties for Aggravated Cases.--Whoever violates, or 
attempts to violate, subsection (a), (b), or (c) while

[[Page 120 STAT. 3570]]

violating another law of the United States or as part of a pattern of 
any illegal activity involving more than $100,000, or more than 50 
customers of a covered entity, in a 12-month period shall, in addition 
to the penalties provided for in such subsection, be fined twice the 
amount provided in subsection (b)(3) or (c)(3) (as the case may be) of 
section 3571 of this title, imprisoned for not more than 5 years, or 
both.
    ``(e) Enhanced Penalties for Use of Information in Furtherance of 
Certain Criminal Offenses.--
            ``(1) Whoever, violates, or attempts to violate, subsection 
        (a), (b), or (c) knowing that such information may be used in 
        furtherance of, or with the intent to commit, an offense 
        described in section 2261, 2261A, 2262, or any other crime of 
        violence shall, in addition to the penalties provided for in 
        such subsection, be fined under this title and imprisoned not 
        more than 5 years.
            ``(2) Whoever, violates, or attempts to violate, subsection 
        (a), (b), or (c) knowing that such information may be used in 
        furtherance of, or with the intent to commit, an offense under 
        section 111, 115, 1114, 1503, 1512, 1513, or to intimidate, 
        threaten, harass, injure, or kill any Federal, State, or local 
        law enforcement officer shall, in addition to the penalties 
        provided for in such subsection, be fined under this title and 
        imprisoned not more than 5 years.

    ``(f) Extraterritorial Jurisdiction.--There is extraterritorial 
jurisdiction over an offense under this section.
    ``(g) Nonapplicability to Law Enforcement Agencies.--This section 
does not prohibit any lawfully authorized investigative, protective, or 
intelligence activity of a law enforcement agency of the United States, 
a State, or political subdivision of a State, or of an intelligence 
agency of the United States.
    ``(h) Definitions.--In this section:
            ``(1) Confidential phone records information.--The term 
        `confidential phone records information' means information 
        that--
                    ``(A) relates to the quantity, technical 
                configuration, type, destination, location, or amount of 
                use of a service offered by a covered entity, subscribed 
                to by any customer of that covered entity, and kept by 
                or on behalf of that covered entity solely by virtue of 
                the relationship between that covered entity and the 
                customer;
                    ``(B) is made available to a covered entity by a 
                customer solely by virtue of the relationship between 
                that covered entity and the customer; or
                    ``(C) is contained in any bill, itemization, or 
                account statement provided to a customer by or on behalf 
                of a covered entity solely by virtue of the relationship 
                between that covered entity and the customer.
            ``(2) Covered entity.--The term `covered entity'--
                    ``(A) has the same meaning given the term 
                `telecommunications carrier' in section 3 of the 
                Communications Act of 1934 (47 U.S.C. 153); and
                    ``(B) includes any provider of IP-enabled voice 
                service.
            ``(3) Customer.--The term `customer' means, with respect to 
        a covered entity, any individual, partnership, association,

[[Page 120 STAT. 3571]]

        joint stock company, trust, or corporation, or authorized 
        representative of such customer, to whom the covered entity 
        provides a product or service.
            ``(4) IP-enabled voice service.--The term `IP-enabled voice 
        service' means the provision of real-time voice communications 
        offered to the public, or such class of users as to be 
        effectively available to the public, transmitted through 
        customer premises equipment using TCP/IP protocol, or a 
        successor protocol, (whether part of a bundle of services or 
        separately) with interconnection capability such that the 
        service can originate traffic to, or terminate traffic from, the 
        public switched telephone network, or a successor network.''.

    (b) Chapter Analysis.--The table of sections for chapter 47 of title 
18, United States Code, is amended by adding after the item relating to 
section 1038 the following:

``1039. Fraud and related activity in connection with obtaining 
           confidential phone records information of a covered 
           entity.''.

SEC. 4. <<NOTE: 28 USC 994 note.>> SENTENCING GUIDELINES.

    (a) Review <<NOTE: Deadline.>> and Amendment.--Not later than 180 
days after the date of enactment of this Act, the United States 
Sentencing Commission, pursuant to its authority under section 994 of 
title 28, United States Code, and in accordance with this section, shall 
review and, if appropriate, amend the Federal sentencing guidelines and 
policy statements applicable to persons convicted of any offense under 
section 1039 of title 18, United States Code.

    (b) Authorization.--The United States Sentencing Commission may 
amend the Federal sentencing guidelines in accordance with the 
procedures set forth in section 21(a) of the Sentencing Act of 1987 (28 
U.S.C. 994 note) as though the authority under that section had not 
expired.

    Approved January 12, 2007.

LEGISLATIVE HISTORY--H.R. 4709:
---------------------------------------------------------------------------

HOUSE REPORTS: No. 109-395 (Comm. on the Judiciary).
CONGRESSIONAL RECORD, Vol. 152 (2006):
            Apr. 25, considered and passed House.
            Dec. 8, considered and passed Senate.

                                  <all>