PRIA Logo
Take the PRIA Score
Title 18Crimes and Criminal ProcedureRelease 119-73

§1039 Fraud and related activity in connection with obtaining confidential phone records information of a covered entity

Title 18 › Part PART I— - CRIMES › Chapter CHAPTER 47— - FRAUD AND FALSE STATEMENTS › § 1039

Last updated Apr 6, 2026|Official source

Summary

Makes it a crime to knowingly get, try to get, sell, or buy a customer's private phone records across state lines or from another country by lying to a phone company worker or customer, giving fake papers, hacking, or doing it without the customer's permission. Conviction can mean fines and up to 10 years in prison. If the act happens with another crime or is part of a scheme that involves more than $100,000 or more than 50 customers in a 12‑month period, the offender faces a bigger fine (double the usual federal fine) and up to 5 more years in prison. If the person did it knowing the information could help commit a violent crime or be used to threaten or hurt law enforcement, they can get up to 5 extra years. The law applies even to acts outside the United States and does not stop lawful investigations by U.S. or state law enforcement or intelligence agencies. Confidential phone records information — private details about a customer’s phone service, usage, or bills kept because of the customer relationship. Covered entity — a telephone or similar service provider, including internet‑based voice services. Customer — anyone or any business that gets service from the provider. IP‑enabled voice service — real‑time voice calls sent over the internet that can connect with the regular phone network.

Full Legal Text

Title 18, §1039

Crimes and Criminal Procedure — Source: USLM XML via OLRC

(a)Whoever, in interstate or foreign commerce, knowingly and intentionally obtains, or attempts to obtain, confidential phone records information of a covered entity, by—
(1)making false or fraudulent statements or representations to an employee of a covered entity;
(2)making such false or fraudulent statements or representations to a customer of a covered entity;
(3)providing a document to a covered entity knowing that such document is false or fraudulent; or
(4)accessing customer accounts of a covered entity via the Internet, or by means of conduct that violates section 1030 of this title, without prior authorization from the customer to whom such confidential phone records information relates;
(b)(1)Except as otherwise permitted by applicable law, whoever, in interstate or foreign commerce, knowingly and intentionally sells or transfers, or attempts to sell or transfer, confidential phone records information of a covered entity, without prior authorization from the customer to whom such confidential phone records information relates, or knowing or having reason to know such information was obtained fraudulently, shall be fined under this title, imprisoned not more than 10 years, or both.
(2)For purposes of this subsection, the exceptions specified in section 222(d) of the Communications Act of 1934 shall apply for the use of confidential phone records information by any covered entity, as defined in subsection (h).
(c)(1)Except as otherwise permitted by applicable law, whoever, in interstate or foreign commerce, knowingly and intentionally purchases or receives, or attempts to purchase or receive, confidential phone records information of a covered entity, without prior authorization from the customer to whom such confidential phone records information relates, or knowing or having reason to know such information was obtained fraudulently, shall be fined under this title, imprisoned not more than 10 years, or both.
(2)For purposes of this subsection, the exceptions specified in section 222(d) of the Communications Act of 1934 shall apply for the use of confidential phone records information by any covered entity, as defined in subsection (h).
(d)Whoever violates, or attempts to violate, subsection (a), (b), or (c) while violating another law of the United States or as part of a pattern of any illegal activity involving more than $100,000, or more than 50 customers of a covered entity, in a 12-month period shall, in addition to the penalties provided for in such subsection, be fined twice the amount provided in subsection (b)(3) or (c)(3) (as the case may be) of section 3571 of this title, imprisoned for not more than 5 years, or both.
(e)(1)Whoever, violates, or attempts to violate, subsection (a), (b), or (c) knowing that such information may be used in furtherance of, or with the intent to commit, an offense described in section 2261, 2261A, 2262, or any other crime of violence shall, in addition to the penalties provided for in such subsection, be fined under this title and imprisoned not more than 5 years.
(2)Whoever, violates, or attempts to violate, subsection (a), (b), or (c) knowing that such information may be used in furtherance of, or with the intent to commit, an offense under section 111, 115, 1114, 1503, 1512, 1513, or to intimidate, threaten, harass, injure, or kill any Federal, State, or local law enforcement officer shall, in addition to the penalties provided for in such subsection, be fined under this title and imprisoned not more than 5 years.
(f)There is extraterritorial jurisdiction over an offense under this section.
(g)This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or political subdivision of a State, or of an intelligence agency of the United States.
(h)In this section:
(1)The term “confidential phone records information” means information that—
(A)relates to the quantity, technical configuration, type, destination, location, or amount of use of a service offered by a covered entity, subscribed to by any customer of that covered entity, and kept by or on behalf of that covered entity solely by virtue of the relationship between that covered entity and the customer;
(B)is made available to a covered entity by a customer solely by virtue of the relationship between that covered entity and the customer; or
(C)is contained in any bill, itemization, or account statement provided to a customer by or on behalf of a covered entity solely by virtue of the relationship between that covered entity and the customer.
(2)The term “covered entity”—
(A)has the same meaning given the term “telecommunications carrier” in section 3 of the Communications Act of 1934 (47 U.S.C. 153); and
(B)includes any provider of IP-enabled voice service.
(3)The term “customer” means, with respect to a covered entity, any individual, partnership, association, joint stock company, trust, or corporation, or authorized representative of such customer, to whom the covered entity provides a product or service.
(4)The term “IP-enabled voice service” means the provision of real-time voice communications offered to the public, or such class of users as to be effectively available to the public, transmitted through customer premises equipment using TCP/IP protocol, or a successor protocol, (whether part of a bundle of services or separately) with interconnection capability such that the service can originate traffic to, or terminate traffic from, the public switched telephone network, or a successor network.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

References in Text

section 222(d) of the Communications Act of 1934, referred to in subsecs. (b)(2) and (c)(2), is classified to section 222(d) of Title 47, Telecommunications.

Statutory Notes and Related Subsidiaries

Findings Pub. L. 109–476, § 2, Jan. 12, 2007, 120 Stat. 3568, provided that: “Congress finds that— “(1) telephone records can be of great use to criminals because the information contained in call logs may include a wealth of personal data; “(2) call logs may reveal the names of telephone users’ doctors, public and private relationships, business associates, and more; “(3) call logs are typically maintained for the exclusive use of phone companies, their authorized agents, and authorized consumers; “(4) telephone records have been obtained without the knowledge or consent of consumers through the use of a number of fraudulent methods and devices that include—“(A) telephone company employees selling data to unauthorized data brokers; “(B) ‘pretexting’, whereby a data broker or other person represents that they are an authorized consumer and convinces an agent of the telephone company to release the data; or “(C) gaining unauthorized Internet access to account data by improperly activating a consumer’s account management features on a phone company’s webpage or contracting with an Internet-based data broker who trafficks in such records; and “(5) the unauthorized disclosure of telephone records not only assaults individual privacy but, in some instances, may further acts of domestic violence or stalking, compromise the personal safety of law

Enforcement

officers, their families, victims of crime, witnesses, or confidential informants, and undermine the integrity of law

Enforcement

investigations.”

Reference

Citations & Metadata

Citation

18 U.S.C. § 1039

Title 18Crimes and Criminal Procedure

Last Updated

Apr 6, 2026

Release point: 119-73