Under standard procedures, no one at a mobile operator looks at an individual's call data record -- the combination of personal identity, dialled numbers, call times and financial details -- without the customer's permission, according to Tad Neeley, chairman of mobile operator Telscape. If a customer service representative needs to see the record to solve a problem over the phone, they ask the subscriber before opening it up. But the information typically is accessible to many people along the line, including those in administrative positions, Neeley said.

Information on incoming and outgoing calls is collected in a database as the month goes on, but the call data record doesn't exist until someone initiates a query to bring that data together with the customer's name, address, and account information, Neeley said. Then the bill goes out, on paper or as an e-mail message, for the customer's eyes only.

Carriers also need to be able to generate a call data record in response to a subpoena or a police search with a warrant, Neeley said.

But that doesn't mean that no one inside a mobile operator can, technically, create a call data record for their own curiosity, Neeley said. Even if the data is encrypted, some administrators and other employees will have passwords to view it.

Comverse, which provides billing software to mobile operators around the world, offers many tools for carriers to both secure their subscriber records from unauthorized users and keep records on what authorized users do with them, said Senior Vice President Kurt Silverman.

"In our systems, we'll know what you've done, if you did anything interesting," Silverman said. Verizon does not use Comverse's software, he said.

The legality of viewing cell-phone records isn't always as cut and dried as relying on a subpoena, warrant or customer permission, privacy experts said.

Improperly viewing phone records, whether for landline or mobile phones, should fall under federal wiretapping laws, Berkeley's Hoofnagle said. But the statutes specifically addressing phone-record privacy are complicated and aren't always as strong for cell phones as for landlines, he said. A recent bill in the California legislature aimed to protect cellular information as tightly as landline phone bills.

"California tried to strengthen its phone records protections, and there was a very strong lobbying effort from the phone companies to prevent expansion," Hoofnagle said.

The federal government has cracked down on improper access to cell records with the Telephone Records and Privacy Protection Act. It was enacted last year in part to prevent "pretexting," where unauthorized people call a carrier and pretend to make a legitimate request for information. Following the Obama records incident, Sen. Patrick Leahy, chairman of the Senate Judiciary Committee, earlier this week asked the Department of Justice whether that law had been effective in protecting consumers' privacy. But whether the pretexting law covers this kind of internal breach will be a matter of interpretation, CDT's Schwartz said.