FCC Issues CPNI Rulemaking Aimed at Protecting Cellphone Records
The FCC late Fri. released a notice of proposed rulemaking that would require all telecom carriers to submit to the Commission each year certifications providing details on their protocols for protecting customer proprietary network information (CPNI). The FCC proposed that with the certificates a carrier submit a summary of all consumer complaints the previous year on the unauthorized release of CPNI, and a summary of any actions taken against data brokers.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Chmn. Martin said the notice is a direct response to a petition for rulemaking last summer by the Electronic Privacy Information Center (EPIC) seeking tougher rules for carrier protection of CPNI. “Today, we seek comment on whether additional Commission rules are necessary to strengthen the safeguards currently in place to protect consumers’ sensitive telephone record data,” Martin said. “I support this Notice because I am deeply concerned about reports of companies trafficking in personal telephone records.
Comr. Copps said CPNI privacy issues had been raised before but were left to “languish” at the Commission. “By starting this proceeding, we pledge to protect consumers from unscrupulous data brokers who have built a business on selling information about our private conversations,” he said in a written statement.
“Our efforts here to strengthen our rules are critical and time sensitive,” Comr. Adelstein said. “We ask the right questions in this notice, and I'm glad that we once again seek comment on how to protect consumer privacy as communications migrate to broadband and IP platforms.” Comr. Tate said: “While my philosophy leans towards market-based solutions with minimal government intervention, this issue provides a perfect example of the appropriateness of government intervention, investigation, and enforcement.”
The rulemaking is part of the FCC’s ongoing investigation of concerns that Internet companies get cellphone calling records under false pretenses, a scam called pretexting, and selling them to anyone who will pay. The FCC was widely expected to ask many questions about other rules it should impose, while drawing few tentative conclusions (CD Feb 9 p2). Congress is considering legislation that would outlaw pretexting (CD Feb 9 p1). The FCC is also expected to issue additional notices of apparent liability against carriers that file incomplete or inadequate certifications.
A key question before the Commission is whether it will reimpose electronic audit tracking requirements, to track when requests for records are made by pretexters or subscribers. The FCC imposed the requirement in the late 1990s but pulled it after carriers complained it would be burdensome. The Commission distributed a news release but not the NPRM itself, so the full set of questions posed wasn’t available. The release said the FCC is also seeking comment on “other ways to protect customer privacy, including whether carriers should be required to take the additional step of calling a subscriber’s registered telephone number before releasing CPNI in order to verify that the caller requesting the information is actually the subscriber.”
“AT&T shares the FCC’s commitment to protecting consumer privacy and will work with the chairman and commissioners to find ways to safeguard that proprietary information,” a spokesman said. “AT&T has strict policies in place to ensure customer information is protected and we continually upgrade our security to meet the threat posed by bad actors as we learn of new tactics employed by the individuals engaged in this unscrupulous practice.”