WASHINGTON-Late Friday, the Federal Communications Commission announced it will examine ways to strengthen the protection of customer call records. The agency is seeking comment on five specific measures proposed by the Electronic Privacy Information Center on the topic.
The FCC’s action was widely expected. Indeed, FCC Chairman Kevin Martin told the House Commerce Committee earlier this month the commission would act by last Friday on EPIC’s petition for rulemaking. Officially, the agency granted the EPIC petition and then went on to ask specifically how customer call records can be better protected. The FCC did not release the text of the decision.
“While my philosophy leans toward market-based solutions with minimal government intervention, this issue provides a perfect example of the appropriateness of government intervention, investigation and enforcement. Indeed, national security is of the utmost importance, but so is personal security. We must be vigilant to protect our personal digital borders as we are our nation’s physical borders. The action we take today should send a clear message to information snatchers-who are attacking our citizens in the privacy of their own homes-that we take seriously our obligation to protect consumers’ most personal information,” said FCC Commissioner Deborah Taylor Tate.
The wireless industry said it would engage in the FCC’s rulemaking.
“We look forward to continuing to work with the FCC on this important issue and will certainly provide comments on the proposed rulemaking. We all agree with the goal of protecting this information from disclosure,” said Chris Guttman-McCabe, CTIA vice president of regulatory affairs. “We believe these strong prosecutorial actions, combined with steps that carriers have taken and will continue to take, will go a long way toward putting these thieves out of business and/or in jail.”
One of EPIC’s recommendations is that customer call data be destroyed when it is no longer needed. This idea was highlighted at a hearing last week at the Senate Commerce consumer affairs subcommittee when EPIC said the wireless industry should not collect information it cannot protect.
“We were disappointed that CTIA opposed our petition at the FCC,” said Marc Rotenberg, EPIC executive director. “If wireless carriers can’t protect the information, they shouldn’t collect the information. Consumers are being put at risk.”
The wireless industry believes it is better to have many different ways to protect privacy, while EPIC wants one proscribed way, CTIA President Steve Largent told RCR Wireless News after the Senate hearing. Largent said he is confident that his members are working to protect their customers’ records.
“What we are trying to do is build a safe system and the way to do that is to build different systems with every carrier having its own system to protect the customer,” said Largent. “I am confident that our carriers are aware of this and are working aggressively to protect their customers’ information. I know that is a fact. It can be argued whether customer information has been made totally safe. The fact is it hasn’t as you heard here today but I can tell you that our carriers receive millions, if not billions, of phone calls about their customer records. There have been a few cases like that were mentioned today where they were not the customer that was calling in wanting the information. It was a pretexter.”
Since the CBS Evening News ran a Jan. 12 story critical of the mobile-phone industry, policy makers at all levels of government have been expressing outrage and acting to stop the sale of mobile-phone records over the Internet. The FCC’s action applies to all telecommunications carriers which are subject to its customer proprietary network information (CPNI) rules.
One of these rules requires that carriers certify that they protect their customers’ privacy. The FCC has been examining carriers’ privacy certifications. Each certification is different in the amount of information and detail presented to the commission. This could change if a proposed rule is eventually adopted.
“The FCC observes that a lack of uniformity in these certifications could be an obstacle to effective enforcement,” said the commission, asking whether it should change its rules “to require carriers to file annual compliance certificates with the agency, along with a summary of all consumer complaints received in the past year concerning the unauthorized release of CPNI and a summary of any actions taken against data brokers during the preceding year.”
Each year carriers must certify that they are protecting customer information. However, the certifications are not filed with the FCC; instead, each carrier must make it available upon request. The commission required each carrier to submit their certifications Feb. 6.
The certifications became important after the House Commerce Committee asked the FCC for the certifications for the five largest wireless and wireline carriers. AT&T Inc.-formerly SBC Communications Inc.-and Alltel Corp. did not adequately respond to the request, the FCC said. The FCC Jan. 30 proposed fining each company $100,000, and Martin said if the commission was not satisfied with the other certifications, a similar fate could await them.
Proposed fines become effective 30 days after the deadline unless a settlement is reached.
Legislation on the issue has been introduced separately in the Senate by Sens. Charles Schumer (D.-N.Y.) and Richard Durbin (D-Ill.). There are at least two bills in the House. Rep. Joe Barton (R-Texas), chairman of the House Commerce Committee, and Sen. Ted Stevens (R-Alaska), chairman of the Senate Commerce Committee, also plan to introduce bills on the topic.
Sen. George Allen (R-Va.), chairman of the Senate Commerce consumer-affairs subcommittee, said any legislation passed by the Senate would remove the requirement for warning letters and citations. “When you go after somebody, you don’t give warning,” said Allen. The Federal Trade Commission sent warning letters to 20 data brokers last week.
The scandal is also hot at the state level. Several state bills have been introduced and several state attorneys general are investigating the issue.