WASHINGTON—The Federal Communications Commission wants to make sure that the sale of customer call records—which has erupted into this year’s biggest wireless scandal—has not been aided and abetted by employees inside telecommunications companies.
“Is there any evidence that dishonest insiders at the carriers are providing third parties with unauthorized access to customer proprietary network information?” asked the FCC in a notice of proposed rulemaking, the text of which was released late Tuesday
Late last Friday afternoon, the FCC announced it is seeking comment on five specific measures proposed by the Electronic Privacy Information Center on the topic. The commission’s action was widely expected.”There is absolutely no evidence that an employee of one of our carriers is involved,” said CTIA President Steve Largent, repeating Monday what he had told Congress during two separate hearings on the scandal.
In addition to dishonest employees, the FCC asked about other ways data brokers could have gotten access to call records. Specifically, the FCC asked about pretexting—impersonating a customer to obtain call records—as well as computer hacking. The agency also questioned whether procedures and protections differ between small and large carriers.
Comments on the proposed rules are due 30 days after publication in the Federal Register.
The FCC said it found the sale of customer call records “to be disturbing.”
Although the customer-call-records scandal erupted when CBS Evening News ran a Jan. 12 story on the topic, EPIC first raised the issue Aug. 30. EPIC asked that the FCC implement rules to protect customers’ call records. The wireless industry opposes the EPIC petition.
“While not all commenters agree that the FCC should initiate the present rulemaking, none of the commenters dispute that EPIC has identified a problem that needs to be addressed in some manner,” said the commission.
In addition to determining how data brokers are obtaining the information, the FCC also questioned whether carriers alert their customers when customers’ call records are requested.
EPIC suggests that carriers institute passwords to protect their customer call records. However, some carriers don’t like the idea.
“Verizon Communications Inc. and Verizon Wireless report that some customers dislike passwords, and that password systems hamper the transaction of legitimate business,” said the FCC.
Since the CBS Evening News story, policy makers at all levels of government have been expressing outrage and acting to stop the sale of mobile-phone records over the Internet. The FCC has requested carriers’ privacy certifications. Each year carriers must certify that they are protecting customer information. However, the certifications are not filed with the FCC; instead, each carrier must make it available upon request. The commission required each carrier to submit their certifications Feb. 6.
The certifications became important after the House Commerce Committee asked the FCC for the certifications for the five largest wireless and wireline carriers. AT&T Inc.—formerly SBC Communications Inc.—and Alltel Corp. did not adequately respond to the request, the FCC said. The FCC Jan. 30 proposed fining each company $100,000, and Martin said if the commission was not satisfied with the other certifications, a similar fate could await other operators.
Proposed fines become effective 30 days after the deadline unless a settlement is reached.
Several bills have also been introduced in the House and the Senate on the topic.
The scandal is also hot at the state level. Several state bills have been introduced and several state attorneys general are investigating the issue.