 |
|
|
 |
|
|
| |
|
Table of Contents:
 Service Providers Worry about Recent Pretexting Rules
Mobile TV Standards On the Horizon?
Microsoft Predicts VoIP Prices Will Drop 50%
2007: The Year of BPL?
Private Equity Bids for Telecom Companies: A New Trend?
|
| |
Service Providers Worry about Recent Pretexting Rules
By Susana Schwartz
Concern about competitive practices pervades among service providers after the release of the FCC’s rules around customer proprietary network information (CPNI) access procedures. The new regulations are meant to augment laws against pretexting (the technique used to fraudulently obtain personal data through social engineering) by further protecting subscriber call records and other person data from disclosure to unauthorized people. However, service providers are worried the FCC has failed to strike a balance between protection and competitive practices.
With Congress now looking to impose stricter regulations on phone companies to protect customer data, service providers are closely evaluating their ability to market new service bundles.While all major carriers were contacted for comment, most felt they needed more time to review the rules, or pointed to broader industry associations for comment.
“We are deeply concerned that the FCC is taking an overly broad approach far beyond protecting the legitimate privacy interests of call detail information,” says Walter B. McCormick Jr., President and CEO of USTelecom, whose 1,200 members include the likes of AT&T, Verizon and other incumbents, as well as CLECs and smaller rural companies. “This is an extremely anti-consumer outcome,” he says. Some carriers, particularly smaller rural carriers, feel they will be unable to work with outside marketing partners, even if they have no connection to illegal pretexting.
One of the more contentious rules is that of the “Joint Venture and Independent Contractor Use of CPNI,” regarding “opt-in” consent from consumers. FCC Chairman Martin stated that the former “opt-out” approach to customer consent (whereby a carrier may disclose a customer’s phone records provided that a customer does not expressly withhold consent for such use) shifted too much of the burden to consumers, and therefore resulted in a much broader dissemination of consumer phone records.
For that reason, the FCC modified the consent rules to require carriers to obtain explicit consent from a customer before disclosing a customer’s CPNI to a carrier’s joint venture partners or independent contractors for the purposes of marketing communications-related services to that customer.
The FCC justified its action through a statement that argues “the black market for CPNI has grown exponentially with an increased market value placed on obtaining this data. There is concrete evidence that the dissemination of this private information does inflict specific and significant harm on individuals, including harassment and the use of the data to assume a customer’s identity.”
The FCC concedes that its current rules do not do enough to protect customers, and stated that “while there are safeguards in our current rules for sharing CPNI with joint venture partners and independent contractors, we believe that these safeguards do not adequately protect a customer’s CPNI in today’s environment.” The statement further cited concerns that once CPNI information is shared with partners, it is out of the carrier’s control, and therefore the risk for loss of theft increases significantly.
The FCC concluded that a carrier’s section 222 duty to protect CPNI extends to situations where a carrier shares CPNI with its joint venture partners and independent contractors. The FCC requires express prior customer authorization, because section 222 may not extend to joint venture partners and independent contractors.
The FBI and the Secret Service submitted requests to bar carriers from notifying customers of breaches for seven days after federal authorities are told, and the FCC approved them. Commissioners Copps and Adelstein issued partial dissents, acknowleding there would be circumstances in which a delayed notification regime would be reasonable, such as if an investigation of a large-scale breach of a database might be compromised. However, the commissioners felt the FCC was “overbroad” in its acquiescence to law enforcement: “The FBI and the Secret Service would have the ability to keep victims of these unauthorized disclosures in the dark even longer, perhaps indefinitely," Copps said, adding it’s akin to hiding a burglary from someone who has been robbed.
Adelstein voiced similar concerns, citing the possibility of "unnecessary and even indefinite delay" of consumer notice without government accountability. "The Commission gives the Federal Bureau of Investigation a potentially open-ended ability to delay customer notification of security breaches," he said: "While I expect that the FBI will work as quickly as possible to identify any investigative issues, I find no statutory basis... for granting the FBI a blank check to delay notice to customers."
Chairman Martin made it clear that service providers that fail to adhere to the rules will face penalties. “Compliance with our consumer protection regulations is not optional for any telephone service provider. We need to take whatever actions are necessary to enforce these requirements," he said.
Comments and feedback welcome, please email Jill Morgan at jmorgan@billingworld.com.
|
| |
|
|
|
|
