EPIC Petition Catches FCC’s Attention


The Federal Communications Commission (FCC) expects to open a proceeding
next Friday on imposing stricter security standards for telephone carriers’
handling of consumers’ personal data.


FCC Commissioner Kevin Martin on Wednesday told a House Energy and Commerce Committee that the FCC will consider approving an Electronic Privacy Information Center (EPIC) calling for more stringent regulations on the carriers’ handling of the data.


“Several weeks ago, I circulated an item to my fellow commissioners granting
EPIC’s petition and inviting comment on whether additional commission rules
are necessary to strengthen the safeguards for customer records,” Martin
said.


Martin said the petition, which calls for action to protect consumers, would be considered and acted upon at the FCC’s Feb. 10 open meeting.


“Data brokers and private investigators are taking advantage of inadequate
security through pretexting, the practice of pretending to have authority to
access protected records,” EPIC’s petition states.


The petition also says unscrupulous operators can crack consumers’ online
telephone accounts and suggests evidence exists of dishonest insiders at the
carriers selling access to information.


EPIC’s petition set off a ripple effect that has resulted in investigations
by the FCC and the Federal Trade Commission and proposed legislation by
Congress.


How well the carriers secure the data has been a subject of intense debate
in Washington, as lawmakers probe how consumers’ data — including call
logs — is being obtained for sale on data-broker Web sites.


Telephone carriers are obligated to protect the Customer Proprietary Network
Information (CPNI) of consumers under the Telecommunications Act of 1996.
However, last August EPIC brought to light the widespread online
availability of the information.


Martin said the FCC would seek comment on EPIC’s recommendations to address
the unlawful and fraudulent release of CPNI data, including consumer-set
passwords, audit trails, encryption, limiting data retention and notice
procedures to consumers on the release of CPNI.


“Further, the item tentatively concludes that the commission should require
all telecommunications carriers to certify on a date certain each year
[they] have established operating procedures adequate to ensure compliance
with [FCC rules],” Martin told the lawmakers.


Earlier this week, the FCC proposed fining AT&T and Alltel $100,000 each for
failing to file paperwork certifying the security of their customers’
telephone data.


The FCC is also seeking information from online data brokers, who have so
far resisted the agency’s efforts to reveal how they are obtaining consumer
data.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web