By Marguerite Reardon
http://news.com.com/FCC+imposes+rules+designed+to+prevent+pretexting/2100-1037_3-6172705.html
The Federal Communications Commission hopes to prevent data burglaries
with a set of new regulations for phone companies aimed at preventing
the fraudulent practice called "pretexting."
On Monday, the FCC issued an order designed to strengthen its current
privacy rules by requiring telephone and wireless operators to adopt
additional safeguards to protect personal telephone records from being
disclosed to unauthorized people.
The new regulations come as lawmakers have already outlawed the
practice of "pretexting," which encompasses any technique used to
fraudulently obtain personal information. Congress is now looking to
impose stricter regulations on phone companies to protect customer
data.
The issue came to a head last year when investigators hired by
Hewlett-Packard, in a quest to trace the source of board room media
leaks, employed pretexting to nab the phone records of
journalists -- including three from CNET News.com -- and company board
members.
Specifically, the FCC order prohibits carriers from releasing --
either over the phone or online -- sensitive personal data, such as
call detail records, unless the customer provides a password. It also
requires operators to notify customers immediately when changes are
made to their accounts. And it requires providers to notify their
customers in the event of a breach of confidentiality.
Phone companies, including wireless, fixed line and voice over IP
(VoIP) providers, also must annually certify their compliance with
these regulations, inform the FCC of any actions they have taken
against data brokers, and provide a summary of the complaints they
receive regarding the unauthorized release of personal customer
information. The regulations also require telephone carriers to notify
law enforcement authorities before customers when they suspect
breaches have occurred -- a provision that drew criticism from the two
Democratic FCC commissioners and consumer privacy advocates.
"Particularly in light of the most recent report on the TJX fiasco,
which makes clear the problem with failing to notify consumers once a
breach occurs, we believe the FCC should have rejected that approach,"
said Marc Rotenberg, executive director of the Electronic Privacy
Information Center, which petitioned the regulators in August 2005 to
impose stronger security standards on telephone companies.
He was referring to recent reports that 45.7 million accounts for
customers of the company that operates such discount retail chains as
T.J. Maxx and Marshalls were compromised.
Rotenberg said his organization was nevertheless "generally pleased"
with the rules.
The FCC has taken "commendable and important steps to strengthen
consumer privacy, and commendably done so without taking away the
right of states to enact stronger laws," said Ed Mierzwinski of the
U.S. Public Interest Research Group, a consumer advocacy group,
although he added that he shared concerns about the law enforcement
notification rules.
Phone companies, such as Verizon Communications, say protecting
customer information is a top priority for them, and they are
constantly reevaluating their security practices to protect consumers'
data. Several companies have taken data brokers to court.
Verizon also claims the FCC is going too far with its requirements.
"The key is protecting (sensitive) information without disrupting
legitimate consumer activities and customer service," said David Fish,
a spokesman for Verizon. "We have strong concerns that parts of the
FCC order may have the unintended consequence of undermining
consumers' ability to receive useful information about new products,
services and savings."
One of the biggest concerns phone companies have is that the FCC is
making it difficult for them to 'work with partners' and marketing
contractors to bring new services to consumers, by mandating that they
can only share customer data with these partners once they obtain
customer consent.
"We are deeply concerned that the FCC is taking an overly broad
approach far beyond protecting the legitimate privacy interests of
call detail information to preventing any marketing of new services,
bundled offerings and new applications--using joint venture partners
or independent contractors -- that can save consumers money," Walter
McCormick Jr., president and CEO of USTelecom, said in a statement.
Verizon further claimed, "This is an extremely anticonsumer
outcome. This approach also will impede competition and will
particularly impact the smaller rural service providers, who now will
be unable to work with outside marketing partners, even though they
have no connection to illegal pretexting."
But the FCC said that after an extensive investigation, it found that
the phone companies' current steps to protect consumers' information
has not been adequate.
"The former 'opt-out' approach to customer consent, whereby a carrier
may disclose a customer's phone records provided that a customer does
not expressly withhold consent to such use, shifted too much of the
burden to consumers, and has resulted in a much broader dissemination
of consumer phone records," FCC Chairman Kevin Martin said in a
statement. "The 'opt-in' approach adopted in this order clearly is
supported by the record, is consistent with applicable law, and
directly advances our interest in protecting customer privacy."
The new rules will go into effect six months after the federal Office
of Management and Budget approves them, a process that by itself could
take 120 days or more.
Copyright 2007 CNET Networks, Inc.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html
For more news and headlines, please go to:
http://telecom-digest.org/td-extra/internet-news.html
[TELECOM Digest Editor's Note: In other words, SBC alias AT&T,
Verizon, and other telcos, we do not wish to hear about your latest
gimmick for 'only ten dollars per month' for which your 'partner'
can cram us up our phone bill or lie about the operation of unless
we first specifically tell you we are interested. And for that, you
smear us and call us 'anti-consumer. PAT]