Jan. 21 --Wireless carriers told the Federal Communications Commission that federal law permits telecommunications companies to share and sell consumer information to third-party groups as long as individual customer identities and characteristics have been removed, according to a filing made public Jan. 21.
CTIA - The Wireless Association sought to persuade policy makers that the practice is legal during a time when Washington continues to debate what privacy protections U.S. consumers should be able to expect from their telecommunications providers.
CTIA urged the FCC to dismiss a Public Knowledge petition to clarify that telecommunications companies are restricted from sharing anonymized consumer information, the filing said. The group said Public Knowledge misread Section 222 of the Communications Act of 1934, as amended, in asserting that anonymized, or de-identified, call records constitute “individually identifiable” customer proprietary network information (CPNI), according to its filing with the commission.
All four major wireless carriers--AT&T Inc., Verizon Communications Inc., Sprint Corp. and T-Mobile USA Inc.--are CTIA members.
The petition stems in part from a Nov. 7 New York Times article that revealed AT&T Inc. had sold to the Central Intelligence Agency some of its customers' anonymized call records. In December, nearly a dozen public interest groups led by Public Knowledge filed the petition for a declaratory ruling with the FCC to clarify that Section 222 forbids communications companies from selling de-identified call records to third parties without their customers' consent.
Even if wireless companies “mask” several phone number digits from the call records they sell, the remaining data--incoming calls, call times and call durations--do not constitute anonymous records because they can be linked back to specific individuals, Public Knowledge said.
Section 222 prevents carriers from disclosing or permitting access to a customer's individually identifiable CPNI without consent. Under the statute, a telecommunications carrier that receives or obtains CPNI “shall only use, disclose, or permit access to individually identifiable CPNI in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.” The law defines CPNI as “information that relates to the quantity, technical configuration, type, destination, location and amount of use a telecommunications service subscribed to by any customer of a telecommunications carrier.”
CTIA argued that there is nothing in the statute or FCC rules that “suggests customer information stripped of individually identifiable characteristics and identities is subject to the same limitations as information possessing such characteristics,” the filing said. “De-identified CPNI, put simply, is not 'individually identifiable’ CPNI under Section 222(c)(1), and it is not the type of sensitive, personal data for which Congress intended the protections of that section to apply. Rather, if customer information is not individually identifiable and is not aggregate, it falls into a separate category: non-individually identifiable CPNI, or de-identified CPNI.”
CTIA said Section 222(c)(3) of the act “demonstrates that Congress did not have privacy concerns regarding customer information that is not individually identifiable.”
The section says “a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information”--language that CTIA said “further underscores there exists a separate category of CPNI, non-individually identifiable CPNI.”
The Public Knowledge petition “incorrectly claims that all CPNI falls into one of two categories--aggregate or individually identifiable information,” CTIA said. “To the contrary, a category of customer information exists that is neither 'individually identifiable’ CPNI nor 'aggregate customer information,’ and such information is not the type of personal, sensitive information that must be protected under Section 222(c)(1).”
CTIA warned the FCC that if it “attempts to paint with too broad a CPNI brush,” it risks interfering with the current multi-stakeholder approach to privacy. Industry groups have been working for years to develop voluntary, multi-stakeholder privacy guidelines in coordination with the White House and National Telecommunications and Information Administration. The effort thus far has been limited to discussions regarding privacy protections for mobile applications and facial recognition technologies.
FCC Chairman Tom Wheeler told Bloomberg BNA the issue was “vexing” during the commission's December open meeting and he has avoided endorsing any specific agency action. Wheeler was previously the president of CTIA from 1992 to 2004.
“I think privacy is a serious issue,” Wheeler said. “I think privacy will be an issue that will be increasingly discussed. This agency has had a role in telecommunications service privacy in the past and as we move to information services it is a legitimate question to ask is there is authority and if so what should be the policy,” he said.
To contact the reporter on this story: Bryce Baschuk in Washington at email@example.com
To contact the editor responsible for this story: Heather Rothman at firstname.lastname@example.org
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)