Carriers Required to Safeguard Most Information Stored on Mobile Phones
The FCC approved a declaratory ruling Thursday requiring carriers to safeguard most of the customer proprietary network information (CPNI) on mobile phones. Republican Commissioner Ajit Pai had considered a dissent, but managed to work through differences with acting Chairwoman Mignon Clyburn and was able to vote for the order, with a concurrence. Commissioner Jessica Rosenworcel also voted to adopt the order, but by getting Pai onboard, Clyburn avoided a dissent during her first meeting as acting chair.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The declaratory order “makes clear that when mobile carriers use their control of customers’ devices to collect information about customers’ use of the network, including using preinstalled apps, and the carrier or its designee has access to or control over the information, carriers are required to protect that information in the same way they are required to protect CPNI on the network,” said an FCC news release (http://bit.ly/126Pqpk). “This sensitive information can include phone numbers that a customer has called and received calls from, the durations of calls, and the phone’s location at the beginning and end of each call.”
FCC General Counsel Sean Lev said after the FCC meeting a website visit on a mobile phone is the kind of non-telecom data not covered by the CPNI rules.
"Basically, the removal of section 201(b) liability for voluntary codes of conduct was important,” Pai told us. “The scope of liability under 222(c)(1), getting that language refined, was important. There were a few other line edits that we proposed that I'm grateful to the chairman and Commissioner Rosenworcel for adopting. Those largely allayed some of the concerns I had.” Pai had considered a dissent (CD June 21 p4).
"Dial a call, write an email, make a purchase, post an online update to a social network, read a news site, store your family photographs in the cloud, and you should assume that service providers, advertising networks, and companies specializing in analytics have access to your personal information,” Rosenworcel said. “Lots of it, and for a long time. Our digital footprints are hardly in sand. They are effectively in wet cement."
CTIA said it was pleased with the collaboration of commissioners on the order, though it still had to study the details.