As the Federal Communications Commission prepares new regulations to crack down on con artists who steal and sell cell phone data, Verizon and other telcos are pushing the agency not to go too far.

Verizon, XO Communications, and T-Mobile all filed with the FCC or visited its offices on the matter on Monday and Tuesday of this week.

The Dow Jones media service, citing anonymous sources, says that the FCC will soon vote on a series of new regulations that would make it harder for "pretexters" to fool phone companies into disclosing customer cell phone records. These would include requiring phone operators to ask for a password from customers who want such data, as well as stricter rules for sharing information with third party telemarketers.

The FCC has not scheduled the issue for its upcoming January 17th meeting, but is expected to act on the proposed rules soon.

In February of 2006, the FCC opened a new rulemaking proceeding on pretexting, requested by the Electronic Privacy Information Center (EPIC). The proceeding asked the public to comment on five security measures proposed by EPIC to protect customer phone data: passwords set by customers, better tracking of customer records, encryption of records, limits to how long companies can keep customer data, and letting customers know if the security of their records has been compromised.

Over 1,400 comments have been filed on this proceeding, many from telecommunications firms strongly opposed to most of EPIC's proposals. On January 9th, Charon Phillips of Verizon met with advisors to Republican Commissioners Deborah Taylor Tate and Robert M. McDowell. Phillips told the advisors that

• Verizon opposes establishing a consumer "opt-in consent requirement" before telcos can disclose customer data to third parties, "particularly given that there is no evidence in the record that disclosures made for marketing purposes are the source of information obtained by pretexters."
• The wireless giant favors the continued use of biographical data to verify the authenticity of customers who ask for their records. Some security experts say that biographical information doesn't protect consumers, because pretexters glean the data from other sources and then use it to illegally obtain cell phone records. But Verizon argues that "a prohibition against the use of biographic data for authentication purposes would make it impossible for carriers to avoid the use of passcodes, in effect making such passwords mandatory."

The telcos hate the passcode proposal the most. XO Communications has repeatedly filed with the FCC on this matter, arguing that an added password would burden the company with having to rewrite its database system.

In a January 9th FCC filing, however, XO reiterated a compromise position that it first offered in November of 2006: passwords or codes for residential customers only, "as the concerns raised regarding pretexting do not appear to have arisen in the business customer market segment."

T-Mobile's reps met with Deborah Taylor Tate's office on Monday the 8th.

"T-Mobile described how its customers establish passwords for on-line access," the company's public filing concluded, "and urged the Commission not to adopt rules that would require T-Mobile to police the content of passwords that its customers set."

That's probably a polite way of saying that T-Mobile opposes the establishment of what the telcos call "live customer care" passwords—passcodes that customers would have to verbally give T-Mobile operators in exchange for their phone records.