Broadband services company XO Communications has urged the Federal Communications Commission not to adopt guidelines for telcos suggested by a reform group in order to combat pretexting.

"In particular XO urged the Commission not to adopt a rule that would require carriers to implement customer-set passwords," representatives of the firm told the FCC in a meeting held on October 18th.

In February of this year, the FCC opened a new public comment cycle on what to do about pretexting—con artists fooling phone companies into disclosing customer records, then selling the data on the Internet and elsewhere.

A Federal Communications Commission official told Congress today that FCC Chair Kevin Martin will ask the five member agency to consider new phone record privacy rules soon.

Testifying before a subcommittee of the House Commerce Committee, Kris Ann Montief, Chief of the FCC's Enforcement Bureau, said that Martin will "bring an order before the full Commission for its consideration this Fall" to combat "pretexting," a practice in which con-artists fool phone companies into disclosing customer calling records, then sell them over the Internet or elsewhere.

In February of this year, the FCC opened a new rulemaking proceeding on pretexting, requested by the Electronic Privacy Information Center (EPIC). The proceeding asked the public to comment on five security measures proposed by EPIC to protect customer phone data: passwords set by customers, better tracking of customer records, encryption of records, limits to how long companies can keep customer data, and letting customers know if the security of their records has been compromised.

Homeland Security, FBI, and DOJ visit FCC, outline concerns about pretexting reform

Five members of the Federal Communications Commission received a visit on Tuesday, September 19th from seven Federal law enforcement representatives, who "reiterated and elaborated on arguments made in their previous filings" on the FCC's ongoing proceeding on pretexting rules, according to their publicly filed ex parte notice.

Those "previous filings" may refer to Department of Justice/Homeland Security comments in opposition to proposed rules to protect consumers from "pretexters"—con artists who trick phone services into disclosing customer data, then sell it on the Web and elsewhere.

The FCC today ruled that privacy language in the Communications Act does not stop phone companies from reporting customer data to the government if that information involves the possible sale or distribution of child pornography.

The decision comes following an inquiry filed earlier this year by Ernie Allen, President and CEO of the National Center for Missing and Exploited Children (NCMEC). On March 15th, Allen asked the FCC to issue a Declaratory Ruling clarifying if wireless carriers were subject to Section 222 of the Act's confidentiality rules regarding customer data. NCMEC runs a CyberTipLine program that allows citizens to report child pornographers to the government.

Citing a lack of cooperation, the FCC yesterday proposed fining the Locatecell company $97,500 for failing to provide information about how it got the private consumer telephone records that its Web site offered for sale.

On January 20th, 2006, the FCC issued a subpoena to Locatecell and another data broker, DataFind.org, demanding documentation of its practices. Ten days later the Commission warned AT&T and Allitel that they may not have been in compliance with protocols necessary to guard the personal records of their customers, therefore liable for penalties.

Locatecell, which was based in Missouri, is no longer in business. The states Attorney General Jay Nixon shut the company down with a court order eleven days after the FCCs subppoena. Selling or leaking "Customer Proprietary Network Information" (CPNI) is against the law, specifically against Section 222 of the Communications Act.

The District of Columbia Appeals Court today upheld a Federal Communications Commission ruling that ISPs and VOiP providers must make their systems accessible to the police by May 17, 2007. The court rejected a petition for review by the American Council on Education, which argued that the Communications Assistance for Law Enforcement Act (CALEA) did not apply to broadband phone service and ISPs. ,

"The FCC offered a reasonable interpretation of CALEA," Justice David Sentelle wrote, with Janice Rogers Brown concurring.

The 2-1 decision rejected arguments that ISPs and VOiPs represent "information services"—by statute exempt from the law—rather than "telecommunications carriers." The majority agreed with the FCC claim that CALEAs language allows the agency to classify ISPs and VOiPs as telecommunications carriers if "the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service."

Federal law enforcement agencies and Verizon have filed statements with the Federal Communications Commission against proposed rules to protect consumers from "pretexters"—con artists who trick phone services into disclosing customer data, then sell it on the Web and elsewhere.

Homeland Security and the Department of Justice oppose proposals that would require phone companies to destroy older customer data and notify customers first of a security breach. Verizon lawyers call the suggested reforms "rigid" and "counterproductive" and want the FCC to work with the Federal Trade Commission instead.