jump to navigation

FCC To Propose Rules On Pretexting – Source January 5, 2007

Posted by notapundit in US News.
trackback

WASHINGTON (Dow Jones)–The Federal Communications Commission is set to force telephone companies to introduce a series of measures aimed at cracking down on criminals impersonating customers to access their phone records, a person familiar with the situation said Friday.

FCC Chairman Kevin Martin last week put a series of proposals to the other four agency commissioners that would, among other things, force carriers to require a password from customers before they could access their phone records, the person said.

Other measures would see phone companies have to get customers’ explicit permission before they could share their details with third-party telemarketers.

Carriers would also be forced to submit an annual declaration to the FCC that they were following the rules aimed at preventing the practice of impersonating an individual to gain his or her phone records, known as pretexting.

The proposals are likely to receive the backing of both Republican and Democrat commissioners at the agency, and could be passed as soon as the January public meeting in two weeks’ time, although the person said it might not come this soon.

Proposals from the chairman’s office are not made public until they are placed on the agenda for a public meeting.

The issue of pretexting garnered international headlines last year when it emerged that blue chip company Hewlett-Packard Co. (HPQ) was accessing the phone records of its board members to find out who was leaking confidential information to the media.

That scandal cost Chairman Patricia Dunn her job and damaged the company’s reputation.

Under the FCC proposals, phone companies would have to offer their customers the right to create a password to be used before they were allowed to access details of who they called and how long they spoke for.

Customers would be allowed to opt not to create a password, but authentification requirements would still be tightened up. Any customers using the Internet to access their accounts would always have to provide a password.

Phone companies are already required to make a declaration that they are compliant with rules regarding pretexting, but the rules state they can keep these on file in-house and not submit them to the FCC.

An FCC inquiry last year discovered that in fact many companies had not been carrying out the assessments. It was decided that action similar to that introduced by the controversial Sarbanes-Oxley Act to make senior executives more directly responsible for their companies’ actions was necessary.

Telecommunications companies would now have to provide evidence to the FCC that they were in compliance with the rules.

Currently, carriers must offer customers the right to opt out of having their details passed on to third-party telemarketing companies. But under the new rules, customers would be required to opt in to allowing this, a change that, according to one industry source, would be the costliest in commercial terms to phone carriers.

It has become commonplace for phone companies to farm out marketing to third parties as it is cheaper than doing it in-house. According to the source, given that the majority of people are unlikely to opt in to their details being passed on, phone companies would be left with no choice but to bring these functions back in-house.

The password proposal isn’t as stringent as some in the telecommunications industry had feared, said the source. Public interest and privacy groups have advocated the use of passwords before customers can access any part of their account. But given that it is mainly the call records that would-be criminals are after, the FCC has sided with the industry in deciding that passwords should only be required for these files.

There still will be some costs for phone companies related to retraining and upgrading systems for this measure, but had it been for all transactions with customers, these costs were potentially much greater.

For the first time as well, the rules regarding pretexting will be extended to phone service provided over the Internet. This rapidly growing market has only been in existence for a couple of years, and as such has been exempt for much of the rules affecting traditional phone companies.

The issue of pretexting has become a key issue for privacy groups such as the Electronic Privacy Information Center, or EPIC.

Lillie Coney of EPIC argues that, due to a lack of data protection laws in the U.S., it is relatively easy for people to impersonate customers, get access to their records and then reuse them for criminal or other purposes.

“People can gain access to all sorts of information, not just telecommunications records, but anything from library loan records, to video rentals to any number of other services you might have,” said Coney. There are laws regarding access to financial records, credit history and medical insurance, she said.

Groups like EPIC had been arguing that the FCC and other regulatory agencies need to take much more drastic action to protect individuals’ rights.

The FCC already has some authority in this area, but Martin believes the powers of the agency and the obligations of companies need to be tightened up.

An FCC official said that the issue was one that Martin feels strongly about and that he wants to enact reform. The official went on to say that some phone companies have taken steps in the right direction and that the proposals are aimed at ensuring there are common standards across the telecommunications industry.

By Corey Boles, Dow Jones Newswires

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: