The FCC released a Report and Order
and Further Notice of Proposed Rulemaking, CC Doc. No. 96-115, WC
Doc. No. 04-36, FCC 07-22, on April 2, 2007, strengthening rules
that protect customer proprietary network information (CPNI), which
is conllected and held by providers of communications services.
Pursuant to 47 CFR Section 222, the FCC adopted rules focused on
efforts of communications service providers to prevent
"pretexting." The rules require providers to adopt additional
privacy safeguards to limit pretexters' ability to obtain
unauthorized access to personal customer information from carriers.
The rules also further the Telephone Records and Privacy Protection
Act of 2006, that helps to ensure that law enforcement will have
the tools necessary to investigate and enforce prohibitions on
illegal access to customer records.
On January 12, 2007,
President George W. Bush signed into law the Telephone Records and
Privacy Protection Act of 2006, which responded to the problem of
pretexting, or seeking to obtain unauthorized access to telephone
records, by making it a criminal offense subject to fines and
imprisonment. In particular, pretexting is the practice of
pretending to be a particular customer or other authorized person
in order to obtain access to that customers call detail or other
private communications records. The Telephone Records and Privacy
Protection Act of 2006 Act found that such unauthorized disclosure
of telephone records is a problem that not only assaults
individual privacy but, in some instances, may further acts of
domestic violence or stalking, compromise the personal safety of
law enforcement officers, their families, victims of crime,
witnesses, or confidential informants, and undermine the integrity
of law enforcement investigations. On April 2, 2007, the
Commission released an order that responded to the practice of
pretexting by strengthening its rules to protect the privacy of
customer proprietary network information (CPNI) that is collected
and held by providers of communications services. Section 222 of
the Communications Act (Act) requires telecommunications carriers
to take specific steps to ensure that CPNI is adequately protected
from unauthorized disclosure. Pursuant to section 222, the
Commission adopted new rules focused on the efforts of providers of
communications services to prevent pretexting. These rules require
providers of communications services to adopt additional privacy
safeguards that, the Commission believes, will sharply limit
pretexters ability to obtain unauthorized access to the type of
personal customer information from carriers that the Commission
regulates. In addition, in furtherance of the Telephone Records and
Privacy Protection Act of 2006, the Commissions rules help ensure
that law enforcement will have necessary tools to investigate and
enforce prohibitions on illegal access to customer records. In
light of the importance of this issue to the public interest, the
Commission seeks to implement these rules within an aggressive
amount of time. To this end, the Commission identified six months
after the CPNI Orders effective date as a sufficient period of
time for carriers and interconnected voice over Internet protocol
(VoIP) providers to implement the internal systems changes,
practices, and policies necessary to effectuate the new rules.
Implementation of the new anti-prexteting rules upon the expiration
of that period on December 8, 2007, is crucial, given the important
consumer and public safety considerations raised by pretexting that
demand near immediate action. The Commission cannot comply with the
normal clearance procedures set forth in 5 C.F.R. § 1320 because
the use of normal clearance procedures is likely to prevent the
timely implementation of these critical safeguards to protect
against the loss of CPNI through unlawful pretexting activity. OMB
emergency approval thus is vital to the timely implementation of
those consumer protections and law enforcement tools, consistent
with section 222 of the Act and the Telephone Records and Privacy
Protection Act of 2006. This request for emergency processing is
consistent with section 1320.13(a)(2)(i) of OMB regulations, 5
C.F.R. § 1320.13(a)(2)(i), which states that requests for emergency
processing shall be accompanied by a written determination that the
agency cannot reasonably comply with the normal clearance
procedures under this part because [p]ublic harm is reasonably
likely to result if normal clearance procedures are followed. To
reiterate, the Commission is requesting that OMB approve these
information collection requirements under the emergency
processing provisions of the PRA by December 7, 2007, pursuant to
5 C.F.R. § 1320.13(b).
US Code: 47 USC 151 Name of Law: null
US Code: 47 USC 154(i) and 154(j) Name of Law: null
US Code: 47 USC 222 Name of Law: null
US Code: 47 USC 303(r) Name of Law: null
The Commission attributes the
reduction in the total annual hourly burden to several factors. We
have re-evaluated the amount of time that it will take respondents
to perform these information collection and recordkeeping
requirements. We now believe that respondents have adopted
information technology, office automation techniques, and
standardized business practices and routines to increase their
efficiency in most areas of their businesses functions, including
collection and protection of CPNI, and as a result we also believe
that the respondents have adopted similar information technology,
office automation techniques, and standardized business practices
and routines to reduce their hourly burden requirements, in house
costs, and annual costs that are required to collect the
information.
$0
No
No
Uncollected
Uncollected
Uncollected
Uncollected
Adam Kirschenbaum
2024187280
No
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
0715_Emergency Justification Statement_102207 final.doc
0715 FRN_R&O and FNPRM FCC 07-22_060807.pdf
Telecommunications Carriers' Use of Customer Proprietary Network Information (CPNI) and Other Customer Information, CC Docket No. 96-115