Mr. Kevin Neyland
Deputy Administrator
Office of Information and Regulatory Affairs
Office of Management and Budget
Washington D.C. 20503
Dear Mr. Neyland:
The Federal Communications Commission (Commission) is requesting approval under the “emergency processing” provisions of the Paperwork Reduction Act (PRA) of 1995, 44 U.S.C. § 3507, for the revised information collection requirements contained in 3060-0715, “Telecommunications Carriers’ Use of Customer Proprietary Network Information (CPNI) and Other Customer Information, CC Docket No. 96-115.” Specifically, we request that OMB approve the information collection requirements by December 7, 2007, pursuant to 5 C.F.R. § 1320.13(b).
On January 12, 2007, President George W. Bush signed into law the “Telephone Records and Privacy Protection Act of 2006,” which responded to the problem of “pretexting,” or seeking to obtain unauthorized access to telephone records, by making it a criminal offense subject to fines and imprisonment.1 In particular, pretexting is the practice of pretending to be a particular customer or other authorized person in order to obtain access to that customer’s call detail or other private communications records. The Telephone Records and Privacy Protection Act of 2006 Act found that such unauthorized disclosure of telephone records is a problem that “not only assaults individual privacy but, in some instances, may further acts of domestic violence or stalking, compromise the personal safety of law enforcement officers, their families, victims of crime, witnesses, or confidential informants, and undermine the integrity of law enforcement investigations.”
On April 2, 2007, the Commission released the attached CPNI Order2 that responded to the practice of pretexting by strengthening its rules to protect the privacy of customer proprietary network information (CPNI) that is collected and held by providers of communications services. Section 222 of the Communications Act (Act) requires telecommunications carriers to take specific steps to ensure that CPNI is adequately protected from unauthorized disclosure. Pursuant to this section, the Commission adopted new rules focused on the efforts of providers of communications services to prevent pretexting. These rules require providers of communications services to adopt additional privacy safeguards that, the Commission believes, will sharply limit pretexters’ ability to obtain unauthorized access to the type of personal customer information from carriers that the Commission regulates. In addition, in furtherance of the Telephone Records and Privacy Protection Act of 2006, the Commission’s rules help ensure that law enforcement will have necessary tools to investigate and enforce prohibitions on illegal access to customer records.
In light of the importance of this issue to the public interest, the Commission seeks to implement these rules within an aggressive amount of time. To this end, the Commission identified six months after the CPNI Order’s effective date as a sufficient period of time for carriers and interconnected voice over Internet protocol (VoIP) providers to implement the internal systems changes, practices, and policies necessary to effectuate the new rules. Implementation of the new anti-pretexting rules upon the expiration of that period on December 8, 2007, is crucial, given the important consumer and public safety considerations raised by pretexting that demand near immediate action. The Commission cannot comply with the normal clearance procedures set forth in 5 C.F.R. § 1320 because the use of normal clearance procedures is likely to prevent the timely implementation of these critical safeguards to protect against the loss of CPNI through unlawful pretexting activity. OMB emergency approval thus is vital to the timely implementation of those consumer protections and law enforcement tools, consistent with section 222 of the Act and the Telephone Records and Privacy Protection Act of 2006. This request for emergency processing is consistent with section 1320.13(a)(2)(i) of OMB regulations, 5 C.F.R. § 1320.13(a)(2)(i), which states that requests for emergency processing shall be accompanied by a written determination that the agency cannot reasonably comply with the normal clearance procedures under this part because “[p]ublic harm is reasonably likely to result if normal clearance procedures are followed.”
If you need any additional information to complete the OMB approval of this request, please contact me immediately. I can be reached by telephone at (202) 418-0217 or by e-mail at [email protected].
Sincerely,
Leslie F. Smith
Performance Evaluation and Records Management
Enclosures
1 Pub. L. No. 109-476, 120 Stat. 3568 (2007) (codified at 18 U.S.C. § 1039).
2 Implementation of the Telecommunications Act of 1996: Telecommunications Carriers’ Use of Customer Proprietary Network Information and Other Customer Information; IP-Enabled Services, CC Docket No. 96-115; WC Docket No. 04-36, Report and Order and Further Notice of Proposed Rulemaking, 22 FCC Rcd 6927 (2007) (CPNI Order).
| File Type | application/msword |
| Author | Nicholas G. Alexander |
| Last Modified By | Leslie.Smith |
| File Modified | 2007-10-23 |
| File Created | 2007-10-22 |