FCC Rulemaking Proceeding on CPNI May Extend to Internet Protocol Services

February 14, 2006. The Federal Communications Commission (FCC) released the text [34 pages in PDF] of its Notice of Proposed Rulemaking (NPRM) that addresses the practice of pretexting to obtain consumers' confidential phone records. The FCC adopted and announced this NPRM on February 10, 2006. The NPRM, but not the FCC's February 10 release [PDF], discloses that the FCC may expand its regulation of phone number privacy to include regulation of internet protocol (IP) enabled service providers, including voice over internet protocol (VOIP) service providers, e-mail service providers, instant messaging services, online gaming, and web browsing. The scope of the underlying statute is limited to "telecommunications carriers".

See also, story titled "FCC Adopts NPRM Regarding Privacy of Consumer Phone Records" in TLJ Daily E-Mail Alert No. 1,308, February 13, 2006.

The NPRM summarizes the August 30, 2005 petition for rulemaking filed by the Electronic Privacy Information Center's (EPIC) and comments received regarding that petition. The NPRM seeks comments on the nature of the problem, and on the EPIC's proposals for amending 47 U.S.C. § 222, which limits the use and dissemination by telecommunications carriers of customer proprietary network information (CPNI).

The notice states that "data brokers advertise the availability of cell phone records, which include calls to and/or from a particular cell phone number, the duration of such calls, and may even include the physical location of the cell phone."

In addition, it states that "many data brokers also claim to provide calling records for landline and voice over Internet protocol, as well as nonpublished phone numbers."

However, Section 222 applies to "telecommunications carriers". Moreover, the NPRM states that it pertains to "telecommunications carriers".

The NPRM does not assert, declare, or tentatively declare that the FCC also has authority to promulgate rules governing to the practices of information services providers or IP enabled services providers.

However, there is a sentence in the body of the report which seeks comments on this subject: "Should any requirements the Commission adopts in the context of the present rulemaking extend to VoIP service providers or other IP-enabled service providers?"

Also, at the end of the report, in the disclosures required by the Regulatory Flexibility Act of 1980 regarding the NPRM's possible economic impact on small business entities, the NPRM elaborates. It states that "Our action pertains to VoIP services, which could be provided by entities that provide other services such as email, online gaming, web browsing, video conferencing, instant messaging, and other, similar IP-enabled services." (See, page 27, paragraph 77.)

The NPRM also states that "The Commission has sought comment on related issues in the wireline Internet broadband access services rulemaking and the IP-Enabled Services proceeding and may take official notice of comments filed in those dockets." (See, footnote 70, at page 12.)

Hence, persons interested in whether or not the FCC regulates the privacy related practices of information service providers, or IP enabled services providers, will need to review, and respond to, not only comments filed in the present proceeding, but also the thousands of comments previously filed, or to be filed in the future, in these other long running FCC proceedings.

The FCC's proceeding titled "In the Matter of IP-Enabled Services" is numbered WC Docket No. 04-36. As of February 15, 2006, the FCC's web site contained 1,181 filed comments in that proceeding.

The FCC has several rulemaking proceedings pertaining to wireline internet broadband access services. These include CC Docket Nos. 02-33, 01-337, 95-20, and 98-10, and WC Docket No. 04-242. For example, in CC Docket No. 02-33, 3,354 comments had been filed with the FCC, and published in the FCC web site, as of February 15, 2006.

See also, the FCC's web page titled "Search for Filed Comments". The text of most of these comments is not searchable.

The FCC's NPRM does not identify any specific comments in other proceedings of which it may take official notice in the present proceeding. Nor does the NPRM provide an explanation of why promulgating rules in one proceeding, based upon comments filed in other proceedings, is consistent with traditional notions of open and transparent government rulemaking, or the Administrative Procedure Act (APA), and particularly 5 U.S.C. § 553.

Nor does the FCC's NPRM discuss the legal basis upon which the FCC might rely to regulate the privacy practices of IP enabled services. 5 U.S.C. § 553(b)(2) requires an agency to "reference the legal authority under which the rule is proposed".

Section 222 is a possible legal authority, but by its terms is limited to "telecommunications services". The FCC's broad doctrine of Title I ancillary authority might be another possibility.

The EPIC's petition for rulemaking addressed "telecommunications carriers". It did not request that the FCC amend its rules to cover information services or IP enabled services.

Initial comments will be due within 30 days of publication of a notice in the Federal Register. Reply comments will be due within 60 days of such publication. This rulemaking is treated by the FCC as a permit but disclose proceeding, pursuant to the FCC ex parte communications rules, which are codified at 47 C.F.R. §§ 1.200 et seq.

This proceeding is titled "In the Matter of Implementation of the Telecommunications Act of 1996: Telecommunications Carriers’ Use of Customer Proprietary network Information and other Customer Information; Petition for Rulemaking to Enhance Security and Authentication Standards for Access to Customer Proprietary Network Information". This NPRM is FCC 06-10 in Docket No. 96-115 and RM-11277.