Customer Proprietary Network Information

Over the past few years, the data collection and use practices of Internet Service Providers (“ISPs”) have largely flown under the radar while large internet platforms and the broader adtech industry have been under greater scrutiny. That respite may be coming to end following a staff report released last week by the FTC detailing the scope of ISPs’ data collection and use practices. The staff report was based on orders issued in 2019 under Section 6(b) of the FTC Act and puts ISPs and large platforms on similar footing, observing that “many ISPs in our study can be at least as privacy-intrusive as large advertising platforms.” In addition, the staff report finds that several ISP data practices could cause harm to consumers but does not go as far as calling any practices unfair or deceptive.

What the FTC will do with the staff report is less clear. The Commission voted unanimously to release the report, which does not make any specific policy recommendations. Members of the Commission, however, drew their own conclusions and articulated starkly different outlooks on the report’s implications. Chair Lina Khan and Commissioner Rebecca Kelly Slaughter declared that the FCC should play a leading role in overseeing ISPs’ data practices, citing the FCC’s industry expertise and legal authority. Commissioner Christine Wilson, however, stated that “oversight of ISPs for privacy and data security issues should remain at the FTC.” ISPs’ data practices – and the broader question of whether the FCC should reclassify broadband service back to a Title II telecommunications service and re-impose strict broadband privacy rules – are likely to be prominent issues as the Biden FCC takes shape in the months ahead.


Continue Reading FTC Staff Report Puts Spotlight Back on ISP Data Collection and Use Practices; FCC Re-Regulation Suggested

On September 30, 2021,  the Federal Communications Commission (“FCC”) adopted a Notice of Proposed Rulemaking (“NPRM”) proposing new requirements for mobile wireless carriers to protect consumers from two practices that nefarious actors use to take control of a subscriber’s cell phone service without gaining control of the subscriber’s device. With “SIM swap fraud” a bad actor fraudulently convinces a carrier to transfer wireless services from a cell phone associated with a subscriber’s subscriber identity module (“SIM”) to a cell phone associated with another SIM and controlled by the bad actor. “Port-out fraud” is the practice of arranging for a phone number to be transferred from a subscriber’s wireless carrier account to an account the bad actor has opened with another carrier. In both cases, the bad actor gains access to customer account information and can start sending and receiving calls and text messages using the victim’s account or phone number, including text messages customers receive for two-factor authentication.

The Commission’s consumer protection action arises from numerous complaints from consumers who have suffered harm as a result of these practices, and from concerns that consumers are vulnerable to these acts because wireless carriers have not implemented adequate protocols to verify that SIM swap and port-out fraud requests. To mitigate them, the agency suggests revisions to its Customer Proprietary Network Information (“CPNI”) and Local Number Portability (“LNP”) rules.


Continue Reading FCC Proposes Amending Privacy and Number Portability Rules to Stop Virtual Cell Phone Theft