MacLeech
The one and only
Premium,MVM
join:2001-07-14
SoCal
| reply to BinaryXtreme
Re: This is a good example why Charter tech support is useless.
said by BinaryXtreme  :I have searched all over and cannot find this federal regulation. I'd like to see a link to the FCC regulation you're speaking of. So would at » www.fcc.gov/ This one?
»hraunfoss.fcc.gov/edocs_public/a···22A1.pdf |
|
BinaryXtreme
join:2004-04-20
Sparks, NV
 ·Charter Pipeline
edit:
June 6th, @12:55PM
| Yeah, 101 pages? I want to see the specific regulation. I don't doubt you if you say it. It sounds questionable at best yet I see no proof.
Found it, not a PIN, a pass word by the FCC regulations as quoted.
The new safeguards include:
· Carrier Authentication Requirements. Carriers are prohibited from releasing a
customer’s phone call records when a customer calls the carrier except when the customer
provides a password. If a customer does not provide a password, carriers may not release
the customer’s phone call records except by sending it to an address of record or by the
carrier calling the customer at the telephone of record. Carriers are required to provide
mandatory password protection for online account access. Carriers are permitted to
provide all CPNI, including customer phone call records, to customers based on in-store
contact with a valid photo ID.
· Notice to Customer of Account Changes. Carriers are required to notify the customer
immediately when the following are created or changed: (1) a password; (2) a back-up for
forgotten passwords; (3) an online account; or (4) the address of record.
· Notice of Unauthorized Disclosure of CPNI. A notification process is established for
both law enforcement and customers in the event of a CPNI breach.
· Joint Venture and Independent Contractor Use of CPNI. Consent rules are modified
to require carriers to obtain explicit consent from a customer before disclosing a
customer’s CPNI to a carrier’s joint venture partners or independent contractors for the
purposes of marketing communications-related services to that customer.
· Annual CPNI Certification. Certification rules are amended to require carriers to file
with the Commission an annual certification, including an explanation of any actions taken
against data brokers and a summary of all consumer complaints received in the previous
year regarding the unauthorized release of CPNI. |
|
MacLeech
The one and only
Premium,MVM
join:2001-07-14
SoCal
| Footnote 57 of that document:
A carrier could also use a Personal Identification Number (PIN) method to authenticate the customer. A PIN
authentication method could entail a carrier supplying the customer with a randomly-generated PIN, not based on
readily available biographical information, or account information, which the customer would then provide to the
carrier prior to establishing a password. Carriers could supply the PIN to the customer by a carrier-originated
voicemail or text message to the telephone number of record, or by sending it to an address of record so as to
reasonably ensure that it is delivered to the intended party. See, e.g., Letter from William F. Maher, Jr., Counsel for T-Mobile USA, Inc., Morrison & Foerster, to Marlene H. Dortch, Secretary, FCC, CC Docket No. 96-115 at 2 (filed
Nov. 20, 2006) (providing customers with a temporary password by sending it to the customer’s mobile phone
number). A carrier cannot authenticate a customer by sending the customer a PIN (or any other type of carrier
chosen method of authentication) to new contact information that the customer provides at the time of the
customer’s PIN (or other authentication) request. Carriers could also authenticate the customer by requesting that
the customer present a valid photo ID at a carrier’s retail location. A “valid photo ID” is a government-issued
personal identification with a photograph such as a current driver’s license, passport, or comparable ID. |
|
BinaryXtreme
join:2004-04-20
Sparks, NV | Thanks mac.I did see that too, but I still yet to see a law by the FCC for pins. A lot of coulds in there. |
|
MacLeech
The one and only
Premium,MVM
join:2001-07-14
SoCal
| said by BinaryXtreme :Thanks mac.I did see that too, but I still yet to see a law by the FCC for pins. A lot of coulds in there. Do you really think that all of these telcom companies would go through this trouble and expense without some regulation by the FCC.
This is all part of or extentions of the 1996 Telcom Act. |
|
BinaryXtreme
join:2004-04-20
Sparks, NV
·Charter Pipeline
| I'm not saying they wouldn't but, a problem we have with free media is that we can post anything at anytime and want people to believe it so I say, show me. Show me a specific 1996 Telcom Act that states this or it's a moot subject.
BTW: I'll make it easier »en.wikipedia.org/wiki/Telecommun···_of_1996 |
|
MacLeech
The one and only
Premium,MVM
join:2001-07-14
SoCal
edit:
June 7th, @11:52AM
| said by BinaryXtreme :I'm not saying they wouldn't but, a problem we have with free media is that we can post anything at anytime and want people to believe it so I say, show me. Show me a specific 1996 Telcom Act that states this or it's a moot subject. BTW: I'll make it easier » en.wikipedia.org/wiki/Telecommun···_of_1996 I'll make it even easier:
»ftp.fcc.gov/cgb/consumerfacts/ph···you.html
quote:
FCC
Consumer Facts
Information that Your Telephone Company Collects
Your local, long distance, and wireless telephone companies, as well as your Voice over Internet Provider (VoIP), collect information such as the numbers you call and when you call them, as well as the particular services you use, such as call forwarding or voice mail. These companies collect this customer information, also called Customer Proprietary Network Information (CPNI), so they can provide the services you have requested and send you bills for them.
Protecting Your Customer Information
Both Congress and the Federal Communications Commission (FCC) impose requirements on telephone companies and VoIP providers about how they can use this personal information and what they must do to protect it from disclosure. Both Congress and the FCC have strengthened their rules to combat a practice known as “pretexting,” or posing as the actual customer or a law enforcement official to obtain telephone calling records. In some cases, data brokers offer calling records for sale on the Internet. Congress has passed a law making it a crime punishable by fine or imprisonment of up to 10 years to obtain calling records from a telephone company or VoIP provider by: making false or fraudulent statements, providing fraudulent documents, or accessing customer records without prior authorization through the Internet or fraudulent computer-related activities. The law also prohibits the unauthorized sale or transfer of confidential phone records or the purchase or receipt of such information with knowledge that it was obtained fraudulently or without authorization.
Both a law passed by Congress and FCC rules impose a general duty on telephone companies and VoIP providers to protect the confidentiality of your customer information. Telephone companies and VoIP providers may use, disclose, or permit access to your customer information in these circumstances: (1) as required by law; (2) with your approval; and (3) in providing the service from which the customer information is derived.
Disclosing Your Customer Information At Your Request
The FCC prohibits your telephone company or VoIP provider from releasing your customer information to you when you call the company except when you provide a password. If you do not provide a password, your telephone company or VoIP provider may not release your customer information to you except by sending it to your address of record or calling you at your telephone number of record. Your telephone or VoIP company must provide password protection for your on-line account. If you come in person with valid identification to a company store or office, your company can provide you all your customer information. Your company must notify you immediately when it creates or changes a password, a back-up for a forgotten password, an on-line account, or an address of record. Finally, your company must disclose your customer information to any person you designate if you make your request in writing.
»a257.g.akamaitech.net/7/257/2422···0732.htm
quote:
SUMMARY: The Commission adopted rules to implement section 222 of the
Communications Act of 1934, as amended, which governs carriers' use and
disclosure of customer proprietary network information. In this
document, the Commission responds to the practice of ``pretexting'' by
strengthening its rules to protect the privacy of customer proprietary
network information (CPNI) that is collected and held by providers of
communications services.
»www.fcc.gov/eb/CPNI/
quote:
Pursuant to section 64.2011 of the Commission's rules (47 C.F.R. § 64.2011), a telecommunications carrier or interconnected VOIP provider that determines that a person, without authorization or exceeding authorization, has intentionally gained access to, used, or disclosed CPNI is required to electronically notify the United States Secret Service and the Federal Bureau of Investigation through a central reporting facility. That facility is available at »https://www.cpnireporting.gov
»www.cybertelecom.org/CI/cpni.htm
»epic.org/privacy/cpni/#overview
Actually it looks like the the 96 telcom act part was overturned... so it reverted to the 34 telcom act with some extra provisions added recently. I'm not quite sure though as there are so many different parts it reads like tax code... and I'm not a lawyer. |
|
BinaryXtreme
join:2004-04-20
Sparks, NV | Yeah, thanks for the post. You'd have to be one to understand half of that garble. I think most attorneys would be confused reading the FCC document. |
|
