Here is the actual law:
http://www.ecfr.gov/cgi-bin/text-idx?SID=e3e960806c00e1d3c9d0349925c64af9&node=sp47.3.64.u&rgn=div6
It doesn't specify encryption though it does have:
(a) Safeguarding CPNI. Telecommunications carriers must take reasonable
measures to discover and protect against attempts to gain unauthorized
access to CPNI. Telecommunications carriers must properly authenticate a
customer prior to disclosing CPNI based on customer-initiated telephone
contact, online account access, or an in-store visit.
It could be argued that plain text over the Internet (Telnet, non-HTTPS)
isn't reasonable.
I believe the companies that were fined had the customer data on a
publicly facing website with no or defective authentication.
Mark
On 3/19/15 2:15 PM, Chuck McCown wrote:
It is stored information. So primarily database files. I don’t think
email counts. They did say SSH qualifies.
*From:* That One Guy <mailto:[email protected]>
*Sent:* Thursday, March 19, 2015 12:11 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Consumer Blogs on "Net Neutrality"
If we use powercode, that database in encrypted as far as I know. What
bout email communication with a customer?
Is WISPA going to put out some clarification for us as far as what
exact requirements would be on our shoulders?
And this exemption, for tiny bastards like the company I work for,
will that carry over? I like exemptions to shit.
On Thu, Mar 19, 2015 at 12:56 PM, Chuck McCown <[email protected]
<mailto:[email protected]>> wrote:
I was at a seminar yesterday about this. FCC is proud of some huge
fines the put on one large company for not encrypting customer
info. It was negotiated down to a paltry $10m...
*From:* Mark Radabaugh <mailto:[email protected]>
*Sent:* Thursday, March 19, 2015 11:54 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Consumer Blogs on "Net Neutrality"
We get stuck with all of the CPNI requirements. No more helping
out the kid with his router - the account owner MUST be found!
And verify everything with the super secret password. Ok - so
I exaggerate, but this is going to make things more difficult.
I'm not sure what exactly the point of 'encrypt all customer data'
is given that the front end is still going to be a web interface
that happily decrypts every bit of data and displays it in plain
text. Never let logic get in the way of a bureaucrat implementing
a politicians talking points.
Mark
On 3/19/15 1:50 PM, Ken Hohhof wrote:
I thought the exemption was only for the enhanced transparency
requirements, not any of the rest of it.
*From:* Chuck McCown <mailto:[email protected]>
*Sent:* Thursday, March 19, 2015 12:47 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Consumer Blogs on "Net Neutrality"
I have read the whole thing FCC rule. We all get ROW access, we
can only do traffic shaping if we are doing it for technical
reasons and not discriminating (we can discriminate, but it has
to be all streaming or all browsing or all of one certain type
of traffic). And we must, must, must encrypt all customer info.
Not just keep it on an internal network, but any spreadsheet you
have with customer identifying information must be encrypted. I
am not seeing a big impact for WISPS. And you are all exempt
until December 15th too if you have less than 100,000 subscribers.
*From:* Jason McKemie <mailto:[email protected]>
*Sent:* Thursday, March 19, 2015 11:43 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* [AFMUG] Consumer Blogs on "Net Neutrality"
Engadget just posted this commentary:
http://www.engadget.com/2015/03/19/verizon-net-neutrality/
Not one sided at all, eh?
--
Mark Radabaugh
Amplex
[email protected] <mailto:[email protected]> 419.837.5015 x 1021
<tel:419.837.5015%20x%201021>
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the team.
--
Mark Radabaugh
Amplex
[email protected] 419.837.5015 x 1021
