Here are the new and additional rules: 53. Section 222: Protecting Consumer Privacy. Ensuring the privacy of customer information both directly protects consumers from harm and eliminates consumer concerns about using the Internet that could deter broadband deployment. Among other things, section 222 imposes a duty on every telecommunications carrier to take reasonable precautions to protect the confidentiality of its customers’ proprietary information.
We take this mandate seriously. For example, the Commission recently took enforcement action under section 222 (and section 201(b)) against two telecommunications companies that stored customers’ personal information, including social security numbers, on unprotected, unencrypted Internet servers publicly accessible using a basic Internet search. This unacceptably exposed these consumers to the risk of identity theft and other harms. From: Mark Radabaugh Sent: Thursday, March 19, 2015 12:42 PM To: [email protected] Subject: Re: [AFMUG] Consumer Blogs on "Net Neutrality" Here is the actual law: http://www.ecfr.gov/cgi-bin/text-idx?SID=e3e960806c00e1d3c9d0349925c64af9&node=sp47.3.64.u&rgn=div6 It doesn't specify encryption though it does have: (a) Safeguarding CPNI. Telecommunications carriers must take reasonable measures to discover and protect against attempts to gain unauthorized access to CPNI. Telecommunications carriers must properly authenticate a customer prior to disclosing CPNI based on customer-initiated telephone contact, online account access, or an in-store visit. It could be argued that plain text over the Internet (Telnet, non-HTTPS) isn't reasonable. I believe the companies that were fined had the customer data on a publicly facing website with no or defective authentication. Mark On 3/19/15 2:15 PM, Chuck McCown wrote: It is stored information. So primarily database files. I don’t think email counts. They did say SSH qualifies. From: That One Guy Sent: Thursday, March 19, 2015 12:11 PM To: [email protected] Subject: Re: [AFMUG] Consumer Blogs on "Net Neutrality" If we use powercode, that database in encrypted as far as I know. What bout email communication with a customer? Is WISPA going to put out some clarification for us as far as what exact requirements would be on our shoulders? And this exemption, for tiny bastards like the company I work for, will that carry over? I like exemptions to shit. On Thu, Mar 19, 2015 at 12:56 PM, Chuck McCown <[email protected]> wrote: I was at a seminar yesterday about this. FCC is proud of some huge fines the put on one large company for not encrypting customer info. It was negotiated down to a paltry $10m... From: Mark Radabaugh Sent: Thursday, March 19, 2015 11:54 AM To: [email protected] Subject: Re: [AFMUG] Consumer Blogs on "Net Neutrality" We get stuck with all of the CPNI requirements. No more helping out the kid with his router - the account owner MUST be found! And verify everything with the super secret password. Ok - so I exaggerate, but this is going to make things more difficult. I'm not sure what exactly the point of 'encrypt all customer data' is given that the front end is still going to be a web interface that happily decrypts every bit of data and displays it in plain text. Never let logic get in the way of a bureaucrat implementing a politicians talking points. Mark On 3/19/15 1:50 PM, Ken Hohhof wrote: I thought the exemption was only for the enhanced transparency requirements, not any of the rest of it. From: Chuck McCown Sent: Thursday, March 19, 2015 12:47 PM To: [email protected] Subject: Re: [AFMUG] Consumer Blogs on "Net Neutrality" I have read the whole thing FCC rule. We all get ROW access, we can only do traffic shaping if we are doing it for technical reasons and not discriminating (we can discriminate, but it has to be all streaming or all browsing or all of one certain type of traffic). And we must, must, must encrypt all customer info. Not just keep it on an internal network, but any spreadsheet you have with customer identifying information must be encrypted. I am not seeing a big impact for WISPS. And you are all exempt until December 15th too if you have less than 100,000 subscribers. From: Jason McKemie Sent: Thursday, March 19, 2015 11:43 AM To: [email protected] Subject: [AFMUG] Consumer Blogs on "Net Neutrality" Engadget just posted this commentary: http://www.engadget.com/2015/03/19/verizon-net-neutrality/ Not one sided at all, eh? -- Mark Radabaugh Amplex [email protected] 419.837.5015 x 1021 -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- Mark Radabaugh Amplex [email protected] 419.837.5015 x 1021
