Insisting that removing identification from phone data isn't enough, privacy organizations called on the Federal Communications Commission Wednesday to stop the government from raiding phone records.
The petition for a declaratory ruling that would enforce provisions of the 1996 Telecommunications Act was filed in Washington by a coalition of non-profit organizations and activists.
'Ask Customers' Permission'
Alarmed at a report in the New York Times that wireless giant AT&T is selling call logs to the CIA, the groups want the FCC to require that carriers, with limited exceptions, must have customers’ permission before they can share “customer proprietary network information,” or “CPNI," as specified in section 222 of the Telecommunications Act.
The groups are the Benton Foundation, Center for Digital Democracy, Center for Media Justice, UC-Berkeley Law Professor Chris Jay Hoofnagle, Common Cause, Consumer Action, Electronic Frontier Foundation, Electronic Privacy Information Center, Free Press, New America Foundation’s Open Technology Institute, and U.S. Public Interest Research Groups.
"The primary effect of Section 222 is to severely restrict what phone carriers can do with their customers’ private information," according to the petition. "Under Section 222, a carrier may not use, disclose, or permit access to a customer’s individually identifiable CPNI without that customer’s consent except to provide service or comply with the law."
The petition argues that “anonymized” or “de-identified” call records "still constitute individually identifiable CPNI under Section 222."
The Nov. 7 New York Times report, citing unnamed government officials, said the CIA was paying AT&T more than $10 million for assistance in overseas counterterrorism investigation with information about customers' international calls.
But Laura Moy, staff attorney for Public Knowledge, wrote on her organization's policy blog that AT&T isn't the only focus of concern.
"When we did a little more poking around, we found that all four major mobile carriers (AT&T, Sprint, T-Mobile, and Verizon) have privacy policies that indicate they believe it is okay to sell or share similar records to anyone," she said. "We don’t know whether or not they actually are selling CPNI, but the fact that they think they can is alarming."
AT&T spokesman Mark Siegel told us Thursday that any information provided to any government by the company is lawful.
'We Follow The Law'
"We have rejected government requests for customer information many times," he said in an email response to our inquiry. "Wherever we serve our customers, we maintain those customers’ data and information in compliance with the laws that apply in the country where that service is provided." He said it was routine to charge governments for providing information.
The FCC is required to accept public comment on the petition but the time period is not specified.
"It's critical that something be done soon," Moy told us in an interview Thursday. "We know that the records are being sold. Like the rest of us, the government is subject to the laws passed by Congress and to the Constitution."
The media office of the FCC did not respond to our request for comment in time for publication.