Home » Advocacy » Policy Topics » Privacy

Privacy  

CTIA Position:
CTIA-The Wireless Association® and the wireless industry maintain their highest regard for preserving the privacy of customer call records and other Customer Proprietary Network Information (CPNI), and take the matter of fraudulent obtaining and/or use of this information very seriously.

The theft of CPNI is unacceptable, and the current practice of impersonating customers, known as “pretexting,” is illegal. 

The 109th Congress passed HR 4709, and CTIA and its member companies support this legislation that focuses on these criminals and increases fines and penalties that could result in this illegal activity.

Congress has wisely targeted the illegal obtaining, sale, and purchasing of customers’ information, rather than imposing new rules that would inconvenience legitimate customers by making it harder for them to obtain information about their accounts.

Key Points:

• Wireless Carriers Have Extensive Security Measures in Place.  The wireless industry is committed to protecting the privacy of their most valuable assets—their customers—and wireless carriers have deployed a variety of practices to thwart the unauthorized access of CPNI.
  • Training. Carriers spend thousands of hours training their service representatives to be responsive to customers and to screen callers that might be trying to trick the carrier into disclosing call records.
  • Billing System Control Mechanisms. Wireless carriers require several tokens to verify a customer’s identity when they request information over the phone. Many carriers will send the call record details on a customer’s bill only to the customer’s address of record. Most billing systems have audit mechanisms to track every user who views an account. This tracking feature allows the carrier to research specific accounts that have been compromised as well as monitor service representatives who are viewing an unusually large number of accounts.
  • Protecting Internet Access to Account Data. Wireless carriers that provide on-line access to billing data require a password to access account data over the Internet. Many carriers provide the customer with a unique password by sending a text message to the customer’s wireless device or by e-mail or regular mail to the address where the customer’s bill is sent. (Of course, customers are then able to “reset” their password.)
  • Consumer Code for Wireless Service. Wireless carriers subscribing to CTIA’s Consumer Code for Wireless Service have adopted and published their privacy policies. Those policies explain the carrier’s information practices to consumers,  in accordance with applicable federal and state laws.
• Investigation and Prosecution are Key to Protecting Wireless Consumer Privacy.  Wireless carriers maintain security and fraud departments that are responsible for protecting customers’ privacy and which work with law enforcement to combat the theft of CPNI and other customer data. Through these investigations, the carriers are identifying the information brokers and the specific channels they have been using to access consumer’s call records.
• Carriers are Taking Legal Action. In the past year alone, Verizon Wireless, Cingular, Sprint-Nextel, and T-Mobile filed complaints and successfully obtained injunctions across the country to shut these data thieves down. In addition, both the FCC and the FTC have opened investigations regarding the sale of call records. And Congress took action in December, 2006 to stamp out this fraudulent activity by passing a law that makes the fraudulent acquisition or unauthorized disclose of phone records a federal crime.
• Consumers Can Take Action Too. The wireless industry encourages customers to utilize the protections provided by carriers, such as passwords on their accounts. It is best to use a password that others are not likely to know. Customers can call their carrier and verify whether access to their account can be “restricted.”