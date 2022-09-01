Privacy
FCC Committee Approves Broader Adoption of Best Practices to Block Unwanted Texts
The committee wants wider use of opt-out from certain text messages.
WASHINGTON, September 1, 2022 – The Federal Communications Commission’s Consumer Advisory Committee on Tuesday unanimously approved a working group’s report that urges the agency to push for wider implementation of industry best practices for blocking illegal and unwanted text messages.
The report recommends wider adoption for short message service and multimedia message service texts of existing industry best practices, such as those articulated in 2019 by the Cellular Telecommunications Industry Association. CTIA’s guidelines direct dispensers of “non-consumer messaging” – e.g., businesses – to gain the individual’s consent with opt-in mechanisms, ensure the individual’s ability to opt out of messages, and implement “physical, administrative, and technical security controls” to protect databases containing sensitive information such as phone numbers.
The report identifies a dramatic spike in spam texts in recent years. In 2021, consumers lodged to the FCC and Federal Trade Commission three times as many complaints about bogus messages than in 2019. According to a recent Truecaller report, the monthly average of spam texts per user in 2022 is 19.5, up from 10.6 in 2019 and 6.3 in 2015.
The skyrocketing rate of spam texts is especially concerning because texting is a highly popular and trusted means of communication, the report says. According to the working group’s findings, Americans not only prefer texting over email and audio calling, but they are far more likely to open and respond to texts. The report estimates that “open rates” for texts could reach ninety-eight percent and “response rates” could reach forty-five percent.
FCC also targeting robocalls
In addition to the FCC’s efforts to combat scam texts, Chairwoman Jessica Rosenworcel’s commission is cracking down on scam phone calls.
The Truecaller report found that scam calls outnumber scam texts by a ratio of three to two, and that in the twelve months before its release last May, 68.4 million Americans lost money to scam callers – a loss of $39.5 billion ($577 per victim). These numbers have risen sharply year-over-year from 59.4 million victims and $29.8 billion in losses in 2021 ($502 per victim).
All told, the report said, thirty-three percent of the population reported falling victim to phone scams.
Privacy
Advocacy Groups Applaud FCC Releasing Mobile Data Collection Information
‘These letters show that…carrier geolocation data practices are all over the map.’
WASHINGTON, August 29, 2022 – Advocacy groups are coming out in support of the Federal Communications Commission’s decision to release to the public information about how the top mobile carriers store and distribute customer geolocation data.
On Thursday, FCC Chairwoman Jessica Rosenworcel publicly released pertinent letters that were submitted by America’s top 15 mobile telephone carriers in response to an FCC request issued last July. The group of respondents includes telecom giants AT&T, Comcast, Spectrum Mobile, T-Mobile, Verizon, and Google.
“The FCC has a responsibility to make sure that carrier privacy protection practices continue to evolve with the technology,” said Harold Feld, senior vice president at Public Knowledge, in a statement. “These letters show that…carrier geolocation data practices are all over the map.
“The FCC has said it will continue to investigate whether carrier practices have broken any laws,” Feld added, “but the FCC can and should do more.”
Justin Brookman, director of technology policy at Consumer Reports, said he believes that government oversight of mobile carriers is necessary: “People have no choice but to share very sensitive data like geolocation with mobile carriers just for those products to work. There should be substantive constraints on what they do with that information and for how long they keep it.”
Is your mobile carrier sharing your data with third parties?
In its response to the FCC, Google states: “Google Fi does not share data with third parties that are not law enforcement without subscriber consent, unless necessary to provide Google Fi services or required by law.” Google’s privacy policy, however, demonstrates a broad definition of “necessary to provide Google Fi services.”
The policy states that Google regularly shares customer data – including location data – with “trusted” third parties to improve its services. And although Google doesn’t provide an example of how location data is distributed, it provides other examples of third-party access to personal user information.
“We also use service providers to help review YouTube video content for public safety and analyze and listen to samples of saved user audio to help improve Google’s audio recognition technologies,” the policy says.
Most other responding carriers said they do not provide location data to third-party entities (excluding law enforcement) under any circumstances. AT&T, however, shares user information – including location data – with third-party advertisers on an opt-out basis. AT&T customers can also opt in to “Enhanced Relevant Advertising,” which sends more extensive data to third parties.
And neither is Verizon fully withholding customers’ information, it said. The carrier attested to using data “…to help [Verizon] and other companies wireless customer actions in aggregate.” Customers can, however, opt out of this data sharing initiative.
Carriers’ collection and storage of data
There are commonalities in carriers’ methods of collecting and storing data, according to an analysis of the letters. Most stressed their commitment to user privacy, detailing security measures including extensive employee training and data encryption. Many carriers’ responses also linked to publicly available privacy policies.
Carriers that operate on their own mobile networks collect geolocation data from cell towers. Such collection is necessary to route cell signals and perform basic cellular functions like calling and texting. Some carriers – including AT&T, Verizon, and Google – also collect geolocation data from proprietary apps or other software.
Mobile virtual network operators – e.g., Lively, Xfinity, Spectrum Mobile – do not have their own networks. MVNOs use the networks of partner providers. Comcast’s Xfinity, for instance, utilizes Verizon’s cell towers, as does Spectrum Mobile.
Unlike mobile network operators, the MVNOs said that they receive only non-specific location data that is necessary to their core operations. From the response of Red Pocket Mobile’s CEO, Joshua Gordon: “Such generalized data provides no insight into a customer’s precise geolocation, and is generally not considered to be “geolocation data” in the telecommunications industry.”
Once geolocation and non-specific location data are collected, they are generally stored for a period of one to two years, varying by carrier. Notably, AT&T said it retains certain non–location specific cell-tower data for a period of five years. Another outlier is Consumer Cellular, which, according to its response, stores data online for four months, and then transfers the data into an offline database in which they are stored indefinitely.
The letters come after the House Energy and Commerce committee last month passed federal privacy legislation, known as the American Data Privacy and Protection Act, which would establish a data privacy framework and enforcement mechanisms for it. Verizon applauded the legislation in its submission to the FCC.
Cybersecurity
Companies Should Adopt Default No Trust Position on Programs to Protect Against Cyberattacks
Panelists identified risks in employees freely accepting links without thinking about their associated risks.
WASHINGTON, August, 24, 2022 – Companies should assume that new programs installed on company systems pose a threat to their networks to ensure a vigilant position on hacking risks, according to an expert on cybersecurity, after the country faced a number of high-profile cyberattacks recently.
The zero trust approach in which the default position is one of distrust of new programs was touted by Osman Saleem, cybersecurity and privacy director of operational technology and internet of things at professional services firm PricewaterHouseCoopers in Canada, who was speaking as a panelist on a Fierce Telecom event on Monday.
The event heard that the vast majority of security breaches at companies were a result of human error, including clicking on links containing malicious software (malware) that can wreak havoc on and suspend company systems. Data, in the case of a ransomware attack, can be locked away until the company pays a monetary sum to get it back.
Fred Gordy, director of cybersecurity at smart building company Intelligent Buildings, said companies sometimes don’t even back-up their systems in the event of an attack and only end up doing so in response to an attack.
Gordy also encouraged the zero trust approach to company security by assuming all digital programs and software have malware.
Opportunities for better cybersecurity
Saleem proposed that cybersecurity documents be reviewed and revised regularly because the cyber landscape always changes. This, he said, can protect the digital infrastructure of the companies’ systems, operations and employees.
Meanwhile, Congress has been pressing the issue, following the high-profile cyberattacks on software company SolarWinds, financial services company Robinhood, meat producer JBS, and oil transport company Colonial Pipeline. President Joe Biden earlier this year signed, as part of a larger budget bill, the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which requires certain critical infrastructure companies to report cyberattacks to the federal government.
A House Oversight and Reform committee investigation concluded that certain hacks on companies were perpetrated through, in one example, an employee accepting a fake browser update. In the case of Colonial Pipeline and JBS, the use of many devices connected to the internet (IoT), the investigation found mass-produced factory password settings may have been the point of vulnerability.
Robocall
Public Knowledge Urges VoIP to Be Regulated Under Title II to Stop Robocalls
Title II would require VoIP services to be subject to stronger regulations already in place for telecommunication providers.
WASHINGTON, August 18, 2022 – Public Knowledge is asking the Federal Communications Commission to classify facilities-based voice over Internet protocol services under Title II of the 1934 Communications Act, which it said would help the commission tackle robocalls.
The non-profit public interest group last week amended a March petition to the agency narrowing the field of VoIP providers to be captured under its proposal to facilities-based interconnected VoIP services, which require a broadband connection for real-time voice communications on the public telephone network. That’s instead of a broader field including non-interconnected services, which allow voice communications through a device not connected to the phone network, like gaming consoles.
Title II specifies authority given to the FCC to regulate “common carriers” – utilities such as landline phones, telecommunication services, and electricity. Currently, VoIP services are not included in any specific classification. Instead, the FCC relies on rules based on its ancillary authority given under Title I of the Communications Act, which provides less regulatory authority to the commission.
If classified under Title II, VoIP providers would be beholden to service quality regulations, such as the prevention of ever-increasing robocalls, and to regulations ensuring affordable access to infrastructure for competitive carriers, Public Knowledge said in its petition.
The organization also said that new categorization would prevent a “crisis of legal authority” for the FCC, which already makes VoIP services subject to certain Title II regulations, such as contributions to the basic telecommunications program, the Universal Service Fund. Currently, Public Knowledge argues, regulations governing VoIP services are a collection of ad hoc rulings based on ancillary authority.
Lack of classification ‘threatens’ FCC ability to fulfill legislative mandate
Congress “deliberately used expansive terms” when defining telecommunications in the Telecommunications Act of 1996, which gave the FCC authority to regulate sectors within the communications industry, said the March petition. “At a minimum, Congress intended the FCC to regulate any service that behaves like a traditional telephone service – regardless of the underlying technology – as a telecommunications service,” read the petition.
Yet despite a lack of meaningful difference between VoIP and traditional telephone services, the FCC continues to treat VoIP services differently, said the petition. This “failure” of the FCC to classify VoIP under Title II allegedly frustrates the commission’s ability to effectively address robocalls and makes uncertain whether the commission preempted its authority to regulate VoIP services.
“The FCC’s failure to classify facilities-based interconnected VoIP threatens the ability of the FCC to fulfill the most basic responsibilities entrusted to it by Congress,” stated the petition.
The burden of Title II
In a blog post on the matter, communications law firm CommLaw group argued that Title II VoIP providers would likely be required to obtain FCC approval prior to transfers of assets and mergers and acquisitions, which it said would slow transaction speed considerably. Furthermore, it could open the door to “increased state regulatory oversight, requirements, and burdens,” it added.
Earlier this month, Democratic Senators introduced a bill that would give the FCC regulatory authority over broadband by classifying those services as Title II. It would allow the commission greater regulatory authority to make internet service providers respect principles of net neutrality, which prohibit providers from throttling traffic on their networks, participating in paid prioritization, or blocking of any lawful content. The bill, however, has been met with opposition.
Recent
- FCC Committee Approves Broader Adoption of Best Practices to Block Unwanted Texts
- FCC Commits Additional $800 Million From Rural Digital Opportunity Fund
- FCC Testing Wireless Alerts, 6 GHz Concerns, California Privacy Bill for Minors
- Federal Government Must Collect More Granular Data on Minorities to Aid in Initiatives
- New Diamond State Networks Touts Cooperative Model as Coverage Expands in Arkansas
- Libraries in Position to Help Promote Federal Programs, Improve Digital Literacy: Library Rep
Signup for Broadband Breakfast
Trending
-
Broadband Roundup3 months ago
Crypto Regulation Bill, Ziply Fiber Acquires EONI, AT&T Tests 5G via Drone
-
Broadband Roundup2 months ago
Broadband Prices Decline, AT&T’s Fiber Build in Texas, Conexon Partners for Build in Georgia
-
Fiber3 months ago
AT&T Says Gigabit Download Speed Demand Continues to Grow
-
Broadband Roundup2 months ago
TikTok Data Practices, FCC’s Mandate on Wireless Outages, AT&T First Responder Network
-
Broadband Roundup3 months ago
Global Tech Competition Bill, AT&T Hits 20 Gbps Symmetrical, Hargray Fiber in Georgia
-
Broadband Roundup2 months ago
FiberLight Buy, T-Mobile Shuts Down Older Networks, AT&T and Dish Lead US O-RAN Alliance
-
Broadband Roundup2 months ago
Broadcast Transparency Decision, AT&T McDonald’s Expansion, Brightspeed in Missouri
-
Cybersecurity2 months ago
Remote Work an Opportunity for Service Providers to Build Trust on Cybersecurity: Research Director