Tales of the Sausage Factory

CPNI Is More Than Just Consumer Privacy — How To Apply It To Digital Platforms.

This is the fourth blog post in a series on regulating digital platforms. A substantially similar version of this was published by my employer Public Knowledge. You can view the full series here. You can find the previous post in this series on Wetmachine here.

 

“Customer proprietary network information,” usually abbreviated as “CPNI,” refers to a very specific set of privacy regulations governing telecommunications providers (codified at 47 U.S.C. §222) and enforced by the Federal Communications Commission (FCC). But while CPNI provides some of the strongest consumer privacy protections in federal law, it also does much more than that. CPNI plays an important role in promoting competition for telecommunications services and for services that require access to the underlying telecommunications network — such as alarm services. To be clear, CPNI is neither a replacement for general privacy nor a substitute for competition policy. Rather, these rules prohibit telecommunications providers from taking advantage of their position as a two-sided platform. As explained below, CPNI prevents telecommunications carriers from using data that customers and competitors must disclose to the carrier for the system to work.

All of which brings us to our first concrete regulatory proposal for digital platforms. As I discuss below, the same concerns that prompted the FCC to invent CPNI rules in the 1980s and Congress to expand them in the 1990s apply to digital platforms today. First, because providers of potentially competing services must expose proprietary information to the platform for the service to work, platform operators can use their rivals’ proprietary information to offer competing services. If someone sells novelty toothbrushes through Amazon, Amazon can track if the product is selling well, and use that information to make its own competing toothbrushes.

 

Second, the platform operator can compromise consumer privacy without access to the content of the communication by harvesting all sorts of information about the communication and the customer generally. For example, If I’m a mobile phone platform or service, I can tell if you are calling your mother every day like a good child should, or if you are letting her sit all alone in the dark, and whether you are having a long conversation or just blowing her off with a 30-second call. Because while I know you are so busy up in college with all your important gaming and fraternity business, would it kill you to call the woman who carried you for nine months and nearly died giving birth to you? And no, a text does not count. What, you can’t actually take the time to call and have a real conversation? I can see by tracking your iPhone that you clearly have time to hang out at your fraternity with your friends and go see Teen Titans Go To The Movies five times this week, but you don’t have time to call your mother?

 

As you can see, both to protect consumer privacy and to promote competition and protect innovation, we should adopt a version of CPNI for digital platforms. And call your mother more often. I’m just saying.

Once again, before I dig into the substance, I warn readers that I do not intend to address either whether the regulation should apply exclusively to dominant platforms or what federal agency (if any) should enforce these regulations. Instead, in an utterly unheard of approach for Policyland, I want to delve into the substance of why we need real CPNI for digital platforms and what that would look like.

Read More »

Posted in Digital Platforms, Tales of the Sausage Factory | Also tagged , , , | Comments closed

Tales of the Sausage Factory

Broadband Privacy Can Prevent Discrimination, The Case of Cable One and FICO Scores.

The FCC has an ongoing proceeding to apply Section 222 (47 U.S.C. 222) to broadband. For those unfamiliar with the statute, Section 222 prohibits a provider of a “telecommunications service” from either disclosing information collected from a customer without a customer’s consent, or from using the information for something other than providing the telecom service. While most of us think this generally means advertising, it means a heck of a lot more than that — as illustrated by this tidbit from Cable One.

 

Read More »

Posted in Cable, Series of Tubes, Tales of the Sausage Factory | Also tagged , , , , | Comments closed

Tales of the Sausage Factory

Phone Industry To The Poor: “No Privacy For You!”

Back in June, the FCC released a major Order on the Lifeline program. Lifeline, for those not familiar with it by that name, is the federal program started in the Reagan era to make sure poor people could have basic phone service by providing them with a federal subsidy. Congress enshrined Lifeline (along with subsidy programs for rural areas) in 1996 as Section 254 of the Communications Act. While most of the item dealt with a proposal to expand Lifeline to broadband, a portion of the Order dealt with the traditional FCC Lifeline program.

As a result, the wireless industry trade association, CTIA, has asked the FCC to declare that poor people applying for Lifeline have no enforceable privacy protections when they provide things like their social security number, home address, full name, date of birth, and anything else an identity thief would need to make your life miserable. Meanwhile, US Telecom Association, the trade association for landline carriers, has actually sued the FCC for the right to behave utterly irresponsibly with any information poor people turn over about themselves — including the right to sell that information to 3rd parties.

 

Not that the wireless carriers would ever want to do anything like that, of course! As CTIA, USTA, and all their members constantly assure us, protecting customer privacy is a number one priority. Unless, of course, they’re running some secret experiments on tracking without notifying customers that accidentally expose customer information to third parties. Oh, and it might take longer than promised to actually let you opt out once you discover it. And in our lawsuit against the FCC’s Net Neutrality rules, they explicitly cite the inability to use customer information for marketing, the inability to sell this information to third parties, and the requirement to protect this information generally as one of the biggest burdens of classifying broadband as Title II. But other than that, there is no reason to think that CTIA’s members or USTA’s members would fail to respect and protect your privacy.

 

So how did the Lifeline Reform Order which most people assumed was all about expanding Lifeline to broadband became the vehicle for the phone industry to tell poor people they have no privacy protections when they apply for a federal aid program? I explain below . . .

Read More »

Posted in Life In The Sausage Factory, Series of Tubes, Tales of the Sausage Factory | Also tagged , , , , , | Comments closed
  • Connect With Us

    Follow Wetmachine on Twitter!

Username
Password

If you do not have an account: Register