Cybertelecom
Cybertelecom
Federal Internet Law & Policy
An Educational Project

Customer Proprietary Network Information (CPNI)

Dont be a FOOL; The Law is Not DIY


CPNI originated as a Computer Inquiry safeguard of competition in the information services market. The safeguard acknowledged that telephone company (monopolies), upon which information services depended for telecommunications, possessed certain sensitive customer information that could be used for unfair commercial benefit. The knowledge of what telecommunications a customer might be consuming gave the telephone companies an opportunity to market new products to customers. If the telephone company knew that a customer was ordering DSL, but not getting internet service from the telephone company, the telephone company (frequently through the guy who showed up at the door of the customer with a truck in order to install the service) could market the telephone company's service over the independent ISPs. The FCC concluded that this was anticompetitive, and indicated that telephone companies could use information acquired from the sale of telephone service only for the purpose of marketing telephone service; the telephone company could not use that information to market non-regulated information services.

CPNI was codified by the Telecommunications Act of 1996, but as with many things, not exactly as it had been in the Computer Inquiries. CPNI became privacy regulation - not for the benefit of competitive services - but for the benefit of the customer. While this is important, it is also outside the scope of Cybertelecom and we don't track it closely any more. A good source of information on CPNI is EPIC.

CPNI rules have been applied to VoIP.

Customer Information / Privacy

47 CFR Part 64

Note This information is out of date A significant concern is the situation where non-affiliated ISPs order services from their telecommunications supplier BOC and, in the same act, provide sensitive proprietary customer information to their competitor BOC.  The Computer Inquiries recognized the problem that BOCs can use information gathered as a supplier to unfairly compete with ESP competitors.  Thus, the Commission created restrictions on the ability of the BOC to use that information. In Computer III, the Commission required BOCs and GTE

to (1) make CPNI available, upon customer request, to unaffiliated enhanced service vendors, on the same terms and conditions that are available to their own enhanced services personnel; (2) limit their enhanced services personnel from obtaining access to a customer's CPNI if the customer so requests; and (3) notify multi-line business customers annually of their CPNI rights.[1] 

In addition, the Commission prohibited BOCs and GTE from providing to its affiliated ESP "any customer proprietary information unless such information is available to any member of the public on the same terms and conditions." 47 C.F.R. § 64.702(d)(3).

In 1996, Congress passed the new Privacy of Customer Information provision, codified as Section 222 of the Communications Act.   47 U.S.C. § 222. Section 222 contains the restrictions on the use of customer information by all carriers, not just BOCs.   This includes Customer Proprietary Network Information and Carrier Information. 

The FCC concluded that Section 222 replaced "the Computer III CPNI framework in all material respects,"[2]  however, the Order where the FCC made that conclusion was vacated by a federal appeals court.[3]

Section 222 defines Customer Proprietary Network Information (CPNI) as

   (A) information that relates to the quantity, technical configuration, type, destination, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the customer-carrier relationship; and 
   (B) information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier.
Except that such term does not include subscriber list information. 

47 U.S.C. § 222(f)(1).

Subscriber list information (aka PII), essentially the information listed in a phone book, is defined as

Any information 
(A) identifying the listed names of subscribers of a carrier and such subscribers' telephone numbers, addresses, or primary advertising classifications (as such classification are assigned at the time of the establishment of such service), or any combination of such listed names, numbers, addresses, or classifications; and 
(B) that the carrier or an affiliate has published, caused to be published, or accepted for publication in any directory format. 

47 U.S.C. §  222(f)(3).   According to Section 222, 

Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories. 

47 U.S.C. § 222(c)(1).  In other words, information gathered in order to provide telecommunications service can be used only for the provision of that service.  A carrier could not use the information it has gathered from providing telephone service in order to market Internet services.[3]   The key exception is whether the carrier has the approval of the customer to use that information for other purposes.

It is important to understand that these rules only apply where information is derived from the provision of telecommunications services; it does not apply where the LEC is providing non-telecommunications services such as Internet services. 
Many ISPs are also Competitive Local Exchange Carriers (CLECs).  Another portion of Section 222 addresses customer information in the context of intercarrier relations.  It states

A telecommunications carrier that receives or obtains proprietary information from another carrier for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts.

47 U.S.C. § 222(b). In 1998, the Commission promulgated rules implementing Section 222 of the Communication Act. See 47 C.F.R. § 64.2005.  U.S. West filed an appeal concerning the FCC rules with the Tenth Circuit Court of Appeals, which vacated the FCC rules as violating the First Amendment. U S WEST, Inc. v. FCC, 182 F.3d 1224 (10th Cir. 1999), cert. denied, 120 S.Ct. 2215 (2000).

Where does this leave CPNI?  The FCC rules implementing Section 222 have been vacated; Section 222 has not been vacated and remains binding.  Furthermore, since the FCC's Section 222 rules were vacated, the previous FCC's Computer III CPNI rules remain in place.

[1] Joint Petition, ¶ 46.  See also Ameritech's CEI Plan, ¶ 41; GTE ONA, Bell Atlantic's CEI Plan;ONA Review, ¶ 25, 398-447.

[2] In re Implementation of the Telecommunications Act of 1996; Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information; CC Docket No. 96-115, CC Docket No. 96-149, Second Report And Order And Further Notice Of Proposed Rulemaking,   180 (February 19, 1998) (hereinafter CPNI)

[3] US West v. FCC, Docket 98-9518, 182 F.3d 1224 (10th Cir. Aug 18, 1999), cert. denied sub. nom Competition Policy Institute v. U.S. West, Docket 99-1427, 120 S. Ct. 2215  (S.Ct. June 2000).

[3] See CPNI, supra note 2; In re Implementation of the Telecommunications Act of 1996 Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information; CC Docket No. 96-115, CC Docket No. 96-149, Order on Recon and Petitions for Forbearance,   46-47 (September 3, 1999) (hereinafter CPNI Recon) (concluding that the provision of Internet services is not necessary to the provision of telecommunications service).

[4]See CPNI Recon, supra note 3, ¶  159; In re Implementation of the Telecommunications Act of 1996: Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information, CC Docket No. 96-115, Order ¶ 1 (CCB May 21, 1998).

See also EPIC's CPNI Overview

Law

Broadband Privacy CPNI NPRM 2016

Stay of Data Security Rules

CPNI Proceeding History:

Directory Listings Online

Computer Inquiries

Legislation

Legal Actions Based on CPNI and Sec. 222

Qwest and CPNI

Links

News