2007 Vs. 2006: Prepare For More Net Enforcement

Telecom Policy Report, Jan 8, 2007

When it comes to questionable, nefarious and illicit activity on the Internet, the World Wide Web and the public switched telephone network (PSTN), events during the course of 2006 suggest that 2007 may well become the "year of enforcement."

From mere telemarketing annoyances to pretexting fraud to identity and transaction theft, through initiative or legislative mandate, consumer protection agencies and law-enforcement authorities on the state and federal levels in the United States are expected to step up campaigns against alleged online miscreants with the New Year. The international community also wants more action and is looking for greater cross-border cooperation on consumer awareness, prevention/detection measure, investigation techniques and consistent punishment.

For wireline and wireless telecom carriers, Internet access companies and other service providers, an accelerating enforcement trend implies not only the need for new and stronger internal safeguards (as well as new expense items) but, on the upside, the potential to explore and offer emerging services that upgrade and enhance personal and business security.

Pretexting Fallout

The year 2006 was marked by waves of news reports, high-profile examples and carrier lawsuits exposing pretext practices, network security breaches, damaging Web-site hacks, malicious software (malware) epidemics, telemarketing violations and scams as well as episodes of ID, credit-card and Social-Security- number thefts.

Many were shocked to learn that imposter subscribers are able to obtain, market and sell wireline and wireless telephone-call user data records, sometimes with ill intent and criminal consequences. The events culminated in the Hewlett-Packard scandal involving internal-inquiry pretexting behavior (including indictments), third-party pretexters taking the Fifth during testimony at hearings in a besieged U.S. Congress and the passage of identical House (H.R. 4709) and Senate (S.2178) versions of the anti-pretexting Telephone Records and Privacy Protection Act of 2006.

The approved legislation makes it a criminal offense to obtain any wireline or wireless calling records and other personal identification information without permission via pretexting fraud methods; it imposes a fine on individuals of as much as $250,000 and imprisonment of as long as 10 years for deceiving telcos and their employees into divulging the data. Companies convicted under the measure face fines of as much as $500,000.

The bill's progression also followed investigations and sting-like operations into pretexting by the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) to document the practice; the latter agency already is battling numerous unfair and deceptive business practices, including pretexting, about which consumers and political figures are increasingly complaining, and the codification presumable will strengthen its hand this year in tandem with court actions by the U.S. Department of Justice (DoJ) and attorneys general who also are looking for greater enforcement powers from state legislatures.

The FCC itself penalized third parties for non-cooperation with its inquiry and some telecom carriers for loose adherence to rules and regulations for protecting customer proprietary network information (CPNI). It is also looking at how to strengthen personal security and CPNI enforcement based on a petition from the Electronic Privacy Information Center, while some Washington, D.C., sources think a Democrat-controlled Congress in 2007's session may be more receptive than were Republican lawmakers to a CPNI-oriented bill making all U.S. carriers more directly accountable for consumer data security.

The industry in 2007 also can look for more enforcement from the FTC and the DoJ as a result of the additional early December 2006 passage of the ponderously titled Spyware, And Fraud Enforcement With Enforcers Beyond Borders (US SAFE WEB) Act of 2006. Specifically, the US SAFE WEB Act will improve the FTC's and the DoJ's ability to handle international-level consumer-protection legal actions plus an enhanced ability to combat spam, spyware, Internet fraud and deception.

The New Year could see new bilateral agreements between the United States and other countries on securing Web traffic and controlling illegal activities, in part motivated by speculation that criminal and terrorist operations can be connected. These actions also may be tied to such controversial telecom- surveillance programs as one conducted by the U.S. National Security Agency, regardless of lawsuits and preliminary judgments against it. There is also a great deal of diplomatic pressure on China to improve its investigative and punitive measures against online mischief.

Global Efforts

The European Commission (EC) and the United Nations-affiliated International Telecommunication Union (ITU) both have been advocating a global counter-attack against online threats that are increasingly drawing more time and resources of carriers, governments and end-user accounts to combat. Both bodies are drawing up action plans that will surface during 2007 to fight spam, malware and spyware on a technology level but also to take on the often- fraudulent and criminal purposes and their perpetrators.