Carriers’ Child Porn Reports Don’t Break CPNI Rules

The FCC order aimed to address possible conflict between statutes. Communications Act Sec. 222 requires regulated carriers to protect the privacy of CPNI. But under federal law providers of an “electronic communication service or remote computing service” must report apparent child porn to NCMEC. NCMEC “in turn is required to forward that report to a law enforcement agency or agencies designated by the Attorney General,” the order said.

The ban on disclosing CPNI under the Act says it applies “except as required by law,” the FCC said. Other federal law requires the information be reported. “Therefore, a telecommunications carrier does not violate section 222 to the extent it is compelled… to disclose CPNI in making such a report,” the Commission said. Carriers face significant fines for failing to report child porn -- up to $50,000 the first time and up to $100,000 for later failures.

The FCC has sharpened its focus on CPNI disclosures since reports this year of online databrokers that selling CPNI data improperly obtained. In July, the Enforcement Bureau asked for more information from wireline and wireless carriers as it investigated (CD July 20 p7). The FCC hasn’t cited a carrier for substantial violations of its CPNI rules, but carriers have been fined for procedural violations.

Also in July, the FCC issued a $97,500 notice of apparent liability against data broker LocateCell for “willfully or repeatedly” violating agency rules by refusing to hand over data the FCC subpoenaed(CD July 14 p2).