Very nice, and of course there is no small business exemption I assume? On Friday, March 31, 2017, Mark Radabaugh <m...@amplex.net> wrote:
> Yeah, tough to read. > > Big issues I had with it: > > Creates 3 classes of information that you have to protect in different > ways - “PI” (proprietary information), “CPNI” (customer proprietary network > information), and "content of communications" > > Requires that you keep track of “opt-in” for certain things, and “opt-out” > for others, that you have records of the customers consent (or lack > thereof). > > "we define “customer” as (1) a current or former subscriber to a > telecommunications > service; or (2) an applicant for a telecommunications service.” - for > purposes of privacy you now have to protect customers who are not and may > never be actual customers. > > Defines CPNI (the most protected category) as: > > Broadband Service Plans > Geo-location > MAC Addresses and Other Device Identifiers > IP Addresses and Domain Name Information > Traffic Statistics > Port Information > Application Header > Application Usage > Application Payload > Customer Premises Equipment and Device Information > > > Keep in mind CPNI is the one the FCC has and will enforce severe penalties > for disclosing to anyone you have not absolutely positively identified as > the owner of the account. To me this means the kid calling in to get a > static IP address for his X-Box is now a landmine for your customer service > people. Same goes for discussing or sharing usage information. "Your > wife owns the account, not you so I can’t tell you your connection seems > slow because your son is downloading the new 475Tb XBox game. > > MAC Addresses? Does your system actually hide all of those from other > customers? Many WISP systems do, but not all network designs do so. > > "We find that broadband service plans meet the statutory > definition of CPNI in the broadband context because they relate to the > quantity, type, amount of use, > location, and technical configuration of a telecommunications service.123 We > agree with NTCA that > “information related to a customer’s broadband service plan can be viewed > as analogous to voice > telephony service plans,”124 which the Commission has long considered to > be CPNI in the voice > context.125 These plans detail subscription information, including the > type of service (e.g., fixed or > mobile; cable or fiber; prepaid or term contract), speed, pricing, and > capacity (e.g., data caps). > > > Does this putting up a yard sign without obtaining written permission from > the customer is now a potential violation of CPNI? Or taking it to the > ridiculous - maybe we need plain white vans so we don’t disclose who has > service by accident. > > Geo-location. Geo-location is information related to the physical or > geographical > location of a customer or the customer’s device(s), regardless of the > particular technological method used > to obtain this information. > > > How precise is the restriction on geolocation? Is this now a violation? > > 105:~ Mark$ traceroute 64.246.126.114 > traceroute to 64.246.126.114 (64.246.126.114), 64 hops max, 52 byte packets > 1 xe-2-0-0-23.corp-mxi0.amplex.net (172.16.64.254) 7.655 ms 1.063 ms > 1.003 ms > 2 ae1-11.corp-srx0.amplex.net (64.246.109.89) 1.230 ms 1.182 ms > 1.048 ms > 3 ae0-11.hq-mx0.amplex.net (64.246.109.25) 1.361 ms 1.579 ms 1.097 ms > 4 ge-0-0-0-0.luckey-gw.amplex.net (64.246.96.220) 51.210 ms 38.380 > ms 39.950 ms > > seems I live in Luckey, Ohio. > > Lots more stuff like this that isn’t well defined or thought out. > > Now we get into “PI”: > > We have analyzed descriptions of PII in the record, our prior orders,233 > NIST,234 the FTC,235 the Administration’s proposed CPBR,236 and other > federal and state statutes and regulations.237 We find that examples of > PII include, but are not limited to: name; Social Security number; date of > birth; mother’s maiden name; government-issued identifiers (e.g., driver’s > license number); physical address; email address or other online contact > information;238 phone numbers; MAC addresses or other unique device > identifiers; IP addresses; and persistent online or unique advertising > identifiers. Several of these data elements may also be CPNI > > lots more stuff like this, but I’m tired of reading it. > > > Mark > > On Mar 31, 2017, at 2:52 PM, Adam Moffett <dmmoff...@gmail.com > <javascript:_e(%7B%7D,'cvml','dmmoff...@gmail.com');>> wrote: > > I started reading the overturned order...19 pages in I realized there were > 200 pages to go and I don't have time for it. > > The privacy protections stated in the existing US Code section 222 ( > https://www.law.cornell.edu/uscode/text/47/222) seem clear and sufficient > to me. What additional protections would the overturned FCC order have > provided consumers. What additional burdens would it impose on ISP's? > > > ------ Original Message ------ > From: "Mark Radabaugh" <m...@amplex.net > <javascript:_e(%7B%7D,'cvml','m...@amplex.net');>> > To: af@afmug.com <javascript:_e(%7B%7D,'cvml','af@afmug.com');> > Sent: 3/31/2017 2:21:37 PM > Subject: Re: [AFMUG] ISP Privacy Pledge > > This is the order that was overturned by Congress, and will go away if the > President signs the CRA: https://apps.fcc.gov/ > edocs_public/attachmatch/FCC-16-148A1.pdf > > There are many more issues with this rule than the press is making noise > about. The rules would impose significant cost and liability on small > providers. > > WISPA signed onto a stay request with the FCC asking the agency to put > implementation of the rules on hold while the issues with the new rule were > address. In supporting the stay request WISPA signed onto the letter from > many other groups and stated that we would be requesting our members to > support the below “Privacy Principals” while the stay was in effect. The > ‘stay’ request was granted by the FCC. > > WISPA was not the driving force behind the “Congressional Review Act” that > Congress used to overturn the rules this week. I’m surprised that it > passed. I’m sure there was some serious lobbying from the large providers > behind it’s passage. > > The rules that Congress overturned were not the only rules that applied to > Privacy from the FCC and, as others have pointed out, had never taken > effect. As ISP’s we are still under common carrier regulation and Section > 222 “Privacy of Customer Information” applies. > https://www.law.cornell.edu/uscode/text/47/222 > > These are the principals we are asking our members to follow: > > > ISP Privacy Principles > > ISPs understand the trust our customers place in us, and we are committed > to protecting our customers’ privacy and safeguarding their information. > For 20 years, we have implemented policies and practices that are > consistent with the FTC’s widely respected and effective privacy framework > and other federal and state privacy laws. This framework helped drive the > success of today’s Internet ecosystem by balancing consumer protection with > the flexibility necessary to innovate. We understand the importance of > maintaining our customers’ trust. That is why we will continue to provide > consumer privacy protections, while at the same time meeting consumers’ > expectations for innovative new product solutions to enhance their online > experiences. Regardless of the legal status of the FCC’s broadband privacy > rules, we remain committed to protecting our customers’ privacy and > safeguarding their information because we value their trust. As > policymakers evaluate the issues, we will maintain consumer protections > that include the following: > Transparency. ISPs will continue to provide their broadband customers > with a clear, comprehensible, accurate, and continuously available privacy > notice that describes the customer information we collect, how we will use > that information, and when we will share that information with third > parties. > > Consumer Choice. ISPs will continue to give broadband customers > easy-to-understand privacy choices based on the sensitivity of their > personal data and how it will be used or disclosed, consistent with the > FTC’s privacy framework. In particular, ISPs will continue to: (i) follow > the FTC’s guidance regarding opt-in consent for the use and sharing of > sensitive information as defined by the FTC; (ii) offer an opt-out choice > to use non-sensitive customer information for personalized third-party > marketing; and (iii) rely on implied consent to use customer information in > activities like service fulfillment and support, fraud prevention, market > research, product development, network management and security, compliance > with law, and first-party marketing. This is the same flexible choice > approach used across the Internet ecosystem and is very familiar to > consumers. > > Data Security. ISPs will continue to take reasonable measures to protect > customer information we collect from unauthorized use, disclosure, or > access. Consistent with the FTC’s framework, precedent, and guidance, these > measures will take into account the nature and scope of the ISP’s > activities, the sensitivity of the data, the size of the ISP, and technical > feasibility. > > Data Breach Notifications. ISPs will continue to notify consumers of data > breaches as appropriate, including complying with all applicable state data > breach laws, which contain robust requirements to notify affected > customers, regulators, law enforcement, and others, without unreasonable > delay, when an unauthorized person acquires the customers’ sensitive > personal information as defined in these laws. > > These principles are consistent with the FTC’s privacy framework, which > has proved to be a successful privacy regime for many years and which > continues to apply to non-ISPs, including social media networks, > operating systems, search engines, browsers, and other edge providers that > collect and use the same online data as ISPs. That framework has protected > consumers’ privacy while fostering unprecedented investment and innovation. > The principles are also consistent with the FCC’s May 2015 Enforcement > Advisory, which applied to ISPs for almost two years while the FCC’s > broadband privacy rules were being considered. > > The above principles, as well as ISPs’ continued compliance with various > federal and state privacy laws, will protect consumers’ privacy, while also > encouraging continued investment, innovation, and competition in the > Internet ecosystem. > > > Mark Radabaugh > WISPA FCC Committee Chair > fcc_ch...@wispa.org <javascript:_e(%7B%7D,'cvml','fcc_ch...@wispa.org');> > 419-261-5996 > > On Mar 31, 2017, at 11:50 AM, Mathew Howard <mhoward...@gmail.com > <javascript:_e(%7B%7D,'cvml','mhoward...@gmail.com');>> wrote: > > Somebody posted the link to the WISPA filing on this in the other thread > here... there is more going on here than the stuff about selling > information that's stuck all over the news. > Maybe it is a big corporate handout, in some ways, but as far as I can > tell, it's good for the likes of us in every way. We've already had several > customers worried that we're going to sell there information, and being > able to tell them that we have no intention of ever doing so is a good > selling point to those people... sure, the main reason that we aren't going > to sell that info may be because we don't have it, and we're too small for > anybody to want it even if we did, but that's beside the point. > > As far as I know, it hadn't ever actually taken effect anyway, so despite > what you'd think from what's on the news, nothing is actually changing from > how it always has been. > > On Thu, Mar 30, 2017 at 8:48 PM, Jason McKemie < > j.mcke...@veloxinetbroadband.com > <javascript:_e(%7B%7D,'cvml','j.mcke...@veloxinetbroadband.com');>> wrote: > >> This is a big corporate handout, no need to get conspiracy theories >> involved. >> >> On Thu, Mar 30, 2017 at 8:47 PM, Rory Conaway <r...@triadwireless.net >> <javascript:_e(%7B%7D,'cvml','r...@triadwireless.net');>> wrote: >> >>> One other thing that I’m sure the Republicans considered when supporting >>> this bill. They know Google has been supplying and manipulating data and >>> search engines for the Democrats for years. Hell, they started a company >>> specifically to do just that. I think the Republicans are looking at >>> having access to that data as being important. >>> >>> >>> >>> Rory >>> >>> >>> >>> >>> >>> *From:* Af [mailto:af-boun...@afmug.com >>> <javascript:_e(%7B%7D,'cvml','af-boun...@afmug.com');>] *On Behalf Of *Peter >>> Kranz >>> *Sent:* Thursday, March 30, 2017 5:10 PM >>> *To:* af@afmug.com <javascript:_e(%7B%7D,'cvml','af@afmug.com');> >>> *Subject:* Re: [AFMUG] ISP Privacy Pledge >>> >>> >>> >>> It’s true, and it is the core business case of many other social network >>> companies, but people can choose not to use google.. How do they choose not >>> to use the only ISP in their market? >>> >>> >>> >>> >>> *Peter Kranz *www.UnwiredLtd.com <http://www.unwiredltd.com/> >>> Desk: 510-868-1614 x100 <(510)%20868-1614> >>> Mobile: 510-207-0000 <(510)%20207-0000> >>> pkr...@unwiredltd.com >>> <javascript:_e(%7B%7D,'cvml','pkr...@unwiredltd.com');> >>> >>> >>> >>> *From:* Af [mailto:af-boun...@afmug.com >>> <javascript:_e(%7B%7D,'cvml','af-boun...@afmug.com');>] *On Behalf Of *Rory >>> Conaway >>> *Sent:* Thursday, March 30, 2017 5:02 PM >>> *To:* af@afmug.com <javascript:_e(%7B%7D,'cvml','af@afmug.com');> >>> *Subject:* Re: [AFMUG] ISP Privacy Pledge >>> >>> >>> >>> I heard a comment today that I had not thought about. Apparently Google >>> has been selling this data for years. The ISPs wanted to have the same >>> rights. Of course, prohibiting Google from selling this information never >>> crossed their minds. >>> >>> >>> >>> Rory >>> >>> >>> >>> *From:* Af [mailto:af-boun...@afmug.com >>> <javascript:_e(%7B%7D,'cvml','af-boun...@afmug.com');>] *On Behalf Of *Peter >>> Kranz >>> *Sent:* Thursday, March 30, 2017 3:30 PM >>> *To:* af@afmug.com <javascript:_e(%7B%7D,'cvml','af@afmug.com');> >>> *Subject:* [AFMUG] ISP Privacy Pledge >>> >>> >>> >>> While the FCC’s proposed “Protecting the Privacy of Customers of >>> Broadband and Other Telecommunication Services” rule might not have been >>> perfect, and potentially difficult to implement for small ISPs and WISPS, I >>> think the basic concept was sound. I created a simple non-legally binding >>> pledge that small ISPs and WISPS can sign up that I feel will demonstrate >>> one of the clear differentiators between us and larger ISPs who seek to >>> commodify every aspect of their customer’s usage. >>> >>> >>> >>> Check it out at http://privacypledge.us/ >>> >>> >>> >>> I’m open to comments or revisions, as my goal is not to own this, but to >>> try to get some visibility for our industry and its unique respect for the >>> end user. >>> >>> >>> >>> >>> *Peter Kranz *www.UnwiredLtd.com <http://www.unwiredltd.com/> >>> Desk: 510-868-1614 x100 <(510)%20868-1614> >>> Mobile: 510-207-0000 <(510)%20207-0000> >>> pkr...@unwiredltd.com >>> <javascript:_e(%7B%7D,'cvml','pkr...@unwiredltd.com');> >>> >>> >>> >> >> > > >