WASHINGTON -- Federal regulators working on rules to secure the calling records and other private information of telephone customers are running into resistance from phone companies and law enforcement agencies.
The rules, an effort by the Federal Communications Commission to combat "pretexting," may be voted on this month.
Pretexting is the practice of impersonating a phone customer to gain access to his phone records. President Bush signed a law last month criminalizing the practice and imposing penalties including up to 10 years in prison.
The issue gained prominence last year when executives of Hewlett-Packard Co. were charged with hiring private detectives who used the technique to investigate board members.
The new law gives police a weapon to punish perpetrators. But it leaves out any requirements for how phone companies should protect their customers' private data. Cell phone bills, for example, can reveal who a person has called and, in some cases, even the caller's location.
The FCC chairman, Kevin Martin, told reporters recently that the new rules will require that customers use a password to access their account information.
While that might protect calling data, telephone companies are wary. They fear a password requirement might upset customers.
AT&T Inc. spokesman Michael Balmoris said the company has to be careful to balance security against customers' wishes for easy access to their information.
The rules also are expected to require that phone companies get a customer's permission before they can release information that may be used for telemarketing.
Phone companies contend this requirement would violate their First Amendment right to communicate with customers -- a position that was backed by a federal court in 1999.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, called that court decision "probably one of the oddest First Amendment cases in many, many years." Since that case, he said courts have been more inclined to support privacy rules.
Phone companies say there is no evidence that information shared with business partners falls into the wrong hands, making the proposed requirement unnecessary.
The departments of Justice and Homeland Security have taken issue with two other possible provisions in the emerging rules, both of which have privacy advocates concerned.
The first would tell phone companies to destroy customer records as soon as the records no longer are needed for legitimate business purposes. The government wants the records preserved for possible use in criminal investigations.
Secondly, the two departments want phone companies to notify law enforcement officials first, before customers, when customers' private billing information has been disclosed improperly.
Deputy Attorney General Paul J. McNulty said immediately alerting customers in such cases may tip off investigative targets and lead them to destroy evidence, change their behavior, or slip away.