Garvey Schubert Barer Legal Update, November 11, 2010.
The FCC’s Wireline Competition Bureau (“Wireline Bureau”) recently clarified that section 222 of the Communications Act of 1934, as amended (Communications Act), does not prevent a telecommunications carrier from complying with the obligation in 18 U.S.C. § 2258A to report violations of specific federal statutes relating to child pornography. See In the Matter of Implementation of the Telecommunications Act of 1996: Telecommunications Carriers’ Use of Customer Proprietary Network Information and Other Customer Information, CC Docket No. 96-115, DA No. 10-1956, Declaratory Ruling (2010) (Declaratory Ruling).
In 2006, the FCC issued a declaratory ruling that clarified the relationship between a telecommunications carrier’s duty to protect the privacy of customer proprietary network information (“CPNI”) under section 222 of the Communications Act and the statutory obligation set forth in 42 U.S.C. § 13032 to report violations of child pornography statutes to the CyberTipline operated by the National Center for Missing and Exploited Children (“NCMEC”). Specifically, 42 U.S.C. § 13032 required providers of an “electronic communication service or remote computing service” to report apparent violations of specific federal statutes involving child pornography to the NCMEC CyberTipline. Section 222(c)(1) of the Communications Act provides that, “[e]xcept as required by law,” all telecommunications carriers, including wireless carriers, have a duty to protect the privacy of CPNI.
In the CPNI Declaratory Ruling, the FCC interpreted the “[e]xcept as required by law” exception contained in section 222(c)(1) of the Communications Act as applying to any report a telecommunications carrier must make to NCMEC under 42 U.S.C. § 13032. The FCC therefore concluded that making such a report did not violate section 222 of the Communications Act. It further concluded that “this exception to section 222 only applies to the extent disclosure of CPNI is ‘required’ and therefore would not cover voluntary disclosures.” In 2008, the U.S. Congress enacted new reporting requirements for electronic communication service providers and remote computing service providers related to child pornography, codified in 18 U.S.C. § 2258A, that supersede the reporting obligations set forth in 42 U.S.C. § 13032 which was repealed.
The Bureau’s Declaratory Ruling confirms that the guidance the FCC provided in the CPNI Declaratory Ruling remains valid even though the U.S. Congress replaced the specific statutory provision at issue in that declaratory ruling with a new federal reporting statute related to child pornography. Consequently, to the extent a telecommunications carrier that is a provider of electronic communication services or remote computing services is compelled by 18 U.S.C. § 2258A to disclose CPNI in a report to the CyberTipline, that carrier would not be in violation of its privacy duties under section 222 of the Communications Act. This exception to section 222 applies only to the extent disclosure of CPNI is “required” and therefore would not cover voluntary disclosures.