[Congressional Record Volume 145, Number 153 (Wednesday, November 3, 1999)]
[Senate]
[Pages S13801-S13802]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. EDWARDS:
  S. 1850. A bill to amend section 222 of the Communications Act of 
1934 to modify the requirements relating to the use and disclosure of 
customer proprietary network information, and for other purposes; to 
the Committee on Commerce, Science, and Transportation.


                   telephone call privacy act of 1999

  Mr. EDWARDS. Mr. President, I rise to talk about privacy and about 
how we can regain some control over our personal information. Privacy 
is an increasing concern for all Americans. And the public rightly 
believes that their control over some of their most personal 
information is being slowly but surely eroded.
  Today I introduce legislation that would help end that erosion. The 
``Telephone Call Privacy Act of 1999,'' would prevent 
telecommunications companies from using an individual's personal phone 
call records without their consent, in order to sell that individual 
products or services.
  Most Americans would be stunned to learn that the law does not 
protect them from having their phone records sold to third parties. 
Imagine getting a call one night--during dinner--and having a 
telemarketer try to sell you membership in a travel club because your 
phone calling patterns show frequent calls overseas. My legislation 
would prevent this from occurring without the individual's permission.
  Mr. President, no one denies that the rapid development of modern 
technology has been beneficial. New and improved technologies have 
enabled us to obtain information more quickly and easily than ever 
before. Students can participate in classes that are being taught in 
other states, or even other countries. Current events can be broadcast 
around the world as they happen. And companies have streamlined their 
processes for providing goods and services.
  But these remarkable developments can have a startling downside. They 
have made it easier to track personal information such as medical and 
financial records, and buying habits. And in turn, our ability to keep 
our personal information private is being eroded. I have to say there 
are times when it feels like companies know more about me than I know 
myself.
  The list of ways our privacy is being eroded is growing longer and 
longer. And sadly telephone call privacy got added to the list this 
August when the 10th Circuit struck down FCC regulations aimed at 
protecting privacy and implementing congressional intent.
  The decision was the result of a suit filed by U.S. West against the 
FCC arguing that its regulations restrict the ability of carriers to 
engage in commercial speech with customers. In August, the Tenth 
Circuit issued its decision in the case and agreed with U.S. West. The 
court stated that ``privacy is not an absolute good because it imposes 
real costs on society.''
  I believe the court was terribly wrong. Individuals have a reasonable 
expectation that their calling habits are not being shared with third 
parties without their knowledge or permission. And when I weigh the 
right of people to control who has access to their personal information 
against the ability of companies to use only one of many marketing 
methods, there is no question that the right of people to privacy is 
overriding. Surely people have a right to control some of their most 
private information. And surely they have the right to prevent 
harassing and unwanted solicitations. I for one cannot believe that 
expanding the variety of marketing techniques at a company's disposal 
is more important than a person's privacy right.
  Mr. President, let me describe how my legislation would address the 
problem. Current law defines information about who we call, how often, 
and how long we talk to them as ``customer proprietary network 
information,'' or ``CPNI.'' It is possible for telephone companies to 
track an individual's CPNI and use it to market various products and 
services to that person.
  My legislation requires that consumers be notified about potential 
disclosures of their private calling information and allows them to 
have some measure of control over how their information can be used. 
Specifically, my bill would do two things.
  First, if a telecommunications carrier wishes to use CPNI in order to 
market its own products or services to them, it must provide each 
customer with a clear and conspicuous notice stating the type of 
calling information that may be used and the purpose for which it will 
be used. The customer may contact the carrier to deny permission to use 
their information within 15 days of the notice. If the customer does 
not contact the carrier in that time, the carrier can use the 
customer's CPNI to market its products and services to that customer. 
In other words, customers are provided with a limited opportunity to 
``opt-out'' of the sharing of their information under these 
circumstances.
  The second part of my bill addresses situations where a carrier 
wishes to share a customer's CPNI with a third party, such as a 
telemarketer. In these situations, in addition to providing the 
customer with notice, the carrier must also receive prior written 
approval from the customer. My bill clearly spells out that customers 
must affirmatively ``opt-in'' before a carrier can sell calling 
information to any third party.
  The ``Telephone Call Privacy Act'' also allows for some reasonable 
and common sense exceptions. If a telecommunications carrier uses a 
customer's CPNI to provide the customer with the very services the 
carrier used to obtain the calling information, or if law enforcement 
or the courts require CPNI for certain reasons, the carrier does not 
need to provide the customer with notice and the opportunity to opt-out 
or opt-in.
  Mr. President, consumers are very worried about how their personal 
information is being used. In 1994, a Harris Survey assessed Americans' 
views about privacy. It found that eighty-two percent of people 
surveyed are concerned about threats to their personal

[[Page S13802]]

privacy. And more specifically, more than half the people surveyed also 
stated they would be concerned if an interactive service engaged in 
``subscriber profiling'' or using an individual's purchasing patterns 
to determine what types of goods and services to market to them. The 
survey also showed that people are less concerned about subscriber 
profiling if they are provided with notice that a profile would be 
created and how it would be used, and also if they are given access to 
the information in the profile.
  Something must be done to empower consumers to prevent their private 
calling information from being used without their consent. The 
Telephone Call Privacy Act is an important step towards this goal. I 
believe the principles set forth in my legislation are a reasonable way 
to protect privacy and do not unduly burden the ability of businesses 
to market their products and services.
  As Justice Brandeis said in his famous dissent in Olmstead v. U.S., 
``the right to be let alone [is] the most comprehensive of rights and 
the right most valued by civilized men.'' The government must not only 
refrain from violating this right, but it must also ensure its 
preservation. I believe the Telephone Call Privacy Act is a sensible 
means to achieving this goal. I ask unanimous consent that the bill be 
printed in the Record.
  There being no objection, the bill was ordered to be printed in the 
Record, as follows:

                                S. 1850

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Telephone Call Privacy Act 
     of 1999''.

     SEC. 2. MODIFICATION OF REQUIREMENTS RELATING TO USE AND 
                   DISCLOSURE OF CUSTOMER PROPRIETARY NETWORK 
                   INFORMATION.

       (a) Modification of Requirements.--
       (1) In general.--Paragraph (1) of section 222(c) of the 
     Communications Act of 1934 (47 U.S.C. 222(c)) is amended to 
     read as follows:
       ``(1) Privacy requirements for telecommunications 
     carriers.--
       ``(A) In general.--Except as provided in subparagraph (B) 
     or as required by law, a telecommunications carrier that 
     receives or obtains customer proprietary network information 
     by virtue of its provision of a telecommunications service 
     may use, disclose, or permit access to customer proprietary 
     network information that identifies a customer as follows:
       ``(i) In the provision of--

       ``(I) the telecommunications service from which such 
     information is derived; and
       ``(II) services necessary to, or used in, the provision of 
     such telecommunications service, including the publishing of 
     directories.

       ``(ii) In the case of the use of such information by the 
     telecommunications carrier for the provision of another of 
     its products or services to the customer, only if the 
     telecommunications carrier--

       ``(I) provides the customer a clear and conspicuous notice 
     meeting the requirements set forth in subparagraph (C);
       ``(II) permits the customer to review such information for 
     accuracy, and to correct and supplement such information; and
       ``(III) does not receive from the customer within 15 days 
     after the date of the notice under subclause (I) notice 
     disapproving the use of such information for the provision of 
     such product or service to the customer as specified in the 
     notice under such subclause.

       ``(iii) In the case of the use, disclosure, or access of or 
     to such information by another party, only if the 
     telecommunications carrier that originally receives or 
     obtains such information--

       ``(I) meets the requirements set forth in subclauses (I) 
     and (II) of clause (ii) with respect to such information; and
       ``(II) receives from the customer written notice approving 
     the use, disclosure, or access of or to such information for 
     the provision of the product or service to the customer as 
     specified in the notice under subclause (I) of this clause.

       ``(B) Customer disapproval.--Notwithstanding the previous 
     approval of the use, disclosure, or access of or to 
     information for a purpose under clause (ii) or (iii) of 
     subparagraph (A), upon receipt from a customer of written 
     notice of the customer's disapproval of the use, disclosure, 
     or access of or to information for such purpose, a 
     telecommunications carrier shall terminate the use, 
     disclosure, or access of or to such information for such 
     purpose.
       ``(C) Notice elements.--Each notice under clause (ii) or 
     (iii) of subparagraph (A) shall include the following:
       ``(i) The types information that may be used, disclosed, or 
     accessed.
       ``(ii) The specific types of businesses or individuals that 
     may use or access the information or to which the information 
     may be disclosed.
       ``(iii) The specific product or service for which the 
     information may be used, disclosed, or accessed.''.
       (2) Conforming amendments.--Paragraph (3) of such section 
     is amended by striking ``paragraph (1)'' both places it 
     appears and inserting ``paragraph (1)(A)(i)''.
       (b) Judicial and Law Enforcement Purposes.--Such section is 
     further amended by adding at the end the following:
       ``(4) Judicial and law enforcement purposes.--
       ``(A) In general.--A person that receives or obtains 
     consumer proprietary network information may disclose such 
     information--
       ``(i) pursuant to the standards and procedures established 
     in the Federal Rules of Civil Procedure or comparable rules 
     of other courts or administrative agencies, in connection 
     with litigation or proceedings to which an individual who is 
     the subject of the information is a party and in which the 
     individual has placed the use, disclosure, or access to such 
     information at issue;
       ``(ii) to a court, and to others ordered by the court, if 
     in response to a court order issued in accordance with 
     subparagraph (B); or
       ``(iii) to an investigative or law enforcement officer 
     pursuant to a warrant issued under the Federal Rules of 
     Criminal Procedure, an equivalent State warrant, or a grand 
     jury subpoena, or a court order issued in accordance with 
     subparagraph (B).
       ``(B) Requirements for court orders.--
       ``(i) In general.--Except as provided in clause (ii), a 
     court order for the disclosure of customer proprietary 
     network information under subparagraph (A) may be issued by a 
     court of competent jurisdiction only upon written 
     application, upon oath or equivalent affirmation, by an 
     investigative or law enforcement officer demonstrating that 
     there is probable cause to believe that--

       ``(I) the information sought is relevant and material to an 
     ongoing criminal investigation; and
       ``(II) the law enforcement need for the information 
     outweighs the privacy interest of the individual to whom the 
     information pertains.

       ``(ii) Certain orders.--A court order may not be issued 
     under this paragraph upon application of an officer of a 
     State or local government if prohibited by the law of the 
     State concerned.''.
       (c) Effective Date.--The amendments made by this section 
     shall take effect 180 days after the date of the enactment of 
     this Act.

                          ____________________