On Monday, the FCC took steps to combat pretexting with the release of a Report and Order that tightens current rules on the security of customer proprietary network information (CPNI). Pretexting is the practice by which third parties obtain unauthorized access to CPNI by fraudulent means, often for the purpose of selling or disclosing private customer data on the Internet. Late last year, legislation that makes it a criminal offense to engage in pretexting was adopted by both houses of Congress and signed into law by President Bush. Concluding that CPNI security procedures employed by carriers under current FCC rules are not sufficient to protect sensitive data, the agency is enacting new safeguards that (1) prohibit carriers from releasing customer phone records without a password provided by the customer, (2) require carriers to notify customers when passwords, addresses, online accounts, and other data are created or changed, (3) establish a process whereby law enforcement officials and customers are notified whenever CPNI security is breached, and (4) require carriers to obtain the explicit consent of customers before sharing CPNI with joint venture partners or independent contractors. The new regulations would apply to providers of interconnected voice-over- Internet protocol services as well as to landline telephony and wireless carriers. Explaining the agency’s rationale for adopting explicit consent or “opt-in” procedures, FCC Chairman Kevin Martin observed that the “opt-out” approach to customer consent used by many carriers has “shifted too much of the burden to consumers, and has resulted in a much broader dissemination of consumer phone records.” While supporting many of the FCC’s goals, carriers such as AT&T and Verizon voiced “strong concerns” about the new opt-in requirements. As USTelecom President Walter McCormick, Jr. criticized the FCC’s approach as “overly broad,” a Verizon spokesman warned that “parts of the FCC’s order may have the unintended consequence of undermining consumers’ ability to receive useful information about new products, services and savings.” Commissioner Michael Copps also took issue with provisions that require carriers to contact law enforcement officials before notifying customers of a CPNI security breach.