North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: InterCage, Inc. (NOT Atrivo)

  • From: Justin Shore
  • Date: Tue Sep 23 10:20:32 2008
[email protected] wrote:
On Mon, 22 Sep 2008 17:00:35 CDT, Justin Shore said:

There may not be a law preventing you from asking him for proof of legitimate customers, but there is a law preventing him from answering you. Google for CPNI and "red flag". 

Hmm... I'm not sure how "Yes, XYZ is a customer of mine" qualifies as
a "red flag" question for identity theft.  I'm also not sure how "XYZ is
a customer" qualifies as CPNI, which (according to the first few pages of
Google hits) comprises things like calling/billing records.

Nope. Doesn't seem like "xyz is a customer" qualifies there...

Hmm... "xyz is a customer" doesn't seem to run afoul of that either.

Feel free to enlighten me about what I missed here?

Given the unfortunate vagueness of the FCC on their directive, consultants have interpreted CPNI differently and have given their customers (SP and CS organizations) wildly varying instructions. However every interpretation that I've been privy to extends far beyond call records like many people believe CPNI is limited to. Our CPNI consultants instructed us to not even reveal that Company X is a customer (which is laughable given the size of the communities we serve, but I digress). They did however tell us that we can trust all phone numbers listed on an account both for instant information providing and for callbacks. Cox's interpretation is that only the primary number listed on the account is valid for callbacks and that the PIN is required regardless (something our consultants told us was only required if the caller couldn't be reached on a valid callback number). Everybody has different instructions to work with.

To answer the question the list is asking, the SP isn't simply stating that Company X is a customer of SP ABC. They are stating that Company X is a customer and that they believe Company X is a valid, not malicious customer in good standing. While that's not a call record that implies certain things about Company X's relationship with the SP. They essentially stating that they haven't received spam or other abuse complaints regarding the customer. They're implying that they are a customer in good standing. That could even be construed to imply that their account is in good standing. That's more than just saying that Company X is a customer of SP ABC. Our consultants advised us against saying anything of the sort. Think of it like HIPAA for SPs.

It's splitting hairs but that's the unfortunate situation that CPNI has put all of us in. Instead of a common sense response we get to deal with the knee-jerk response from the FCC thanks chiefly to the Patty Dunn scandal.

Justin