20.5k unique visitors in the last 3 days

Would You Allow Foreign Workers to See Your CDRs?

FCC Chair Jessica Rosenworcel wants to know who has visibility of usage data before deciding if a foreign-owned business can provide comms services to Americans.

The publication of new guidance from the Federal Communications Commission (FCC), the US regulator, provides more evidence of the growing Cold War mentality affecting the business of international communications.

Will any Non-U.S. Individual have access to one or more of the following…

…Physical facilities and/or equipment under the Applicant’s control?

…Customer records, including Customer Proprietary Network Information (CPNI), billing records, and Call Detail Records (CDRs)?

…Network control, monitoring, and/or auditing features?

…Electronic interfaces that allow control and/or monitoring of the infrastructure under the Applicant’s control including, but not limited to, access to actual communications content and data?

These are some of the new standard questions to be asked of any foreign investors that seek to obtain more than 25 percent ownership of a comms provider that services the US market. US law caps foreign ownership of telcos and broadcasters at 25 percent unless the FCC approves specific requests for a higher stake. In practice the FCC has allowed 100 percent foreign ownership of some businesses, though they oppose foreign ownership of broadcasters. The new standard questions reveal how insular US telcos can be, relative to telcos operating in most other countries.

For each Individual identified in response to these questions, provide the following information: name, countries of citizenship, date and place of birth, U.S. alien number and/or social security number (if applicable), passport identifying information (including number and country), all residence addresses, all business addresses, and all phone numbers.

Acting FCC Chair Jessica Rosenworcel (pictured) argued that these standard questions showed how well the modern FCC understands risk in the digital era.

…we have long had a framework in the Communications Act to assess foreign investment in our operators and licensees. This framework is smart and puts security interests front and center. But it merits an update for the digital age — and that is exactly what we do today.

This leads me to wonder if Rosenworcel and her fellow FCC Commissioners are just jaundiced politicians willing to say anything that furthers their careers, or if they really believe maintaining the future integrity of US communications networks will depend on checking lists of names of relatively lowly foreign employees.

It does not take much to imagine a telco that has offshored enough jobs to make compliance with this standard questionnaire futile. Do very senior people with responsibility for national security expect to vet every foreign employee who works in billing or customer care? Why would that matter for a telco that is 30 percent owned by a foreign investor but not for a telco which is 100 percent owned by Americans? Has anyone considered how little it would cost to bribe American citizens who do low-paid jobs with access to this kind of data, or that many of them are naturalized Americans that were born elsewhere? What is the purpose of knowing about passports and dates of birth of foreign employees at the time of a change in ownership unless there are also plans to review and potentially block every new recruit after that time? And what would count as a satisfactory answer to these questions if the hiring of foreign staff will only begin if the FCC approves foreign investment?

The likeliest explanation is that the FCC does not really expect foreign investors to comply with the requirement as actually stated, and would not know what to do with the information if they received it. In other words, this is a case of lawyers making rules for other lawyers that can only be understood by those lawyers with enough experience to know when to ignore the rules. More money will go into the pocket of lawyers, but it is not clear how much the rest of us will benefit from their work. Information gathering of this type will likely focus on key managers, with some deliberate vagueness about who should be considered key. However, senior management never look at detailed data like CDRs and probably would not be able to understand them, even if they knew where to find them.

Trying to evaluate the threat to US national security by asking the home address of everybody with visibility of CDRs is like trying to evaluate the threat of spyware being installed on handsets by knowing the names of every individual working in the Chinese factory that made them. The lawyers at the FCC have rightly recognized the potential security threats if an enemy nation obtained visibility or control of vital communications links. The problem is that they seem incapable of adapting to the granularity of control needed when overseeing networks that employ thousands of people serving millions of customers producing billions of records.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email