◆ SpookStack

As reflected in prior Commission filings on CPNI issues, the Departments fully support the Commission’s goal of protecting the privacy and security of CPNI through rules prescribing the proper use and handling of that very sensitive information.® But while measures are needed to prevent improper access to this sensitive information, such nieasures should not work to limit properly authorized officials from lawfully accessing CPNI in order to solve and prevent crimes and to protect national security and public safety. In crafting any solution to the problems raised by the EPIC Petition, the ‘ Departments urge the Commission to reject imposing a mandate to destroy invaluable information used by the Departments in many of their most important investigations.’ Il. The Commission’s Rules Should Focus On Proper Security For All CPNI, Not On A Mandatory Destruction Requirement That Fails To Protect Some Records And Frustrates Lawful Access To Others. 8 See, e.g., Reply Comments of the United States Department of Justice and the Federal Bureau of Investigation, /n the Matter of Implementation of the Telecommunications Act of 1996; Telecommunications Carriers’ Use of Customer Proprietary Network Information and Other Customer Information, Third Further Notice of Proposed Rulemaking, CC Docket No. 96-115 at 4, n. 8 (filed Nov. 19, 2002), Comments of the Federal Bureau of Investigation, Jn the Matter of Implementation of the Telecommunications Act of 1996; Telecommunications Carriers’ Use of Customer Proprietary Network Information and Other Customer Information, Notice of Proposed Rulemaking, CC Docket No. 96-115 (filed Jul. 9, 1997), Comments of the Federal Bureau of Investigation, /n the Matter of 1998 Biennial Regulatory Review of international Common Carrier Regulations, Notice of Proposed Rulemaking, 1B Docket No. 98-118 (filed Aug. 13, 1998). ? EPIC’s alternative recommendation — record de-identification — is also an unworkable option with respect to law enforcement’s lawful access to such records. De- identification would separate the data that identify a particular caller or recipient (¢.g., name, address, numbers called, etc.) from the general transaction records. Because the data that identifies a particular caller or recipient is often the critical portion of the call record for investigatory purposes, an irreversible de-identification approach would undermine the usefulness of the information provided pursuant to legal access. Accordingly, mandating the de-identification of such records would be the equivalent of mandating their destruction for law enforcement investigatory purposes. A de- identification approach should therefore be rejected for the same reasons.