******************************************************** NOTICE ******************************************************** This document was converted from WordPerfect to ASCII Text format. Content from the original version of the document such as headers, footers, footnotes, endnotes, graphics, and page numbers will not show up in this text version. All text attributes such as bold, italic, underlining, etc. from the original document will not show up in this text version. Features of the original document layout such as columns, tables, line and letter spacing, pagination, and margins will not be preserved in the text version. If you need the complete document, download the WordPerfect version or Adobe Acrobat version, if available. ***************************************************************** Before the Federal Communications Commission Washington, D.C. 20554 In the Matter of ) ) Implementation of the ) CC Docket No. 96-115 Telecommunications Act of 1996: ) ) Telecommunications Carriers' Use ) of Customer Proprietary Network ) Information and Other ) Customer Information ) ) ) Implementation of the Non-Accounting ) CC Docket No. 96-149 Safeguards of Sections 271 and 272 of the) Communications Act of 1934, as Amended) ) SECOND REPORT AND ORDER AND FURTHER NOTICE OF PROPOSED RULEMAKING Adopted: February 19, 1998 Released: February 26, 1998 Comment Date: March 30, 1998 Reply Comment Date: April 14, 1998 By the Commission: Commissioner Ness approving in part; dissenting in part and issuing a statement. TABLE OF CONTENTS Paragraph I. INTRODUCTION AND EXECUTIVE SUMMARY . . . . . . . . . . . . . 1 II. BACKGROUND . . . . . . . . . . . . . . . . . . . . . . . . . 6 III. COMMISSION AUTHORITY . . . . . . . . . . . . . . . . . . . . 11 A. Background . . . . . . . . . . . . . . . . . . . . . . . . . 11 B. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 14 IV. CARRIER'S RIGHT TO USE CPNI WITHOUT CUSTOMER APPROVAL. . . . 21 A. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 21 B. Scope of a Carrier's Right Pursuant to Section 222(c)(1)(A): the "Total Service Approach". . . . . . . . . . . . . . . . . . . . . . 27 1. Background. . . . . . . . . . . . . . . . . . . . 27 2. Discussion. . . . . . . . . . . . . . . . . . . . 31 a. Statutory Language, History, and Structure 32 b. Statutory Principles of Customer Control and Convenience . . . . . . . . . . . . . 53 C. Scope of Carrier's Right Pursuant to Section 222(c)(1)(B). . 68 1. Background. . . . . . . . . . . . . . . . . . . . 68 2. Discussion. . . . . . . . . . . . . . . . . . . . 70 D. Scope of Carrier's Right Pursuant to Section 222(d)(1) . . . 81 1. Background. . . . . . . . . . . . . . . . . . . . 81 2. Discussion. . . . . . . . . . . . . . . . . . . . 82 V. "APPROVAL" UNDER SECTION 222(c)(1) . . . . . . . . . . . . . 86 A. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 86 B. Express Versus Notice and Opt-Out. . . . . . . . . . . . . . 88 1. Background. . . . . . . . . . . . . . . . . . . . 88 2. Discussion. . . . . . . . . . . . . . . . . . . . 91 C. Written, Oral and/or Electronic Approval . . . . . . . . . 108 1. Background. . . . . . . . . . . . . . . . . . . 108 2. Discussion. . . . . . . . . . . . . . . . . . . 109 D. Duration, Frequency, and Scope of Approval . . . . . . . . 115 1. Background. . . . . . . . . . . . . . . . . . . 115 2. Discussion. . . . . . . . . . . . . . . . . . . 116 E. Verification of Approval . . . . . . . . . . . . . . . . . 119 1. Background. . . . . . . . . . . . . . . . . . . 119 2. Discussion. . . . . . . . . . . . . . . . . . . 120 F. Informed Approval Through Notification . . . . . . . . . . 124 1. Background. . . . . . . . . . . . . . . . . . . 124 2. Discussion. . . . . . . . . . . . . . . . . . . 127 G. Form and Content of Notification . . . . . . . . . . . . . 130 1. Background. . . . . . . . . . . . . . . . . . . 130 2. Discussion. . . . . . . . . . . . . . . . . . . 132 VI. AGGREGATE CUSTOMER INFORMATION . . . . . . . . . . . . . . .143 A. Overview . . . . . . . . . . . . . . . . . . . . . . . . . .143 B. Background . . . . . . . . . . . . . . . . . . . . . . . . .145 C. Discussion . . . . . . . . . . . . . . . . . . . . . . . . .149 VII. SECTION 222 AND OTHER ACT PROVISIONS . . . . . . . . . . . .154 A. Overview . . . . . . . . . . . . . . . . . . . . . . . . . .154 B. Section 222 and Section 272. . . . . . . . . . . . . . . . .155 1. Background. . . . . . . . . . . . . . . . . . . .155 2. Discussion. . . . . . . . . . . . . . . . . . . .158 C. Section 222 and Section 274. . . . . . . . . . . . . . . . .170 1. Background. . . . . . . . . . . . . . . . . . . .170 2. Discussion. . . . . . . . . . . . . . . . . . . .173 VIII. COMMISSION'S EXISTING CPNI REGULATIONS . . . . . . . . . . .174 A. Overview . . . . . . . . . . . . . . . . . . . . . . . . . .174 B. Computer III CPNI Framework. . . . . . . . . . . . . . . . .176 1. Background. . . . . . . . . . . . . . . . . . . .176 2. Discussion. . . . . . . . . . . . . . . . . . . .180 C. BOC Cellular CPNI Rule 22.903(f) and Computer II Rule 64.702(d)(3)185 1. Background. . . . . . . . . . . . . . . . . . . .185 2. Discussion. . . . . . . . . . . . . . . . . . . .188 D. Safeguards Under Section 222 . . . . . . . . . . . . . . . .190 1. Background. . . . . . . . . . . . . . . . . . . .190 2. Discussion. . . . . . . . . . . . . . . . . . . .193 IX. FURTHER NOTICE OF PROPOSED RULEMAKING. . . . . . . . . . . .203 A. Customer Right to Restrict Carrier Use of CPNI for Marketing Purposes . . . . . . . . . . . . . . . . . . . . . . . . . .204 B. Protections for Carrier Information and Enforcement Mechanisms206 C. Foreign Storage of, and Access to, Domestic CPNI . . . . . .208 X. PROCEDURAL ISSUES. . . . . . . . . . . . . . . . . . . . . .211 A. Second Report and Order. . . . . . . . . . . . . . . . . . .211 1. Final Regulatory Flexibility Analysis . . . . . .211 2. Paperwork Reduction Act Analysis. . . . . . . . .239 B. Further Notice of Proposed Rulemaking. . . . . . . . . . . .244 1. Ex Parte Presentations. . . . . . . . . . . . . .244 2. Initial Paperwork Reduction Act Analysis. . . . .245 3. Initial Regulatory Flexibility Act Analysis . . .246 4. Comment Filing Procedures . . . . . . . . . . . .253 XI. ORDERING CLAUSES . . . . . . . . . . . . . . . . . . . . . .257 APPENDIX A LIST OF PARTIES APPENDIX B FINAL RULES I. INTRODUCTION AND EXECUTIVE SUMMARY 1. In passing the Telecommunications Act of 1996 (1996 Act), Congress sought to establish a new "pro-competitive, deregulatory national policy framework" that would replace the statutory and regulatory limitations on competition within and between markets. Congress recognized, however, that the new competitive market forces and technology ushered in by the 1996 Act had the potential to threaten consumer privacy interests. Congress, therefore, enacted section 222 to prevent consumer privacy protections from being inadvertently swept away along with the prior limits on competition. Section 222 establishes a new statutory framework governing carrier use and disclosure of customer proprietary network information (CPNI) and other customer information obtained by carriers in their provision of telecommunications services. 2. Section 222 sets forth three categories of customer information to which different privacy protections and carrier obligations apply -- individually identifiable CPNI, aggregate customer information, and subscriber list information. CPNI includes information that is extremely personal to customers as well as commercially valuable to carriers, such as to whom, where and when a customer places a call, as well as the types of service offerings to which the customer subscribes and the extent the service is used. Aggregate customer and subscriber list information, unlike individually identifiable CPNI, involve customer information that is not private or sensitive, but like CPNI, is nevertheless valuable to competitors. Aggregate customer information is expressly defined as "collective data that relates to a group or category of services or customers, from which individual customer identities and characteristics have been removed." Subscriber list information, although consisting of individually identifiable information, is defined in terms of public, not private, information, including the "listed names, numbers, addresses, or classifications . . . that the carrier or an affiliate has published, caused to be published, or accepted for publication in any directory format." 3. In contrast to other provisions of the 1996 Act that seek primarily to "[open] all telecommunications markets to competition," and mandate competitive access to facilities and services, the CPNI regulations in section 222 are largely consumer protection provisions that establish restrictions on carrier use and disclosure of personal customer information. With section 222, Congress expressly directs a balance of "both competitive and consumer privacy interests with respect to CPNI." Congress' new balance, and privacy concern, are evidenced by the comprehensive statutory design, which expressly recognizes the duty of all carriers to protect customer information, and embodies the principle that customers must be able to control information they view as sensitive and personal from use, disclosure, and access by carriers. Where information is not sensitive, or where the customer so directs, the statute permits the free flow or dissemination of information beyond the existing customer-carrier relationship. Indeed, in the provisions governing use of aggregate customer and subscriber list information, sections 222(c)(3) and 222(e) respectively, where privacy of sensitive information is by definition not at stake, Congress expressly required carriers to provide such information to third parties on nondiscriminatory terms and conditions. Thus, although privacy and competitive concerns can be at odds, the balance struck by Congress aligns these interests for the benefit of the consumer. This is so because, where customer information is not sensitive, the customer's interest rests more in choosing service with respect to a variety of competitors, thus necessitating competitive access to the information, than in prohibiting the sharing of information. 4. In this Second Report and Order, we promulgate regulations to implement the statutory obligations of section 222. We also review our existing regulatory framework governing CPNI, and resolve CPNI issues raised in other proceedings that have been deferred to this proceeding, including obligations in connection with sections 272 and 274 of the 1996 Act. More specifically, for the reasons discussed herein, we modify our rules and procedures regarding CPNI and implement section 222 as follows: (a) We permit carriers to use CPNI, without customer approval, to market offerings that are related to, but limited by, the customer's existing service relationship with their carrier. (b) Before carriers may use CPNI to market service outside the customer's existing service relationship, we require that carriers obtain express customer approval. Such express approval may be written, oral, or electronic. In order to ensure that customers are informed of their statutory rights before granting approval, we further require carriers to provide a one-time notification of customers' CPNI rights prior to any solicitation for approval. (c) We eliminate the Computer III CPNI framework, as well as sections 22.903(f) and 64.702(d)(3) of our rules, in light of the comprehensive regulatory scheme Congress established in section 222. (d) We reconcile section 222 with sections 272 and 274, and interpret the latter two provisions to impose no additional CPNI requirements on the Bell Operating Companies (BOCs). 5. Finally, in a Further Notice of Proposed Rulemaking (Further Notice) we seek additional comment on three issues involving carrier duties and obligations established under sections 222(a) and (b) of the 1996 Act. In particular, we seek further comment on (a) the customer's right to restrict carrier use of CPNI for all marketing purposes; (b) the appropriate protections for carrier information and additional enforcement mechanisms we may apply; and (c) the foreign storage of, and access to, domestic CPNI. II. BACKGROUND 6. In response to various informal requests for guidance from the telecommunications industry regarding the obligation of carriers under new section 222, the Commission released a Notice of Proposed Rulemaking on May 17, 1996. The Notice, among other things, sought comment on: (1) the scope of the phrase "telecommunications service," as it is used in section 222(c)(1), which permits carriers to use, disclose, or permit access to individually identifiable CPNI without obtaining customer approval; (2) the requirements for customer approval; and (3) whether the Commission's existing CPNI requirements should be amended in light of section 222. 7. Prior to the 1996 Act, the Commission had established CPNI requirements applicable to the enhanced services operations of AT&T, the BOCs, and GTE, and the CPE operations of AT&T and the BOCs, in the Computer II, Computer III, GTE ONA, and BOC CPE Relief proceedings. The Commission recognized in the Notice that it had adopted these CPNI requirements, together with other nonstructural safeguards, to protect independent enhanced services providers and CPE suppliers from discrimination by AT&T, the BOCs, and GTE. The Notice stated that the Commission's existing CPNI requirements were intended to prohibit AT&T, the BOCs, and GTE from using CPNI obtained from their provision of regulated services to gain a competitive advantage in the unregulated CPE and enhanced services markets. The Notice further stated that the existing CPNI requirements also were intended to protect legitimate customer expectations of confidentiality regarding individually identifiable information. The Commission concluded in the Notice that existing CPNI requirements would remain in effect, pending the outcome of this rulemaking, to the extent that they do not conflict with section 222. On November 13, 1996, the Common Carrier Bureau (Bureau) waived the annual CPNI notification requirement for multi-line business customers that had been imposed on AT&T, the BOCs, and GTE under our pre- existing CPNI framework, pending our action in this proceeding. 8. On August 7, 1996, the Commission released the First Report and Order in the CPNI proceeding. In the First Report and Order, the Commission affirmed its tentative conclusion that, even if a carrier has received customer approval to use CPNI pursuant to section 222(c)(1), such approval does not extend to the carrier's use of CPNI involving the occurrence of calls received by alarm monitoring service providers, pursuant to the ban on such use in section 275(d). Noting that section 222 sets forth limitations on the ability of telecommunications carriers, their affiliates, and unaffiliated parties to obtain access to CPNI, the Commission further concluded that it was not necessary to bar completely certain of these entities from accessing CPNI simply because they market alarm monitoring services. The Commission deferred deciding the issue of whether any restrictions on access to CPNI were necessary to effectuate the prohibition contained in section 275(d). 9. On December 24, 1996, the Commission released the Non-Accounting Safeguards Order, which adopted rules and policies governing the BOCs' provision of certain services through section 272 affiliates. In that order, the Commission concluded that the nondiscrimination provisions of section 272(c)(1) govern the BOCs' use of CPNI and that the BOCs must comply with the requirements of both sections 222 and 272(c)(1). The Commission deferred to this proceeding, however, all other issues concerning the interplay between those provisions. On February 7, 1997, the Commission released the Electronic Publishing Order, which adopted policies and rules governing, among other things, the BOCs' provision of electronic publishing under section 274. In that order, the Commission likewise deferred to this proceeding all CPNI-related issues involved in the BOCs' marketing of electronic publishing services. In light of the Commission's determinations in the Non- Accounting Safeguards and Electronic Publishing orders, the Bureau issued a Public Notice on February 20, 1997, seeking to supplement the record in this proceeding on specific issues relating to the subjects previously noticed and their interplay with sections 272 and 274. Finally, the Commission released the CMRS Safeguards Order on October 3, 1997, in which it eliminated section 22.903 of the rules generally, but expressly retained subsection 22.903(f), regarding the BOCs' sharing of CPNI with cellular affiliates, pending the outcome of this proceeding. 10. In this Second Report and Order, we address the scope and meaning of section 222, as well as the issues deferred to this proceeding. We will consider subsequently, in a separate order, the meaning and scope of section 222(e) of the 1996 Act, relating to the disclosure of subscriber list information by local exchange carriers. We note that LECs became obligated to disclose subscriber list information to directory publishers on nondiscriminatory rates, terms, and conditions, upon passage of the Act. Accordingly, the LEC's duty exists presently, independent of any implementing rules we might promulgate in the future, and a failure to discharge this duty may well, depending on the circumstances, constitute both a violation of section 222(e) and an unreasonable practice in violation of section 201(b). III. COMMISSION AUTHORITY A. Background 11. Shortly after passage of the 1996 Act, various telecommunications carriers and carrier associations, as indicated above, sought guidance from the Bureau regarding the scope of their obligations under section 222. In particular, several associations representing a majority of the local exchange carriers (LECs) asked, among other things, that the Commission commence a rulemaking to resolve questions concerning the LECs' responsibilities under the new CPNI provisions of the 1996 Act. In addition, NYNEX filed a petition for declaratory ruling seeking confirmation of its interpretation of one aspect of section 222. 12. The Commission tentatively concluded in the Notice that regulations interpreting and specifying in greater detail a carrier's obligations under section 222 would be in the public interest, and sought comment on that tentative conclusion. The Commission also sought comment on the extent to which section 222 permits states to impose CPNI requirements in addition to any adopted by the Commission, as well as on whether such state CPNI regulation would enhance or impede valid federal interests with respect to CPNI. The Commission further sought comment on whether the CPNI provisions of section 222 may, by themselves, give it jurisdiction over both the interstate and intrastate use and protection of CPNI with respect to matters falling within the scope of that statutory provision. 13. Parties commenting in response to the Notice generally join the petitioning carrier associations in urging the Commission to clarify the CPNI requirements established in section 222. Some commenters further maintain that the Commission has authority to adopt rules implementing section 222 that apply both to interstate and intrastate aspects of CPNI. Other parties, disagreeing, contend that section 222 does not give the Commission jurisdiction over interstate and intrastate use and protection of CPNI or that states should be free to adopt various CPNI requirements, or both. B. Discussion 14. We confirm our tentative conclusion and find that our clarification of the CPNI obligations imposed on carriers by section 222 would serve the public interest. As discussed more fully herein, we are persuaded that Congress established a comprehensive new framework in section 222, which balances principles of privacy and competition in connection with the use and disclosure of CPNI and other customer information. Given the conflicting interpretations of the statute proposed by the various parties, and drawing from our knowledge and historical experience regulating CPNI use and protection, we conclude that our clarification of this provision is necessary and consistent with what Congress envisioned to ensure a uniform national CPNI policy. It is well-established that an agency has the authority to adopt rules to administer congressionally mandated requirements. Indeed, courts repeatedly have held that the Commission's general rulemaking authority is "expansive" rather than limited. We agree with the petitioning carrier associations, and essentially all other commenters, that our clarification of section 222 will serve to reduce confusion and controversy. 15. We further conclude that our authority to promulgate regulations implementing section 222 extends to both the interstate and intrastate use and protection of CPNI and other customer information in several important respects. Specifically, the Communications Act, as enacted in 1934, established a dual system of state and federal regulation over telecommunications. Section 2(a) extends jurisdiction for interstate matters to the Commission and section 2(b) reserves intrastate matters to the states. Based on the Act's grant of jurisdiction, the Commission has historically regulated the use and protection of CPNI by AT&T, the BOCs, and GTE, through the rules established in the Computer III proceedings. Sections 4(i), 201(b), and 303(r) of the Act authorize the Commission to adopt any rules it deems necessary or appropriate to carry out its responsibilities under the Act, so long as those rules are not otherwise inconsistent with the Act. 16. In Louisiana Pub. Serv. Comm'n v. FCC, the Supreme Court held that, even where Congress has not provided the Commission with a direct grant of authority over intrastate matters, the Commission may preempt state regulation where such regulation would negate the Commission's exercise of its lawful authority because regulation of the interstate aspects of the matter cannot be severed from regulation of the intrastate aspects. The Court of Appeals for the Ninth Circuit applied this principle, generally referred to as the "impossibility exception," in the specific context of a state CPNI regulation even prior to the 1996 Act. In California III, the Ninth Circuit upheld the Commission's preemption of California regulations that required prior customer approval for access to CPNI, under the impossibility exception. We conclude that, in connection with CPNI regulation, the Commission may preempt state regulation of intrastate telecommunications matters where such regulation would negate the Commission's exercise of its lawful authority because regulation of the interstate aspects of the matter cannot be severed from regulation of the intrastate aspects. As several parties observe, where a carrier's operations are regional or national in scope, state CPNI regulations that are inconsistent from state to state may interfere greatly with a carrier's ability to provide service in a cost-effective manner. In addition, as MCI points out, even if a state written approval requirement were limited to the use of CPNI for the marketing of intrastate services, for example, it would disrupt interstate service marketing because it would be impractical to limit marketing to interstate services. On this basis, we find inapplicable the limitation on federal regulation of purely intrastate telecommunications matters in section 2(b) of the Act, as well as Congress' prohibition on implied preemption in section 601(c) of the 1996 Act. 17. Several commenters interpret California III to support their view that state rules would conflict with section 222 if they are more restrictive -- that is, permit less carrier use and disclosure of CPNI -- than the Commission's implementing regulations. These commenters rely on California III, where the court specifically upheld the Commission's preemption of California's prior authorization rule in favor of the Commission's less restrictive notice rule, reasoning that such state regulations would negate the Commission's exercise of its lawful authority over interstate telecommunications services. In contrast, other commenters contend that, consistent with California III, the Commission should establish minimum federal standards under section 222 for the use, disclosure, and permission of access to CPNI, yet permit states to exceed those standards. These parties reason that, although federal standards are needed to monitor the use of CPNI, state regulators are best suited to deal with particular problems faced by consumers in their state, and further argue that state requirements that provide additional privacy protections to consumers would not conflict with the Commission's rules. 18. Because no specific state regulations are before us, we do not at this time exercise our preemption authority. Rather, we agree with NYNEX that after states have had an opportunity to react to the requirements we adopt in this order, we should then examine any conflicting state rules on a case-by-case basis. State rules that likely would be vulnerable to preemption would include those permitting greater carrier use of CPNI than section 222 and our implementing regulations announced herein, as well as those state regulations that sought to impose more limitations on carriers' use. This is so because state regulation that would permit more information sharing generally would appear to conflict with important privacy protections advanced by Congress through section 222, whereas state rules that sought to impose more restrictive regulations would seem to conflict with Congress' goal to promote competition through the use or dissemination of CPNI or other customer information. In either regard, the balance would seemingly be upset and such state regulation thus could negate the Commission's lawful authority over interstate communication and stand as an obstacle to the accomplishment and execution of the full purposes and objectives of Congress. Other state rules, however, may not directly conflict with Congress' balance or goals, for example, those specifying various information that must be contained in the carrier's notice requirement, that are in addition to those specified in this order. 19. An alternative basis for concluding that our jurisdiction extends to the intrastate use and protection of CPNI stems additionally from section 222(f)(1)(B), which expressly defines CPNI as including, among other things, "information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier." Section 222(e) similarly provides that: "[n]otwithstanding subsections (b), (c), and (d), a telecommunications carrier that provides telephone exchange service shall provide subscriber list information gathered in its capacity as a provider of such service on a timely and unbundled basis, under nondiscriminatory and reasonable rates, terms, and conditions . . ." Insofar as telephone exchange service is virtually an exclusively intrastate service, these references expressly also extend the scope of section 222 to intrastate matters. For this reason as well we conclude that neither section 2(b) of the Communications Act of 1934 nor section 601(c) of the 1996 Act precludes our regulation of the intrastate use and protection of CPNI pursuant to section 222. 20. We thus conclude that section 222, and the Commission's authority thereunder, apply to regulation of intrastate and interstate use and protection of CPNI. We find, therefore, that the rules we establish to implement section 222 are binding on the states, and that the states may not impose requirements inconsistent with section 222 and our implementing regulations. IV. CARRIER'S RIGHT TO USE CPNI WITHOUT CUSTOMER APPROVAL A. Overview 21. Section 222(c)(1) and section 222(d) set forth the circumstances under which a carrier may use, disclose, or permit access to CPNI without customer approval. Specifically, section 222(c)(1) provides that a telecommunications carrier that receives or obtains CPNI by virtue of its "provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable [CPNI] in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories." Section 222(d) provides: [n]othing in this section prohibits a telecommunications carrier from using, disclosing, or permitting access to [CPNI] obtained from its customers, either directly or indirectly through its agents -- (1) to initiate, render, bill, and collect for telecommunications services; (2) to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services; or (3) to provide any inbound telemarketing, referral, or administrative services to the customer for the duration of the call, if such call was initiated by the customer and the customer approves of the use of such information to provide such service. 22. Numerous parties comment on the proper interpretation of section 222(c)(1) because this provision governs, among other things, the scope of a carrier's right to use CPNI for customer retention and marketing purposes, without having to seek some form of customer approval. Most carriers acknowledge that they view CPNI as an important asset of their business, and many state that they hope to use CPNI as an integral part of their future marketing plans. Indeed, as competition grows and the number of firms competing for consumer attention increases, CPNI becomes a powerful resource for identifying potential customers and tailoring marketing strategies to maximize customer response. Accordingly, a broad interpretation of the scope of section 222(c)(1) would afford carriers the opportunity to use, disclose, or permit access to CPNI expansively. A narrow interpretation, conversely, would restrict the use carriers can make of CPNI absent customer approval. 23. We conclude that the general framework established under section 222, considered as a whole, carves a limited exception in section 222(c)(1) for carrier use, disclosure, and permission of access to sensitive customer information. Specifically, sections 222(c)(1)(A) and (B), as well as the narrow exceptions in section 222(d), represent the only instances where customer approval for a carrier to use, disclose, or permit access to personal customer information is not required. We believe that the language of section 222(c)(1)(A) and (B) reflects Congress' judgment that customer approval for carriers to use, disclose, and permit access to CPNI can be inferred in the context of an existing customer-carrier relationship. This is so because the customer is aware that its carrier has access to CPNI, and, through subscription to the carrier's service, has implicitly approved the carrier's use of CPNI within that existing relationship. 24. The language also suggests, however, that the carrier's right under section 222(c)(1)(A) and (B) is a limited one, in that the carrier "shall only" use, disclose, or permit access to CPNI "in the provision of" the telecommunications service from which such CPNI is derived or services necessary to, or used in, such telecommunications service. Indeed, insofar as the customer consent in sections 222(c)(1)(A) and (B) is inferred rather than based on express customer direction, we conclude that Congress intended that implied customer approval be restricted solely to what customers reasonably understand their telecommunications service to include. This customer understanding, in turn, is manifested in the complete service offering to which the customer subscribes from a carrier. We are persuaded that customers expect that CPNI generated from their entire service will be used by their carrier to market improved service within the parameters of the customer-carrier relationship. Although most customers presently obtain their service from different carriers in terms of traditional categories of offerings -- local, interexchange, and commercial mobile radio services (CMRS) -- with the likely advent of integrated and bundled service packages, the "total service approach" accommodates any future changes in customer subscriptions to integrated service. 25. For the reasons described below, we believe that the total service approach best represents the scope of "the telecommunications service from which the CPNI is derived." Under the total service approach, the customer's implied approval is limited to the parameters of the customer's existing service, and is neither extended to permit CPNI use in marketing all of a carrier's telecommunications services regardless of whether subscribed to by the customer, nor narrowed to permit use only in providing a discrete service feature. In this way, the total service approach appropriately furthers Congress' intent to balance privacy and competitive concerns, and maximize customer control over carrier use of CPNI. 26. Also, as explained below, with respect to section 222(c)(1)(B), we further conclude that a carrier may use, disclose, or permit access to CPNI without customer approval for the provision of inside wiring installation, maintenance, and repair services because they are "services necessary to, or used in, the provision of such telecommunications service" under section 222(c)(1)(B). In contrast, CPE and information services are not "services necessary to, or used in, the provision of such telecommunications service" within the meaning of section 222(c)(1)(B). B. Scope of a Carrier's Right Pursuant to Section 222(c)(1)(A): the "Total Service Approach" 1. Background 27. In the Notice, the Commission tentatively concluded that section 222(c)(1)(A) should be interpreted as "distinguishing among telecommunications services based on traditional service distinctions," specifically, local, interexchange, and CMRS. Thus, for example, a local exchange carrier could use local service CPNI to market local service offerings, but could not use local service CPNI to target customers to market long distance offerings or CMRS, absent customer approval. The Commission further tentatively concluded that short-haul toll should be treated as a local telecommunications service when provided by a LEC, and as an interexchange telecommunications service when provided by an interexchange carrier (IXC). The Commission sought comment on these and other possible distinctions among telecommunications services, the scope of the term "telecommunications service," and the costs and benefits of any proposed interpretation, including the interpretation's impact on competitive and customer privacy interests. The Commission also sought comment on the impact of changes in telecommunications technology and regulation and on whether and when technological and market developments may require the Commission to revisit the issue of telecommunications service distinctions. 28. Commenters recognize that the language of section 222(c)(1)(A) is not clear, and propose at least five different interpretations. First, several parties urge us to interpret section 222(c)(1)(A) as limited to each discrete offering or feature of service subscribed to by a customer. This proposal, which we refer to as the "discrete offering approach," assumes that customers do not expect or understand, for example, that their local exchange carrier would use local CPNI to market the carrier's call waiting feature to them, absent their approval. Second, a number of parties urge us to adopt our tentative conclusion and define the scope of "the telecommunications service from which such [CPNI] is derived" according to the three traditional service distinctions -- local, interexchange, and CMRS. We refer to this as the "three category approach." Under this approach, for example, a customer's local exchange carrier would be able to use local service CPNI to market a call waiting feature to them, as one of many offerings that make up local service, but would not be able to use CPNI to market long distance or CMRS offerings, absent customer approval. 29. Third, a variation on the three category approach is what we refer to as the "two category approach," where local and interexchange services constitute separate service categories, but CMRS, like short-haul toll, "floats" between them. Under this approach, for example, an IXC would be able to use CPNI obtained from its provision of long distance service to market CMRS, but would not be able to use long distance CPNI to market local service, without customer approval. Fourth, a number of parties urge us to interpret section 222(c)(1)(A) as referring only to one broad telecommunications service that includes all of a carrier's telecommunications service offerings. This approach, which we refer to as the "single category approach," would permit carriers to use CPNI obtained from their provision of any telecommunications service, including local or long distance service as well as CMRS, to market any other telecommunications service offered by the carrier, regardless of whether the customer subscribes to such service from that carrier. 30. Finally, several proponents of the various approaches further argue that we should permit carriers to share CPNI among all offerings and/or service categories subscribed to by the customer from the same carrier. We refer to this concept as the "total service approach" because it allows carriers to use the customer's entire record, derived from the complete service subscribed to from that carrier, for marketing purposes within the existing service relationship. Although parties supporting this concept advance various alternative schemes, we view it as a separate interpretation of section 222(c)(1)(A) that is defined by the customer's service subscription. Under the total service approach, for example, a carrier whose customer subscribes to service that includes a combination of local and CMRS would be able to use CPNI derived from this entire service to market to that customer all related offerings, but not to market long distance service to that customer, because the customer's service excludes any long distance component. Thus, under the total service approach, the carrier's permitted use of CPNI reflects the level of service subscribed to by the customer from the carrier. 2. Discussion 31. As discussed below, we conclude that the total service approach best protects customer privacy interests, while furthering fair competition, and thereby best comports with the statutory language, history, and structure of section 222. a. Statutory Language, History, and Structure 32. The statutory language makes clear that Congress did not intend for the implied customer approval to use, disclose, or permit access to CPNI under section 222(c)(1)(A) to extend to all of the categories of telecommunications services offered by the carrier, as proposed by advocates of the single category approach. First, Congress' repeated use of the singular "telecommunications service" must be given meaning. Section 222(c)(1) prohibits a carrier from using CPNI obtained from the provision of "a telecommunications service" for any purpose other than to provide "the telecommunications service from which such information is derived" or services necessary to, or used in, provision of "such telecommunications service." We agree with many commenters that this language plainly indicates that Congress both contemplated the possible existence of more than one carrier service and made a deliberate decision that section 222(c)(1)(A) not extend to all. Indeed, Congress' reference to plural "telecommunications services" in sections 222(a) and 222(d)(1) demonstrates a clear distinction between the singular and plural forms of the term. Under well-established principles of statutory construction, "where Congress has chosen different language in proximate subsections of the same statute," we are "obligated to give that choice effect." Consistent with this, section 222(c)(1)'s explicit restriction of a carrier's "use" of CPNI "in the provision of" service further evidences Congress' intent that carriers' own use of CPNI be limited to the service provided to the particular customer, and not be expanded to all the categories of telecommunications services available from the carrier. 33. We therefore reject the single category approach as contrary to the statutory language. In particular, we do not agree with several parties' claim that the general definition of "telecommunications service" found in Title I of the Act, which focuses on the offering of "telecommunications . . . regardless of the facilities used," indicates that Congress did not intend to differentiate among telecommunications technologies or services in section 222(c)(1)(A). We likewise find U S WEST's reliance on the general plural reference included in the definition of "telecommunications" misplaced. Rather, we agree with the California Commission, CompTel, MCI, and TRA that the single category interpretation would render the specific limiting language in section 222(c)(1)(A) meaningless. Approval would be necessary, if at all, only if a carrier wished to use CPNI to market non-telecommunications services. Like Sprint, we conclude that, had Congress intended such a result, the text could have been drafted much more simply by stating that carriers may use CPNI, without customer approval, only for telecommunications-related purposes, instead of the language of section 222(c)(1)(A), which expressly limits carrier use to the "provision of the service from which [the CPNI] is derived." 34. We likewise reject parties' suggestions that we interpret section 222(c)(1)(A) based on prior Commission decisions, including the McCaw orders, various Computer III orders, as well as the Common Carrier Bureau's opinion in BankAmerica v. AT&T, which permitted the sharing of customer information among affiliated companies based on the existing business relationship and the perceived benefits of integrated marketing. First, with respect to prior Commission decisions, the 1996 Act, and section 222 in particular, altered the regulatory landscape which served as the backdrop for those decisions. Congress adopted a specific provision regarding CPNI that differs in fundamental respects from the Commission's existing CPNI regime. While the Commission previously may have permitted more sharing of information under the rubric of Computer III and within a pre-1996 Act environment that limited carriers' market entry, we conclude that Congress drew a specific and different balance in section 222. To the extent our prior decisions are relevant at all to the interpretation of section 222(c)(1)(A), they suggest Congress deliberately chose not to encourage the kind of information sharing that the Commission may have permitted in the past, and which is now proposed by advocates of the single category approach. For these reasons, we similarly reject parties' reliance on other statutes, particularly the Cable Television Consumer Protection and Competition Act (1992 Cable Act) and the Telephone Consumer Protection Act of 1991 (TCPA), as well as the Commission's implementation of those Acts. Neither of these statutes contains the specific and unique language of section 222 which expressly limits a carrier's "use" of customer information. Again, to the extent other provisions are probative, they indicate that Congress was clear when it intended to exempt information sharing within the context of the existing business relationship from general consumer protection provisions, but chose not to in section 222. 35. On the other hand, we also conclude, contrary to the suggestion of its proponents, that the discrete offering approach is not required by the language of section 222(c)(1)(A). Although the statutory language makes clear that carriers' CPNI use is limited in some respect, and thus fails to support the single category approach, it does not dictate the most narrow possible interpretation (i.e., the discrete offering approach). Nor does the statutory language, however, rule out a more general subscription-based understanding of the phrase "telecommunication service from which such [CPNI] is derived," consistent with the total service approach. As discussed infra, we believe as a policy matter that the discrete category approach is not desirable because it is not required to protect either customers' reasonable expectations of privacy or competitors' interests. Rather, we believe that the best interpretation of section 222(c)(1) is the total service approach, which affords carriers the right to use or disclose CPNI for, among other things, marketing related offerings within customers' existing service for their benefit and convenience, but which restricts carriers from using CPNI in connection with categories of service to which customers do not subscribe. The total service approach permits CPNI to be used for marketing purposes only to the extent that a carrier is marketing alternative versions, which may include additional or related offerings, of the customer's existing subscribed service. The carrier's use of CPNI in this way fairly falls within the language of "the provision of the telecommunications service from which such information is derived" because it allows the carrier to suggest more beneficial ways of providing the service to which the customer presently subscribes. 36. Our rejection of the discrete category approach, and support for the total service approach, is also informed by our understanding of the relationship between sections 222(c)(1)(A) and (d)(1). Specifically, the Texas Commission explains its discrete offering interpretation of section 222(c)(1)(A) as limiting the carriers' CPNI use to the "initiation, provisioning, billing, etc. of, or necessary to," the discrete feature of service subscribed to by the customer. We believe this view essentially interprets the scope of section 222(c)(1)(A) as being no broader than section 222(d)(1), which provides that carriers may use, disclose, or permit access to CPNI to, among other things, "initiate" and "render" telecommunications services. Although both sections 222(c)(1) and (d) establish exceptions to the general CPNI use and sharing prohibitions, and overlap in certain respects, these provisions must be given independent effect. Had Congress intended to permit carriers to use CPNI only for "rendering" service, as suggested under the discrete offering approach, and as explicitly provided in section 222(d)(1), it would not have needed to create the exception in section 222(c)(1)(A). In contrast, by interpreting section 222(c)(1)(A) as we do, to permit some use of CPNI for marketing purposes, we give meaning to both statutory provisions. Indeed, in contrast with the various parties' views concerning the scope of section 222(c)(1)(A), commenters that addressed the meaning of section 222(d)(1) uniformly suggest that it does not extend to a carrier's use of CPNI for marketing purposes. 37. The legislative history confirms our view that in section 222 Congress intended neither to allow carriers unlimited use of CPNI for marketing purposes as they moved into new service avenues opened through the 1996 Act, nor to restrict carrier use of CPNI for marketing purposes altogether. Specifically, although the general purpose of the 1996 Act was to expand markets available to both new and established carriers, the legislative history makes clear that Congress specifically intended section 222 to ensure that customers retained control over CPNI in the face of the powerful carrier incentives to use such CPNI to gain a foothold in new markets. The Conference Report states that, through section 222, Congress sought to "balance both competitive and consumer privacy interests with respect to CPNI." Congress further admonishes that "[i]n new subsection 222(c) the use of CPNI by telecommunications carriers is limited, except as provided by law or with the approval of the customer." Contrary to Congressional intent as expressed in the legislative history, the single category approach asserts a broad carrier right, affording customers virtually no control over intra-company use of their CPNI. This approach would undermine section 222's focus on balancing customer privacy interests, and likewise would potentially harm competition. Carriers already in possession of CPNI could leverage their control of CPNI in one market to perpetuate their dominance as they enter other service markets. In these respects, therefore, the legislative history wholly fails to support the single category approach. On the other hand, the legislative history makes no mention of any need or intention to restrict the carrier's use of CPNI to market discrete offerings within the service subscribed to by the customer. In this regard, therefore, the legislative history likewise does not support the discrete offering approach. 38. Thus, contrary to U S WEST's suggestion, we do not believe that, because express service distinctions were eliminated during the Conference Agreement, Congress intended to abandon them. Rather, Congress may well have deleted specific reference to local and long distance services in section 222(c)(1)(A) because they were superfluous. The repeated use of the singular "service" and the restrictive language "the telecommunications service from which such [CPNI] is derived" in section 222(c)(1) serves to draw these same service distinctions. Moreover, although service distinctions are not expressly referenced in the language of section 222(c)(1)(A), they are retained in the statutory definition of CPNI, which describes information contained in the bills pertaining to "telephone exchange service or telephone toll service" In this definition, Congress also describes CPNI in terms of "a telecommunications service subscribed to by any customer," which additionally suggests that Congress understood the scope of section 222(c)(1) to be limited according to the total service subscribed to by a customer. 39. Furthermore, in contrast with the single category approach, the limitations on carriers' use or disclosure of CPNI to the total service subscribed to by the customer would restrict carriers from using or disclosing CPNI without customer approval to target customers for new service offerings opened only through the 1996 Act, and accordingly would restrict carriers' opportunity to leverage large stores of existing customer information to their exclusive competitive advantage. Such CPNI limitations also further customer's privacy goals as they restrict the use to which carriers can make of CPNI for purposes beyond the parameters of the existing service relationship. As such, the total service approach protects the privacy and competitive interests of customers, and thereby appropriately furthers the balance of these interests that Congress expressly directed, as explained in the Conference Agreement. 40. We also reject U S WEST's claims, in support of the two category approach, that Congress' failure to mention CMRS in the legislative history suggests that it did not view CMRS as a separate service offering, but rather that CMRS is more appropriately treated as a technology or functionality of both local and long distance telecommunications service. We do not find Congress' silence in connection with CMRS as dispositive, and reject the notion that CMRS is not a separate service offering. Indeed, as the Commission recently recognized in its Second Annual CMRS Competition Report, although CMRS offerings are increasingly becoming substitutes for each other in the public's perception, and may someday directly compete with wireline service, "wireless services do not yet approach the ubiquity of wireline telephone service." Moreover, we believe that the two category approach would not protect sufficiently privacy and competitive concerns, and would thereby violate the statutory intent expressly set forth in the legislative history. As Arch, Frontier, and AirTouch observe, allowing CMRS to "float" between the local and interexchange categories may give incumbent carriers a competitive advantage. 41. We also disagree with MCI's argument in support of the two category approach that Congress solely intended for the new CPNI requirements set forth in section 222 to protect against carriers using CPNI already in their possession to advantage them as they moved into new service markets opened only through the 1996 Act. MCI contends that, because wireline carriers could enter the CMRS market even before passage of the 1996 Act, CMRS should be considered "as a type of service that can fit into either the local or interexchange category and that should be treated the same as the predominant category provided by the carrier in question." This argument is not supported by the statutory language, and we reject it accordingly. Section 222 contains no exclusion, express or implied, for CPNI related to services provided in markets previously open to competitors, nor does the legislative history support this interpretation. Moreover, we further reject MCI's suggestion that because entry of wireline carriers into the CMRS market was previously permissible, no CPNI regulation is needed as a matter of policy. That argument is belied by the fact that, even before the 1996 Act, the Commission's regulations afforded considerable CPNI protection related to cellular service. Moreover, we believe that the statutory balance of privacy and competitive interests would be undermined if we were to remove those restrictions that prevent carriers from using wireline CPNI without customer approval to target new CMRS customers. Indeed, the elimination of such restrictions would offer LECs, in particular, a substantial and unjustified competitive advantage because they could use local wireline CPNI (available based on their historic monopoly status, but not available to their CMRS competitors) to target local customers that they believe would purchase their CMRS service. 42. Finally, we also reject the various arguments advanced by GTE, PacTel, USTA, and U S WEST that our adoption of an interpretation more limited than the single or two category approaches raises Constitutional concern. In particular, they variously claim that such restriction on intra-company sharing of CPNI would: constitute a taking without just compensation; seriously impair carriers' ability to communicate valuable commercial information to their customers in violation of the First Amendment; and violate Equal Protection principles because CPNI rules would discriminate against certain telecommunications service providers to promote competition by another class of providers (e.g., cable providers that can use CPNI with implied consent). 43. We reject the Constitutional takings arguments because, to the extent CPNI is property, we agree that it is better understood as belonging to the customer, not the carrier. Moreover, contrary to the contentions raised by some parties, even assuming carriers have a property interest in CPNI, our interpretation of section 222(c)(1)(A) does not "deny all economically beneficial" use of property, as it must, to establish a successful claim. Under the total service approach, carriers can use CPNI for a variety of marketing purposes which promote the interests of customers and carriers alike. In addition, with customer approval, carriers are free to use CPNI to offer any combination of one-stop shopping. Accordingly, the total service approach does not deny carriers all economically beneficial use of CPNI; rather, carriers are free to market and discuss with their customers whatever service offerings they want, in whatever combination. On this basis we also reject U S WEST's claim that our interpretation may abridge the carrier's ability to communicate with its customers, and thereby violate its First Amendment rights. Government restrictions on commercial speech will be upheld where, as here, the government asserts a substantial interest in support of the regulation, the regulation advances that interest, and the regulation is narrowly drawn. Section 222(c)(1)(A), and our total service approach, promote the substantial governmental interests of protecting the privacy of consumers and promoting fair competition. We thus conclude that these Constitutional claims are without merit. 44. We likewise reject parties' Equal Protection challenges based on section 222's limitation to telecommunications carriers alone. In order to sustain an equal protection challenge, parties must prove the law has no rational relation to any conceivable legitimate legislative purpose. We conclude that Congress' decision to extend the CPNI limitations in section 222 only to telecommunications carriers, and not, for example to cable operators, does not support a Constitutional claim. The information telecommunications carriers obtain from their customers, including who, where and when they call, is considerably more sensitive and personal than the information cable operators obtain concerning their customers (e.g., whether they have premium or basic service). Given the differences in the type of information at issue, Congress' decision to mandate a higher level of privacy protection in the context of section 222, applicable to telecommunications carriers, than in section 551 of the 1992 Cable Act applicable to cable operators, is plainly rational. 45. Non-Telecommunications Offerings. Several carriers argue that certain non- telecommunications offerings, in addition to being covered by section 222(c)(1)(B), also should be included within any service distinctions we adopt pursuant to section 222(c)(1)(A), including inside wiring, customer premises equipment (CPE), and certain information services. Based on the statutory language, however, we conclude that inside wiring, CPE, and information services do not fall within the scope of section 222(c)(1)(A) because they are not "telecommunications services." More specifically, section 222(c)(1)(A) refers expressly to carrier use of CPNI in the provision of a "telecommunications service." In contrast, the word "telecommunications" does not precede the word "services" in section 222(c)(1)(B)'s phrase "services necessary to, or used in." The varying use of the terms "telecommunications service" in section 222(c)(1)(A) and "services" in section 222(c)(1)(B) suggests that the terms deliberately were chosen to signify different meanings. Accordingly, we believe that Congress intended that carriers' use of CPNI for providing telecommunications services be governed solely by section 222(c)(1)(A), whereas the use of CPNI for providing non-telecommunications services is controlled by section 222(c)(1)(B). 46. Commission precedent has treated "information services" and "telecommunications services" as separate, non-overlapping categories, so that information services do not constitute "telecommunications" within the meaning of the 1996 Act. Accordingly, we conclude that carriers may not use CPNI derived from the provision of a telecommunications service for the provision or marketing of information services pursuant to section 222(c)(1)(A). We likewise conclude that inside wiring and CPE do not fall within the definition of "telecommunications service," and thus do not fall within the scope of section 222(c)(1)(A). 47. We recognize that the Commission has permitted CMRS providers to offer bundled service, including various "enhanced services" and CPE, prior to the 1996 Act. We disagree with PacTel, however, that, consistent with section 222(c)(1)(A), CMRS providers should be able to use CMRS-derived CPNI without customer approval to market these offerings when they provide CMRS to a customer. The 1996 Act defines "mobile service" in pertinent part as a "radio communication service carried on between mobile stations or receivers and land stations, and by mobile stations communicating among themselves . . . ." "Radio communication service," in turn, is defined in terms of "the transmission by radio of writings, signs, signals, pictures, and sounds of all kinds, including all instrumentalities, facilities, apparatus, and services (among other things, the receipt, forwarding, and delivery of communications) incidental to such transmission." These definitions do not include information services or CPE within the meaning of CMRS. Accordingly, while nothing in section 222(c)(1) prohibits CMRS providers from continuing to bundle various offerings consistent with other provisions of the 1996 Act, including CMRS-specific CPE and information services, they cannot use CPNI to market these related offerings as part of the CMRS category of service without customer approval, because even when they are bundled with a CMRS service, they do not constitute CMRS and are not telecommunications services. 48. On the other hand, we also conclude that, to the extent that services formerly described as adjunct-to-basic are offered by CMRS providers, these should be considered either within the provision of CMRS under section 222(c)(1)(A), or as services necessary to, or used in, CMRS under section 222(c)(1)(B). Thus, for example, a CMRS provider can use CMRS CPNI to market a call forwarding feature to its existing customer because call forwarding was classified as an adjunct-to-basic service, but not to market an information service. In addition, we agree with the result advocated by WTR, and conclude that a reasonable interpretation of section 222(c)(1)(A) permits carriers to use, disclose, or permit access to CPNI for the limited purpose of conducting research on the health effects of their service. In particular, we believe that, integral to a carrier's provision of a telecommunications service is assuring that the telecommunications service is safe to use. Insofar as customers expect that the telecommunications service to which they subscribe is safe, use of CPNI to confirm as much would not violate their privacy concerns, but rather would be fully consistent with notions of implied approval. The research proposed by WTR, which uses CPNI disclosed by carriers relating to the time and duration of wireless telephone usage to determine the health risks posed to users of hand-held portable wireless telephones, comes within the provision of CMRS service and therefore the meaning of section 222(c)(1)(A). 49. Special Treatment for Certain Carriers. We conclude that Congress did not intend to, and we should not at this time, distinguish among carriers for the purpose of applying section 222(c)(1). Based on the statutory language, it is clear that section 222 applies to all carriers equally and, with few exceptions, does not distinguish among classes of carriers. Accordingly, we reject the argument raised by several parties that we should permit broader CPNI sharing for competitive LECs, but not for incumbent LECs, or that we should limit the total service approach to entities without market power. As several parties suggest, customers' privacy interests are deserving of protection, regardless of which telecommunications carrier serves them, for customers' privacy expectations do not differ based upon the size or identity of the carrier. Moreover, we disagree with the suggestions of ICG, LDDS WorldCom, and Sprint that we should impose stricter restrictions on incumbent or dominant carriers, based on their greater potential for anti-competitive use or disclosure of CPNI. We believe at this time that the regulations and safeguards implemented in this order fully address competitive concerns in connection with all carriers' use, disclosure, or permission of access to CPNI. 50. We also decline to forbear from applying section 222(c)(1), or any of our associated rules, to small or competitive carriers, as SBT requests. First, SBT has not explained adequately in its comments how it meets the three statutory criteria for forbearance. Second, while SBT points out that competitive concerns may differ according to carrier size, it does not persuade us that customers of small businesses have less meaningful privacy interests in their CPNI. We thus disagree with SBT that the three category approach gives large carriers flexibility to develop and meet customers' needs, but may unnecessarily limit small business as competition grows. Even if, as SBT alleges, a large carrier can base the design of a new offering on statistical customer data and market widely, but a small business can best meet specialized subscriber needs if it offers CMRS, local, and interexchange service tailored to the specific subscriber, the total service approach allows tailored packages. We likewise disagree, therefore, with USTA that small carriers could be competitively disadvantaged in any interpretation of section 222(c)(1)(A) other than the single category approach. Rather, we are persuaded that the total service approach provides all carriers, including small and mid-sized LECs, with flexibility in the marketing of their telecommunications products and services. In fact, if SBT's claims that small businesses typically have closer personal relationships with their customers are accurate, then small businesses likely would have less difficulty in obtaining customer approval to market services outside of a customer's service existing service. 51. We also agree with a number of parties that there should be no restriction on the sharing of CPNI among a carrier's various telecommunications-related entities that provide different service offerings to the same customer. By its terms, section 222(c)(1)(A) generally limits "a telecommunications carrier that receives or obtains [CPNI] by virtue of its provision of a telecommunications service" to use, disclose, or permit access to CPNI only in "its provision of the telecommunications service from which such information is derived." This language does not limit the exception for use or disclosure of CPNI to the corporate parent. Rather, we believe the language reasonably permits our view that the CPNI limitations should relate to the nature of the service provided and not the nature of the entity providing the service. In particular, under the total service approach, we interpret the scope of section 222(c)(1)(A) to permit carriers to use or disclose CPNI based on the customer's implied approval to market related offerings within the customer's existing service relationship. To the extent a carrier chooses to (or must) arrange its corporate structure so that different affiliates provide different telecommunications service offerings, and a customer subscribes to more than one offering from the carrier, the total service approach permits the sharing of CPNI among the affiliated entities without customer approval. In contrast, if a customer subscribes to less than all of the telecommunications service offered by these affiliated entities, then CPNI sharing among the affiliates would be restricted under the total service approach. In this circumstance, the restriction is not based on the corporate structure, but rather on the scope of the service subscribed to by the customer. 52. For the reasons described herein, we believe that the sharing of CPNI permitted under the total service approach among affiliated telecommunications entities best balances the goals of section 222 to safeguard customer privacy and promote fair competition. Under a contrary interpretation, carriers would have to change their corporate structure in order to consolidate a customer's service record consistent with the total service approach. If other business considerations counselled against such corporate restructuring, the customer would ultimately suffer because it would not receive the advantages associated with the information sharing permissible under the total service approach. Moreover, we agree that CPNI distinctions based solely on corporate structure would be confusing and inconvenient for customers. For all these reasons, we reject such an alternative interpretation. b. Statutory Principles of Customer Control and Convenience 53. In addition to finding that the total service approach is most consistent with the statutory language and legislative history, we are persuaded that, as a policy matter, the total service approach also best advances the principles of customer control and convenience implicitly embodied in sections 222(c)(1) and (c)(2). These statutory principles, as discussed below, in conjunction with our experience regulating carriers' CPNI use, guide our interpretation of the scope of section 222(c)(1)(A). We agree with the observation of numerous commenters that Congress intended that section 222(c) would protect customers' reasonable expectations of privacy regarding personal and sensitive information, by giving customers control over CPNI use, both by their current carrier and third parties. First, as CPI observes, this principle of customer control is manifested in section 222(c)(2), which provides: "A telecommunications carrier shall disclose customer proprietary network information, upon affirmative written request by the customer, to any person designated by the customer." In this provision, Congress requires that carriers must comply with the express desire of the customer regarding disclosure of CPNI, and in so doing establishes the customer's right to direct who receives its CPNI and when it may be disclosed. Second, section 222(c)(1) requires carriers to obtain customer "approval" when they seek to use, disclose, or permit access to CPNI for purposes beyond those specified in sections 222(c)(1)(A) and 222(c)(1)(B). By requiring that carriers obtain approval, Congress ensured that customers would be able to control any "secondary" uses to which carriers could make of their CPNI, and thereby restrict the dissemination of their personal information. Third, the principle of customer control also is reflected in sections 222(c)(1)(A) and (B), which permit carrier use of CPNI absent customer approval only in certain limited circumstances. The restricted scope of the carrier's right to use CPNI under these provisions -- only in the provision of the telecommunications service from which the CPNI is derived, or services necessary to or used in that service -- evidences Congress' recognition that a customer's subscription to service constitutes only a limited form of implied approval. 54. While sections 222(c)(1)(A) and (B) embody the principle that customers wish to maintain control over their sensitive information, those provisions also manifest the principle that customers want convenient service, as some commenters have observed. The notion of implied approval evidences Congress' understanding that customers desire their service to be provided in a convenient manner, and are willing for carriers to use their CPNI without their approval to provide them service (and, under section 222(c)(1)(B), services necessary to, or used in, such service) within the parameters of the customer-carrier relationship. Indeed, we agree with commenters that Congress recognized through sections 222(c)(1)(A) and (B) that customers expect that carriers with which they maintain an established relationship will use information derived through the course of that relationship to improve the customer's existing service. Accordingly, as many commenters observe, what the customer expects or understands is included in its telecommunications service represents the scope and limit of its implied approval under section 222(c)(1)(A). As discussed below, we conclude that the total service approach, based on the customer's entire service subscription, best reflects these underlying principles of customer control and convenience. 55. Customers do not expect that carriers will need their approval to use CPNI for offerings within the existing total service to which they subscribe. We believe it reasonable to conclude that, where a customer subscribes to a diverse service offering -- a mixture of local, long distance, and CMRS -- from the same carrier or its subsidiary or affiliated companies, the customer views its telecommunications service as the total service offering that it has purchased, and can be presumed to have given implied consent to its carrier to use its CPNI for all aspects of that service. We find no reason to believe that customers would expect or desire their carrier to maintain internal divisions among the different components of their service, particularly where such CPNI use could improve the carrier's provision of the customer's existing service. We agree with Sprint and MCI that customers choosing an integrated product will expect their provider to have and use information regarding all parts of the service provided by that company, and will be confused and annoyed if that carrier does not and cannot provide complete customer service. For this reason, many of those parties favoring either the two or three category approach, while not advocating the total service approach explicitly, nevertheless support its principal tenet that, if customers' subscriptions change, perhaps in response to new integrated carrier offerings, the scope of section 222(c)(1)(A) must likewise change. The total service concept is supported by some advocates of the discrete offering approach as well, who foresee customer movement toward a more comprehensive service offering. 56. We believe the total service approach maximizes both customer control and convenience. Customers retain control over the uses to which carriers can make of their CPNI, for example, to market services outside the total service offering currently subscribed to by the customer. This limitation, in turn, comports with our view that customers reasonably expect that carriers will not use or disclose CPNI beyond the existing service relationship. Once a carrier has successfully marketed a new offering to the customer, however, that offering would become part of the "telecommunication service" subscribed to by the customer, and the customers' entire service record would be available to the carrier to improve the existing customer-carrier relationship. The customer's interest in receiving service in a convenient manner is thereby also served. In these ways, the total service approach serves the statutory principles of customer convenience and control, and best reflects customers' understanding of their telecommunication service. 57. By contrast, neither the discrete offering approach nor the three category approach serves the statutory principle of customer convenience or reasonably reflects customers' expectations of what constitutes their telecommunications service. Prior to the 1996 Act, Commission policy permitted carriers to use CPNI to market related service offerings. Given this environment, we conclude that customers expect and desire, for example, that their local service carrier will make them aware of all local service offerings. The discrete offering approach, on the other hand, would prevent a carrier, absent customer approval, from improving the range and quality of service offerings currently provided to the customer and tailoring service packages for a customer's existing service needs. On this basis, we reject NYNEX's position that short-haul toll should be included only within the local service category. Rather, we agree with commenters that, insofar as both LECs and IXCs currently provide short-haul toll, it should be part of both local and long-distance service. Also, permitting short-haul toll to "float" between the local and the interexchange offerings should not confer upon any carrier a competitive advantage, contrary to what NYNEX argues. In fact, the intraLATA equal access and short-haul toll markets are competitive in several states. Moreover, LECs are not disadvantaged because they can include their short-haul toll with their local service CPNI for marketing purposes. We similarly reject a three category approach, for where a customer subscribed to more than one carrier offering, the rigid categories would prevent a carrier, absent customer approval, from using the customer's entire service record to offer alternative improved versions of the existing service. Thus, although these approaches would afford customers control, it would be at the expense of customer convenience and would not reflect the customer's understanding of the total service relationship. We therefore reject these approaches as contrary to the Congressional design of section 222, as well as to one of the 1996 Act's general goals of avoiding excessive regulation. 58. We also reject the discrete offering and three category approaches because we share the concern expressed by many parties that such restrictive interpretations may be difficult to implement as service distinctions, and corresponding customer subscriptions, become blurred with market and technological advances. The three category approach would require that we undertake a periodic review, beginning in the near future, to ascertain whether changes in the competitive environment translated into changes in service categories. In contrast, if customers embrace "one-stop shopping," through market-driven integrated packages of service (e.g., bundled offering of local and long-distance services), the flexibility of the total service approach would not require us to revisit or modify categories to accommodate these changes. The categories would instead disappear naturally as customers begin purchasing integrated packages, without need for Commission intervention. Although the total service approach would still require that we maintain some service distinctions, unless and until customers subscribe to integrated products, it facilitates any convergence of technologies and services in the marketplace. Carriers have indicated, for example, that they are presently developing a hardwire cordless phone that can become a wireless product when taken a certain distance from its base. Under the total service approach, a carrier would be able to market related wireless and wireline offerings to a customer that subscribed to this product, and not be forced somehow to separate wireline CPNI from wireless. Finally, the total service approach is also sufficiently flexible to accommodate future new service technologies that are beyond the three traditional categories, as such offerings would not be artificially forced into a service category. 59. In supporting the total service approach, we are nevertheless cognizant of the dangers, described by Cox, that incumbent LECs could use CPNI anticompetitively, for example, to: (1) use calling patterns to target potential long distance customers; (2) cross- sell to customers purchasing services necessary to use competitors' offerings (e.g., attempt to sell voice mail service when a customer requests from the LEC the necessary underlying service, call forwarding-variable); (3) market to customers who call particular telephone numbers (e.g., prepare a list of customers who call the cable company to order pay-per-view movies for use in marketing the LEC's own OVS or cable service); and (4) identify potential customers for new services based on the volume of services already used (e.g., market its on-line service to all residential customers with a second line). We recognize that requiring carriers to obtain express customer approval for use of CPNI to target customers for new service offerings to which the customer does not subscribe protects against some, but not all, of these abuses. Nevertheless, our rejection of the discrete offering and three category approaches does not permit carriers to use CPNI anticompetitively within the customer's existing service. That is, while we interpret section 222(c)(1)(A) to permit carrier use of CPNI for marketing of related service offerings, using local service CPNI to track, for example, all customers that call local service competitors, would not be a permissible marketing use because such CPNI use would not constitute "its provision of" its service. Such action would violate section 222(c)(1) and, depending on the circumstances, may also constitute an unreasonable practice in violation of section 201(b). As the Commission has found in the past, such anticompetitive use of CPNI violates the basic principles of competition, and to the extent such practices rise to the level of anticompetitive conduct, we can and will exercise our authority to prevent such discriminatory behavior. In contrast, although carriers will benefit under the total service approach from being able to consolidate the customer's entire service record, we do not believe that this use of CPNI is anticompetitive or contrary to what Congress envisioned because such consolidation will not result in the targeting of new customers, but merely will assist carriers in better servicing their existing customers. 60. Customers do not expect that carriers will use CPNI to market offerings outside the total service to which they subscribe. We have concluded above that the single category approach is inconsistent with the language of section 222. We also believe that, as a policy matter, it inadequately promotes the goals underlying section 222. Several commenters, including the BOCs, AT&T, and GTE, argue that customers understand and desire for carriers to use, disclose, or permit access to CPNI freely within the same corporate family, regardless of whether the customer subscribes to the service offerings of the related entities. As evidence, these parties offer a survey, commissioned by PacTel, which they claim shows consumer support for such information sharing, as well as an earlier study by CBT. In general, the survey results purport to show that a majority of the public believes it is acceptable for businesses, particularly local telephone companies, to examine customer records to offer customers additional services. PacTel claims that the Westin study also indicates that the public is confident that local telephone companies will use personal information responsibly, and will protect the confidentiality of such information. 61. We are persuaded, however, that the Westin study may not accurately reflect customer attitudes, and fails to demonstrate that customers expect or desire carriers to use CPNI to market all the categories of services available, regardless of the boundaries of the existing service relationship. First, the Westin study does not identify the kind of telephone information at issue. As Cox points out, the survey questions ask broadly whether it is acceptable for a customer's local telephone company to look over "customer records" to determine which customers would benefit from hearing about new services, without explaining the specific types of information that would be accessed. Much CPNI, however, consists of highly personal information, particularly relating to call destination, including the numbers subscribers call and from which they receive calls, as well as when and how frequently subscribers make their calls. This data can be translated into subscriber profiles containing information about the identities and whereabouts of subscribers' friends and relatives; which businesses subscribers patronize; when subscribers are likely to be home and/or awake; product and service preferences; how frequently and cost-effectively subscribers use their telecommunications services; and subscribers' social, medical, business, client, sales, organizational, and political telephone contacts. 62. Insofar as the Westin study failed to reveal to the respondents the specific uses of CPNI, we give little weight to the purported results as reflecting customer privacy expectations. In addition, the wording and order of the questions in the survey may have predisposed respondents to thinking that the information available would be nonsensitive. In particular, question 10 refers to the examination of records by customer service representatives as "normal," and implies that the representative will be looking only at the services the customer has before offering new services. Survey respondents may have assumed that this was the information customer service representatives would be examining in question 11. The survey did not clarify that customer service representatives would also potentially examine sensitive CPNI, such as destination-related information. In addition, respondents may have treated questions 10 and 11 as asking them whether they want to learn about new services within the existing service relationship, and not as involving whether they think their CPNI is sensitive information or whether they want it to be disseminated outside that service relationship. Because certain CPNI, such as destination information, can be regarded as highly personal, we conclude that some customers may not desire or expect carriers to use such information for all categories of telecommunications service available, but rather would wish to limit the dissemination of the information outside the service or services to which they subscribed. Indeed, contrary to U S WEST's assertion that customers do not suffer from "privacy angst," other sources suggest just the opposite. Within the last several months, numerous published articles have chronicled customer concern over the loss of privacy in this "information age." 63. Moreover, we do not believe we can properly infer that a customer's decision to purchase one type of service offering constitutes approval for a carrier to use CPNI to market other service offerings to which the customer does not subscribe, and that may not even have been previously available from that carrier. In the pre-1996 Act environment, although customers could shop among long distance providers, CMRS providers, and information service providers (and among all these providers' respective discrete service offerings), most customers, as a general matter, could not choose among carriers offering "one-stop shopping" because such comprehensive service packages did not exist. This is particularly true in connection with local service because incumbent LECs were regulated monopolies and therefore customers had no choice, and could not even shop, among local service providers. Accordingly, under these circumstances, it is highly unlikely that customers would have expected a carrier to which they subscribed for one service to use their CPNI for another service to which they did not subscribe - and which previously may have been unavailable - from that carrier. 64. Second, even if the survey accurately shows that customers desire "one-stop shopping," and would permit carriers to share information in order to offer improved service, our interpretation of section 222(c)(1) does not foreclose carriers' ability to offer integrated packages nor the beneficial marketing uses to which CPNI can be made. We agree with commenters that it is desirable for carriers to provide integrated telecommunications service packages, and that the 1996 Act contemplates one-stop shopping, as past "product market" distinctions between local and long distance blur. We are not persuaded, however, that the single category approach alone promotes these benefits. We believe the total service approach also accommodates these interests. The total service approach, for example, places no restriction on the offering of integrated service packages. Moreover, the carrier can use CPNI to market other offerings within an existing category of service, and when a customer subscribes to more than one, can share CPNI for marketing all offerings within the customer's total existing service. In this way, the total service approach allows a carrier to use a customer's account information to improve the quality of the service to which the customer currently subscribes, without the fatal statutory, privacy, and competitive flaws of the single category approach. 65. On this basis, we likewise reject arguments in support of the two category approach that restrictions on using CPNI to market a carrier's wireline and wireless services only would serve to perpetuate artificially a landline/CMRS distinction and thereby discourage innovative, integrated services. BellSouth argues that such CPNI sharing is crucial to effective joint marketing, and that treating CMRS as a separate service category for purposes of section 222 thus would thwart the joint marketing relief granted to carriers through section 601(d) of the 1996 Act. As discussed in the CMRS Safeguards Order, we disagree that the joint marketing relief granted by Congress in section 601(d) renders the Commission without power to regulate the nature of the joint marketing. We believe the CPNI restrictions set forth herein are a reasonable exercise of our authority consistent with section 601. Under the total service approach, where a customer obtains CMRS and local or long distance service from the same carrier, CPNI from the customer's entire service can be used to market related offerings, and improve the customer's existing service. Carriers are fully able to communicate with their existing customers and solidify the customer-carrier relationship. This is precisely the benefit for which Congress contemplated, and customers expect, that CPNI would be used. Moreover, as CompTel points out, the principal "inefficiency" and bar to the offering of integrated service alleged under Computer II and Computer III -- the inability of sales personnel to respond to customer inquiries regarding other telecommunications service offerings -- is explicitly eliminated by section 222(d)(3). Section 222(d)(3) provides that nothing in section 222 prohibits a carrier from using, disclosing, or permitting access to CPNI "to provide any inbound telemarketing, referral, or administrative services to the customer for the duration of the call, if such call was initiated by the customer and the customer approves of the use of such information to provide such service." 66. To be sure, under the total service approach carriers may not use CPNI without prior customer approval to target customers they believe would be receptive to new categories of service. While this limitation under the total service approach might make incumbent carriers' marketing efforts less effective and potentially more expensive than the single category approach, we disagree that this is a wholly undesirable outcome or contrary to what Congress intended. The 1996 Act was meant to ensure, to the maximum extent possible, that, as markets were opened to competition, carriers would win or retain customers on the basis of their service quality and prices, not on the basis of a competitive advantage conferred solely due to their incumbent status. We agree with several parties that the single category approach, in contrast with the total service approach, would give incumbent carriers an unwarranted competitive advantage in marketing new categories of services. New entrants, but not incumbents, would be forced to incur the costs to obtain approval for access to and use of CPNI, and may be placed at a competitive disadvantage because not all customers will approve access. This environment, in turn, might discourage new entrants, thus thwarting the 1996 Act's goals of encouraging competition and investment in new technology as well as accelerating the rapid deployment of advanced telecommunications. 67. Finally, we reject the claim put forth by several proponents of the single category approach that narrower interpretations of section 222(c)(1)(A) would result in significant administrative burdens for carriers. On the contrary, we conclude that the total service approach is the least onerous administratively. Under the total service approach, unlike under the category and discrete offering approaches, a carrier will be able to use the customer's entire customer record in the course of providing the customer service. Moreover, given our decisions to permit oral, written, or electronic approval under section 222(c)(1), and to impose use rather than access restrictions, the total service approach addresses any concern that CPNI restrictions will disrupt the customer-carrier dialogue, and the carriers' ability to provide full customer service. C. Scope of Carrier's Right Pursuant to Section 222(c)(1)(B) 1. Background 68. Section 222(c)(1) of the Act provides that, "except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains [CPNI] by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable [CPNI] in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories." In the Notice, the Commission stated that CPNI obtained from the provision of any telecommunications service may not be used to market CPE or information services without prior customer authorization, and sought comment on which "services" should be deemed "necessary to, or used in" the provision of such telecommunications service. The Commission also sought comment on whether carriers, absent customer approval, may use CPNI derived from the provision of one telecommunications service to perform installation, maintenance, and repair for any telecommunications service, either under section 222(c)(1)(B) because they are "services necessary to, or used in, the provision of such telecommunications service," or under section 222(d)(1) because the CPNI is used to "initiate, render, bill and collect for telecommunications services." 69. Commenters focus on whether CPE, information services, or installation, maintenance, and repair services, should be deemed "services necessary to, or used in, the provision of such telecommunications service." 2. Discussion 70. As a threshold matter, given the wide range of views on the interpretation of section 222(c)(1)(B), we reject U S WEST's assertion that we simply craft rules repeating, verbatim, the statutory language. We clarify, however, that we do not attempt here to catalogue every service included within the scope of section 222(c)(1)(B), but rather address the specific offerings that have been proposed in the record as falling within that section, in particular, CPE, certain information services, and installation, maintenance, and repair services. In so doing, we construe section 222(c)(1)(B), like section 222(c)(1)(A), to reflect the understanding that, through subscription to service, a customer impliedly approves its carrier's use of CPNI for purposes within the scope of the service relationship. As we conclude in Part IV.B.2 supra, we believe that customers' implied approval in section 222(c)(1)(A) is limited to the total service subscribed to by the customer. We likewise believe that section 222(c)(1)(B) most appropriately is interpreted as recognizing that customers impliedly approve their carrier's use of CPNI in connection with certain non- telecommunications services. This implied approval, however, is expressly limited to those services "necessary to, or used in, the provision of such telecommunications service." Through this limiting language, we believe carriers' CPNI use is confined only to certain non-telecommunications services (i.e. those "services" either "necessary to" or "used in"), as well as to those services that comprise the customer's total service offering (i.e. "such [section 222(c)(1)(A)] telecommunications service"). 71. CPE and Certain Information Services. Based on the statutory language we conclude that, contrary to the position advanced by several parties, a carrier may not use, disclose, or permit access to CPNI, without customer approval, for the provision of CPE and most information services because, as other commenters assert, they are not "services necessary to, or used in, the provision of such telecommunications service" under section 222(c)(1)(B). First, with respect to CPE, the exception in section 222(c)(1)(B) is expressly limited to non-telecommunications "services." CPE is by definition customer premises equipment, and as such historically has been categorized and referred to as equipment. We give meaning to the statutory language, and find no basis to extend the exception in section 222(c)(1)(B) to include equipment, even if it may be "used in" the provision of a telecommunications service. Accordingly, we conclude that the statutory limitation to "services" excludes CPE from section 222(c)(1)(B), and carriers cannot use CPNI derived from their provision of a telecommunications service for purposes in connection with CPE. 72. Second, we conclude that, while the information services set forth in the record (e.g., call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, and Internet access services) constitute non- telecommunications "services," they are not "necessary to, or used in" the carrier's provision of telecommunications service. Rather, we agree with the observation of several commenters that, although telecommunications service is "necessary to, or used in, the provision of" information services, information services generally are not "necessary to, or used in, the provision of" any telecommunications service. As ITAA notes, telecommunications service is defined under the Act in terms of "transmission," and involves the establishment of a transparent communications path. The transmission of information over that path is provided without the carrier's "use" of, or "need" for, information services. In contrast, information services involve the "offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications." Indeed, the statute specifically excludes from the definition of information service "any use of any such [information service] capability for the management, control, or operation of a telecommunications system or the management of a telecommunications service." Because information services generally, and in particular those few identified in the record (i.e., call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, and Internet access services), are provided to consumers independently of their telecommunication service, they neither are used by the carrier nor necessary to the provision of such carrier's service. 73. Contrary to NYNEX's argument, we conclude that Congress' designation of the publishing of directories as "necessary to, or used in" the provision of a telecommunications service does not require a broad reading of section 222(c)(1)(B) that encompasses all information services. We are persuaded that section 222(c)(1)(B) covers services like those formerly characterized as "adjunct-to-basic," in contrast to the information services such as call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, and Internet access services, that the parties identified in the record. As noted supra, before the 1996 Act, the Commission recognized that certain computer processing services, although included within the literal definition of enhanced services, were nevertheless "clearly 'basic' in purpose and use" because they "facilitate use of traditional telephone service." Examples of adjunct-to-basic services include speed dialing, call forwarding, computer-provided directory assistance, call monitoring, caller ID, call tracing, call blocking, call return, repeat dialing, call tracking, and certain centrex features. With respect to these services, the Commission stated that such computer processing applications were "used in conjunction with 'voice' service" and "help telephone companies provide or manage basic telephone services," as opposed to the information conveyed through enhanced services. Although the Commission subsequently recognized these adjunct-to-basic services as being telecommunications services in the Non- Accounting Safeguards Order, their appropriate service classification remained unclear at the time that Congress passed the 1996 Act. Accordingly, we believe the language in section 222(c)(1)(B), "services necessary to, or used in, the provision of such telecommunications service," reaches these adjunct-to-basic services, which are "used in" the carrier's provision of its telecommunications service. On this basis, we agree with those parties arguing that services such as call waiting, caller I.D., call forwarding, SONET, and ISDN would fall within the language of section 222(c)(1)(B); therefore, carriers need not obtain express approval from the customer to use CPNI to market those services. We disagree, however, that other services, now classified as information services, such as call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, and Internet access services, would come within its meaning. 74. Our interpretation is supported by Congress' example of the publishing of directories. The publishing of directories, like those services formerly described as adjunct- to-basic, can appropriately be viewed as necessary to and used in the provision of complete and adequate telecommunication service. As the Commission reasoned, in connection with finding directory assistance to be an adjunct-to-basic service: "[w]hen a customer uses directory assistance, that customer accesses information stored in a telephone company data base. . . . [Such] service provides only that information about another subscriber's telephone number which is necessary to allow use of the network to place a call to that other subscriber." As with directory assistance services, if listings are not published, many calls cannot, and will not, be made. In this way, the publishing of directories is likewise necessary to facilitate call completion. This is the view taken by numerous state courts that have explicitly found that the publishing of telephone listings is a necessary component of the provision of basic telephone service. In contrast, most information services are not "used in, or necessary to" the provision of the carrier's telecommunications service. 75. As a matter of statutory construction, we find that the language of section 222(c)(1)(B) is clear and unambiguous, and does not permit the interpretation that CPE and most information services are "services necessary to, or used in, the provision of such telecommunications service." But even if that language is ambiguous, we are unpersuaded by parties' contrary arguments based on the legislative history and policy considerations. Specifically, we disagree with U S WEST's claim that the absence in section 222 of an express CPE and information services marketing prohibition, which was contained in the House bill, indicates that Congress intended to allow CPNI use for marketing CPE and information services without customer approval. We do not believe that this legislative history indicates Congress' intent one way or the other. Because any change from prior versions is not explained in the Conference Report, we decline to speculate about the possible reasons underlying the revisions to this provision. Moreover, as ITAA and CompuServe argue, including information services within the scope of section 222(c)(1)(B) may give an unfair competitive advantage to incumbent carriers in entering new service markets. Accordingly, restricting CPNI use in the CPE market is consistent with Congress' express intent that, as part of the balance, we protect competitive concerns regarding CPNI use. 76. We also reject suggestions that restrictions on CPNI sharing in the context of CPE and information services would be contrary to customer expectations, as well as detrimental to the goals of customer convenience and one-stop shopping. As ITAA notes, CPNI is not required for one-stop shopping. Our interpretation of section 222(c)(1)(B) does not prohibit carriers from bundling services that they are otherwise able to bundle under the 1996 Act, or from marketing integrated service offerings. The restrictions merely would require the carrier to obtain customer approval before using CPNI for such purposes. 77. Finally, we reject parties' contentions that we should permit carriers to use CPNI in connection with CPE and information services because the Commission in the past permitted more information sharing. PacTel argues that CMRS-related CPE and information services come within the meaning of section 222(c)(1)(B) because the Commission previously had not restricted CMRS carriers' use of CMRS CPNI to market these offerings. While it is true that the Commission previously had allowed CMRS carriers to use CMRS CPNI to market CMRS-related CPE and information services, Congress was well aware of the Commission's treatment of CMRS CPNI, and of our framework of nonstructural safeguards in connection with CPE and information services. In its place, Congress enacted section 222 which extends to all telecommunications carriers and thus all telecommunications services, and which contains no exception for CMRS-related CPE and information services. Moreover, we note that the efficiencies gained through permitting CPNI use for marketing enhanced services, described by the Commission in a pre- 1996 Act proceeding, were in the context of an inbound call. Section 222(d)(3) expressly permits use of CPNI upon the approval of the customer in this inbound context, and therefore, would not preclude the one-stop shopping envisioned by the Commission in that order. Thus, while the Commission previously chose to balance considerations of privacy and competition that permitted more sharing of information in these contexts, Congress struck a different balance in section 222, which now controls. We also note, however, that the record in this proceeding does not indicate whether, as a matter of policy, carriers should be prohibited from marketing CPE under the total service approach. Section 64.702(e) of the Commission's rules specifies that CPE is separate and distinct from the provision of common carrier communications services. It nevertheless may be appropriate in the future for us to examine whether the public interest would be better served if carriers were able to use CPNI, within the framework of the total service approach, in order to market CPE. 78. Installation, Maintenance, and Repair Service. We conclude that, pursuant to section 222(c)(1)(B), a carrier may use, disclose, or permit access to CPNI, without customer approval, in its provision of inside wiring installation, maintenance, and repair services. We note at the outset that commenters responded quite generally to the Notice's question on this issue, with several concluding, with little or no discussion, that "carriers may use CPNI derived from the provision of one telecommunications service to perform installation, maintenance, and repair for any telecommunications service" under section 222(c)(1)(B). Apart from the context of inside wiring, we are uncertain as to what other installation, maintenance, and repair services parties contend that CPNI could be used. Because commenters failed to specify their views further, we reject as unsupported and unclear, the general claim that CPNI derived from the provision of "one telecommunications service" may be used to provide installation, maintenance, and repair services for any telecommunications service. Nevertheless, the record supports permitting the provision of inside wiring installation, maintenance, and repair services under section 222(c)(1)(B), and we accordingly limit our discussion of installation, maintenance, and repair services to inside wiring-related services. 79. Specifically, we are persuaded that installation, maintenance, and repair of inside wiring is a service both "necessary to" and "used in" a carrier's provision of wireline telecommunications service. As such, carriers may use, without customer approval, CPNI derived from wireline service for the provision of inside wiring installation, maintenance, and repair services. As U S WEST points out, inside wiring has little purpose beyond physically connecting the telephone transmission path. We also agree with PacTel that the carrier's "provision" of a telecommunications service includes keeping the telecommunications service in working order through installation, maintenance, and repair services. The Commission's decision in the Universal Service Order regarding intra-school and intra-library connections supports our interpretation. In that order, the Commission found that the installation and maintenance of internal connections constitute "additional services" and thus are eligible for universal service support under section 254 of the 1996 Act. 80. We further believe that our conclusion is fully consistent with customer expectation, and thereby furthers the statutory principles of customer control and convenience embodied in section 222. Although inside wiring installation, maintenance, and repair services may be purchased separately from telephone services, they constitute non- telecommunications services that carriers effectively need and use in order to provide wireline telecommunications services. We believe such services represent core carrier offerings that are both necessary to and used in the provision of existing service, which is precisely the purpose for which both Congress intended, and we believe customers expect, that CPNI be used. Because we conclude that such CPNI use by carriers is within customers' expectations, we do not believe that our interpretation of section 222(c)(1)(B) jeopardizes privacy interests. Moreover, insofar as the Commission did not restrict LEC use of CPNI to market inside wiring maintenance contracts prior to the 1996 Act, our interpretation of section 222(c)(1)(B) will not increase any existing competitive advantage. D. Scope of Carrier's Right Pursuant to Section 222(d)(1) 1. Background 81. The Commission observed in the Notice that section 222(d)(1) enables carriers to use, disclose, or permit access to CPNI "to initiate, render, bill, and collect for telecommunications services." After generally acknowledging that section 222 restricts the unapproved use of CPNI for any purpose other than those specified in section 222(c)(1) and the exceptions listed in section 222(d), the Commission sought specific comment on whether carriers, absent customer approval, may use CPNI derived from the provision of one telecommunications service to perform installation, maintenance, and repair for any telecommunications service to which a customer subscribes, either under section 222(d)(1) because they are used "to initiate, render, bill, and collect for telecommunications services" or section 222(c)(1)(B). 2. Discussion 82. In the context of installation, maintenance, and repair of inside wiring, we conclude that section 222(d)(1), as well as section 222(c)(1)(B), permit carrier use of CPNI without customer approval for the provision of such services. We agree with virtually all commenters that section 222(d)(1)'s permission for carriers to use CPNI "to initiate, render, bill, and collect for telecommunications services" includes the actual installation, maintenance, and repair of inside wiring. 83. Our conclusion is consistent with Equifax's concerns that we not interpret sections 222(d)(1) as well as 222(d)(2) in a manner that impedes carriers' access to information for the purpose of billing, fraud prevention, and related services, as well as the carriers' ability to provide the required information. We agree that section 222(d)(2)'s exception for the disclosure of CPNI "to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services" includes the use and disclosure of CPNI by carriers to prevent fraud. Sections 222(d)(1) and (2) establish that the carrier and public's interest in accurate billing and collecting for telecommunications services and in preventing fraud and abuse outweigh any privacy interests of those who might attempt to avoid payment of their bills or perpetrate a fraud. 84. Contrary to the claims of AT&T and MCI, we further conclude, however, that the term "initiate" in section 222(d)(1) does not require that CPNI be disclosed by carriers when competing carriers have "won" the customer. We agree with GTE that section 222(d)(1) applies only to carriers already possessing the CPNI, within the context of the existing service relationship, and not to carriers seeking access to CPNI. We note, however, that section 222(c)(1) does not prohibit carriers from disclosing CPNI to competing carriers, for example, upon customer "approval." Accordingly, although an incumbent carrier is not required to disclose CPNI pursuant to section 222(d)(1) or section 222(c)(2) absent an affirmative written request, local exchange carriers may need to disclose a customer's service record upon the oral approval of the customer to a competing carrier prior to its commencement of service as part of the LEC's obligations under sections 251(c)(3) and (c)(4). In this way, section 222(c)(1) permits any sharing of customer records necessary for the provisioning of service by a competitive carrier, and addresses the competitive concerns raised by AT&T and MCI. 85. Furthermore, a carrier's failure to disclose CPNI to a competing carrier that seeks to initiate service to a customer that wishes to subscribe to the competing carrier's service, may well, depending upon the circumstances, constitute an unreasonable practice in violation of section 201(b). We also do not believe, contrary to the position suggested by AT&T, that section 222(d)(1) permits the former (or soon-to-be former) carrier to use the CPNI of its former customer (i.e., a customer that has placed an order for service from a competing provider) for "customer retention" purposes. Consequently, a local exchange carrier is precluded from using or accessing CPNI derived from the provision of local exchange service, for example, to regain the business of a customer that has chosen another provider. The use of CPNI in this context is not statutorily permitted under section 222(d)(1), insofar as such use would be undertaken to market a service to which a customer previously subscribed, rather than to "initiate" a service within the meaning of that provision. Nor do we believe that the use of CPNI for customer retention purposes is permissible under section 222(c)(1) because such use is not carried out "in [the] provision" of service, but rather, for the purpose of retaining a customer that had already undertaken steps to change its service provider. Customer approval for the use of CPNI in this situation thus may not be appropriately inferred because such use is outside of the customer's existing service relationship within the meaning of section 222(c)(1)(A). V. "APPROVAL" UNDER SECTION 222(c)(1) A. Overview 86. Under sections 222(c)(1), (c)(2), and (d)(3), a carrier may (or must) use, disclose, or permit access to CPNI upon the customer's approval. In contrast to sections 222(c)(2) and (d)(3) of the Act, in which Congress made clear the form of customer approval, section 222(c)(1) does not specify what kind of approval is required when it permits a carrier upon "approval of the customer" to use, disclose, or permit access to CPNI for purposes beyond the limited exceptions set forth in sections 222(c)(1)(A) and (B). Because the form of approval has bearing on carriers' use of CPNI as a marketing tool, we received considerable comment concerning the proper interpretation of "approval" under section 222(c)(1). In general, parties offer three separate views, ranging from a most restrictive interpretation that would require approval to be in writing, to a permissive one, where carriers merely would need to provide customers with a notice of their intent to use CPNI, and a mechanism for customers to "opt-out" from this proposed use (notice and opt- out). 87. We conclude that the term "approval" in section 222(c)(1) is ambiguous because it could permit a variety of interpretations. We resolve that ambiguity by implementing the statute in a manner that will best further consumer privacy interests and competition, as well as the principle of customer control. We conclude that carriers must obtain express written, oral, or electronic approval for CPNI uses beyond those set forth in sections 222(c)(1)(A) and (B). Further, in order to ensure that customers can provide informed approval under section 222(c)(1), we require that carriers give customers explicit notice of their CPNI rights prior to any solicitation for approval. By implementing the approval requirements of section 222(c)(1) in this manner, we will minimize any unwanted or unknowing disclosure of CPNI by customers, consistent with Congress' concern for consumer privacy interests. In addition, as explained below, we determine that this form of approval will minimize the competitive advantages that might otherwise accrue unnecessarily to incumbent carriers. B. Express Versus Notice and Opt-Out 1. Background 88. The Commission sought comment in the Notice on which methods carriers may use to obtain customer approval consistent with section 222. The Commission recognized that, in the Computer III proceedings, prior to the 1996 Act, it established certain authorization requirements applicable solely to the enhanced services operations of AT&T, the BOCs, and GTE, and to the CPE operations of AT&T and the BOCs. Under these Computer III rules, for example, the BOCs, AT&T, and GTE are required to provide multi- line business customers with written notification of their right to restrict CPNI use. Absent customer direction to the contrary, we permit these carriers to use their respective CPNI for marketing purposes as proposed in their notice. This notice and opt-out approach does not extend, however, to business customers with twenty or more access lines. For these large business customers, we require the BOCs and GTE to obtain affirmative written authorization before using CPNI to market enhanced services. The Commission invited comment in the Notice on whether these Computer III requirements should remain in view of section 222. 89. The Commission also sought comment in the Notice on a number of alternative methods by which carriers may obtain customer approval under section 222(c)(1). The Commission noted, for example, that carriers may choose a written method, in the form of a letter or billing insert sent to the customer that contains a summary of the customer's CPNI rights and is accompanied by a postcard that the customer could sign and return to the carrier to authorize CPNI use. The Commission sought comment on the privacy and competitive implications, as well as the costs and benefits, of requiring carriers to obtain prior written approval before they could use, disclose, or permit access to customer CPNI. 90. Alternatively, the Commission sought comment on whether section 222(c)(1) allows carriers to engage in outbound telemarketing to obtain oral customer approval for CPNI use. The Commission observed that sections 222(c)(2) and (d)(3) give rise to conflicting inferences as to whether approval can be oral. The Commission noted, for example, that section 222(c)(2) requires telecommunications carriers to disclose CPNI "upon affirmative written request by the customer, to any person designated by the customer," and that the absence of a similar written requirement in section 222(c)(1) suggests that oral approval is permitted under that provision. On the other hand, section 222(d)(3) provides that telecommunications carriers may use, disclose, or permit access to CPNI "to provide any inbound telemarketing, referral, or administrative services to the customer for the duration of the call, if such call was initiated by the customer and the customer approves of the use of such information to provide such service." The Commission stated that section 222(d)(3) could be interpreted to suggest that oral consent was not permissible for a broader purpose or a longer duration, or, in the alternative, to allow a carrier to use CPNI to provide a customer with information for the duration of an inbound call, even if the customer has otherwise restricted the carrier's use of CPNI. The Commission sought comment on how section 222(c)(1) should be interpreted in light of these other provisions. 2. Discussion 91. As noted above, while section 222(c)(1) requires customer approval for carrier use of CPNI outside the scope of sections 222(c)(1)(A) and (B), it does not expressly state the form of this approval. In order to implement this provision, we therefore must determine what method of approval will best further both privacy and competitive interests, while preserving the customer's ability to control dissemination of sensitive information. We conclude, contrary to the position of a number of parties, that an express approval mechanism is the best means to implement this provision because it will minimize any unwanted or unknowing disclosure of CPNI. In addition, such a mechanism will limit the potential for untoward competitive advantages by incumbent carriers. Our conclusion is guided by the natural, common sense understanding of the term "approval," which we believe generally connotes an informed and deliberate response. An express approval best ensures such a knowing response. In contrast, under an opt-out approach, as even its proponents admit, because customers may not read their CPNI notices, there is no assurance that any implied consent would be truly informed. We agree with the observations of MCI and Sprint that, insofar as customers may not actually consider CPNI notices under a notice and opt-out approach, they may be unaware of the privacy protections afforded by section 222, and may not understand that they must take affirmative steps to restrict access to sensitive information. We therefore find it difficult to construe a customer's failure to respond to a notice as constituting an informed approval of its contents. Accordingly, we adopt a mechanism of express approval because we find that it is the best means at this time to achieve the goal of ensuring informed customer approval. 92. We are not persuaded by the statutory argument raised by the BOCs, AT&T, and GTE that Congress' requirement of an "affirmative written request" in section 222(c)(2) means that Congress intended to permit notice and opt-out when it required only "approval" in section 222(c)(1). While we agree that we should give meaning to Congress' use of two different terms in sections 222(c)(1) and (c)(2), we believe that Congress' use of "approval" in section 222(c)(1) can more reasonably be construed to permit oral, in addition to written approval, rather than to require notice and opt-out. Our interpretation is consistent with the suggestion by several parties that Congress intended to recognize the existing customer- carrier relationship through permitting "approval" in section 222(c)(1), which governs the existing carrier's use, disclosure, and permission of access to CPNI, as opposed to requiring an "affirmative written request" as in section 222(c)(2), which governs disclosure to "any party." We are not persuaded, however, that Congress intended for its encouragement of the customer-carrier relationship to translate to support for notice and opt-out within the meaning of section 222(c)(1). Rather, insofar as oral approval promotes customer and carrier convenience, as discussed infra, we believe that Congress sought to facilitate the existing customer-carrier relationship by permitting "approval" that is oral, in addition to written, in both sections 222(c)(1) and (d)(3), but not notice and opt-out as well. In addition, we are not persuaded that use of the term "affirmative" in section 222(c)(2) suggests that the absence of such term in section 222(c)(1) evinces Congressional support for an opt-out method because a common sense interpretation of "approval" suggests a knowing acceptance, which opt-out cannot ensure. We also reject the argument that Congress contemplated that approval in section 222(c)(1) would be notice and opt-out based on an existing business relationship. Because section 222(d)(3) explicitly excepts from the general CPNI restrictions a carrier's use of CPNI to engage in "inbound telemarketing . . . [and other] services" for the duration of the call if the customer that placed the call grants express (oral) approval, we conclude that Congress could not have contemplated that the only form of approval in the context of an existing business relationship would be notice and opt-out. The exception in section 222(d)(3), which permits a form of express approval, is applicable only in the context of an existing business relationship. 93. We likewise reject U S WEST's claim that the earliest versions of what became H.R. 1555 requires that we interpret "approval" to permit notice and opt-out. U S WEST argues that a change in language from "affirmative request," used in H.R. 3432 (introduced in 1993 during the first session of the 103rd Congress), to "approval" in the subsequent bill H.R. 3626 (introduced in 1994 during the second session of the 103rd Congress) signifies Congress' intent not to require affirmative approval in what later became H.R. 1555 (introduced in 1995, during the 104th Congress), directly preceding section 222(c)(1) of the Act. Based on established principles of statutory interpretation, we generally accord little weight to textual changes made to such early predecessor bills in the preceding Congressional session, unless the reason for such changes are explained in relevant legislative history. Even if we consider the earlier language, we are not persuaded that a change from "affirmative request" to "approval" was intended to be substantive. It is equally plausible (and we believe more likely) that the sponsors of these bills viewed the term approval, as we do, to be synonymous with affirmative request, and made the change for other stylistic reasons. 94. In contrast, we believe that, although the legislative history offers no specific guidance on the meaning of "approval" in section 222(c)(1), the language in the Conference Report, explaining that section 222 strives to "balance both competitive and consumer privacy interests with regard to CPNI," strongly supports our conclusion that express approval is the better reading of the statutory language. In contrast with notice and opt-out, an express approval requirement best protects both privacy and competitive concerns. We believe that imposing an express approval requirement provides superior protection for privacy interests because, unlike under an opt-out approach, when customers must affirmatively act before their CPNI is used or disclosed, the confidentiality of CPNI is preserved until the customer is actually informed of its statutory protections. This ensures that customers' privacy rights are protected against unknowing and unintended CPNI disclosure. We disagree with PacTel's contention that the use of CPNI does not pose the same privacy risks as the use of medical and financial records, and therefore that the express consent typically required for the use of such records is not warranted for CPNI. Although PacTel observes that the content of phone calls is sensitive, it fails to recognize that call destinations and other details about a call, which constitute CPNI, may be equally or more sensitive. Indeed, PacTel's own survey, the Westin study, reported finding that a majority (53 percent) of the public believes it is "very important" that telephone companies adopt strong privacy policies, which is indicative of the public's concern that this information may be abused, and should be considered sensitive. Thus, even assuming that an opt-out approach can be appropriate for less sensitive customer information, such an approach would not be appropriate for the disclosure of personal CPNI. We also note that section 222 establishes various categories of customer information and different privacy protections for these categories. In particular, section 222 distinguishes among "CPNI" (e.g., sections 222(c)(1), 222(c)(2)), "aggregate information" (e.g., section 222(c)(3)), and "subscriber list information" (e.g., section 222(e)). This suggests that Congress did not intend to require that customer information be delineated into further categories. We thus reject Cox's contention that the sensitivity of the CPNI should govern the form of express approval required. The delineation of information categories in section 222 also undermines NTIA's and other commenters' suggestion that CPNI is not understood as personal or sensitive information, and that a notice and opt-out approach is therefore appropriate. Section 222 accords the most protection to CPNI, by requiring customer approval before it may be disseminated beyond the existing customer-carrier relationship. 95. In connection with competitive concerns, we agree, as several parties suggest, that notice and opt-out is likely to result in a greater percentage of implied "approvals," and thus may place certain carriers at a competitive disadvantage relative to incumbent carriers that possess most of the CPNI. Even if market forces provide carriers with incentives not to abuse their customer's privacy rights, as some parties suggest, these forces would not protect competitors' concerns that CPNI could be used successfully to leverage former monopoly power into other markets. Moreover, because section 222 applies to all telecommunications carriers, and thus all services offered by such carriers (not merely CPE and enhanced services), we believe that there is greater incentive for carriers to use CPNI under this new statutory scheme, and thus greater potential for abuse. In particular, inasmuch as the 1996 Act sought to open new telecommunications markets to all carriers, such as the long distance and local markets, we believe that carriers may have greater incentive to use CPNI to gain a foothold in these new markets than they did under Computer III. This is particularly true for the long distance and local markets as entry into these markets would be more lucrative than the CPE and enhanced services markets that were the subject of Computer III. Furthermore, we believe that CPNI may be a more useful marketing tool in the context of entry into these service areas, in contrast with the limited context of CPE and enhanced services. Accordingly, we believe that an express approval requirement most appropriately balances the competitive and privacy concerns at stake when carriers seek to use, disclose, or permit access to CPNI for purposes beyond sections 222(c)(1)(A) and (B). 96. We recognize, as several parties point out, that the Commission in the past allowed a notice and opt-out mechanism for the use of CPNI to market enhanced services and CPE under the Computer III CPNI framework. It is well-established, however, that an administrative agency may depart from precedent so long as it provides a reasoned justification. Consistent with this principle, for the reasons described herein, we find that the enactment of section 222, and the framework and principles it embodies, justifies our adoption of an express approval requirement. Unlike the Commission's pre-existing policies under Computer III, which largely were intended to address competitive concerns, section 222 of the Act explicitly directs a greater focus on protecting customer privacy and control. This new focus embodied in section 222 evinces Congress' intent to strike a balance between competitive and customer privacy interests different from that which existed prior to the 1996 Act, and thus supports a more rigorous approval standard for carrier use of CPNI than in the prior Commission Computer III framework. 97. Other policies the Commission adopted in the past that permitted non-express approval are likewise distinguishable. For example, GTE cites prior decisions in the Billing Name and Address (BNA) and Caller ID proceedings. Contrary to GTE's contentions, we believe that the concerns associated with the disclosure of CPNI in section 222 are qualitatively different from those at stake in the BNA and Caller ID proceedings. Unlike BNA, which only includes information necessary to the billing process, CPNI includes sensitive and personal information about whom a subscriber calls, the time of day the call is made, and how often the subscriber calls a particular number, among other things. Moreover, the Commission noted in the BNA Order that customers expect BNA to be used for billing purposes only, and it limited carriers' use based on that expectation. This reasoning is fully consistent with our interpretation in connection with CPNI announced herein. CPNI and caller ID are similarly distinguishable. In the case of caller ID services, the only information that can be transmitted through the network includes the caller's name and the calling party number. We find that the transmission of this information is far less sensitive than the disclosure of CPNI. Furthermore, consistent with our approach herein, the Commission in the Caller ID proceedings restricted the use by businesses of information regarding the identity of calling parties to marketing purposes within the existing customer relationship. 98. Finally, several parties, pointing to our implementation of the TCPA, argue that we recognized in that order that solicitations to persons with whom the carrier has a prior business relationship do not adversely affect customer privacy interests, and may even be deemed to be invited based on that pre-existing relationship. While we crafted an exception for established business relationships in implementing the TCPA, our action in that proceeding is not inconsistent with the express approval requirement we adopt in this order. In contrast to section 222, section 227 specifically excepts from the definition of "telephone solicitation" a call or message "to any person with whom the caller has an established business relationship." Congress did not so except from the approval requirement of section 222(c)(1) calls made to customers with whom a carrier has a pre-existing business relationship. We likewise reject the arguments that Congress' express provision for a notice and opt-out mechanism in section 551 of the Act somehow compels that result here even though the language of section 222 contains no similar express reference to such a mechanism. To the contrary, section 551 confirms that Congress knew how to draft a notice and opt-out provision when it determined that such an approach was appropriate. For all these reasons we reject commenters' arguments that notice and opt-out is in some manner required by the language of section 222, or other precedent. 99. Our express approval requirement also is justified by the principles of customer control and convenience that are embodied in section 222. These principles contemplate that the customer, not the carrier, will decide whether and to what extent CPNI is used. Consistent with these principles, we find that express approval, in contrast to a notice and opt-out approach, best ensures that customers maintain control over carrier use of sensitive CPNI, and that those that wish to limit the use and dissemination of their information will know how, and be able to do so. A market trial conducted by U S WEST supports the view that, when asked, customers more often than not want to limit their carrier's use of their CPNI for purposes beyond the existing service relationship. In its trial, U S WEST attempted to obtain affirmative approval through various means, including inbound and outbound telephone solicitations, as well as through direct mail. In seeking approval from its local service customers, U S WEST generally explained that: We're calling all of our customers to ask for their permission to continue to share information about their telephone account services within the expanding U S WEST family of product areas. This will allow us to keep on working cooperatively with other U S WEST product areas -- like wireless, long distance and the Internet -- to customize product packages to match your individual needs. The study generally found that, of those customers even willing to listen to U S WEST's request for approval (e.g., in the outbound telephone solicitation, those that did not hang up or were otherwise not reached), the majority of customers contacted did not approve the carrier's use of their CPNI as proposed by U S WEST. This failure to obtain approval from most customers resulted regardless of whether the solicitation for approval was undertaken by telephone or by mail, or accompanied by financial incentives. For example, the outbound telephone solicitation trial produced a weak response, with more residential customers denying rather than granting approval for CPNI use. Similar results were obtained in response to the direct mail campaign, even when financial inducements were provided. 100. U S WEST argues that these findings reflect consumers' aversion to marketing generally, rather than any particular privacy concern regarding CPNI, and further show that affirmative customer consent, whether written or oral, is too difficult and expensive to secure to be practical. We believe, however, that an equally plausible interpretation of these results is that they suggest that many customers value the privacy of their personal information, and do not want it used or shared for purposes beyond the existing service relationship. Moreover, even if U S WEST is correct, and customers do not grant approval simply because they do not want to be marketed to, this finding would not support permitting notice and opt-out. Indeed, it would suggest, as MCI observes, that contrary to U S WEST's claim, customers do not want to hear about "expanding service offerings," and in particular do not want their CPNI used toward that end. 101. The findings of the Westin study do not persuade us differently. In general, the survey results purport to show that a majority of the public believes it is acceptable for businesses, particularly local telephone companies, to use customer records to offer customers additional services when a notice and opt-out mechanism is employed. Contrary to PacTel's assertions, however, we believe that these survey results fail to demonstrate that customers expect or desire carriers to use CPNI to market to them service offerings beyond the existing service relationship. As discussed supra, the lack of question specificity, and even the ordering of the questions, make it problematic to rely on these findings. For example, the Westin study does not identify the telephone information at issue, does not illustrate the specific types of information that would be accessed, and does not explain that use of the customer's information can reveal many of the customer's habits and actions. The results of Westin's survey also would appear to conflict with the results of U S WEST's affirmative approval trial, discussed above, which suggest that customers do not wish to be marketed new services. Given the less theoretical nature of a market trial, U S WEST's trial arguably was more likely to yield "true" results than PacTel's opinion survey. Moreover, contrary to U S WEST's trial, the Westin survey did not make clear for what "services" PacTel sought to use the CPNI. Accordingly, customers could very well have interpreted the questions as consistent with the kind of information sharing permitted under the total service approach. That is, customers' apparent support may have been for carrier use of CPNI for the marketing of improved alternative versions of their existing service, not for the marketing of all offerings available from the carrier. Because of this ambiguity, the Westin study does not contradict our view that customers want to be given the opportunity to control their carrier's use of their sensitive personal information for the marketing of additional offerings outside of the customer's existing service relationship, which control is best secured through an affirmative approval requirement. 102. We reject PacTel's and U S WEST's contention that customers do not expect carriers to seek affirmative approval for the use of information to market services to which they do not subscribe, and that to do so would confuse them. To the contrary, based on the results of U S WEST's affirmative approval market trial, as well as those of a similar trial reported by Ameritech, we believe that, when customers wish to do so, they have no problem understanding a carrier's solicitation for approval and granting consent for the use of CPNI outside the scope of their total service offering. 103. By not mandating a particular form of express approval (i.e., oral, electronic, or written), as discussed infra, we also believe Congress has furthered the principle of customer convenience. We are not persuaded that we must permit notice and opt-out based on arguments that an express approval requirement is unduly burdensome to customers, as some parties suggest. The BOCs, AT&T, and GTE argue, for example, that only those customers wishing to restrict carrier access to CPNI would have to respond to CPNI notices, and therefore an opt-out approach would reduce the burden on the majority of customers. USTA and SBC also note that permitting notice and opt-out would reduce the administrative burden on carriers. Ameritech further argues that a notice and opt-out mechanism would insulate customers who fail to respond to CPNI notices from repeated follow-up efforts, while still allowing them to restrict carrier access to or use of CPNI. Contrary to these arguments, we believe that an express approval requirement would not be significantly more burdensome to customers than notice and opt-out. Under either an express or notice and opt- out approach, the customer will be contacted because a notice must be provided. As CPSR points out, the fact that section 222(c)(2) requires that customers provide an "affirmative written request" for the disclosure of CPNI suggests Congress believed that even a written approval requirement was not unduly burdensome to customers. 104. Although we agree that notice and opt-out would produce more customer approvals, we reject the argument that imposing an express approval requirement will "effectively eliminate integrated marketing" and thwart the development of one-stop shopping. While section 222 precludes carriers from jointly marketing certain services through the use of CPNI, nothing in section 222 prevents carriers from jointly marketing services without relying on CPNI, as CPI and Cox point out. Moreover, while the use of CPNI may facilitate the marketing of telecommunications services to which a customer does not subscribe, such use is not necessary for carriers to engage in joint marketing. We thus reject PacTel's contention that an express approval requirement would vitiate section 601(d) of the 1996 Act, which allows carriers to market CMRS services jointly with other telecommunications services, and section 272(g) of the Act, which permits BOC joint marketing of telephone exchange service and in-region interLATA service, under certain conditions. To the contrary, carriers are free to market jointly telecommunications services without using CPNI to the extent such marketing is otherwise permissible under other provisions. In addition, as TRA points out, a customer desiring an integrated telecommunications service offering tailored to its needs simply may give approval to allow its carrier to access CPNI for purposes outside of sections 222(c)(1)(A) and (B). This is true as to sophisticated business as well as residential customers. Indeed, the rules we establish in this order permitting carriers flexibility to secure various forms of approval under section 222(c)(1), in our view, facilitate the furnishing of integrated total service offerings suited to the customer's needs. Moreover, as discussed supra, given that carriers may use CPNI without prior customer approval to market any aspect of a customer's total service, carriers currently retain considerable ability to market jointly telecommunications services. 105. We are not persuaded by U S WEST's contention that an express approval requirement would yield an insufficient number of approvals to justify the expense of conducting solicitation campaigns. MCI reports, to the contrary, "based on MCI's experience and knowledge of telemarketing generally, a 29% positive response rate on outbound calling to a carrier's customer base is fairly successful." In addition, as MCI further observes, U S WEST's negative response rate reflects the difficulty of telemarketing generally, not any inherent difficulty of obtaining affirmative approval specifically. Therefore, we agree that, to the extent the large number of customers failing to give their approval likewise would not want to receive subsequent telemarketing calls based on the use of their CPNI, "U S WEST's own analysis shows that even with the 'opt-out' procedure it advocates, it would not have much better luck telemarketing to those customers." Moreover, even assuming, arguendo, that an express approval requirement would make targeted marketing more difficult, we find that such a result would not be inconsistent with customer expectations or desires. Given the new emphasis on customer privacy embodied in section 222, we believe that Congress did not intend for countervailing considerations, such as the promotion of one-stop shopping, to outweigh customers' interest in maintaining the privacy of their sensitive information. 106. Finally, we reject U S WEST's argument that an express approval requirement under section 222(c)(1) would impermissibly infringe upon a carrier's First Amendment rights. U S WEST contends that CPNI is information owned by the carrier that forms the basis for informed speech between U S WEST and its customers or potential customers, and that any restrictions on such "inputs" beyond reasonable time, place and manner restrictions, such as affirmative approval requirement for the use of CPNI, thus are unconstitutional. U S WEST also maintains that the communication of CPNI between or among U S WEST corporate entities is a protected speech activity. We disagree that an express approval requirement would impermissibly infringe upon a carrier's First Amendment rights. At the outset, we think there is a substantial question as to whether CPNI restrictions even implicate constitutionally protected "speech." Carriers remain free to communicate with present or potential customers about the full range of services that they offer, and section 222 therefore does not prevent a carrier from engaging in protected speech with customers regarding its business or its products. What carriers cannot do is use confidential CPNI in a manner that is not permitted by the statute. While section 222 may constrain carriers' ability to more easily "target" certain customers for marketing by limiting in some circumstances their internal use of confidential customer information, we question whether that of itself constitutes a restriction on protected "speech" within the purview of the First Amendment. Nevertheless, to the extent that it were concluded that CPNI restrictions under section 222 did affect carrier communications with their customers or unrelated third parties in such a way as to implicate the First Amendment, at most commercial speech would be at issue since any limitations under section 222 relate solely to the economic interests of the speaker and its audience. But any governmental restrictions on commercial speech will be upheld where, as here, the government asserts a substantial interest in support of the regulation, the regulation advances that interest, and the regulation is narrowly drawn. As the Supreme Court has observed, it has never deemed it an abridgement of freedom of speech to make a course of conduct illegal merely because the conduct was initiated or conducted in part through language; to the contrary, similar regulation of business activity has been held not to violate the first Amendment. 107. The U.S. Supreme Court has held that protecting the privacy of consumers, and eliminating restraints on competition, are "substantial" government interests. An express approval requirement directly advances the protection of customer privacy by vesting control over the dissemination of CPNI with the customer, rather than the carrier, and by limiting the ability of incumbent carriers to leverage their control over monopoly-derived CPNI into emerging telecommunications markets. In addition, an express approval requirement is narrowly tailored to achieve these Congressional objectives. Contrary to U S WEST's contention, we further conclude that an express approval requirement would not violate the free speech rights of customers. To the extent a customer wishes to receive information on offerings outside the scope of its total service offering, it simply may grant approval under section 222(c)(1). As we previously noted, to the extent customers are engaged in communications with their carrier regarding the servicing of their account, they are more likely to grant approval. Finally, for the reasons discussed supra, we reject U S WEST's contention that an express approval requirement effectively would deprive carriers of the use of their property, and thus would constitute a taking without just compensation. C. Written, Oral and/or Electronic Approval 1. Background 108. The Commission observed in the Notice that section 222 neither specifies the procedures that a carrier must use to obtain customer approval, nor addresses whether section 222(c)(1) approval must be written or oral. 2. Discussion 109. While we believe that carriers should be required to obtain express approval for uses of CPNI outside the scope of sections 222(c)(1)(A) and (B), we conclude that carriers should be permitted to obtain such approval through written, oral, or electronic means, as several commenters contend. Allowing carriers to obtain customer approval through any or all of these three approval methods comports with the language and design of section 222, and is consistent with the principles of customer control and convenience that are manifested in section 222. Moreover, this approach gives carriers flexibility without sacrificing customer control over sensitive information. We thus agree with MCI that carriers should be able to use the advanced technologies of their networks, including 800 numbers, 888 numbers, and e-mail, to obtain customer approval, in addition to using various types of written approval, such as billing inserts, that are returned to the carrier. 110. We disagree with parties arguing that section 222 mandates written approval. We find nothing in the language or design of section 222 that limits carriers to obtaining only written approval, despite arguments advanced by some of these commenters. Indeed, contrary to the claims made by AICC and CompTel, we believe that the requirement in section 222(c)(2) that a carrier obtain a "written" request before disclosing CPNI to any person, in contrast to the term "approval" in section 222(c)(1), suggests that Congress did not intend to limit section 222(c)(1) to only written approval. Given that nothing in section 222(c)(1) expressly limits approval to only written means, we conclude that carriers should be given flexibility to secure approval through written, oral or electronic methods. 111. We also reject the contention that section 222(d)(3) of the Act supports a written approval requirement. While section 222(d)(3) contemplates oral approval in creating an exception for CPNI use during an inbound call, section 222(d)(3) also may be interpreted simply to permit a carrier to use CPNI to provide a customer with information for the duration of an inbound call, based on oral approval, even if the customer otherwise has restricted the carrier's use of its CPNI, as Ameritech points out. This exception may be significant, based on the results of U S WEST's approval solicitation trial. U S WEST found that, in the context of inbound calls, 72 percent of customers approved of the use of CPNI for marketing purposes, as opposed to 29 percent in the outbound context. In a similar trial, Ameritech reported that it achieved an even higher inbound response rate of about 90 percent. We agree with U S WEST that, to the extent these findings are valid, they suggest that when customers call their carrier, they are interested in the servicing of their account, and thus are considerably more likely to approve the use of CPNI than when customers -- even these very same ones -- are "cold called" by the carrier. In this way, the inbound telemarketing exception in section 222(d)(3) offers a meaningful, specific right, different from the general "approval" exception in section 222(c)(1). 112. We do not believe that permitting outbound oral solicitations will have negative privacy consequences, as some commenters suggest. Because allowing carriers to obtain oral approval does not divest the customer of control over CPNI, but affords the additional benefits of customer convenience, we find that permitting such approval will advance the goals of section 222. We recognize, however, as several parties suggest, that oral customer approval may be more difficult to verify than written approval, because carriers typically would have no physical record that such approval had been given. Nevertheless, we find that any verification problems can be adequately addressed through measures other than an outright prohibition on oral approval under section 222(c)(1). Accordingly, as discussed infra, we conclude that a carrier relying on oral customer approval should be required to notify customers of their CPNI rights, and should bear the burden of demonstrating that a customer has granted approval subsequent to such notification pursuant to the rules we adopt in this order. Shifting the burden to such carriers, in addition to establishing minimum notification requirements, as we do herein, also should address any concerns that, if oral approval is permitted, customers will not consider their options due to pressure from telemarketers, that substantially greater FCC and state commission resources will be incurred, or that carriers will engage in "slamming" practices through telemarketing. We believe the notification requirements we adopt will reduce the likelihood that carriers will violate customer privacy by abusing oral approval mechanisms. In addition, as one party suggests, certain mechanisms are currently available that make verbal approvals as readily verifiable as written approvals. 113. We share the concern that oral approval mechanisms may be subject to greater abuse than written approval mechanisms. To the extent our decision to permit oral approval may result in carrier abuses, including, for example, the overselling of services, as CPSR argues, we find that such a result does not warrant mandating written approval. Assuming the term "oversell" is intended to refer to a situation in which a carrier frequently telephones a customer to solicit section 222(c)(1) approval, we believe that carriers have an incentive not to abuse outbound solicitation mechanisms as a tool for obtaining verbal approval, since such abuse ultimately may result in the loss of the customer. Carriers that make frequent outbound calls to obtain oral approval therefore do so at the risk of losing their customer base. 114. On the other side of the balance, we are not convinced, despite arguments advanced by some parties, that permitting oral and electronic, in addition to written, approval would raise significant competitive concerns. Proponents of written approval generally maintain that any type of non-written approval will result in a greater percentage of approvals, and thereby place small carriers at a competitive disadvantage relative to incumbent carriers, which have the largest amount of, and most useful, CPNI. These parties further contend that any rules we establish should ensure a "level playing field" for new entrants. Accordingly, these parties argue, because third parties must obtain affirmative written approval to gain access to CPNI pursuant to section 222(c)(2), all carriers, including AT&T, the BOCs, and GTE, similarly should be required to secure written customer approval. Even if our decision to permit oral approval results in a greater number of approvals, because all carriers must obtain such approval to use CPNI outside the scope of section 222(c)(1), no particular class of carriers is placed at a competitive disadvantage in connection with the CPNI use of their own customers. In addition, we find no reason to impose a written approval requirement only on incumbent carriers, while allowing carriers in competitive markets the option of obtaining written, oral or electronic approval, as some parties suggest. Because oral approval constitutes a form of express approval, we believe that permitting incumbent carriers to obtain such approval for uses of CPNI outside the scope of section 222(c)(1) would not allow incumbent carriers to leverage their dominant position in entering new markets. D. Duration, Frequency, and Scope of Approval 1. Background 115. The Commission sought comment in the Notice on whether requirements should be established regarding (1) how long a customer's approval should remain valid; (2) how often carriers may contact a customer in order to attempt to obtain approval, regardless of whether the customer has restricted its CPNI; and (3) whether and to what extent customers may approve of partial access to their CPNI, for example, limited to certain uses or time periods. Commenters set forth differing views as to how long approval should remain valid. Some parties argue, for example, that approval should remain valid until the customer indicates otherwise, while others contend that approval should be renewed periodically, or should be valid only for the duration of a transaction. Parties similarly argue for differing limitations on how frequently a carrier may contact a customer to solicit approval, ranging from one year from the date of solicitation, to no limitation at all. 2. Discussion 116. We conclude that approval obtained by a carrier for the use of CPNI outside of section 222(c)(1), whether oral, written, or electronic, should remain in effect until the customer revokes or limits such approval, as some parties suggest. We find that this interpretation is consistent with the language and design of section 222. In particular, as PacTel notes, the language of section 222(d)(3) stating that carriers may "provide inbound telemarketing, referral, or administrative services to the customer for the duration of the call" suggests that Congress expressly limited the duration of approval where it wanted to so specify, and thus the absence of similar language in section 222(c)(1) evidences that Congress did not limit as a statutory matter the time period within which customer approval remains valid. We also find that, so long as a customer is informed of its CPNI rights prior to granting approval, permitting such approval to remain effective until it is revoked or circumscribed does not infringe on a customer's privacy interests. We thus do not require carriers to renew customer approval periodically, for example, annually or semi- annually, or to presume that customer approval is valid only for the duration of the transaction, if the customer has not otherwise specified the time period during which the approval remains valid. Requiring customers who have provided section 222(c)(1) approval to renew such approval periodically would be inconsistent with the focus on customer convenience in section 222, and would not provide any significant additional privacy protections given the notification requirements we adopt in this Order. 117. We decline to establish at this time a restriction on the number of times a carrier may contact a customer to obtain approval for the use of CPNI outside of section 222(c)(1), despite arguments raised by some parties. As PacTel points out, section 222 does not expressly establish a limit on how often a carrier may contact a customer in order to obtain section 222(c)(1) approval. We also find that such a restriction is unnecessary at present because carriers likely will not seek to jeopardize the good will of their customers, through repeatedly attempting to obtain their approval, given the potential that irritated customers would go elsewhere. In addition, as MCI points out, the rules we adopted pursuant to the TCPA, including the requirement that telephone solicitors maintain "do-not-call" lists, provide customers with a mechanism by which they may halt unwanted telephone solicitations. To the extent our assumption that competitive marketplace forces will regulate a carrier's actions proves to be incorrect, however, or carriers engage in outbound solicitations to such an extent that intrudes upon customer privacy, we can reevaluate this conclusion in the future. 118. Finally, we note that section 222(c)(1) is silent on the issue of whether a customer may grant a carrier partial use or access to CPNI outside the scope of section 222(c)(1). We conclude that allowing a customer to grant partial use of CPNI is consistent with one of the underlying principles of section 222 to ensure that customers maintain control over CPNI. A customer could grant approval for partial use, for example, by limiting the uses made of CPNI, the time period within which approval remains valid, and the types of information that may be used. Moreover, we believe that section 222 affords customers the right to authorize partial use of CPNI in the context of section 222(d)(3), which allows a carrier to provide any inbound telemarketing, referral or administrative services for the duration of the call to a customer based on oral approval. In this situation, therefore, a carrier could obtain partial use by virtue of its ability to view customer records for a limited duration, notwithstanding the customer's restriction of CPNI use. E. Verification of Approval 1. Background 119. In the Notice, the Commission proposed that, to the extent oral approval is permitted under section 222(c)(1), carriers choosing to obtain oral approval should bear the burden of proof associated with such a scheme in the event of a dispute. The Commission stated that such carriers would be required to show through credible evidence that they have obtained the required customer authorization prior to granting access to CPNI for purposes that otherwise would be unlawful. Parties present differing views as to whether carriers should bear the burden of demonstrating oral approval. 2. Discussion 120. We conclude that a carrier relying on oral approval under section 222(c)(1) should bear the burden of demonstrating that such approval has been given in compliance with the rules we adopt in this order, as a number of parties contend. In general, we find that shifting the burden to such carriers will make it easier to verify oral approval. While section 222 does not expressly require that carriers bear the burden of demonstrating oral approval as PacTel points out, we find that shifting the burden in this manner is consistent with the intent of section 222 to protect the confidentiality of sensitive customer information. Shifting the burden is justified, given the potential for abuse of oral approval mechanisms that could lead to unauthorized dissemination of CPNI. In addition, if we were to require a complaining party to bear the burden of demonstrating that it had not granted oral approval, carriers may not have an incentive to develop verification processes that are adequate to protect customer privacy. We also conclude that shifting the burden to carriers relying on oral approval strikes an appropriate balance in permitting a less rigorous mechanism than written approval. 121. Because carriers must bear the burden of demonstrating that they have obtained oral approval under section 222(c)(1), we find it unnecessary to mandate specific verification mechanisms at this time. We believe that carriers will have an incentive to develop on their own processes to show that they have obtained approval in order to satisfy this burden. We note, however, that while carriers may use any method of verification that they see fit, certain methods may carry greater weight than others in determining whether a carrier has satisfied its burden. In general, we agree with those commenters arguing that a carrier relying on oral approval should be able to meet its burden by, for example, audiotaping customer conversations, or by demonstrating that a qualified independent third party operating in a location physically separate from the carrier's telemarketing representative has obtained customer approval under section 222(c)(1) subsequent to adequate notification of its CPNI rights, and has confirmed the appropriate verification data, e.g., the customer's date of birth or social security number. In contrast, we would likely not consider the mere absence of any CPNI restriction in the customer's database or other account record sufficient to verify that a customer has given express approval in accordance with section 222(c)(1), despite SBC's suggestion. In addition, because carriers are required under our rules to notify customers of their CPNI rights prior to soliciting approval, we do not require them to send follow-up letters to customers confirming approval, contrary to some parties' contentions. 122. Although we require carriers to certify that they are in compliance with our CPNI requirements, such certifications, standing alone, would not be adequate to satisfy a carrier's burden of demonstrating oral approval, despite AirTouch's contention. Allowing carriers to satisfy their burden through electronic or written entries obtained outside of the independent third party verification process, or merely by certifying that they are in compliance with our rules, would undermine the intent of section 222 to protect the confidentiality of sensitive customer information, since permitting carriers to do so could potentially result in abuses that lead to the unauthorized use or dissemination of CPNI. 123. Finally, we require that carriers maintain records of notification and approval, whether written, oral, or electronic, and be capable of producing them if the sufficiency of a customer's notification and approval is challenged. Maintenance of such records will facilitate the disposition of individual complaint proceedings. We thus require that carriers maintain such records for a period of at least one year in order to ensure a sufficient evidentiary record for CPNI compliance and verification purposes. In any event, carriers generally will have an incentive to maintain such records for evidentiary purposes in the event of a dispute with a customer or other "person" under section 222(c)(2). This is true particularly in the case of oral approvals (including oral notification), which carriers bear the burden of demonstrating have been given in accordance with our rules. F. Informed Approval Through Notification 1. Background 124. Section 222 of the Act does not expressly require that carriers notify customers of the privacy protections afforded by section 222 if they wish to use CPNI for marketing purposes beyond sections 222(c)(1)(A) and 222(c)(1)(B). The Commission tentatively concluded in the Notice that carriers seeking approval for CPNI use within the meaning of section 222(c)(1) should be required to notify customers of their right to restrict carrier use of, or access to, CPNI. The Commission reasoned that customers must know that they have the right to restrict carrier CPNI use, before they can waive that right. 125. Under the Computer III rules, AT&T, the BOCs, and GTE are required to notify their multi-line business customers annually of their right to restrict before using CPNI to market enhanced services. In addition, the BOCs and GTE, but not AT&T, are required to notify their multi-line business customers annually before using CPNI to market CPE. These carriers, however, are not subject to a general obligation to notify residential or single-line business customers of their right to restrict carrier CPNI use prior to marketing enhanced services or CPE. In November 1996 and in December 1997, the Common Carrier Bureau and the Policy and Program Planning Division, respectively, waived these annual notification requirements pending our action in this proceeding. 126. One party, BellSouth, contends that we need not require telecommunications carriers to notify customers of their CPNI rights. All other commenters generally agree with our tentative conclusion that telecommunications carriers should be required to notify customers because, absent a notification requirement, customers will be unaware of their CPNI rights. A number of parties argue further, however, that carriers should be required to provide this notification only if they wish to use, disclose or permit access to CPNI beyond the purposes specified in sections 222(c)(1)(A) and (B). 2. Discussion 127. Although section 222 does not expressly require notification of a customer's CPNI rights, we conclude that telecommunications carriers should be required to notify customers of their right to restrict carrier use of CPNI. We believe that notification of a customer's CPNI rights is an element of informed "approval" within the meaning of section 222(c)(1). Thus, because section 222(c)(1) by its terms requires express approval for carrier uses of CPNI beyond the scope of the existing service relationship, carriers likewise must provide notification for the use of CPNI beyond the scope of the existing service relationship. Although section 222 does not specifically impose this obligation on carriers as BellSouth points out, we believe that such a requirement is consistent with Congress' intent to safeguard the confidentiality of sensitive information, and to vest control over such information with the customer. We therefore require carriers to provide notification if they wish to use, disclose or permit access to CPNI beyond the purposes specified in sections 222(c)(1)(A) and (B); at this time, however, we make no decision on whether notice is required for use of CPNI within the scope of sections 222(c)(1)(A) and (B). 128. More specifically, we agree with the majority of commenters that customers must be made aware of their CPNI rights before they can be deemed to have "waived" those rights. Requiring notification will not cause confusion to customers as BellSouth suggests, but rather will ensure that customers either grant or deny approval in an informed fashion. Moreover, we find that a notification requirement would provide customers maximum control over carrier use of CPNI, and thus would further the objectives of section 222. 129. We reject BellSouth's contention that customers reasonably expect businesses with whom they have a pre-existing relationship to use CPNI to offer new services, and that therefore carrier use of CPNI for the development and marketing of services should be deemed to be permitted or invited, in the absence of specific notification to the customer. As we conclude elsewhere in this order, we find that a customer's expectation, and implied approval, for the use of CPNI for marketing purposes extends only to offerings within the customer's total service relationship with the carrier. Consequently, specific notification of the customer's CPNI rights, as a component of informed "approval" under section 222(c)(1), is warranted for uses of CPNI outside the customer's total service offering. G. Form and Content of Notification 1. Background 130. The Commission sought comment in the Notice on whether it should allow notification to be given orally and simultaneously with a carrier's attempt to seek approval for CPNI use, or whether it should instead require advance written notification. The Commission further sought comment on what is the least burdensome method of notification that would meet the objectives of the 1996 Act, and noted that, under Computer III, AT&T, the BOCs and GTE are required to provide to multi-line business customers written notification of their CPNI rights. The Commission also sought comment on whether it needed to specify the information that should be included in the customer notification, and, if so, the disclosure requirements that it should adopt. 131. A number of commenters, advocating prior written notification, argue that such notification would help to ensure customer understanding and uniformity among carriers. Other parties maintain that carriers should be permitted to give oral notification. Still other commenters generally contend that we should require written notice for dominant telecommunications carriers, but permit oral notice for other carriers, including small carriers or carriers in competitive markets. Several parties also maintain that carriers should be given discretion to determine the content of notification. Other commenters assert that we should specify minimum notification requirements, and propose specific content requirements. 2. Discussion 132. Form of Notification. We conclude that a carrier should be permitted to provide either written or oral notification, as a number of parties contend. Such notification, for example, may take the form of a bill insert, an individual letter, or an oral presentation that advises the customer of his or her right to restrict carrier access to CPNI. We conclude that allowing carriers to provide notification through these means will give them flexibility, while ensuring that customers are informed of their right to restrict access to CPNI, consistent with the intent of section 222. In addition, as a number of carriers suggest, allowing carriers to choose between oral and written notification is less burdensome for carriers. 133. We are not persuaded by parties' assertions that oral notification is necessarily less verifiable than written, will result in abuses, create greater disputes and confuse customers, is too difficult to accomplish successfully, or could be used to dissuade customers from releasing CPNI to a competitor. Any verification concerns that may arise where carriers provide verbal notice of CPNI rights can be adequately addressed through measures less restrictive than an outright prohibition on oral notification mechanisms. For example, any verification problems concerning oral notice, like oral approval, may be addressed by requiring carriers to bear the burden of demonstrating that such notice has been given in the event of a dispute. We therefore conclude that a carrier providing verbal notification of a customer's CPNI rights must carry the burden of showing that such notice has been given, in compliance with the requirements we adopt in this order. Shifting the burden to such carriers will ensure that customers are adequately informed of their CPNI rights. We further find that carriers may use any reasonable method for verifying oral notification that adequately confirms that such notification has been given, including, but not limited to, audiotaping customer conversations or using an independent third party verification process. Likewise, any concerns regarding customer confusion or carrier abuse are adequately addressed through the minimum content requirements for notification that we adopt in this order. 134. We find no reason to impose different notification requirements on large and small carriers, as some commenters suggest. As noted supra, although competitive concerns may justify different regulatory treatment for certain carriers, concerns regarding customer privacy are the same irrespective of the carrier's size or identity. Section 222's requirements apply to all carriers. 135. Content of Notification. We agree with those commenters that suggest we establish minimum notification requirements. Prescribing minimum content requirements will reduce the potential for customer confusion and misunderstanding, as well as the potential for carrier abuses. While the minimum requirements we establish in this order do not provide precise guidance to carriers, we believe that prescribing such requirements is preferable to other approaches that parties have suggested. Developing general notice requirements strikes an appropriate balance between giving carriers flexibility to craft specific CPNI notices, and ensuring that customers are adequately informed of their CPNI rights. 136. Establishing notice requirements should not confuse customers or constrain a carrier's ability to make timely notice changes, as BellSouth suggests. To the contrary, we find that such requirements generally will reduce confusion by clarifying the customer's CPNI rights, thereby ensuring that any decision by a customer to grant or deny approval is fully informed. While it is possible that customers may experience some initial confusion, given that carriers were not required, in most cases, to provide notification of CPNI rights under our pre-existing requirements, the benefit to consumers of such notification, i.e., heightened awareness of the right to restrict access to sensitive information, is consistent with the intent of section 222, and outweighs any countervailing disadvantages that may result from such notice, such as this initial customer confusion. In addition, because we establish only general notification requirements, carriers retain considerable flexibility to craft notices as they see fit, and thus should not be constrained from making last-minute changes to CPNI notices contrary to BellSouth's contention. Finally, we disagree with BellSouth that specifying minimum notification requirements will waste Commission resources. To the contrary, the failure to set forth such requirements would be far more administratively burdensome, given that any challenges to the adequacy of carrier notices would need to be addressed through individual complaint proceedings under sections 207 and 208 of the Communications Act. We also reject as unduly burdensome CompTel's and ITAA's suggestion that carrier notices be subject to prior Commission review. For the reasons discussed above, we also reject CPI's contention that only the largest incumbent LECs should be required to use a Commission-prescribed form apprising the customer of its CPNI rights. 137. We decline to adopt PacTel's suggestion to establish a "safe harbor" specifying the form of notice that would conclusively be presumed reasonable. The specific requirements for the form and content of notices that we establish in this Order provide carriers with adequate guidance, while still preserving carrier flexibility to craft notices as best suits their individual business plans. We explain these requirements in detail below. 138. At a minimum, customer notification, whether oral or written, must provide sufficient information to enable the customer to make an informed decision as to whether to permit a carrier to use, disclose, or permit access to CPNI. If a carrier intends to share CPNI with an affiliate (or non-affiliate) outside the scope of section 222(c)(1), the notice must state that the customer has a right, and the carrier a duty, under federal law, to protect the confidentiality of CPNI. In addition, the notice must specify the types of information that constitute CPNI and the specific entities that will receive the CPNI, describe the purposes for which the CPNI will be used, and inform the customer of his or her right to disapprove those uses, and to deny or withdraw access to CPNI at any time. The notification also must advise customers of the precise steps they must take in order to grant or deny access to CPNI, and must clearly state that a denial of approval will not affect the provision of any services to which the customer subscribes. Any notification that does not provide the customer the option of denying access, or implies that approval is necessary to ensure the continuation of services to which the customer subscribes, or the proper servicing of the customer's account, would violate our notification requirements. 139. We also require that any notification provided by a carrier for uses of CPNI outside of section 222(c)(1) be reasonably comprehensible and non-misleading. In this regard, a notification that uses, for example, legal or technical jargon could be deemed not to be "reasonably comprehensible" under our requirements. If written notice is provided, the notice must be clearly legible, use sufficiently large type, and be placed in an area so as to be readily apparent to a customer. Finally, we require that, if any portion of a notification is translated into another language, then all portions of the notification must be translated into that language. We note that this requirement is similar to one we adopted in the context of letters of agency for PIC changes. 140. We agree with CWI that a carrier should not be prohibited from stating in the notice that the customer's approval to use CPNI may enhance the carrier's ability to offer products and services tailored to the customer's needs. We also do not preclude a carrier from addressing the rights of unaffiliated third parties to obtain access to the customer's CPNI. Consequently, a carrier would not be prohibited from, for example, informing a customer that it may direct the carrier to disclose CPNI to unaffiliated third parties upon submission to the carrier of an affirmative written request, pursuant to section 222(c)(2) of the Act. However, a carrier would be prohibited from including any statement attempting to encourage a customer to freeze third party access to CPNI. 141. We also conclude that carriers must provide notification of a customer's CPNI rights, whether oral or written, prior to any solicitation for approval. As stated above, a customer must be fully informed of its right to restrict carrier access to sensitive information before it can waive that right. Any notification that is provided subsequent to a solicitation for customer approval under section 222(c)(1) is inadequate to inform a customer of such right. This conclusion is consistent with the underlying purpose of section 222 to safeguard customer privacy and control over sensitive information. The notification may be in the same conversation or document as the solicitation for approval, as long as the customer would hear or read the notification prior to the solicitation for approval. Finally, we conclude that the solicitation for approval to use CPNI, whether in the form of a signature line, check-off box or other form, should be proximate to the written or oral notification, rather than at the end of a long document that the customer might sign for other purposes, or at the conclusion of a lengthy conversation with the customer, for example. Similarly, the solicitation for approval, if written, should not be on a document separate from the notification, even if such document is included within the same envelope or package. The notice should state that any customer approval, or denial of approval, for the use of CPNI outside of section 222(c)(1) is valid until the customer affirmatively revokes or limits such approval or denial. 142. We conclude that carriers need only provide one-time notification to customers of their CPNI rights, as suggested by some parties. Given the notification requirements we adopt in this order, including the requirement that carriers inform customers that approval to use CPNI under section 222(c)(1) is valid until revoked, we believe that customers granting approval will have been fully informed of the scope and duration of a carrier's use of CPNI, contrary to some parties' assertions. Although we imposed a periodic notice requirement in Computer III, such a requirement was more appropriate in that context because the notice and opt-out mechanism generally permitted in Computer III militated in favor of more rigorous notification standards. That is, because carriers generally were not subject to an express prior approval requirement for the use of CPNI under Computer III, but rather, were permitted to share CPNI based only on notice and opt-out, the approval that was implied under such an approach was based largely on a customer's notification of his or her CPNI rights. In addition, as some parties suggest, requiring carriers to provide periodic notification may be more intrusive to customer privacy than marketing contacts resulting from section 222(c)(1) approval. For these reasons, we reject CWI's contention that an annual notification requirement should be applied only to incumbent LECs, as well as CPSR's assertion that oral notices should be repeated when a customer changes or adds services. VI. AGGREGATE CUSTOMER INFORMATION A. Overview 143. To promote the interests of fair competition, section 222 also establishes important carrier obligations regarding aggregate customer information that expressly work in tandem with the carrier requirements surrounding CPNI. Aggregate customer information is defined separately from CPNI in section 222, and involves collective data "from which individual customer identities and characteristics have been removed." On the one hand, as the Commission has found in the past, disclosure of aggregate information by LECs, when used to gain entry in new markets, is valuable and important to the LECs' competitors in these new markets. On the other hand, because aggregate customer information does not involve personally identifiable information, as contrasted with CPNI, customers' privacy interests are not compromised by such disclosure. New section 222(c)(3) governing aggregate customer information, accordingly, strikes a balance different from that governing CPNI. It extends the Commission's requirement that aggregate customer information be disclosed, which operated solely in the enhanced services and CPE markets and which applied only to the BOCs and GTE, to the new statutory scheme applicable to all markets, including long distance and CMRS, and to all LECs. 144. As we discuss below, because section 222(c)(3) offers an important competitive benefit, which is integral to the balance Congress drew regarding carrier use of customer information and rationally distinguishes among carriers, we reject claims that section 222(c)(3) in conjunction with section 222(c)(1) may constitute an unconstitutional taking or an equal protection violation. Rather, as implemented in this order, section 222(c)(3) permits LECs to use aggregate customer information to improve their customers' existing service, and when they choose to use it for purposes beyond their provision of service in section 222(c)(1)(A), they must make it available to their competitors upon request. We further conclude that section 222(c)(3)'s nondiscrimination obligation requires that LECs honor standing requests for disclosure of aggregate customer information at the same time and same price as when they disclose to, or use on behalf of, their affiliates. B. Background 145. Section 222(f)(2) defines aggregate customer information as: "collective data that relates to a group or category of services or customers, from which individual customer identities and characteristics have been removed." This definition is virtually identical to the definition of "aggregate information" promulgated by the Commission prior to the 1996 Act. Section 222(c)(3), which governs carriers' use of aggregate customer information, provides: A telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information other than for the purposes described in paragraph [222(c)](1). A local exchange carrier may use, disclose, or permit access to aggregate customer information other than for purposes described in paragraph (1) only if it provides such aggregate information to other carriers or persons on reasonable and nondiscriminatory terms and conditions upon reasonable request therefor. 146. Although section 222(c)(3) concerning aggregate customer information differs from section 222(c)(1) governing CPNI, the obligations in these provisions expressly dovetail. Section 222(c)(3) provides that when carriers, other than LECs, aggregate their individually identifiable customer information, they may use, disclose or permit access to such aggregate customer information for purposes other than those permitted under section 222(c)(1). In this way, for carriers other than LECs, section 222(c)(3) operates to eliminate the limitations in section 222(c)(1) on carrier use of customer information, when individually identifiable characteristics and identities are removed. When LECs use, disclose, or permit access to aggregate customer information for purposes beyond section 222(c)(1)(A) or (B), they must provide such aggregate customer information on a nondiscriminatory basis to other persons, including carriers, upon reasonable request. 147. As part of the Computer III rules established prior to the 1996 Act, the Commission requires the BOCs and GTE to provide aggregate customer information to enhanced service providers when they share such information with their enhanced service affiliates. The Commission also requires the BOCs to provide aggregate customer information to CPE suppliers when they share such information with their CPE affiliates. In addition, the Commission presently requires the BOCs and GTE generally to notify carriers when aggregate customer information is available, and the Commission has approved a series of alternatives for compliance with such notification obligation. The Commission excluded AT&T from the aggregate disclosure and notice requirements, reasoning that "if AT&T had to make aggregated CPNI available, there is a strong possibility that its network service competitors would obtain this information and use it in their basic service marketing efforts. The BOCs do not face the same potential competitive threat to their network service operations from the aggregated CPNI requirement." 148. Commenters raise two issues in connection with section 222(c)(3)'s new aggregate customer information requirements. First, U S WEST and USTA argue that, if we adopt an interpretation of the scope of sections 222(c)(1)(A) and (B) narrower than the single category approach, as we do in this order, the disclosure obligation of LECs regarding aggregate customer information under section 222(c)(3) would correspondingly be greater. As such, they claim that the operation of these two provisions would constitute both an unconstitutional taking and an Equal Protection violation because it would force LECs to release commercially valuable information to third parties, while their competitors would have no comparable obligation. Second, in the Notice, the Commission sought comment on whether, in addition to the statutory requirements of section 222, the Commission should also require all LECs to notify others of the availability of aggregate customer information prior to their using the information, as is required under the Computer III framework. Several parties argue that we should not impose such a requirement because there is no notice requirement under section 222(c)(3). Furthermore, they argue, notice of the availability of LEC aggregate customer information would give competitors unfair notice of LEC marketing plans. In contrast, ITAA disagrees, and further suggests that there may be more efficient ways of giving notice than what we require under Computer III (e.g., publishing in trade publications or newsletters). C. Discussion 149. We reject the claim that our interpretation of sections 222(c)(1) and 222(c)(3) would constitute an unlawful taking. As we discussed earlier, even assuming carriers have a property interest in either CPNI or aggregate customer information, our interpretation of sections 222(c)(1) and 222(c)(3) does not "deny all economically beneficial" use of property, as it must, to establish a successful claim. First, under our interpretation of these provisions, when CPNI is transformed into aggregate customer information, carriers, other than LECs (and LECs with disclosure), are free to use the aggregate CPNI for whatever purpose they like, including for example, to assist in product development and design, as well as in tracking consumer buying trends, without customer approval. This means that a long distance carrier, for example, may use collective data regarding customer usage patterns, derived from its long distance service, to assist its CMRS affiliate; such collective data may indicate, for instance, which regions are experiencing growth and thereby help identify where to locate CMRS-related regional sales forces. Aggregate information may also be useful to carriers to match certain types of consumers with service offerings that they may find attractive. A long distance carrier, again for example, could aggregate its CPNI to develop profiles of customers most likely to purchase CMRS service. Under our interpretation of section 222(c)(1)(A), for customers that are also the carrier's CMRS customer, the carrier could use the profile to identify customers that may favor the new CMRS offering. For existing long distance customers that do not also subscribe to the carrier's CMRS, the carrier would have to obtain customer approval to use the customers' CPNI to market CMRS service to them. With customer approval, however, by operation of section 222(c)(3), the long distance carrier could compare the customer profile (derived from aggregate customer information) with the customer's CPNI, to tailor its marketing strategy for new CMRS service to that customer. In these ways, by permitting aggregate information to be used in these ways, section 222(c)(3) affords important commercial benefits for carriers and customer alike, without impacting customer privacy concerns. . 150. Although LECs face certain obligations when they use aggregate customer information under section 222(c)(3), Congress did not require that LECs give aggregate customer information to their competitors upon request in all circumstances. Rather, when LECs use this aggregate information only to tailor their service offering to better suit the needs of their existing customers -- that is, within the scope of sections 222(c)(1)(A) and (B), LECs do not need to disclose the aggregate information. Moreover, LECs are permitted to use the aggregate information when targeting new service customers -- that is, for purposes beyond the scope of section 222(c)(1)(A) and (B). When they do so, LECs simply must give that information to others upon request. This means that, as in the example above, LECs, like long distance carriers may use aggregate customer information for valuable business and marketing purposes. Where LECs use or disclose the aggregate information for marketing service to which the customer does not subscribe, however, LECs can still use the information, but must disclose the aggregate information to others upon request. Our interpretation, therefore, does not deprive LECs of all economic benefit associated with their customer information, and we accordingly find claims to the contrary to be without merit. 151. We also reject parties' Equal Protection challenge. In order to sustain an equal protection challenge, parties challenging the law must prove that the law has no rational relation to any conceivable legitimate legislative purpose. Making LEC aggregate customer information available on nondiscriminatory terms, when used for purposes beyond those in sections 222(c)(1)(A) and (B), is reasonably related to the legitimate goal of promoting open competition in telecommunications markets. Indeed, as CFA points out, Congress sought a balance in the relationship between the carrier's permissible uses of CPNI in sections 222(c)(1)(A) and (B), which need not be disclosed to competitors because personal information is at stake, and section 222(c)(3)'s aggregate customer information, which requires disclosure based on competitive interests. In singling out LECs in section 222(c)(3), Congress reasonably recognized that LECs, as former monopoly providers, maintain a competitive advantage with regard to use of customer information. Specifically, because of their former monopoly status, LECs enjoy the benefit of accumulated customer information on all telephone subscribers within a certain geographic location, not merely those that have "chosen" their service. Also, to the extent there is some correlation between usage of local exchange and long distance service or CMRS, LECs theoretically "know" the most profitable customers (i.e., heaviest users) of all IXCs and CMRS providers operating within their region, as well. LECs obtained this information, as AT&T argues, not because they provided exceptional service, but because customers had no choice but to subscribe to them. 152. Section 222 requires only that when LECs seek to target customers based on aggregate customer information which create generalized "profiles" of groups of customers likely to respond favorably to service offerings outside their existing service, they must also make these group profiles available to their competitors. In this way, Congress sought to rectify the LECs' advantage in scope and wealth of CPNI, while at the same time not compromising customers' privacy interests. The aggregate rule rationally serves Congress' goal of encouraging competitive markets, through availability of aggregate customer information, while protecting CPNI from disclosure absent customer approval, and thus is Constitutional. 153. Finally, regarding the LECs' notice obligations, the nondiscrimination requirement in section 222(c)(3) protects competitors from anticompetitive behavior by requiring that LECs make aggregate customer information available "upon reasonable request." We interpret these terms to permit a requirement that LECs honor standing requests for disclosure of aggregate customer information at the same time and same price as when disclosed to, or used on behalf of, their affiliates. We are persuaded that such standing requests adequately address the competitive concerns formerly protected through our notice requirement. VII. SECTION 222 AND OTHER ACT PROVISIONS A. Overview 154. Section 222 by its terms extends to "all telecommunications carriers," including, therefore, the BOCs. Unlike other carriers, however, BOCs are subject to certain structural separation and nondiscrimination requirements set forth in sections 272 through 276 of the Act. More specifically, section 272 provides: "[I]n its dealings with its [long distance, interLATA information services, or manufacturing affiliates (section 272 affiliates)], a Bell operating company (1) may not discriminate between that company or affiliate and any other entity in the provision or procurement of goods, services, facilities, and information . . ." In the Non-Accounting Safeguards Order, the Commission found that "the term 'information' includes, but is not limited to, CPNI and network disclosure information." Based on the further record developed in this proceeding, we revisit and overrule the Commission's prior conclusion that the reference to "information" in section 272 includes CPNI. We agree with the BOCs that the specific balance between privacy and competitive concerns struck in section 222, regarding all carriers' use and disclosure of CPNI, sufficiently protects those concerns in relation to the BOCs' sharing of CPNI with their statutory affiliates. We accordingly interpret section 272, as well as section 274, which raises similar issues, to impose no additional CPNI requirements on the BOCs when they share CPNI with their statutory affiliates. B. Section 222 and Section 272 1. Background 155. As noted above, the Commission concluded in the Non-Accounting Safeguards Order that the term "information" includes CPNI and that the BOCs must comply with the requirements of both sections 222 and 272(c)(1). The Commission declined to address parties' other arguments regarding the interplay between section 272(c)(1) and section 222 to avoid prejudging issues in this CPNI proceeding. The Commission also declined to address parties' arguments regarding the interplay between section 222 and section 272(g), which permits certain joint marketing between a BOC and its section 272 affiliate. The Commission emphasized, however, that, if a BOC markets or sells the services of its section 272 affiliate pursuant to section 272(g), it must comply with the statutory requirements of section 222 and any rules promulgated thereunder. 156. On February 20, 1997, the Common Carrier Bureau released a public notice seeking further comment to supplement the record in this proceeding on various issues relating to the interplay between section 222 and other sections of the Act. The questions raised concerning the interplay of sections 222 and 272 included, among other things: (i) the meaning and scope of the nondiscrimination obligation in connection with "information" and "services" in sections 272(c)(1) and 272(e)(2) as they relate to CPNI; (ii) the customer approval requirements for BOCs sharing CPNI with their section 272 affiliates and unaffiliated entities; and (iii) the application of section 272(g)(3), which exempts certain joint marketing activity from the "nondiscrimination provisions of this subsection." 157. Several commenters argue that section 272 imposes separate and independent requirements on the sharing by BOCs of CPNI with their section 272 affiliates that are additional to the obligations established for all carriers under section 222. Commenters further contend that section 272 obligates BOCs that solicit customer approval for sharing CPNI with their 272 affiliates to solicit such approval on behalf of non-affiliated entities as well. The BOCs, in contrast, argue that section 272 does not extend to their use, disclosure, or permission of access to CPNI. 2. Discussion 158. We recognize an apparent conflict between sections 222 and 272. Under the total service approach, we have found that section 222 permits affiliated entities to share CPNI of the customers that already subscribe to service from those affiliates. Should CPNI be deemed to be "information" or "services" that would trigger application of section 272, however, then the BOCs would be unable to share CPNI with their affiliates to the extent contemplated by section 222. The section 272(c)(1) requirement that "information" or "services" be shared only on nondiscriminatory terms would, we believe, mean that BOCs could share CPNI among their affiliates only pursuant to express approval. Thus, CPNI sharing under section 222(c)(1)(A) (based on implied approval under the total service approach) would be precluded. Although we find that section 222 envisions a sharing of customer CPNI among those related entities that provide service to the customer, such a sharing among BOC affiliates would be severely constrained or even negated by the application of the section 272 nondiscrimination requirements. 159. In addition, the application of section 272 to CPNI sharing would seem to require that, when BOCs seek customer approval to share with their statutory affiliates (in the context of either inbound or outbound marketing), they must simultaneously solicit approval for CPNI sharing on behalf of all other carriers that ask them to do so. As discussed below, we question whether procedures could be implemented to provide for truly effective customer notice and opportunity for informed approval under such circumstances. Further, such comprehensive multi-carrier solicitation would likely be so burdensome that, as a practical matter, BOCs would be effectively precluded from seeking approval for affiliate sharing by means of oral solicitation -- a result not contemplated by section 222. 160. We find no express guidance from the statutory language as to how Congress intended to reconcile these provisions. On the one hand, invoking the principle of statutory construction that the "specific governs the general," the BOCs contend that section 222 specifically governs the use and protection of CPNI, whereas section 272 only refers to "information" generally. Accordingly, they claim, section 222 should "trump" section 272. On the other hand, based on the same statutory principle, different parties counter that section 272 specifically governs the BOCs' sharing of information with its affiliate, whereas section 222 only generally relates to all carriers. From this perspective, section 272 should control section 222. We find that either interpretation is plausible. Because Congress did not make its intent clear, our resolution of the apparent conflict must therefore be guided by the interpretation that, in our judgment, best furthers the policies of these two provisions, and thereby, best reflects the statutory design. On this policy basis, we believe that interpreting section 272 to impose no additional obligations on the BOCs when they share CPNI with their statutory affiliates according to the requirements of section 222, as implemented in this order, most reasonably reconciles the goals of these two provisions. This is so because imposing section 272's nondiscrimination obligations when the BOCs share CPNI with their section 272 affiliates would not further the principles of customer convenience and control embodied in section 222, and could potentially undermine customers' privacy interests as well, while the anticompetitive advantages section 272 seeks to remedy are sufficiently addressed through the mechanisms in section 222 that seek to balance the competitive concerns regarding LECs' use and protection of CPNI. 161. Should we interpret section 272 to apply when the BOCs' share CPNI with their statutory affiliates, BOCs may simply choose not to disclose their local service CPNI, and thereby avoid their nondiscrimination obligations. This could occur even where the BOC and its affiliate share the same customer (and therefore under the total service approach would be permitted to use or disclose CPNI absent customer approval under section 222(c)(1)(A)), or where it has obtained express approval from its customers to do so. This outcome, however, would not serve the various customer interests envisioned under section 222. First, customers would be deprived of benefits associated with use and disclosure of CPNI among affiliated entities, upon customer approval. For example, customers would not be able to take advantage, if they chose, of tailored marketing, which is currently possible under our implementation of sections 222(c)(1) and (d)(3). Second, maintaining separate customer service records for local and long distance BOC offerings, where both are subscribed to by the same BOC customer, would also not serve the customer's interest in receiving service in a convenient manner. Indeed, if, as AT&T suggests, the only way in which BOCs could share information with statutory affiliates and not trigger section 272's nondiscrimination requirements would be for BOCs to disclose CPNI to their section 272 affiliates upon written customer request secured by the BOC affiliate, customer convenience goals would not be furthered. 162. The alternative, should BOCs nevertheless choose to share CPNI with their section 272 affiliates, and we were to find section 272 applicable to CPNI, would likewise be problematic. First, BOCs would not be able to disclose CPNI to non-affiliated entities for the purpose of ensuring competitive access to CPNI consistent with section 222. Although the statute permits the sharing among affiliated entities within the meaning of the exceptions in sections 222(c)(1)(A) and (B), the language does not support use or disclosure of CPNI beyond the carrier's "provision of the telecommunication service from which such information is derived." Disclosure to other companies to maintain competitive neutrality cannot reasonably be construed to constitute "the provision" of such service. Such a result would defeat, rather than protect, customers' privacy expectations, and their control over who can use, disclose, or permit access to such information, as set forth in section 222(c). For the reasons described above, however, prohibition of such sharing would not serve the customer convenience interests underlying section 222. 163. Second, the proposal that BOCs disclose CPNI to unaffiliated entities on the same customer approval terms as they share with their section 272 affiliates, raises similar concerns. Requiring that BOCs disclose CPNI to unrelated entities upon oral customer approval when they share CPNI with their section 272 affiliates upon oral approval, would not necessarily be inconsistent with the policies or language of section 222. We see no principled basis, however, upon which not to impose other obligations required by section 272. That is, if section 272's non-discrimination obligation applies to the form of customer approval, we agree that it would also apply when BOCs solicit customer approval to share with their statutory affiliates. We do not believe, however, that requiring BOCs to solicit approval for unspecified "all other" entities would constitute either effective notice or informed approval. We agree with SBC that customers cannot knowingly approve release of CPNI unless and until they are made aware of the identity of the party which is to receive the information. Alternatively, as a practical matter, it would be difficult for BOCs to provide specific notice, and obtain informed approval, for each entity that so requests. To do so would severely restrict the BOCs' ability effectively to market, particularly in the inbound marketing context contemplated under section 222(d)(3), and thereby would again undermine the customer convenience policies of section 222. 164. Our interpretation is further based on the fact that, as a policy matter, the three specific mechanisms in section 222 that address the competitive concerns implicated by a BOC's use of CPNI render the application of section 272's nondiscrimination requirement not essential. First, through section 222(c)(1), as implemented in this order, BOCs cannot share CPNI with their section 272 affiliates unless they either obtain express customer approval or, in the case of long distance, the customer is an existing subscriber to the affiliate's long distance offering. Oral approval appropriately limits carrier's anti- competitive use of CPNI. As we have explained above, CPNI sharing among affiliated entities to whom the customer already subscribes is unlikely to have anti-competitive effects since any such sharing does not allow carriers to target new customers, but merely assists carriers in tailoring their service offering in a manner that may be more beneficial to existing customers. 165. Second, competitors are afforded access to customer CPNI through section 222(c)(2), which requires disclosure of CPNI to entities unaffiliated with BOCs upon their obtaining a customer's affirmative written request." Through this provision, BOCs cannot exclusively advantage their affiliates, and must provide competitors access when the customer says so. Third, section 222(c)(3), which governs aggregate customer information, directly addresses the particular competitive advantages obtained by LECs' store of customer information. As discussed earlier, through this provision, Congress sought to rectify the LECs' advantage in scope and wealth of CPNI, that derives from their historic and continuing market power and not from their skill in competition, while at the same time not compromising customers' privacy interests. 166. Further mitigating competitive concerns, beyond section 222, is the fact that, BOCs, as incumbent local exchange carriers, may also be subject to obligations under section 251 to disclose customer information as part of their interconnection obligations upon the oral approval of customers. In addition, as we indicated earlier, section 201(b) remains fully applicable where it is demonstrated that carrier behavior is unreasonable and anticompetitive. 167. Finally, we note that our conclusion is consistent with the regulatory symmetry Congress intended for carrier marketing activities. Our interpretation requires that all carriers, including BOCs, LECs, CLECs, and IXCs, obtain customer approval before using CPNI to market offerings outside the customer's existing service relationship. In this way, no carrier or group of carriers obtain a competitive advantage in marketing. 168. The fact that Congress requires BOCs to establish separate affiliates that must operate independently from the BOC entity that offers local exchange service, does not, as some parties contend, alter our conclusion. Rather, the separate affiliate requirement serves other important purposes such as preventing anticompetitive cost-shifting that may arise when a BOC enters the interLATA services market in an in-region state in which the local exchange market is not yet fully competitive. Moreover, in the Non-Accounting Safeguards Order, the Commission held that the "operate independently" requirement in section 272(b)(1) does not preclude the sharing of administrative and other services. In addition, the exception in section 272(g)(2) further contemplates that BOCs can maintain relationships with their long distance affiliates, when they jointly market the services of these affiliates, that would not be subject to nondiscrimination principles. Accordingly, suggestions that Congress intended to erect a kind of impermeable "Chinese wall" between BOCs and their section 272 affiliates, for all purposes, are overstated. Rather, section 272 is intended to ensure that BOCs do not give their affiliates a competitive advantage, and for the reasons described herein, section 222 fully and specifically balances these concerns in relation to CPNI for LECs. In contrast, applying section 272 to the BOCs' sharing of CPNI with their statutory affiliates would not permit the goals and principles of section 222 to be realized fully as we believe Congress contemplated. We resolve this conflict between sections 272 and 222, therefore, in favor of the interpretation that, as a policy matter, we believe best furthers all of Congress' goals -- that section 222, and not section 272, governs all carriers, including BOCs, use and protection of CPNI. 169. For all these reasons, we conclude that the most reasonable interpretation of sections 222 and 272 is that section 272 imposes no additional CPNI requirements on BOCs' sharing of CPNI with their section 272 affiliates. Accordingly, we overrule our prior conclusion to the contrary in the Non-Accounting Safeguards Order. C. Section 222 and Section 274 1. Background 170. The Commission confirmed that electronic publishing is an information service in its Electronic Publishing Order, released on February 7, 1997. Section 222(c)(1), as implemented in this proceeding, restricts carriers from using, disclosing, or permitting access to CPNI, derived from the provision of a telecommunications service, for marketing information services and other services unless they obtain express customer approval. This means that customer approval is a prerequisite for any carrier s use or disclosure of CPNI for electronic publishing purposes. 171. Section 274 permits BOCs to provide electronic publishing services only through a "separated affiliate" or "electronic publishing joint venture" that meets certain separation, nondiscrimination, and joint marketing requirements. In the Electronic Publishing Order, the Commission promulgated policies and rules governing the BOCs' provision of electronic publishing under section 274. The Commission deferred to this proceeding any decision on the extent that section 222 affects implementation of the joint marketing provisions of section 274. The Commission also deferred to this proceeding the following issues: (i) whether the term "basic telephone service information," as defined in section 274(i)(3), includes CPNI; (ii) whether section 222 requires a BOC engaged in permissible marketing activities under section 274(c)(2) to obtain customer approval before using, disclosing, or permitting access to CPNI; and (iii) whether or to what extent section 274(c)(2)(B) imposes any obligations on BOCs that use, disclose, or permit access to CPNI pursuant to a "teaming" or "business arrangement" under that section. 172. In the Public Notice released by the Common Carrier Bureau on February 20, 1997, further comment was also sought regarding the interplay between sections 222 and 274, including on, among other things: (i) the meaning and application of the nondiscrimination obligations in sections 274(c)(2)(A) and 274(c)(2)(B); and (ii) customer approval requirements for BOCs sharing of CPNI with electronic publishing affiliates, joint ventures, and unaffiliated entities. In response to this notice, two commenters contend that section 274, like section 272, imposes additional requirements on the ability of BOCs to provide certain services and to share information with their electronic publishing affiliates or partners in particular contexts that go beyond the requirements of section 222. In contrast, although the BOCs acknowledge that some form of customer approval is required before CPNI can be used to market electronic publishing services, they argue that there is no statutory requirement related to the disclosure of CPNI in section 274(c)(2)(A). In addition, the BOCs argue that they have no general obligation under either section 274(c)(2)(A) or 274(c)(2)(B) to solicit customers to obtain CPNI release for any entity, whether affiliated or unaffiliated. 2. Discussion 173. For the reasons discussed in connection with section 272, we are likewise persuaded here that we should interpret section 274 to impose no additional CPNI requirements regarding the BOCs' use of CPNI in connection with their provision of electronic publishing. We find that both privacy and competitive concerns regarding BOCs' use, disclosure, or permission of access to CPNI for electronic publishing purposes, are protected in section 222(c)(1) through the requirement that customers must give their approval for such use. Likewise, section 222(c)(2) ensures competitive access to CPNI by "any person," which therefore includes unaffiliated electronic publishers. Finally, pursuant to section 222(c)(3), competing electronic publishers would be entitled to obtain any aggregate customer information used by BOCs to market their, or an affiliated or related entity's, electronic publishing services. Thus, as in the case of section 272, where section 222 appropriately balances the potentially competing interests in the specific context of carriers' use and disclosure of CPNI, we conclude that we should not upset the balance by "superimposing" nondiscrimination standards in section 274. VIII. COMMISSION'S EXISTING CPNI REGULATIONS A. Overview 174. In the Computer III, GTE ONA, and BOC CPE Relief proceedings, the Commission established a framework of CPNI requirements applicable to the enhanced services operations of AT&T, the BOCs, and GTE and the CPE operations of AT&T and the BOCs (Computer III CPNI framework). As we observed in the Notice, the Commission adopted the Computer III CPNI framework, together with other nonstructural safeguards, to protect independent enhanced services providers and CPE suppliers from discrimination by AT&T, the BOCs, and GTE. The framework prohibited these carriers' use of CPNI to gain an anticompetitive advantage in the unregulated CPE and enhanced services markets, while protecting legitimate customer expectations of confidentiality regarding individually identifiable information. Alternatively, for those carriers that maintain structurally separate affiliates in connection with their CPE and enhanced services operations, our Computer II rule 64.702(d)(3) prohibits carriers from sharing CPNI with those affiliates unless it is made publicly available. We likewise prohibit the BOCs from providing CPNI to their cellular affiliates unless they make the CPNI publicly available on the same terms and conditions. 175. We conclude that the new CPNI scheme that we implement in this order, which is applicable to all telecommunications carriers, fully addresses and satisfies the competitive concerns that our Computer III framework as well as our Computer II and BOC CPNI cellular rules sought to address. Accordingly, we eliminate these existing CPNI requirements in their entirety. Nevertheless, the record supports our specifying general minimum safeguards, applicable to all carriers, to ensure compliance with section 222's statutory scheme. Toward that end, we first require that all carriers conform their database systems to restrict carrier use of CPNI as contemplated in section 222(c)(1) and section 222(d)(3), through file indicators that flag restricted use, in conjunction with personnel training and supervisory review. Second, we impose recording requirements on carriers that serve both to ensure that use restrictions are being followed and to afford a method of verification in the event they are not. B. Computer III CPNI Framework 1. Background 176. The CPNI framework the Commission adopted prior to the 1996 Act, which applies only to the BOCs, AT&T, and GTE, and only in connection with their use of CPNI to market CPE and enhanced services, involves five general components. The first concerns customer notification. The current framework requires the BOCs, AT&T, and GTE to send annual notices of CPNI rights regarding enhanced services to all their multi-line business customers. With respect to CPE, the BOCs must also send annual notices to multi-line business customers, and AT&T must provide a one-time notice to its WATS and private line customers. Each notice must be written, describe the carrier's CPNI obligations, the customer's CPNI rights, and include a response form allowing the customer to restrict access to CPNI. Second, the BOCs and GTE, but not AT&T, must obtain prior written authorization from business customers with 20 or more access lines before using CPNI to market enhanced services. All BOC and AT&T customers with fewer lines have the right to restrict access to their CPNI by carrier CPE personnel, and along with GTE customers, enhanced services personnel as well. These carriers must also accommodate customer requests for partial or temporary restrictions on access to their CPNI. Third, we require the BOCs, AT&T, and GTE to make CPNI available to unaffiliated enhanced services providers and CPE suppliers at the customer's request on the same terms and conditions as the CPNI is made available to their personnel. Fourth, the BOCs must provide unaffiliated enhanced services and CPE providers any non-proprietary, aggregate CPNI that they share with their own personnel on the same terms and conditions. GTE is subject to the same requirement for its enhanced services operations. AT&T, however, is not subject to any Commission requirements with respect to aggregate CPNI. Finally, the BOCs, AT&T, and GTE must use passwords to protect and block access to the accounts of customers that exercise their right to restrict. We also mandate that the BOCs and GTE address their compliance with our CPNI requirements in their ONA, CEI, and CPE relief plans. 177. The Commission acknowledged in the Notice that section 222 may address the anticompetitive concerns that its existing CPNI requirements had sought to address, and the Commission invited comment on which, if any, of its requirements may no longer be necessary in view of section 222. The Commission tentatively concluded that it should not extend its CPNI requirements to carriers that are not affiliated with AT&T, the BOCs, or GTE. The Commission also recognized that, in certain respects, the Computer III CPNI framework is more restrictive than the 1996 Act. The Commission decided that these additional restrictions would remain in effect, pending the outcome of this rulemaking, to the extent that they do not conflict with section 222. The Commission also asked parties to address whether privacy, competitive concerns, or other considerations justified the retention of our existing CPNI requirements, what the costs and benefits of retaining these CPNI requirements would be, and how changing our CPNI requirements might influence other nonstructural safeguards adopted prior to the 1996 Act. In the event the Commission concluded that we should continue to subject the BOCs, AT&T, and GTE to CPNI requirements that are more restrictive than those applicable to other carriers, the Commission sought comment on whether such differential treatment should be permanent or limited in duration and, if limited, what sunset provisions should apply. 178. The Commission also tentatively concluded that AT&T's recent classification as a non-dominant carrier for domestic services, and its plan to separate its equipment business from its telecommunications service business, justified removal of our CPNI requirements as to it. The Commission asked whether AT&T continues to possess a competitive advantage with respect to access to and use of customer CPNI, and whether privacy concerns, competitive concerns, or any other considerations justify special regulatory treatment of AT&T with regard to CPNI. 179. Several parties argue that our existing Computer III CPNI framework for the BOCs and GTE is unnecessary and should be eliminated. AT&T and LDDS Worldcom argue that, in any event, the Commission's existing CPNI requirements should not continue to apply to AT&T because it has been classified as nondominant. Other parties argue that we should retain the Computer III CPNI requirements for the BOCs and GTE, and additionally for AT&T. Several of these commenters further contend that we should extend some or all of the preexisting requirements to carriers other than AT&T, the BOCs, and GTE. 2. Discussion 180. We conclude that retaining the Computer III CPNI requirements, applicable solely to the BOCs, AT&T and GTE, would produce no discernable competitive protection, and would be confusing to both carriers and customers. The statutory scheme we implement in this order effectively replaces our Computer III CPNI framework in all material respects. For example, like under the Computer III CPNI framework, our new scheme establishes the extent that carriers, including AT&T, the BOCs, and GTE, must notify customers of their CPNI rights, obtain customer approval before using CPNI for marketing purposes, and accommodate customer requests for partial or temporary restrictions on access to CPNI. We also set forth under the new scheme the circumstances under which carriers, including AT&T, the BOCs, and GTE, must make individually identifiable and aggregate CPNI available upon request. 181. The legislative history is silent on the issue of the Computer III requirements. Some commenters argue that we should interpret Congress' silence as indicating its intention that the Computer III CPNI requirements be retained. Other parties argue that the silence indicates the intention that the existing framework be eliminated. Because Congress offered no explanation on this point, we do not find the history helpful either way. Rather, we find that the rules we implement in this order satisfy the concerns upon which the Computer III framework is based, and therefore we replace them with the new scheme. We note that, although we eliminate our Computer III approval and notification requirements, as requested by several carriers, the rules we implement herein are actually more in line with those endorsed by carriers urging us to retain our prior framework in which the BOCs, AT&T, and GTE provide notification to their multi-line business customers, and need prior authorization in the case of twenty or more lines. 182. We are persuaded that the competitive and privacy concerns upon which the Computer III CPNI framework rests are fully addressed by our new CPNI scheme, and that, continued retention of our Computer III CPNI framework would produce no additional benefit. Indeed, in two important respects, the rules we promulgate herein implementing section 222 afford information services providers and CPE suppliers greater protection from carriers' anticompetitive CPNI use. First, the new scheme applies to all carriers, and in so doing, extends the scope of protection consistent with section 222. We believe applying our new CPNI rules to all carriers generally furthers the objective of section 222 of safeguarding customer privacy. 183. Second, several of the new scheme's CPNI requirements operate to make carriers' anticompetitive use of CPNI more difficult. Unlike the Computer III CPNI framework, which requires customer authorization only from businesses with over twenty lines, we now require that all carriers obtain customer approval from all customers, including small businesses and residential customers with any number of lines, before carriers can use CPNI to market information services or CPE. Although the Computer III CPNI framework affords customers the right to restrict access to their CPNI records, whereas under our new scheme the customer's right is to withhold approval, the result nevertheless is the same -- the customer has the right to control whether a carrier uses, discloses, or permits access to its CPNI. Indeed, in contrast with the Computer III CPNI framework, which generally permits CPNI use unless and until the customer affirmatively acts to restrict, our new scheme prohibits carriers from using CPNI unless and until they obtain customer approval, and in this way offers customers greater control. Moreover, we conclude that carriers must notify all customers of their CPNI rights under our new scheme, not merely their multi-line business customers as is required under the Computer III CPNI framework. This notice requirement, therefore, similarly affords greater competitive protections. Finally, by its terms, section 222(c)(3) extends the obligation to provide non-discriminatory access to aggregate customer information, when used for purposes outside of the provision of the customer's total service offering, to all LECs, not just the BOCs and GTE. Thus, under section 222(c)(3), information service providers and CPE suppliers are entitled to competitively useful aggregate information from more carriers than they had been in the past. In these ways, the new scheme is more protective of competitive and privacy interests than currently exists under the Computer III CPNI framework. We thus find no competitive or privacy justification at this time to retain our former framework. 184. Nor will the elimination of the Computer III CPNI framework weaken other nonstructural safeguards. We agree with Ameritech, PacTel and GTE that the Commission's other Computer III requirements are independent of CPNI regulation, and would continue to prohibit discriminatory network access and protect against any alleged "bottleneck" leverage. Finally, we conclude that, insofar as we eliminate the Computer III CPNI requirements, carriers' ONA and CEI plans no longer have to address CPNI. C. BOC Cellular CPNI Rule 22.903(f) and Computer II Rule 64.702(d)(3) 1. Background 185. Under section 22.903(f) of the Commission's rules, BOCs may not provide CPNI to their cellular affiliates unless the information is made publicly available on the same terms and conditions. The Commission invited comment in the CMRS Safeguards Notice on whether rule 22.903(f) should be eliminated in light of section 222 of the Act. The Commission expressly retained the rule in the CMRS Safeguards Order pending the resolution of CPNI issues in this proceeding. 186. Established in the context of the Computer II proceeding, and similar to rule 22.903(f), rule 64.702(d)(3) prohibits common carriers from sharing CPNI with their structurally separate enhanced services and CPE affiliates unless the CPNI is made publicly available. In the Notice in this proceeding, the Commission sought comment generally on whether we should retain the current CPNI rules which were developed in a series of Commission proceedings in connection with the BOCs, AT&T and GTE's provision of enhanced services and CPE, including, among others, Computer II. 187. Several commenters argue that continued retention of the BOC CPNI cellular rule 22.903(f) is important because CPNI derived from former monopoly local exchange operations provides BOCs with an advantage in assisting their CMRS affiliates, and unless this information is also made available to non-LEC-affiliated entities, competition is undermined. No commenter specifically supports continued retention of rule 64.702(d)(3), although many commenters generally argue that all of our existing CPNI regulations, of which rule 64.702(d)(3) is a part, should remain. In contrast, the BOCs and GTE argue that we should eliminate rule 22.903(f), and all of the Commission's other pre-1996 Act rules (e.g., Computer II and Computer III CPNI regulations) because section 222 and its implementing regulations now govern a carrier's use of CPNI in the context of all telecommunications services, including cellular and other CMRS offerings. 2. Discussion 188. We conclude that we should eliminate both rules 22.903(f) and 64.702(d)(3). We described supra that BOCs do not have additional obligations under sections 272 and 274 of the Act when they share local service CPNI with their statutory affiliates. For these reasons, we likewise believe that the new scheme implemented in this order comprehensively replaces these additional obligations. This new paradigm appropriately and sufficiently protects customers' privacy interests as well as competitors' concerns when carriers, including BOCs, share CPNI with their CMRS, information services and CPE affiliates. Specifically, carriers are prohibited from using or disclosing CPNI derived from either their local or long distance service to target customers that they wish to market CMRS offerings, unless the customer approves, or unless the customer is also an existing CMRS customer. This new scheme protects against anticompetitive use of CPNI. Replacing 22.903(f) with the new scheme also more appropriately extends the anticompetitive mechanisms of section 222 to all LECs, not just BOCs, and in connection with all CMRS, not just cellular service. Carriers are also not permitted to use CPNI in connection with CPE and most information services absent customer approval. In contrast, retaining rule 22.903(f) would likely result either in BOCs electing not to share CPNI with their CMRS affiliate, to avoid the requirement that they give the information to competitors, or in disclosure on terms that may undermine customers' privacy and customer convenience goals. These likewise would be the same options faced by carriers when they sought to share CPNI with their CPE or information service affiliates should we retain rule 64.702(d)(3). Neither result would further the policies of section 222. 189. We also reject parties' alternative argument, raised in connection with rule 22.903(f), that we exercise our general authority to require that LECs only disclose CPNI to their CMRS providers upon the customer's written approval that has been gathered by the affiliate, not the LEC. At this time, the record does not support the view that additional requirements would be necessary. Such a written approval requirement imposes an additional burden on carriers and inconveniences the customer. Moreover, as discussed below, we are persuaded that the safeguards we announce in this order protect carriers' competitive concerns, as well as customers' interests, such that modification of our rule would be both unnecessary and unwise. D. Safeguards Under Section 222 1. Background 190. To ensure compliance with our Computer III framework, we have considered a variety of safeguards, consisting both of "access" and "use" restrictions. As a general matter, access restrictions prohibit carrier personnel from physically accessing customer records, and include personnel restrictions, such as separate marketing sales forces authorized to access CPNI, as well as network password/I.D. restrictions. With use restrictions, in contrast, employees are able to access customer records, but they are given clear guidelines as to when CPNI use is, and is not, permitted. Use restrictions rely on employee training and software "flags" which indicate, for example, whether customer approval to use CPNI for marketing purposes has been secured. 191. The Commission tentatively concluded in the Notice that "all telecommunications carriers must establish effective safeguards to protect against unauthorized access to CPNI by their employees or agents, or by unaffiliated third parties." The Commission sought specific comment on whether the Computer III safeguards should continue to apply to the BOCs, AT&T, and GTE, whether they should be extended to other carriers, as well as what other safeguards may be necessary. The Commission also required that "AT&T, the BOCs and GTE must maintain any previously approved mechanisms (i.e., computer password systems, filing mechanisms) to restrict unauthorized internal access to CPNI." The Commission proposed waiting to specify safeguards for telecommunications carriers not currently subject to the Computer III requirements, but encouraged these carriers to consider applying the Computer III restrictions to fulfill their obligation to develop effective safeguards. The Commission further noted, however, that should the record indicate a need for safeguards applicable to all carriers, the Commission would adopt them. 192. All of the commenters generally agree with our conclusion that carriers must establish safeguards pursuant to section 222 to protect against unapproved use of CPNI. Several carriers assert that they should be permitted to select the means or safeguards they deem appropriate. Others propose that we adopt specific safeguards. In addition, several of the commenters argue that our safeguards should distinguish among carriers and that we should continue to apply the Computer III safeguards to the BOCs, AT&T, and GTE alone. In contrast, other commenters claim we should eliminate all vestiges of Computer III, including its safeguards, in light of the enactment of section 222. 2. Discussion 193. We confirm our tentative conclusion that the Computer III safeguards, as they currently operate, should not be applied to other carriers. Insofar as the statutory scheme we implement in this order fully supplants our Computer III CPNI framework, we are further persuaded that we should likewise not retain the CPNI safeguards designed to ensure compliance within the Computer III framework. The record nevertheless supports the need to specify safeguards to prevent unapproved use, disclosure, and access to customer CPNI by carrier personnel and unaffiliated entities under the new scheme. We agree with commenters expressing concern regarding carrier incentives to use CPNI for marketing purposes as well as the potential for anticompetitive behavior. In light of these concerns, we reject suggestions that we generally limit our CPNI requirement to, or impose different CPNI requirements on, large or incumbent carriers. Although local exchange and other incumbent carriers may have more potential for anticompetitive use of CPNI because of their large customer base, we believe competitive concerns raised in the record are addressed generally more effectively by applying our new CPNI scheme to all carriers. As several parties observe, privacy is a concern which applies regardless of carrier size or market share. Indeed, Congress intended for all carriers to safeguard customer information. Therefore, we reject proposals that we generally should limit our new CPNI rules to, or impose different CPNI requirements on, large or incumbent carriers. 194. We recognize, however, that our new CPNI scheme will impose some additional burdens on carriers, particularly carriers not previously subject to our Computer III CPNI requirements. We believe, however, that these requirements are not unduly burdensome. All carriers must expend some resources to protect certain information of their customers. Indeed, section 222(a) specifically imposes a protection duty; "[e]very telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunications carries, equipment manufacturers, and customers." In addition, for carriers that offer only one service, such as local exchange, the CPNI requirements are minimal, and thus, not overly burdensome. Moreover, although we believe different rules are not generally necessary for small or rural carriers, we note that such carriers may seek a waiver of our new CPNI rules if they can show that our rules would be unduly burdensome, and propose alternative methods for safeguarding the privacy of their customers, consistent with section 222. 195. Access Restrictions. We decline to require restrictions that would prohibit carrier personnel from accessing CPNI of customers who have either failed, or expressly declined, to give requisite approval for carrier use of CPNI for marketing purposes. Although access restrictions offer considerable protection against carrier CPNI misuse, we nevertheless agree with those parties that contend that such restrictions are inconsistent with the statutory language and impractical and unnecessary under the statutory scheme. We conclude that general access restrictions are not compatible with the exception set forth in section 222(d)(3), which expressly permits carriers to use CPNI for marketing purposes when customers so approve during inbound calls. Access restrictions preclude any dynamic override capability that would permit marketing employees to access records upon receiving customer approval. According to various commenters, in a password/I.D. system, personnel either have access to the entire customer service record or do not have access. Our existing password/I.D. restriction, applied to the new statutory scheme would mean that carrier representatives would not be able to market additional services to a customer during an inbound call. Rather, the customer who had initiated the call would have to be transferred to another carrier representative with password clearance to access the customer's records for marketing purposes. This system inconveniences the customer as well as burdens the carrier-customer dialogue, in conflict with the language and purpose of section 222(d)(3). 196. Conversely, we do not believe that the language in section 222(c)(1) requires that we adopt access restrictions. Although section 222(c)(1)(A) prohibits carriers from "[permitting] access to individually identifiable [CPNI]," we interpret this language to obligate carriers to establish sufficient protections against external parties gaining access to customer databases. We agree with Ameritech that the limitations on the access of CPNI apply solely to entities outside of the carrier's organization, whereas the use and disclosure restrictions apply to the carrier. Because customer information is competitively valuable, marketplace forces will ensure that carriers, as a part of normal operating procedures, will protect against unaffiliated entities acquiring access to their customer information. Thus, although we require carriers to establish procedures to protect against unauthorized access to CPNI from unrelated entities, we decline at this time to establish specific restrictions. 197. Moreover, a mechanical access system is expensive to establish and to maintain. Because we find that section 222 applies to all telecommunications carriers, and in contexts beyond CPE and enhanced services markets, any access restriction requirement under section 222 would represent a considerable expansion of the existing Computer III regulatory framework. We are not persuaded that the increased protection afforded through access restrictions or separate marketing personnel would justify the additional expense of such a system, which would be borne by all carriers, including those medium and small sized carriers that have never before been subject to CPNI regulation. Such a requirement may produce inefficiencies particularly for small carriers, and may thereby dampen competition by increasing the costs of entry into telecommunications markets. We conclude that use restrictions, as described below, can and will be effective when coupled with personnel training. In addition, they promote customer convenience and permit carriers to operate more efficiently with less regulatory interference. 198. Use Restrictions and Personnel Training. We specifically require that carriers develop and implement software systems that "flag" customer service records in connection with CPNI. Carriers have indicated that their systems could be modified relatively easily to accommodate such CPNI "flags." The flag must be conspicuously displayed within a box or comment field within the first few lines of the first computer screen. The flag must indicate whether the customer has approved the marketing use of his or her CPNI, and reference the existing service subscription. In conjunction with such software systems, we require that all employees with access to customer records be trained as to when they can and cannot access the customer's CPNI. Carriers must also maintain internal procedures to handle employees that misuse CPNI contrary to the carriers' stated policy. These requirements represent minimum guidelines that we believe most carriers can readily implement and that are not overly burdensome. 199. Access Documentation. To encourage carrier compliance with our CPNI restrictions and to ensure a method of verification in the event of a subsequent dispute, we require that carriers maintain an electronic audit mechanism that tracks access to customer accounts. The system must be capable of recording whenever customer records are opened, by whom, and for what purpose. We believe awareness of this "audit trail" will discourage unauthorized, "casual" perusal of customer accounts, as well as afford a means of documentation that would either support or refute claimed deliberate carrier CPNI violations. Such access documentation will not be overly burdensome because many carriers maintain such capabilities to track employee use of company resources for a variety of business purposes unrelated to CPNI compliance, such as to document the volume of computer and database use, as well as for personnel disciplinary matters. We further require that carriers maintain such contact histories for a period of at least one year to ensure a sufficient evidentiary record for CPNI compliance and verification purposes. 200. Supervisory Review for Outbound Marketing Campaigns. In addition to the electronic use restrictions, personnel training, and access documentation, we require carriers to establish a supervisory review process that ensures compliance with CPNI restrictions when conducting outbound marketing. Although supervisory review would neither be convenient nor practical when customers initiate a service call (i.e., in the inbound marketing context), we believe that such review is fully warranted in connection with outbound marketing campaigns. There is both less likelihood that customers will detect CPNI violations and greater incentive for sales employees to misuse CPNI when the dialogue with the customer is initiated by the carrier. Indeed, a major focus of outbound sales representatives is on the acquisition of new customers rather than on the retention of, and service to, current customers. Accordingly, we require that sales personnel obtain supervisory review of any proposed request to use CPNI for outbound marketing purposes. Requiring prior supervisory review of marketing plans will safeguard against over-zealous sales representatives, as well as afford a subsequent means of verifying CPNI compliance. Moreover, insofar as marketing plans are presently developed, reviewed and maintained as a matter of sound business practice, our requirement should not be burdensome to carriers. As MCI explains, "event histories" (like contact histories) are routinely evaluated by carriers to determine the success of marketing campaigns. We require carriers to maintain a record of these event histories for at least one year from the date of the marketing campaign. 201. Corporate Certification. Finally, we agree with AirTouch that corporate certification is an appropriate and effective additional safeguard. Accordingly, we require each carrier to submit a certification signed by a current corporate officer, as an agent of the corporation, attesting that he or she has personal knowledge that the carrier is in compliance with our CPNI requirements on an annual basis. This certification must be made publicly available, and be accompanied by a statement explaining how the carrier is implementing our CPNI rules and safeguards. 202. Additional requirements. The Commission will enforce all rules announced in this order upon their effective date. Because carriers may need time to conform their data systems and operations to comply with the software flags and electronic audit mechanisms required under this order, however, we will not seek enforcement of these specific safeguard rules for a period of eight months from the date these rules become effective. After that time, we authorize the Chief of the Common Carrier Bureau to undertake enforcement actions when necessary and appropriate, and, to the extent that carrier behavior justifies requirements beyond those outlined herein, to establish additional safeguards. This delegation to the Common Carrier Bureau will facilitate the handling of CPNI compliance issues in an expedited manner. IX. FURTHER NOTICE OF PROPOSED RULEMAKING 203. Implementation of Sections 222(a) and (b). The Commission in the Notice focused on issues relating to the implementation of sections 222(c)-(f). Based on various responses from parties, we now seek further comment on three general issues that principally involve carrier duties and obligations established under sections 222(a) and (b) of the Act. Specifically, section 222(a) requires telecommunications carriers "to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier." Section 222(b) provides that "a telecommunications carrier that receives or obtains proprietary information from another carrier for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts." A. Customer Right to Restrict Carrier Use of CPNI for Marketing Purposes 204. Section 222(c)(1) prohibits carriers from using, disclosing, or permitting access to CPNI without customer approval for purposes other than those expressly provided in sections 222(c)(1)(A) and (B), and those in connection with the exceptions established in sections 222(d)(1)-(3). Section 222, however, is silent on whether a customer has the right to restrict a telecommunications carrier from using, disclosing, or permitting access to CPNI within the circumstances defined by subsections 222(c)(1)(A) and (B). While the Notice referred to customers' "rights to restrict access to their CPNI," it did so in the context of when carriers must seek approval for CPNI use for purposes outside the scope of the exceptions in sections 222(c)(1)(A) and (B). 205. One view is that customers should be able to restrict carrier use of CPNI for all marketing purposes, even within the customer's total service offering. This position may be supported by the privacy protection in section 222(a), which imposes on every telecommunications carrier "a duty to protect the confidentiality of proprietary information of, and relating to . . . customers . . . ," as well as by the principle of customer control implicitly embodied in section 222(c). In addition, interpreting section 222 to permit customers to restrict all marketing use of CPNI could be viewed as furthering the privacy- competition balance struck in section 222, insofar as such a right would allow customers to prevent carrier marketing practices that they found objectionable as their service relationship with the carrier grew. Under this view, the only limitations on the customer's right to restrict uses of CPNI within sections 222(c)(1)(A) and (B) arguably would be those "required by law" in accordance with section 222(c)(1), as well as those set forth in section 222(d). We seek comment on this issue of whether customers have a right to restrict all marketing uses of CPNI. Parties supporting a particular interpretation should state the statutory as well as policy basis for their conclusion and should demonstrate why other conclusions are not justified. B. Protections for Carrier Information and Enforcement Mechanisms 206. We seek comment on what, if any, safeguards are needed to protect the confidentiality of carrier information, including that of resellers and information service providers, that are in addition to those adopted in this accompanying order. We note that Congress expressly protected carrier information in section 222(a), as well as in the specific limitations on the use of that information in section 222(b). We believe that Congress' goals of promoting competition and preserving customer privacy will be furthered by protecting the competitively-sensitive information of other carriers, including resellers and information service providers, from network providers that gain access to such information through their provision of wholesale services. Therefore, we seek comment on what, if any, additional regulations or safeguards are necessary to further this goal. These safeguards, for example, may include personnel and mechanical access restrictions. Parties identifying specific safeguards should comment explicitly on the costs and benefits of imposing such regulation. 207. We also seek comment on what, if any, further enforcement mechanisms we should adopt to ensure carrier compliance with our rules, or that may be necessary to encourage appropriate carrier discharge of their duty under section 222(a) to protect the confidentiality of customer information. We note, for example, that the Commission in other proceedings has sought to compensate carriers who have become victims of anticompetitive behavior, as well as to streamline and update the formal complaint process in order to promote the policies of the 1996 Act. Parties identifying specific enforcement mechanisms should comment explicitly on the costs and benefits of imposing such regulation. C. Foreign Storage of, and Access to, Domestic CPNI 208. The Federal Bureau of Investigation (FBI) asks the Commission to regulate the foreign storage of, and foreign-based access to, CPNI of U.S. customers who subscribe to domestic telecommunications services (domestic CPNI). The FBI contends that vital law enforcement, public safety, national security, business, and personal privacy reasons justify a prohibition under section 222 on carriers storing domestic CPNI in foreign countries, for any purpose, including billing and collection. The FBI further maintains that permitting direct foreign access or foreign-storage of CPNI would seriously undermine important U.S. governmental, business, and privacy-based protections afforded to CPNI under other international and bilateral treaties. According to the FBI, the Commission has the authority to prohibit such foreign storage or access based upon our jurisdiction conferred in section 222. We seek comment on the FBI's proposal. In particular, we seek comment on whether the duty in section 222(a) upon all telecommunications carriers to protect the confidentiality of customers' CPNI, or any other provision, permits and/or requires us to prohibit the foreign storage or access to domestic CPNI. 209. As an exception to this administrative prohibition, the FBI suggests that foreign storage or access to domestic CPNI may be permitted upon informed written customer approval. When a U.S. domestic customer consents to having his or her CPNI stored or accessed from a foreign country, the FBI further proposes, however, that we require carriers to keep a copy of that customer's CPNI record within the U.S. for public safety, law enforcement, and national security reasons, so that such information is available promptly to law enforcement. We seek comment on whether requiring written customer consent to store or access CPNI from a foreign country and maintaining duplicate CPNI records in the U.S are necessary to protect customer confidentiality under section 222(a) or any other provision. 210. Finally, the FBI also requests that we require carriers to maintain copies of the CPNI of all U.S.-based customers, regardless of whether they are U.S. domestic customers, because of the need for prompt, secure, and confidential law enforcement, public safety, or national security access to such information, pursuant to lawful authority. The FBI cites the need of such information for investigations and as trial evidence. We seek comment on this proposal. X. PROCEDURAL ISSUES A. Second Report and Order 1. Final Regulatory Flexibility Analysis 211. As required by the Regulatory Flexibility Act (RFA), 5 U.S.C.  603, an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the Notice. The Commission sought written public comment on the proposals in the Notice, including the IRFA. The Commission's Final Regulatory Flexibility Analysis (FRFA) in this Second Report and Order conforms to the RFA, as amended by the Contract With America Advancement Act of 1996 (CWAAA), Pub. L. No. 104-121, 110 Stat. 847 (1996). a. Need for and Objectives of the Proposed Rules 212. The Commission, in compliance with section 222 of the 1996 Act, promulgates rules in this order to reflect Congress' directive to balance the competitive and customer privacy interests associated with the use and protection of customer proprietary network information (CPNI), while fully considering the impact of these requirements on small carriers. This order reflects the statutory principle that customers must have the opportunity to protect the information they view as sensitive and personal from use and disclosure by carriers. As a general matter, we find that customer approval for carriers to use, disclose, or permit access to CPNI is inferred from the existing customer-carrier relationship; therefore, we conclude that such consent should be limited to the "total service offering" to which the customer subscribes from a carrier. To preserve the customer's control over the dissemination of sensitive information, we require an express approval requirement for the use of CPNI beyond the total service offering to which the customer subscribes from a carrier. While these rules permit customers to decide whether and to what extent their CPNI is used, they also restrict carriers' anticompetitive use of CPNI. b. Summary of Significant Issues Raised by the Public Comments in Response to the IRFA 213. In the IRFA, the Commission generally stated that any rule changes that might occur as a result of this proceeding could impact small business entities. Specifically, in the IRFA, the Commission indicated there were no reporting, recordkeeping, or other compliance requirements. The IRFA solicited comment on alternatives to our proposed rules that would minimize the impact on small entities consistent with the objectives of this proceeding. In response we received no comments specifically directed to the IRFA. As noted infra Part X.A.1.e of this FRFA, in making the determinations reflected in this order, we have given consideration to those comments of the parties that addressed the impact of our proposed rules on small entities. c. Description and Estimate of the Number of Small Entities to Which Rules Will Apply 214. The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that will be affected by our rules. The RFA generally defines the term "small entity" as having the same meaning as the terms "small business," "small organization," and "small governmental jurisdiction." For the purposes of this order, the RFA defines a "small business" to be the same as a "small business concern" under the Small Business Act, 15 U.S.C.  632, unless the Commission has developed one or more definitions that are appropriate to its activities. Under the Small Business Act, a "small business concern" is one that: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) meets any additional criteria established by the Small Business Administration (SBA). The SBA has defined a small business for Standard Industrial Classification (SIC) categories 4812 (Radiotelephone Communications) and 4813 (Telephone Communications, Except Radiotelephone) to be small entities when they have no more than 1,500 employees. We first discuss generally the total number of small telephone companies falling within both of those SIC categories. Then, we discuss the number of small businesses within the two subcategories, and attempt to refine further those estimates to correspond with the categories of telephone companies that are commonly used under our rules. 215. Although affected incumbent local exchange carriers (ILECs) may have no more than 1,500 employees, we do not believe that such entities should be considered small entities within the meaning of the RFA because they either are dominant in their field of operations or are not independently owned and operated, and are therefore by definition not "small entities" or "small business concerns" under the RFA. Accordingly, our use of the terms "small entities" and "small businesses" does not encompass small ILECs. Out of an abundance of caution, however, for regulatory flexibility analysis purposes, we will separately consider small ILECs within this analysis and use the term "small ILECs" to refer to any ILECs that arguably might be defined by SBA as "small business concerns." 216. Total Number of Telephone Companies Affected. The United States Bureau of the Census (the Census Bureau) reports that at the end of 1992, there were 3,497 firms engaged in providing telephone services, as defined therein, for at least one year. This number contains a variety of different categories of carriers, including local exchange carriers, interexchange carriers, competitive access providers, cellular carriers, mobile service carriers, operator service providers, pay telephone operators, PCS providers, covered SMR providers, and resellers. It seems certain that some of those 3,497 telephone service firms may not qualify as small entities because they are not "independently owned and operated." For example, a PCS provider that is affiliated with an interexchange carrier having more than 1,500 employees would not meet the definition of a small business. It seems reasonable to conclude, therefore, that fewer than 3,497 telephone service firms are either small entities or small incumbent LECs that may be affected by this order. 217. Wireline Carriers and Service Providers. The SBA has developed a definition of small entities for telephone communications companies other than radiotelephone (wireless) companies. The Census Bureau reports there were 2,321 such telephone companies in operation for at least one year at the end of 1992. According to the SBA's definition, a small business telephone company other than a radiotelephone company is one employing fewer than 1,500 persons. All but 26 of the 2,321 non-radiotelephone companies listed by the Census Bureau were reported to have fewer than 1,000 employees. Thus, even if all 26 of those companies had more than 1,500 employees, there would still be 2,295 non-radiotelephone companies that might qualify as small entities or small incumbent LECs. Although it seems certain that some of these carriers are not independently owned and operated, we are unable at this time to estimate with greater precision the number of wireline carriers and service providers that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that fewer than 2,295 small entity telephone communications companies other than radiotelephone companies are small entities or small ILECs that may be affected by this order. 218. Local Exchange Carriers. Neither the Commission nor the SBA has developed a definition of small providers of local exchange services. The closest applicable definition under the SBA's rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of LECs nationwide of which we are aware appears to be the data that we collect annually in connection with the Telecommunications Relay Service (TRS). According to our most recent data, 1,371 companies reported that they were engaged in the provision of local exchange services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, or are dominant we are unable at this time to estimate with greater precision the number of LECs that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that fewer than 1,371 small providers of local exchange service are small entities or small ILECs that may be affected by this order. 219. Interexchange Carriers. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to providers of interexchange services (IXCs). The closest applicable definition under the SBA's rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of IXCs nationwide of which we are aware appears to be the data that we collect annually in connection with TRS. According to our most recent data, 143 companies reported that they were engaged in the provision of interexchange services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of IXCs that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 143 small entity IXCs that may be affected by this order. 220. Competitive Access Providers. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to providers of competitive access services (CAPs). The closest applicable definition under the SBA's rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of CAPs nationwide of which we are aware appears to be the data that we collect annually in connection with the TRS. According to our most recent data, 109 companies reported that they were engaged in the provision of competitive access services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of CAPs that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 109 small entity CAPs that may be affected by this order. 221. Operator Service Providers. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to providers of operator services. The closest applicable definition under the SBA's rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of operator service providers nationwide of which we are aware appears to be the data that we collect annually in connection with the TRS. According to our most recent data, 27 companies reported that they were engaged in the provision of operator services. Although it seems certain that some of these companies are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of operator service providers that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 27 small entity operator service providers that may be affected by this order. 222. Pay Telephone Operators. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to pay telephone operators. The closest applicable definition under the SBA's rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of pay telephone operators nationwide of which we are aware appears to be the data that we collect annually in connection with the TRS. According to our most recent data, 441 companies reported that they were engaged in the provision of pay telephone services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of pay telephone operators that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 441 small entity pay telephone operators that may be affected by this order. 223. Wireless Carriers. The SBA has developed a definition of small entities for radiotelephone (wireless) companies. The Census Bureau reports that there were 1,176 such companies in operation for at least one year at the end of 1992. According to the SBA's definition, a small business radiotelephone company is one employing no more than 1,500 persons. The Census Bureau also reported that 1,164 of those radiotelephone companies had fewer than 1,000 employees. Thus, even if all of the remaining 12 companies had more than 1,500 employees, there would still be 1,164 radiotelephone companies that might qualify as small entities if they are independently owned are operated. Although it seems certain that some of these carriers are not independently owned and operated, we are unable at this time to estimate with greater precision the number of radiotelephone carriers and service providers that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 1,164 small entity radiotelephone companies that may be affected by this order. 224. Cellular Service Carriers. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to providers of cellular services. The closest applicable definition under the SBA's rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of cellular service carriers nationwide of which we are aware appears to be the data that we collect annually in connection with the TRS. According to our most recent data, 804 companies reported that they were engaged in the provision of cellular services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of cellular service carriers that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 804 small entity cellular service carriers that may be affected by this order. 225. Mobile Service Carriers. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to mobile service carriers, such as paging companies. The closest applicable definition under the SBA's rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of mobile service carriers nationwide of which we are aware appears to be the data that we collect annually in connection with the TRS. According to our most recent data, 172 companies reported that they were engaged in the provision of mobile services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of mobile service carriers that would qualify under the SBA's definition. Consequently, we estimate that there are fewer than 172 small entity mobile service carriers that may be affected by this order. 226. Broadband PCS Licensees. The broadband PCS spectrum is divided into six frequency blocks designated A through F, and the Commission has held auctions for each block. The Commission has defined small entity in the auctions for Blocks C and F as an entity that has average gross revenues of less than $40 million in the three previous calendar years. For Block F, an additional classification for "very small business" was added and is defined as an entity that, together with its affiliates, has average gross revenue of not more than $15 million for the preceding three calendar years. These regulations defining small entity in the context of broadband PCS auctions have been approved by the SBA. No small business within the SBA-approved definition bid successfully for licenses in Blocks A and B. There were 90 winning bidders that qualified as small entities in the Block C auctions. A total of 93 small and very small businesses won approximately 40 percent of the 1,479 licenses for Blocks D, E, and F. However, licenses for Blocks C through F have not been awarded fully; therefore, there are few, if any, small businesses currently providing PCS services. Based on this information, we conclude that the number of small broadband PCS licensees will include the 90 winning bidders and the 93 qualifying bidders in the D, E, and F Blocks, for a total of 183 small PCS providers as defined by the SBA and the Commission's auction rules. 227. Narrowband PCS Licensees. The Commission does not know how many narrowband PCS licenses will be granted or auctioned, as it has not yet determined the size or number of such licenses. Two auctions of narrowband PCS licenses have been conducted for a total of 41 licenses, out of which 11 were obtained by small businesses owned by members of minority groups and/or women. Small businesses were defined as those with average gross revenues for the prior three fiscal years of $40 million or less. For purposes of this FRFA, the Commission is utilizing the SBA definition applicable to radiotelephone companies, i.e., an entity employing no more than 1,500 persons. Not all of the narrowband PCS licenses have yet been awarded. There is therefore no basis to determine the number of licenses that will be awarded to small entities in future auctions. Given the facts that nearly all radiotelephone companies have fewer than 1,000 or fewer employees and that no reliable estimate of the number of prospective narrowband PCS licensees can be made, we assume, for purposes of the evaluations and conclusions in this FRFA, that all the remaining narrowband PCS licenses will be awarded to small entities. 228. SMR Licensees. Pursuant to 47 C.F.R.  90.814(b)(1), the Commission has defined "small entity" in auctions for geographic area 800 MHz and 900 MHz SMR licenses as a firm that had average annual gross revenues of less than $15 million in the three previous calendar years. This definition of a "small entity" in the context of 800 MHz and 900 MHz SMR has been approved by the SBA. The rules adopted in this order may apply to SMR providers in the 800 MHz and 900 MHz bands that either hold geographic area licenses or have obtained extended implementation authorizations. We do not know how many firms provide 800 MHz or 900 MHz geographic area SMR service pursuant to extended implementation authorizations, nor how many of these providers have annual revenues of less than $15 million. We assume, for purposes of this FRFA, that all of the extended implementation authorizations may be held by small entities, which may be affected by this order. 229. The Commission recently held auctions for geographic area licenses in the 900 MHz SMR band. There were 60 winning bidders who qualified as small entities in the 900 MHz auction. Based on this information, we conclude that the number of geographic area SMR licensees affected by the rule adopted in this order includes these 60 small entities. No auctions have been held for 800 MHz geographic area SMR licenses. Thus, no small entities currently hold these licenses. A total of 525 licenses will be awarded for the upper 200 channels in the 800 MHz geographic area SMR auction. The Commission, however, has not yet determined how many licenses will be awarded for the lower 230 channels in the 800 MHz geographic area SMR auction. Moreover, there is no basis on which to estimate how many small entities will win these licenses. Given that nearly all radiotelephone companies have fewer than 1,000 employees and that no reliable estimate of the number of prospective 800 MHz licensees can be made, we assume, for purposes of this FRFA, that all of the licenses may be awarded to small entities who, thus, may be affected by this order. 230. Resellers. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to resellers. The closest applicable definition under the SBA's rules is for all telephone communications companies. The most reliable source of information regarding the number of resellers nationwide of which we are aware appears to be the data that we collect annually in connection with the TRS. According to our most recent data, 339 companies reported that they were engaged in the resale of telephone services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of resellers that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 339 small entity resellers that may be affected by this order. d. Description of Projected Reporting, Recordkeeping and Other Compliance Requirements 231. In this Second Report and Order, if carriers choose to use CPNI to market service offerings outside the customer's existing service, we obligate these carriers to (1) obtain customer approval; (2) provide their customers a one-time notification of their CPNI rights prior to any solicitation for approval; and (3) maintain records of customer notification and approval, whether oral, written, or electronic. 232. We require carriers to develop and implement software systems that "flag" customer service records in connection with CPNI. The flag must be conspicuously displayed within a box or comment field within the first few lines of the first computer screen, and the flag must indicate whether the customer has approved the marketing use of his or her CPNI, and reference the existing service subscription. Also in connection with the software systems, carriers must implement internal standards and procedures informing employees when they are authorized to utilize CPNI. In addition, they must develop standards and procedures to handle employees who misuse CPNI. 233. We further require that carriers maintain an electronic audit mechanism that tracks access to customer accounts and is capable of recording whenever customer records are opened, by whom, and for what purpose. Carriers must maintain these "contact histories" for a period of at least one year to ensure a sufficient evidentiary record for CPNI compliance and verification purposes. Additionally, sales personnel must obtain supervisory review of any proposed request to use CPNI for outbound marketing purposes, to ensure compliance with CPNI restrictions when conducting such campaigns. 234. Finally, carriers must submit on an annual basis a certification signed by a current corporate officer, as an agent of the corporation, attesting that he or she has personal knowledge that the carrier has complied with the rules adopted in this order. The certification must be made publicly available, and be accompanied by a statement explaining how the carrier is implementing our CPNI rules and safeguards. e. Significant Alternatives and Steps Taken by Agency to Minimize Significant Economic Impact on a Substantial Number of Small Entities Consistent with Stated Objectives 235. After consideration of possible alternatives, we have concluded that our rules should apply equally to all carriers. Several parties in their comments address the impact of possible changes in our CPNI rules on small entities. As a general matter, various small entities express concern that, having never been required to comply with CPNI regulations in the past, any regulation that extends to them will impose immediate costs. Specifically, SBT argues that we should forbear from applying section 222(c)(1) to small businesses, and thereby permit their use of CPNI for all marketing purposes, because small entities need more flexibility to use CPNI to be competitive in the marketplace. SBT likewise opposes a three category approach, claiming it gives large carriers flexibility to develop and meet customers' needs, but may unnecessarily limit small business as competition grows. SBT maintains that small carriers could be competitively disadvantaged by any interpretation of section 222(c)(1)(A) other than the single category approach because a large carrier can base the design of a new offering on statistical customer data and market widely, while a small business can best meet specialized subscriber needs if it offers local, interexchange, and CMRS tailored to the specific subscriber. ALLTEL and SBC agree with USTA that a multiple category definition of telecommunications service would specifically burden small companies. 236. As we discussed in this order, we decline to forbear from applying section 222(c)(1) to small carriers because we are unpersuaded that customers of small businesses have less meaningful privacy interests in their CPNI. We believe that the total service approach furthers the balance of privacy and competitive considerations for all carriers and provides all carriers with flexibility in marketing their telecommunications products and services. Indeed, if SBT is accurate in its claim that small businesses typically have closer personal relationships with their customers, then small businesses likely would have less difficulty in obtaining customer approval to market services outside of a customer's existing service. Under the total service approach, carriers are able to use the customer's entire customer record in the course of providing the customer service, and no business is prohibited from meeting customer needs by offering tailored packages of local, interexchange, and CMRS with customer approval. Moreover, to the extent carriers do not choose to use CPNI for marketing purposes, or do not want to market new service categories, they do not need to comply with our approval or notice requirements. Finally, given our decisions to permit oral, written, or electronic approval under section 222(c)(1), and impose use rather than access restrictions, the total service approach addresses any concern that CPNI restrictions will disrupt the customer-carrier dialogue or the carriers' ability to provide full customer service. 237. Some commenters urge the Commission to adopt notification rules which would require dominant carriers to give their customers written notification of their CPNI rights, while smaller carriers or carriers in competitive markets would be permitted to give oral notification to its customers. We find no reason to impose a written notification requirement only on incumbent carriers. While competitive concerns may justify different regulatory treatment for certain carriers, we believe all customers, despite the size or identity of their carrier, have similar and important privacy concerns. 238. We also reject the suggestion by Arch, LDDS WorldCom, MCI, Sprint, and TCG that our rules in connection with CPNI safeguards be limited to large or incumbent carriers, as they had been previously. Rather, we maintain that Congress intended for all carriers to safeguard customer information, and that the safeguards we adopt today do not impose a greater administrative burden on small carriers. We remain unconvinced that the burdens of section 222 are so great on small carriers that they cannot comply with reasonable restrictions. Indeed, the mechanisms we require expressly factor commercial feasibility and practice into an appropriate regulatory framework, and represent minimum general requirements. We also find that the use of an electronic audit mechanism to track access to customer accounts is not overly burdensome because many carriers already maintain such capabilities for a variety of business purposes unrelated to CPNI. Carriers have indicated that such capabilities are important, for example, to track employee use of company resources, including computers and databases, as well as for personnel disciplinary purposes. The contact histories that we require carriers to maintain for a period of at least one year also should not be burdensome to carriers because carriers routinely evaluate these contact histories to determine the success of marketing campaigns. As we discuss in this order, we believe the safeguards we adopt in this order will afford carriers the flexibility in conforming their systems, operations, and procedures to assure compliance with our rules. Furthermore, in an effort to reduce, for all carriers, the administrative burden of compliance with our rules, we specifically decline to impose a password access restriction on carrier use of CPNI. We also conclude that use restrictions are less burdensome to all carriers, including medium and small sized carriers. We decline at this time to impose a requirement of separate marketing personnel on the basis that such a rule may produce inefficiencies particularly for small carriers, and thereby may dampen competition by increasing the costs of entry into telecommunications markets. 2. Paperwork Reduction Act Analysis 239. The Notice of Proposed Rulemaking from which this order issues proposed changes to the Commission's information collection requirements. As required by the Paperwork Reduction Act of 1995, Pub. L. No. 104-13, the Commission sought comment from the public and from the Office of Management and Budget (OMB) on the proposed changes. This Second Report and Order contains several new, proposed information collections. We describe our proposed collections as follows: 240. In this order, if carriers choose to use CPNI to market service offerings outside the customer's existing service, we obligate these carriers to obtain customer approval and document such approval through software "flags" on customer service records indicating whether the customer has approved or declined the marketing use of his or her CPNI when solicited. These requirements constitute new "collections of information" within the meaning of the Paperwork Reduction Act of 1995, 44 U.S.C.   3501-3520. Implementation of this requirement is subject to approval by the Office of Management and Budget as prescribed by the Paperwork Reduction Act. 241. Additionally, we require all telecommunications carriers that choose to solicit customer approval to provide their customers a one-time notification of their CPNI rights prior to any such solicitation. Pursuant to this one-time notification requirement, these carriers must maintain a record of such notifications. This requirement constitutes a new "collection of information" within the meaning of the Paperwork Reduction Act of 1995, 44 U.S.C.   3501-3520. Implementation of this requirement is subject to approval by the Office of Management and Budget as prescribed by the Paperwork Reduction Act. 242. All carriers must record whenever customer records are opened, by whom, and for what purpose, and maintain these contact histories for a period of at least one year. These requirements constitute new "collections of information" within the meaning of the Paperwork Reduction Act of 1995, 44 U.S.C.   3501-3520. Implementation of this requirement is subject to approval by the Office of Management and Budget as prescribed by the Paperwork Reduction Act. 243. Finally, we have adopted rules in this order requiring all telecommunications carriers to submit on an annual basis a certification signed by a current corporate officer attesting that he or she has personal knowledge that the carrier is in compliance with the rules we promulgated in this order, and to create an accompanying statement explaining how the carriers are implementing our rules and safeguards. Pursuant to this recordkeeping requirement, all telecommunications carriers must maintain in a publicly available file the compliance certificates and accompanying statements. This requirement constitutes a new "collection of information" within the meaning of the Paperwork Reduction Act of 1995, 44 U.S.C.   3501-3520. Implementation of all of these recordkeeping requirements are subject to approval by the Office of Management and Budget as prescribed by the Paperwork Reduction Act. B. Further Notice of Proposed Rulemaking 1. Ex Parte Presentations 244. This matter shall be treated as a "permit-but-disclose" proceeding in accordance with the Commission's ex parte rules. 47 C.F.R.  1.1200 et seq. Persons making oral ex parte presentations are reminded that memoranda summarizing the presentations must contain summaries of the substance of the presentations and not merely a listing of the subjects discussed. More than a one or two sentence description of the views and arguments presented is generally required. See 47 C.F.R.  1.1206(b)(2), as revised. Other rules pertaining to oral and written presentations are set forth in Section 1.1206(b) as well. 2. Initial Paperwork Reduction Act Analysis 245. This Further Notice contains either a proposed or modified information collection. As part of its continuing effort to reduce paperwork burdens, we invite the general public and the Office of Management and Budget (OMB) to take this opportunity to comment on the information collections contained in this Further Notice, as required by the Paperwork Reduction Act of 1995, Pub. L. No. 104-13. Public and agency comments are due at the same time as other comments on this Further Notice; OMB comments are due 60 days from the date of publication of this Further Notice in the Federal Register. Comments should address: (a) whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information shall have practical utility; (b) the accuracy of the Commission's burden estimates; (c) ways to enhance the quality, utility, and clarity of the information collected; and (d) ways to minimize the burden of the collection of information on the respondents, including the use of automated collection techniques or other forms of information technology. 3. Initial Regulatory Flexibility Act Analysis 246. As required by the Regulatory Flexibility Act (RFA), as amended, the Commission has prepared this present Initial Regulatory Flexibility Analysis (IRFA) of the expected significant economic impact on small entities by the policies and rules proposed in this Further Notice of Proposed Rulemaking (Further Notice). Written public comments are requested on this IRFA. Comments must be identified as responses to the IRFA and must be filed by the deadlines for comments on the Further Notice. The Commission will send a copy of the Further Notice, including this IRFA, to the Chief Counsel for Advocacy of the Small Business Administration. See 5 U.S.C.  603(a). In addition, the Further Notice and IRFA (or summaries thereof) will be published in the Federal Register. See id. a. Need for, and Objectives of, the Proposed Rules 247. The Commission is issuing the Further Notice to seek comment on whether customers may restrict a carrier's use of CPNI for all marketing purposes, even within sections 222(c)(1)(A) and (B). The Commission also seeks comment on what, if any, additional further safeguards may be needed to protect the confidentiality of carrier information, including that of resellers and information service providers, and on what further enforcement mechanisms, if any, should be adopted to ensure carrier compliance with the rules adopted pursuant to the Second Report and Order. The Commission seeks comment on whether the duty in section 222(a) upon all telecommunications carriers to protect the confidentiality of customers' CPNI, or any other provision, permits or requires the Commission to prohibit the foreign storage of, or access to domestic CPNI, as requested by the FBI based on their national security concerns. b. Legal basis 248. The Further Notice is adopted pursuant to Sections 1, 4(i), 222, and 303(r) of the Communications Act of 1934, as amended, 47 U.S.C.  151, 154(i), 222, and 303(r). c. Description and Estimate of the Number of Small Entities to Which the Proposed Rules will Apply 249. Consistent with our conclusions in the present Second Report and Order, our rules apply to all telecommunications carriers; therefore, any new rules or changes in our rules adopted as a result of the Further Notice might impact small entities, as described in the Final Regulatory Flexibility Analysis supra. For a list of the small entities to which the proposed rules would apply, see the Second Report and Order Final Regulatory Flexibility Analysis supra Part X.A.1.c (Description and Estimate of the Number of Small Entities to Which the Proposed Rules will Apply). We hereby incorporate that description and estimate into this IRFA. These entities include telephone companies, wireline carriers and service providers, local exchange carriers, interexchange carriers, competitive access providers, operator service providers, pay telephone operators, wireless carriers, cellular service carriers, mobile service carriers, broadband PCS licensees, narrowband PCS licensees, SMR licensees, and resellers. We discussed supra the number of small businesses falling within both of the SIC categories, and attempted to refine further those estimates to correspond with the categories of telephone companies that are commonly used under our rules. d. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements 250. Because we have not made any tentative conclusions or suggested proposed rules, we are unable at this time to describe any projected reporting, recordkeeping, or other compliance requirements. We have discussed generally in the Further Notice, supra Part IX, however, the possibility that such proposals, if adopted, might entail additional obligations for carriers. e. Steps Taken to Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered 251. As noted supra, we seek comment on whether customers may restrict a carrier's use of CPNI for all marketing purpose, and on what, if any, additional safeguards may be needed to protect the confidentiality of carrier information, as well as what further enforcement mechanisms, if any, should be adopted to ensure carrier compliance with our rules. In addition, we seek comment on whether the duty in section 222(a) upon all telecommunications carriers to protect the confidentiality of customers' CPNI, or any other provision, permits or requires the Commission to prohibit the foreign storage of, or access to domestic CPNI. Consistent with our rules in the Second Report and Order, our intent is to further the statutory principle that customers must have the opportunity to protect the information they view as sensitive and personal from use and disclosure by carriers. Because we have not proposed any rules, at this juncture, we are unable to forecast the economic impact on small entities. f. Federal Rules that May Duplicate, Overlap, or Conflict with the Proposed Rules 252. None 4. Comment Filing Procedures 253. Pursuant to applicable procedures set forth in Sections 1.415 and 1.419 of the Commission's rules, 47 C.F.R.  1.415, 1.419, interested parties may file comments on or before March 30, 1998, and reply comments on or before April 14, 1998. To file formally in this proceeding, you must file an original and six copies of all comments, reply comments, and supporting comments. If you want each Commissioner to receive a personal copy of your comments, you must file an original and eleven copies. Comments and reply comments should be sent to Office of the Secretary, Federal Communications Commission, 1919 M Street, N.W., Room 222, Washington, D.C., 20554, with a copy to Janice Myles of the Common Carrier Bureau, 1919 M Street, N.W., Room 544, Washington, D.C., 20554. Parties should also file one copy of any documents filed in this docket with the Commission's copy contractor, International Transcription Services, Inc., 1231 20th Street, N.W., Washington, D.C., 20036. Comments and reply comments will be available for public inspection during regular business hours in the FCC Reference Center, 1919 M Street, N.W., Room 239, Washington, D.C., 20554. 254. Comments and reply comments must include a short and concise summary of the substantive arguments raised in the pleading. Comments and reply comments must also comply with Section 1.49 and all other applicable sections of the Commission's Rules. We also direct all interested parties to include the name of the filing party and the date of the filing on each page of their comments and reply comments. All parties are encouraged to utilize a table of contents, regardless of the length of their submission. 255. Parties are also asked to submit comments and reply comments on diskette. Such diskette submissions would be in addition to and not a substitute for the formal filing requirements addressed above. Parties submitting diskettes should submit them to Janice Myles of the Common Carrier Bureau, 1919 M Street, N.W., Room 544, Washington, D.C., 20554. Such a submission should be on a 3.5 inch diskette formatted in an IBM compatible form using MS DOS 5.0 and WordPerfect 5.1 software. The diskette should be submitted in "read only" mode. The diskette should be clearly labeled with the party's name, proceeding, type of pleading (comment or reply comments) and date of submission. The diskette should be accompanied by a cover letter. 256. You may also file informal comments or an exact copy of your formal comments electronically via the Internet at . For information on filing comments via the Internet, please see . Only one copy of electronically-filed comments must be submitted. You must put the docket number of this proceeding in the body of the text if you are filing by Internet. You must note whether an electronic submission is an exact copy of formal comments on the subject line. You also must include your full name and Postal Service mailing address in your submission. XI. ORDERING CLAUSES 257. Accordingly, IT IS ORDERED that pursuant to Sections 1, 4(i), 222 and 303(r) of the Communications Act of 1934, as amended, 47 U.S.C.   151, 154(i), 222 and 303(r), a REPORT AND ORDER and FURTHER NOTICE OF PROPOSED RULEMAKING is hereby ADOPTED. 258. IT IS FURTHER ORDERED that, pursuant to our own motion, paragraph 222 of In the Matter of Implementation of the Non-Accounting Safeguards of Section 271 and 272 of the Communications Act of 1934, as amended, CC Docket No. 96-149, First Report and Order and Further Notice of Proposed Rulemaking, 11 FCC Rcd 21905 (1996), is hereby OVERRULED. 259. IT IS FURTHER ORDERED that the Commission's Office of Public Affairs, Reference Operations Division, SHALL SEND a copy of this SECOND REPORT AND ORDER and FURTHER NOTICE OF PROPOSED RULEMAKING, including the associated Final Regulatory Flexibility Analysis and Initial Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration, in accordance with paragraph 605(b) of the Regulatory Flexibility Act, 5 U.S.C. Section 601 et seq. (1981). 260. IT IS FURTHER ORDERED that Part 22 of the Commission's rules, 47 C.F.R. Section 22.903(f) and Part 64 of the Commission's rules, 47 C.F.R. Section 64.702(d)(3) are REMOVED as set forth in Appendix B hereto. 261. IT IS FURTHER ORDERED that Part 64 of the Commission's rules, 47 C.F.R. Section 64 is AMENDED as set forth in Appendix B hereto, effective 30 days after publication of the text thereof in the Federal Register, unless a notice is published in the Federal Register stating otherwise. The information collections contained within become effective 70 days after publication in the Federal Register, following OMB approval, unless a notice is published in the Federal Register stating otherwise. FEDERAL COMMUNICATIONS COMMISSION Magalie Roman Salas Secretary APPENDIX A -- LIST OF PARTIES SUBMITTING COMMENTS OR EX PARTES Ad Hoc Telecommunications Users Committee (Ad Hoc) AGI Publishing (AGI) AirTouch Communications, Inc. (AirTouch) Alarm Industry Communications Committee (AICC) ALLTEL Corporate Services, Inc. (ALLTEL) American Public Communications Council (APCC) America's Carrier Telecommunications Association (ACTA) Ameritech Corp. (Ameritech) Arch Communications Group, Inc. (Arch) Association for Local Telecommunications Services (ALTS) Association of Directory Publishers (ADP) Association of Telemessaging Services International (ATSI) AT&T Corp. (AT&T) Bell Atlantic Telephone Companies (Bell Atlantic) BellSouth Corporation (BellSouth) Cable & Wireless, Inc. (CWI) California Cable Television Association (CCTA) California Public Utilities Commission (California Commission) Cincinnati Bell Telephone (CBT) Comcast Cellular Communications, Inc. (Comcast) Competition Policy Instititute (CPI) Competitive Telecommunications Association (CompTel) Compuserve, Inc. (Compuserve) Computer Professionals for Social Responsibility (CPSR) Consolidated Communications, Inc. (Consolidated) Consumer Federation of America (CFA) Cox Enterprises, Inc. (Cox) Direct Marketing Associates (DMA) Directory Dividends Equifax, Inc. (Equifax) Excell Agent Services (Excell Agent) Excel Telecommunications, Inc. (Excel) Federal Bureau of Investigation (FBI) Frontier Corporation (Frontier) Anthony Genovesi, New York State Assemblyman GTE Service Corporation (GTE) Information Industry Association (IIA) Information Technology Association of America (ITAA) IntelCom Group (ICG) Intermedia Communications, Inc. (Intermedia) LDDS WorldCom Inc. (LDDS Worldcom) MCI Telecommunications Corporation (MCI) MFS Communications Company, Inc. (MFS) MobileMedia Communications, Inc. (MobileMedia) National Association of Regulatory Utility Commissioners (NARUC) National Telecommunications and Information Association (NTIA) National Telephone Cooperative Association and Organization for the Promotion and Advancement of Small Telephone Companies (NTCA/OPASTCO) New York Clearinghouse Association, Securities Industry Association, Bankers Clearinghouse, and Ad Hoc Telecommunications Users Committee (NYCA) New York State Department of Public Service (New York Commission) NYNEX Telephone Companies (NYNEX) Pacific Telesis Group (PacTel) Paging Network (PageNet) Pennsylvania Office of Consumer Advocate (PaOCA) SBC Communications, Inc. (SBC) Small Business in Telecommunications, Inc. (SBT) Southern New England Telephone Company (SNET) Sprint Corporation (Sprint) Sunshine Pages (Sunshine) Telecommunications Industry Association (TIA) Telecommunications Resellers Association (TRA) Teleport Communications Group, Inc. (TCG) Public Utility Commission of Texas (Texas Commission) United States Telephone Association (USTA) U S WEST, Inc. (U S WEST) Virgin Islands Telephone Corporation (VITELCO) Washington Utilities and Transportation Commission (Washington Commission) Wireless Technology Research, L.L.C. (WTR) Yellow Pages Publishers Association (YPPA) APPENDIX B -- FINAL RULES For the reasons set out in the preamble, 47 CFR Parts 22 and 64 are amended as follows: 1. AUTHORITY: 47 U.S.C. 1-5, 7, 201-05, 222. PART 22 -- PUBLIC MOBILE SERVICES 2. 22.903 [Remove]. PART 64 -- MISCELLANEOUS RULES RELATING TO COMMON CARRIERS 3. The table of contents for Part 64 is revised to read as follows: * * * * * Subpart U -- Customer Proprietary Network Information 4. 64.702 [Amended] In  64.702, remove paragraph (d)(3). 5. Subpart U is added to read as follows: Subpart U -- Customer Proprietary Network Information  64.2001 Basis and purpose. (a) Basis. These rules are issued pursuant to the Communications Act of 1934, as amended. (b) Purpose. The purpose of these rules is to implement section 222 of the Communications Act of 1934, as amended, 47 U.S.C. 222.  64.2003 Definitions. Terms used in this subpart have the following meanings: (a) Affiliate. An affiliate is an entity that directly or indirectly owns or controls, is owned or controlled by, or is under common ownership or control with, another entity. (b) Customer. A customer of a telecommunications carrier is a person or entity to which the telecommunications carrier is currently providing service. (c) Customer proprietary network information (CPNI). Customer proprietary network information (CPNI) is (1) information that relates to the quantity, technical configuration, type, destination, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the customer-carrier relationship; and (2) information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier. Customer proprietary network information does not include subscriber list information. (d) Customer premises equipment (CPE). Customer premises equipment (CPE) is equipment employed on the premises of a person (other than a carrier) to originate, route, or terminate telecommunications. (e) Information service. Information service is the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications, and includes electronic publishing, but does not include any use of any such capability for the management, control, or operation of a telecommunications system or the management of a telecommunications service. (f) Local exchange carrier (LEC). A local exchange carrier (LEC) is any person that is engaged in the provision of telephone exchange service or exchange access. For purposes of this subpart, such term does not include a person insofar as such person is engaged in the provision of commercial mobile service under 47 U.S.C. 332(c). (g) Subscriber list information (SLI). Subscriber list information (SLI) is any information (1) identifying the listed names of subscribers of a carrier and such subscribers' telephone numbers, addresses, or primary advertising classifications (as such classifications are assigned at the time of the establishment of such service), or any combination of such listed names, numbers, addresses, or classifications; and (2) that the carrier or an affiliate has published, caused to be published, or accepted for publication in any directory format. (h) Telecommunications carrier. A telecommunications carrier is any provider of telecommunications services, except that such term does not include aggregators of telecommunications services (as defined in 47 U.S.C. 226(a)(2)).  64.2005 Use of Customer Proprietary Network Information Without Customer Approval (a) Any telecommunications carrier may use, disclose, or permit access to CPNI for the purpose of providing or marketing service offerings among the categories of service (i.e., local, interexchange, and CMRS) already subscribed to by the customer from the same carrier, without customer approval. (1) If a telecommunications carrier provides different categories of service, and a customer subscribes to more than one category of service offered by the carrier, the carrier is permitted to share CPNI among the carrier's affiliated entities that provide a service offering to the customer. (2) If a telecommunications carrier provides different categories of service, but a customer does not subscribe to more than one offering by the carrier, the carrier is not permitted to share CPNI among the carrier's affiliated entities. (b) A telecommunications carrier may not use, disclose, or permit access to CPNI to market to a customer service offerings that are within a category of service to which the customer does not already subscribe to from that carrier, unless the carrier has customer approval to do so, except as described in paragraph (c) of this section. (1) A telecommunications carrier may not use, disclose, or permit access to CPNI derived from its provision of local service, interexchange service, or CMRS, without customer approval, for the provision of CPE and information services, including call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, and Internet access services. For example, a carrier may not use its local exchange service CPNI to identify customers for the purpose of marketing to those customers related CPE or voice mail service. (2) A telecommunications carrier may not use, disclose or permit access to CPNI to identify or track customers that call competing service providers. For example, a local exchange carrier may not use local service CPNI to track all customers that call local service competitors. (3) A telecommunications carrier may not use, disclose or permit access to a former customer's CPNI to regain the business of the customer who has switched to another service provider. (c) A telecommunications carrier may use, disclose, or permit access to CPNI, without customer approval, as described in this subparagraph. (1) A telecommunications carrier may use, disclose, or permit access to CPNI, without customer approval, in its provision of inside wiring installation, maintenance, and repair services. (2) CMRS providers may use, disclose, or permit access to CPNI for the purpose of conducting research on the health effects of CMRS. (3) LECs and CMRS providers may use CPNI, without customer approval, to market services formerly known as adjunct-to-basic services, such as, but not limited to, speed dialing, computer-provided directory assistance, call monitoring, call tracing, call blocking, call return, repeat dialing, call tracking, call waiting, caller I.D., call forwarding, and certain centrex features.  64.2007 Notice and Approval Required for Use of Customer Proprietary Network Information (a) A telecommunications carrier must obtain customer approval to use, disclose, or permit access to CPNI to market to a customer service to which the customer does not already subscribe to from that carrier. (b) A telecommunications carrier may obtain approval through written, oral or electronic methods. (c) A telecommunications carrier relying on oral approval must bear the burden of demonstrating that such approval has been given in compliance with the Commission's rules. (d) Approval obtained by a telecommunications carrier for the use of CPNI outside of the customer's total service relationship with the carrier must remain in effect until the customer revokes or limits such approval. (e) A telecommunications carrier must maintain records of notification and approval, whether oral, written or electronic, for at least one year. (f) Prior to any solicitation for customer approval, a telecommunications carrier must provide a one-time notification to the customer of the customer's right to restrict use of, disclosure of, and access to that customer's CPNI. (1) A telecommunications carrier may provide notification through oral or written methods. (2) Customer notification must provide sufficient information to enable the customer to make an informed decision as to whether to permit a carrier to use, disclose or permit access to, the customer's CPNI. (i) The notification must state that the customer has a right, and the carrier a duty, under federal law, to protect the confidentiality of CPNI. (ii) The notification must specify the types of information that constitute CPNI and the specific entities that will receive the CPNI, describe the purposes for which CPNI will be used, and inform the customer of his or her right to disapprove those uses, and deny or withdraw access to CPNI at any time. (iii) The notification must advise the customer of the precise steps the customer must take in order to grant or deny access to CPNI, and must clearly state that a denial of approval will not affect the provision of any services to which the customer subscribes. (iv) The notification must be comprehensible and not be misleading. (v) If written notification is provided, the notice must be clearly legible, use sufficiently large type, and be placed in an area so as to be readily apparent to a customer. (vi) If any portion of a notification is translated into another language, then all portions of the notification must be translated into that language. (vii) A carrier may state in the notification that the customer's approval to use CPNI may enhance the carrier's ability to offer products and services tailored to the customer's needs. A carrier also may state in the notification that it may be compelled to disclose CPNI to any person upon affirmative written request by the customer. (viii) A carrier may not include in the notification any statement attempting to encourage a customer to freeze third party access to CPNI. (ix) The notification must state that any approval, or denial of approval for the use of CPNI outside of the service to which the customer already subscribes to from that carrier is valid until the customer affirmatively revokes or limits such approval or denial. (3) A telecommunications carrier's solicitation for approval must be proximate to the notification of a customer's CPNI rights. (4) A telecommunications carrier's solicitation for approval, if written, must not be on a document separate from the notification, even if such document is included within the same envelope or package.  64.2009 Safeguards Required for Use of Customer Proprietary Network Information (a) Telecommunications carriers must develop and implement software that indicates within the first few lines of the first screen of a customer's service record the CPNI approval status and reference the customer's existing service subscription. (b) Telecommunications carriers must train their personnel as to when they are and are not authorized to use CPNI, and carriers must have a express disciplinary process in place. (c) Telecommunications carriers must maintain an electronic audit mechanism that tracks access to customer accounts, including when a customer's record is opened, by whom, and for what purpose. Carriers must maintain these contact histories for a minimum period of one year. (d) Telecommunications carriers must establish a supervisory review process regarding carrier compliance with the rules in this subpart for outbound marketing situations and maintain records of carrier compliance for a minimum period of one year. Specifically, sales personnel must obtain supervisory approval of any proposed outbound marketing request. (e) A telecommunications carrier must have a corporate officer, as an agent of the carrier, sign a compliance certificate on an annual basis that the officer has personal knowledge that the carrier is in compliance with the rules in this subpart. A statement explaining how the carrier is in compliance with the rules in this subpart must accompany the certificate. STATEMENT OF COMMISSIONER SUSAN NESS DISSENTING IN PART Re: Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information I agree with most elements of this order but not with the decision to overturn a portion of the Commission's prior ruling in the "Non-Accounting Safeguards" order. I believe it is possible to implement Section 222 in a manner that is fully consistent with Section 272. But the approach taken by the majority creates an unnecessary conflict between the two sections and then resolves that conflict in a manner that undermines the structural separation safeguards crafted by Congress. Section 272 spells out in detail the relationship between a Bell operating company and any structurally separate affiliate that is created to provide interLATA telecommunications services and interLATA information services. The key rules can be summarized succinctly. Under Section 272(a)(1)(A), the interLATA affiliate is required to be "separate of any operating company entity . . . ." Under Section 272(b)(1)&(5), the affiliate is required to "operate independently" of the operating company and to conduct all transactions with the operating company "on an arm's length basis . . . ." Under Section 272(c)(1), the operating company "may not discriminate" in favor of the affiliate "in the provision or procurement of goods, services, facilities, or information." The sole exception to the nondiscrimination requirement is in Section 272(g)(2). It specifies that the operating company may "market and sell" the interLATA services provided by the interLATA affiliate. This exception addresses a single setting in which the relationship between the operating company and the separate affiliate is free from the nondiscrimination requirement of Section 272(c); it does not alter Section 272(a)&(b)'s requirements for a separate entity which operates independently and on an arm's length basis. Yet, despite the care Congress took to fashion a narrow exception to the general principles of structural separation, the majority's decision today irretrievably blurs the lines between the two entities. Under today's decision, the Bell operating company and its interLATA affiliate are treated as separate carriers for purposes of CPNI. Fine so far. But, if the operating company successfully sells the interLATA services of its affiliate to a customer, or even if the separate affiliate independently sells a customer on its long distance services, the order treats both carriers as having collapsed into one. Both carriers will be deemed to have a "total service relationship" with the customer that encompasses local and interLATA service. Both may access the entire range of information available through the customer's account records -- information about the destination of the customer's calls, their duration, and their time of day. Both may use this information to devise any offer encompassing either or both services. This approach does not square with the statutory scheme in which the Bell operating company and its separate affiliate are deemed to be separate and independent entities. If MCI, AT&T, or any one of a hundred other long distance companies successfully wins the interLATA business of a customer, it does not automatically acquire the right and the opportunity to access the customer's local service information. Yet, under the approach adopted by the majority today, if the structurally separated affiliate of a Bell operating company wins the interLATA business of a customer, it does automatically acquire the right and the opportunity to access the customer's local service information. I don't think this discrepancy is what Congress intended. Consider another example. Under Section 272(g)(1), the structurally separate affiliate may market the local service offerings of its affiliated operating company, provided that other entities may also do so. So, if a Bell operating company's structurally separated affiliate successfully markets a local service offering of the operating company (say, in selling the customer a second line), the majority's approach would say that the separate affiliate now has the right automatically to access the operating company's entire record on the customer for the purpose of marketing additional services. But if an unaffiliated entity, exercising the same right to sell the same service on behalf of the same operating company, successfully sells the operating company's local service, it does not acquire the same rights. Again, the result is anomalous. It bears emphasis that the issue here concerns solely the rights that the Bell operating companies and their structurally separated affiliates will have without customer approval. Under Section 222(c)(2), those customers who wish to empower any carrier to access any of their private information may make arrangements to that effect. But, absent an affirmative decision by the customer, I read Section 272 as precluding the kind of preferred relationship between a Bell operating company and its structurally separated affiliate that is created by today's decision.