Public Knowledge says that records AT&T reportedly sold to the government is a violation of Section 222 of the Communications Act that “tells carriers that with few exceptions, they have to get customers’ consent before they can share ‘customer proprietary network information,’ or CPNI.”
Of course, the sale of such information is not the only cause for concern, it is what CIA does with this data that certainly raises a lot of eyebrows. Public Knowledge also asserts that Verizon, T-Mobile and Sprint have policies in place that infer it is okay to do the same thing.
The report about AT&T’s sale to the Central Intelligence Agency came from the New York Times in November. Unlike the stories that involved the NSA, this arrangement with Central Intelligence focuses on overseas calls that would not fall under the jurisdiction of the Foreign Intelligence Surveillance Act. “In all cases, when ever any governmental entity anywhere seeks information from us, we ensure that the request and our response are completely lawful and proper,” according to AT&T in a statement.
Public Knowledge is asking the FCC to issue a ruling that AT&T, Sprint, T-Mobile and Verizon cannot sell CPNI records without customer consent.
source: Ars Technica