Federal Communications Commission DA No. 10-1956
Before the
Federal Communications Commission
WASHINGTON, D.C. 20554
In the Matter of
Implementation of the Telecommunications Act of 
1996:  Telecommunications Carriers’ Use of 
Customer Proprietary Network Information and 
Other Customer Information
)
)
)
)
)
)
CC Docket No. 96-115
DECLARATORY RULING
Adopted:  October 12, 2010 Released:  October 12, 2010
By the Chief, Wireline Competition Bureau:
I. INTRODUCTION
1. By this declaratory ruling, we clarify that section 222 of the Communications Act of 
1934, as amended (Communications Act),1 does not prevent a telecommunications carrier from 
complying with the obligation in 18 U.S.C. ง 2258A to report violations of specific federal statutes 
relating to child pornography.
II. BACKGROUND
2. In 2006, the Commission issued a declaratory ruling that clarified the relationship 
between a telecommunications carrier’s duty to protect the privacy of customer proprietary network 
information (CPNI)2 under section 222 of the Communications Act and the statutory obligation set forth 
in 42 U.S.C. ง 13032 to report violations of child pornography statutes to the CyberTipline operated by 
the National Center for Missing and Exploited Children (NCMEC).3 Specifically, 42 U.S.C. ง 13032 
required providers of an “electronic communication service or remote computing service” to report 
  
1 47 U.S.C. ง 222.
2 CPNI is defined as “(A) information that relates to the quantity, technical configuration, type, destination, location, 
and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, 
and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship; and (B)
information contained in the bills pertaining to telephone exchange service or telephone toll service received by a 
customer of a carrier; except that such term does not include subscriber list information.”  47 U.S.C. ง 222(h)(1).  
The Act defines subscriber list information as “any information—(A) identifying the listed names of subscribers of a 
carrier and such subscribers’ telephone numbers, addresses, or primary advertising classifications (as such 
classifications are assigned at the time of the establishment of such service), or any combination of such listed 
names, numbers, addresses, or classifications; and (B) that the carrier or an affiliate has published, caused to be 
published, or accepted for publication in any directory format.”  47 U.S.C. ง 222(h)(3).
3 Implementation of the Telecommunications Act of 1996:  Telecommunications Carriers’ Use of Customer 
Proprietary Network Information and Other Customer Information, CC Docket No. 96-115, Declaratory Ruling, 21 
FCC Rcd 9990 (2006) (CPNI Declaratory Ruling).  The CyberTipline currently is accessible at:   
https://secure.missingkids.com/missingkids/servlet/CybertipServlet?LanguageCountry=en_US.  
Federal Communications Commission DA No. 10-1956
2
apparent violations of specific federal statutes involving child pornography to the NCMEC CyberTipline.4  
Section 222(c)(1) of the Communications Act provides that, “[e]xcept as required by law,”5 all 
telecommunications carriers, including wireless carriers, have a duty to protect the privacy of CPNI.6
3. In the CPNI Declaratory Ruling, the Commission interpreted the “[e]xcept as required by 
law” exception contained in section 222(c)(1) of the Communications Act as applying to any report a 
telecommunications carrier must make to NCMEC under 42 U.S.C. ง 13032.7 The Commission therefore 
concluded that making such a report did not violate section 222 of the Communications Act.8 It further 
concluded that “this exception to section 222 only applies to the extent disclosure of CPNI is ‘required’ 
and therefore would not cover voluntary disclosures.”9  
4. In 2008, Congress enacted new reporting requirements for electronic communication 
service providers and remote computing service providers related to child pornography that supersede the 
reporting obligations set forth in 42 U.S.C. ง 13032, which was repealed.10  
III. DISCUSSION
5. The guidance the Commission provided in the CPNI Declaratory Ruling remains valid 
even though Congress replaced the specific statutory provision at issue in that declaratory ruling with a 
new federal reporting statute related to child pornography.  The new statutory reporting obligations set 
forth in 18 U.S.C. ง 2258A are similar to the former requirements of 42 U.S.C. ง 13032.11 Under the new 
statute, providers of an “electronic communication service or remote computing service”12 are still 
required to report to the CyberTipline the facts and circumstances regarding any apparent violations of 
  
4 42 U.S.C. ง 13032(b)(1) (2006); CPNI Declaratory Ruling, 21 FCC Rcd at 9991, para. 3, n.5.  NCMEC, in turn, 
would “forward that report to a law enforcement agency or agencies designated by the Attorney General.”  42 
U.S.C. ง 13032(b)(1) (2006).
5 47 U.S.C. 222(c)(1) (emphasis added).
6 47 U.S.C. ง 222(c)(1) (providing that “[e]xcept as required by law or with the approval of the customer, a 
telecommunications carrier that receives or obtains customer proprietary network information by virtue of its 
provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable 
customer proprietary network information in its provision of (A) the telecommunications service from which such 
information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, 
including the publishing of directories”).
7 CPNI Declaratory Ruling, 21 FCC Rcd at 9991–92, para. 5, n.10.
8 Id. at 9992, para. 6
9 Id. at 9992, para. 5 (noting that a report to the CyberTipline required by section 13032(b)(1) “may include 
additional information or material developed by an electronic communication service or remote computing service, 
except that the Federal Government may not require the production of such information or material in that report”).
10 PROTECT Our Children Act of 2008, Pub. L. No. 110–401, 122 Stat. 4229, 4244 (codifed in relevant part at 18 
U.S.C. ง 2258A (2008)).
11 Compare 18 U.S.C. ง 2258A(a) with 42 U.S.C. ง 13032(b)(1) (2006). 
12 18 U.S.C. ง 2258A(a)(1).  Section 2258E provides that “the term ‘electronic communication service’ has the 
meaning given that term in section 2510,” 18 U.S.C. ง 2258E(2), and “‘remote computing service’ has the meaning 
given that term in section 2711,” 18 U.S.C. ง 2258E(5).  Thus, the term “‘electronic communication service’ means 
any service which provides to users thereof the ability to send or receive wire or electronic communications,” 18 
U.S.C. ง 2510(15), and “the term ‘remote computing service’ means the provision to the public of computer storage 
or processing services by means of an electronic communications system,” 18 U.S.C. ง 2711(2). 
Federal Communications Commission DA No. 10-1956
3
specific federal statutes involving child pornography.13 Consequently, and consistent with the 
Commission’s previous clarification, to the extent a telecommunications carrier that is a provider of 
electronic communication services or remote computing services is compelled by 18 U.S.C. ง 2258A to 
disclose CPNI in a report to the CyberTipline, that carrier would not be in violation of its privacy duties 
under section 222 of the Communications Act.14 Of course, as the Commission also previously 
explained, this exception to section 222 applies only to the extent disclosure of CPNI is “required” and 
therefore would not cover voluntary disclosures.15
IV. ORDERING CLAUSE
6. Accordingly, IT IS ORDERED pursuant to Sections 4(i) and 222 of the Communications 
Act of 1934, as amended, 47 U.S.C. งง 154(i), 222 and Sections 0.91, 0.291, and 1.2 of the Commission’s 
rules, 47 C.F.R. งง 0.91, 0.291, and 1.2, that this Declaratory Ruling IS ADOPTED effective 
immediately.
FEDERAL COMMUNICATIONS COMMISSION
Sharon E. Gillett
Chief
Wireline Competition Bureau
  
13 18 U.S.C. ง 2258A(a)(2).  The specific statutory provisions that trigger reporting obligations have not changed 
and are sections 1466A, 2251, 2251A, 2252, 2252A, 2252B, and 2260 of Title 18 of the U.S Code.  18 U.S.C. 
ง 2258A(a)(2)(A), (B).
14 See 18 U.S.C. ง 2258A(a)(1) (providing that a covered entity “shall” provide certain information to the 
CyberTipline); 18 U.S.C. ง 2258A(e) (establishing penalties for knowingly and willfully failing to make a report 
required by ง 2258A(a)(1)). 
15 See, e.g., 18 U.S.C. ง 2258A(b) (providing that “the facts and circumstances included in each report under 
subsection (a)(1) may include the following information….” (emphasis added)); 18 U.S.C. ง 2258A(f) (clarifying 
that this statute does not impose affirmative obligations on electronic communication service providers or remote 
computing service providers to monitor users or content).