Yesterday the Federal Communications Commission (“FCC”) issued a declaratory ruling clarifying that carriers may collect customer proprietary network information (“CPNI”) via their customers’ mobile devices, but the carriers are required to protect the confidentiality of that information under Section 222 of the Act and FCC rules. In its ruling, the FCC explicitly addressed the risks faced by customers when their carrier has access to and control over CPNI. By way of example, the FCC identified the “insecure” means by which some carriers allowed Carrier IQ software, a software vulnerable to third-party access and use of location and other data, to be downloaded on mobile devices. The FCC reiterated that Section 222 of the Act and its rules require carriers to protect CPNI and only use that information for lawful purposes. In the declaratory ruling, the FCC did not propose new CPNI rules.