Washington ? Federal regulators working on rules to secure the calling records and other private information of telephone customers are running into resistance from phone companies and law enforcement agencies.

The rules, an effort by the Federal Communications Commission to combat “pretexting,” are circulating among the commissioners for comment and may be voted on this month.

Pretexting is the practice of impersonating a phone customer to gain access to his phone records. President Bush signed a law last month criminalizing the practice and imposing penalties including up to 10 years in prison.

The issue gained prominence last year when executives of the Hewlett-Packard Co. were charged with hiring private detectives who used the technique to investigate board members.

The new law gives police a weapon to punish perpetrators. But it leaves out any requirements for how phone companies should protect their customers’ private data. Cell phone bills, for example, can reveal who a person has called and, in some cases, even the caller’s location.

FCC chairman Kevin Martin told reporters recently that the new rules will require that customers use a password to access their account information.

While that might protect calling data, telephone companies are wary. They fear a password requirement might upset customers.

AT&T Inc. spokesman Michael Balmoris said the company has to be careful to balance security against customers’ wishes for easy access to their information.

The rules also are expected to require that phone companies get a customer’s permission before they can release information that may be used for telemarketing.

Phone companies contend this requirement would violate their First Amendment right to communicate with customers.