The Chairwoman’s proposal is significant because it signals a potentially more active FCC in consumer protection as the Democrats solidify control of the agency following the Presidential transition and Chairwoman Rosenworcel’s elevation from Acting Chair to Chair. The scope of the proposal appears to be fairly narrow (based on the limited information currently available) but represents the second CPNI-related action proposed in the past three months. Once a fifth commissioner is confirmed, Chairwoman Rosenworcel may be able to press a broader consumer protection agenda for the agency.

At this time, little is known of the draft NPRM, because the draft of the proposal has not been released. The press release provides the best indication of what we can expect to see in the proceeding, if and when it is adopted. The FCC’s announcement explains that the proposal will:

• Eliminate the current seven business day mandatory waiting period for notifying customers of a breach;
• Require notification of inadvertent breaches; and
• Require carriers to notify the FCC of all reportable breaches, in addition to the FBI and U.S. Secret Service.

The move to update the CPNI rules may be motivated in part by T-Mobile's August 2021 disclosure that names, Social Security numbers, and other personal information belonging to more than 48 million current, former, and prospective customers had been compromised.

With the Commission still evenly split while awaiting confirmation of a third Democratic commissioner, Chairwoman Rosenworcel will need the support of at least one of the two Republican commissioners to adopt the NPRM. The proposed changes may be innocuous enough to garner such support.

The NPRM comes on the heels of an FCC proposal in October 2021 to update the CPNI rules to address SIM swap and port-out fraud, which did garner support from the Republican commissioners. The FCC also has yet to take final action on the Notices of Apparent Liability it issued to major wireless carriers in March 2020 proposing over $200 million in fines for allegedly selling access to their customers’ location information in violation of the CPNI rules. Together, these three actions signal that the FCC may be renewing its focus on privacy issues in telecommunications. In 2017, Congress used the Congressional Review Act to rescind the Commission’s 2016 broadband privacy rules. That action restricts the FCC’s ability to adopt substantially similar rules if it reclassifies broadband providers back to Title II telecommunications services.

The adoption of Standard Questions is the FCC’s complements several other reforms in the past year to formalize and streamline the FCC and Executive Branch review process conducted pursuant to Executive Order No. 13913 of April 8, 2020, Establishing the Committee for the Assessment of Foreign Participation in the United State Telecommunications Sector (the “Committee” (commonly referred to as “Team Telecom”)). The Executive Order sets forth procedures and timelines for the Committee to conduct its reviews of referred applications. The Commission’s earlier reforms are detailed in the FCC’s (First) Report and Order in Docket 16-155 Executive Branch Review Order released October 1, 2020 (and Erratum). As noted in the Second Report and Order, the FCC considered comments filed in response to a Public Notice containing proposed Standard Questions.

Matters Detailed in the Second Report and Order

The Second Report and Order largely adopted the Commission’s proposed sets of Standard Questions and a supplement for the provision of personally identifiable information (“PII”), with some refinements and clarifications, resulting the receipt of comments from five interested parties and a series of consultations with the Committee. The sets of Standard Questions are as follows:

• Attachments A and B, for an international section 214 authorization application filed pursuant to 47 C.F.R. § 63.18, including a modification of an existing authorization) and for the assignment or transfer of control of such authorization, respectively;
• Attachments C and D, for a cable landing license application filed pursuant to 47 C.F.R. § 1.767 (including a modification of an existing license) and for the assignment or transfer of control of such license, respectively;
• Attachments E and F for a petition for declaratory ruling for foreign ownership in a broadcast licensee or common carrier wireless or earth station licensee, respectively, above the benchmarks in section 310(b); and
• Attachment G, a supplement to assist the Committee in identifying PII.

• determined based on Committee input that “reportable foreign ownership” for the Standard Questions is a five percent (5%) or greater equity and/or voting interest (indirect or direct) in the applicant or a controlling interest in the applicant, rejecting a ten percent (10%) threshold based on the Commission’s application rules because of the different purposes of national security and law enforcement review of the Committee and the Commission’s own review, and referral threshold, of applications. Indeed, the Second Report and Order explained that the Committee both emphasized to the FCC that, in some instances, “a less-than-ten percent foreign ownership interest – or a collection of such interests – may pose a national security or law enforcement risk” and observed that “when ownership is widely held, five percent can be a significant interest.”
• clarified that the Standard Questions for transfers of control or assignments of licenses are only applicable to prospective owners or licensees and not to transferors or assignees of authorizations or licenses.
• clarified certain definitions used in the Standard Questions, for example, noting that “Senior Officer” refers to “any individual that has actual or apparent authority to act on behalf of the entity,” and is not title-dependent, although the Second Report and Order identified a number of candidate positions.
• explained that a network operations center, or NOC, located outside the United States is part of the “Domestic Communications Infrastructure” of a network when it can control other parts of an entity’s Domestic Communications Infrastructure.
• retained the request for information concerning Section 310(b) broadcast petitioners’ prior relationships with foreign principals, including funding and employment arrangements (but not retail customer relationships), with no time limit or “defined look-back period;” as the Committee advised that such relationships may be relevant to an assessment of continuing foreign influence over broadcast content; but the Second Report and Order determined not to adopt a similar requirement for Section 301(b) petitions involving common carrier wireless or earth station licenses.
• clarified that “planned relationships” with foreign entities and individuals which must be disclosed in all of the Standard Questions sets are “current relationships or those reasonably anticipated by negotiations or that are identified under current business plans” including all situations in which contracts have been signed and where parties are already in negotiations.
• modified questions with respect to prior filings with the Commission or Committee on Foreign Investment in the United States (“CFIUS”) to provide that that an “involved” or “associated” individual or entity is either the applicant in a prior Commission or CFIUS filing or listed as an owner in such a prior filing, but reiterated that there is no look-back period cutting off such responses.
• clarified questions regarding an applicant’s provision of services to critical infrastructure sectors and what qualifies as a service.

Applicants with reportable foreign ownership, under the Commission’s Rules, must provide answers to the relevant Standard Questions directly to the Committee prior to or at the same time they file their applications with the FCC. The Second Report and Order underscored that all information submitted in response to the Standard Questions will be treated as business confidential and protected from disclosure without special designation or request by the respondent for business confidential treatment. Similarly, PII will automatically be protected from disclosure outside the Executive Branch agencies in accordance with privacy laws and provisions in Executive Order No. 13913. However, when multiple applicants are required to respond to the Standard Questions, the applicants must, as further guided by the instructions that will accompany the Standard Questions, clearly indicate whether responses are being jointly filed and which responses are being filed separately by a single applicant to ensure that confidential information is not disclosed to the other applicants.

The Commission made clear that, when responding to the Standard Questions, an applicant my not cross-reference information that was previously filed with the FCC. Rather, responses must be self-contained and complete. The Second Report and Order expressly rejected a request that, for petitioners that have previously been granted a declaratory ruling under Section 310(b) approving foreign investment, the petitioner should be permitted to respond to a streamlined questionnaire.

Following the submission of the responses to the Standard Questions, the Committee will have thirty days after referral of the application to the Committee to issue more tailored questions, although it may seek an extension. If no extension is sought, the FCC stated it will begin the 120-day clock for the Committee’s initial review on the 30th day after referral. Otherwise, if tailored questions are issued, the clock will begin when the Committee chair notifies the Commission that the responses to the Standard Questions, and any tailored questions, have been received and are complete.

The Standard Questions and related instructions will be posted on the Commission’s website following OMB approval.

Join Kelley Drye for a webinar on May 7th at 11:00 AM EDT to look at these significant changes, including:

• New rules, promulgated earlier this year to implement the Foreign Investment Risk Review Modernization Act of 2018, or FIRRMA, which govern review by CFIUS of certain transactions involving foreign investment in United States businesses, as they apply to the telecommunications sector
• When telecommunications entities must file disclosures with CFIUS before a transaction, when such entities may file voluntarily (and why they might do so), and what transactions are not covered
• The President’s recent Executive Order establishing the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (“Committee”) to conduct Executive Branch law enforcement and national security reviews of certain FCC applications and licenses
• What is known about the new Committee, how it relates to Team Telecom and CFIUS, and what uncertainties remain

The German Federal Network Agency, Bundesnetzagentur (BNetzA), recently launched a final public consultation on its new draft Catalogue on security requirements for telecommunications service providers and operators of public telecommunications networks. The draft is revamped significantly, but follows the same vein as its predecessors to prevent disruptions and manage security risks, by requiring providers and operators to implement technical security measures and safeguards for operating telecommunications and data processing systems. The deadline for comments on this version 2.0 of the Catalogue is 13 November 2019, but the BNetzA is unlikely to make fundamental changes at this late stage. Consequently, stakeholders should consider the draft as a reliable indicator of the official version, and assess how to best satisfy the requirements.

The Catalogue will have the authority of soft law once published, because its content constitutes recommendations that the BNetzA inferred from law. Deviation from the Catalogue therefore is an option. However, any divergence will have to be necessary and reasonably justified, as audits on security measures will use it as a benchmark.

The following non-exhaustive list provides details of the expected additional security requirements:

• Network traffic must be constantly monitored for any abnormality and, if there is any cause for concern, appropriate protection measures must be taken (e.g. network traffic stopped, traffic to the source of interference restricted or stopped). The detection measures must be state-of-the-art.
• Security-related network and system components (critical key components) may only be used if they have undergone IT security checks by a Federal Office of IT Security, Bundesamt für Sicherheit in der Informationstechnik (BSI), approved testing body and have been certified by the BSI. Critical key components may only be sourced from those suppliers/manufacturers that can provide assurance of their trustworthiness in an appropriate manner. This obligation applies to the entire supply chain and is a requirement for the necessary certification of components. These requirements will be set out in more detail in the Catalogue. The underlying standards will be published by the BSI in consultation with the BNetzA. The competent ministries are drawing up appropriate legal safeguards, notably as part of the ongoing major amendments to the German Telecommunications Act, to ensure the binding nature of the requirements and to secure specific requirements legally and unambiguously, such as the duty of certification.
• The network and system components that are security-related (critical key components) will be determined by the BSI and BNetzA by mutual agreement (when drawing up the Catalogue).
• Security-related network and system components (critical key components) may only be used following an appropriate acceptance test upon supply and must be subjected to regular security tests. If any deviations from the service specifications of the network operator or provider arise during the tests, these deviations must be documented and undergo a risk treatment process. Any measures taken to minimise risks from deviations that could have a significant impact on telecommunications networks and services must be notified to the BNetzA and the BSI without undue delay.
• ,Only trained professionals with in-depth knowledge of systems may be employed for the assessment of risks and protection measures in security-related areas. A sufficient number of such professionals must be kept available.
• Proof must be provided that the hardware tested for the selected, security-related components and the source code at the end of the supply chain are actually deployed in the products used.
• When planning and building the network, sufficient diversity must be ensured by using network and system components from different manufacturers. This requirement will be defined by the BNetzA and could vary between different networks, for example, between the core and access networks.
• Where system-related processes are outsourced, the network operator and provider must ensure that independent, professionally competent and reliable contractors are selected and that compliance with statutory requirements remains guaranteed. The network operator and provider must provide evidence of this.
• Adequate redundancy must be available for critical, security-related network and system components (critical key components). A list of particularly critical network components is being drawn up in this regard (e.g. home location register, core network, backbone, porting server).
• When implementing the security requirements, national security regulations and regulations for the secrecy of telecommunications and for data privacy protection must be met.

There currently is not an English text available. The German text can be found here.

With President Obama's announcement last December that the United States is charting a new course in its relations with Cuba, the Federal Communications Commission ("FCC" or "Commission") is taking expedited steps to open up the provision of telecommunications services between the United States and Cuba. Today, the Commission seeks comment on a proposal to remove Cuba from its Exclusion List for International Section 214 Authorizations (Exclusion List) in response to a formal request from the Department of State (State Department). Removal of Cuba from the Exclusion List – it is the only country currently on the list – would allow carriers to provide telecommunications services between the United States and Cuba. With comments due December 4^th and reply comments due December 9^th, the expedited time frame suggests that the Commission may already be in the process of implementing its proposal.

The Exclusion List identifies particular facilities and/or countries not included in a global facilities-based Section 214 application. Currently, a separate international Section 214 authorization is required to serve Cuba. The FCC processes Section 214 applications submitted for countries on the Exclusion List on a non-streamlined basis in coordination with the State Department.

The FCC’s solicitation is a direct result of a letter from the State Department, received October 26, 2015, which provided new policy guidance on the licensing of telecommunications services between the United States and Cuba. On November 9, 2015, the Commission's International Bureau (“Bureau”) released a Public Notice detailing the letter and noting that it would begin the process requested by the State Department.

Removing Cuba from the Exclusion List would free up communications companies with global Section 214 authorizations to provide facilities-based services from the United States to Cuba, even if such companies did not previously seek direct authority to serve Cuba. If the proposal is implemented, such companies need not take additional action or seek additional authority to begin providing service to Cuba.

As a result of the State Department’s October 26 letter to the Commission, the Bureau announced in its November 9 Public Notice that the Commission stopped coordinating with the State Department on those Section 214 applications seeking to provide facilities-based telecommunications services between the US and Cuba, effective immediately. Moreover, the Bureau explained that the Commission will continue to apply the appropriate benchmark settlement rate for telecommunications services between the US and Cuba as well as allow waivers of limited duration.

The Commission has also begun the process of removing the non-discrimination requirements, Section 63.22(f) that apply to the U.S.-Cuba route, which requires the terms and conditions of many operating and other agreements entered into by U.S. common carriers authorized to provide facilities-based switched voice service on the U.S.-Cuba route in correspondence with a Cuban carrier that does not qualify for the presumption that it lacks market power in Cuba to be identical to the equivalent terms and conditions in the operating agreement of another carrier providing the same or similar service between this country and Cuba.

The October 26^th letter also notes that applications approved by the FCC may require a license from the Department of Treasury's Office of Foreign Assets Control and/or the Department of Commerce's Bureau of Industry and Security.

These rules apply to BIA review and approval of access to ROW for electric transmission and distribution systems (including lines, poles, towers, telecommunication, protection, measurement and data acquisition equipment, other items necessary to operate and maintain the system and appurtenant facilities) as well as telecommunications, broadband, and fiber optic lines.

The most noteworthy provisions of the updated rules provide a clear process and timeline for applying for and receiving a ROW. Under the old rules, applicants never knew when to expect a response or what happened to the application once filed. Now, BIA will notify applicants once it receives an application of its completeness and any missing components. Applicants can now expect BIA to grant or deny the ROW within 60 days of receiving a completed application. Simultaneously, BIA will notify the Tribal or landowners of its intent to grant the ROW at least 60 days prior to the grant, giving the Tribal or landowners 30 days to object to the grant of the ROW. BIA also reserves the right to use an additional 30 days to review the application and request the applicant to submit additional information within 15 days. BIA will then grant or deny the application within 30 days of notifying the applicant of needing more time. If BIA denies the application, BIA will provide a written basis for the denial as well as the process for appeal. These provisions provide much needed clarity as to the process and timeline for review, easing the burden and cost of uncertainty to companies. Further, if BIA does not take action under these new timelines, the applicant can first elevate the matter to the BIA Regional Director and then the BIA Director, an appeal process that was not available under the old rules.

Also significant is that BIA deleted the rules specific to telephone lines and communication facilities, removing the size limitations for poles, lines and receiving structures and facilities. Rather, the updated rules expand the definition of Service Lines from telephone, water, electric power, gas and other utilities to include Internet Service. BIA offers additional clarification for service providers, noting that utilities can construct a Service Line from one of the utility's existing ROWs without obtaining a new ROW if the utility serves one structure. If the utility plans to serve more than one structure, then the Service Line will require a ROW. Regardless of the number of structures serves, Service Lines require a Service Line Agreement, which both the utility and the Tribe (or land-owner) must execute and file with BIA prior to constructing Service Lines across Tribal Land or individually-owned land.

In terms of the length of the grant, BIA will defer to a Tribe's determination that the ROW terms are reasonable. For individually owned Indian land, BIA will review the ROW duration to ensure the term is reasonable given the purpose of the ROW. BIA will generally consider a maximum term of up to 50 years for all ROWs other than oil and gas.

The updated rules also include other key provisions:

• Tribes and individual Native American landowners now have more freedom to negotiate their compensation. A ROW may allow for any payment amount negotiated by the Tribe and BIA will defer to the Tribe. BIA will consider access to broadband services as in-kind compensation.
• The old rules require anyone seeking to survey the land to request written permission from BIA. The updated rule eliminates this requirement, significantly shorting the time needed to conduct the survey.
• BIA decisions to grant or deny a ROW will be in writing and BIA will grant the ROW unless the applicant fails to meet the requirements or obtain landowner consent where required, or BIA finds a compelling reason not to grant the ROW in order to protect the best interest of Indian landowners.
• ROW documents are effective on the date of approval, even if an administrative appeal is filed.

The new rules represent a huge step forward by clarifying the process and expedited timelines for obtaining ROWs on Tribal lands to deploy communications infrastructure. Should you have any questions about what these new rules mean for your business, please feel free to reach out to Jennifer Holtz at [email protected] or your usual Kelley Drye Communications Practice attorneys.

The Second Streamlining Order does impose requirements on some new classes of providers. It extends the requirement to file the Traffic and Revenue Report to providers of both international interconnected Voice over Internet Protocol (“VoIP”) service and international “one-way” VoIP services. One-way VoIP services are those VoIP providers that permit users either to receive calls from or place calls to the public switched telephone network, but not both. The Second Streamlining Order also requires for the first time a Circuit Status report from all submarine cable licensees, not just licensees that are common carriers, as well as for international common carrier terrestrial and satellite circuits of facilities-based common carriers and the non-common carrier circuits of satellite operators.

The Annual International Reports will retain their current separate filing deadlines -- March 31 for the Circuit Status Report and July 31 of the Traffic and Revenue Report. The effective date of the rule changes is currently unknown; it is at present unclear if the requirements will go into effect in time for the filing of either of the International Reports this year. The Office of Management and Budget must first approve the reporting and filing changes. The FCC expressly directed parties in the Second Streamlining Order to continue filing the Annual International Reports pursuant to its existing rules until it announces the new reporting requirements have become effective.

A host of other changes were made to the Traffic and Revenue reporting requirements, including, among others, use of specific Commission-created filing schedules; a requirement to disaggregate world-total international calling services (“ICS”) traffic and revenue data for specific customer categories and routing arrangements (for example, residential and mass market, reoriginated foreign traffic, and U.S. resellers); a requirement to report circuit and revenue data for private line service provided over resold circuits only on a world-total basis; a requirement to report on international private line services only in terms of total 64 kbps-equivalents; and a requirement to disaggregate data, for minutes and settlement payments, between calls terminated on fixed line networks and those terminated on mobile networks when the termination rates are different. Under the new rules, filers will be required to file any revisions or corrections to their Traffic and Revenue reports by October 31 in the filing year for any values with errors exceeding one percent (1%). Those U.S. International Service Providers that do not provide facilities-based ICS and have less than $5 million in revenues from ICS resale will not be required to include resale-ICS on their annual Traffic and Revenue Report.

The Second Streamlining Order extended the Circuit Status reporting requirements beyond common carriers. Under the new rules, the international common carrier terrestrial and satellite circuits of facilities-based common carriers and the non-common carrier circuits of satellite operators must be reported. At the same time, the Commission also streamlined the Circuit Status reporting obligations for affected parties by eliminating the requirements to report on the destination of circuits or the number of idle circuits. International terrestrial and satellite circuit providers that must file will now need to report only world totals of aggregate active 64 kbps terrestrial and satellite circuits.

The Second Streamlining Order made changes that will require Circuit Status reports to be filed for all submarine cable capacity, not just capacity used for common carrier services. Consequently, all cable landing licensees (both common carrier and non-common carrier licensees) and those common carriers with capacity on international submarine cables will be required to report on both available and planned capacity on all such circuits.