The panel discussion is on “How the FTC is Filling the Federal Privacy Law Void”. The event will cover a number of policy issues, including the recently released FTC report on the data collection and use practices of Internet Service Providers (“ISPs”).

Click here for more information and to register for this virtual event.

The adoption of Standard Questions is the FCC’s complements several other reforms in the past year to formalize and streamline the FCC and Executive Branch review process conducted pursuant to Executive Order No. 13913 of April 8, 2020, Establishing the Committee for the Assessment of Foreign Participation in the United State Telecommunications Sector (the “Committee” (commonly referred to as “Team Telecom”)). The Executive Order sets forth procedures and timelines for the Committee to conduct its reviews of referred applications. The Commission’s earlier reforms are detailed in the FCC’s (First) Report and Order in Docket 16-155 Executive Branch Review Order released October 1, 2020 (and Erratum). As noted in the Second Report and Order, the FCC considered comments filed in response to a Public Notice containing proposed Standard Questions.

Matters Detailed in the Second Report and Order

The Second Report and Order largely adopted the Commission’s proposed sets of Standard Questions and a supplement for the provision of personally identifiable information (“PII”), with some refinements and clarifications, resulting the receipt of comments from five interested parties and a series of consultations with the Committee. The sets of Standard Questions are as follows:

• Attachments A and B, for an international section 214 authorization application filed pursuant to 47 C.F.R. § 63.18, including a modification of an existing authorization) and for the assignment or transfer of control of such authorization, respectively;
• Attachments C and D, for a cable landing license application filed pursuant to 47 C.F.R. § 1.767 (including a modification of an existing license) and for the assignment or transfer of control of such license, respectively;
• Attachments E and F for a petition for declaratory ruling for foreign ownership in a broadcast licensee or common carrier wireless or earth station licensee, respectively, above the benchmarks in section 310(b); and
• Attachment G, a supplement to assist the Committee in identifying PII.

• determined based on Committee input that “reportable foreign ownership” for the Standard Questions is a five percent (5%) or greater equity and/or voting interest (indirect or direct) in the applicant or a controlling interest in the applicant, rejecting a ten percent (10%) threshold based on the Commission’s application rules because of the different purposes of national security and law enforcement review of the Committee and the Commission’s own review, and referral threshold, of applications. Indeed, the Second Report and Order explained that the Committee both emphasized to the FCC that, in some instances, “a less-than-ten percent foreign ownership interest – or a collection of such interests – may pose a national security or law enforcement risk” and observed that “when ownership is widely held, five percent can be a significant interest.”
• clarified that the Standard Questions for transfers of control or assignments of licenses are only applicable to prospective owners or licensees and not to transferors or assignees of authorizations or licenses.
• clarified certain definitions used in the Standard Questions, for example, noting that “Senior Officer” refers to “any individual that has actual or apparent authority to act on behalf of the entity,” and is not title-dependent, although the Second Report and Order identified a number of candidate positions.
• explained that a network operations center, or NOC, located outside the United States is part of the “Domestic Communications Infrastructure” of a network when it can control other parts of an entity’s Domestic Communications Infrastructure.
• retained the request for information concerning Section 310(b) broadcast petitioners’ prior relationships with foreign principals, including funding and employment arrangements (but not retail customer relationships), with no time limit or “defined look-back period;” as the Committee advised that such relationships may be relevant to an assessment of continuing foreign influence over broadcast content; but the Second Report and Order determined not to adopt a similar requirement for Section 301(b) petitions involving common carrier wireless or earth station licenses.
• clarified that “planned relationships” with foreign entities and individuals which must be disclosed in all of the Standard Questions sets are “current relationships or those reasonably anticipated by negotiations or that are identified under current business plans” including all situations in which contracts have been signed and where parties are already in negotiations.
• modified questions with respect to prior filings with the Commission or Committee on Foreign Investment in the United States (“CFIUS”) to provide that that an “involved” or “associated” individual or entity is either the applicant in a prior Commission or CFIUS filing or listed as an owner in such a prior filing, but reiterated that there is no look-back period cutting off such responses.
• clarified questions regarding an applicant’s provision of services to critical infrastructure sectors and what qualifies as a service.

Applicants with reportable foreign ownership, under the Commission’s Rules, must provide answers to the relevant Standard Questions directly to the Committee prior to or at the same time they file their applications with the FCC. The Second Report and Order underscored that all information submitted in response to the Standard Questions will be treated as business confidential and protected from disclosure without special designation or request by the respondent for business confidential treatment. Similarly, PII will automatically be protected from disclosure outside the Executive Branch agencies in accordance with privacy laws and provisions in Executive Order No. 13913. However, when multiple applicants are required to respond to the Standard Questions, the applicants must, as further guided by the instructions that will accompany the Standard Questions, clearly indicate whether responses are being jointly filed and which responses are being filed separately by a single applicant to ensure that confidential information is not disclosed to the other applicants.

The Commission made clear that, when responding to the Standard Questions, an applicant my not cross-reference information that was previously filed with the FCC. Rather, responses must be self-contained and complete. The Second Report and Order expressly rejected a request that, for petitioners that have previously been granted a declaratory ruling under Section 310(b) approving foreign investment, the petitioner should be permitted to respond to a streamlined questionnaire.

Following the submission of the responses to the Standard Questions, the Committee will have thirty days after referral of the application to the Committee to issue more tailored questions, although it may seek an extension. If no extension is sought, the FCC stated it will begin the 120-day clock for the Committee’s initial review on the 30th day after referral. Otherwise, if tailored questions are issued, the clock will begin when the Committee chair notifies the Commission that the responses to the Standard Questions, and any tailored questions, have been received and are complete.

The Standard Questions and related instructions will be posted on the Commission’s website following OMB approval.

Among the topics Steve will discuss is the FCC’s recent FNPRM proposing to require gateway providers to assist in the battle against illegal robocalls by applying STIR/SHAKEN caller ID authentication and other robocall mitigation techniques to calls that originate abroad from U.S. telephone numbers. The FNPRM, adopted at the FCC’s September 30 Open Meeting, seeks comment on several other proposals aimed at mitigating robocalls, including the following requirements that would be applicable to gateway providers: (1) responding to traceback requests within 24 hours; (2) blocking calls upon notification from the Enforcement Bureau that a certain traffic pattern involves illegal robocalling; (3) utilizing reasonable analytics to block calls that are highly likely to be illegal; (4) blocking calls originating from numbers on a do-not-originate list; (5) confirming that a foreign call originator using a U.S. telephone number is authorized to use that number; (6) including robocall mitigation obligations in contracts with foreign customers; and (7) submitting a certification regarding robocall mitigation practices to the Robocall Mitigation Database. In addition, the FNPRM seeks comment on a requirement that service providers block calls from gateway providers identified as bad actors by the FCC and on whether additional information should be collected by the Robocall Mitigation Database. The FNPRM asks whether there are alternative means to stop illegal foreign-originated robocalls. Finally, while the rulemaking proceeding is pending, the FCC declared that it would not enforce the prohibition in Section 63.6305(c) of the FCC’s rules on U.S.-based providers accepting traffic carrying U.S. NANP numbers that is received directly from a foreign voice service provider that is not in the Robocall Mitigation Database.

In case you missed it:

Guidance for Implementing the STIR-SHAKEN Call Authentication and Robocall Mitigation Mandates in 2021 (December 2020)

The FCC’s Packed September Meeting Agenda Includes Focus on IoT Spectrum and Robocall Prevention (September 2021)

You will find more information about the items on the September meeting agenda after the break:

Promoting More Resilient Networks - The NPRM would seek comment on various issues related to improving the reliability and resiliency of communications networks during emergencies and natural disasters. The NPRM focuses on whether the Framework (a wireless industry agreement aimed at providing mutual aid during emergencies, ensuring municipal and consumer readiness and communicating about service restoration) can be improved, such as by expanding participation, increasing the scope of participants’ obligations or codifying industry disaster-based coordination obligations. The NPRM would also seek comment on enhancing information provided to the FCC during disasters and network outages through the Network Outage Reporting System and the Disaster Information Reporting System. In addition, the NPRM would ask about communications resilience strategies to mitigate the impact of power outages, including coordination between communications providers and power companies and the use of backup power during disasters.

Reassessing 4.9 GHz Band for Public Safety – The Order on Reconsideration would grant requests by public safety organizations to vacate a 2020 order that permits states to lease spectrum in the 4.9 GHz band (designated for public safety use) to third parties for non-public-safety use. The Order on Reconsideration would also lift a freeze on 4.9 MHz licenses to allow incumbent licensees to modify licenses or seek new permanent fixed sites. The FNPRM would propose to establish a nationwide framework for the 4.9 GHz band to maximize public safety while promoting interoperable communications and interference protection throughout the network. Areas for comment would include how to protect public safety users from harmful interference, the use of the Universal Licensing System or another database to maintain relevant technical data, adoption of consistent technical standards to foster interoperability of equipment using the band and giving public safety uses priority. The NPRM would also seek comment on how to manage the band, incentivize public safety licensees to use the latest commercially available technologies and allow non-public safety use of the band without jeopardizing public safety operations.

Authorizing 6 GHz Band Automated Frequency Coordination Systems - The Public Notice would set forth a process for the OET to authorize AFC systems, which are required to operate standard-power devices in the 6 GHz band. Specifically, unlicensed standard power devices that operate in the 6 GHz band are required to check an AFC system prior to operating to avoid harmful interference to incumbent operations. The Public Notice would explain the approval process for AFC system operators, which would include conditional approval, a public trial period and an opportunity for public comment. The Public Notice would provide detailed information about the content of AFC system proposals and request that such proposals be submitted no later than November 30, 2021 (although proposals will be accepted after that date).

Spectrum Requirements for the Internet of Things - The NOI (which is required to be issued by The William M. (Mac) Thornberry National Defense Authorization Act for FY 2021 (Pub. L. No. 116-28) (the “Act”)) would seek comment on whether there is sufficient spectrum available for current and future IoT needs. As directed by the Act, the LOI would ask for comment on how to ensure that adequate spectrum is available for the increased demand for the IoT, whether regulatory barriers would prevent accessing any additional needed spectrum and the roles of licensed and unlicensed spectrum for supporting the IoT.

Shielding 911 Call Centers from Robocalls – The FNPRM would propose to update the FCC’s rules governing the PSAP Do-Not-Call registry. Although the FCC adopted rules in 2012 to establish the registry as a means to protect PSAPs from unwanted robocalls, the registry has not been fully implemented due to security concerns associated with releasing PSAP telephone numbers to entities accessing the registry. The FNPRM would propose that voice service providers block autodialed calls to PSAP telephone numbers on the PSAP Do-Not-Call registry, as an alternative to allowing entities claiming to use autodialers to access the registry to identify telephone numbers that may not be called. In addition, the FNPRM would seek comment on whether autodialed calls and text messages continue to disrupt PSAPs’ operations, security risks associated with maintaining a centralized registry of PSAP telephone numbers, ways to address security issues (such as enhanced caller vetting and data security requirements) and alternative means to prevent robocalls to PSAPs (such as by utilizing other technological solutions or leveraging the National Do-Not-Call registry).

Stopping Illegal Robocalls From Entering American Phone Networks - The FNPRM would propose to require gateway providers to assist in the battle against illegal robocalls by applying STIR/SHAKEN caller ID authentication and other robocall mitigation techniques to calls that originate abroad from U.S. telephone numbers. The FNPRM would also seek comment on several other proposals aimed at mitigating robocalls, including the following requirements that would be applicable to gateway providers: (1) responding to traceback requests within 24 hours; (2) blocking calls upon notification from the Enforcement Bureau that a certain traffic pattern involves illegal robocalling; (3) utilizing reasonable analytics to block calls that are highly likely to be illegal; (4) blocking calls originating from numbers on a do-not-originate list; (5) confirming that a foreign call originator using a U.S. telephone number is authorized to use that number; (6) including robocall mitigation obligations in contracts with foreign customers; and (7) submitting a certification regarding robocall mitigation practices to the Robocall Mitigation Database. In addition, the FNPRM would seek comment on a requirement that service providers block calls from gateway providers identified as bad actors by the FCC and on whether additional information should be collected by the Robocall Mitigation Database. The FNPRM would ask whether there are alternative means to stop illegal foreign-originated robocalls. Finally, while the rulemaking proceeding is pending, the FCC would not enforce the prohibition in Section 63.6305(c) of the FCC’s rules on U.S.-based providers accepting traffic carrying U.S. NANP numbers that is received directly from foreign voice service providers that are not in the Robocall Mitigation Database.

Supporting Broadband for Tribal Libraries Through E-Rate - Pursuant to Section 254(h)(4) of the Communications Act of 1934, as amended, a library may not receive preferential treatment or rates (such as under the E-rate program) unless it is eligible for assistance from a State library administrative agency under the Library Services and Technology Act (“LSTA”). In 2018, the LSTA was amended to specifically include Tribal libraries as eligible for assistance from a State library administrative agency. The NPRM would propose to amend Sections 54.500 and 54.501(b)(1) of the FCC’s rules to clarify that Tribal libraries are eligible for E-rate support. The NPRM would also seek comment on other measures to enable Tribal schools and libraries to gain access to the E-rate program and ways to increase participation in the E-rate program.

Strengthening Security Review of Companies with Foreign Ownership - The Second Report and Order would adopt standardized national security and law enforcement questions (“Standard Questions”) to be answered by applicants with reportable foreign ownership as part of the Executive Branch review of certain applications filed with the FCC. The issuance of Standard Questions is the FCC’s final step in implementing several reforms to formalize and streamline the FCC and Executive Branch review process consistent with Executive Order No. 13913 (April 20, 2020), which established a Committee for the Assessment of Foreign Participation in the United State Telecommunications Sector (“Committee” (formerly known as Team Telecom)) and set forth procedures and timelines for the Committee to complete its review. The Second Report and Order would include Standard Questions for the following types of applications when reportable foreign ownership (generally a 5 percent or greater equity and/or voting interest (indirect or direct) in the applicant) is present: (1) applications for a new or modified International Section 214 authorization or submarine cable landing license; (2) applications for assignment or transfer of control of an International Section 214 authorization or a submarine cable landing license; and (3) petitions for a declaratory ruling to permit foreign ownership in a broadcast licensee, common carrier wireless licensee or common carrier earth station licensee that exceeds the benchmarks in Section 310(b) of the Communications Act. There would also be a supplement to each set of questions to provide personally identifiable information for individuals with a reportable ownership interest, non-U.S. individuals with access to the applicant’s facilities, corporate officers and directors, and a law enforcement point of contact.

You will find more information about the most significant items after the break:

Securing Communications Networks – The Third Report and Order would amend the FCC’s rules for the Secure and Trusted Communications Network Reimbursement Program, consistent with the guidance in the Consolidated Appropriations Act (“CAA”). As proposed in a February 2021 Third FNPRM, the Order would increase the eligibility cap for participation in the Reimbursement Program from providers with two million or fewer customers to providers with ten million or fewer customers, and would modify the equipment and services eligible for reimbursement to all communications equipment and services provided or produced by Huawei or ZTE. The Order would also establish June 30, 2020 as the date by which equipment and services must have been obtained to be eligible for reimbursement. Additionally, the Order would make several other changes to the Commission’s rules to align the prioritization scheme and definition of “advanced communications service” with the CAA framework, and would clarify certain aspects of the Reimbursement Program rules.

Radar Sensing Technologies in the 60 GHz Band – The draft NPRM would recognize the recent technological advancements for FDS/radar devices and increased demand for unlicensed mobile radar operations in the 57-64 GHz portion of the 57-71 GHz band. It would therefore ease technical restrictions on the operation of unlicensed FDS/radar devices consistent with recent waivers while continuing to protect other unlicensed users of the 57-71 GHz band like WiGig wireless local area networking (“WLAN”) devices and outdoor fixed point-to-point communication links. The Office of Engineering and Technology (“OET”) has granted several waivers of Section 15.255 of the FCC’s rules for FDS/radar operations to operate at higher power levels without any reported cases of harmful interference, starting with the Google waiver in 2018 for short-range gesture sensing radars incorporated into phones and tablets.

Among other things, the NPRM would (1) allow all unlicensed FDS/radar devices to operate in the 57-64 GHz portion of the band at a maximum of 20 dBm average EIRP, 13 dBm/MHz average EIRP power spectral density, and 10 dBm transmitter conducted output power, along with a maximum 10% duty cycle restriction within any 33 ms interval; and (2) seek comment on whether the Commission could allow FDS/radar devices that use listen-before-talk, spectrum sensing or other similar methods of technical coexistence to operate across the entire 57-71 GHz band at the same power level (40 dBm EIRP) as is currently permitted for communications devices in the band.

Updating International Filing Requirements – The Order would modify the Commission’s rules to require electronic filing of all remaining applications or reports to the International Bureau previously requiring paper filing or alternative filing processes. Specifically, the Order would mandate the electronic filing of Section 325(c) applications, applications for International High Frequency Broadcast (“IHF”) Stations, and Dominant Carrier Section 63.10(c) Quarterly Reports. It would also remove a duplicate paper filing requirement for satellite cost-recovery declarations. With this Order, all applications and filings to the International Bureau would require electronic filing in the International Bureau Filing System (“IBFS”).

At the FCC Open Meeting on June 17, 2021, the FCC took its most visible step yet toward Acting Chairwoman Rosenworcel’s vision. The Commission adopted a Notice of Proposed Rulemaking (“NPRM”) and Notice of Inquiry (“NOI”) to further address national security threats to communications networks and the supply chain. The NPRM and NOI sets its sights on the Commission’s rules relating to equipment authorization and competitive bidding. The Commission’s proposals have seeds of a much broader focus on Internet of Things (“IoT”) devices, cybersecurity and RF fingerprinting, to name a few. All participants in the telecommunications ecosystem should take notice.

The NPRM and NOI initiates an inquiry into many proposals to tighten the focus on network security in FCC procedures. Most notably, the Commission opened inquiry into the following areas:

Equipment Authorization Rules and Procedures – The NPRM seeks comment on a proposal to prohibit all future authorizations of equipment on the Covered List under the Secure and Trusted Communications Networks Act of 2019, including equipment subject to the FCC’s certification and Supplier’s Declaration of Conformity processes associated with equipment authorization. This proposal goes beyond the current rules, which prohibit recipients of Universal Service Program funding to use that funding to purchase, lease or maintain equipment on the Covered List.

Under current rules, despite the USF program prohibition, equipment on the Covered List can still obtain equipment authorization (and has already obtained authorization). The NPRM considers whether to revise the rules to ensure that any “covered” equipment cannot qualify for authorization. It also seeks comment on whether to revoke authorizations that were previously granted for equipment on the Covered List. If approved, the FCC seeks to determine which authorizations should be revoked and through what procedures.

Competitive Bidding Certification – The NPRM also seeks comment on a proposal to require applicants who wish to participate in FCC auctions to certify that their bids do not and will not rely on financial support from any entity that the FCC has designated under Section 54.9 of the FCC’s rules as a national security threat to the integrity of communications networks or the communications supply chain. The certification would require applicants to attest that no equipment (including component part) is comprised of any “covered” equipment, as identified on the current published list of “covered” equipment and would cross-reference section 1.50002 of the FCC’s rules that include the Covered List.

Manufacturing Encouragement Efforts – The NOI portion of the FCC document seeks comment on how the FCC can leverage its equipment authorization program to encourage manufacturers who are building devices that will connect to U.S. networks to consider cybersecurity standards and guidelines. The FCC inquires further about how to address security risks associated with IoT devices. Importantly, as we theorized a while back, the FCC notes the work that the National Institute of Standards and Technology (“NIST”) has done on cybersecurity and, in particular, cybersecurity for IoT devices, and asks whether the FCC’s equipment authorization rules should require manufacturers to certify in equipment authorization applications that they have considered this guidance in the design and manufacturing of their devices. The NOI also includes questions regarding the use of “RF fingerprinting” to help identify and isolate insecure devices.

Commissioner Statements

As expected, the NPRM and NOI received unanimous support from the Commissioners. Acting Chairwoman Rosenworcel cited to the rash of ransomware attacks and emphasized the need for broader cybersecurity considerations of IoT. “We need to acknowledge that the equipment that connects to our networks is just as consequential for our national security as the equipment that goes into our networks,” she said. Commissioner Carr discussed the possibility of Chinese interference with missile defense systems in North Dakota and referred to this proceeding as “closing a loophole” in FCC rules. Commissioner Starks, a former staff member in the Enforcement Bureau, emphasized changes intended to make enforcement against foreign actors easier to implement, citing examples from the past decade involving illegal jamming equipment manufactured overseas. Commissioner Simington took credit for adding “RF fingerprinting” to the NOI, stating that the technology “can play a central role in interdiction and enforcement of hacking and cyber-crime.”

With this proposal’s broad support at the Commission, equipment manufacturers (including IoT device manufacturers should pay close attention to the FCC’s actions. Comments will be received over the summer and the Commission could address its rules by year-end. Affected manufacturers may wish to comment in the proceeding.

You will find more information about the most significant items on the June meeting agenda after the break:

Securing the Communications Supply Chain – The NPRM and NOI would seek comment on a proposal to prohibit all future authorizations for equipment on the FCC’s Covered List under the Secure and Trusted Communications Act. The NPRM would seek comment on whether, and how, the FCC should revoke any current authorizations for equipment included on the Covered List, and if it should revise the rules to no longer permit exceptions for equipment authorizations on the Covered List. It would also propose to require participants in any upcoming FCC auctions to certify that their auction bids do not and will not rely on financial support from any entity that the agency has designated as a national security threat to the communications supply chain. The NOI would seek comment on how the FCC can leverage its equipment authorization program to encourage manufacturers to consider cybersecurity standards and guidelines when building devices that will connect to U.S. networks.

Modernizing Equipment Marketing and Importation – The Report and Order would adopt changes to the equipment authorization rules to allow expanded marketing and importation of radiofrequency (“RF”) devices prior to certification, with conditions. The Order would add a new condition to allow importation of up to 12,000 RF devices for certain pre-sale activities prior to authorization. It would additionally amend the FCC’s rules to allow conditional sales of RF devices prior to authorization, so long as those devices will not be delivered to consumers until they are authorized. The Order includes labeling, recordkeeping, and other conditions to ensure that RF devices are not sold or operated prior to equipment authorization.

Improving Emergency Alert Systems – The Report and Order and FNPRM would adopt the rule changes proposed in the FCC’s March 2021 NPRM to update the EAS and WEA systems rules, pursuant with the 2021 National Defense Authorization Act (“NDAA”) requirements. The Order would create a new category of non-optional “National Alerts,” combining WEA Presidential Alerts with FEMA Administrator Alerts, which may be nationally or regionally distributed. States would be encouraged to establish a state EAS plan checklist for State Emergency Communications Committees (“SECCs”), or otherwise establish an SECC if not already formed. This Report and Order would also enable FEMA to report false EAS and WEA alerts and to repeat certain EAS messages if necessary. The FNPRM would seek comment on whether to remove or refine certain EAS emergency event codes that are irrelevant or confusing, and on whether to update the EAS to include a more persistent display and notification of emergency messages for more severe events.

Implementing the TRACED Act – The Report and Order would establish rules pursuant to the TRACED Act to create a process that streamlines the ways in which a private entity may report robocalls or spoofed caller ID to the FCC. The Commission would create on online portal where private entities, meaning any entity other than an individual person or public entity, could submit suspected violations directly to the Enforcement Bureau. The Order clarifies that the new portal would not affect the existing consumer complaint process, and the agency will still use the consumer complaint portal for individual consumer complaints.

Connected Care Pilot Program – The Second Report and Order offers further guidance on the Commission’s Connected Care Pilot Program, including on the Pilot Program budget and administration, eligible services, competitive bidding instructions, invoicing, and data reporting for selected participants. Notably, the Order clarifies that the Pilot Program will reimburse network equipment purchases necessary to make both broadband and connected care information services functional, even if the Pilot Program is not directly supporting the costs of those services. The FCC announced earlier this year that an initial 23 applicants had been selected, with more selected applications to be announced at a later date, and selected applicants could begin the funding request process once this Report and Order becomes effective.

The February meeting begins what is expected to be a busy 2021 for the FCC’s agenda. You will find more information about the meeting items after the break.

Emergency Broadband Benefit Program: On December 27, 2020, President Trump signed the Consolidated Appropriations Act ("CAA"), 2021, which included Section 904 authorizing the $3.2 billion Emergency Broadband Benefit (EBB) Program. The Program will reimburse up to $50 per month per eligible low-income household to discount broadband service and certain connected devices during an emergency period. To participate, providers must have offered broadband internet access service as of December 1, 2020 and must either be an Eligible Telecommunications Carrier or be approved by the FCC pursuant to an expedited approval process. Congress gave the FCC 60 days to promulgate regulations to implement the EBB program and the FCC released a Public Notice establishing a comment cycle on January 4, 2021. Comments were filed on or before January 25, 2021 and reply comments are due by February 16, 2021. The Commission is also holding a roundtable discussion on the EBB implementation on February 12, 2021.

COVID-19 Telehealth Program: The FCC will hear a presentation about the agency’s plans for the next stage of the COVID-19 Telehealth program. The agency already approved $200 million in funding under the program for health care providers in 2020, exhausting the initial funding appropriated by Congress to support connected care services to patients. But Congress recently provided an additional $249.95 million for the program and the FCC already has sought comment on the appropriate metrics for evaluating requests for this funding and potential program improvements and taken action to streamline the process for disbursing future funding.

Improving Broadband Mapping Data: The FCC will hear a presentation on the agency’s work to improve its broadband maps, including through the Digital Opportunity Data Collection (DODC) that will require service providers to submit granular data regarding their current and potential broadband service territories. Among other things, the FCC will use this information to determine the areas eligible for the second round of support under the Rural Digital Opportunity Fund, which will provide at least $4.4 billion over ten years to spur broadband deployment in unserved areas. The DODC enjoys bipartisan support at the FCC, but has received criticism for its complex reporting requirements, crowdsourcing and challenge processes, enforcement standards, and lack of exceptions for smaller providers.

Supply Chain Security: The draft Further Notice of Proposed Rulemaking (“FNPRM”) would align the FCC’s supply chain security rules with the recently-enacted CAA, which allocated $1.9 billion to reimburse providers for the costs of removing, replacing, and disposing of network equipment and services posing a national security risk. In particular, the FCC plans to: (1) raise the cap on reimbursement eligibility to encompass providers with 10 million or fewer customers; (2) seek comment on allowing providers to use reimbursement funds to cover the removal, replacement, and disposal of all network equipment and services provided by Chinese telecommunications companies Huawei and ZTE that were deemed a national security threat last year; (3) request input on allowing providers to use reimbursement funds to cover the removal, replacement, and disposal of unsecure network equipment and services obtained on or before June 30, 2020; (4) prioritize reimbursement funding to smaller providers with two million or fewer customers and non-commercial educational broadband service (“EBS”) providers as well as “core” network transition costs; and (5) expand the definition of advance communications service providers eligible for reimbursement to explicitly include EBS providers, libraries, and health care providers, in line with the CAA.

911 Fee Diversion: The draft Notice of Proposed Rulemaking (“NPRM”) would implement section 902 of the Don’t Break Up the T-Band Act of 2020, which requires the FCC to take action to address the diversion of 911 fees by states and other jurisdictions for purposes unrelated to 911 operations. Section 902 specifically directs the FCC to issue final rules within 180 days of defining what uses of 911 fees by states and taxing jurisdictions constitute 911 fee diversion. The NPRM seeks comment on proposed rules to implement these provisions. Notably, fee diversion was a key focus area for former FCC Commissioner O’Rielly and remains a controversial issue within the agency.

The December meeting may be the first attended by recently-confirmed Republican FCC Commissioner Nathan Simington, who will replace outgoing Commissioner Michael O’Rielly after today’s confirmation vote in the U.S. Senate. In addition, Chairman Pai recently announced that he intends to leave the FCC on Inauguration Day, January 20, 2021. As a result, the January 2021 FCC open meeting will be his last meeting before the change in administration.

You will find more details about the most significant items on the December meeting agenda after the break.

Securing the Communications Supply Chain – The draft Report and Order would require ETCs receiving Universal Service Fund support to remove and replace covered equipment and services posing a national security risk from their networks. It would also establish a reimbursement program to subsidize smaller carriers to remove and replace covered equipment, specifically those providers with two million or fewer customers, once Congress appropriates the estimated $1.6 billion needed to reimburse eligible providers for such costs. The draft Order would establish the procedures and criteria for publishing a list of covered communications equipment or services, and would adopt a reporting requirement for all providers of advanced communications services to annually report on covered equipment and services in their networks.

Modernizing Equipment Marketing and Importation Rules – The draft NPRM would propose updates to the Commission’s marketing and importation rules under its equipment authorization program. The proposed rules would permit, prior to equipment authorization, conditional sales of radiofrequency devices to consumers under certain circumstances. The NPRM also would propose to allow a limited number of radiofrequency devices subject to Certification to be imported into the U.S. prior to equipment authorization for certain pre-sale activities, including packaging and shipping devices, and loading devices with specific software.

TCPA Order on Reconsideration – The draft Order on Reconsideration would clarify the Commission’s previous interpretation of the TCPA that permitted government and government contractor calls without consumers’ prior express consent. The draft item would address long-standing questions regarding a 2016 Declaratory Ruling that first set guardrails on the government and government contractor exemption. The draft text of this item has not been publicly released.

Modernizing the E-Rate Program – The draft Order would amend the E-Rate invoice filing deadline rule to ensure program participants have sufficient time to complete the invoice payment process. Specifically, the Order would address situations where USAC issues a revised E-Rate funding commitment letter, in which case the FCC will allow recipients additional time to complete the work identified in the revised funding commitment. The draft text of this item has not been publicly released.

FCC regulatory activity likely will slow in the immediate lead-up to and aftermath of the 2020 general election. As a result, the September agenda may represent the FCC’s last big push on major reforms for the year. You will find more details on the significant September meeting items after the break:

Repurposing 3 GHz Band Spectrum: The draft Report and Order and Further Notice of Proposed Rulemaking would eliminate the non-federal radiolocation and amateur allocations from the 3.30-3.55 GHz band as a first step toward future sharing of the spectrum between federal incumbents and commercial wireless providers. However, the FCC would allow incumbent non-federal licensees to continue in-band operations until it finalizes its plans to reallocate the spectrum operations to below 3.0 GHz. The FCC would propose making 100 megahertz of spectrum in the 3.45-3.55 GHz band available for flexible use wireless service throughout the contiguous United States. To facilitate such wireless operations, the FCC would propose adding a co-primary, non-federal fixed and mobile (except aeronautical mobile) allocation to the band. It would also seek input on the appropriate licensing, auction, spectrum sharing, and technical rules for the band, and on relocation procedures for the non-federal relocation operators.

Commercial Access to the 4.9 GHz Band: The draft Sixth Report and Order and Seventh Further Notice of Proposed Rulemaking would allow one statewide 4.9 GHz band licensee per state to lease some or all of its spectrum rights to third parties, including commercial users. Lessees would be required to comply with the same spectrum coordination procedures as public safety licensees in the band. In addition, the FCC would seek comment on establishing a Band Manager in each state to coordinate and authorize new operations in the 4.9 GHz band. The agency also would request input on how to ensure robust use of the 4.9 GHz band, including through dynamic spectrum sharing technologies and cross-state collaborations.

Implementing STIR/SHAKEN Framework: The draft Second Report and Order would require voice service providers to either upgrade their non-IP networks to IP and implement the STIR/SHAKEN framework or develop a non-IP caller ID authentication solution by June 30, 2021. The FCC would adopt extensions of the June 30, 2021 deadline for: (1) small providers (two-year extension); (2) providers that currently cannot get a digital certificate necessary to implement STIR/SHAKEN because they do not obtain direct access to telephone numbers or other technical issues (indefinite extension); (3) services scheduled for discontinuance (one-year extension); and (4) non-IP network services (indefinite extension). The Commission would require all providers subject to an extension to implement a robocall mitigation plan for the parts of their networks where STIR/SHAKEN is not implemented and certify that they implemented such mitigation measures with the FCC. Moreover, the FCC would require intermediate providers to either pass along caller ID authentication information for authenticated calls or authenticate the caller ID information for unauthenticated calls they receive by June 30, 2021. Intermediate providers would be relieved of the independent authentication requirement if they register with the industry traceback consortium or respond to all traceback consortium information requests. Finally, the FCC would prohibit providers from adding line item charges to subscribers for providing caller ID authentication.

Streamlining Foreign Ownership Reviews: The draft Report and Order would establish rules and timeframes for the Committee for the Assessment of Foreign Participation in the United States Telecommunications Service Sector (Committee) to complete its review of certain applications posing potential foreign ownership concerns (i.e., the applicant has a 10% or greater direct or indirect foreign investor). Specifically, the Committee would be required to complete its initial application review within 120 days and, if necessary, its supplemental application review within 90 days. Affected applicants would be required to provide responses to a standardized set of national security and law enforcement questions regarding: (1) corporate structure and shareholder information; (2) relationships with foreign entities; (3) financial condition; (4) compliance with applicable laws and regulations; and (5) business and operational information. The standardized questions would be developed in a subsequent proceeding following public notice and comment. The new rules would apply to applications: (1) for international Section 214 authorizations or to assign/transfer control of such authorizations; (2) for submarine cable landing licenses or to assign/transfer control of such licenses; and (3) to exceed the foreign ownership limits under Section 310(b) of the Communications Act.

Reforming IP CTS Rates and Standards: The draft Report and Order, Order on Reconsideration, and Further Notice of Proposed Rulemaking would establish a compensation rate of $1.30/minute for IP CTS providers through a two-step transition process. The first step would transition from the current $1.58/minute rate to a $1.42/minute rate for the remainder of fund year 2020-21 (effective December 1, 2020), while the second step would transition the rate to $1.30/minute for fund year 2021-22. The FCC would also propose to adopt service standards for IP CTS captioning delay and accuracy, and seek comment on appropriate metrics. The Commission would request input on appropriate IP CTS service standard testing procedures, including sample size and call methodology. In addition, the FCC would ask whether it or a third-party organization should be responsible for such testing.

Reviewing 911 Fee Diversion: The draft Notice of Inquiry would request input on the effects of 911 fee diversion, specifically from states, on the provision of 911 services and the transition to next-generation 911 services. The FCC also would seek comment on how it can use its regulatory authority to discourage 911 fee diversion, including by conditioning state eligibility for FCC licenses, programs, or other benefits on the absence of fee diversion. The FCC would further ask about measures it can take to discourage fee diversion under the Commission’s authority, and how it can encourage states to pass legislation or adopt rules that would prohibit 911 fee diversion.

Comments on the Second FNPRM are due by August 31, 2020 and reply comments are due by September 14, 2020.

FCC Declares Compliance with Secure Networks Act’s Federal Funding Prohibition Mandate

Mirroring the Commission’s November 2019 Supply Chain Protection Order in many respects, the Secure Networks Act, enacted in March 2020, seeks to protect the U.S. communications supply chain from equipment and services posing unacceptable national security risks. Among other mandates, Section 3 of the Secure Networks Act requires the Commission to adopt a Report and Order prohibiting federal funds, that are used for capital expenditures necessary to advanced communications services and made available in FCC-administered programs, from being used for certain services and equipment deemed to pose a national security threat. The Declaratory Ruling concluded that, although adopted prior to the Secure Networks Act, the Supply Chain Protection Order’s prohibition on the use of federal universal service funds (“USF”) for any equipment or service provided by a company posing a national security threat, was consistent with and “substantially implemented” the narrower prohibition, set forth in Section 3 of the Secure Networks Act.

Comments invited on FCC Proposed Interpretation and Implementation of the Secure Networks Act

Focusing on the Commission’s proposed implementation of Sections 2, 3, 5, and 7 of the Secure Networks Act, the Second FNPRM invites comment on issues that could significantly affect telecommunications providers and advanced communications service providers that receive federal funds. Among other issues, the Commission seeks comment on the following:

Definitions of Key Terms - The Commission proposes to define two key terms - “advanced communications services” and “communications services and equipment” - used in the Secure Networks Act. Under the Commission’s proposed definition, advanced communications services would use a “200 kbps in either direction” speed threshold to capture equipment that would not meet current advanced telecommunications capability speeds, such as the current 25 Mbps download/3 Mbps upload standard for fixed services, but nonetheless might pose a national security threat. In a proposal that the Commission describes as providing a bright-line rule for easy administration, “communications equipment and services” would be defined to include all of the services and equipment used in fixed and mobile broadband networks, provided they use or include electronic components.

Section 2 “Covered” Equipment and Services List – Section 2 of the Secure Networks Act requires the Commission to publish, for purposes of the federal funding usage prohibition, a list of “covered” communications equipment and services, that are deemed to present an unacceptable risk to national security (the “Covered List”). The Second FNPRM raises several questions regarding how to implement this mandate including, for example:

• Can executive branch agencies, such as Team Telecom or CFIUS, that are not specified in the Secure Networks Act, determine that equipment or service poses a national security risk (a “determination”)?
• What is the required level of specificity for determinations, e.g., must a determination identify equipment model numbers or would the mere identification of an equipment or service provider qualify as a determination?
• What process should the Commission use to permit interested parties to clarify if a specific communications equipment or service is or is not on the Covered List?
• Because the Commission interprets the Secure Networks Act as requiring that the Covered List be published without a public comment period, the Second FNPRM comment cycle may be of particular interest to entities that could be subject to the Covered List prohibitions.

Sections 5 and 7 Reporting and Enforcement – While they are important provisions, Sections 5 and 7 of the Secure Networks Act raise fewer implementation issues. Section 5 requires that advanced communications providers submit annual reports regarding any “purchased, rented, leased, or otherwise obtained” covered equipment and services and include a “detailed justification” for obtaining the equipment and service. The Second FNPRM solicits comment on what must be included in the detailed justification, the proposed report contents, and the confidentiality of such reports. Section 7 directs the FCC to treat violations of the Secure Networks Act and related regulations in the same manner as violations of the Communications Act and also requires federal funding recovery for violations. Noting that the Commission has existing enforcement regulations, the Second FNPRM proposes to adopt regulations addressing only the Section 7 fund recovery requirement and seeks comment on any additional clarifications necessary to enforce the requirement.

Next Steps

The Commission’s Supply Chain Protection proceeding has been and remains active with industry participants initially weighing in on the Commission’s USF spending prohibitions and more recently commenting on the information collection addressing anticipated costs for removing and replacing equipment deemed to pose a national security threat. The Second FNPRM is likely to trigger similar levels of interest as industry participants assess the potential impact of the additional issues related to implementing the Secure Networks Act. Although the Commission has some time to implement those requirements – for example the covered equipment and services list has a required publication date of March 12, 2021 – based on the importance of the issue and the likely significant coordination and logistics necessary to implement the Secure Networks Act requirements, we anticipate that the proceeding, and further Commission action, will progress fairly quickly.

We will continue to monitor the Commission’s Supply Chain Protection efforts. Please reach out to us or your usual Kelley Drye attorneys if you have any questions.

Click here to read the full post from Kelley Drye's Trade and Manufacturing Monitor.

While FCC action historically dwindles going into an election year, the July agenda shows no signs of slowing down on the Commission’s main priorities. You will find more details on the most significant July meeting items after the break:

National Suicide Prevention Lifeline: The draft Report and Order would designate 988 as the 3-digit number for the National Suicide Prevention Lifeline and mental health crisis hotline (“Lifeline”). The Commission would require all telecommunications carriers, interconnected VoIP providers, and one-way VoIP providers to make any network changes necessary to ensure that all users can dial 988 to reach the Lifeline by July 16, 2022. Service providers would be required to transmit all calls initiated by an end user dialing 988 to the current toll free access number for the Lifeline (1-800-273-TALK). The Commission would also require covered providers to implement 10-digit dialing in areas that use both 7-digit dialing and 988 as an NXX numbering prefix to ensure direct dialing to the Lifeline and avoid delayed and misdirected calls.

Call Blocking Rules: The draft Third Report and Order, Order on Reconsideration, and Fourth Further Notice of Proposed Rulemaking (“FNPRM”) would continue the Commission’s efforts to stop unwanted and illegal robocalls. Consistent with the TRACED Act, the Commission would establish a safe harbor from liability for terminating providers for blocking wanted calls, as long as the call blocking was based on reasonable analytics indicating that the call was unwanted, including STIR/SHAKEN information when available. A second safe harbor would also enable voice service providers to block traffic from bad-actor upstream voice service providers that continue to allow unwanted calls on their network. Blocking providers would also be required to establish a single point of contact to remedy unintended or inadvertent blocking, and to ensure that calls to 911 are never blocked. The Commission asks for input on how it can further implement the TRACED Act, and proposes establishing obligations for voice service providers to respond to certain traceback requests, mitigate bad traffic, and take affirmative measures to prevent customers from originating illegal calls on their networks. It also would propose requiring terminating service providers that block calls to provide a list of those blocked calls to their customers on demand and at no additional charge.

Secure Networks Act: The draft Declaratory Ruling and Second FNPRM would integrate provisions of the Secure and Trusted Communications Networks Act of 2019 (“Secure Networks Act”) into the Commission’s existing supply chain rulemaking proceeding. The FCC would adopt the prohibition on the use of universal service funds for equipment and services produced or provided by companies, such as Huawei and ZTE, designated as a national security threat, upholding the 2019 Supply Chain Order. The FNPRM would seek comment on implementing certain portions of the Secure Networks Act, proposing several different processes and definitions that will aid the FCC in compiling and publishing a list of covered communications equipment and services. Additionally, the FCC proposes to: (1) ban the use of federal subsidies for any equipment or services on the new list of covered communications equipment and services; (2) require that all advanced communications providers report whether they use any covered equipment and services; and (3) establish regulations to prevent waste, fraud, and abuse in the proposed reimbursement program to remove, replace, and dispose of insecure equipment. These proposed regulations would include penalties for violations of the reimbursement program and repayment provisions for any violations. The FCC Orders issuing final designations of both Huawei and ZTE as covered companies were effective immediately upon release on June 30, 2020.

Z-Axis Location Accuracy Requirements: The draft Sixth Report and Order and Order on Reconsideration would affirm the FCC’s vertical location (“z-axis”) requirements and deadlines, building on the existing Enhanced 911 location accuracy rules to more accurately identify floor level location for wireless calls made from multi-story buildings. The FCC would adopt its proposals to require CMRS providers that elect to deploy z-axis technology meet the 3-meter accuracy metric by April 2021 for the top 25 CMAs, and by April 2023 in the top 50 CMAs, requiring 80 percent coverage of the population in a CMA. Finding that deploying z-axis technology is technically feasible in the near future, the draft ruling would require all nationwide wireless CMRS providers to deploy z-axis technology nationwide by April 2025, and require non-nationwide providers to deploy z-axis technology in their top 50 CMA service areas by April 2026. The FCC also revises its rules to allow CMRS providers to deploy dispatchable location solutions that rely on a range of technical approaches. Additionally, consistent with Kari’s Law and Ray Baum’s Act, the rules would require all CMRS providers to provide dispatchable location for individual 911 calls, if it is technically feasible and cost-effective to do so, by January 6, 2022.

Improving Broadband Data and Maps: The draft Second Report and Order and Third FNPRM would adopt specific measures and requirements to develop the new broadband maps implemented by the Digital Opportunity Data Collection and the Broadband DATA Act. Although the FCC lacks funding to implement the new maps at this time, these actions would meet the requirement to complete the broadband mapping rulemaking within the set deadline and to develop the service availability maps as soon as feasible. The draft action would adopt a number of requirements for fixed and mobile broadband providers, including specific coverage reporting and disclosure requirements and standards for data use and verification. It would also establish a Broadband Serviceable Location Fabric (“Fabric”), creating a nationwide dataset containing geocoded locations for all areas where broadband connections can be installed, as well as a Broadband Map, showing served and unserved areas for both fixed and mobile coverage. The FNPRM would seek comment on other actions that may be necessary to implement other provisions of the Broadband DATA Act, specifically on which providers are subject to the data collection, data reporting standards for fixed and mobile service, a challenge process for map accuracy, and on processes for implementing the Fabric.

For those interested in participating, comments and replies are due by June 18, 2020 and July 2, 2020, respectively.

To those unfamiliar with Team Telecom reviews, the FCC refers to Team Telecom applications it receives for international Section 214 or submarine cable licenses, as well as applications to assign or transfer control of such licenses, where an applicant has ten percent (10%) or greater direct or indirect foreign ownership. Team Telecom reviews the applications for law enforcement and national security concerns. Any company that has undergone a Team Telecom review knows that the experience can be lengthy and require assembly of copious amounts of information and responses to numerous questions. The FCC’s 2016 proceeding included numerous proposals, including some from the National Telecommunications and Information Administration that were submitted on behalf of Team Telecom, to reform Team Telecom reviews by providing structure and greater transparency. Although E.O. 13913 established some review timelines and framed out certain processes to guide Team Telecom reviews, many aspects of the review process remain to be developed, especially as they impact the Commission or applicants. And, while it is not surprising that the FCC might want to provide insight to Team Telecom as the latter works to implement E.O. 13913, the FCC’s reopening of the 2016 proceeding is intriguing for a number of reasons.

Notably, the FCC’s comment request, while open to the public, expressly invites Team Telecom to comment on E.O. 13913’s effect on the FCC’s 2016 reform proceeding proposals. The FCC’s public notice poses several questions directly to Team Telecom members, including, among others, whether Team Telecom still proposes that all applicants make certain certifications with their FCC applications and whether those certifications have changed from those proposed in the 2016 proceeding. The proceeding refresh timing also is somewhat unusual. E.O. 13913 gave Team Telecom 90 days – or until July 3 – to develop an implementation plan covering certain aspects of the review process. However, the FCC tees up review process questions, such as distribution of Team Telecom data requests to applicants, whether applicants will submit responses when applications are first filed, etc., that Team Telecom presumably will only address in its implementation plan several weeks after the initial comments are due. Finally, the FCC’s request for general comment on whether E.O. 13913 needs “further or different rules to improve timeliness and transparency” may signal a belief that there is room for improvement even under the new Team Telecom review structure.

Although some of the FCC’s comment requests are directed at Team Telecom, telecommunications industry participants should consider if they have ideas or concerns to include in the record. Some proposals included in the 2016 Team Telecom reform proceeding, and for which the Commission again seeks comment, could have broad applicability. One such proposal would require that all applicants, even those without foreign ownership, certify that they will make communications within, to, or from the United States and related records subject to legal process and will appoint a U.S. citizen or lawful permanent resident, located in the United States, to execute such legal process. Similarly, industry members may want to address certain of the 2016 proceeding proposals in light of new regulatory changes such as the Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”) which could affect an applicant’s ability to make certain certifications.

Kelley Drye continues to monitor the new Team Telecom and the developing review process. Please reach out to us or your usual Kelley Drye attorneys if you have any questions.

Join Kelley Drye for a webinar on May 7th at 11:00 AM EDT to look at these significant changes, including:

• New rules, promulgated earlier this year to implement the Foreign Investment Risk Review Modernization Act of 2018, or FIRRMA, which govern review by CFIUS of certain transactions involving foreign investment in United States businesses, as they apply to the telecommunications sector
• When telecommunications entities must file disclosures with CFIUS before a transaction, when such entities may file voluntarily (and why they might do so), and what transactions are not covered
• The President’s recent Executive Order establishing the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (“Committee”) to conduct Executive Branch law enforcement and national security reviews of certain FCC applications and licenses
• What is known about the new Committee, how it relates to Team Telecom and CFIUS, and what uncertainties remain

Review of applications, referred by the FCC to Team Telecom, with certain national security and law enforcement concerns has long been part of the landscape, but, because the Team Telecom review process had had no statutory or regulatory framework, the communications industry had little insight into the review process or the Executive Branch’s related activities. This is not to say that the new Committee will be transparent, and one should not expect that, but the EO better defines the process and the potential scope of the review activities.

Committee Responsibilities

The Committee is tasked to review, for national security and law enforcement concerns raised by foreign participation in the United States telecommunications services sector, those applications before the FCC “for a license or authorization, or the transfer of a license or authorization” which the agency refers to the Committee (“Referred Application”). The EO does not purport to dictate when the FCC, an independent agency, refers applications to the Committee, but the track record of referrals to Team Telecom probably provides a guide of what will be referred. And nothing prevents the Committee, or an executive agency, from asking the Commission to refer an application (which has been the case prior to the EO). Moreover, the interrelationship between the Committee’s activities and those of the Committee on Foreign Investment in the United States (“CFIUS”), whose authority pursuant to statute concerns review of certain covered transactions involving foreign investment in U.S. businesses in the telecom sector and beyond, remains to be seen. Historically the link between Team Telecom review and CFIUS activities has not been susceptible to clear explanation. Indeed, there is only one mention of CFIUS in the EO, in the context of information that the Committee can share with the CFIUS when it is undertaking a review of transactions.

By all appearances, the Committee will replace the functions of Team Telecom which currently conducts such national security reviews but is not governed by any established procedures. The new EO also contemplates review, on the Committee’s own motion, of existing FCC licenses and authorizations to identify “any new or additional risks” to law enforcement and national security. These reviews may result in a recommendation to the FCC to modify or revoke licenses and authorizations even where Team Telecom or the Committee has not imposed mitigation measures earlier. While the EO provides some long-sought clarity and structure to the review process, some uncertainties remain as to how this Committee will operate and use its authority to seek conditions on or denial of FCC licenses, given the White House’s initiative to establish the Committee. However, judging by an executive agency recommendation – a mere five days after the EO was issued – that the FCC revoke China Telecom’s FCC license, albeit not under the guise of the new Committee, and the Commission’s show cause orders issued to four Chinese government owned FCC licensees, the U.S. telecommunications industry should expect to see close review of new applications and potentially renewed scrutiny of previously-granted FCC licenses.

Responding to the release of the EO, FCC Chairman Pai welcomed the EO’s “formalizing Team Telecom review and establishing a process that will allow the Executive Branch to provide its expert input to the FCC in a timely manner.” FCC Commissioner O’Reilly, long an ardent proponent for revising the review process and a champion of the Commission’s rulemaking seeking changes associated with Team Telecom review, similarly lauded the EO for “establishing a formal structure . . . and including deadlines for the relevant agencies to render decisions” and noted that fixing the “incoherent and indefensibly unpredictable review process” had been his priority over the last several years. In its rulemaking proceeding in 2016 the FCC proposed definitive timeframes and a clear review process but, despite receiving industry support, that proceeding stalled.

Committee Structure and Implementation

Comprising, at its core, the same three agencies as Team Telecom, the Committee, chaired by the Attorney General, the head of the Department of Justice, will include the Secretary of Defense, Secretary of Homeland Security, and to the extent the President deems appropriate, the heads of any other executive agencies or Assistants to the President. Officials of other agencies – such as the Director of National Intelligence, the Secretary of Commerce, and the Secretary of State – will have limited roles in certain circumstances.

The EO sets a ninety (90) day timeline, or until June 2, 2020, for the Committee members to enter into a Memorandum of Understanding (that may or may not become public) that, among other requirements, establishes the information to be collected from applicants, defines standard mitigation measures, and identifies the plan for implementing the EO. However, the EO does not set an actual deadline by which the Committee will begin reviewing Referred Applications, but does provide that the purview includes applications “referred by the FCC before the date of [the EO] to the group of executive departments and agencies involved in the review process that was previously in place,” i.e., to Team Telecom. This should provide for something of a seamless transition from the current framework to the new Committee.

The EO Brings Some Insights into the Review Process

While the Committee’s responsibilities generally would be familiar to Team Telecom observers, at least two aspects are worth specific mention.

First, the EO establishes some semblance of definitive timeframes and processes for the Committee’s review of Referred Applications, albeit triggered by a somewhat uncertain date when applicants’ responses to the Committee’s questions and information requests are “complete.” Telecommunications providers and legal practitioners that have been through a Team Telecom review know that the process often was lengthy, with reviews not uncommonly taking nine months and even much longer. Moreover, neither the applicants nor the FCC had any insight into the mechanics of the review process or whether the review was continuing in the background during the often long stretches of time with no communication, from the Executive Branch after responses to the Team Telecom questions and information requests (commonly referred to as “triage” questions) were provided, at least until the end of the review process.

Under the EO, the Committee is to finish its initial review within 120 days of when an applicant’s responses are complete, although the Committee may conclude that a “secondary assessment” is warranted.” Any secondary review must be completed within ninety days of the start of the secondary assessment. So, reviews could take seven months after the triage questions have been completely addressed and still be within the time frames contemplated by the EO. Experience often showed, under the Team Telecom process, that completing triage could take several months itself.

The EO also provides a look “behind the curtain” of the Committee, from a procedural perspective, as it delineates the actions, such as the Director of National Intelligence’s review and written national security threat assessment, that the various Committee components will take during the review process. While knowledge that a process actually exists will be of interest to applicants, the substance of the internal communications will likely not be shared until such time as Committee recommendations are made known in terms of proposed mitigation measures or the lack of objections to a Referred Application.

Second, the EO makes clear that the Committee may take a fresh look at existing licensees for national security and law enforcement risks although the procedures surrounding such license reviews are not as fully flushed out in the EO as are those surrounding examination of Referred Applications. This authority may lead to the Committee seeking license revocation through the FCC or requiring the licensee enter into a mitigation agreement to avoid, presumably, an effort to revoke the license. While Team Telecom has sought license revocations over the past few years where mitigation agreements are already in place and there are issues of compliance, see also here and here, we are unaware of existing licensees being required to enter into new or revised mitigation agreements absent new applications, for example for assignments or transfers of control, being filed with the FCC.

Nevertheless, this explicit authority for the Committee to revisit and possibly modify or require new mitigation agreements is not entirely surprising. As we have reported previously, increased concerns regarding the security of telecommunications equipment from certain foreign-owned equipment manufacturers, such as Huawei and ZTE, recently have led the FCC to restrict and, in some cases, ban the use of such manufacturers’ equipment. The Executive Branch and other agencies similarly have identified numerous national security threats, with cybersecurity as a top concern, arising in the many years since some FCC licenses have been granted. Consequently, the Committee is unlikely to be shy about revisiting existing licensees where there now are perceived law enforcement or national security concerns that the Committee believes need to be addressed by mitigation measures. Of course, having a licensee’s existing mitigation agreement revisited, typically in the form of a generally more robust National Security Agreement (“NSA”) or a frequently “lighter touch” Letter of Assurances (“LOA”), or a licensee being required to enter into such a mitigation agreement for the first time, may have serious implications for the licensee depending on its business and operations models.

The EO explains that, while it does establish certain procedures and timeframes, it does not create any rights or benefits, substantive or procedural, that applicants or licensees can enforce at law or in equity against the government or any other person. Moreover, the EO does not supersede the existing rights or discretion of any Federal agency, outside the activities of the Committee, to conduct inquiries with respect to an FCC application or license or to negotiate, enter into, impose, or enforce contractual provisions” with such applicant or licensee, which would include existing mitigation arrangements with one or more executive branch agency.

The EO Also Creates Some Uncertainty

While the EO provides some transparency in, and certainty to, the Referred Application review process, many questions remain. To mention a few of those questions:

• What information will Referred Application applicants have to provide? Traditionally, applicants undergoing a Team Telecom review have faced fairly consistent sets of triage questions that vary by the type of application, with additional questions typically customized based on the applicant. The EO directs the Committee to develop the information requests that will be required from Referred Application applicants but it is unknown if those questions will be similar in scope and content to the triage questions or if the Committee will develop different and possibly more burdensome triage questionnaires given the elevated concerns within the government regarding the security of U.S. telecommunications and networks.
• What compliance obligations will be included in mitigation agreements? Under the current Team Telecom review process, applicants can expect to enter into a comprehensive NSA or an often narrower and lighter LOA. These arrangements are publicly available and provided FCC license applicants with a general sense of the scope of compliance obligations. In more recent years, we have observed a convergence toward more common terms, albeit with some ability to negotiate certain aspects of the mitigation. The EO retains the use of mitigation agreements but refers to “standard” and “non-standard” mitigation agreements. It is unclear if the “standard” vs “non-standard” mitigation dichotomy refers to the difference between LOAs and NSAs or contemplates other compliance frameworks. It is possible that LOAs and NSAs will be considered standard mitigation and non-standard mitigation measures will contain even more stringent or targeted compliance obligations. Alternatively, the Committee may revise the entire mitigation measure regime, and the degree of “negotiation” the government is willing to engage in may be adjusted materially, and not necessarily for the better.
• Exactly when will the Committee and its new measures replace the current Executive Branch review regime? The EO sets a 90 day deadline for the Committee to develop an implementation plan. It is possible that the Committee may be able to meet this deadline since the three primary member agencies already will be familiar with the review process based on their experience with the Executive Branch reviews. However, the EO does not identify a deadline for when the Committee will begin reviewing Referred Applications (or existing licenses) per the EO framework. The EO suggests that pending reviews may become subject to the EO timelines. If that’s true, will the timelines apply in full? Where the review is well under way? Will already pending reviews be placed on hold until the Committee is up and running? Similarly, will applications referred after the EO was released remain in pending status until the Committee gets things up and running?

Although not even a month has passed since the EO was released, action already is being taken to revoke the FCC license of China Telecom, and to require four other Chinese government-affiliated licensees to show cause why their FCC licenses should not be revoked. In what clearly was an already pending initiative, within five days of the EO’s release, Team Telecom recommended the FCC revoke China Telecom’s license. The recommendation, exceeding fifty pages and containing hundreds of pages of, often redacted, exhibits, details numerous concerns regarding China Telecom’s operations, which were subject to a 2007 LOA. The concerns range from the company’s failure to comply with its mitigation agreement to making inaccurate statements regarding its cybersecurity practices to providing opportunities for the Chinese government to engage in economic espionage and misroute or disrupt U.S. communications. Although China Telecom currently has only an LOA as its mitigation agreement, and presumably could be required to enter into a more comprehensive NSA, the Executive Branch explicitly rejected the transition to an NSA based on China Telecom being deemed “an untrustworthy and unwilling partner” in its current LOA. Unlike other Executive Branch license revocation recommendations which typically cited to general mitigation agreement noncompliance and, more often, apparent cessation of operations, the China Telecom revocation recommendation identifies numerous and detailed concerns and relies, in part, on information obtained under the Foreign Intelligence Surveillance Act. Similarly, on Friday the Commission issued show cause orders to China Telecom Americas, China Unicom Americas, Pacific Networks, and ComNet giving them thirty days to show cause why their FCC licenses should not be revoked. The show cause orders cite to Team Telecom’s China Telecom revocation recommendation when noting that, as entities ultimately owned or controlled by the Chinese government-owned entities, the four FCC licensees would be vulnerab[le] . . . to the exploitation, influence, and control of the Chinese government.” Although the show cause orders were issued on the Commission’s own motion, the FCC’s action undoubtedly is related to the EO’s review of existing licensees for national security and law enforcement concerns. In light of the national security concerns the Executive Branch outlined in the China Telecom recommendation, the FCC’s show cause orders to China Telecom Americas, China Unicom Americas, Pacific Networks, and ComNet, and the similar concerns regarding Huawei and ZTE equipment, we anticipate the Committee similarly will be proactive in revisiting any licensees that may raise national security concerns.

Key Takeaways

The EO provides some clarity regarding the Referred Application review process and timeframe but many uncertainties remain, including just how long the process will begin after the application is referred.

Applicants contemplating transactions or new FCC licensing that will involve a Referred Application will benefit from a clearly defined review timeframe, once triage is “complete,” but also may face different, and potentially more stringent, mitigation obligations.

Current FCC licensees, whether parties to mitigation agreements or not bound by such agreements, may have their communications operations reviewed for national security concerns and the licensee could be subjected to new or revised mitigation requirements.

* * *

The information collection is mandatory for all entities that were ETCs as of December 31, 2019, and includes the ETC’s subsidiaries and affiliates. The information filings, which must be submitted via the FCC’s online filing portal, are due by April 22, 2020.

As we explained previously, the FCC’s 2019 Report and Order, Further Notice of Proposed Rulemaking, and Order (“2019 Order”) adopted rules prohibiting carriers from using USF support to purchase equipment or services from entities designated as national security threats. Huawei and ZTE were initially identified as national security threats with a potential formal designation to follow after review by the FCC’s Public Safety and Homeland Security Bureau. The 2019 Order also sought comment on proposals requiring ETCs to remove and replace Huawei and ZTE equipment and services and on a potential reimbursement fund to aid with such removal and replacement costs.

The Public Notice notes that the Huawei and ZTE initial national security threat designations may become final this spring. Accordingly, the ETC information collection is intended to provide information regarding the extent of ETC use of Huawei and ZTE equipment and the potential replacement costs should the FCC decide to require removal and replacement of such equipment and services. Among other information, ETCs must report, for themselves and any subsidiaries or affiliates, the costs of purchasing and installing Huawei or ZTE equipment in various network categories such as Access Layer Equipment, Core Layer Equipment, and Services.

The information collection is mandatory only for ETCs, their affiliates and subsidiaries, and ETCs must affirmatively state if they are not using Huawei or ZTE services or equipment. Filing is voluntary, but encouraged, for other entities, such as those with pending ETC designation applications, those considering seeking ETC designation, and USF recipients that are not designated as ETCs.

First, the Order adopts rules prohibiting the use of USF support to purchase services and equipment from “Covered Companies” deemed to present national security threats and initially designates Huawei and ZTE as Covered Companies. Second, the Further Notice of Proposed Rulemaking (“FNPRM”) solicits comments on a proposal to require eligible telecommunications carriers (“ETCs”) – and possibly all communications providers – to remove and replace Huawei and ZTE services and equipment subject to the FCC establishing a reimbursement program providing financial assistance. Third, the Order establishes an information collection and requires ETCs to submit information regarding their use of Huawei and ZTE equipment and services as well as the costs associated with removing and replacing such services and equipment from communications networks.

The new rules will take effect immediately upon publication in the Federal Register rather than providing the standard thirty-day post-publication waiting period. Federal Register publication of the Order also initiates a thirty-day comment period regarding the initial designations of Huawei and ZTE. The Public Safety Homeland and Security Bureau will issue a “final designation” on Huawei and ZTE – we fully expect that Huawei and ZTE will be designated as Covered Companies – and set a compliance effective date. In light of the potentially short timeframe before the rules and compliance requirements take effect, USF support recipients should be sure to review the Order/FNPRM carefully and assess whether and how the rules will affect the recipient’s specific circumstances.

A Focus on China

Pulling no punches, the FCC made clear its concern about the potential for the Chinese government to engage in industrial and economic espionage and other malicious acts by exploiting Huawei’s and ZTE’s access to U.S. communications networks. Chairman Pai (here and here), Commissioner O’Rielly, and Commissioner Starks, among others, have spoken out regarding the need to protect U.S. communications networks from security threats. Prohibiting USF recipients from using USF support for Huawei and ZTE services and equipment was an easily foreseeable next step.

While the Order received unanimous support from the FCC, Commissioner O’Rielly expressed some reservation regarding the likely significant equipment replacement costs and advocated for a process to challenge future designations of Covered Companies should there be concern that a designation was mistaken. Interestingly, and suggesting the FCC anticipates that the Order will be appealed, the Order appears to methodically respond to Huawei arguments and provide further support for the FCC’s decision.

We highlight below a few of the key takeaways from the Order.

The Order – USF Support Usage Prohibitions

First, the USF support use prohibitions are broad. The new rules prohibit USF support recipients from using USF support to “purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services [including software] provided or manufactured by a covered company.” The FCC defines a “Covered Company” as including not only the particular company at issue but also the company’s affiliates, subsidiaries, and parents. Consequently, USF support recipients will need to understand a Covered Company’s “family” of companies to avoid inadvertently violating the FCC’s rules.

The rules do not bar USF support recipients from using Covered Company services and equipment, although, in practice, the restrictions may have that effect. While the FCC appears to prefer that Covered Company services and equipment not be used at all, the rules are based on the FCC’s authority over the USF program and, therefore, the restrictions are limited to the use of USF support. USF support recipients are permitted to use Covered Company services and equipment but must self-fund purchases, including ongoing maintenance for existing services and equipment. USF support recipients will need to assess whether they are able to completely self-fund ongoing Covered Company equipment and service maintenance, upgrades, etc. or if they will need to replace the services and equipment.

Second, USF support recipients may find compliance with the new rules challenging. For example, the Order dismisses concerns about compliance difficulties where USF support recipients are unaware that their underlying providers are reselling, such as under “white labeling” arrangements, the services and equipment of Covered Companies. Parties to multiyear contracts for Covered Company services and equipment also could face difficulties because, although the rules apply prospectively only, such contracts are not exempted from the new rules, potentially exposing USF support recipients to early termination or other contract modification costs.

Third, USF support recipients will be required to certify compliance with the new rules once the Wireline Competition Bureau (“WCB”) and USAC develop the specific certifications and information collection revisions for the USF programs. USAC audits will be used to confirm compliance and, unless the WCB or USAC provide guidance on acceptable compliance support, USF support recipients will need to consider what records may best support compliance should they be audited. USAC will seek recovery from the entity that violated the rule, potentially including entities such as schools, healthcare providers, or consortiums, rather than a service provider.

The FNPRM – Potential Replacement and Reimbursement of Covered Company Equipment

The FNPRM seeks comment on a wide range of questions related to removing and replacing Covered Company services and equipment from U.S. telecommunications networks. While the initial draft of the FNPRM limited the removal and replacement proposals to ETCs, the final FNPRM takes a much broader approach. The FCC now questions whether the prohibition on the purchase, maintenance, improvement, etc. of Covered Company services and equipment, as well as the remove and replace requirement, should extend to all communications companies, not just those receiving USF support.

The FNPRM proposes conditioning future USF support on an ETC’s agreement not to use Covered Company services and equipment and requiring such services and equipment be removed and replaced, contingent on the FCC’s establishment of a reimbursement fund to aid ETCs with costs of complying with the changes. The FNPRM seeks comment on a variety of issues related to this proposal, including, but not limited to, the scope of the remove and replace requirement, what costs should be reimbursed, who should be eligible for reimbursement, and the timing of compliance with the proposal. Carriers should note that the FCC also seeks comment on whether Huawei and ZTE handsets should be prohibited even though not supported by the USF program.

The FNPRM also seeks comment on the scope, as well as the authority for, a possible expansion of the Covered Company services and equipment remove and replace requirement to all communications networks. The FNPRM also queries how the FCC should treat entities such as interconnected VoIP providers and facilities-based ISPs for purposes of the proposed service and equipment prohibitions.

ETC Information Collection

The final component of the Order requires an information collection to determine the scope of Huawei and ZTE services and equipment currently in use on ETC networks and the cost of removing and replacing the equipment. The information collection is mandatory for ETCs, including their affiliates and subsidiaries, and ETCs should be prepared for the information collection to proceed quickly as the FCC directed the WCB to request emergency collection approval from the Office of Management and Budget if necessary. While not required, USF recipients that are not ETCs voluntarily may participate in the information collection, particularly should they have pending ETC applications or intend to seek ETC designation in the future.

Kelley Drye will be following these rules and proceedings so check back for further updates.

The German Federal Network Agency, Bundesnetzagentur (BNetzA), recently launched a final public consultation on its new draft Catalogue on security requirements for telecommunications service providers and operators of public telecommunications networks. The draft is revamped significantly, but follows the same vein as its predecessors to prevent disruptions and manage security risks, by requiring providers and operators to implement technical security measures and safeguards for operating telecommunications and data processing systems. The deadline for comments on this version 2.0 of the Catalogue is 13 November 2019, but the BNetzA is unlikely to make fundamental changes at this late stage. Consequently, stakeholders should consider the draft as a reliable indicator of the official version, and assess how to best satisfy the requirements.

The Catalogue will have the authority of soft law once published, because its content constitutes recommendations that the BNetzA inferred from law. Deviation from the Catalogue therefore is an option. However, any divergence will have to be necessary and reasonably justified, as audits on security measures will use it as a benchmark.

The following non-exhaustive list provides details of the expected additional security requirements:

• Network traffic must be constantly monitored for any abnormality and, if there is any cause for concern, appropriate protection measures must be taken (e.g. network traffic stopped, traffic to the source of interference restricted or stopped). The detection measures must be state-of-the-art.
• Security-related network and system components (critical key components) may only be used if they have undergone IT security checks by a Federal Office of IT Security, Bundesamt für Sicherheit in der Informationstechnik (BSI), approved testing body and have been certified by the BSI. Critical key components may only be sourced from those suppliers/manufacturers that can provide assurance of their trustworthiness in an appropriate manner. This obligation applies to the entire supply chain and is a requirement for the necessary certification of components. These requirements will be set out in more detail in the Catalogue. The underlying standards will be published by the BSI in consultation with the BNetzA. The competent ministries are drawing up appropriate legal safeguards, notably as part of the ongoing major amendments to the German Telecommunications Act, to ensure the binding nature of the requirements and to secure specific requirements legally and unambiguously, such as the duty of certification.
• The network and system components that are security-related (critical key components) will be determined by the BSI and BNetzA by mutual agreement (when drawing up the Catalogue).
• Security-related network and system components (critical key components) may only be used following an appropriate acceptance test upon supply and must be subjected to regular security tests. If any deviations from the service specifications of the network operator or provider arise during the tests, these deviations must be documented and undergo a risk treatment process. Any measures taken to minimise risks from deviations that could have a significant impact on telecommunications networks and services must be notified to the BNetzA and the BSI without undue delay.
• ,Only trained professionals with in-depth knowledge of systems may be employed for the assessment of risks and protection measures in security-related areas. A sufficient number of such professionals must be kept available.
• Proof must be provided that the hardware tested for the selected, security-related components and the source code at the end of the supply chain are actually deployed in the products used.
• When planning and building the network, sufficient diversity must be ensured by using network and system components from different manufacturers. This requirement will be defined by the BNetzA and could vary between different networks, for example, between the core and access networks.
• Where system-related processes are outsourced, the network operator and provider must ensure that independent, professionally competent and reliable contractors are selected and that compliance with statutory requirements remains guaranteed. The network operator and provider must provide evidence of this.
• Adequate redundancy must be available for critical, security-related network and system components (critical key components). A list of particularly critical network components is being drawn up in this regard (e.g. home location register, core network, backbone, porting server).
• When implementing the security requirements, national security regulations and regulations for the secrecy of telecommunications and for data privacy protection must be met.

There currently is not an English text available. The German text can be found here.