Most provisions of the decision will become effective on July 22, 2024. However, in the publication, the FCC noted two specific rule changes that would be “delayed indefinitely.” The first is the amended “transparency” rule, which requires BIAS providers to make certain disclosures on their websites regarding network management practices, performance, and commercial terms of their services. The second is a non-substantive reorganization within the broadband label rule. Until the specific effective date(s) for these changes is announced, the current iterations of these two rule provisions will remain in place.

Please contact your regular Kelley Drye attorney or any member of the Communications practice group if you have questions about these changes.

The Chairwoman’s proposal is significant because it signals a potentially more active FCC in consumer protection as the Democrats solidify control of the agency following the Presidential transition and Chairwoman Rosenworcel’s elevation from Acting Chair to Chair. The scope of the proposal appears to be fairly narrow (based on the limited information currently available) but represents the second CPNI-related action proposed in the past three months. Once a fifth commissioner is confirmed, Chairwoman Rosenworcel may be able to press a broader consumer protection agenda for the agency.

At this time, little is known of the draft NPRM, because the draft of the proposal has not been released. The press release provides the best indication of what we can expect to see in the proceeding, if and when it is adopted. The FCC’s announcement explains that the proposal will:

• Eliminate the current seven business day mandatory waiting period for notifying customers of a breach;
• Require notification of inadvertent breaches; and
• Require carriers to notify the FCC of all reportable breaches, in addition to the FBI and U.S. Secret Service.

The move to update the CPNI rules may be motivated in part by T-Mobile's August 2021 disclosure that names, Social Security numbers, and other personal information belonging to more than 48 million current, former, and prospective customers had been compromised.

With the Commission still evenly split while awaiting confirmation of a third Democratic commissioner, Chairwoman Rosenworcel will need the support of at least one of the two Republican commissioners to adopt the NPRM. The proposed changes may be innocuous enough to garner such support.

The NPRM comes on the heels of an FCC proposal in October 2021 to update the CPNI rules to address SIM swap and port-out fraud, which did garner support from the Republican commissioners. The FCC also has yet to take final action on the Notices of Apparent Liability it issued to major wireless carriers in March 2020 proposing over $200 million in fines for allegedly selling access to their customers’ location information in violation of the CPNI rules. Together, these three actions signal that the FCC may be renewing its focus on privacy issues in telecommunications. In 2017, Congress used the Congressional Review Act to rescind the Commission’s 2016 broadband privacy rules. That action restricts the FCC’s ability to adopt substantially similar rules if it reclassifies broadband providers back to Title II telecommunications services.

The panel discussion is on “How the FTC is Filling the Federal Privacy Law Void”. The event will cover a number of policy issues, including the recently released FTC report on the data collection and use practices of Internet Service Providers (“ISPs”).

Click here for more information and to register for this virtual event.

Click here to learn more and register.

What the FTC will do with the staff report is less clear. The Commission voted unanimously to release the report, which does not make any specific policy recommendations. Members of the Commission, however, drew their own conclusions and articulated starkly different outlooks on the report’s implications. Chair Lina Khan and Commissioner Rebecca Kelly Slaughter declared that the FCC should play a leading role in overseeing ISPs’ data practices, citing the FCC’s industry expertise and legal authority. Commissioner Christine Wilson, however, stated that “oversight of ISPs for privacy and data security issues should remain at the FTC.” ISPs’ data practices – and the broader question of whether the FCC should reclassify broadband service back to a Title II telecommunications service and re-impose strict broadband privacy rules – are likely to be prominent issues as the Biden FCC takes shape in the months ahead.

The FTC Staff Report’s Findings

The staff report is based on information the FTC obtained from the country’s six largest ISPs and three of their adtech companies. The FTC compelled the companies to provide information about their data collection and use practices through orders issued under FTC Act Section 6(b) in March and August of 2019. While this group of ISPs “represents a broad swath of the internet services offered” to U.S. consumers, their practices are not necessarily representative of ISPs in general.

The staff report raises several concerns about ISPs’ practices, beyond generally equating ISPs with large advertising platforms, which include the following examples.

• Scope and Scale of Data Collection. The staff report finds that “many” of the ISPs in the FTC’s study “have access to 100% of consumers’ unencrypted internet traffic,” potentially allowing the ISPs to obtain information about sensitive web browsing behavior. In addition, FTC staff determined that several ISPs in the study collect and use potentially sensitive, real-time location information for advertising. They are also collecting customer information from other products and services they offer—such as voice, content, smart devices, advertising, and analytics—as well as purchasing information about consumers from data brokers. According to the report, several ISPs combine data from across their product lines, though the report did not reach a conclusion about how extensively ISPs combine this data.
• Opacity and Consumer Choices. The staff report concludes that ISPs collect and use personal data more extensively than consumers expect, do not provide clear disclosures about their practices, and generally provide opt-out choices that are difficult to use.
• Potential Consumer Harm. Finally, FTC staff conclude that some of the practices observed among these ISPs could cause harm to consumers. These practices include combining data from distinct services (e.g., video, web browsing, location, and connected devices) in a manner that consumers do not expect, as well as enabling third-party data uses that could harm consumers (e.g., targeting ads in a discriminatory manner, or making location data available to third parties “without reasonable protections”).

The unanimous vote to approve and issue the FTC staff report—an increasingly rare instance of bipartisan agreement on a major issue—does not necessarily signal consensus on further steps the FTC should take on the basis of the report. Chair Khan’s remarks highlight ISPs’ practices as an example of more general problems with the privacy framework the FTC was instrumental in establishing. In her view, the report’s findings “underscore deficiencies of the ‘notice-and-consent’ framework for privacy” and that “[a] new paradigm that moves beyond procedural requirements and instead considers substantive limits increasingly seems worth considering.”

Commissioner Slaughter expressed similar sentiments in her remarks, echoing some of her previous statements calling for “clear rules on data abuses” in general, and FCC-led regulation of ISPs, specifically.

The ISP disclosure practices described by the FTC staff report are subject to the FCC’s Transparency Rule. In 2017, although the Trump FCC classified commercial ISP services as subject to FTC jurisdiction, the FCC retained a transparency rule that, among other things, requires disclosure of “accurate information” regarding commercial terms of broadband internet access services. The FCC stated that disclosure of “commercial terms” included disclosure of information collection practices and privacy policies. If ISPs failed to adequately disclose their practices, as alleged in the FTC Report, the FCC retains jurisdiction to enforce that failure to comply with the transparency rule.

Further oversight by the FTC may not be necessary in the long term if oversight of ISP data practices is moved back under the FCC’s jurisdiction, and they once again become subject to Section 222 of the Communications Act. That statute places privacy restrictions on the use of customer proprietary network information ("CPNI") by telecommunications service providers. (The Obama FCC reclassified broadband as a telecommunications service under Title II of the Communications Act and imposed net neutrality regulations as well as broadband privacy rules. The Trump FCC largely reversed the net neutrality rules, and Congress nullified the broadband privacy rules.)

Commissioner Slaughter and Chair Khan may get their wish to have the FCC jump back into the fray. The White House announced on October 26 that President Biden will nominate Jessica Rosenworcel for another term as FCC Commissioner (and named her as the permanent FCC Chair) and Gigi Sohn as the third Democratic commissioner. Both Rosenworcel and current Democratic Commissioner Geoffrey Starks have expressed support for reclassifying broadband back to Title II, and Sohn was instrumental in orchestrating Title II reclassification in 2015 under former FCC Chairman Tom Wheeler. While Title II reclassification would subject ISPs to Section 222 of the Communications Act, the FCC’s authority to create broadband-specific rules remains unclear because Congress’ repeal of the FCC’s 2016 broadband privacy rules under the Congressional Review Act prohibits the agency from adopting substantially similar rules.

In the meantime, ISPs should be prepared to entertain further oversight activity by the FTC or potential FCC examination of the adequacy of ISP disclosures under its transparency rule.

The Commission’s consumer protection action arises from numerous complaints from consumers who have suffered harm as a result of these practices, and from concerns that consumers are vulnerable to these acts because wireless carriers have not implemented adequate protocols to verify that SIM swap and port-out fraud requests. To mitigate them, the agency suggests revisions to its Customer Proprietary Network Information ("CPNI") and Local Number Portability ("LNP") rules.

Proposed CPNI Rule Revisions to Combat SIM Swapping

Although narrowly-tailored, specifically covering the account information, call detail information, and billing information that voice service providers collect from their subscribers, the FCC’s CPNI rules are among the most robust consumer privacy protections in the technology sector. The rules require voice providers to secure opt-in or opt-out consent for certain uses and disclosure of CPNI, to establish policies and procedures to discover and prevent unauthorized access to CPNI by third parties, to notify customers when certain account changes are made, and to notify law enforcement and customers when a breach of CPNI has occurred. Many of these rules were adopted or strengthened in 2007, when the FCC took action against another practice designed to gain unauthorized access known as “pretexting.”

To reduce the incidence of SIM swap fraud, the NPRM proposes to modify the CPNI rules to prohibit wireless carriers from effectuating a SIM swap unless the carrier uses a secure method of authenticating the customer. As its primary proposal, the FCC puts forth four secure authentication methods that are already familiar to consumers: (1) a pre-established password; (2) a one-time passcode sent via text message to the account phone number or a pre-registered backup number; (3) a one-time passcode sent via e-mail to the e-mail address associated with the account; or (4) a passcode sent using a voice call to the account phone number or a preregistered back-up telephone number.

The FCC also offers two alternative approaches to give carriers flexibility to adopt new and better authentication methods as they are developed and in the event the proposed methods become less secure over time. First, the NPRM asks if the FCC should simply require carriers to adopt “heightened authentication measures” for SIM swap requests, which would allow them to choose from any secure authentication methods available at the time. Second, the NPRM asks whether the FCC should require carriers to comply with the NIST Digital Identity Guidelines, which provide technical requirements for federal agencies “implementing digital identity services” with a focus on authentication—these guidelines are updated regularly in response to changes in technology.

Beyond the authentication methods, the NPRM also seeks comment on other protections to prevent unauthorized SIM swaps. For example, it asks what procedures carriers should be required to adopt in the event there are several failed authentication attempts, whether customers should be notified of requests for SIM changes, and whether SIM swaps should be delayed pending notification or verification from the affected customer. It also suggests that customers be able to disable SIM changes by phone or online and that customers be notified of SIM swap protection methods annually. In addition, the NPRM asks whether the FCC should impose customer service, training, and transparency requirements specifically focused on preventing SIM swap fraud.

Proposed LNP Rule Revisions to Combat Port-Out Fraud

The FCC’s LNP rules allow consumers to retain their phone numbers when switching telecommunications service providers by requiring providers to port phone numbers to a customer’s new carrier upon request. While the FCC has codified requirements for providers to validate requests for wireline-to-wireline and intermodal porting, it has only provided guidance for wireless-to-wireless requests based on common industry practices. Specifically, for wireless-to-wireless port-out requests, the guidance suggests that providers validate requests using telephone number, account number, and ZIP code, as well as a customer passcode, if established by the customer.

In proposing rules to prevent port-out fraud, the FCC is seeking to balance the need to protect consumers from the fraudulent practice with its goals under the LNP rules—namely, ensuring that port-out requests are processed and done so in a timely manner, thereby promoting competition among providers by enabling consumers to choose a carrier that best suits their needs. In striking this balance, the NPRM proposes to modify the LNP rules to require that wireless carriers notify customers through a text message or push notification when a port-out request is received so that customers can take steps to stop unauthorized requests. But it also asks if the FCC should go a step further and require customer verification or acknowledgement of the notification.

The NPRM also asks for comment on several additional items to prevent port-out fraud. For instance, it asks whether other methods currently used by providers are effective in preventing the practice and should be imposed on other carriers. It also proposes codifying the four types of information carriers must use to validate wireless-to-wireless port-out requests. Finally, the NPRM asks what, if any, effect its proposed rules would have on timing of port-out requests and competition.

Wireless providers who are interested in informing the FCC’s decisions regarding changes to its CPNI and LPN rules can file initial comments on November 15, 2021 and reply comments on December 14, 2021.

Click here to listen to this episode.

To start, here is the first resolution we suggested for the industry:

Resolution for Voice Service Providers: Resolve to reduce illegal robocalls. Voice service providers long have supported the FCC’s ongoing efforts to target bad actors sending illegal and fraudulent robocalls, but in 2021, each carrier should resolve to do its part individually in the battle to stop illegal calls. All voice service providers must implement the STIR/SHAKEN call authentication framework by June 30, 2021 and should develop an effective robocall mitigation program to prevent their customers from originating illegal robocalls. These changes are necessary to stay on the right side of the anti-robocall battle. Each voice service provider should resolve to make reducing illegal robocalls a top priority.

Background: 2020 marked a turning point in the number of requirements that voice service providers have in the battle against illegal robocalls. These include:

• STIR/SHAKEN Implementation Mandate

STIR/SHAKEN is an industry-developed framework designed to allow communications service providers to distinguish legitimate calls from illegally spoofed calls so that they can take steps to mitigate the illegal calls. STIR/SHAKEN utilizes an encrypted authentication and verification process that establishes a chain of trust between the calling party and the called party. In March 2020, the FCC required “voice service providers” (including intermediate providers) to implement STIR/SHAKEN in the IP portions of their network by June 30, 2021, while in October creating with some exceptions, most notably for small carriers (fewer than 100,000 voice lines), who receive a two-year extension of the deadline.

• Call Blocking Order

On December 30, the FCC released an Order requiring voice service providers to meet certain affirmative obligations and to better police their networks against illegal calls. These requirements include an obligation to notify callers when calls are blocked, to provide customers upon request with a list of calls that were blocked, and to implement processes for addressing claims that calls were improperly blocked. Further, regardless of whether a provider blocks calls, every provider has certain obligations to “prevent and avoid” originating illegal robocalls, including an obligation to conduct due diligence on new and renewing customers.

• Reassigned number database deadline

On February 8, the FCC announced via Public Notice the compliance date for the remaining rule requiring service providers to report information to the Reassigned Numbers Database Administrator. Beginning April 15, 2021 and recurring on the 15th day of each month thereafter, service providers must report permanent disconnections of their subscribers.

• Development and submission of Robocall Mitigation Plans

The FCC will soon require voice service providers that have not fully implemented STIR/SHAKEN in their networks to submit a Robocall Mitigation Plan detailing their efforts to prevent and avoid originating illegal robocalls. A provider must include three things in its robocall mitigation program:

• • the provider must take reasonable steps to avoid originating illegal robocall traffic (the FCC recommends the use of reasonable analytics);
  • the provider must commit to respond to requests from the Industry Traceback Group to trace suspect calls for mitigation efforts; and
  • the provider must cooperate in investigating and stopping any illegal robocallers (meaning that the provider must block calls or callers that are believed to be illegal).

Keeping the Resolution

So how can a voice service provider keep this resolution? We have several suggestions.

First, if it has not already begun the work, a provider should begin ASAP to implement STIR/SHAKEN in the IP portions of its network. For the time being, implementation requires a provider to have direct access to telephone numbers or else it cannot obtain an SPC token from the STIR/SHAKEN Governance Authority. (Sometime later in the year, merely filing a Robocall Mitigation Plan will be sufficient.) Those that have direct access to numbers should obtain their token authority and obtain a technological solution for implementing STIR/SHAKEN. Those that do not, including resellers, should work with their underlying carriers to determine how STIR/SHAKEN will be implemented and, most importantly, what attestation level will be assigned to the provider’s outbound calls.

Second, every provider should begin to develop its Robocall Mitigation Plan. These plans will be highly individualized, depending on the service provider’s customer base, technologies, and position in the call flow. Nevertheless, we expect the FCC to hold providers to their stated plans, so both an insufficient plan and an overly ambitious plan pose risks to the service provider. KDW is working with several providers already to develop their plans.

Third, service providers must develop compliance mechanisms to address the new anti-robocall obligations that have been implemented. These include processes for receiving and promptly responding to Industry Traceback Group requests, processes for responding to Enforcement Bureau notices of customers that are violating the robocall rules, and “know your customer” due diligence when provisioning or renewing service to a customer. Finally, compliance will also include reporting service reassignments to fuel the FCC’s new Reassigned Number Database. These are not the only requirements that will be adopted, so we recommend that a service provider implement a process for receiving compliance updates regularly as well.

2021 will be a big year for anti-robocall efforts. Voice service providers will want to keep this resolution in order to stay on the right side of the illegal robocall battle.

Follow the Communications group for ongoing coverage of TCPA/Robocall news, including:

• Kelley Drye at the 2021 INCOMPAS Policy Summit On February 9, Partner Steve Augustino moderated a two-part Robocall Compliance panel at the 2021 INCOMPAS Summit. Watch both panels here.
• Effectively Mitigating Illegal Robocalls: What Service Providers Need to Do On March 3, join Partner Steve Augustino for a Telestrategies webinar that will help service providers understand the STIR/SHAKEN framework, informing service providers of their new obligations, how to respond to investigation requests, and how to develop an effective robocall mitigation program.
• TCPA Tracker The TCPA Tracker Newsletter is produced as a collaborative effort between Kelley Drye’s Litigation, Advertising/Privacy, and Communications practices to help you stay current on TCPA (and related) matters, including case developments, and provide an updated comprehensive summary of TCPA petitions pending before the FCC. Subscribe here.
• Kelley Drye’s Full Spectrum Kelley Drye’s Full Spectrum podcast features smart, informative conversations about the latest issues in the technology, telecommunications, and media industries. Bringing together thought leaders in business, government, and enterprise, Full Spectrum offers an in-depth exploration of current legal, regulatory, and business issues. Our “Inside the TCPA” series offers a deeper focus on TCPA issues and petitions pending before the FCC.

See below for recordings of both sessions:

FCC Panel

Industry Panel

Question Presented

The Supreme Court granted review of the question: “Whether the definition of ATDS in the TCPA encompasses any device that can “store” and “automatically dial” telephone numbers, even if the device does not “us[e] a random or sequential generator”?”

Six Circuits have previously answered the question. The Second, Sixth and Ninth held that a predictive dialer or system that dials from a stored list can qualify as an ATDS under the TCPA. The Third, Seventh, and Eleventh require that technology must have the capacity to generate random or sequential telephone numbers to qualify as an ATDS. The Seventh Circuit decision, Gadelhak v. AT&T Services, Inc., was penned by then-Judge Barrett, who participated in today’s argument. In addition, the D.C. Circuit’s 2018 remand in ACA International v. FCC questioned whether a broad reading of ATDS was lawful.

This case arises out of the Ninth Circuit’s broad approach to the definition of an automatic telephone dialing system under the TCPA.

Procedural History

The controversy comes before the Supreme Court on the basis of text messages that plaintiff Duguid allegedly received from Facebook in 2005. Duguid alleged that Facebook had violated the TCPA by maintaining a database of numbers on its computer and transmitting text message alerts to selected numbers from its database using an automated protocol. Facebook filed a motion to dismiss, arguing that Duguid had failed to plead the use of an ATDS. The district court held that the ATDS allegations were insufficient because they “strongly suggested direct targeting rather than random or sequential dialing” and dismissed the case. Soon after, the Ninth Circuit issued its decision in Marks v. Crunch San Diego, holding that an ATDS definition includes devices with the capacity to store numbers and to dial numbers automatically. Duguid appealed the prior dismissal of his claims and, applying Marks, the Ninth Circuit reversed. Facebook asked the Supreme Court to review the Ninth Circuit’s decision.

Briefing

Duguid, Facebook, and the United States have fully briefed the issue. Duguid argues for a broad definition of ATDS based on the statutory text and two canons of construction, the distributive-phrasing canon and last-antecedent canon, that he alleges show the adverbial phrase “using a random or sequential number generator” modifies the verb “to produce” but not the verb “to store.” Facebook, on the other hand, posits that the statutory language “using a random or sequential number generator” is an adverbial phrase that modifies both the verbs “store” and “produce.” Under that approach, the statutory text limits the definition of an ATDS to technology that uses a random- or sequential-number-generator. The United States filed a brief agreeing with Facebook that the plain text of the TCPA limits the definition of an ATDS to random- or sequential-number-generators. The government’s grammatical analysis focuses on the comma that precedes the adverbial phrase, pointing to past Supreme Court decisions and canons of statutory interpretation that advise such a comma is evidence that the phrase is meant to modify all antecedents (in this case, both the verbs “store” and “produce”).

Oral Argument

Argument in the case went over the scheduled hour by about 20 minutes. Facebook and the United States split the first 30 minutes and Duguid took the remaining time, excluding Facebook’s brief rebuttal. While oral argument does not always foretell the Court’s decision, certain trends developed.

• Grammatical Construction: A majority of Justices seemed to agree that Facebook and the United States had a stronger grammatical reading of the statute, but struggled with both the awkwardness of the construction, and the surplusage problem that their interpretation creates.
  • Justice Alito, for example, asked both Facebook and the United States whether it made sense to talk about random or sequential number generators as a device that can “store” numbers, wondering if their interpretation rendered the verb “store” superfluous. In response, the United States suggested that Congress was likely taking a “belt-and-suspenders” approach to drafting.
  • The Chief Justice, noting that most speakers do not resort to statutory canons of interpretation to understand language, suggested that the “sense” of the provision was more important than its syntax.
  • Justice Kavanaugh repeatedly asked about the different scope of the prohibition on artificial or prerecorded voice calls and “live” calls using an ATDS, as a way to understand the ATDS language.
  • Justice Gorsuch asked Facebook and the United States to address an alternate interpretation, offered by then-Judge Barrett in her decision in Gadelhak, that the clause “using a random or sequential number generator” could modify the phrase “telephone numbers to be called” instead of the verbs “store” and/or “produce.” Both parties asserted this interpretation would lead to their preferred outcome.
• Broader Questions on TCPA Scope: The Justices also pressed the parties on questions unrelated to the grammatical construction the statute.
  • Justice Thomas asked why “text messages” were covered by the TCPA at all, given that the statute’s language only regulates calls and later called the statute an “ill fit” for current technology. Justice Thomas’s question is indicative of a broader concern, shared expressly by Justices Sotomayor, Alito and Kavanaugh, that the TCPA may be ill-suited to regulate technology that looks very different from the technology available in 1991 when the TCPA was passed.
  • Justices Sotomayor, Barrett, Breyer, and Gorsuch each questioned whether the Ninth Circuit’s broad definition of an ATDS would expose all smartphone users to potential liability.
  • Justice Barrett was concerned specifically with the call-forwarding function and seemingly “automated” functions that modern cellphones are equipped with.
  • Duguid seemed unable to provide the Justices with a satisfactory answer on several of the non-grammatical issues and gave conflicting answers concerning the role for, and level of, human interaction necessary to remove technology from the definition of an ATDS.

The Court is expected to issue its ruling by Spring 2021. To learn more about the background of the case, the Circuit Courts’ varying definitions of an ATDS, and the potential implications for the Court’s ruling, consider listening to Kelley Drye litigator and Partner Paul Rosenthal’s preview podcast of Duguid or Kelley Drye’s monthly TCPA Tracker.

Click here to listen to this episode.

Click here to listen to this episode.

This event will present an in-depth discussion of key trends in these reform efforts, including the growing role of consumer data rights, increasing platform regulation, and ongoing debates over the efficacy of enforcement efforts.

Communications Practice Chair John Heitmann, co-chair of the FCBA’s Privacy and Data Security Committee, will moderate the Enforcement session, and host the keynote Q&A with FCC Commissioner Geoffrey Starks.

Click here for more information.

FCC regulatory activity likely will slow in the immediate lead-up to and aftermath of the 2020 general election. As a result, the September agenda may represent the FCC’s last big push on major reforms for the year. You will find more details on the significant September meeting items after the break:

Repurposing 3 GHz Band Spectrum: The draft Report and Order and Further Notice of Proposed Rulemaking would eliminate the non-federal radiolocation and amateur allocations from the 3.30-3.55 GHz band as a first step toward future sharing of the spectrum between federal incumbents and commercial wireless providers. However, the FCC would allow incumbent non-federal licensees to continue in-band operations until it finalizes its plans to reallocate the spectrum operations to below 3.0 GHz. The FCC would propose making 100 megahertz of spectrum in the 3.45-3.55 GHz band available for flexible use wireless service throughout the contiguous United States. To facilitate such wireless operations, the FCC would propose adding a co-primary, non-federal fixed and mobile (except aeronautical mobile) allocation to the band. It would also seek input on the appropriate licensing, auction, spectrum sharing, and technical rules for the band, and on relocation procedures for the non-federal relocation operators.

Commercial Access to the 4.9 GHz Band: The draft Sixth Report and Order and Seventh Further Notice of Proposed Rulemaking would allow one statewide 4.9 GHz band licensee per state to lease some or all of its spectrum rights to third parties, including commercial users. Lessees would be required to comply with the same spectrum coordination procedures as public safety licensees in the band. In addition, the FCC would seek comment on establishing a Band Manager in each state to coordinate and authorize new operations in the 4.9 GHz band. The agency also would request input on how to ensure robust use of the 4.9 GHz band, including through dynamic spectrum sharing technologies and cross-state collaborations.

Implementing STIR/SHAKEN Framework: The draft Second Report and Order would require voice service providers to either upgrade their non-IP networks to IP and implement the STIR/SHAKEN framework or develop a non-IP caller ID authentication solution by June 30, 2021. The FCC would adopt extensions of the June 30, 2021 deadline for: (1) small providers (two-year extension); (2) providers that currently cannot get a digital certificate necessary to implement STIR/SHAKEN because they do not obtain direct access to telephone numbers or other technical issues (indefinite extension); (3) services scheduled for discontinuance (one-year extension); and (4) non-IP network services (indefinite extension). The Commission would require all providers subject to an extension to implement a robocall mitigation plan for the parts of their networks where STIR/SHAKEN is not implemented and certify that they implemented such mitigation measures with the FCC. Moreover, the FCC would require intermediate providers to either pass along caller ID authentication information for authenticated calls or authenticate the caller ID information for unauthenticated calls they receive by June 30, 2021. Intermediate providers would be relieved of the independent authentication requirement if they register with the industry traceback consortium or respond to all traceback consortium information requests. Finally, the FCC would prohibit providers from adding line item charges to subscribers for providing caller ID authentication.

Streamlining Foreign Ownership Reviews: The draft Report and Order would establish rules and timeframes for the Committee for the Assessment of Foreign Participation in the United States Telecommunications Service Sector (Committee) to complete its review of certain applications posing potential foreign ownership concerns (i.e., the applicant has a 10% or greater direct or indirect foreign investor). Specifically, the Committee would be required to complete its initial application review within 120 days and, if necessary, its supplemental application review within 90 days. Affected applicants would be required to provide responses to a standardized set of national security and law enforcement questions regarding: (1) corporate structure and shareholder information; (2) relationships with foreign entities; (3) financial condition; (4) compliance with applicable laws and regulations; and (5) business and operational information. The standardized questions would be developed in a subsequent proceeding following public notice and comment. The new rules would apply to applications: (1) for international Section 214 authorizations or to assign/transfer control of such authorizations; (2) for submarine cable landing licenses or to assign/transfer control of such licenses; and (3) to exceed the foreign ownership limits under Section 310(b) of the Communications Act.

Reforming IP CTS Rates and Standards: The draft Report and Order, Order on Reconsideration, and Further Notice of Proposed Rulemaking would establish a compensation rate of $1.30/minute for IP CTS providers through a two-step transition process. The first step would transition from the current $1.58/minute rate to a $1.42/minute rate for the remainder of fund year 2020-21 (effective December 1, 2020), while the second step would transition the rate to $1.30/minute for fund year 2021-22. The FCC would also propose to adopt service standards for IP CTS captioning delay and accuracy, and seek comment on appropriate metrics. The Commission would request input on appropriate IP CTS service standard testing procedures, including sample size and call methodology. In addition, the FCC would ask whether it or a third-party organization should be responsible for such testing.

Reviewing 911 Fee Diversion: The draft Notice of Inquiry would request input on the effects of 911 fee diversion, specifically from states, on the provision of 911 services and the transition to next-generation 911 services. The FCC also would seek comment on how it can use its regulatory authority to discourage 911 fee diversion, including by conditioning state eligibility for FCC licenses, programs, or other benefits on the absence of fee diversion. The FCC would further ask about measures it can take to discourage fee diversion under the Commission’s authority, and how it can encourage states to pass legislation or adopt rules that would prohibit 911 fee diversion.

If you have any urgent questions, please contact your usual Kelley Drye attorney or any member of the Communications Practice Group. For more information on other aspects of the federal and state response to the COVID-19 pandemic, as well as labor and employment and other issues, please visit Kelley Drye’s COVID-19 Response Resource Center.

FCC Seeks Comment on TCPA Exception for COVID-19 and Flu Vaccine Communications Under “Emergency Purposes” Exception

On September 18, 2020, the FCC’s Consumer and Governmental Affairs Bureau issued a Public Notice seeking comment on a request for clarification filed by the National Association of Chain Drug Stores (“NACDS”). NACDS requests clarification that communications from pharmacies related to COVID-19 vaccines, once available, and flu vaccines during the pandemic fall within the Telephone Consumer Protection Act’s “emergency purposes” exception to the statute’s prior express consent requirement. Comments are due September 25, 2020, and reply comments are due October 2, 2020.

FCC Opens Second Window for 2020 E-Rate Funding Requests

On September 16, 2020, the FCC’s Wireline Competition Bureau (“WCB”) directed the Universal Service Administrative Company (“USAC”) to open a second funding year 2020 filing window, allowing E-Rate program participants to request additional funding to purchase more bandwidth needed to meet the unanticipated and increased demand for e-learning during the pandemic. E-Rate program participants will be permitted to request additional funding for this limited purpose without having to undergo a new competitive bidding process. This window opened on September 21, 2020 with the publication of the Notice in the Federal Register and will close on October 16, 2020.

FCC Extends Inteliquent Waiver of Access Stimulation Rules Through December 1, 2020

On September 17, 2020, the WCB granted Onvoy d/b/a Inteliquent, Inc.’s (“Inteliquent”) second request to renew the temporary waiver of part of the FCC’s access stimulation rules. On June 23, 2020, the WCB granted Inteliquent’s request for renewal of its temporary waiver of certain access stimulation rules until September 1, 2020. Inteliquent requested a limited renewal of the temporary waiver with respect to traffic it terminates in four urban areas to preexisting customers on the basis that its terminating-to-originating traffic ratios in those areas continue to be particularly unbalanced as a result of the “unprecedented amounts of conference platform traffic that Inteliquent is terminating for pre-existing customers Zoom and Cisco Webex to facilitate remote work and other forms of social distancing.” Absent the waiver, Inteliquent would be required to accept financial responsibility for paying certain access charges associated with the traffic.

Inteliquent requested that the waiver be extended until March 1, 2021. However, the FCC only extended the waiver through December 1, 2020, in light of the ongoing uncertainty regarding the pandemic.

FCC Streamlines Financial Hardship Regulatory Fee Payment Request Procedures

On September 4, 2020, the FCC released a Public Notice highlighting streamlined processes for regulatees to request a waiver, fee reduction, deferral, and/or installment payment plan for FY 2020 regulatory fees in light of the pandemic. Waiver and installment plan requests must be filed on or before September 25, 2020. Waiver requests filed after that date will not be dismissed but any unpaid regulatory fees will be assessed the FCC’s 25% late payment penalty and may accrue interest.

FCC Extends E-Rate and RHC Gift Rule Waivers Through December 31, 2020

On September 3, 2020, the WCB extended waivers of the Rural Health Care (“RHC”) and E-Rate program gift rules through December 31, 2020. The FCC previously waived gift rules applicable to both programs to assist rural health care providers and schools and libraries affected by the pandemic by allowing them to accept free upgrades to connections, equipment, and other services. The WCB also waived the previously extended RHC deadline for responding to information requests from USAC through December 31, 2020. These waivers were set to expire on September 30, 2020.

Click here to listen this episode.

Case Background

Allan came before the Sixth Circuit on appeal of the district court’s entry of summary judgment for plaintiffs. Plaintiffs alleged that defendant had placed 353 calls to them using an ATDS after they had each revoked consent. The district court held that defendant’s system qualified as an autodialer. It was undisputed that the system did not randomly or sequentially generate numbers. It would place calls to a daily-created list based on a stored list of a numbers in connection with collection of specific individual’s private education loan debt. By a 2-1 majority, the Sixth Circuit concluded that equipment may be an ATDS if it has the capacity to store numbers to be called, or to produce numbers using a random or sequential number generator, and to dial such numbers.

Majority Opinion

The majority opinion found that the ATDS definition is facially ambiguous. The TCPA defines an ATDS as “equipment which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator” (and the capacity to dial those numbers automatically). The opinion engaged in a grammatical analysis of the statutory text to resolve the definition’s latent ambiguity, which interpretation it then confirmed with reference to relevant statutory and administrative history.

The Sixth Circuit concluded that a predictive dialer or system that dials from a stored list could qualify as an ATDS under the TCPA. The Court relied on the existence of exceptions to help establish the rule. For example, the Court confirmed that the “prior express consent” exception permits calls made using an autodialer if the recipient has given his or her prior express consent to receiving those calls. Thus, it reasoned, “[a]n exception for consented-to calls implies that the autodialer ban otherwise could be interpreted to prohibit consented-to calls. And consented-to calls by their nature are calls made to known persons, i.e., persons whose numbers are stored on a list and were not randomly generated.” Ergo, the Court held that the definition of an ATDS must broadly sweep in stored-number systems and predictive dialers, not just calls to unknown individuals via random or sequential number generation.

Delving into the TCPA’s legislative history, the Court highlighted Congress’s intent to crack down on pervasive and intrusive telemarketing practices. Rather than regulate certain types of technology used to place calls, the TCPA was meant to curb the calls themselves – particularly the near-daily, multiple calls that formed the Allan plaintiffs’ cause of action.

Consistent with every other Circuit to have addressed the issue, the Sixth Circuit reached this decision without administrative guidance, holding that prior guidance from the FCC, including those pre-2015, was invalidated by the D.C. Circuit in its 2018 decision ACA International v. FCC. While some District Courts have relied on those prior FCC orders, the Circuit Courts, with the exception of the Second Circuit, have held that the prior orders were set aside.

Importantly, the Court affirmatively declined to comment on the potential impact of human intervention on dialing because, it found, the defendant failed to present a legal basis for that argument in this case.

Dissent

The dissent disagreed with the majority’s conclusion and methodology, putting forth a third interpretation of the statutory language. Rather than modifying the verbs “store” and/or “produce,” the dissent maintained that the language “using a random of sequential number generator” should be read to modify the entire phrase “telephone numbers to be called.” In the instant case, because the telephone numbers dialed were not generated randomly or sequentially, the dissent would have held that the equipment at issue did not qualify as an ATDS.

The dissent gave four reasons why its interpretation was the “best” reading among the three possible interpretations. First, it does not require a judicial rewrite of the statute as does the definition of an ATDS that includes stored-number systems: even if unartfully drafted, it is grammatically correct. In contrast, the majority’s definition requires a grammatically incorrect reading of the statute. Second, it avoids the problem of superfluity associated with a definition of ATDS that excludes stored-number systems (thereby rendering the term “store” in the statute’s definition surplusage). Third, the dissent concludes that the interpretation is consistent with the FCC’s early orders interpreting the TCPA. The FCC’s early definitions of an ATDS define it “as a device that uses a random or sequential number generator.” And fourth, the dissent argues that Congress’s intent was in fact to curb the use of machines that dialed randomly or sequentially generated numbers, pointing out language from an early congressional hearing to that effect. (KDW note: This argument is similar to the argument made by then-Commissioner Ajit Pai in dissent to the 2015 FCC decision that was overturned in ACA International v. FCC.)

What Comes Next

The Sixth Circuit’s position only further deepens the divide between the Circuits with six, evenly split Circuits having offered their positions. In the short term, the Allan decision expands the definition of an ATDS for callers and litigants in the Sixth Circuit; thus, increasing the potential risks and exposure.

The Allan decision is not likely to have lasting effect, however, because the United States Supreme Court has accepted a case to address the ATDS definition. The Sixth Circuit’s reasoning in Allan closely tracks the Ninth Circuit’s decision in Duguid v. Facebook, 926 F.3d 1146 (9th Cir. 2019). That decision has been accepted for review by the Supreme Court and will be argued in the fall. The resolution of the appeal should settle the question of what is an ATDS, providing (we hope) consumers and businesses alike with clear guidance on permissible autodialing systems.

Interestingly, the defendant in Allan had opposed a motion to stay the pending appeal until the Supreme Court reached a decision in Facebook. With this unhelpful ruling in hand, the defendant in Allen may file its own petition for certiorari, and/or seek further review by the Sixth Circuit en banc.

[1] These circuits stand opposite to the Seventh and Eleventh Circuits, which hold that an ATDS must use a random or sequential number generator. Although the Third Circuit has also weighed in Dominguez v. Yahoo, Inc., 894 F.3d 116 (3d Cir. 2018), the Allan court took the position that it did not expressly construe the definition. “The Third Circuit has not expressly addressed this question, but it did assume (without providing any analysis) that an ATDS must use a random or sequential number generator.” Allan at 5, n.3; but see Dominguez v. Yahoo, Inc., 629 F. App’x 369 (3d Cir. 2015) (considering “the definition of ‘random or sequential’ number generation” and confirming “the phrase refers to the numbers themselves rather than the manner in which they are dialed.”)

The TCPA prohibits telemarketing calls to be placed using an ATDS without the requisite level of prior consent. Thus, the definition of what technology qualifies as an ATDS is often a fundamental, threshold question upon which TCPA litigation turns. Prior to 2015, the FCC had offered various, sometimes vague, interpretations of the term. In 2015, the FCC offered an expansive definition, which was set aside in March 2018 in the ACA International decision. While the issue has been before the FCC on remand for over two years now, courts nevertheless engaged in their own analysis of the statute, resulting in a broadening Circuit split on how the law is interpreted and applied and divergent outcomes based on the court in which the case is filed. Now the Supreme Court is poised (potentially) to resolve that dispute.

DEFINITION OF AN ATDS

Since the March 2018 decision of the Court of Appeals for the D.C. Circuit in ACA International set aside the FCC’s overbroad and expansive definition of an ATDS, two distinct interpretations of an ATDS have emerged. In Marks v. Crunch San Diego, the Ninth Circuit held that any equipment that dials telephone numbers from a stored list qualifies as an ATDS under the TCPA. That expansive approach threatens to encompass ordinary smartphones on the market within the TCPA’s ambit. This approach is also employed by the Second Circuit. In contrast, the Third, Seventh, and Eleventh Circuits have opted for a narrower, more textually honest and logical interpretation, that requires a showing that equipment has the present capacity to generate numbers using randomly or sequentially and dial them. (Arguably, the D.C. Circuit’s decision also called for an interpretation closer to the Third, Seventh and Eleventh Circuit interpretations). District Courts in the remaining Circuits (as well as some where the Circuit Courts have spoken) have generally (but inconsistently) adhered to one of these two approaches. Some of our prior discussions of these issues can be found here and here.

FACEBOOK SEEKS AN END TO TCPA CONFUSION

In Facebook, Inc. v. Noah Duguid, et al, Case No. 19-511 (2020), plaintiff Noah Duguid alleges that defendant Facebook had contacted him via text messages without appropriate levels of consent using an ATDS, as that term is defined under the TCPA. Mr. Duguid is not a Facebook customer and alleges that he received repeated login notification text messages from Facebook. Plaintiff alleges that he never provided the company with his cellphone number, much less prior express written consent to be contacted by text. Plaintiff’s original complaint was filed in the Northern District of California in March 2015 and dismissed without prejudice for failure to properly allege that an ATDS was used to send the texts at issue. In his Amended Complaint, Duguid added factual allegations that Facebook used an ATDS by maintaining a database of numbers on its computer and transmitting text message alerts to selected numbers from its database using an automated protocol.

Facebook again moved to dismiss Duguid’s allegations arguing that the TCPA was unconstitutional and that Duguid failed to plead the use of an ATDS. On February 16, 2017, the District Court granted Facebook’s motion to dismiss, finding the ATDS allegations were insufficient. Because of that finding, the court never reached the constitutional question. The court reasoned that Duguid’s ATDS allegations “strongly suggested direct targeting rather than random or sequential dialing,” which did not indicate the use of an ATDS. Importantly, the District Court rendered its opinion before the Ninth Circuit’s interpretation of the ATDS definition in Marks v. Crunch San Diego in September 2018.

On June 13, 2019, the Ninth Circuit reversed the lower court’s dismissal. Applying the Marks standard, the Ninth Circuit reasoned that Duguid had sufficiently alleged that Facebook used an ATDS by alleging the equipment “had the capacity to store numbers to be called and to dial such numbers automatically.” The Ninth Circuit separately addressed Facebook’s constitutional challenge to the TCPA and agreed that, although the TCPA included content- and speaker-based restrictions on speech, the overall statute could be salvaged by severing what it saw as the most offensive aspect—the government debt exception.

ISSUES BEFORE THE COURT

Facebook appealed and in its petition to the Supreme Court presented both the constitutional challenge and definitional question for review.

On July 6, 2020, the Supreme Court upheld the constitutionality of the TCPA in William P. Barr et al. v. American Association of Political Consultants et al., Case No. 19-631 (2020), thus mooting the constitutional challenge in Facebook’s petition. Our analysis of that decision can be found here.

On July 9, 2020, three days after it released its decision in Barr, the Supreme Court granted certiorari on the following question: Whether the definition of ATDS in the TCPA encompasses any device that can “store” and “automatically dial” telephone numbers, even if the device does not “us[e] a random or sequential generator”?

CONCLUSION

The Supreme Court’s resolution of this circuit split has the potential to forever change business communications by making it more or less difficult for businesses to reach their customers. As noted, a threshold question in TCPA litigation is whether equipment used to originate a call or text is an ATDS. The D.C. Circuit, in remanding the FCC’s 2015 expansive definition, noted that definition’s “eye-popping sweep.” Just how far the 29-year-old TCPA’s definition should reach into modern dialing technology has been a central question in litigation since the D.C. Circuit remand. How the Supreme Court addresses this could affect the methods businesses use to provide notifications and reminders to customers as well as how they obtain new customer and collect debts.

In addition to resolving the question of an ATDS, the Supreme Court’s acceptance of Facebook’s petition has other implications. In the short term, companies and practitioners are likely to see stays across the robust and active TCPA docket as lower courts await direction on this core (often threshold) legal question from the Supreme Court. While the decision in ACA International returned the ATDS definition to the FCC for consideration, the Supreme Court’s grant also makes it less likely that the FCC will take any additional affirmative steps on the definition of an ATDS until the Facebook case is decided.

The Supreme Court’s next term opens on October 5, 2020, and oral argument will be scheduled for a date sometime thereafter. A decision can be expected to be published sometime between the argument and when the terms recesses in late June/July 2021.

Background

When first enacted in 1991, the TCPA prohibited calls placed using an automatic dialer or prerecorded voice with certain, specific exceptions. In 2015, Congress amended the TCPA to permit calls that relate to the collection of debts guaranteed by the U.S. government. That amendment does not permit the use of the same technology for debts guaranteed by private lenders or calls related to other topics, which served as the basis for challenges that the exception rendered the statute unconstitutionally content-based in violation of the First Amendment. In 2019, the Fourth Circuit agreed, finding the exception failed strict scrutiny, was unconstitutional, and should be severed from the TCPA. The government disagreed with the Fourth Circuit’s decision and petitioned the Supreme Court to review the decision. Plaintiffs also filed a cross-petition.

Supreme Court Affirms

In the controlling opinion written by Justice Kavanaugh (joined by Chief Justice Roberts and Justice Alito), relying on Reed v. Town of Gilbert and applying strict scrutiny, the Supreme Court held that the government debt exception to the TCPA was an unconstitutional content based speaker restriction. As a remedy, the majority opted to sever the government debt exception from the TCPA, which leaves the remainder of the TCPA fully operative.

Justice Kavanaugh reasoned that both severability principles and the Communication Act’s severance clause mandated severance in this case. Justice Kavanaugh also reasoned that the remainder of the TCPA survived the constitutional challenge because Congress has a continuing interest in protecting consumer privacy, noting that “[t]he continuing robocall restriction proscribes tens of millions of would-be robocalls that would otherwise occur every day.”

In a short concurrence, Justice Sotomayor argued that the exception should be subjected to intermediate scrutiny; however, she agreed that the exception also did not survive that analysis and therefore should be severed.

In a partial dissent, Justice Breyer (joined by Justices Ginsburg and Kagan) argued that the Supreme Court should have applied intermediate scrutiny because the restriction did not suppress a particular viewpoint or threaten the neutrality of a public forum. Justice Breyer reasoned that the exception survived intermediate scrutiny because the speech related harm of the exception was modest in proportion to the important government goal of protecting the public fisc. Justice Breyer also found that the exception was narrowly tailored because it only applied to the limited categories of calls related to the collection of government debt. For Justice Breyer, strict scrutiny should only apply when a restriction interferes with the marketplace of ideas or interferes with an individual’s right to communicate with the government. With respect to the proper remedy, however, Justice Breyer agreed that severability of the offending exception was appropriate.

In another partial dissent, Justice Gorsuch (joined, in relevant part, by Justice Thomas) attacked the Court’s severability doctrine, including because the application of the doctrine in this instance did not provide the plaintiffs with the relief that they had initially sought. Instead of a remedy which allows for the plaintiffs to speak more freely, severance banned additional speech. For Justice Gorsuch, that result undercuts the purpose of the First Amendment, which is intended to act as a buffer against government restriction of speech, not assist it. Thus, he felt severance was an insufficient response.

Ultimately, 7 Justices agreed that severance of the government debt exception was the proper remedy, while only two (Justices Gorsuch and Thomas) concluded that the entire TCPA should be struck down as an improper content-based restriction.

Impact

Unless a caller was relying upon the government debt exception to avoid liability under the TCPA, this decision does very little to change the status quo on TCPA enforcement and compliance. The opinion did not wade into the contentious definition of an automatic telephone dialing system under the TCPA (which has become the subject of a widening Circuit split). Accordingly, callers should remain vigilant whenever telemarketing and consistently audit their telemarketing procedures to avoid potential liability.