http://www.fcc.gov/eb/Orders/2007/DA-07-1407A1.html
Before the
Federal Communications Commission
Washington, D.C. 20554
)
)
)
In the Matter of ) File No. EB-06-TC-4507
Amp'd Mobile, Inc. ) NAL/Acct. No. 200732170011
Apparent Liability for Forfeiture ) FRN: 0014731822
)
)
)
NOTICE OF APPARENT LIABILITY FOR FORFEITURE
Adopted: March 26, 2007 Released: March 26, 2007
By the Chief, Enforcement Bureau:
I. INTRODUCTION
1. In this Notice of Apparent Liability for Forfeiture ("NAL"), we find
that Amp'd Mobile, Inc. ("Amp'd" or "Amp'd Mobile") apparently violated
section 64.2009(e) of the Commission's rules by failing to provide a
statement accompanying its compliance certificate explaining how its
operating procedures ensure that it is or is not in compliance with the
subpart governing protection and use of customer proprietary network
information ("CPNI"). Protection of CPNI is a fundamental obligation of
all telecommunications carriers as provided by section 222 of the
Communications Act of 1934, as amended ("Communications Act" or "Act").
Based upon our review of the facts and circumstances surrounding this
apparent violation and, in particular, the serious consequences that may
flow from inadequate concern for and protection of CPNI, we propose a
monetary forfeiture of $100,000 against Amp'd for its apparent failure to
comply with section 64.2009(e) of the Commission's rules.
II. BACKGROUND
2. The Enforcement Bureau ("Bureau") has been investigating the adequacy
of procedures implemented by telecommunications carriers to ensure
confidentiality of their subscribers' CPNI, based on concerns regarding
the apparent availability to third parties of sensitive, personal
subscriber information. For example, some companies, known as "data
brokers," have advertised the availability of records of wireless
subscribers' incoming and outgoing telephone calls for a fee. Data brokers
have also advertised the availability of call information that relates to
certain landline toll calls.
3. As part of our inquiry into these issues, the Bureau sent a Letter of
Inquiry ("LOI") to Amp'd on December 11, 2006, directing it to produce the
compliance certificates for the previous five (5) years that it had
prepared pursuant to section 64.2009(e) of the Commission's rules. On
December 18, 2006, Amp'd submitted a document in response to the Bureau's
LOI. The document submitted by Amp'd does not satisfy the requirements set
forth in the rule. Accordingly, we issue this proposed forfeiture.
III. DISCUSSION
4. Section 222 imposes the general duty on all telecommunications carriers
to protect the confidentiality of their subscribers' proprietary
information. The Commission has issued rules implementing section 222 of
the Act. The Commission required carriers to establish and maintain a
system designed to ensure that carriers adequately protected their
subscribers' CPNI. Section 64.2009(e) is one such requirement. Pursuant to
section 64.2009(e):
A telecommunications carrier must have an officer, as an agent of the
carrier, sign a compliance certificate on an annual basis stating that the
officer has personal knowledge that the company has established operating
procedures that are adequate to ensure compliance with the rules in this
subpart. The carrier must provide a statement accompanying the certificate
explaining how its operating procedures ensure that it is or is not in
compliance with the rules in this subpart.
5. Amp'd Mobile's December 18 response to the Bureau's December 11 LOI
consists of a one-page document executed by an Amp'd company
vice-president on February 3, 2006, along with an accompanying letter. The
document states that Amp'd Mobile, Inc.'s operating procedures ensure that
the company is in compliance with Section 222 of the Communications Act of
1934, as amended, and section 64.2009(e) of the Commission's rules. The
document, however, does not contain a statement accompanying the
compliance certificate explaining how its operating procedures ensure that
it is or is not in compliance with the Commission's rules. Accordingly,
Amp'd Mobile, Inc.'s submission, on its face, does not comply with section
64.2009(e) of the Commission's rules.
6. We conclude that Amp'd has apparently failed to comply with the
requirement that it provide a statement accompanying its compliance
certificate explaining how its operating procedures ensure that it is or
is not in compliance with the Commission's CPNI rules. For this apparent
violation, we propose a forfeiture.
IV. FORFEITURE AMOUNT
7. Section 503(b) of the Communications Act authorizes the Commission to
assess a forfeiture of up to $130,000 for each violation of the Act or of
any rule, regulation, or order issued by the Commission under the Act. The
Commission may assess this penalty if it determines that the carrier's
noncompliance is "willful or repeated." For a violation to be willful, it
need not be intentional. In exercising our forfeiture authority, we are
required to take into account "the nature, circumstances, extent, and
gravity of the violation and, with respect to the violator, the degree of
culpability, any history of prior offenses, ability to pay, and such other
matters as justice may require." In addition, the Commission has
established guidelines for forfeiture amounts and, where there is no
specific base amount for a violation, retained discretion to set an amount
on a case-by-case basis.
8. The Commission's forfeiture guidelines do not address the specific
violation at issue in this proceeding. In determining the proper
forfeiture amount in this case, however, we are guided by the principle
that there may be no more important obligation on a carrier's part than
protection of its subscribers' proprietary information. Consumers are
increasingly concerned about the security of their sensitive, personal
data that they must entrust to their various service providers, whether
they are financial institutions or telephone companies. Given the
increasing concern about the security of this data, and evidence that the
data appears to be widely available to third parties, we must take
aggressive, substantial steps to ensure that carriers implement necessary
and adequate measures to protect their subscribers' CPNI, as required by
the Commission's existing CPNI rules. Additionally, in three recent
actions, the Commission has issued Notices of Apparent Liability for
Forfeiture in the amount of $100,000 against carriers for failure to
maintain certifications in compliance with section 64.2009(e) of the
Commission's rules. In this case, Amp'd has apparently failed to implement
necessary and adequate measures, as required, to protect their
subscribers' CPNI data entrusted to them, as evidenced by the absence of a
statement accompanying the compliance certificate explaining how its
operating procedures ensure that it is or is not in compliance with the
Commission's CPNI rules. Based on all the facts and circumstances present
in this case, we believe the proposed forfeiture of $100,000 is warranted.
9. Amp'd will have the opportunity to submit further evidence and
arguments in response to this NAL to show that no forfeiture should be
imposed or that some lesser amount should be assessed. For example, Amp'd
may present evidence that it has compelling financial arguments to reduce
the proposed forfeiture or that it has maintained a history of overall
compliance. To support a claim of inability to pay, the petitioner must
submit: (1) federal tax returns for the most recent three-year period; (2)
financial statements prepared according to generally accepted accounting
practices (GAAP); or (3) some other reliable and objective documentation
that accurately reflects the petitioner's current financial status. Any
claim of inability to pay must specifically identify the basis for the
claim by reference to the financial documentation submitted. The
Commission will fully consider any such arguments made by Amp'd in its
response to this NAL.
V. CONCLUSION AND ordering clauses
10. We have determined that Amp'd Mobile, Inc. has apparently violated
Section 64.2009(e) of the Commission's rules by failing to prepare and
maintain a certification in compliance with the rule. We find Amp'd
Mobile, Inc. apparently liable for $100,000.
11. ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 503(b) of the
Communications Act of 1934, as amended, Section 1.80(f)(4) of the
Commission's rules, and authority delegated by Sections 0.111 and 0.311 of
the Commission's rules, Amp'd Mobile, Inc. IS LIABLE FOR A MONETARY
FORFEITURE in the amount of one hundred thousand dollars ($100,000) for
willfully or repeatedly violating Section 64.2009 of the Commission's
rules, by failing to prepare and maintain a certificate that complies with
64.2009(e).
12. IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of the
Commission's rules, within thirty days of the release date of this NOTICE
OF APPARENT LIABILITY, Amp'd Mobile, Inc. SHALL PAY the full amount of the
proposed forfeiture or SHALL FILE a written statement seeking reduction or
cancellation of the proposed forfeiture.
13. Payment of the forfeiture must be made by check or similar instrument,
payable to the order of the Federal Communications Commission. The payment
must include the NAL/Acct. No. and FRN No. referenced above. Payment by
check or money order may be mailed to Forfeiture Collection Section,
Finance Branch, Federal Communications Commission, P.O. Box 358340,
Pittsburgh, PA 15251. Payment by overnight mail may be sent to Mellon
Client Service Center, 500 Ross Street, Room 670, Pittsburgh, PA
15262-0001. Attn: FCC Module Supervisor. Payment by wire transfer may be
made to ABA Number 043000261, receiving bank Mellon Bank, and account
number 911-6229. Please include your NAL/Acct. No. with your wire transfer
remittance. Requests for payment of the full amount of this NAL under an
installment plan should be sent to Chief, Credit and Management Center,
445 12^th Street, S.W., Washington, D.C. 20554.
14. IT IS FURTHER ORDERED that a copy of this Order shall be sent by
Certified Mail, Return Receipt Requested to Amp'd Mobile, Inc., Douglas
Molyneux, Vice President and General Counsel, 1925 South Bundy, Los
Angeles, CA 90025, and James Barker, Latham & Watkins, LLP, 555 Eleventh
Street, N.W., Suite 1000, Washington, DC 20004.
FEDERAL COMMUNICATIONS COMMISSION
Kris A. Monteith
Chief, Enforcement Bureau
See 47 C.F.R. S64.2009(e).
CPNI is defined as information that relates to the quantity, technical
configuration, type, destination, location, and amount of use of a
telecommunications service subscribed to by any customer of a
telecommunications carrier, and that is made available to the carrier by
the customer solely by virtue of the customer-carrier relationship. See 47
U.S.C. S 222(h)(1)(A); 47 C.F.R. S 64.2003(d).
See, e.g.
http://www.epic.org/privacy/iei/.
See id.
Letter from Marcy Greene, Deputy Division Chief, Telecommunications
Consumers Division, Enforcement Bureau, Federal Communications Commission,
to Douglas Molyneux, Esq., Vice President and General Manager, Amp'd
Mobile, Inc., LLC (December 11, 2006) ("December 11 LOI").
Section 222 of the Communications Act provides that: "Every
telecommunications carrier has a duty to protect the confidentiality of
proprietary information of, and relating to, other telecommunications
carriers, equipment manufacturers, and customers, including
telecommunication carriers reselling telecommunications services provided
by a telecommunications carrier." 47 U.S.C S 222.
In the Matter of Implementation of the Telecommunications Act of 1996:
Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended, Order and Further Notice of Proposed Rulemaking,
13 FCC Rcd 8061 (1998) ("CPNI Order"); see also In the Matter of
Implementation of the Telecommunications Act of 1996: Telecommunications
Carriers' Use of Customer Proprietary Network Information and Other
Customer Information and Implementation of the Non-Accounting Safeguards
of Sections 271 and 272 of the Communications Act of 1934, as amended,
Order on Reconsideration and Petitions for Forbearance, 14 FCC Rcd 14409
(1999); In the Matter of Implementation of the Telecommunications Act of
1996: Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended; 2000 Biennial Regulatory Review -- Review of
Policies and Rules Concerning Unauthorized Changes of Consumers' Long
Distance Carriers, Third Report and Order and Third Further Notice of
Proposed Rulemaking, 17 FCC Rcd 14860 (2002).
47 C.F.R. S 64.2009(e).
This is the company's first year of operation. Accordingly, it only
produced a compliance certificate for one year.
Section 503(b)(2)(B) provides for forfeitures against common carriers of
up to $130,000 for each violation or each day of a continuing violation up
to a maximum of $1,325,000 for each continuing violation. 47 U.S.C. S
503(b)(2)(B). See Amendment of Section 1.80 of the Commission's Rules and
Adjustment of Forfeiture Maxima to Reflect Inflation, 15 FCC Rcd 18221
(2000); Amendment of Section 1.80 of the Commission's Rules and Adjustment
of Forfeiture Maxima to Reflect Inflation, 19 FCC Rcd 10945 (2004)
(increasing maximum forfeiture amounts to account for inflation).
47 U.S.C. S 503(b)(1)(B) (the Commission has authority under this section
of the Act to assess a forfeiture penalty against a common carrier if the
Commission determines that the carrier has "willfully or repeatedly"
failed to comply with the provisions of the Act or with any rule,
regulation, or order issued by the Commission under the Act); see also 47
U.S.C. S 503(b)(4)(A) (providing that the Commission must assess such
penalties through the use of a written notice of apparent liability or
notice of opportunity for hearing). Here, as described above, Amp'd
Mobile's actions were willful as it apparently failed to prepare the
required compliance certification.
Southern California Broadcasting Co., 6 FCC Rcd 4387 (1991).
See 47 U.S.C. S 503(b)(2)(D); see also The Commission's Forfeiture Policy
Statement and Amendment of Section 1.80 of the Commission's Rules, 12 FCC
Rcd 17087 (1997) ("Forfeiture Policy Statement"); recon. denied, 15 FCC
Rcd 303 (1999).
Forfeiture Policy Statement, 12 FCC Rcd 17098-99, P 22.
Cbeyond Communications LLC, Notice of Apparent Liability for Forfeiture,
21 FCC Rcd 4316 (Enf. Bur. rel. April 21, 2006); AT&T, Inc., Notice of
Apparent Liability for Forfeiture, 21 FCC Rcd 751 (Enf. Bur. rel. Jan. 30,
2006); Alltel Corp., Notice of Apparent Liability for Forfeiture, 21 FCC
Rcd 746 (Enf. Bur. rel. Jan. 30, 2006).
47 U.S.C. S 503(b)(4)(A).
47 U.S.C. S 503(b)(4)(C); 47 C.F.R. S 1.80(f)(3).
47 C.F.R. S 1.80(b)(4) (discussing factors the Commission or its designee
will consider in deciding appropriate forfeiture amount).
47 U.S.C. S 503(b).
47 C.F.R. S 1.80(f)(4).
47 C.F.R. SS 0.111, 0.311.
(...continued from previous page)
(continued....)
Federal Communications Commission DA 07-1407
3
Federal Communications Commission DA 07-1407
http://www.fcc.gov/eb/Orders/2007/DA-07-1412A1.html
Before the
Federal Communications Commission
Washington, D.C. 20554
)
)
)
In the Matter of ) File No. EB-06-TC-4483
CTC Communications Corporation ) NAL/Acct. No. 20073217 0037
Apparent Liability for Forfeiture ) FRN: 0005013669
)
)
)
NOTICE OF APPARENT LIABILITY FOR FORFEITURE
Adopted: March 26, 2007 Released: March 26, 2007
By the Chief, Enforcement Bureau:
I. INTRODUCTION
1. In this Notice of Apparent Liability for Forfeiture ("NAL"), we find
that CTC Communications Corporation ("CTC") apparently violated section
64.2009(e) of the Commission's rules by failing to have a corporate
officer execute an annual certificate stating that he has personal
knowledge that the company has established operating procedures adequate
to ensure compliance with the Commission's rules governing protection and
use of customer proprietary network information ("CPNI"). Protection of
CPNI is a fundamental obligation of all telecommunications carriers as
provided by section 222 of the Communications Act of 1934, as amended
("Communications Act" or "Act"). Based upon our review of the facts and
circumstances surrounding this apparent violation, and in particular, the
serious consequences that may flow from inadequate concern for and
protection of CPNI, we propose a monetary forfeiture of $100,000 against
CTC for its apparent failure to comply with section 64.2009(e) of the
Commission's rules.
II. BACKGROUND
2. The Enforcement Bureau ("Bureau") has been investigating the adequacy
of procedures implemented by telecommunications carriers to ensure
confidentiality of their subscribers' CPNI, based on concerns regarding
the apparent availability to third parties of sensitive, personal
subscriber information. For example, some companies, known as "data
brokers," have advertised the availability of records of wireless
subscribers' incoming and outgoing telephone calls for a fee. Data brokers
have also advertised the availability of call information that relates to
certain landline toll calls.
3. As part of our inquiry into these issues, the Bureau sent a Letter of
Inquiry ("LOI") to CTC on January 5, 2007, directing it to produce the
compliance certificates for the previous five (5) years that it had
prepared pursuant to section 64.2009(e) of the Commission's rules. On
January 12, 2007, CTC submitted a document in response to the Bureau's
LOI. The document submitted by CTC does not satisfy the requirements set
forth in the rule. Accordingly, we issue this proposed forfeiture.
III. DISCUSSION
4. Section 222 imposes the general duty on all telecommunications carriers
to protect the confidentiality of their subscribers' proprietary
information. The Commission has issued rules implementing section 222 of
the Act. The Commission required carriers to establish and maintain a
system designed to ensure that carriers adequately protected their
subscribers' CPNI. Section 64.2009(e) is one such requirement. Pursuant to
section 64.2009(e):
A telecommunications carrier must have an officer, as an agent of the
carrier, sign a compliance certificate on an annual basis stating that the
officer has personal knowledge that the company has established operating
procedures that are adequate to ensure compliance with the rules in this
subpart. The carrier must provide a statement accompanying the certificate
explaining how its operating procedures ensure that it is or is not in
compliance with the rules in this subpart.
5. CTC's January 12 response to the Bureau's January 5 LOI consists of a
three page document signed by CTC's Executive Vice President. Attached to
the document are a copy of a February 6, 2006, CTC filing with the
Commission, and declarations dated January 12, 2006, from CTC's
Vice-President of Regulatory Compliance and Executive Vice President. The
three page document describes generally how CTC uses CPNI. Additionally,
the three page document notes its acquisition of Lightship Telecom, LLC,
Connecticut Telephone and Communications Systems, Inc., and Connecticut
Broadband, LLC, (collectively, the "Affiliates") in 2005. Neither the
three page document, nor the attachment to it, however, contains a
statement by an officer "that the officer has personal knowledge that
[CTC, including the Affiliates] has established operating procedures that
are adequate to ensure compliance with the [CPNI] rules. . . ." On the
contrary, CTC specifically admits that it has not made such a statement
with respect to the Affiliates. Accordingly, CTC's submission, on its
face, does not comply with section 64.2009(e) of the Commission's rules.
6. We conclude that CTC has apparently failed to comply with the
requirement that it have an officer certify on an annual basis that the
officer has personal knowledge that CTC has established operating
procedures adequate to ensure compliance with the Commission's CPNI rules.
For this apparent violation, we propose a forfeiture.
IV. FORFEITURE AMOUNT
7. Section 503(b) of the Communications Act authorizes the Commission to
assess a forfeiture of up to $130,000 for each violation of the Act or of
any rule, regulation, or order issued by the Commission under the Act. The
Commission may assess this penalty if it determines that the carrier's
noncompliance is "willful or repeated." For a violation to be willful, it
need not be intentional. In exercising our forfeiture authority, we are
required to take into account "the nature, circumstances, extent, and
gravity of the violation and, with respect to the violator, the degree of
culpability, any history of prior offenses, ability to pay, and such other
matters as justice may require." In addition, the Commission has
established guidelines for forfeiture amounts and, where there is no
specific base amount for a violation, retained discretion to set an amount
on a case-by-case basis.
8. The Commission's forfeiture guidelines do not address the specific
violation at issue in this proceeding. In determining the proper
forfeiture amount in this case, however, we are guided by the principle
that there may be no more important obligation on a carrier's part than
protection of its subscribers' proprietary information. Consumers are
increasingly concerned about the security of their sensitive, personal
data that they must entrust to their various service providers, whether
they are financial institutions or telephone companies. Given the
increasing concern about the security of this data, and evidence that the
data appears to be widely available to third parties, we must take
aggressive, substantial steps to ensure that carriers implement necessary
and adequate measures to protect their subscribers' CPNI, as required by
the Commission's existing CPNI rules. Additionally, in three recent
actions, the Commission has issued Notices of Apparent Liability for
Forfeiture in the amount of $100,000 against carriers for failure to
maintain certifications in compliance with section 64.2009(e) of the
Commission's rules. In this case, CTC has apparently failed to implement
necessary and adequate measures, as required, to protect the subscribers'
CPNI data entrusted to it, as evidenced by the apparent insufficiency of
the required compliance certification. Based on all the facts and
circumstances present in this case, we believe the proposed forfeiture of
$100,000 is warranted.
9. CTC will have the opportunity to submit further evidence and arguments
in response to this NAL to show that no forfeiture should be imposed or
that some lesser amount should be assessed. For example, CTC may present
evidence that it has compelling financial arguments to reduce the proposed
forfeiture or that it has maintained a history of overall compliance. To
support a claim of inability to pay, the petitioner must submit: (1)
federal tax returns for the most recent three-year period; (2) financial
statements prepared according to generally accepted accounting practices
(GAAP); or (3) some other reliable and objective documentation that
accurately reflects the petitioner's current financial status. Any claim
of inability to pay must specifically identify the basis for the claim by
reference to the financial documentation submitted. The Commission will
fully consider any such arguments made by CTC in its response to this NAL.
V. CONCLUSION AND ordering clauses
10. We have determined that CTC has apparently violated Section 64.2009(e)
of the Commission's rules by failing to prepare and maintain a
certification in compliance with the rule. We find CTC apparently liable
for $100,000.
11. ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 503(b) of the
Communications Act of 1934, as amended, Section 1.80(f)(4) of the
Commission's rules, and authority delegated by Sections 0.111 and 0.311 of
the Commission's rules, CTC Communications Corporation IS LIABLE FOR A
MONETARY FORFEITURE in the amount of one hundred thousand dollars
($100,000) for willfully or repeatedly violating Section 64.2009 of the
Commission's rules, by failing to prepare and maintain a certificate that
complies with 64.2009(e).
12. IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of the
Commission's rules, within thirty days of the release date of this NOTICE
OF APPARENT LIABILITY CTC Communications Corporation SHALL PAY the full
amount of the proposed forfeiture or SHALL FILE a written statement
seeking reduction or cancellation of the proposed forfeiture.
13. Payment of the forfeiture must be made by check or similar instrument,
payable to the order of the Federal Communications Commission. The payment
must include the NAL/Acct. No. and FRN No. referenced above. Payment by
check or money order may be mailed to Forfeiture Collection Section,
Finance Branch, Federal Communications Commission, P.O. Box 358340,
Pittsburgh, PA 15251. Payment by overnight mail may be sent to Mellon
Client Service Center, 500 Ross Street, Room 670, Pittsburgh, PA
15262-0001. Attn: FCC Module Supervisor. Payment by wire transfer may be
made to ABA Number 043000261, receiving bank Mellon Bank, and account
number 911-6229. Please include your NAL/Acct. No. with your wire transfer
remittance. Requests for payment of the full amount of this NAL under an
installment plan should be sent to Chief, Credit and Management Center,
445 12^th Street, S.W., Washington, D.C. 20554.
14. IT IS FURTHER ORDERED that a copy of this Order shall be sent by
Certified Mail, Return Receipt Requested to CTC Communications
Corporation, 220 Bear Hill Road, Waltham, Massachusetts 02451.
FEDERAL COMMUNICATIONS COMMISSION
Kris A. Monteith
Chief, Enforcement Bureau
See 47 C.F.R. S64.2009(e).
CPNI is defined as information that relates to the quantity, technical
configuration, type, destination, location, and amount of use of a
telecommunications service subscribed to by any customer of a
telecommunications carrier, and that is made available to the carrier by
the customer solely by virtue of the customer-carrier relationship. See 47
U.S.C. S 222(h)(1)(A); 47 C.F.R. S 64.2003(d).
See, e.g.
http://www.epic.org/privacy/iei/.
See id.
Letter from Marcy Greene, Deputy Division Chief, Telecommunications
Consumers Division, Enforcement Bureau, Federal Communications Commission,
to Mr. Ray Allieri, CEO, CTC Communications Corp., (January 5, 2007)
("January 5 LOI").
Letter from James P. Prenetta, Jr., Executive Vice President and General
Counsel, CTC Communications Corp., to Marcy Greene, Deputy Division Chief,
Telecommunications Consumers Division, Enforcement Bureau, Federal
Communications Commission (January 12, 2007) ("January 12 response").
Section 222 of the Communications Act provides that: "Every
telecommunications carrier has a duty to protect the confidentiality of
proprietary information of, and relating to, other telecommunications
carriers, equipment manufacturers, and customers, including
telecommunication carriers reselling telecommunications services provided
by a telecommunications carrier." 47 U.S.C S 222.
In the Matter of Implementation of the Telecommunications Act of 1996:
Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended, Order and Further Notice of Proposed Rulemaking,
13 FCC Rcd 8061 (1998) ("CPNI Order"); see also In the Matter of
Implementation of the Telecommunications Act of 1996: Telecommunications
Carriers' Use of Customer Proprietary Network Information and Other
Customer Information and Implementation of the Non-Accounting Safeguards
of Sections 271 and 272 of the Communications Act of 1934, as amended,
Order on Reconsideration and Petitions for Forbearance, 14 FCC Rcd 14409
(1999); In the Matter of Implementation of the Telecommunications Act of
1996: Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended; 2000 Biennial Regulatory Review -- Review of
Policies and Rules Concerning Unauthorized Changes of Consumers' Long
Distance Carriers, Third Report and Order and Third Further Notice of
Proposed Rulemaking, 17 FCC Rcd 14860 (2002).
47 C.F.R. S 64.2009(e).
See January 12 Response, p. 1: "[CTC] has not located any 47 C.F.R. S
64.2009(e) internal compliance certificates for [the Affiliates] for the
period of time prior to [CTC]'s acquisition of those companies. In
connection with [CTC]'s annual CPNI review process, a CPNI compliance
certificate will be prepared and maintained ..." (emphasis added).
Section 503(b)(2)(B) provides for forfeitures against common carriers of
up to $130,000 for each violation or each day of a continuing violation up
to a maximum of $1,325,000 for each continuing violation. 47 U.S.C. S
503(b)(2)(B). See Amendment of Section 1.80 of the Commission's Rules and
Adjustment of Forfeiture Maxima to Reflect Inflation, 15 FCC Rcd 18221
(2000); Amendment of Section 1.80 of the Commission's Rules and Adjustment
of Forfeiture Maxima to Reflect Inflation, 19 FCC Rcd 10945 (2004)
(increasing maximum forfeiture amounts to account for inflation).
47 U.S.C. S 503(b)(1)(B) (the Commission has authority under this section
of the Act to assess a forfeiture penalty against a common carrier if the
Commission determines that the carrier has "willfully or repeatedly"
failed to comply with the provisions of the Act or with any rule,
regulation, or order issued by the Commission under the Act); see also 47
U.S.C. S 503(b)(4)(A) (providing that the Commission must assess such
penalties through the use of a written notice of apparent liability or
notice of opportunity for hearing). Here, as described above, CTC's
actions were willful as it apparently failed to prepare the required
compliance certification.
Southern California Broadcasting Co., 6 FCC Rcd 4387 (1991).
See 47 U.S.C. S 503(b)(2)(D); see also The Commission's Forfeiture Policy
Statement and Amendment of Section 1.80 of the Commission's Rules, 12 FCC
Rcd 17087 (1997) ("Forfeiture Policy Statement"); recon. denied, 15 FCC
Rcd 303 (1999).
Forfeiture Policy Statement, 12 FCC Rcd 17098-99, P 22.
AT&T, Inc., Notice of Apparent Liability for Forfeiture, 21 FCC Rcd 751
(Enf. Bur. rel. Jan. 30, 2006); Alltel Corp., Notice of Apparent Liability
for Forfeiture, 21 FCC Rcd 746 (Enf. Bur. rel. Jan 30, 2006); Cbeyond
Communications LLC, Notice of Apparent Liability for Forfeiture, 21 FCC
Rcd 4316 (Enf. Bur. rel. April 21, 2006).
47 U.S.C. S 503(b)(4)(A).
47 U.S.C. S 503(b)(4)(C); 47 C.F.R. S 1.80(f)(3).
47 C.F.R. S 1.80(b)(4) (discussing factors the Commission or its designee
will consider in deciding appropriate forfeiture amount).
47 U.S.C. S 503(b).
47 C.F.R. S 1.80(f)(4).
47 C.F.R. SS 0.111, 0.311.
(...continued from previous page)
(continued....)
Federal Communications Commission DA 07-1412
2
Federal Communications Commission DA 07-1412
http://www.fcc.gov/eb/Orders/2007/DA-07-1409A1.html
Before the
Federal Communications Commission
Washington, D.C. 20554
)
)
)
In the Matter of ) File No. EB-06-TC-4261
Easterbrooke Cellular Corporation ) NAL/Acct. No. 200732170035
Apparent Liability for Forfeiture ) FRN:0001544790
)
)
)
NOTICE OF APPARENT LIABILITY FOR FORFEITURE
Adopted: March 26, 2007 Released: March 26, 2007
By the Chief, Enforcement Bureau:
I. INTRODUCTION
1. In this Notice of Apparent Liability for Forfeiture ("NAL"), we find
that Easterbrooke Cellular Corporation, ("Easterbrooke Cellular")
apparently violated section 64.2009(e) of the Commission's rules by
failing to maintain a compliance certificate executed by a corporate
officer stating that he has personal knowledge that the company has
established operating procedures adequate to ensure compliance with the
Commission's rules governing protection and use of customer proprietary
network information ("CPNI"). Protection of CPNI is a fundamental
obligation of all telecommunications carriers as provided by section 222
of the Communications Act of 1934, as amended ("Communications Act" or
"Act"). Based upon our review of the facts and circumstances surrounding
this apparent violation, and in particular, the serious consequences that
may flow from inadequate concern for and protection of CPNI, we propose a
monetary forfeiture of $100,000 against Easterbrooke Cellular for its
apparent failure to comply with section 64.2009(e) of the Commission's
rules.
II. BACKGROUND
2. The Enforcement Bureau ("Bureau") has been investigating the adequacy
of procedures implemented by telecommunications carriers to ensure
confidentiality of their subscribers' CPNI, based on concerns regarding
the apparent availability to third parties of sensitive, personal
subscriber information. For example, some companies, known as "data
brokers," have advertised the availability of records of wireless
subscribers' incoming and outgoing telephone calls for a fee. Data brokers
have also advertised the availability of call information that relates to
certain landline toll calls.
3. As part of our inquiry into these issues, the Bureau sent a Letter of
Inquiry ("LOI") to Easterbrooke Cellular on December 4, 2006, directing it
to produce the compliance certificates for the previous five (5) years
that it had prepared pursuant to section 64.2009(e) of the Commission's
rules. On December 11, 2006, Easterbrooke Cellular submitted a document in
response to the Bureau's LOI. The document submitted by Easterbrooke
Cellular does not satisfy the requirements set forth in the rule.
Accordingly, we issue this proposed forfeiture.
III. DISCUSSION
4. Section 222 imposes the general duty on all telecommunications carriers
to protect the confidentiality of their subscribers' proprietary
information. The Commission has issued rules implementing section 222 of
the Act. The Commission required carriers to establish and maintain a
system designed to ensure that carriers adequately protected their
subscribers' CPNI. Section 64.2009(e) is one such requirement. Pursuant to
section 64.2009(e):
A telecommunications carrier must have an officer, as an agent of the
carrier, sign a compliance certificate on an annual basis stating that the
officer has personal knowledge that the company has established operating
procedures that are adequate to ensure compliance with the rules in this
subpart. The carrier must provide a statement accompanying the certificate
explaining how its operating procedures ensure that it is or is not in
compliance with the rules in this subpart.
5. Easterbrooke Cellular's December 11 response to the Bureau's December 4
LOI consists of a four-page document executed by an Easterbrooke Cellular
Vice President on December 8, 2006. The document states that Easterbrooke
Cellular did not maintain written compliance certificates for the previous
five years, but that it did maintain policies and procedures during those
years that were in substantial compliance with the CPNI rules.
Accordingly, Easterbrooke Cellular's submission, on its face, does not
comply with section 64.2009(e) of the Commission's rules. Further,
Easterbrooke Cellular has not provided any additional information in
response to our request demonstrating that it has otherwise complied with
the Commission's CPNI rules by preparing and maintaining certificates that
satisfy the requirements of section 64.2009(e).
6. We conclude that Easterbrooke Cellular has apparently failed to comply
with the requirement that it maintain a CPNI compliance certificate. For
this apparent violation, we propose a forfeiture.
IV. FORFEITURE AMOUNT
7. Section 503(b) of the Communications Act authorizes the Commission to
assess a forfeiture of up to $130,000 for each violation of the Act or of
any rule, regulation, or order issued by the Commission under the Act. The
Commission may assess this penalty if it determines that the carrier's
noncompliance is "willful or repeated." For a violation to be willful, it
need not be intentional. In exercising our forfeiture authority, we are
required to take into account "the nature, circumstances, extent, and
gravity of the violation and, with respect to the violator, the degree of
culpability, any history of prior offenses, ability to pay, and such other
matters as justice may require." In addition, the Commission has
established guidelines for forfeiture amounts and, where there is no
specific base amount for a violation, retained discretion to set an amount
on a case-by-case basis.
8. The Commission's forfeiture guidelines do not address the specific
violation at issue in this proceeding. In determining the proper
forfeiture amount in this case, however, we are guided by the principle
that there may be no more important obligation on a carrier's part than
protection of its subscribers' proprietary information. Consumers are
increasingly concerned about the security of their sensitive, personal
data that they must entrust to their various service providers, whether
they are financial institutions or telephone companies. Given the
increasing concern about the security of this data, and evidence that the
data appears to be widely available to third parties, we must take
aggressive, substantial steps to ensure that carriers implement necessary
and adequate measures to protect their subscribers' CPNI, as required by
the Commission's existing CPNI rules. Additionally, in three recent
actions, the Commission has issued Notices of Apparent Liability for
Forfeiture in the amount of $100,000 against carriers for failure to
maintain certifications in compliance with section 64.2009(e) of the
Commission's rules. In this case, Easterbrooke Cellular has apparently
failed to implement necessary and adequate measures, as required, to
protect the subscribers' CPNI data entrusted to it, as evidenced by the
apparent insufficiency of the required compliance certification. Based on
all the facts and circumstances present in this case, we believe the
proposed forfeiture of $100,000 is warranted.
9. Easterbrooke Cellular will have the opportunity to submit further
evidence and arguments in response to this NAL to show that no forfeiture
should be imposed or that some lesser amount should be assessed. For
example, Easterbrooke Cellular may present evidence that it has compelling
financial arguments to reduce the proposed forfeiture or that it has
maintained a history of overall compliance. To support a claim of
inability to pay, the petitioner must submit: (1) federal tax returns for
the most recent three-year period; (2) financial statements prepared
according to generally accepted accounting practices (GAAP); or (3) some
other reliable and objective documentation that accurately reflects the
petitioner's current financial status. Any claim of inability to pay must
specifically identify the basis for the claim by reference to the
financial documentation submitted. The Commission will fully consider any
such arguments made by Easterbrooke Cellular in its response to this NAL.
V. CONCLUSION AND ordering clauses
10. We have determined that Easterbrooke Cellular has apparently violated
Section 64.2009(e) of the Commission's rules by failing to prepare and
maintain a certification in compliance with the rule. We find Easterbrooke
Cellular apparently liable for $100,000.
11. ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 503(b) of the
Communications Act of 1934, as amended, Section 1.80(f)(4) of the
Commission's rules, and authority delegated by Sections 0.111 and 0.311 of
the Commission's rules, Easterbrooke Cellular Corporation IS LIABLE FOR A
MONETARY FORFEITURE in the amount of one hundred thousand dollars
($100,000) for willfully or repeatedly violating Section 64.2009 of the
Commission's rules, by failing to prepare and maintain a certificate that
complies with 64.2009(e).
12. IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of the
Commission's rules, within thirty days of the release date of this NOTICE
OF APPARENT LIABILITY, Easterbrooke Cellular Corporation SHALL PAY the
full amount of the proposed forfeiture or SHALL FILE a written statement
seeking reduction or cancellation of the proposed forfeiture.
13. Payment of the forfeiture must be made by check or similar instrument,
payable to the order of the Federal Communications Commission. The payment
must include the NAL/Acct. No. and FRN No. referenced above. Payment by
check or money order may be mailed to Forfeiture Collection Section,
Finance Branch, Federal Communications Commission, P.O. Box 358340,
Pittsburgh, PA 15251. Payment by overnight mail may be sent to Mellon
Client Service Center, 500 Ross Street, Room 670, Pittsburgh, PA
15262-0001. Attn: FCC Module Supervisor. Payment by wire transfer may be
made to ABA Number 043000261, receiving bank Mellon Bank, and account
number 911-6229. Please include your NAL/Acct. No. with your wire transfer
remittance. Requests for payment of the full amount of this NAL under an
installment plan should be sent to Chief, Credit and Management Center,
445 12^th Street, S.W., Washington, D.C. 20554.
14. IT IS FURTHER ORDERED that a copy of this Order shall be sent by
Certified Mail, Return Receipt Requested to Tim McGaw, Vice President,
Easterbrooke Cellular Corporation, 125 E. Sir Francis Drake Boulevard,
Suite 400, Larkspur, CA 94939, and Michael F. Morrone, Esq, Counsel for
Easterbrooke Cellular Corporation, Keller & Heckman, LLP, 1001 G Street,
N.W., Suite 500 West, Washington, D.C. 20001.
FEDERAL COMMUNICATIONS COMMISSION
Kris A. Monteith
Chief, Enforcement Bureau
See 47 C.F.R. S64.2009(e).
CPNI is defined as information that relates to the quantity, technical
configuration, type, destination, location, and amount of use of a
telecommunications service subscribed to by any customer of a
telecommunications carrier, and that is made available to the carrier by
the customer solely by virtue of the customer-carrier relationship. See 47
U.S.C. S 222(h)(1)(A); 47 C.F.R. S 64.2003(d).
See, e.g.
http://www.epic.org/privacy/iei/.
See id.
Letter from Marcy Greene, Deputy Division Chief, Telecommunications
Consumers Division, Enforcement Bureau, Federal Communications Commission,
to Tim McGaw, Vice President, Easterbrooke Cellular Corporation and
Michael F. Marrone, Esq., Counsel for Easterbrooke Cellular Corporation
(December 4, 2006) ("December 4 LOI").
Section 222 of the Communications Act provides that: "Every
telecommunications carrier has a duty to protect the confidentiality of
proprietary information of, and relating to, other telecommunications
carriers, equipment manufacturers, and customers, including
telecommunication carriers reselling telecommunications services provided
by a telecommunications carrier." 47 U.S.C S 222.
In the Matter of Implementation of the Telecommunications Act of 1996:
Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended, Order and Further Notice of Proposed Rulemaking,
13 FCC Rcd 8061 (1998) ("CPNI Order"); see also In the Matter of
Implementation of the Telecommunications Act of 1996: Telecommunications
Carriers' Use of Customer Proprietary Network Information and Other
Customer Information and Implementation of the Non-Accounting Safeguards
of Sections 271 and 272 of the Communications Act of 1934, as amended,
Order on Reconsideration and Petitions for Forbearance, 14 FCC Rcd 14409
(1999); In the Matter of Implementation of the Telecommunications Act of
1996: Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended; 2000 Biennial Regulatory Review -- Review of
Policies and Rules Concerning Unauthorized Changes of Consumers' Long
Distance Carriers, Third Report and Order and Third Further Notice of
Proposed Rulemaking, 17 FCC Rcd 14860 (2002).
47 C.F.R. S 64.2009(e).
Section 503(b)(2)(B) provides for forfeitures against common carriers of
up to $130,000 for each violation or each day of a continuing violation up
to a maximum of $1,325,000 for each continuing violation. 47 U.S.C. S
503(b)(2)(B). See Amendment of Section 1.80 of the Commission's Rules and
Adjustment of Forfeiture Maxima to Reflect Inflation, 15 FCC Rcd 18221
(2000); Amendment of Section 1.80 of the Commission's Rules and Adjustment
of Forfeiture Maxima to Reflect Inflation, 19 FCC Rcd 10945 (2004)
(increasing maximum forfeiture amounts to account for inflation).
47 U.S.C. S 503(b)(1)(B) (the Commission has authority under this section
of the Act to assess a forfeiture penalty against a common carrier if the
Commission determines that the carrier has "willfully or repeatedly"
failed to comply with the provisions of the Act or with any rule,
regulation, or order issued by the Commission under the Act); see also 47
U.S.C. S 503(b)(4)(A) (providing that the Commission must assess such
penalties through the use of a written notice of apparent liability or
notice of opportunity for hearing). Here, as described above, Easterbrooke
Cellular's actions were willful as it apparently failed to prepare the
required compliance certification.
Southern California Broadcasting Co., 6 FCC Rcd 4387 (1991).
See 47 U.S.C. S 503(b)(2)(D); see also The Commission's Forfeiture Policy
Statement and Amendment of Section 1.80 of the Commission's Rules, 12 FCC
Rcd 17087 (1997) ("Forfeiture Policy Statement"); recon. denied, 15 FCC
Rcd 303 (1999).
Forfeiture Policy Statement, 12 FCC Rcd 17098-99, P 22.
AT&T, Inc., Notice of Apparent Liability for Forfeiture, 21 FCC Rcd 751
(Enf. Bur. rel. Jan. 30, 2006); Alltel Corp., Notice of Apparent Liability
for Forfeiture, 21 FCC Rcd 746 (Enf. Bur. rel. Jan 30, 2006); Cbeyond
Communications LLC, Notice of Apparent Liability for Forfeiture, 21 FCC
Rcd 4316 (Enf. Bur. rel. April 21, 2006).
47 U.S.C. S 503(b)(4)(A).
47 U.S.C. S 503(b)(4)(C); 47 C.F.R. S 1.80(f)(3).
47 C.F.R. S 1.80(b)(4) (discussing factors the Commission or its designee
will consider in deciding appropriate forfeiture amount).
47 U.S.C. S 503(b).
47 C.F.R. S 1.80(f)(4).
47 C.F.R. SS 0.111, 0.311.
(...continued from previous page)
(continued....)
Federal Communications Commission DA 07-1409
2
Federal Communications Commission DA 07-1409
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
We perform bug sweeps like it's a full contact sport, we take no prisoners,
and we give no quarter. Our goal is to simply, and completely stop the spy.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:24 CST