|
By Ronald London, James M. Smith, Suzanne Toller and Treg Tremont
In This Issue:
 DEVELOPMENTS
ENFORCEMENT CORNER
FCC Crackdown on CPNI Compliance, Phone Record Disclosure and “Pretexting”—Immediate Carrier Action Required
Moving with unprecedented lightning speed, the FCC has moved on multiple fronts to crack down on apparent violations of the agency’s Customer Proprietary Network Information (CPNI) rules, which seek to protect the privacy of telephone subscribers by restricting a carrier’s ability to use or disclose subscribers’ personal telephone records,
First, on Jan. 30, 2006, responding to “concerns regarding the apparent sale of telephone call records over the Internet,” the FCC’s Enforcement Bureau directed all telecommunications carriers, including both wireline and wireless carriers, to file a compliance certificate under section 64.2009(e) of its CPNI rules within one week—by Feb. 6, 2006. That rule instructs: “A telecommunications carrier must have an officer, as an agent of the carrier, sign a compliance certificate on an annual basis stating that the officer has personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the [CPNI] rules…The carrier must provide a statement accompanying the certificate explaining how its operating procedures ensure that it is or is not in compliance with the rules…”
Second, the Bureau has, in the space of less than a week, moved to investigate and penalize carriers for inadequate compliance with these CPNI rules. On Jan. 25, 2006 , responding aggressively to the recent profusion of online “data brokers” that sell personal consumer information apparently obtained from telephone records, the Bureau demanded that several carriers, including AT&T and Alltel, produce within 48 hours evidence of their compliance with rule 64.2009(e). Two days later, on Jan. 27, AT&T submitted certifications executed by its new parent SBC, but produced no certifications on the part of the former AT&T Corp. Alltel submitted a two-page document executed that same day by in-house counsel, which “describes generally how Alltel uses CPNI.” The next business day (Jan. 30), the Bureau issued Notices of Apparent Liability for Forfeiture against both carriers, proposing to fine each carrier $100,000—AT&T for not executing the certifications at all, and Alltel for failing to produce an officer’s certification “that the officer has personal knowledge that [Alltel] has established operating procedures that are adequate to ensure compliance with the [CPNI] rules…” The Bureau stated that it was “guided by the principle that there may be no more important obligation on a carrier’s part than protection of its subscribers’ proprietary information. Consumers are increasingly concerned about the security of their sensitive, personal data…Given the increasing concern about the security of this data, and evidence that the data appears to be widely available to third parties, we must take aggressive, substantial steps to ensure that carriers implement necessary and adequate measures to protect their subscribers’ CPNI, as required by the Commission’s existing CPNI rules.” The Bureau alleged that AT&T had not complied with the rules, and that Alltel “has apparently not taken its obligations seriously.” AT&T and Alltel must respond by March 1.
The FCC’s crackdown is also attempting to reach non-carriers. Starting in November 2005, the Bureau has issued subpoenas to numerous data brokers, seeking to obtain information “concern[ing] call detail and other [CPNI]” that the data brokers “may be obtaining from telecommunications providers, in apparent violation of section 222 of the Communications Act...and the Commission’s [CPNI] rules.” Although the statute and rules currently only prohibit the dissemination of such customer information by telecom carriers, the FCC may issue subpoenas and Citations warning against such practices. On Jan. 20, the Bureau issued two such Citations against data brokers for failure to respond to such subpoenas, advising that future violations of the rules may subject them to fines of up to $97,500, as well as criminal contempt penalties if they continued to be unresponsive to the subpoenas.
Finally, on Jan. 18, U.S. Senators Charles Schumer (D-NY) and Bill Nelson (D-FL) introduced the Consumer Telephone Records Protection Act, proposing to extend criminal penalties to anyone (including telephone service provider employees or data brokers) who obtains or attempts to obtain and/or sell such confidential telephone record information under false pretenses. The bill establishes a new term in telecommunications jargon: “pretexting,” defined as the practice of pretending to be the telephone subscriber in order to obtain such data from the telephone service provider. Congressional hearings on these subjects have been scheduled for the first week of February.
FTC Reports to Congress on Effectiveness and Enforcement of CAN-SPAM Act
The Federal Trade Commission (FTC) issued a report to Congress entitled Effectiveness and Enforcement of the CAN-SPAM Act to fulfill the Controlling the Assault of Non-Solicited Pornography and Marketing Act’s (CAN-SPAM Act) mandate to provide a detailed analysis of its effectiveness and enforcement, and the need—if any—for legislative revisions. The report reflects the FTC’s own enforcement experience and that of other entities empowered to enforce the CAN-SPAM Act, FTC staff interviews with interested parties, use of FTC compulsory process powers to obtain data from nine ISPs that collectively control over 60 percent of the market for consumer email accounts, and the FTC staff’s “broad review” of CAN-SPAM articles. The FTC also consulted with “two preeminent computer scientists for their independent evaluations of the Act’s effectiveness.”
The report concludes that the Act is effective in providing protection for consumers, and that it is aggressively enforced by state and federal regulators and by the private sector. In reaching its conclusions, the report distinguished between spam sent by legitimate marketers promoting legitimate products or services, and that sent by “‘outlaw’ spammers who ignore the law,” seek to hide their identities and whereabouts, and “may well infect consumers’ computers with malware.” With respect to the former, the FTC found legitimate marketers are following the “best practices” codified by the Act. Perhaps more importantly for the prospect of future regulation in this area, the FTC notes that technological advancements “may be the most useful tool in combating outlaw spammers.” The report found that the volume of spam has begun to level off and, more significantly, the amount reaching consumers has decreased due to enhanced anti-spam technology, and that consumers accordingly have begun to report decreased annoyance with spam. The FTC concludes, in short, that developments suggest spam has not destroyed email as a viable communications channel, as was once feared.
At the same time, however, the report notes some aspects of spam, such as its international dimension, have not changed materially since the Act became law and continue to pose problems. The email landscape also has changed in potentially troubling ways as well. The FTC cites the example that there has been a shift toward the inclusion in spam of content that is increasingly malicious, and it noted that spammers have sought to frustrate enforcement efforts by using increasingly complex multi-layered business arrangements and continuing to hide their identities by providing false information to domain name registrars.
The report went on to recommend three proposed steps to improve the efficacy of the CAN-SPAM Act. First, while no changes to the Act itself were recommended, the FTC urged Congress to enact the “US SAFE WEB Act” to improve FTC authority to trace spammers who operate outside the U.S. Second, the FTC stated that it should continue education efforts to ensure consumers are aware of the ways they can protect themselves from spam, spyware and sexually-explicit material. Third, improvements should continue with respect to anti-spam technology, and in particular, tools that prevent spammers from operating anonymously, including domain-level authentication and reputation and accreditation systems.
FCC Initiates Proceedings Reflecting Enactment of Junk Fax Prevention Act of 2005
The FCC issued an Order and Notice of Proposed Rulemaking (NPRM) to implement the Junk Fax Prevention Act of 2005 as a first step toward realization of Congress’s reversal of an FCC decision to eliminate the “established business relationship, or “EBR” exemption to the ban on unsolicited commercial faxes, an FCC initiative critics said would undermine, among other things, the vitality of faxes as a business-to-business tool and as a means for trade associations to communicate with members. The Order indefinitely suspends the effectiveness of a rule the FCC adopted in 2003 (which has been stayed since its adoption and thus never has taken effect) to require prior written consent for all unsolicited fax advertisements. The NPRM seeks input necessary to meet the Junk Fax Prevention Act’s mandate that the FCC adopt implementing rules by April 5, 2006, i.e., 270 days after the Act’s passage. The new law became necessary after the FCC’s 2003 decision to reverse its then decade-old rule that the Telephone Consumer Protection Act’s prohibition on the use of fax machines to send unsolicited advertisements did not encompass those sent pursuant to an EBR, the existence of which, the FCC reasoned, rendered the ads not “unsolicited.” The FCC reversed itself on this point in 2003 on grounds that it received numerous complaints from recipients of unsolicited faxes citing intrusion on their residential privacy and/or the extent to which the faxes impose costs in time, toner and paper.
The Junk Fax Prevention Act restores the EBR exemption the FCC attempted to eliminate, but subject to a new “opt-out” right by recipients. The NPRM centers on the three core concepts of the Junk Fax Prevention Act:
(1) recognition and contours of the EBR exemption;
(2) notice of the right to opt out of future faxes; and
(3) communication and implementation of opt-out requests.
In doing so, it makes a handful of determinations associated with implementing these tenets, and otherwise asks a series of questions geared toward the practicalities of a new opt-out regime. The comment period closes Feb. 2, 2006.
Separately (and, incidentally, before the NPRM issued), the FCC solicited comment on a petition by the Fax Ban Coalition asking that the FCC preempt the provisions of California S.B.833, and similar state laws, that impose on senders of interstate faxes restrictions that differ from those set forth in the Junk Fax Prevent Act and FCC rules. The preemption push on the federal fax rules was necessitated by California’s adoption of S.B.833 after Congress enacted the Junk Fax Prevention Act, to void the use of an EBR exemption for faxes sent from and into California (a number of preemption petitions already pending at the FCC with respect to state do-not-call laws, with some having been on file as long as 18 months without FCC action). The Fax Ban Coalition and most businesses that commented argue that the Junk Fax Prevention Act was intended to create uniform fax rules nationwide, and that California’s effort to erect more restrictive rules interferes with that intent, as would other state laws that, if allowed to stand with respect to interstate faxes, would create a patchwork of regulation in this area. There is no timetable for FCC action on the fax (or telemarketing) preemption petitions, but the California law was enjoined by a temporary restraining order (TRO) issued by a California federal court in December.
Eighth Circuit Overturns Minnesota Statute on Wireless Service Contracts:
Prior Consent Requirement = Rate Regulation
In 2004, Minnesota enacted statutory provisions (Minn. Stat., § 325F.695) which in part required wireless carriers to notify customers in writing 60 days in advance of any proposed “substantive change" in the contract. A “substantive change” included any modification that would result in an increased charge or extend the term of the contract. If the subscriber did not affirmatively accept the change (orally or in writing), the original terms of the contract would remain in force.
The major wireless carriers filed suit in federal district court in Minneapolis challenging the new rules (Case No. 04-2981, D. Minn.). The District Court denied the carriers’ request for a preliminary injunction, rejecting the carriers’ argument that the provisions constitute impermissible rate regulation.
The carriers appealed the District Court’s ruling to the United States Court of Appeals for the Eighth Circuit (Dkt. No. 04-3198). On Dec. 9, 2005, the Court of Appeals ruled in favor of the carriers and permanently enjoined enforcement of the statute. The Court reasoned that the provision requiring consumer consent to substantive contract changes prevented providers from raising rates for at least some period of time, either during the notification period for a consumer that accepts the change or during the remainder of the contract for one who rejects it. Thus, the Court ruled that the statute constituted impermissible rate regulation.
Wireless Carriers Adopt Voluntary Content Guidelines
On Nov. 8, 2005, CTIA announced a voluntary pledge by the major wireless carriers to adhere to new “Wireless Content Guidelines.” Participating carriers have agreed to separate content such as video clips, ring tones and other audio into two categories. “Generally Accessible Content” will be available to all consumers. “Restricted Carrier Content” will be available only to those over 18 or minors with parental permission. Carriers will base classification decisions upon existing guidelines used to rate content in the television, film, music and video game industries.
A second stage of this effort will involve development of an Internet filter that will allow users to block the download of certain content to their wireless devices.
The FCC has applauded this voluntary initiative, which some see as an effort to avoid the development of formal regulations intended to prevent minors from obtaining access to inappropriate wireless content.
The Guidelines are available at www.ctia.org.
Truth-in Billing Update
The FCC has announced that expanded “Truth-in Billing” requirements for wireline and wireless telecom carriers, adopted in March 2005, have become effective. Under the new rules, wireless as well as wireline providers must provide billing descriptions that are brief, clear, non-misleading and in plain language. In addition, carriers in their bills may not represent discretionary line item charges in any manner that suggests such line items are taxes or government mandated charges. The burden rests upon the carrier to demonstrate that any line item that purports to recover a specific governmental or regulatory program fee conforms to the amount authorized by the government to be collected. The FCC also clarified that state regulations requiring or prohibiting the use of line items for wireless bills constitute rate regulation and are preempted.
Several other proposed truth-in-billing requirements remain under consideration in the Second FNPRM issued in this proceeding, and could be adopted by the FCC in the first half of 2006. In this phase, the FCC is seeking comment in part on whether it should reverse its prior holding permitting states to enact and enforce carrier-specific TIB rules and whether it should preempt inconsistent state regulation.
On Jan. 23, 2006, a group of PUC commissioners from 10 states and the District of Columbia filed an ex parte supporting the adoption of national TIB rules. The commissioners cautioned that the rules must be “flexible enough to ensure clear billing disclosures without mandating the exact format and wording each carrier’s billing statements must contain.” The Commissioners also emphasized that states must continue to enforce generally applicable state consumer protection and anti-fraud laws. The signatory commissioners were from Arkansas, California, Colorado, District of Columbia, Iowa, Kentucky, Missouri, New Jersey, North Dakota, Rhode Island, and South Dakota.
California Consumer Protection Rules
In May 2004, the California Public Utilities Commission (CPUC) adopted General Order 168 (GO 168) setting forth a broad new set of consumer protection rules for both wireline and wireless carriers (D.04-05-057). The new rules would have governed many aspects of the carrier-customer relationship, including service initiation procedures and disclosures, contract modifications, format and content of bills and resolution of billing disputes.
In January 2005, CPUC Commissioner Susan Kennedy successfully pushed for a stay of the rules in order to assess their impact on carriers.
On Dec. 22, 2005, Commissioner Kennedy and CPUC President Michael Peevey released a proposed decision that would result in the adoption of much more light-handed provisions. These would include a statement of rights and freedom of choice principles applicable to all type of carriers, an aggressive consumer education campaign and the establishment of a new Telecommunications Consumer Fraud Unit at the CPUC. The decision would eliminate the more prescriptive elements of the original rules, including a repeal of the rules requiring prior customer authorization for inclusion of non-communications charges on telephone bills.
On Jan. 25, 2006, Commissioner Grueneich issued an alternate proposed decision which would reinstate many of the more prescriptive elements of the original rules. Among other things, the alternate would require disclosure of “key terms and conditions” at service initiation, provision of contracts and collateral in the same language in which the offer is made and would impose a mandatory 30-day rescission period. The decision also would retain the rules on billing for non-communications products and services.
The departure of Commissioner Kennedy to the Governor’s office, and her replacement with former FCC Commissioner Rachelle Chong, makes it difficult to predict the outcome in this case. The earliest opportunity for the CPUC to act on these decisions is its meeting on March 2, 2006.
IOM Issues Report on Food and Marketing to Children and Youth: Threat or Opportunity?
The Institute of Medicine (IOM) of the National Academies component of the National Academy of Science, which was created by the federal government to advise on scientific and technological matters, has published Food and Marketing to Children and Youth: Threat or Opportunity? to culminate a study sponsored by the Centers for Disease Control and Prevention (CDC) at Congress’ request. The report, which claims to be the “most comprehensive review to date of the scientific evidence on the influence of food marketing on diets and diet-related health of children and youth,” finds that “current food and beverage marketing practices put children’s long-term health at risk” and it provides recommendations for food and beverage companies, the media, government, parents, and schools to develop “marketing and advertising strategies that promote healthier foods, beverages, and meal options.” IOM’s conclusions and recommendations likely will influence ongoing debate about children’s advertising and “obesity epidemic,” and may well factor into legal and regulatory mandates.
One particularly notable aspect of the report is IOM’s recommendation to the effect that, if voluntary efforts related to advertising during children’s TV programming are unsuccessful in shifting emphasis away from high-calorie and low-nutrient foods and toward healthful foods and beverages, Congress should enact legislation that requires the shift for both broadcasters and cable. The report’s departure point is what it describes as a dramatic rise in the number of U.S. children and youth who are obese or have type 2 diabetes, due in part, it claims to the fact that children depart substantially from recommended dietary patterns. This includes consuming excessive calories and exceeding recommended intakes of fat, saturated fats, added sugars, and sodium. IOM cites commercial and media environments as a key factor (among others, such as genetics and biology, culture and values, economic status, and physical/social environment).
To address these concerns, IOM offers a variety of recommendations with respect to food and beverage production and promotion, marketing standards, media/entertainment practices, parental efforts, schools, public policy initiatives and future research and monitoring, including:
- Food and beverage companies should work with government, scientific, public health, and consumer groups to develop and implement labels and advertising for an empirically validated industry-wide rating system and graphic representation that is appealing to children and youth to convey the nutritional quality of foods and beverages marketed to them and their families.
- The food, beverage, restaurant, and marketing industries should work with government, scientific, public health, and consumer groups to establish and enforce standards for marketing to children by working through the Children’s Advertising Review Unit (CARU) to revise, expand, apply, enforce, and evaluate industry self-regulatory guidelines; by assuring licensed characters are used only for promotion of foods and beverages that support healthful diets; and fostering cooperation between CARU and the FTC in evaluating and enforcing the effectiveness of expanded self-regulatory guidelines.
- If voluntary efforts related to advertising during children’s TV programming are unsuccessful in shifting emphasis away from high-calorie and low-nutrient foods and beverages to advertising of healthful foods and beverages, Congress should enact legislation mandating the shift on both broadcast and cable TV.
- Federal research, in particular that conducted by HHS (including NIH, the CDC and the FDA), as well as by the Department of Agriculture, the National Science Foundation, and the FTC, should expanded to explore how marketing influences children’s attitudes and behaviors, with particular attention paid to newer promotion techniques and venues, healthier foods and beverages and portion sizes, product availability, and the impact of TV advertising.
The Secretary of HHS, in consultation with other cabinet officers and agency heads, including the Departments of Agriculture and Education as well as the FTC and FCC, should designate a responsible agency to formally monitor and report regularly on the progress of IOM’s recommendations, and within two years, the Secretary of HHS should report to Congress on the progress and on additional actions necessary to accelerate progress.
Utah and Michigan Roll Out “Child Protection Registry” Laws
New laws have taken effect in Utah and Michigan that prohibit sending messages, if they advertise or link to goods or services that are illegal for a minor to buy or possess, to email and instant message addressees, fax and wireless phone numbers, and other “contact points” that appear on a “child protection registry” maintained by the state. Both Utah and Michigan have created registries for such “contact points” belonging to or controlled by minors, and for entire email domains operated by schools and other organizations that serve minors, with which parents or guardians or contact point operators may register. Both the Utah and Michigan laws impose strict liability and authorize civil penalties of $1,000 per message in Utah, and $5,000 per message (with a daily limit of $250,000) in Michigan, as well as criminal penalties including fines and imprisonment. To avoid liability, advertisers must scrub their marketing lists of contact points monthly against the states’ registries, at a cost of $0.005 per contact point in Utah and $0.007 per contact point in Michigan. Even if a contact point has “opted in” to messages from the advertiser, advertisers still must comply with the registry, as consent is not a defense.
Utah’s law prohibits “send[ing], caus[ing] to be sent, or conspir[ing] with a third party to send a communication to a contact point or domain that has been registered for more than 30 calendar days … if the communication: (a) advertises a product or service that a minor is prohibited by law from purchasing; or (b) contains or advertises material that is harmful to minors.” The State of Utah Department of Commerce, which is charged with implementing the law, has issued a “policy statement” suggesting that the term “product or service…a minor is prohibited by law from purchasing” means “alcoholic beverage or products, any form of tobacco, pornographic materials, and any product or service that is illegal in Utah (whether purchased by a minor or an adult), such as illegal drugs, prostitution, and gambling.” The policy statement explains that, to the extent minors may obtain a product or service if certain prerequisites are met (e.g., prescription drugs pursuant to a valid doctor’s prescription, tattoos with parental consent, etc.), advertising for the product or service does not fall within the statute. The policy statement also notes, though, that it is “not legal advice or a legal opinion.”
Michigan’s law prohibits “send[ing], caus[ing] to be sent, or conspir[ing] with a third party to send a message to a contact point that has been registered for more than 30 calendar days…if the primary purpose of the message is to, directly or indirectly, advertise or otherwise link to a message that advertises a product or service that a minor is prohibited by law from purchasing, viewing, possessing, participating in, or otherwise receiving.” As with Utah, the Michigan law does not define the products or services prohibited to minors that the law covers. However, in Michigan, the Department of Labor and Economic Growth, which is charged with implementing the statute, has defined “prohibited messages” under the law as including—but not being limited to—ads for “sexually explicit materials, tobacco products, illegal drugs, gambling opportunities, and alcoholic beverages,” and the website for the state’s registry embellishes “sexually explicit materials” by specifying “pornographic or obscene material,” and adds “lotteries” to the list of prohibited goods and services.
The Utah law has been challenged in federal court, though no motion for a preliminary injunction that would suspect operation of the state’s registry has been sought. According to both states’ websites for their child protection registries, the registries are operational (there was a delay in Michigan) and compliance with the law is required.
ENFORCEMENT CORNER
Enforcement Actions Against Universal Service Scofflaws Continue
The FCC continues to step up its enforcement efforts against service providers who do not make timely and appropriate contributions into the federal Universal Service Fund (USF), or to comply with FCC provider registration and filing requirements that establish whether and to what extent the provider is required to make USF contributions. Since July 2005, the FCC has imposed or proposed penalties of over $5 million against telecommunications providers for alleged noncompliance with these rules. For example, on Oct. 31, the FCC issued Notices of Apparent Liability to two providers, proposing forfeiture penalties of $462,638 and $236,774, respectively. In these Notices, which are typical of recent FCC actions, the Commission proposes penalties for (1) $100,000 for failing to register with the FCC, as required by section 64.1195(a) of the FCC’s rules; (2) $50,000 for each failure to timely file periodic Telecommunications Reporting Worksheets as required by section 54.711(a) of the rules; and (3) varying penalties for failing to make contributions to the federal USF under section 224(d) of the Communications Act and section 54.706 of the rules.
VoIP E911 Compliance and Customer Disconnection
The FCC’s deadline for PSTN-interconnected VoIP providers to demonstrate full compliance with the Commission’s new rules mandating that they provide enhanced E911 to all new and existing subscribers came and went on Nov. 28, 2005. Three weeks earlier, on Nov. 7, the FCC’s Enforcement Bureau announced that it would “not require providers that have not achieved full 911 compliance by Nov. 28, 2005 to discontinue the provision of...service to any existing customers, we do expect that such providers will discontinue marketing VoIP service, and accepting new customers..., in all areas where they are not transmitting 911 calls...in full compliance with the Commission’s rules.” Although several VoIP providers and other parties asked the FCC to extend or waive its deadline with respect to marketing to new customers, and the Senate Commerce Committee approved proposed legislation that would instruct the FCC to grant waivers in appropriate cases, the FCC has indicated that it was holding firm to its implementation deadline. Meanwhile, on Dec. 14, leading VoIP provider Vonage reported that it was fully compliant with the new E911 rules.
For
further information, please contact:
This Consumer Protection Law Letter is a publication of the Telecommunications Department of Davis Wright Tremaine LLP. Our purpose in publishing this Law Letter is to inform our clients and friends of recent developments in the telecommunications industry. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may be given only in response to inquiries regarding particular situations.
Copyright © 2006, Davis Wright Tremaine LLP.
return
to Telecom Bulletins main page
|
