TLJ News from September 21-25, 2011

FCC Belatedly Publishes Notice of BIAS Rules in Federal Register

9/23. The Federal Communications Commission (FCC) belatedly published a notice in the Federal Register (FR) that announces, describes, recites, and sets the effective date for, its 2010 rules for broadband internet access service (BIAS) providers.

The FCC's rules are contained in the Report and Order (R&O) [194 pages in PDF] adopted on December 21, 2010, and released on December 23, 2010. This R&O is FCC 10-201 in GN Docket No. 09-191 and WC Docket No. 07-52. See also, stories in TLJ Daily E-Mail Alert No. 2,186, December 22, 2010, and TLJ Daily E-Mail Alert No. 2,188, December 24, 2010.

Publication in the FR is a prerequisite for filing a petition for review or appeal of a final order of the FCC. By delaying publication in the FR, the FCC delayed judicial review of its rules.

47 U.S.C. § 402 provides for judicial review of final orders of the FCC. 28 U.S.C §§ 2341-2351 provide for judicial review of agency orders generally.

Verizon and MetroPCS filed appeals in early January 2011 arguing that the FCC's BIAS rules exceed the statutory authority of the FCC, are arbitrary and capricious, and violated the Constitution. The FCC moved to dismiss both as premature on January 28.

On April 4, the U.S. Court of Appeals (DCCir) issued a per curiam order [PDF] that dismissed both appeals, without prejudice, as premature. It wrote that "The order will therefore be subject to judicial review upon publication in the Federal Register. ... Regardless of whether the order is reviewable by way of a petition for review, 47 U.S.C. § 402(a), or a notice of appeal, 47 U.S.C. § 402(b), the prematurity is incurable." See, story titled "Court of Appeals Dismisses Verizon's and MetroPCS's Premature Challenges to the FCC's BIAS Rules" in TLJ Daily E-Mail Alert No. 2,217, April 5, 2011.

The FCC's order adopting the BIAS rules is vulnerable to challenge on the grounds that the FCC lacks statutory authority to adopt these rules. The FCC's argument that it possesses authority is weak, due to the absence of language in the Communications Act giving the FCC authority to regulate BIAS providers, and the April 6, 2010, opinion [36 pages in PDF] of the U.S. Court of Appeals (DCCir) in Comcast v. FCC. See, story titled "Court of Appeals Vacates FCC's Comcast Order", and related stories, in TLJ Daily E-Mail Alert No. 2,072, April 7, 2010.

The FR notice states that the effective date of the BIAS rules is November 20, 2011. See, FR, Vol. 76, No. 185, Friday, September 23, 2011, at Pages 59192-59235.

Challenges to the FCC's BIAS rules will likely come from both the regulated entities, such as Verizon and MetroPCS, and from interest groups that seek a more burdensome regulatory regime, and which seek to have a Circuit other than the DC Circuit hear the challenges.

Verizon and other BIAS providers can be expected to file in the DC Circuit, which decided the Comcast case, as well as other notable cases in which overreaching FCC rules were overturned. Groups that seek broader regulation, and which do not want the DC Circuit to review the BIAS providers' petitions, can be expected to file in multiple other circuits, hoping that in the judicial lottery conducted by the Judicial Panel on Multidistrict Litigation some other circuit will be assigned all challenges.

Sen. Kay Hutchison (R-TX), the ranking Republican on the Senate Commerce Committee (SCC), stated in a release that "I'm very disappointed that the FCC has decided to move forward with its misguided net neutrality order. Companies and industries that use broadband communications have flourished over the last decade without government intervention, yet the FCC has chosen to 'fix' a problem that does not exist. Rather than imposing new, unnecessary regulations on one of the few thriving sectors of our economy, government should get out of the way, and allow new jobs and investment in broadband technologies. In order to turn back the FCC’s onerous net neutrality restrictions, I will push for a Senate vote this fall on my resolution of disapproval."

Gigi Sohn, head of the Public Knowledge (PK), stated in a release that "We are prepared to vigorously defend the FCC's rules in court and in Congress." She also argued that the "Congress should allow the litigation to move forward to resolve intricate legal issues without political interference."

More News

9/23. The U.S. Patent and Trademark Office (USPTO) announced in a release its plans "to begin accepting requests for prioritized examination of patent applications through the Track One prioritized patent examination program now scheduled to go into effect on Monday September 26, 2011."

9/23. The Government Accountability Office (GAO) released a report [101 pages in PDF] titled "Electronic Government: Performance Measures for Projects Aimed at Promoting Innovation and Transparency Can Be Improved".


Sen. Franken and Sen. Coons Write OnStar Regarding Vehicle Surveillance

9/22. Sen. Al Franken (D-MN) and Sen. Chris Coons (D-DE) sent a letter to OnStar Corporation regarding changes to its privacy policy that provide for broad data collection, and sharing of data with third parties, for both current and former customers.

Both Senators are members of  the Senate Judiciary Committee (SJC), which is considering numerous surveillance, privacy and data security related bills.

OnStar is a subsidiary of General Motors. It utilizes Global Positioning System (GPS) location surveillance technology, and CDMA based wireless communications technologies, to provide navigation, voice communications, collision detection, stolen vehicle recovery, vehicle diagnostic, and other services.

OnStar published changes to its privacy policy that take effect in December of 2011. The new policy provides that "we ... may share the information we collect with law enforcement or other public safety officials, credit card processors and/or third parties we contract with who conduct joint marketing initiatives with OnStar."

It also states that OnStar shares information with "law enforcement or other public safety officials ... our wireless Service Providers ... your satellite radio provider ... credit card processors ... data management companies; and ... others as may be required to provide Service, to manage or operate the Data Connection, to protect the safety of you or others, or as required by law."

It adds that OnStar also shares information with "your Vehicle Maker ... our affiliates ... Vehicle dealers ... your satellite radio provider and our wireless Service Providers ... third parties with whom we contract with to conduct joint marketing initiatives with OnStar".

It also states, with respect to voice communications, that the information collected includes "Customer Proprietary Network Information (CPNI) such as call detail records". However, it adds that "We do not share CPNI information specific to you with third parties for their marketing purposes".

Use of CPNI is regulated by 47 U.S.C. § 222.

The changes also provide that "Unless the Data Connection to your Vehicle is deactivated, data about your Vehicle will continue to be collected even if you do not have a Plan."

The changes also state that OnStar may collect any information, and share it with anybody, provided that it is "anonymized". Neither the changes, nor the January 2011 privacy policy explain how OnStar anonymizes data. The January 2011 document states merely that "Anonymized information is data that can no longer be identified as belonging to you or your car." The September 2011 changes merely state that "Anonymized information is data that can no longer be identified as belonging to you or your Vehicle."

Sen. Franken and Sen Coons wrote "to express our serious concern with OnStar's announcement earlier this week that it would continue to track the GPS locations of its customers' vehicles even if those customers have affirmatively ended their contractual plans with OnStar".

"In a nutshell, OnStar is telling its current and former customers that it can track their location anywhere, anytime -- even if they cancel their subscriptions -- and then give or sell that information to anyone as long as OnStar deems it safe to do so."

They concluded that "OnStar’s actions appear to violate basic principles of privacy and fairness for OnStar's approximately six million customers -- especially for those customers who have already ended their relationships with your company. OnStar's assurances that it will protect its customers by “anonymizing” precise GPS records of their location are undermined by a broad body of research showing that it is extraordinarily difficult to successfully anonymize highly personal data like location."

The two Senators also propounded numerous interrogatories. For example, they ask about compliance with federal law, OnStar's history of data breaches, how OnStar anonymizes data, and disclosure of sales of location data.

They also ask, "Will OnStar agree to stop the tracking, sharing, and sale of location data for customers that have ended their subscriptions to OnStar services?"

The SJC's Subcommittee on Privacy, Technology and the Law held a hearing on May 10, 2011, titled "Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy". See, SJC web page with hyperlinks to prepared testimony and video.

Reps. Terry and Towns Introduce Bill to Information Calls to Mobile Numbers

9/22. Rep. Lee Terry (R-NE) and Rep. Edolphus Towns (D-NY) introduced HR 3035 [LOC | WW], the "Mobile Informational Call Act of 2011", a bill to amend the Telephone Consumer Protection Act (TCPA) to permit certain informational calls to mobile telephone numbers.

The TCPA, which is codified at 47 U.S.C. § 227, currently provides that "It shall be unlawful for any person ... to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call ..."

This bill would allow calls, including automated calls, to mobile phones, if "the call is made for a commercial purpose that does not constitute a telephone solicitation".

The bill is supported by, among others, trade groups that represent the financial services sector.

The American Bankers Association, Financial Services Roundtable, Mortgage Bankers Association, US Chamber of Commerce and other groups sent a letter to Rep. Fred Upton (R-MI) and Rep. Henry Waxman (D-CA) urging the HCC to "approve this legislation as soon as possible".

They wrote that "Businesses increasingly rely on advanced communications technologies to convey timely and important information to consumers. These calls notify consumers about threats such as data breaches and fraud alerts, provide timely notice of flight and service appointment cancellations and drug recalls, and protect consumers against the adverse consequences of failure to make timely payments on an account."

They added, "Unfortunately, the TCPA restricts informational calls that utilize assistive technologies to mobile devices even though the law permits such calls to be made to wireline phones. As a result, the approximately 40% of American consumers who identify their mobile device as their primary or exclusive means of communication do not receive many of these calls."

It was referred to the House Commerce Committee (HCC).

OUSTR Announces Second Notorious Markets Review

9/22. The Office of the U.S. Trade Representative (OUSTR) published a notice in the Federal Register (FR) that announces that it will continue to write notorious markets reports that are separate from its Special 301 reports. This FR notice also requests comments to assist it in preparing its second notorious markets report.

The Special 301 process, which was created by the Trade Act of 1974, requires the executive branch to identify countries that fail to protect the intellectual property rights (IPR) and market access of US companies, and take certain actions against those countries. These Special 301 provisions are codified at 19 U.S.C. § 2411, et seq.

Under the Special 301 provisions, the OUSTR identifies other countries that deny adequate and effective protection of IP or deny fair and equitable market access to U.S. artists and industries that rely upon IP protection. It does this primarily in annual reports. However, it also conducts out of cycle reviews (OCRs).

The statute then provides that if the OUSTR determines that "the rights of the United States under any trade agreement are being denied", then the OUSTR "shall take action". For example, it may "impose duties or other import restrictions", or "suspend, withdraw, or prevent the application of, benefits of trade agreement concessions to carry out a trade agreement with the foreign country".

Until 2010, the OUSTR addressed notorious markets, both online and physical, in its Special 301 reports. Then, it determined to write an additional report devoted solely to notorious markets outside of the US. See, story titled "OUSTR Announces Separate Notorious Markets Process" in TLJ Daily E-Mail Alert No. 2,138, October 4, 2010.

The OUSTR treats these notorious markets reviews as OCRs.

The just published FR notice states that "Through the Notorious Markets List, the United States encourages the responsible authorities to step up efforts to combat piracy and counterfeiting in these and similar markets." See, FR, Vol. 76, No. 184, Thursday, September 22, 2011, at Pages 58854-58855.

The OUSTR seeks comments on both physical and virtual markets, located outside of the US, "that have been the subject of enforcement action or that may merit further investigation for possible intellectual property rights infringements, or both".

The deadline to submit comments is October 26, 2011.

Sprint's Hesse Addresses Telecom Mergers

9/22. The Wall Street Journal (WSJ) published an article by Shira Ovide on September 21, 2011, titled "Sprint CEO: Telecom Mergers Are Bad! (Except for Ours)". (Parentheses in original.)

Sprint CEO Dan Hesse, who spoke at a Goldman Sachs conference in New York City, is quoted in this article. The WSJ reports that Hesse stated that "I don’t believe that what the DOJ said in any way, not even a little bit, should be viewed as we want to keep four [major telecom carriers]". Also, "My view is [the DOJ] would look at other consolidation very differently."

Jim Cicconi, AT&T's Senior EVP for External and Legislative Affairs, responded in a September 22 release that "The CEO of Sprint said the Department of Justice should block AT&T from merging with T-Mobile, but would have good reasons to instead allow Sprint to purchase them. For months Sprint has spoken disingenuously about their motives for opposing AT&T's merger with T-Mobile. Now, Mr. Hesse's public musings have made their motives much more clear. That they would act in their own economic interest is not surprising. That they would expect the United States Government to be a willing partner certainly is."

People and Appointments

9/22. The Board of Directors of Hewlett Packard (HP) named Meg Whitman President and Chief Executive Officer. She replaces Léo Apotheker. See, release.

9/22. Henry Tirri was named EVP and CTO of Nokia. He replaces Richard Green as CTO. See, Nokia release.

9/22. The Senate Judiciary Committee (SJC) held an executive business meeting at which it held over the nominations of Judge Evan Wallach (to be a Judge of the U.S. Court of Appeals Federal Circuit), Dana Christensen (USDC/DMont), Cathy Bencivengo (USDC/SDCal), Gina Marie Groh (USDC/NDWV), and Margo Brodie (USDC/EDNY).

9/22. President Obama nominated Judge Jacqueline Nguyen to be a Judge of the U.S. Court of Appeals for the 9th Circuit. See, White House news office release and release. The President appointed her Judge of the U.S. District Court for the Central District of California in 2009. Before that, she was a state trial court judge in California, appointed by former Governor Gray Davis. Before that, she was a federal prosecutor.

9/22. President Obama nominated Brian Wimes to be a Judge of the U.S. District Court for the Eastern and Western Districts of Missouri. See, White House news office release and release. He is currently a state judge in Missouri. He is a former prosecutor.


NIST, NTIA and DHS Propose Botnet Mitigation Regime for Internet Access Service Providers

9/21. The Department of Commerce's (DOC) National Institute of Standards and Technology (NIST) and National Telecommunications and Information Administration (NTIA), and the Department of Homeland Security (DHS), published a notice in the Federal Register (FR) that requests comments regarding creating a "voluntary" code for internet access service providers to follow regarding the detection, notification and mitigation of botnets.

This notice is directed primarily at companies that "provide direct service to end-users on residential broadband networks". Although, it asks whether the scope should be expanded.

Botnet is a slang term of recent origin derived from the words robot network. It is used to describe a collection of software robots that reside on a collection of compromised computers, almost always without the authority or knowledge of the owners or operators, that are controlled remotely for various nefarious purposes. The compromised computers are often referred to as zombies.

The purposes for forming botnets include sending spam, running denial of service attacks, committing click fraud, and infecting computers with spyware. Botnet based spam can be used for less harmful purposes, such as marketing, or for more harmful purposes, such as pump and dump securities fraud, theft of personal and financial information to commit further crimes, and various consumer fraud schemes. Also, Botnet operators sometimes lease spamming capacity to others.

The just released notice states that this code would be for internet access service providers, which have "contact information for the end-user and a pre-existing relationship", to detect "likely end-user security" problems, and then "inform the Internet user of the steps the user can take to address the problem".

The notice states that "one suggestion has been to provide companies that take action with certain types of liability protection".

However, neither the DOC nor the DHS have the authority to create such limitations on liability.

The notice also addresses possible ways to provide assistance to customers, at no charge, including through a government entity.

The notice propounds 30 questions, many of which have multiple parts. It asks, for example, "What existing practices are most effective in helping to identify and mitigate botnet infections?" It also asks about identification systems that generate false positives.

It also asks, "Upon discovering that a consumer's computer or device is likely infected by a botnet, should an ISP or other private entity be encouraged to contact the consumer to offer online support services for the prevention and mitigation of botnets? If so, how could support services be made available?" It also asks about the likelihood of fraudulent notifications.

It also asks about expanding the detection and notification regime to include "operating system vendors, search engines, security software vendors".

Cutting Off Service to Customers. On December 13, 2010 the Federal Communications Commission's (FCC) Communications Security, Reliability, and Interoperability Council (CSRIC) adopted a report [31 pages in PDF] titled "Internet Service Provider (ISP) Network Protection Practices". It proposed 24 "best practices" that service providers "should voluntarily undertake to address the botnet problem on residential broadband networks".

The FCC's CSRIC proposed that one practice should be for service providers to "temporarily quarantine a subscriber account or device if a compromised device is detected on the subscribers' network and the network device is actively transmitting malicious traffic". Such cutting off of service could be either "immediate", or after "attempts to notify the customer of the problem".

The just released DOC/DHS FR notice asks, "Once a botnet infection has been identified and the end-user does not respond to notification or follow up on mitigating measures, what other steps should the private sector consider? What type of consent should the provider obtain from the end-user? Who should be responsible for considering and determining further steps?"

It also asks, "Are private entities declining to act to prevent or mitigate botnets because of concerns that, for example, they may be liable to customers who are not notified? If so, how can those concerns be addressed?"

The deadline to submit comments is 5:00 PM on November 4, 2011. See, Federal Register, Vol. 76, No. 183, Wednesday, September 21, 2011, at Pages 58466-58469.

House Judiciary Committee Approves Bill to Make E-Verify Mandatory

9/21. The House Judiciary Committee (HJC) approved HR 2885 [LOC | WW | PDF], the "Legal Workforce Act", a bill to make the federal government's E-Verify program mandatory, with minor amendments.

The HJC approved a short amendment offered by Rep. Lamar Smith (R-TX), the Chairman of the HJC, and sponsor of the bill. It tweaks the timing of the employer's attestation regarding new employees. The vote was 15-8.

The E-Verify regime includes a requirement that before "hiring, recruiting, or referring an individual for employment" the employer must attest under penalty of perjury that it has verified that the individual is not an unauthorized alien by complying with the verification procedures. The bill as introduced provides that this attestation must take place "On the date of hire". The amendment changes this to "During the verification period".

The HJC approved an amendment offered by Rep. Howard Berman (D-CA) that strikes the following language from the bill as introduced: "An individual shall not be considered a new hire subject to verification under this paragraph if the indi1vidual is engaged in seasonal agricultural employment and is returning to work for an employer that previously employed the individual."

The E-Verify program is an information technology (IT) based national identification system, one use of which is to transfer responsibility for enforcing immigration law to employers. It would require all employers to participate in a Department of Homeland Security (DHS) run program that is based upon accessing electronic databases that include names and social security numbers (SSNs).

The vote on final passage was 22-13.

This bill is premised upon the assumptions that the government is capable of creating an IT based system that can enable employers to ascertain whether job applicants are eligible to be employed in the U.S., and that by criminalizing hiring ineligible workers, employers will not hire illegal aliens, and they will therefore have little incentive to illegally enter into or stay in the US.

There is already a federal E-Verify program; however, employer participation is voluntary.

More News

9/21. The Department of Justice's (DOJ) Antitrust Division published a notice in the Federal Register (FR) that announces that the Open Axis Group, Inc., which sets XML standards for the electronic messaging structure for airline system connectivity, filed a notification of a change in its membership, pursuant to the National Cooperative Research and Production Act of 1993, which pertains to limiting antitrust liability of standard setting consortia. See, Federal Register, Vol. 76, No. 183, Wednesday, September 21, 2011, at Page 58540.

9/21. Federal Communications Commission (FCC) Chairman Julius Genachowski gave a speech at a high school in Washington DC. He said that there is a "digital divide" in broadband internet adoption, and that this is limiting access to education, health care, and employment.


Go to News from September 16-20, 2011.