FCC

FCC Chairman Ajit Pai announced today that at its December 14 open meeting, the FCC will vote on an overhaul of the net neutrality framework adopted by the prior Administration in 2015.  The full text of the draft order will be released tomorrow, but Chairman Pai has made certain key details known today.  The order envisions an expanded role in oversight of Internet Service Providers (“ISPs”) by the Federal Trade Commission—a move which Acting FTC Chairman Maureen Ohlhausen welcomed.

First, as anticipated, Internet Service Providers (“ISPs”) will again be classified as providers of “information services” under Title I of the Communications Act, rather than “telecommunications services” under Title II.  In many ways, in recent years the net neutrality debate in the U.S. has been as much—or some would say, more—about this statutory classification question than it has been about specific net neutrality rules.  
Continue Reading FCC Poised to Release Draft Order on Net Neutrality Overhaul

Last week, the FCC issued a forfeiture order against Dialing Services, LLC (“Dialing Services”) $2,880,000, finding that Dialing Services made automated calls to wireless phones without prior express consent, in violation of the Telephone Consumer Protection Act (“TCPA”).  Dialing Services is a platform that offers automated calling services to its customers, and this Order is the culmination of the FCC’s investigation of the company dating back to 2012.

In 2012, FCC staff determined that Dialing Services had made more than 4.7 million calls to wireless phones in violation of the TCPA during a three-month period.  The Enforcement Bureau (“Bureau”) issued a citation in March 2013, directing the company to certify that it had stopped making calls in violation of the TCPA.  During a follow-up investigation, the staff determined that Dialing Services had continued placing calls after the citation, including 184 additional unauthorized calls to wireless phones in May 2013.  As a result, the FCC issued a Notice of Apparent Liability (“NAL”) in May 2014, proposing a $2.94 million fine.  (The ultimate forfeiture order reduced this amount to $2.88 million based on evidence that some of the calls were made with consent.)

In response to the NAL, Dialing Services asserted (among other things) that unlike its customers, it was merely a platform and therefore did not “make” or “initiate” the calls at issue under the TCPA.  The FCC applied its test for determining whether a party “initiated” or “made” a call for TCPA purposes from the 2013 Dish Network declaratory ruling:  whether the party “takes the steps necessary to physically place a telephone call” or, alternatively, is “so involved in the placing of a specific telephone call as to be directly liable for making it.” 
Continue Reading FCC Fines Calling Platform $2.88 Million for TCPA Violations

The FCC has released the Notice of Proposed Rulemaking (“NPRM”) on “Restoring Internet Freedom” that was adopted by a 2-1 vote at the Commission’s open meeting on May 18.  The NPRM is substantively very similar to the draft released by Chairman Pai on April 27, and the comment deadlines remain the same: July 17 for initial comments and August 16 for reply comments.

Of possible relevance from a privacy perspective, the NPRM now asks about the jurisdictional effects of finding broadband to be an interstate information service.  As he explained in his statement approving adoption of the NPRM, Commissioner O’Rielly had asked that this question be added to the NPRM, and he expressed the view that this finding should foreclose states and localities from regulating the privacy practices of ISPs (among other matters).  Whether the FCC would attempt to make such a broad preemption finding remains to be seen.   
Continue Reading FCC Releases NPRM on Broadband ISPs and Net Neutrality Rules

Representative Marsha Blackburn (R-TN) has introduced a bill, the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017” (“BROWSER Act,” H.R. 2520) that would  create new online privacy requirements.  The BROWSER Act would require both ISPs and edge providers (essentially any service provided over the Internet) to provide users with notice of their privacy policies, obtain opt-in consent for sensitive data, and opt-out consent for non-sensitive data.  In its current form, the BROWSER Act would define sensitive data more broadly than in existing FTC guidelines—mirroring the since-repealed privacy rules that the FCC adopted last year for ISPs, but applying those standards to ISPs and edge providers alike.

The BROWSER Act defines “sensitive user information” to include financial information, health information, children’s data, social security numbers, precise geo-location information, contents of communications, and, most notably, web browsing or app usage histories.  ISPs and edge providers must obtain “opt-in approval” from users prior to using, disclosing, or permitting access to such sensitive information.  For “non-sensitive user information,” the BROWSER Act requires opt-out consent.  And companies may not condition the provision of services, or otherwise refuse services, based on the waiver of privacy rights under the BROWSER Act.
Continue Reading New Republican Privacy Bill Would Expand Scope of “Sensitive” Data

The Ninth Circuit announced today that the full court will rehear the case in which the three-judge panel opinion had dismissed the FTC’s lawsuit against AT&T for allegedly violating Section 5 of the FTC Act due to past “throttling” practices around unlimited data plans.  According to the panel opinion, the FTC lacked jurisdiction over AT&T’s

In a widely anticipated step, FCC Chairman Ajit Pai has released a draft Notice of Proposed Rulemaking (“NPRM”) on the legal framework that governs broadband providers and related net neutrality questions.

Most notably from a privacy perspective, the draft NPRM proposes to find that broadband Internet access service is an “information service” under the Communications Act, reversing the 2015 “telecommunications service” classification that had brought broadband providers under the statutory privacy requirements of Title II of that Act.

The draft NPRM states that the 2015 reclassification “stripped FTC authority over Internet service providers,” in light of the common carrier exemption in Section 5 of the FTC Act.  By reversing the FCC’s prior finding that broadband is a common carrier service, the draft NPRM proposes to “return jurisdiction over Internet service providers’ privacy practices to the FTC, with its decades of experience and expertise in this area.”
Continue Reading FCC Chairman Pai Proposes New Regulatory Framework for Broadband ISPs, Seeks Comment on Net Neutrality Rules

On April 24th, the Electronic Privacy Information Center (“EPIC”) and a coalition of 37 other civil society groups sent a letter urging the Federal Communications Commission (“FCC”) to act on an August 2015 petition to repeal the FCC’s data retention mandate under 47 C.F.R. §42.6 (“Retention of Telephone Toll Records”).

The mandate requires communications carriers that “offer[] or bill[] toll telephone service” to retain the following customer billing records for a period of 18 months: (1) the “name, address, and telephone number of the caller,” (2) the “telephone number called,” and (3) the “date, time, and length of the call.”  Carriers are required to retain such information regardless of whether they are billing their own toll service customers or billing customers for another carrier.
Continue Reading Advocacy Groups Urge FCC to End Data Retention Mandate

Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) reintroduced a pair of bills today relating to the cybersecurity of cars and aircraft, which would impose affirmative security, disclosure, and consent requirements on manufacturers and air carriers.  The Security and Privacy in Your Car (“SPY Car”) Act and Cybersecurity Standards for Aircraft to Improve Resilience (“Cyber AIR”) Act were each introduced but not enacted in a previous session of Congress.  In a joint press release, the Senators noted that the legislation was designed to “implement and improve cybersecurity standards for cars and aircraft.”

The SPY Car Act

The SPY Car Act would require cars manufactured for sale in the U.S. to comply with “reasonable measures to protect against hacking attacks,” including measures to isolate critical software systems from non-critical systems, evaluate security vulnerabilities, and “immediately detect, report, and stop attempts to intercept driving data or control the vehicle.”  It would also require “driving data” collected by cars to be “reasonably secured to prevent unauthorized access,” including while such data is in transit to other locations or subsequently stored elsewhere.  Violations of these cybersecurity requirements are subject to civil penalties of up to $5,000 per violation.
Continue Reading Senators Reintroduce Cybersecurity Legislation for Cars and Planes

On March 2nd, Democratic members of the House Energy and Commerce Committee introduced three pieces of legislation that would expand the Federal Communications Commission’s (FCC) authority over the cybersecurity practices of communications network providers.

The first bill, the “Securing IoT Act of 2017” (introduced by Rep. Jerry McNerney (D-CA)), would expand the FCC’s