In light of a number of recent actions by the FCC, all broadband Internet access service (“BIAS”) providers should be aware of their obligation to comply with the FCC’s Open Internet Transparency Rule, which has been in effect since November 20, 2011, by posting their Open Internet Disclosures prominently on their websites.  The Transparency Rule requires fixed and mobile BIAS providers to publicly disclose accurate information regarding network management practices, performance, and commercial terms, including privacy policies.  The disclosures are aimed at ensuring that consumers, Internet “edge” (content, application, service and device) providers, and the FCC have the information they need to understand the services they receive and to monitor practices that could undermine the open Internet. 

All providers of BIAS should have such Open Internet disclosures prominently displayed on their websites. 

Background

Transparency has come to the forefront of FCC attention over the last year.  In its 2015 Open Internet Order, the FCC provided clarifications concerning compliance with the Transparency Rule, and adopted certain transparency enhancements, including new categories of information to be disclosed.  The FCC is currently evaluating the compliance burdens associated with the enhanced transparency requirements for purposes of determining whether to retain the temporary exemption from the enhancements for small providers, and in advocating that the new rules should be approved by the federal Office of Management and Budget (“OMB”) so they may take effect for larger providers.  This evaluation has resulted in an increased focus by the FCC on how BIAS providers, particularly smaller providers, are currently complying with their disclosure obligations. 

In addition, on April 4, 2016, the FCC Consumer and Governmental Affairs, Wireline Competition, and Wireless Telecommunications Bureaus approved a set of fixed and mobile consumer broadband “labels” that provide a format for displaying the information required to be disclosed that will operate as a safe harbor for BIAS providers once the enhanced transparency requirements take effect.  The labels provide a safe harbor in form only.  Providers remain responsible for the content of their disclosures and must provide an additional set of disclosures to edge providers if they use these labels to satisfy their consumer disclosure obligations.  Finally, alleged violations of the 2010 Transparency Rule have been the subject of two recent FCC enforcement actions, each of which carried with it hefty forfeitures and compliance plans.

In light of this increased FCC focus on transparency, it is imperative that BIAS providers ensure they have created Open Internet disclosures consistent with the Transparency Rule, that the disclosures are prominently posted on their websites, and that the disclosures are up-to-date, accurate, and consistent with other consumer-facing documents, including company policies, frequently asked question sheets, and marketing materials.  Compliance checks by the FCC are relatively simple, as the existing rule requires publication of disclosures on the BIAS provider’s website.  The FCC’s heightened regulatory scrutiny, combined with the ease of agency compliance checks, makes a review of the rules regarding the FCC’s disclosure obligations necessary for all BIAS providers.  Compliance should be undertaken as a cross-company effort, involving network engineers, sales and marketing, and legal and regulatory compliance staffs.

Existing Disclosure Requirements 

Under the existing Transparency Rule, BIAS providers must disclose to current and potential subscriber information about network management practices, performance characteristics, and commercial terms of their BIAS services.  These disclosures must be sufficiently detailed to allow consumers “to make informed choices regarding use of such services and for content, application, service, and device providers to develop, market, and maintain Internet offerings.”

The FCC has provided advisory guidance to BIAS providers on how they can meet their disclosure obligations under the Transparency Rule.  In particular, this includes the release of Advisory Guidance from the Enforcement Bureau and Office of General Counsel in 2011, an Enforcement Advisory in 2014, and a recently released Open Internet Small Entity Compliance Guide.  While these are not binding on the FCC, they offer authoritative guidance on acceptable disclosure practices.

Providers that do not already have such notices posted prominently on their websites should take steps to create and post such disclosures as quickly as possible.  BIAS providers that have posted such notices should continue their compliance efforts by reviewing their network management practices, acceptable use policies, terms of service, privacy policies, and other customer disclosures to both ensure consistency with the Open Internet rules and to ensure that existing disclosures are up-to-date and remain accurate.  The FCC has clarified that the requirement that all disclosures made by a BIAS provider be accurate includes the obligation to maintain the accuracy of the disclosures whenever a material change occurs with respect to the information required to be disclosed.

 Disclosure Locations.  BIAS providers must, at a minimum, prominently display or provide links to their disclosures on a publicly available, easily accessible website that is available to current and prospective end users and edge providers as well as to the FCC.  BIAS providers must also disclose relevant information at the point of sale.

Information to be Disclosed.  The Transparency Rule requires that BIAS providers accurately disclose three categories of information:  Network Practices, Performance Characteristics, and Commercial Terms identified in the FCC’s 2010 Open Internet Order.  As of June 2015, disclosure of all of the information described below is now mandatory, rather than permissive.

1. 1.            Network Practices 

Congestion Management.  BIAS providers should describe congestion management practices, as well as the types of traffic subject to, and purposes served by, such practices.  BIAS providers should also describe the practices’ effects on end users’ experience, criteria used in practices (for example, indicators of congestion that trigger a practice), usage limits and the consequences of exceeding them, and references to engineering standards, where appropriate.

Application-Specific Behavior.  BIAS providers should describe whether and why they block or rate-control specific protocols or protocol ports, modify protocol fields in ways not prescribed by the protocol standard, or otherwise inhibit or favor certain applications or classes of applications.  If no application-specific network management practices are used, the disclosure should state this fact.

Device Attachment Rules.   BIAS providers should include any restrictions on the types of devices and any approval procedures for devices to connect to the network.

Security.  BIAS providers should describe their practices used to ensure end-user security or security of the network, including types of triggering conditions that cause a mechanism to be invoked (but excluding information that could reasonably be used to circumvent network security).  Public disclosure of competitively sensitive information that could compromise network security or undermine reasonable network management practices is not required.

1. 2.            Performance Characteristics

Service Description.  BIAS providers should describe, generally, their service, including the technology, expected and actual speed and latency, and the suitability for real-time applications.

Advisory Guidance:  The 2011 Advisory Guidance from the FCC General Counsel and Enforcement Bureau indicates that the largest BIAS providers (cable, DSL, fiber) who participate in the FCC-sanctioned “SamKnows” broadband performance measurement project may reference the results reported in the Measuring Broadband America reports “as a sufficient representation of the actual performance which customers can expect to experience” with respect to mean upload and download speed and latency during peak periods.  Non-participants may use the methodology developed through the SamKnows project to do their own testing.  They may choose to disclose actual performance based on (i) internal testing; (ii) consumer speed test data; or (iii) “other data regarding network performance, including reliable, relevant data from third-party sources such as the broadband performance measurement project.”  In explaining the use of “consumer speed data,” the Advisory Guidance states that, “various software-based broadband performance tests are available as potential tools for companies to estimate actual broadband performance.” 

Impact of Non-BIAS Data Services.  BIAS providers should list any specialized non-BIAS data services, if any, that are offered to end users, and whether and how they may affect the last mile capacity available for, and the performance of, broadband Internet access service.  The FCC previously referred to these as “specialized” or “managed” services provided over the same broadband network as BIAS, such as facilities-based VoIP and Internet Protocol-based video services, that are not subject to the Open Internet rules.  In the 2015 Open Internet Order, the FCC retained the carve-out, but renamed the category “Non-BIAS Data Services.”  The FCC will watch to ensure that providers do not use the category to evade Open Internet protections by claiming a service that is the equivalent of Internet access is an exempt non-BIAS data service.

1. 3.            Commercial Terms

Pricing.  BIAS providers should disclose pricing information including monthly prices, usage-based fees and fees for early termination or additional network services. 

Privacy Policies.  BIAS providers should include their broadband privacy policies or a link to their privacy policies, and note whether network management practices include inspection of network traffic, and whether traffic information is stored, provided to third parties, or used by the carrier for non-network management purposes.  Consumer privacy policies that are separately disclosed should be linked to the Open Internet disclosures.  The FCC Chairman has emphasized that BIAS providers are expected to comply with their own privacy policies and other representations they have made about their privacy policies.

Although BIAS privacy policies previously were not previously regulated by the FCC, with the reclassification of BIAS as a Title II service, the subscriber privacy requirements of Section 222 now apply.  Section 222 imposes a duty on telecommunications carriers to protect their customers’ proprietary information and to use such information only for authorized purposes.  Section 222 expressly prohibits carriers that obtain proprietary information from other carriers for the provision of telecommunications services to use such information for any other purpose.  Section 222(c) places special limits on the use of customer proprietary network information (“CPNI”). 

On April 1, 2016, the FCC released a Notice of Proposed Rulemaking (“Privacy NPRM”) proposing new privacy regulations for BIAS providers subject to Section 222.  The formal public comment cycle on these proposals will close on June 27, 2016.  The proposed rules would govern how ISPs collect, use and protect their subscribers’ personal information as well as how they communicate with subscribers about their personal information.  The Privacy NPRM proposes to adopt extensive and prescriptive requirements for BIAS Privacy Notices.  BIAS providers should review their existing privacy policies for consistency with the statutory requirements pending adoption of some or all of the proposed regulations in the Privacy NPRM.

Redress Options.  BIAS providers should list their practices for resolving both end-user and edge provider complaints and questions and provide contact information.

Required Updates.  The requirement that all disclosures made by a BIAS provider be accurate includes the obligation to maintain the accuracy of the disclosures whenever a material change occurs with respect to the information required to be disclosed.  The ongoing duty of accuracy means that providers must review and update their disclosures periodically to reflect, for example, any important and sustained changes in network performance due to network upgrades, increases in subscribership, or changes in subscriber usage patterns.

            Many BIAS providers reference the speed and latency results in the Measuring Broadband America (“MBA”) Report in their Open Internet disclosures to comply with the obligation to disclose expected and actual speed and latency.  Many providers’ disclosures will warrant an update following the FCC’s recent release of its Fifth MBA Report.  The Fifth MBA Report summarizes the performance of participating large fixed broadband providers’ speed, latency, and other performance metrics.  The FCC has released updates to the MBA Report annually, and providers who reference the report in their disclosures will want to update their disclosures accordingly.

Enhanced Transparency Requirements

The 2015 Open Internet Order adopted certain enhancements to the 2010 Transparency Rule, requiring BIAS providers additionally to disclose: 

• Full monthly service charges; promotional rates, fees, surcharges; data caps and allowances that are part of a plan the consumer is purchasing
• Packet loss as a measure of network performance
• Actual network performance data that is reasonably related to the performance the consumer would likely experience in the geographic area in which the consumer resides
• Network performance measured in terms of average performance over a reasonable period of time and during times of peak usage; greater granularity to disclosure of mobile broadband by technology
• Network management practices applied to a particular user or user group, including any application agnostic degradation of service to a particular end user. 

The new rule enhancements will not go into effect until the FCC publishes notice of OMB approval in the Federal Register.  We anticipate that in connection with its OMB submission, the FCC may issue additional advisory guidance on how to comply in an effort to minimize compliance burdens and assure OMB approval. 

Small Provider Exemption from Enhanced Transparency Rules

The 2015 Open Internet Order provided a partial, temporary exemption from the enhancements to the Transparency Rule (but not from the existing 2010 Transparency Rule itself) for small BIAS providers with no more than 100,000 broadband connections, and delegated authority to its Consumer & Government Affairs Bureau (“CGB”) to consider whether to retain the exemption by Dec. 15, 2015.  On that date, CGB released an order extending the small BIAS provider exemption for an additional year to give the FCC more time to study the matter. 

BIAS providers with no more than 100,000 broadband connections now have until December 15, 2016 to comply with the enhanced transparency requirements, although the FCC is likely to review the record before that date to determine whether the exemption should be extended further.  The exemption only applies to the enhanced transparency requirements adopted in the 2015 Open Internet Order.  Small BIAS providers must continue to comply with their transparency obligations under the FCC’s 2010 Open Internet Order. 

If you have any questions about the FCC’s Open Internet rules or the Transparency Requirement, please contact Barbara Esbin at besbin@cinnamonmueller.com or (202) 872-6811, Bruce Beard at bbeard@cinnamonmueller.com or (314) 394-1535, or Scott Friedman at sfriedman@cinnamonmueller.com or (312) 372-3930.