On March 7, 2016, the FCC’s Enforcement Bureau released an Order and Consent Decree resolving its investigation into Verizon Wireless’s practice of inserting Unique Identifier Headers (“UIDHs”) into its customers’ mobile broadband Internet traffic for use in targeted advertising programs without their knowledge or consent.  Verizon will pay a $1.35 million fine, notify consumers about its targeted advertising programs and, going forward, obtain customers’ opt-in consent before sharing tracking information with third parties. 

The action is noteworthy because it involved allegations that Verizon Wireless violated both Section 222 of the Communications Act regarding improper disclosure of customer proprietary information, including customer proprietary network information (“CPNI”) by a telecommunications carrier, and the FCC’s Open Internet Transparency Rule requiring broadband Internet access service providers to publicly disclose accurate information regarding network management practices, performance, and commercial terms, including privacy policies.

This is the second major Open Internet Transparency Rule enforcement action taken by the FCC.  Last June, the FCC released a Notice of Apparent Liability finding that AT&T Mobility “apparently willfully and repeatedly” violated the FCC’s Open Internet transparency rule by misleading customers about its unlimited mobile data plans and proposing a $100 million fine for the alleged violations.

Background.  Section 222 of the Communications Act imposes a duty on carriers to protect their customers’ proprietary information and to use such information only for authorized purposes.  It also expressly prohibits carriers that obtain proprietary information from other carriers for the provision of telecommunications services to use such information for any other purpose.  Section 222(c) places special limits on the use of CPNI, defined as “information that relates to the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship.”  The use, disclosure or accessibility of individually identifiable CPNI is limited, except as required by law or by approval of the customer, to the provision of the telecommunications service from which such information is derived, or services necessary to or used in the provision of such telecommunications service, including the publishing of directories.

The FCC’s Open Internet Transparency Rule, adopted in 2010, requires all providers of broadband Internet access service, whether fixed or mobile service, to “publicly disclose accurate information about their network management practices, performance characteristics, and commercial terms of its broadband Internet access services sufficient for consumers to make informed choices regarding use of such services and for content, application, service, and device providers to develop, market and maintain Internet offerings.” 

In October 2012, Verizon Wireless began testing a targeted advertising service and, two months later, began providing the service to its subscribers.  From then until late 2014, Verizon Wireless continued to use UIDHs that could be used to create profiles, which were then used by Verizon Wireless and third-party companies to target ads to subscribers.

Verizon Wireless Open Internet Disclosures.  Although Verizon Wireless began inserting the UIDHs into subscribers’ Internet traffic as early as December 2012, and described its advertising programs in its Privacy Policy and elsewhere, Verizon Wireless did not specifically disclose the presence of UIDHs and its uses until October 2014.  At that time, Verizon Wireless made the disclosure in the UIDH “Frequently Asked Questions” section of its website, which can be linked from its Privacy Policy.  In late March 2015, Verizon Wireless updated its Privacy Policy to include a specific disclosure regarding UIDHs. 

FCC Investigation.  In December 2014, the FCC’s Enforcement Bureau began an investigation into Verizon Wireless after news stories raised privacy concerns with its use of UIDHs and the FCC received related consumer complaints.  According to news reports, one of Verizon Wireless’ advertising partners restored what the FCC has called “its cookie IDs that users cleared from their browsers” by associating them with Verizon Wireless UIDHs.  Verizon Wireless acknowledged these concerns about its partners’ use of UIDH for purposes outside of Verizon Wireless’ advertising programs in its UIDH FAQs, and affirmed it would work with its partners to ensure that their use of UIDH is consistent with the purposes intended. 

During the investigation, Verizon Wireless updated its customer-facing documents, including its UIDH FAQs and its Privacy Policy to specifically disclose the presence of UIDH and provide an opt-out capability.  The company cooperated with the FCC’s investigation and agreed to enter into the Consent Decree committing to a compliance plan concerning disclosure and use of UIDH.

Significance.  This action serves as yet another reminder that the FCC is increasingly focusing its enforcement efforts on two areas: (i) providers’ compliance with their statutory obligations to protect user privacy with respect to telecommunications services under Section 222 of the Act (now including broadband Internet access service); and (ii) providers’ compliance with their disclosure obligations under the FCC’s 2010 Open Internet Transparency Rule. 

Privacy.  The FCC is expected shortly to adopt a Notice of Proposed Rulemaking indicating how it intends to apply the commands of Section 222 to broadband Internet access service.  Until it adopts new Internet-specific rules, providers may be guided by the FCC’s approach to customer privacy for voice telephony service and its enforcement actions, such as this recent action concerning Verizon Wireless and the steps the company has agreed to take concerning opt-in consent from broadband Internet access customers for insertion and use of advertising identifiers.  

Transparency.  Providers of broadband Internet access services are reminded that the 2010 Open Internet Transparency Rule remains in effect and imposes a continuing obligation of accuracy with respect to the subject matters required to be disclosed.  Providers should post their Open Internet disclosures in a publicly accessible portion of their websites and keep them up-to-date, accurate and consistent with related information in marketing material and policies such as privacy policies.  

            If you have any questions about this enforcement action or compliance with the FCC’s Open Internet Transparency Rule, please contact Barbara Esbin at (202) 872-6811 or besbin@cinnamonmueller.com, Bruce Beard at (314) 394-1535 or bbeard@cinnamonmueller.com, or Scott Friedman at (312) 372-3930 or sfriedman@cinnamonmueller.com.

FCC Releases Accessibility Filing Reminder – CVAA Compliance Certificate due April 1, 2016

On March 4, 2016, the FCC released a Public Notice reminding telecommunications carriers, interconnected VoIP and advanced communications services providers that they must file their annual accessibility compliance certificates (covering 2015) by April 1, 2016. 

Who must file: 

• Telecommunications carriers,
• Interconnected VoIP providers; and
• Advanced communications service providers (e.g., providers of email, text messaging, instant messaging, interoperable video conferencing services).   

What does the certification contain?  All covered providers must submit the annual certification through the FCC’s Recordkeeping Compliance Certification and Contact Registry certifying that the company has established operating procedures adequate to ensure compliance with the recordkeeping rules and that the records are being kept accordingly.  In addition, covered providers must designate and keep current:

• A contact person authorized to resolve accessibility-related complaints from consumers.
• An agent to accept service of complaints filed with the FCC.

If you have any questions about operating procedures or filing certifications, please contact Bruce Beard at (314) 394-1535 or bbeard@cinnamonmueller.com.

FCC Form 499-A Due April 1, 2016 

All providers of telecommunications, including resellers and those offering interconnected VoIP service, with very limited exceptions, must file their annual telecommunications revenue report (Form 499-A) on or before April 1, 2016.  This includes any entity that relies on the de minimis exception for contributions to the federal Universal Service Fund (“USF”).

Information reported in FCC Form 499-A is used to calculate the support contribution an entity must pay into the USF as well as the Telecommunications Relay Service (“TRS”), North America Numbering Plan (“NANP”), and Local Number Portability Administration (“LNPA”) funds.  Providers owing less than $10,000 in USF support are considered de minimis and do not have to contribute to USF, but must still file the form and pay any TRS and NANP contributions due.

All covered providers must complete the Form 499-A Worksheet (also available as an online form) using 2015 revenue data. 

If you have any questions regarding these filings, please contact Bruce Beard at (314) 394-1535 or bbeard@cinnamonmueller.com.