Click here for Adobe Acrobat version
Click here for Microsoft Word version

******************************************************** 
                      NOTICE
********************************************************

This document was converted from Microsoft Word.

Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.

All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.

Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.

If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.

*****************************************************************



                                   Before the

                       Federal Communications Commission

                             Washington, D.C. 20554




                                         )                               
                                                                         
                                         )                               
     In the Matter of                        File No. EB-06-IH-0840      
                                         )                               
     Cbeyond Communications, LLC             NAL/Acct. No. 200632080153  
                                         )                               
     Apparent Liability for Forfeiture       FRN: 0003-7596-02           
                                         )                               
                                                                         
                                         )                               


                  NOTICE OF APPARENT LIABILITY FOR FORFEITURE

   Adopted:  April 21, 2006 Released: April 21, 2006

   By the Chief, Enforcement Bureau:

   I. INTRODUCTION

    1. In this Notice of Apparent Liability for Forfeiture  ("NAL"), we find
       that Cbeyond Communications, LLC ("Cbeyond") apparently violated the
       Commission's rules and orders by failing to have a corporate officer
       with personal knowledge execute an annual certificate stating that the
       company has established operating procedures adequate to ensure
       compliance with the Commission's rules governing protection and use of
       Customer Proprietary Network Information ("CPNI"), and by failing to
       make the compliance certificate publicly available. Protection of CPNI
       is a fundamental obligation of all telecommunications carriers as
       provided by section 222 of the Communications Act of 1934, as amended
       ("Communications Act" or "Act"). Based upon our review of the facts
       and circumstances surrounding this apparent violation, and in
       particular the serious consequences that may flow from inadequate
       concern for and protection of CPNI, we propose a monetary forfeiture
       of $100,000 against Cbeyond for its apparent failure to comply with
       section 64.2009(e) of the Commission's rules and the CPNI Order.

   II. BACKGROUND

    2. Based on concerns regarding the apparent availability to third parties
       of sensitive, personal subscriber information the Enforcement Bureau
       (the "Bureau") has been investigating the adequacy of procedures
       implemented by telecommunications carriers to ensure confidentiality
       of their subscribers' CPNI. For example, companies known as "data
       brokers" have advertised the availability of records of wireless
       subscribers' incoming and outgoing telephone calls for a fee. Data
       brokers have also advertised the availability of data regarding
       certain landline toll calls. As part of the Bureau's inquiry into CPNI
       issues, on January 30, 2006, the Bureau released a public notice
       directing all telecommunications carriers to submit their most recent
       CPNI compliance certifications to the Commission as required by
       section 64.2009(e) of the Commissions rules.

    3. During the same timeframe, the Bureau also initiated an investigation
       of Cbeyond in particular based on allegations received by the
       Commission concerning Cbeyond's use of CPNI. On February 1, 2006, the
       Bureau sent a letter of inquiry ("LOI") to Cbeyond to determine
       whether it has received or obtained proprietary information from
       another carrier and used that information in violation of section
       222(b) of the Communications Act of 1934, as amended ("the Act"), and
       section 64.2001 et seq. of the Commission's rules, which protects the
       confidentiality of CPNI. The LOI directed Cbeyond, among other things,
       to "[p]rovide Cbeyond's 47 C.F.R. S 64.2009(e) compliance certificate
       for the previous five years."

    4. On February 6, 2006, Cbeyond responded to the Public Notice, and on
       February 13, 2006, it responded to the LOI. In its response to the
       Public Notice, Cbeyond stated that the company "is aware of these
       rules and has established procedures that were designed to ensure full
       compliance with them." In addition, the company stated that "Cbeyond
       has commenced a comprehensive internal review of its operating
       procedures for CPNI compliance," and "will report to the Commission
       the conclusions reached in this inquiry upon the inquiry's completion,
       and Cbeyond will make any and all changes needed to ensure its future
       compliance with Section 222 and the Commission's regulations." In
       Cbeyond's response to the Bureau's LOI directing Cbeyond to produce
       its compliance certifications pursuant to section 64.2009(e), the
       company stated that "Cbeyond does not presently have documents
       responsive to this request." This response was accompanied by a
       declaration under penalty of perjury from Cbeyond's Vice President for
       Regulatory and Legislative Affairs.

   III. DISCUSSION

    5. Under section 503(b)(1) of the Act, any person who is determined by
       the Commission to have willfully or repeatedly failed to comply with
       any provision of the Act or any rule, regulation, or order issued by
       the Commission shall be liable to the United States for a forfeiture
       penalty. Section 312(f)(1) of the Act defines "willful" as "the
       conscious and deliberate commission or omission of [any] act,
       irrespective of any intent to violate" the law. The legislative
       history to section 312(f)(1) of the Act clarifies that this definition
       of willful applies to both sections 312 and 503(b) of the Act, and the
       Commission has so interpreted the term in the section 503(b) context.
       The Commission may also assess a forfeiture for violations that are
       merely repeated, and not willful. "Repeated" means that the act was
       committed or omitted more than once, or lasts more than one day. To
       impose such a forfeiture penalty, the Commission must issue a notice
       of apparent liability, and the person against whom the notice has been
       issued must have an opportunity to show, in writing, why no such
       forfeiture penalty should be imposed. The Commission will then issue a
       forfeiture if it finds by a preponderance of the evidence that the
       person has violated the Act or a Commission rule.

    6. The fundamental issues in this case are whether Cbeyond apparently
       violated the Act and the Commission's rules and orders by failing to
       have an officer with personal knowledge annually certify that the
       company has established procedures that comply with the Commission's
       CPNI rules and failing to make its compliance certificate available
       upon request. Based on a preponderance of the evidence discussed
       below, we answer these questions affirmatively and conclude that
       Cbeyond is apparently liable for a forfeiture of $100,000 for
       apparently willfully or repeatedly violating section 222 of the Act,
       section 64.2009(e) of the Commission's rules, and the CPNI Order.

    7. Section 222 of the Act imposes the general duty on all
       telecommunications carriers to protect the confidentiality of their
       subscribers' proprietary information. The Commission has issued rules
       implementing section 222 of the Act, requiring carriers to establish
       and maintain a system designed to ensure that carriers adequately
       protected their subscribers' CPNI. Specifically, section 64.2009(e)
       requires that:

   A telecommunications carrier must have an officer, as an agent of the
   carrier, sign a compliance certificate on an annual basis stating that the
   officer has personal knowledge that the company has established operating
   procedures that are adequate to ensure compliance with the rules in this
   subpart. The carrier must provide a statement accompanying the certificate
   explaining how its operating procedures ensure that it is or is not in
   compliance with the rules in this subpart.

   In the CPNI Order,  the Commission also explicitly required that the
   "[section 64.2009(e)] certification must be publicly available, and be
   accompanied by a statement explaining how the carrier is implementing our
   CPNI rules and safeguards."

    8. The January 30, 2006 Public Notice requested all telecommunications
       carriers to produce their most recent compliance certificates prepared
       in compliance with section 64.2009(e) of the Commission's rules. The
       Bureau's LOI directed Cbeyond to submit such compliance certificates
       for the previous five years. Notwithstanding this directive, Cbeyond
       has failed to produce any certification. Instead, Cbeyond filed only a
       letter in response to the Public Notice, in which it acknowledged its
       awareness of the Commission's rules, and indicated its intent to
       conduct a review of its operating procedures and to submit a future
       report. This letter is insufficient to demonstrate compliance with
       section 64.2009(e). In fact, Cbeyond has conceded the inadequacy of
       its Public Notice Response, as it stated in its subsequent response to
       the Bureau's LOI that it did not have any of the section 64.2009(e)
       certifications for the past five years.

    9. Based on the facts above, we conclude that Cbeyond has apparently
       willfully or repeatedly failed to comply with our CPNI requirement
       that an officer annually execute a compliance certificate as set forth
       in section 64.2009(e), and that such certificate be made publicly
       available. For this apparent violation, we propose a forfeiture.

   IV. FORFEITURE AMOUNT

   10. Section 503(b) of the Act authorizes the Commission to assess a
       forfeiture of up to $130,000 for each violation of the Act or of any
       rule, regulation, or order issued by the Commission under the Act. The
       Commission may assess this penalty if it determines that the carrier's
       noncompliance is "willful or repeated." For a violation to be willful,
       it need not be intentional. To assess a forfeiture, the violation may
       also be merely repeated, and not willful. "Repeated" means that the
       act was committed or omitted more than once, or lasts more than one
       day. In exercising our forfeiture authority, we are required to take
       into account "the nature, circumstances, extent, and gravity of the
       violation and, with respect to the violator, the degree of
       culpability, any history of prior offenses, ability to pay, and such
       other matters as justice may require." In addition, the Commission has
       established guidelines for forfeiture amounts and, where there is no
       specific base amount for a violation, retained discretion to set an
       amount on a case-by-case basis.

   11. The Commission's forfeiture guidelines do not address the specific
       violation at issue in this proceeding. In determining the proper
       forfeiture amount in this case, however, we are guided by the
       principle that there may be no more important obligation on a
       carrier's part than protection of its subscribers' proprietary
       information. Consumers are increasingly concerned about the security
       of their sensitive, personal data that they must entrust to their
       various service providers, whether they are financial institutions or
       telephone companies. Given the increasing concern about the security
       of this data, and evidence that the data appears to be widely
       available to third parties, we must take aggressive, substantial steps
       to ensure that carriers implement necessary and adequate measures to
       protect their subscribers' CPNI as required by the Commission's
       existing CPNI rules. For these reasons, we recently held that a
       substantial forfeiture of $100,000 is warranted for a carrier's
       apparent failure to comply with section 64.2009(e) of the Commission's
       rules. In this case, Cbeyond has not produced any current certificate
       that satisfies the requirements of section 64.2009(e), and stated that
       it does not have any such certificates for the past five years.
       Therefore, we find that Cbeyond has apparently willfully and
       repeatedly violated section 64.2009(e) and the CPNI Order  by failing
       to have an officer with personal knowledge annually certify that the
       company has established procedures that comply with the Commission's
       CPNI rules and by failing to make the compliance certificate publicly
       available. Based on all the facts and circumstances present in this
       case, we believe a proposed forfeiture of $100,000 is warranted.

   V. CONCLUSION AND ordering clauses

   12. We have determined that Cbeyond has apparently violated Section
       64.2009(e) of the Commission's rules by failing to prepare and
       maintain a certification in compliance with the rule. We find Cbeyond
       apparently liable for $100,000.

   13. ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 503(b) of the
       Communications Act of 1934, as amended, Section 1.80(f)(4) of the
       Commission's rules, and authority delegated by Sections 0.111 and
       0.311 of the Commission's rules, Cbeyond IS LIABLE FOR A MONETARY
       FORFEITURE in the amount of one hundred thousand dollars ($100,000)
       for willfully or repeatedly violating section 64.2009 of the
       Commission's rules and the CPNI Order, by failing to prepare and make
       available upon request a certificate that complies with 64.2009(e).

   14. IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of the
       Commission's Rules, within thirty days of the release date of this
       NOTICE OF APPARENT LIABILITY, Cbeyond SHALL PAY the full amount of the
       proposed forfeiture or SHALL FILE a written statement seeking
       reduction or cancellation of the proposed forfeiture.

   15. Payment of the forfeiture must be made by check or similar instrument,
       payable to the order of the Federal Communications Commission. The
       payment must include the NAL/Acct. No. and FRN No. referenced above.
       Payment by check or money order may be mailed to Federal
       Communications Commission, P.O. Box 358340, Pittsburgh, PA 15251-8340.
       Payment by overnight mail may be sent to Mellon Bank/LB 358340, 500
       Ross Street, Room 1540670, Pittsburgh, PA 15251. Payment by wire
       transfer may be made to ABA Number 043000261, receiving bank Mellon
       Bank, and account number 911-6106. Requests for payment of the full
       amount of this NAL under an installment plan should be sent to:
       Associate Managing Director -- Financial Operations, 445 12th Street,
       S.W., Room 1-A625, Washington, D.C. 20554.

   16. The response, if any, to this NOTICE OF APPARENT LIABILITY must be
       mailed to William H. Davenport, Chief, Investigations and Hearings
       Division, Enforcement Bureau, Federal Communications Commission, Room
       4-A237, 445 12^th Street, S.W., Washington, D.C. 20554 and must
       include the NAL/Acct. No. referenced above.

   17. IT IS FURTHER ORDERED that a copy of this Order shall be sent by
       Certified Mail, Return Receipt Requested to Thomas Jones and Theodore
       Case Whitehouse, Counsel for Cbeyond Communications, LLC, 1875 K
       Street, NW, Washington, DC 20006.

   FEDERAL COMMUNICATIONS COMMISSION

   Kris A. Monteith

   Chief, Enforcement Bureau

   See 47 C.F.R. S 64.2009(e); Implementation of the Telecommunications Act
   of 1996: Telecommunications Carriers' Use of Customer Proprietary Network
   Information and Other Customer Information and Implementation of the
   Non-Accounting Safeguards of Sections 271 and 272 of the Communications
   Act of 1934, as amended, Order and Further Notice of Proposed Rulemaking,
   13 FCC Rcd 8061 (1998) ("CPNI Order").

   See, e.g. http://www.epic.org/privacy/iei/ (last accessed March 22, 2006).

   See id.

   Enforcement Bureau Directs All Telecommunications Carriers to Submit CPNI
   Compliance Certifications, Public Notice, DA 06-223 (Enf. Bur. rel. Jan.
   30, 2006).

   Letter from Hillary S. DeNigro, Deputy Chief, Investigations and Hearings
   Division, Enforcement Bureau, to James Geiger, Chief Executive Officer,
   and Julia Strow, Vice President, Regulatory and Legislative Affairs,
   Cbeyond Communications, LLC, dated February 1, 2006 ("LOI").

   Id.

   See Letter from Julia Strow, Vice President, Regulatory and Legislative
   Affairs, Cbeyond Communications, LLC to Marlene H. Dortch, Office of the
   Secretary, FCC, dated February 6, 2006 ("Public Notice Response").

   Letter from Thomas Jones and Theodore Case Whitehouse, Willkie Farr &
   Gallagher, LLP, Counsel for Cbeyond, to Hillary S. DeNigro, Eric Bash, and
   Christopher Shields, Investigations and Hearings Division, Enforcement
   Bureau, dated February 13, 2006 ("LOI Response").

   Public Notice Response at 1.

   Id.

   LOI Response at 10.

   47 U.S.C. S 503(b)(1)(B); 47 C.F.R. S 1.80(a)(1); see also 47 U.S.C. S
   503(b)(1)(D) (forfeitures for violation of 14 U.S.C. S 1464).

   47 U.S.C. S 312(f)(1).

   H.R. Rep. No. 97-765, 97^th Cong. 2d Sess. 51 (1982).

   See, e.g., Application for Review of Southern California Broadcasting Co.,
   Memorandum Opinion and Order, 6 FCC Rcd 4387, 4388, P 5 (1991) ("Southern
   California Broadcasting Co.").

   See, e.g., Callais Cablevision, Inc., Grand Isle, Louisiana, Notice of
   Apparent Liability for Monetary Forfeiture, 16 FCC Rcd 1359, 1362, P 10
   (2001) ("Callais Cablevision") (issuing a Notice of Apparent Liability
   for, inter alia, a cable television operator's repeated signal leakage).

   Southern California Broadcasting Co., 6 FCC Rcd at 4388, P 5; Callais
   Cablevision, Inc., 16 FCC Rcd at 1362, P 9.

   47 U.S.C. S 503(b); 47 C.F.R. S 1.80(f).

   See, e.g., SBC Communications, Inc., Apparent Liability for Forfeiture,
   Forfeiture Order, 17 FCC Rcd 7589, 7591, P 4 (2002) (forfeiture paid).

   Id.; see also  Implementation of The Telecommunications Act of 1996,
   Telecommunications Carriers' Use of Customer Proprietary Network
   Information and Other Customer Information,  and Implementation of the
   Non-Accounting Safeguards of Sections 271 and 272 of the Communications
   Act of 1934, As Amended,  Order on Reconsideration and Petitions for
   Forbearance,  14 FCC Rcd 14409, 14468, n.331 (1999) ("CPNI Reconsideration
   and Forbearance Order").

   Section 222 of the Communications Act provides that: "Every
   telecommunications carrier has a duty to protect the confidentiality of
   proprietary information of, and relating to, other telecommunications
   carriers, equipment manufacturers, and customers, including
   telecommunication carriers reselling telecommunications services provided
   by a telecommunications carrier." 47 U.S.C S 222.

   See generally,  CPNI Order; CPNI Reconsideration and Forbearance Order;
   Implementation of the Telecommunications Act of 1996, Telecommunications
   Carriers' Use of Customer Proprietary Network Information and Other
   Customer Information,  Implementation of the Non-Accounting Safeguards of
   Sections 271 and 272 of the Communications Act of 1934, As Amended, and
   2000 Biennial Regulatory Review -- Review of Policies and Rules Concerning
   Unauthorized Changes of Consumers' Long Distance Carriers, Third Report
   and Order and Third Further Notice of Proposed Rulemaking, 17 FCC Rcd
   14860 (2002).

   47 C.F.R.S 64.2009(e).

   CPNI Order, 13 FCC Rcd at 8199, 8216, PP 201, 243.

   47 C.F.R. S 64.2009.

   LOI at 6, P 11.

   Public Notice Response at 1.

   See LOI Response at 10. The LOI imposes a continuing obligation on Cbeyond
   "to produce in the future any and all documents and information that are
   responsive to the inquiries made herein but not initially produced at the
   time, date and place specified" in the LOI. To date, Cbeyond still has not
   filed any certificate pursuant to section 64.2009(e), and thus still has
   not fulfilled its responsibility under that section. See LOI at 2.

   Section 503(b)(2)(B) provides for forfeitures against common carriers of
   up to $130,000 for each violation or each day of a continuing violation up
   to a maximum of $1,325,000 for each continuing violation.  47 U.S.C. S
   503(b)(2)(B). See Amendment of Section 1.80 of the Commission's Rules and
   Adjustment of Forfeiture Maxima to Reflect Inflation, Order, 15 FCC Rcd
   18221 (2000); Amendment of Section 1.80 of the Commission's Rules and
   Adjustment of Forfeiture Maxima to Reflect Inflation, Order, 19 FCC Rcd
   10945 (2004) (increasing maximum forfeiture amounts to account for
   inflation).

   47 U.S.C. S 503(b)(1)(B). The Commission has authority under this section
   of the Act to assess a forfeiture penalty against a common carrier if the
   Commission determines that the carrier has "willfully or repeatedly"
   failed to comply with the provisions of the Act or with any rule,
   regulation, or order issued by the Commission under the Act. The section
   provides that the Commission must assess such penalties through the use of
   a written notice of apparent liability or notice of opportunity for
   hearing. See 47 U.S.C. S 503(b)(4)(A). Here, as described above, Cbeyond's
   actions were willful as it failed to submit any required compliance
   certification in response to the Bureau's LOI.

   Southern California Broadcasting Co., Memorandum Opinion and Order, 6 FCC
   Rcd 4387 (1991).

   See, e.g., Callais Cablevision, Inc., Grand Isle, Louisiana, Notice of
   Apparent Liability for Monetary Forfeiture, 16 FCC Rcd 1359 (2001)
   (issuing a Notice of Apparent Liability for, inter alia, a cable
   television operator's repeated signal leakage).

   Callais Cablevision, Inc., 16 FCC Rcd at 1362, P 9; Southern California
   Broadcasting Co., 6 FCC Rcd at 4388, P 5.

   See 47 U.S.C. S 503(b)(2)(D); see also The Commission's Forfeiture Policy
   Statement and Amendment of Section 1.80 of the Commission's Rules to
   Incorporate the Forfeiture Guidelines, Report and Order, 12 FCC Rcd 17087
   (1997) ("Forfeiture Policy Statement"), recon. denied, 15 FCC Rcd 303
   (1999).

   Forfeiture Policy Statement, 12 FCC Rcd at 17098-99, P 22.

   Alltel Corporation, Apparent Liability for Forfeiture, DA 06-220 (Enf.
   Bur., rel. Jan. 30, 2006); AT&T, Inc., Notice of Apparent Liability for
   Forfeiture, DA 06-221 (Enf. Bur., rel. Jan. 30, 2006).

   47 U.S.C. S 503(b)(4)(A).

   47 U.S.C. S 503(b).

   47 U.S.C. S 1.80(f)(4).

   47 C.F.R. SS 0.111, 0.311.

   See 47 C.F.R. S 1.1914.

   (...continued from previous page)

                                                              (continued....)

   Federal Communications Commission DA 06-916

   2

   Federal Communications Commission DA 06-916