Click here for Adobe Acrobat version
Click here for Microsoft Word version
********************************************************
NOTICE
********************************************************
This document was converted from Microsoft Word.
Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.
All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.
Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.
If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.
*****************************************************************
Before the
Federal Communications Commission
Washington, D.C. 20554
)
)
In the Matter of File No. EB-06-IH-0840
)
Cbeyond Communications, LLC NAL/Acct. No. 200632080153
)
Apparent Liability for Forfeiture FRN: 0003-7596-02
)
)
NOTICE OF APPARENT LIABILITY FOR FORFEITURE
Adopted: April 21, 2006 Released: April 21, 2006
By the Chief, Enforcement Bureau:
I. INTRODUCTION
1. In this Notice of Apparent Liability for Forfeiture ("NAL"), we find
that Cbeyond Communications, LLC ("Cbeyond") apparently violated the
Commission's rules and orders by failing to have a corporate officer
with personal knowledge execute an annual certificate stating that the
company has established operating procedures adequate to ensure
compliance with the Commission's rules governing protection and use of
Customer Proprietary Network Information ("CPNI"), and by failing to
make the compliance certificate publicly available. Protection of CPNI
is a fundamental obligation of all telecommunications carriers as
provided by section 222 of the Communications Act of 1934, as amended
("Communications Act" or "Act"). Based upon our review of the facts
and circumstances surrounding this apparent violation, and in
particular the serious consequences that may flow from inadequate
concern for and protection of CPNI, we propose a monetary forfeiture
of $100,000 against Cbeyond for its apparent failure to comply with
section 64.2009(e) of the Commission's rules and the CPNI Order.
II. BACKGROUND
2. Based on concerns regarding the apparent availability to third parties
of sensitive, personal subscriber information the Enforcement Bureau
(the "Bureau") has been investigating the adequacy of procedures
implemented by telecommunications carriers to ensure confidentiality
of their subscribers' CPNI. For example, companies known as "data
brokers" have advertised the availability of records of wireless
subscribers' incoming and outgoing telephone calls for a fee. Data
brokers have also advertised the availability of data regarding
certain landline toll calls. As part of the Bureau's inquiry into CPNI
issues, on January 30, 2006, the Bureau released a public notice
directing all telecommunications carriers to submit their most recent
CPNI compliance certifications to the Commission as required by
section 64.2009(e) of the Commissions rules.
3. During the same timeframe, the Bureau also initiated an investigation
of Cbeyond in particular based on allegations received by the
Commission concerning Cbeyond's use of CPNI. On February 1, 2006, the
Bureau sent a letter of inquiry ("LOI") to Cbeyond to determine
whether it has received or obtained proprietary information from
another carrier and used that information in violation of section
222(b) of the Communications Act of 1934, as amended ("the Act"), and
section 64.2001 et seq. of the Commission's rules, which protects the
confidentiality of CPNI. The LOI directed Cbeyond, among other things,
to "[p]rovide Cbeyond's 47 C.F.R. S 64.2009(e) compliance certificate
for the previous five years."
4. On February 6, 2006, Cbeyond responded to the Public Notice, and on
February 13, 2006, it responded to the LOI. In its response to the
Public Notice, Cbeyond stated that the company "is aware of these
rules and has established procedures that were designed to ensure full
compliance with them." In addition, the company stated that "Cbeyond
has commenced a comprehensive internal review of its operating
procedures for CPNI compliance," and "will report to the Commission
the conclusions reached in this inquiry upon the inquiry's completion,
and Cbeyond will make any and all changes needed to ensure its future
compliance with Section 222 and the Commission's regulations." In
Cbeyond's response to the Bureau's LOI directing Cbeyond to produce
its compliance certifications pursuant to section 64.2009(e), the
company stated that "Cbeyond does not presently have documents
responsive to this request." This response was accompanied by a
declaration under penalty of perjury from Cbeyond's Vice President for
Regulatory and Legislative Affairs.
III. DISCUSSION
5. Under section 503(b)(1) of the Act, any person who is determined by
the Commission to have willfully or repeatedly failed to comply with
any provision of the Act or any rule, regulation, or order issued by
the Commission shall be liable to the United States for a forfeiture
penalty. Section 312(f)(1) of the Act defines "willful" as "the
conscious and deliberate commission or omission of [any] act,
irrespective of any intent to violate" the law. The legislative
history to section 312(f)(1) of the Act clarifies that this definition
of willful applies to both sections 312 and 503(b) of the Act, and the
Commission has so interpreted the term in the section 503(b) context.
The Commission may also assess a forfeiture for violations that are
merely repeated, and not willful. "Repeated" means that the act was
committed or omitted more than once, or lasts more than one day. To
impose such a forfeiture penalty, the Commission must issue a notice
of apparent liability, and the person against whom the notice has been
issued must have an opportunity to show, in writing, why no such
forfeiture penalty should be imposed. The Commission will then issue a
forfeiture if it finds by a preponderance of the evidence that the
person has violated the Act or a Commission rule.
6. The fundamental issues in this case are whether Cbeyond apparently
violated the Act and the Commission's rules and orders by failing to
have an officer with personal knowledge annually certify that the
company has established procedures that comply with the Commission's
CPNI rules and failing to make its compliance certificate available
upon request. Based on a preponderance of the evidence discussed
below, we answer these questions affirmatively and conclude that
Cbeyond is apparently liable for a forfeiture of $100,000 for
apparently willfully or repeatedly violating section 222 of the Act,
section 64.2009(e) of the Commission's rules, and the CPNI Order.
7. Section 222 of the Act imposes the general duty on all
telecommunications carriers to protect the confidentiality of their
subscribers' proprietary information. The Commission has issued rules
implementing section 222 of the Act, requiring carriers to establish
and maintain a system designed to ensure that carriers adequately
protected their subscribers' CPNI. Specifically, section 64.2009(e)
requires that:
A telecommunications carrier must have an officer, as an agent of the
carrier, sign a compliance certificate on an annual basis stating that the
officer has personal knowledge that the company has established operating
procedures that are adequate to ensure compliance with the rules in this
subpart. The carrier must provide a statement accompanying the certificate
explaining how its operating procedures ensure that it is or is not in
compliance with the rules in this subpart.
In the CPNI Order, the Commission also explicitly required that the
"[section 64.2009(e)] certification must be publicly available, and be
accompanied by a statement explaining how the carrier is implementing our
CPNI rules and safeguards."
8. The January 30, 2006 Public Notice requested all telecommunications
carriers to produce their most recent compliance certificates prepared
in compliance with section 64.2009(e) of the Commission's rules. The
Bureau's LOI directed Cbeyond to submit such compliance certificates
for the previous five years. Notwithstanding this directive, Cbeyond
has failed to produce any certification. Instead, Cbeyond filed only a
letter in response to the Public Notice, in which it acknowledged its
awareness of the Commission's rules, and indicated its intent to
conduct a review of its operating procedures and to submit a future
report. This letter is insufficient to demonstrate compliance with
section 64.2009(e). In fact, Cbeyond has conceded the inadequacy of
its Public Notice Response, as it stated in its subsequent response to
the Bureau's LOI that it did not have any of the section 64.2009(e)
certifications for the past five years.
9. Based on the facts above, we conclude that Cbeyond has apparently
willfully or repeatedly failed to comply with our CPNI requirement
that an officer annually execute a compliance certificate as set forth
in section 64.2009(e), and that such certificate be made publicly
available. For this apparent violation, we propose a forfeiture.
IV. FORFEITURE AMOUNT
10. Section 503(b) of the Act authorizes the Commission to assess a
forfeiture of up to $130,000 for each violation of the Act or of any
rule, regulation, or order issued by the Commission under the Act. The
Commission may assess this penalty if it determines that the carrier's
noncompliance is "willful or repeated." For a violation to be willful,
it need not be intentional. To assess a forfeiture, the violation may
also be merely repeated, and not willful. "Repeated" means that the
act was committed or omitted more than once, or lasts more than one
day. In exercising our forfeiture authority, we are required to take
into account "the nature, circumstances, extent, and gravity of the
violation and, with respect to the violator, the degree of
culpability, any history of prior offenses, ability to pay, and such
other matters as justice may require." In addition, the Commission has
established guidelines for forfeiture amounts and, where there is no
specific base amount for a violation, retained discretion to set an
amount on a case-by-case basis.
11. The Commission's forfeiture guidelines do not address the specific
violation at issue in this proceeding. In determining the proper
forfeiture amount in this case, however, we are guided by the
principle that there may be no more important obligation on a
carrier's part than protection of its subscribers' proprietary
information. Consumers are increasingly concerned about the security
of their sensitive, personal data that they must entrust to their
various service providers, whether they are financial institutions or
telephone companies. Given the increasing concern about the security
of this data, and evidence that the data appears to be widely
available to third parties, we must take aggressive, substantial steps
to ensure that carriers implement necessary and adequate measures to
protect their subscribers' CPNI as required by the Commission's
existing CPNI rules. For these reasons, we recently held that a
substantial forfeiture of $100,000 is warranted for a carrier's
apparent failure to comply with section 64.2009(e) of the Commission's
rules. In this case, Cbeyond has not produced any current certificate
that satisfies the requirements of section 64.2009(e), and stated that
it does not have any such certificates for the past five years.
Therefore, we find that Cbeyond has apparently willfully and
repeatedly violated section 64.2009(e) and the CPNI Order by failing
to have an officer with personal knowledge annually certify that the
company has established procedures that comply with the Commission's
CPNI rules and by failing to make the compliance certificate publicly
available. Based on all the facts and circumstances present in this
case, we believe a proposed forfeiture of $100,000 is warranted.
V. CONCLUSION AND ordering clauses
12. We have determined that Cbeyond has apparently violated Section
64.2009(e) of the Commission's rules by failing to prepare and
maintain a certification in compliance with the rule. We find Cbeyond
apparently liable for $100,000.
13. ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 503(b) of the
Communications Act of 1934, as amended, Section 1.80(f)(4) of the
Commission's rules, and authority delegated by Sections 0.111 and
0.311 of the Commission's rules, Cbeyond IS LIABLE FOR A MONETARY
FORFEITURE in the amount of one hundred thousand dollars ($100,000)
for willfully or repeatedly violating section 64.2009 of the
Commission's rules and the CPNI Order, by failing to prepare and make
available upon request a certificate that complies with 64.2009(e).
14. IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of the
Commission's Rules, within thirty days of the release date of this
NOTICE OF APPARENT LIABILITY, Cbeyond SHALL PAY the full amount of the
proposed forfeiture or SHALL FILE a written statement seeking
reduction or cancellation of the proposed forfeiture.
15. Payment of the forfeiture must be made by check or similar instrument,
payable to the order of the Federal Communications Commission. The
payment must include the NAL/Acct. No. and FRN No. referenced above.
Payment by check or money order may be mailed to Federal
Communications Commission, P.O. Box 358340, Pittsburgh, PA 15251-8340.
Payment by overnight mail may be sent to Mellon Bank/LB 358340, 500
Ross Street, Room 1540670, Pittsburgh, PA 15251. Payment by wire
transfer may be made to ABA Number 043000261, receiving bank Mellon
Bank, and account number 911-6106. Requests for payment of the full
amount of this NAL under an installment plan should be sent to:
Associate Managing Director -- Financial Operations, 445 12th Street,
S.W., Room 1-A625, Washington, D.C. 20554.
16. The response, if any, to this NOTICE OF APPARENT LIABILITY must be
mailed to William H. Davenport, Chief, Investigations and Hearings
Division, Enforcement Bureau, Federal Communications Commission, Room
4-A237, 445 12^th Street, S.W., Washington, D.C. 20554 and must
include the NAL/Acct. No. referenced above.
17. IT IS FURTHER ORDERED that a copy of this Order shall be sent by
Certified Mail, Return Receipt Requested to Thomas Jones and Theodore
Case Whitehouse, Counsel for Cbeyond Communications, LLC, 1875 K
Street, NW, Washington, DC 20006.
FEDERAL COMMUNICATIONS COMMISSION
Kris A. Monteith
Chief, Enforcement Bureau
See 47 C.F.R. S 64.2009(e); Implementation of the Telecommunications Act
of 1996: Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, as amended, Order and Further Notice of Proposed Rulemaking,
13 FCC Rcd 8061 (1998) ("CPNI Order").
See, e.g. http://www.epic.org/privacy/iei/ (last accessed March 22, 2006).
See id.
Enforcement Bureau Directs All Telecommunications Carriers to Submit CPNI
Compliance Certifications, Public Notice, DA 06-223 (Enf. Bur. rel. Jan.
30, 2006).
Letter from Hillary S. DeNigro, Deputy Chief, Investigations and Hearings
Division, Enforcement Bureau, to James Geiger, Chief Executive Officer,
and Julia Strow, Vice President, Regulatory and Legislative Affairs,
Cbeyond Communications, LLC, dated February 1, 2006 ("LOI").
Id.
See Letter from Julia Strow, Vice President, Regulatory and Legislative
Affairs, Cbeyond Communications, LLC to Marlene H. Dortch, Office of the
Secretary, FCC, dated February 6, 2006 ("Public Notice Response").
Letter from Thomas Jones and Theodore Case Whitehouse, Willkie Farr &
Gallagher, LLP, Counsel for Cbeyond, to Hillary S. DeNigro, Eric Bash, and
Christopher Shields, Investigations and Hearings Division, Enforcement
Bureau, dated February 13, 2006 ("LOI Response").
Public Notice Response at 1.
Id.
LOI Response at 10.
47 U.S.C. S 503(b)(1)(B); 47 C.F.R. S 1.80(a)(1); see also 47 U.S.C. S
503(b)(1)(D) (forfeitures for violation of 14 U.S.C. S 1464).
47 U.S.C. S 312(f)(1).
H.R. Rep. No. 97-765, 97^th Cong. 2d Sess. 51 (1982).
See, e.g., Application for Review of Southern California Broadcasting Co.,
Memorandum Opinion and Order, 6 FCC Rcd 4387, 4388, P 5 (1991) ("Southern
California Broadcasting Co.").
See, e.g., Callais Cablevision, Inc., Grand Isle, Louisiana, Notice of
Apparent Liability for Monetary Forfeiture, 16 FCC Rcd 1359, 1362, P 10
(2001) ("Callais Cablevision") (issuing a Notice of Apparent Liability
for, inter alia, a cable television operator's repeated signal leakage).
Southern California Broadcasting Co., 6 FCC Rcd at 4388, P 5; Callais
Cablevision, Inc., 16 FCC Rcd at 1362, P 9.
47 U.S.C. S 503(b); 47 C.F.R. S 1.80(f).
See, e.g., SBC Communications, Inc., Apparent Liability for Forfeiture,
Forfeiture Order, 17 FCC Rcd 7589, 7591, P 4 (2002) (forfeiture paid).
Id.; see also Implementation of The Telecommunications Act of 1996,
Telecommunications Carriers' Use of Customer Proprietary Network
Information and Other Customer Information, and Implementation of the
Non-Accounting Safeguards of Sections 271 and 272 of the Communications
Act of 1934, As Amended, Order on Reconsideration and Petitions for
Forbearance, 14 FCC Rcd 14409, 14468, n.331 (1999) ("CPNI Reconsideration
and Forbearance Order").
Section 222 of the Communications Act provides that: "Every
telecommunications carrier has a duty to protect the confidentiality of
proprietary information of, and relating to, other telecommunications
carriers, equipment manufacturers, and customers, including
telecommunication carriers reselling telecommunications services provided
by a telecommunications carrier." 47 U.S.C S 222.
See generally, CPNI Order; CPNI Reconsideration and Forbearance Order;
Implementation of the Telecommunications Act of 1996, Telecommunications
Carriers' Use of Customer Proprietary Network Information and Other
Customer Information, Implementation of the Non-Accounting Safeguards of
Sections 271 and 272 of the Communications Act of 1934, As Amended, and
2000 Biennial Regulatory Review -- Review of Policies and Rules Concerning
Unauthorized Changes of Consumers' Long Distance Carriers, Third Report
and Order and Third Further Notice of Proposed Rulemaking, 17 FCC Rcd
14860 (2002).
47 C.F.R.S 64.2009(e).
CPNI Order, 13 FCC Rcd at 8199, 8216, PP 201, 243.
47 C.F.R. S 64.2009.
LOI at 6, P 11.
Public Notice Response at 1.
See LOI Response at 10. The LOI imposes a continuing obligation on Cbeyond
"to produce in the future any and all documents and information that are
responsive to the inquiries made herein but not initially produced at the
time, date and place specified" in the LOI. To date, Cbeyond still has not
filed any certificate pursuant to section 64.2009(e), and thus still has
not fulfilled its responsibility under that section. See LOI at 2.
Section 503(b)(2)(B) provides for forfeitures against common carriers of
up to $130,000 for each violation or each day of a continuing violation up
to a maximum of $1,325,000 for each continuing violation. 47 U.S.C. S
503(b)(2)(B). See Amendment of Section 1.80 of the Commission's Rules and
Adjustment of Forfeiture Maxima to Reflect Inflation, Order, 15 FCC Rcd
18221 (2000); Amendment of Section 1.80 of the Commission's Rules and
Adjustment of Forfeiture Maxima to Reflect Inflation, Order, 19 FCC Rcd
10945 (2004) (increasing maximum forfeiture amounts to account for
inflation).
47 U.S.C. S 503(b)(1)(B). The Commission has authority under this section
of the Act to assess a forfeiture penalty against a common carrier if the
Commission determines that the carrier has "willfully or repeatedly"
failed to comply with the provisions of the Act or with any rule,
regulation, or order issued by the Commission under the Act. The section
provides that the Commission must assess such penalties through the use of
a written notice of apparent liability or notice of opportunity for
hearing. See 47 U.S.C. S 503(b)(4)(A). Here, as described above, Cbeyond's
actions were willful as it failed to submit any required compliance
certification in response to the Bureau's LOI.
Southern California Broadcasting Co., Memorandum Opinion and Order, 6 FCC
Rcd 4387 (1991).
See, e.g., Callais Cablevision, Inc., Grand Isle, Louisiana, Notice of
Apparent Liability for Monetary Forfeiture, 16 FCC Rcd 1359 (2001)
(issuing a Notice of Apparent Liability for, inter alia, a cable
television operator's repeated signal leakage).
Callais Cablevision, Inc., 16 FCC Rcd at 1362, P 9; Southern California
Broadcasting Co., 6 FCC Rcd at 4388, P 5.
See 47 U.S.C. S 503(b)(2)(D); see also The Commission's Forfeiture Policy
Statement and Amendment of Section 1.80 of the Commission's Rules to
Incorporate the Forfeiture Guidelines, Report and Order, 12 FCC Rcd 17087
(1997) ("Forfeiture Policy Statement"), recon. denied, 15 FCC Rcd 303
(1999).
Forfeiture Policy Statement, 12 FCC Rcd at 17098-99, P 22.
Alltel Corporation, Apparent Liability for Forfeiture, DA 06-220 (Enf.
Bur., rel. Jan. 30, 2006); AT&T, Inc., Notice of Apparent Liability for
Forfeiture, DA 06-221 (Enf. Bur., rel. Jan. 30, 2006).
47 U.S.C. S 503(b)(4)(A).
47 U.S.C. S 503(b).
47 U.S.C. S 1.80(f)(4).
47 C.F.R. SS 0.111, 0.311.
See 47 C.F.R. S 1.1914.
(...continued from previous page)
(continued....)
Federal Communications Commission DA 06-916
2
Federal Communications Commission DA 06-916