Click here for Adobe Acrobat version
Click here for Microsoft Word version

******************************************************** 
                      NOTICE
********************************************************

This document was converted from Microsoft Word.

Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.

All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.

Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.

If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.

*****************************************************************



                                   Before the

                       Federal Communications Commission

                             Washington, D.C. 20554


                                             )                               
                                                                             
                                             )                               
                                                                             
                                             )                               
     In the Matter of                                                        
                                             )   File No. EB-09-TC-097       
     E.Com Technologies, LLC dba First                                       
     Mile Technologies                       )   NAL/Acct. No. 200932170056  
                                                                             
     Apparent Liability for Forfeiture       )   FRN: 0004330130             
                                                                             
                                             )                               
                                                                             
                                             )                               
                                                                             
                                             )                               


                  NOTICE OF APPARENT LIABILITY FOR FORFEITURE

   Adopted: February 25, 2009 Released: February 25, 2009

   By the Chief, Enforcement Bureau:

   I. INTRODUCTION

    1. In this Notice of Apparent Liability for Forfeiture ("NAL"), we find
       that E.Com Technologies, LLC dba First Mile Technologies ("First
       Mile") apparently willfully or repeatedly violated section 222 of the
       Communications Act of 1934, as amended (the "Act"), section 64.2009(e)
       of the Commission's rules and the Commission's EPIC CPNI Order. 
       Protection of CPNI is a fundamental obligation of all
       telecommunications carriers as provided by section 222 of the Act.
       Based upon our review of the facts and circumstances surrounding this
       apparent violation, we find that First Mile is apparently liable for a
       monetary forfeiture in the amount of two thousand dollars ($2,000).
       First Mile will have the opportunity to submit further evidence and
       arguments in response to this NAL to show that no forfeiture should be
       imposed or that some lesser amount should be assessed.

   II. BACKGROUND

    2. Section 222 imposes the general duty on all telecommunications
       carriers to protect the confidentiality of their subscribers'
       proprietary information. The Commission has issued rules implementing
       section 222 of the Act. The Commission required carriers to establish
       and maintain a system designed to ensure that carriers adequately
       protected their subscribers' CPNI. Section 64.2009(e) is one such
       requirement.

    3. In 2006, some companies, known as "data brokers," advertised the
       availability of records of wireless subscribers' incoming and outgoing
       telephone calls for a fee. Data brokers also advertised the
       availability of records of certain landline toll calls. On April 2,
       2007, the Commission strengthened its privacy rules with the release
       of the EPIC CPNI Order,  which adopts additional safeguards to protect
       CPNI against unauthorized access and disclosure. The EPIC CPNI Order
       was directly responsive to the actions of databrokers, or pretexters,
       to obtain unauthorized access to CPNI. The EPIC CPNI Order  and
       amended rule 47 C.F.R. S: 64.2009(e) require that all companies
       subject to the CPNI rules file annually, on or before March 1, a
       certification with the Commission that certifies to the company's
       compliance with the Commission's CPNI rules and provides an
       accompanying statement explaining how the company's procedures ensure
       that the company is or is not in compliance with the CPNI rules.
       Additionally, companies must now provide "an explanation of any
       actions taken against data brokers and a summary of all customer
       complaints received in the past year concerning the unauthorized
       release of CPNI."

   III. DISCUSSION

    4. On February 29, 2008, First Mile filed its annual CPNI compliance
       certificate with the Commission. The Bureau has determined that the
       CPNI compliance certificate filed by First Mile does not meet the
       requirements of section 64.2009(e) of the Commission's rules. The
       Commission's rules require that telecommunications carriers file their
       annual compliance certification with the Bureau on or before March 1.
       Thus, on March 1, First Mile had a non-compliant CPNI certification on
       file with the Commission. In particular, First Mile has failed to:
       submit an annual CPNI compliance certificate that provides an
       explanation of any actions taken against data brokers; and submit an
       annual CPNI compliance certificate that provides a summary of all
       customer complaints received in the past year concerning the
       unauthorized release of CPNI. Accordingly, First Mile's submission, on
       its face, does not comply with section 64.2009(e) of the Commission's
       rules. We conclude that First Mile is in apparent violation of section
       222 of the Act, section 64.2009(e) of the Commission's rules and the
       Commission's EPIC CPNI Order. For these apparent violations, we
       propose a forfeiture.

   IV. FORFEITURE AMOUNT

    5. Section 503(b) of the Communications Act authorizes the Commission to
       assess a forfeiture of up to $130,000 for each violation of the Act or
       of any rule, regulation, or order issued by the Commission under the
       Act. The Commission may assess this penalty if it determines that the
       carrier's noncompliance is "willful or repeated." For a violation to
       be willful, it need not be intentional. In exercising our forfeiture
       authority, we are required to take into account "the nature,
       circumstances, extent, and gravity of the violation and, with respect
       to the violator, the degree of culpability, any history of prior
       offenses, ability to pay, and such other matters as justice may
       require." In addition, the Commission has established guidelines for
       forfeiture amounts and, where there is no specific base amount for a
       violation, retained discretion to set an amount on a case-by-case
       basis.

   6. The Commission's forfeiture guidelines do not address the specific
   violation at issue in this proceeding. In determining the proper
   forfeiture amount in this case, however, we are guided by the principle
   that protection of subscribers' proprietary information is an important
   carrier obligation. Consumers are understandably concerned about the
   security of their sensitive, personal data that they must entrust to their
   various service providers, whether they are financial institutions or
   telephone companies. Given consumers' continued concern about the security
   of this data, and evidence that the data appears to be available to third
   parties, we must take serious steps to ensure that carriers implement
   necessary and adequate measures to protect their subscribers' CPNI, as
   required by the Commission's existing CPNI rules.

   7. In prior actions in 2006, the Commission issued Notices of Apparent
   Liability for Forfeiture proposing forfeitures in the amount of $100,000
   against carriers for violations of the Commission's CPNI rules. Under the
   rules operative at that time, carriers were not required to file the
   annual certification with the Commission but instead were required to make
   the certificate available to the Commission upon request. The Commission's
   investigations demonstrated that some companies appeared to pay little
   heed to rules which placed a duty upon them to maintain certifications and
   make the representations therein that processes were in place to protect
   CPNI without the further scrutiny of the Commission. Accordingly, a
   substantial forfeiture was proposed.

   8. As explained above, the Commission strengthened the CPNI rules in 2007,
   in part, as a response to earlier investigations, and imposed, among other
   things, the requirement that carriers submit the annual certifications to
   the Commission rather than rely solely on non-filed carrier certifications
   and representations of  compliance with the rules, without further
   scrutiny. We have conducted an extensive review of the certifications
   filed with the Commission to satisfy the March 1, 2008, filing deadline,
   as well as examined failures to satisfy the filing requirement all
   together. Informed by this analysis and our earlier investigations, we
   revise our forfeiture approach and adopt a maximum proposed forfeiture of
   $10,000 for the submission of an annual CPNI certification that fails to
   meet the requirements of section 64.2009(e). This revised proposed
   forfeiture is based on a number of factors. Specifically, we have
   considered compliance overall based on our review of the annual
   submissions; the expanded scope of the new rule to require additional
   types of information to be produced; and, the amount of forfeiture
   necessary to have the intended deterrent effect. With respect to this
   latter factor, we note that the vast majority of the companies affected
   are smaller companies. Given this fact, and that this is the first year of
   the filing requirement, we believe that the goal of deterring future
   non-compliance with respect to the required elements of section 64.2009(e)
   will be met by issuing proposed forfeitures consistent with the maximum
   amount proposed herein. We take noncompliance with our CPNI rules very
   seriously. To the extent that we determine that the forfeiture approach
   adopted herein does not have the intended deterrent effect, future
   noncompliance will face more severe penalties.

   9. In determining the appropriate proposed forfeiture, we are cognizant
   that certain violations are more technical in nature and do not greatly
   inhibit the Commission's ability to judge the effectiveness of a company's
   CPNI policies while others are more substantive in nature and limit the
   usefulness of the certification in determining overall compliance with the
   rules. In this case, First Mile has apparently failed to: submit an annual
   CPNI compliance certificate that provides an explanation of any actions
   taken against data brokers; and submit an annual CPNI compliance
   certificate that provides a summary of all customer complaints received in
   the past year concerning the unauthorized release of CPNI. Based on the
   nature of this noncompliance and all the facts and circumstances present
   in this case, we believe the proposed forfeiture of two thousand dollars
   ($2,000) is warranted.

   10. First Mile will have the opportunity to submit further evidence and
   arguments in response to this NAL to show that no forfeiture should be
   imposed or that some lesser amount should be assessed. For example, First
   Mile may present evidence that it has compelling, financial arguments to
   reduce the proposed forfeiture or that it has maintained a history of
   overall compliance. The Commission will fully consider any such arguments
   made by First Mile in its response to this NAL.

   V. ordering clauses

    1. We have determined that First Mile Technologies, by failing to: submit
       an annual CPNI compliance certificate that provides an explanation of
       any actions taken against data brokers; and submit an annual CPNI
       compliance certificate that provides a summary of all customer
       complaints received in the past year concerning the unauthorized
       release of CPNI, has apparently willfully or repeatedly violated
       Section 222 of the Act, section 64.2009(e) of the Commission's rules
       and the Commission's EPIC CPNI Order. We find First Mile apparently
       liable for a forfeiture of two thousand dollars ($2,000).

    6. ACCORDINGLY, IT IS ORDERED THAT, pursuant to Section 503(b) of the
       Communications Act of 1934, as amended, Section 1.80(f)(4) of the
       Commission's rules, and authority delegated by Sections 0.111 and
       0.311 of the Commission's rules, E.Com Technologies, LLC dba First
       Mile Technologies IS LIABLE FOR A MONETARY FORFEITURE in the amount of
       two thousand dollars ($2,000) for willfully or repeatedly violating
       Section 222 of the Act, section 64.2009(e) of the Commission's rules
       and the Commission's EPIC CPNI Order by failing to submit a compliant
       annual CPNI certificate.

    7. IT IS FURTHER ORDERED THAT, pursuant to section 1.80 of the
       Commission's rules, within thirty (30) days of the release date of
       this Notice of Apparent Liability for Forfeiture, E.Com Technologies,
       LLC dba First Mile Technologies SHALL PAY the full amount of the
       proposed forfeiture or SHALL FILE a written statement seeking
       reduction or cancellation of the proposed forfeiture.

    8. Payment of the forfeiture must be made by check or similar instrument,
       payable to the order of the Federal Communications Commission. The
       payment must include the NAL/Account Number and FRN Number referenced
       above. Payment by check or money order may be mailed to Federal
       Communications Commission, P.O. Box 979088, St. Louis, MO 63197-9000.
       Payment by overnight mail may be sent to U.S. Bank - Government
       Lockbox #979088, SL-MO-C2-GL, 1005 Convention Plaza, St. Louis, MO
       63101. Payment by wire transfer may be made to ABA Number 021030004,
       receiving bank TREAS/NYC, and account number 27000001. For payment by
       credit card, an FCC Form 159 (Remittance Advice) must be submitted.
        When completing the FCC Form 159, enter the NAL/Account number in
       block number 23A (call sign/other ID), and enter the letters "FORF" in
       block number 24A (payment type code). First Mile will also send
       electronic notification on the date said payment is made to
       Johnny.drake@fcc.gov. Requests for full payment under an installment
       plan should be sent to:  Chief Financial Officer -- Financial
       Operations, 445 12th Street, S.W., Room 1-A625, Washington, D.C. 
       20554.   Please contact the Financial Operations Group Help Desk at
       1-877-480-3201 or Email: ARINQUIRIES@fcc.gov with any questions
       regarding payment procedures. 

    9. The response, if any, must be mailed both to the Office of the
       Secretary, Federal Communications Commission, 445 12th Street, SW,
       Washington, DC 20554, ATTN: Enforcement Bureau - Telecommunications
       Consumers Division, and to Marcy Greene, Deputy Chief,
       Telecommunications Consumers Division, Enforcement Bureau, Federal
       Communications Commission, 445 12th Street, SW, Washington, DC 20554,
       and must include the NAL/Acct. No. referenced in the caption.

   10. The Commission will not consider reducing or canceling a forfeiture in
       response to a claim of inability to pay unless the petitioner submits:
       (1) federal tax returns for the most recent three-year period; (2)
       financial statements prepared according to generally accepted
       accounting practices; or (3) some other reliable and objective
       documentation that accurately reflects the petitioner's current
       financial status. Any claim of inability to pay must specifically
       identify the basis for the claim by reference to the financial
       documentation submitted.

   11. IT IS FURTHER ORDERED that a copy of this Notice of Apparent Liability
       for Forfeiture shall be sent by Certified Mail Return Receipt
       Requested and First Class Mail to the company at 14300 Clay Terrace
       Blvd., Suite 200, Carmel, IN 46032 and Caressa Bennet, Bennet &
       Bennet, 1000 Vermont Ave. NW, Washington, DC 20005.

   FEDERAL COMMUNICATIONS COMMISSION

   Kris Anne Monteith

   Chief, Enforcement Bureau

   47 U.S.C. S: 222.

   47 C.F.R. S: 64.2009(e).

   Implementation of the Telecommunications Act of 1996: Telecommunications
   Carriers' Use of Customer Proprietary Network Information and Other
   Customer Information; IP-Enabled Services, CC Docket No. 96-115; WC Docket
   No. 04-36, Report and Order and Further Notice of Proposed Rulemaking, 22
   FCC Rcd 6927, 6953 (2007) ("EPIC CPNI Order"); aff'd sub nom. Nat'l Cable
   & Telecom. Assoc. v. FCC, No. 07-132, (D.C. Cir. Decided Feb. 13, 2009).

   CPNI is defined as information that relates to the quantity, technical
   configuration, type, destination, location, and amount of use of a
   telecommunications service subscribed to by any customer of a
   telecommunications carrier, and that is made available to the carrier by
   the customer solely by virtue of the customer-carrier relationship. See 47
   U.S.C. S: 222(h)(1)(A); 47 C.F.R. S: 64.2003(d)

   See 47 U.S.C. S: 503(b)(4)(A). The Commission has authority under this
   section of the Act to assess a forfeiture penalty against a common carrier
   if the Commission determines that the carrier has "willfully or
   repeatedly" failed to comply with the provisions of the Act or with any
   rule, regulation, or order issued by the Commission under the Act. The
   section provides that the Commission must assess such penalties through
   the use of a written notice of apparent liability or notice of opportunity
   for hearing.

   47 U.S.C. S: 503(b)(4)(C); 47 C.F.R. S: 1.80(f)(3).

   Section 222 of the Communications Act, 47 U.S.C S: 222, provides that:
   "Every telecommunications carrier has a duty to protect the
   confidentiality of proprietary information of, and relating to, other
   telecommunications carriers, equipment manufacturers, and customers,
   including telecommunication carriers reselling telecommunications services
   provided by a telecommunications carrier." Prior to the 1996 Act, the
   Commission had established CPNI requirements applicable to the enhanced
   services operations of AT&T, the Bell Operating Companies ("BOCs"), and
   GTE, and the customer premises equipment ("CPE") operations of AT&T and
   the BOCs, in the Computer II, Computer III, GTE Open Network Architecture
   ("ONA"), and BOC CPE Relief proceedings. See Implementation of the
   Telecommunications Act of 1996: Telecommunications Carriers' Use of
   Customer Proprietary Network Information and Other Customer Information
   and Implementation of Non-Accounting Safeguards of Sections 271 and 272 of
   the Communications Act of 1934, as amended, CC Docket Nos. 96-115 and
   96-149, Second Report and Order and Further Notice of Proposed Rulemaking,
   13 FCC Rcd 8061, 8068-70,  para. 7 (1998) ("CPNI Order") (describing the
   Commission's privacy protections for confidential customer information in
   place prior to the 1996 Act).

   See CPNI Order. See also Implementation of the Telecommunications Act of
   1996: Telecommunications Carriers' Use of Customer Proprietary Network
   Information and Other Customer Information and Implementation of the
   Non-Accounting Safeguards of Sections 271 and 272 of the Communications
   Act of 1934, as amended, CC Docket Nos. 96-115 and 96-149, FCC 99-223,
   Order on Reconsideration and Petitions for Forbearance 14 FCC Rcd 14409
   (1999);  2000 Biennial Regulatory Review -- Review of Policies and Rules
   Concerning Unauthorized Changes of Consumers' Long Distance Carriers, CC
   Docket No. 00-257,  Third Report and Order and Third Further Notice of
   Proposed Rulemaking, 17 FCC Rcd 14860 (2002); EPIC CPNI Order, supra. n.3.

   See, e.g., http://www.epic.org/privacy/iei/.

   See id.

   EPIC CPNI Order, 22 FCC Rcd 6927.

   Id. at 6928.

   Id. at 6953; 47 C.F.R. S: 64.2009(e). Prior to the issuance of the EPIC
   CPNI Order, carriers were required to maintain in their files an annual
   CPNI Certification that certified to the company's compliance with the
   Commission's CPNI rules and provided an accompanying statement explaining
   how the company's procedures ensure that the company is or is not in
   compliance with the CPNI rules. The rule also required carriers to make
   the certification available upon request.

   22 FCC Rcd at 6953. Specifically, pursuant to section 64.2009(e): A
   telecommunications carrier must have an officer, as an agent of the
   carrier, sign and file with the Commission a compliance certificate on an
   annual basis. The officer must state in the certification that he or she
   has personal knowledge that the company has established operating
   procedures that are adequate to ensure compliance with the rules in this
   subpart. The carrier must provide a statement accompanying the
   certification explaining how its operating procedures ensure that it is or
   is not in compliance with the rules in this subpart. In addition, the
   carrier must include an explanation of any actions taken against data
   brokers and a summary of all customer complaints received in the past year
   concerning the unauthorized release of CPNI. This filing must be made
   annually with the Enforcement Bureau on or before March 1 in EB Docket No.
   06-36, for data pertaining to the previous calendar year. 47 C.F.R. S:
   64.2009(e).

   Section 503(b)(2)(B) provides for forfeitures against common carriers of
   up to $130,000 for each violation or each day of a continuing violation up
   to a maximum of $1,325,000 for each continuing violation.  47 U.S.C. S:
   503(b)(2)(B). See Amendment of Section 1.80 of the Commission's Rules and
   Adjustment of Forfeiture Maxima to Reflect Inflation, 15 FCC Rcd 18221
   (2000); Amendment of Section 1.80 of the Commission's Rules and Adjustment
   of Forfeiture Maxima to Reflect Inflation, 19 FCC Rcd 10945 (2004)
   (increasing maximum forfeiture amounts to account for inflation).

   47 U.S.C. S: 503(b)(1)(B) (the Commission has authority under this section
   of the Act to assess a forfeiture penalty against a common carrier if the
   Commission determines that the carrier has "willfully or repeatedly"
   failed to comply with the provisions of the Act or with any rule,
   regulation, or order issued by the Commission under the Act); see also 47
   U.S.C. S: 503(b)(4)(A) (providing that the Commission must assess such
   penalties through the use of a written notice of apparent liability or
   notice of opportunity for hearing).

   Southern California Broadcasting Co., 6 FCC Rcd 4387 (1991).

   See 47 U.S.C. S: 503(b)(2)(D); see also The Commission's Forfeiture Policy
   Statement and Amendment of Section 1.80 of the Commission's Rules, 12 FCC
   Rcd 17087 (1997) ("Forfeiture Policy Statement"); recon. denied, 15 FCC
   Rcd 303 (1999).

   Forfeiture Policy Statement, 12 FCC Rcd 17098-99, P: 22.

   See, e.g., AT&T, Inc., Notice of Apparent Liability for Forfeiture, 21 FCC
   Rcd 751 (Enf. Bur. 2006); Alltel Corp., Notice of Apparent Liability for
   Forfeiture, 21 FCC Rcd 746 (Enf. Bur. 2006); Cbeyond Communications LLC,
   Notice of Apparent Liability for Forfeiture, 21 FCC Rcd 4316 (Enf. Bur.
   2006).

   See n.14.

   Because the EPIC CPNI Order took effect on December 8, 2007, the new
   reporting requirements were only in effect from that date until the end of
   the calendar year.

   The Commission retains the discretion to impose a higher forfeiture in
   cases of future noncompliance.

   47 U.S.C. S: 503(b)(4)(A).

   47 U.S.C. S: 503(b)(4)(C); 47 C.F.R. S: 1.80(f)(3).

   47 C.F.R. S: 1.80(b)(4) (discussing factors the Commission or its designee
   will consider in deciding appropriate forfeiture amount).

   47 U.S.C. S: 503(b).

   47 U.S.C. S: 1.80(f)(4).

   47 C.F.R. S:S: 0.111, 0.311.

   47 C.F.R. S: 1.80.

   (Continued from previous page)

   (continued....)

   Federal Communications Commission DA 09-380

   2

   2

   Federal Communications Commission DA 09-380