CLICK HERE TO VIEW THE OCTOBER 2015 ENFORCEMENT NEWSLETTER

This edition summarizes notable new FCC-related enforcement matters during the third quarter of 2015. Questions or comments may be addressed to David H. Solomon at (202) 383-3369 or dsolomon@wbklaw.com.

• In a News Release involving more general criticism of the FCC, Commissioner Pai referred to  the FCC as pursuing “an enforcement scheme unconstrained by the rule of law.”  During a congressional hearing, he similarly criticized recent FCC enforcement for focusing on headlines and  raising due process concerns by imposing penalties where the law isn’t clear. These criticisms are  consistent with those previously made by Commissioner O’Rielly.
• In a speech on the FCC’s consumer protection role, Gigi Sohn, Counselor to Chairman Wheeler, stressed the agency’s stepped-up enforcement regarding slamming, cramming, privacy and data breaches, open Internet transparency, Wi-Fi blocking, robocalls, and public safety.

• The Enforcement Bureau entered into a Consent Decree resolving (1) a prior $10 million Notice  of Apparent Liability (“NAL”) alleging that two related companies violated Sections 201(b) and 222(a) of the Communications Act by failing to protect the confidentiality of “proprietary information” they received from customers applying to demonstrate eligibility for their low-income Lifeline phone services, and (2) a separate investigation regarding compliance with FCC instructions to remove ineligible Lifeline subscribers. The proprietary information did not include Customer Proprietary Network Information (“CPNI”), which is covered explicitly by Section 222(c) of the Act and the FCC’s CPNI rules.
  
  • The Consent Decree included a $3.5 million civil penalty resolving both the NAL and the separate Lifeline investigation and imposed significant compliance measures in order for the companies to “improve their privacy and data security practices,” including by (i) designating a senior corporate manager who is a certified privacy professional; (ii) conducting a privacy risk assessment; (iii) implementing a written information security program; (iv) maintaining reasonable oversight of third party vendors; (v) implementing a data breach response plan; and (vi) providing privacy and security awareness training to employees.  Notably, for purpose of the consent decree, the companies admitted that their actions violated Sections 201(b) and 222(a).  The Consent Decree included separate admissions and compliance provisions regarding the Lifeline issues.  The core data security compliance requirements remain in effect for eight years rather than the typical three-year period in most Consent Decrees and the seven-year period for data security compliance requirements in another Consent Decree earlier this year.
    • Commissioner O’Rielly issued a statement indicating that the Consent Decree “highlights the problem of making policy through enforcement actions” and expressing concern that “attempts will be made to cite the Consent Decree as precedent for an entire industry even though it was a product of company-specific negotiations.”  He also expressed concern that entities that had no opportunity to comment on the Commission’s “claims or legal theories” will now “be forced to embrace the product of a closed and slanted process that will be portrayed as consensus practice and rules.”

• The Enforcement Bureau entered into a Consent Decree with a nationwide wireless carrier in connection with a 911 outage. The Consent Decree referenced Section 4.9 of the Commission’s rules  (regarding notifications to PSAPs of network outages) and Sections 20.18(b) and 64.3002 of the Commission’s rules (requiring carriers to deliver all 911 calls to a PSAP, a designated statewide answering default answering point, or an appropriate local emergency authority).  The carrier agreed to pay a fine of $17.5 million, agreed to an extensive compliance plan, and admitted that the rules required timely notification of the outage to PSAPs and that they did not provide such timely notice.  This was the highest single FCC enforcement action in this area, although the combined fines for carriers in connection with another 2014 outage was higher — $20.8 million.
• The Enforcement Bureau entered into Consent Decrees with three providers of Internet protocol captioned telephone service regarding their failure to deliver 911 calls to PSAPs and related claims for reimbursement from the Telecommunications Relay Service Fund.  The companies admitted violations, agreed to pay penalties of $1.175 million, $235,000, and $25,000, and agreed to extensive compliance plans.
  • The $25,000 Consent Decree, with a small company that appears not to have been represented by an attorney, included a novel provision regarding future violations of the Consent Decree. The company agreed to a procedure, not reflected in the Communications Act or FCC rules, in which (1) the Bureau would notify the company of any noncompliance and propose a “civil penalty” (not a forfeiture) of up to $50,000, (2) the company would have an opportunity to respond, (3) the Bureau would then impose a civil penalty through a “Demand for Payment,” and (4) the company “shall pay” the civil penalty, apparently with no right to Commission review or court appeal.  It is not clear at this point whether this provision relates to specific circumstances of this case or in what other contexts the Bureau may attempt to use it.

• The Commission entered into a $90,000 Consent Decree with a television station in connection with its renewal application and issues regarding compliance with the requirement to provide sufficient programming specifically designed to serve the educational and information needs of children (“CORE programming”).  The licensee relied on repeated airing of the same episodes of CORE programming, which the Media Bureau found insufficient for purposes of the renewal processing guideline that permits grant of television renewal applications on delegated authority if the station airs three hours of CORE programming a week.  The Commission Order granting the renewal and adopting the Consent Decree stated that the Commission had made clear that regularly scheduled weekly programming was intended to be comprised of different episodes of the same program, not repeats of a single-episode special.
  • This Commission-level Consent Decree (arising from a Media Bureau matter) included a compliance plan, but differed from most recent Enforcement Bureau Consent Decrees in that it included a “voluntary contribution” to the U.S. Treasury (rather than a “fine” or “civil penalty”) and an explicit statement that the station was not admitting liability.

• As part of a review of the Enforcement Bureau’s Field operations, the Commission ordered the closure of 11 of the 24 Field offices.  These closures, along with a new requirement that Field agents have an electrical engineering background, will result in a reduction in Field staff from 98 to 54 employees.  The Commission said that cost savings from the personnel reductions and other steps will not be used to increase the number of full- time non-field related employees in the headquarters (Washington, D.C.) office of the Enforcement Bureau.  The Office of Managing Director has indicated that the Commission hopes to complete the closures by February 2016.
  • The Commission also directed the Enforcement Bureau to establish procedures for industry and public safety complainants to escalate their complaints within the Field organization and indicated that the Commission will “continue to work with outside stakeholders to develop a comprehensive policy and enforcement approach” to pirate radio.  The Enforcement Bureau issued a Public Notice announcing steps it will take to enhance its public safety and industry complaint intake and case management systems, including an escalation procedure.
  • With respect to pirate radio, in response to congressional inquiries, the Chairman stated the problem “cannot be solved by enforcement alone,” given FCC staffing constraints and the higher priority given to matters involving “imminent threat to public safety or directly harming large number of consumers,” and announced the creation of an inter-Bureau task force to develop policy and enforcement options. Subsequently, Commissioner O’Rielly issued a “Draft Pirate Radio Policy and Enforcement Statement,” which proposed a “vigorous campaign of enforcement activity to direct and permanently terminate all pirate radio stations” as well as an educational component.
• The Enforcement Bureau issued three $15,000 NALs against pirate radio operators with a history of unlawful operation.  Two of the NALs noted that the Bureau had previously issued Notices of Unauthorized Operation against property owners.

• The Commission issued a $2.96 million Forfeiture Order regarding violations of the Telephone Consumer Protection Act restrictions on the making of pre-recorded advertising calls.  The Commission had issued an NAL in the case four years ago.
• The Enforcement Bureau issued two Citations against entities that did not permit people to sign up for their service without agreeing to receive automated telemarketing calls or text messages to their wireless numbers. Although the relevant rule prohibits making such calls or sending such text messages without obtaining express prior written consent that is not a condition of receiving the service, the citations did not reference any unlawful calls or texts, or even any complaints.  Rather, the citations found the companies’ terms of service/practices to be inconsistent with the definition of express prior written consent. It is highly unusual, if not unprecedented, to find a violation of a definition, as opposed to an operative requirement. This action underscores the Enforcement Bureau’s aggressive approach to TCPA enforcement, and consumer protection enforcement more generally.

• The Commission released a $2.4 million NAL against a reseller for slamming, cramming, and related misrepresentation.  The Commission also issued a $9.065 million Forfeiture Order affirming a recent NAL to which the target had not responded.

• Merger Enforcement: In connection with its approval of the AT&T/DIRECTV merger, in order to “ensure compliance with the conditions it imposed, the Commission required AT&T to retain an independent, external compliance officer to monitor and report to the Commission on compliance. In his partial dissent, Commissioner Pai said there “is no justification for the Commission to adopt this extraordinary condition” and that it “establishes a dangerous precedent” in that “virtually any transaction” before the FCC could now result in a “Commission-selected solon with vast powers.” The Commission also indicated that material noncompliance with the Fiber to the Premises Deployment condition will result in extension of all of the conditions until completion of the required buildout.
• Wi-Fi Deauthentication: The Enforcement Bureau entered into a $750,000 Consent Decree with a company that used deauthentication to prevent use of alternate Wi-Fi systems in connection with its management of Wi- Fi at convention venues.  The Bureau had previously entered into a $600,000 Consent Decree with a major hotel company for similar behavior, which the Bureau describes as “Wi-Fi Blocking.” Neither Consent Decree included an admission of liability.  The Enforcement Bureau’s interpretation that Wi-Fi systems are “radio stations” under the Communications Act and thus protected by Section 333’s ban on malicious or willful interference could raise some novel regulatory issues, particularly if the Commission or other FCC bureaus and offices ultimately agree with the Enforcement Bureau’s interpretation.
• Class A TV: The Commission entered into a $30,000 Consent Decree with a Class A television licensee terminating a proceeding to consider downgrading the license from Class A to low power status for having been off the air for an extended period of time and also settling public inspection file issues.  This Consent Decree (arising from a Media Bureau matter) included a “voluntary contribution” rather than a “penalty” or “civil fine.” Also, while it did include an admission, unlike most Enforcement Bureau Consent Decrees, it did not include a compliance plan.  The Commission also agreed to renew the Class A license.