Photo of C. Douglas Jarrett

This is our closing entry on sustainable telecommunications agreements, highlighting basic points associated with “Legal Terms and Conditions,” referencing prior entries for more detailed explanation.  In the near future, we will supplement these six (6) entries with several dealing with Wireless services, including M2M services.

Dispute Resolution.  Customers’ standard practices on dispute resolution procedures (arbitration or adjudication (with or without mediation)) should apply to disputes under telecom agreements.  Carriers’ standard approach for resolving disputes, procedure and venues, such as adjudication in courts located in New York City, are often non-starters.  We previously highlighted the pros and cons for arbitrating disputes arising under these agreements.  The AAA commercial arbitration rules were recently updated, effective October 1, 2013.  Some carriers prefer the arbitration procedures established for consumers (to avoid class action litigation).

Termination Rights.  Limited termination rights are artifacts of the pre-Internet era when private lines (connecting discrete points) were the only “data” service, and e-commerce was conducted solely at inbound call centers.  The carriers’ position that terminations be limited to the “affected service” is a non-starter, as customers increasingly rely on any-to-any services such as MPLS and VPLS.

Service issues at major locations impact enterprise-wide communications and operations and should be addressed from the perspective of adverse customer impact.  As previously noted, without sufficient time to migrate to a replacement carrier/services, a termination right can easily become “a cure worse than the disease.”

In addition, chronic billing issues deprive customers of an essential element of the agreement: agreed upon pricing (savings) for the entire agreement, not just a particular service.  Thus, the agreement should be reviewed carefully to ensure that chronic billing issues are not excluded from the termination provision.

Limitations on Damages.  The standard exclusion of consequential, special and incidental damages should apply to each party.  Customers should secure the same cap on damages as the carriers, however that number is calculated.  The preferred approach for termination of the entire agreement or partial discontinuances for cause should provide for damages equal to the difference between the replacement service and the discontinued service.  In addition, the agreed upon commitment level should be reduced in proportion to the lost revenue attributable to any partial termination.

Indemnities.  Our basic position is that indemnities should be limited (for both customer and carriers).  A 2012 entry outlined our reservations over carriers demanding a series of new indemnities.  The indemnities that customers should demand are those associated with data security breaches arising under data center and cloud computing services offered by the carriers, particularly those breaches that trigger reporting and notification obligations, fines, or penalties under either state laws or industry-specific data security requirements.

Precedence Clauses and URL Provisions.  Telecommunications services agreements can include a number of attachments and schedules, as well as multiple on-line documents (“service guides”), the provisions of which are incorporated into the services agreements.  The standard “precedence clause” does not adequately address the ability of carriers to “add” new provisions to their online terms and conditions and, in turn, the agreement.  Thus, a more comprehensive approach is warranted in drafting the precedence clause to insulate the agreement from these changes.

Photo of C. Douglas Jarrett

For years, the carriers have rejected commitments related to the security of customers’ voice and data communications traversing their networks.  This entry focuses on how this position undermines the carriers’ interests in offering or partnering in the provision of data center and cloud computing services in which carriers must compete with established players or tech-savvy start-ups that understand data security is central to the value of these non-transport offerings.

Carriers’ Longstanding Positions on Customer Data.  The carriers have systematically rejected responsibility for customer data in connection with their transport services, maintaining customers can address these concerns by encrypting their communications. In regard to toll fraud, the carriers’ persistent position is that toll fraud is the customer’s problem.  On customer proprietary network information, the carriers strive to extract the customer’s consent allowing the carrier to share CPNI with affiliates and agents and require the customer to affirmatively revoke the consent after contract signing, contrary to the spirit and intent of 47 USC § 222. The confidentiality provision in carrier agreements exists principally to limit disclosure of the terms and conditions in the agreement.

The Challenge for Carriers in Non-Transport Services.  This aversion to reasonable commitments regarding the integrity of customer communications is a challenge for carriers looking to upsell firewall, intrusion detection and other network security offerings and data center and cloud computing services for which customer data and network security are paramount concerns.  The carriers’ longstanding position on customer data security is not responsive in the current legal environment in which enterprises find themselves.  Companies must comply with state laws and foreign directives on data privacy and breach notification obligations, industry-specific laws and regulations, such as the HIPPA Privacy, Security and Breach Notification rules, and industry-specific standards, such as the Payment Card Industry standards (collectively referred to as “Data Privacy Laws and Standards”).

The value proposition for data center services requires providers to assume control and responsibility for the integrity and security of their data center operations.  Specific provisions obligating the site operator to deploy fire suppression technologies, electrical power back-up systems, physically diverse paths for connectivity to and from the facility, temperature controls and physical security are standard provisions.  If the operation of the data center implicates customers’ obligations under Data Privacy Laws and Standards, the customer reasonably expects the data center provider to indemnify the customer for the costs, expenses and fines triggered by the services providers’ actions.  Similarly, customers reasonably expect that their data reside in designated data centers and not re-located or transferred to physical facilities in other areas that trigger additional obligations under Data Privacy Laws and Standards.

These and related considerations over the loss of trade secrets and proprietary information are even more compelling in connection with cloud computing services.  Customers reasonably expect that providers of network security services and data center and cloud computing services will conduct SOC 2 and SOC 3 reviews and even share the results of the service organization’s SOC 3 audits.

The major so-called “public cloud providers” may well resist provisions on data privacy and security, maintaining their offerings are highly standardized and available only under standard terms and conditions.  On the other hand, other cloud services providers including those partnering with the major carriers are among those expected to respond in a reasonable fashion to the data security interests of enterprise customers.  Telecommunications carriers would be well-served to abandon their intransience regarding customer expectations on data security and integrity if they expect to compete in the rapidly growing markets for these services.

Photo of C. Douglas Jarrett

Wireline services providers should meet four basic service obligations:  provision services and circuits in a timely manner; meet or exceed service level commitments; timely and accurately bill for services; and, meet reasonable customer care expectations.  The services providers’ standard agreements do not always reasonably define these carrier obligations or address the consequences of failing to meet these obligations.

Provisioning.  Customers are focused on timely provisioning of services when either transitioning to a successor carrier or ordering additional services, looking to their carrier/ISP to manage access circuit provisioning.  Depending on the service and services provider, provisioning SLAs may be offered.

For significant MPLS or VPLS network migrations, an enterprise must maintain connectivity and minimize the period during which it pays both the successor and incumbent carriers for two versions of essentially the same service.  A major risk typically not addressed in provisioning SLAs is associated with the delay in provisioning very high capacity access connections.  If these installations are delayed for a significant period, as lower capacity DS-1 or Ethernet connections are provisioned, the duration and cost of operating two networks can extend well beyond the period reasonably considered in the business case supporting the decision to migrate to a successor carrier.

This financial risk can be mitigated by a credit schedule that obligates the successor carrier to issue credits for its services for the period that dual network operations must be maintained beyond a certain date.  Alternatively, assuming the high capacity access circuits are not installed by this date, billing for installed successor network access connections and ports should abate until all access services to major customer locations are provisioned and tested.  Terminating the successor carrier for cause (at some point) is an option, but at this juncture in the procurement cycle the customer has little negotiating leverage with the incumbent or any other carrier.

Service Level Agreements.  Service reliability and availability are customers’ continuing priorities.  Carriers offer a range of service-specific SLAs.  Some are lodged in carrier service guides; others provided as attachments to agreements.  In evaluating SLAs, certain considerations are paramount.  Credits are the standard remedy for SLA exceedances and are typically capped by the cost of service (to a particular location).  Except in managed environments, customers must call in the trouble ticket to trigger the carrier’s obligation to remedy the trouble.

The point at which SLA metrics, such as mean time to repair (MTTR), jitter/latency and availability, are measured is another basic consideration in assessing SLAs.  These points may be at the services provider’s network edge (its closest point of presence (POP) or data center) or at customer edge locations (the demarcation point at or its router or switch within the customer’s premises).  Another consideration is whether the SLA’s conditions and exceptions effectively negate the value of the SLA.

While negotiating custom SLAs with carriers can be a futile task, higher thresholds for a given metric, such as availability, are usually obtainable.  Carriers offer a menu of options, each at an incremental price or charge, to deliver a higher service level.  The options include multiple customer routers, managed router services, diverse access arrangements to a common or multiple carrier POPs or data centers.

For non-chronic service issues, credits are a reasonable remedy.  Carriers overreach, in our view, when adding language to the effect that credits are the customer’s sole remedy for SLA exceedances.  Also, at some point, credits are inadequate; chronic service troubles at a major customer location seriously can impact a customer’s business and operations.  This is particularly true for “any-to-any” services such as MPLS and VPLS and for high speed Internet access service for e-commerce sites.

While the concept of “chronic” may vary from customer to customer, customers should negotiate escalating remedies concluding with termination in order to address chronic service problems.  Escalations include root cause analyses, re-provisioning, or SLA upgrade measures (access diversity, carrier POP or switch diversity, or implementation of managed services) at no additional charge.  If the troubles continue, termination is the customer’s last option.  (We discuss termination rights and damages caps in a subsequent entry).

Continue Reading Sustainable Wireline Agreements–Substantive Carrier Obligations

Photo of C. Douglas Jarrett

The 2nd entry explained the sources of customer leverage.  This and the remaining entries offer insights into exercising this leverage to achieve balanced, sustainable agreements.  This entry focuses on the major pricing considerations in wireline services agreements.

Sustainable Agreements.  From the customer’s perspective, a sustainable agreement provides market pricing throughout the term, supports growth in bandwidth requirements and network expansion, allows the customer to add services or to migrate to new services at nominal costs, obligates the carrier to address/resolve instances of subpar service, and provides a workable process for resolving disputes, particularly billing disputes.

The Agreement Should Have a “Flat Pricing Structure.”  There are two elements to a “flat pricing structure.”  The first is fixed rates for the term, as opposed to percentage discounts of standard rates.  The latter are typically set out in the carriers’ on line pricing schedules or guides that carriers can change from time to time at their discretion.  The second is what we call “consistent pricing” in which the net rates are in effect beginning the 1st month and extending throughout the term.  By contrast, the carriers opt to issue credits (“performance credits,” “incentive credits,” etc.), effectively deferring the projected net rates or “savings” until late in the term of an agreement.

This use of these credits complicates pricing reviews and forces customers to rev-up the procurement process to establish “a credible threat of loss” to obtain/maintain competitive rates.  Deferred credits also obligate customers to pay higher monthly taxes, regulatory surcharges, and carrier administrative charges all of which are based on the billed rate for the services provided. Collectively, these assessments can approximate 10% to 20% of monthly charges.  Deferred credits require the customer to “carry” the inflated assessments for non-discounted rates until the credit is issued months later.

Pricing Reviews.  The markets for wireline services and associated managed services are reasonably dynamic.  While only carriers offer transport services, multiple entities offer managed services.  Changes in market pricing occur episodically. Customers want to capture these downward changes at reasonable intervals, typically on an annual basis.  This is the purpose of pricing review clauses.

The challenge in negotiating these provisions is, as Rick Sigel noted during our briefings this past spring, that these provisions must have “some teeth,” and not a mere promise from the carrier to meet and talk.  For example, if the enterprise or its consultant reasonably establishes that prices have moved downwards, typically beyond some nominal amount, and the service provider declines to make an appropriate adjustment, there should be a consequence. The commitment level should be reduced or the term of agreement abbreviated.

Minimum Commitments.  A focal point of almost every negotiation is the customer’s minimum expenditure commitment, which reflects an agreed upon percentage of projected cumulative expenditures.  The minimum commitment imposes a “take or pay” obligation on the customers. Carriers often push to add incentive credits (an expenditure threshold must be exceeded to earn the credit) and service-specific commitments.  The latter are intended to increase the cost of migrating portable services, such as high speed Internet access services, to another carrier.  In lieu of a service-specific commitment, the carrier may impose a term-length minimum service retention period.

On occasion, no-commitment, volume pricing tiers is offered.  While the carriers largely dismiss this idea, zero commitment agreements should be more prevalent, particularly for deals having substantial MPLS expenditures.  The value of MPLS’ “any-to-any connectivity” and the resources required in establishing these enterprise-wide networks negates the likelihood of customer migrations, absent serious service issues.

While many consultants prefer “term” commitments over “annual” commitments, the author puts greater weight on the commitment level (percentage of projected spend) as opposed to whether it is a term or annual commitment.  A relatively modest minimum commitment provides customers with a measure of flexibility to migrate traffic to other carriers, providing a de facto “self-help” remedy if substantial service, pricing or support issues arise.  Consultants prefer the term commitment, according to Dick Sigel, because it often allows the customer to renegotiate rates earlier during a three-year deal.

Customers typically seek a “business downturn” clause which is intended to provide the customer an opportunity to negotiate relief from the shortfall payment obligations for not satisfying its minimum commitment due to substantial business downturns, major sales or divestitures.  Workouts include extensions of the contract term or increased rates to meet or approximate the revenue shortfall.

Another longstanding provision is a technology migration clause.  This provision is intended to minimize the impacts (minimum commitment shortfalls, typically) of migrating to a different service/technology to meet existing requirements at a lower price or to meet requirements that are not met in an optimal fashion by the incumbent’s portfolio of services.  This provision addresses two different scenarios.  The first is when another carrier offers a new, innovative service not offered by the incumbent.  The second arises when the customer elects to migrate from one technology to another, such as shifting from MPLS to an Internet-based VPN arrangement.  In both cases, the incumbent carrier is looking at a reduction in revenues. Accordingly, carriers typically offer a promise to talk in these circumstances.

Photo of C. Douglas Jarrett

Thumbnail image for Picture 16.pngTelecommunications services procurements are predictable recurring events.  The standard terms for wireline and wireless agreements are three and two years, respectively, often with one or two 1-year renewal terms. Enterprises may either engage in the process proactively or let the carriers’ dictate the rules of the game.  From any number of perspectives, proactive engagement is far preferable.

This is the second entry in a series on procuring telecommunications services. This entry focuses on the sources of customer leverage in negotiations with services providers.  

The content is tilted toward wireline procurements, but the major distinctions of wireless procurements are highlighted at the end. 

Establishing the Opportunity or the Threat of Loss

This past spring Rick Sigel of Silver Lining Telecom and I conducted several briefings on best practices in telecommunications services procurements.  Rick noted that enterprise customers possess two sources of leverage: (1) the ability to direct new business to a services provider or, for the incumbent carrier(s), establishing a credible threat of loss of business; and (2) conducting an organized, even-handed procurement.  The latter establishes the credible threat of loss.

The first leverage point is intuitive, but often overlooked.  Carrier account teams want new business from customers—organic growth from an existing customer, more data services, or replacing the incumbent carrier’s services.  If there is little change in current business and no threat of loss, contract renewal negotiations with the incumbent can drag-on interminably.  By contrast, if substantial new business is at hand, carrier account teams engage their product managers, offer managers and in-house counsel to get the deal done.

In order to make the internal business case, the hard and soft costs associated with a procurement should be quantified.  Hard costs include costs of services from both incumbent and successor carriers during some part of the transition process, new CPE or CPE modifications, and costs of consultants and outside counsel.  Soft costs include internal resources required to undertake the procurement and support the transition.

Be Prepared and Committed to the Procurement Process 

Timing.  The process must be initiated well prior to expiration of the customer’s existing contract to elicit serious responses.  Carriers know that customers (1) require substantial time and must devote limited internal resources to migrate services to successor carriers, and (2) want to avoid/minimize the sharp increase in pricing that occurs at contract expiration as the incumbent carrier’s rack rates come into effect.  Potential successor carriers will not participate or tender pro forma responses, if the RFP is constructed haphazardly or issued too close to current contract expiration.

Accurate Demand Sets and Thorough RFPs.  There is nothing virtual about demand sets and RFPs.  Services providers need to know customer locations, usage profiles/details for voice and wireless, number of users, bandwidth requirements (port sizes)—existing and proposed—to assess the opportunity, develop cost models, formulate proposed pricing and otherwise complete the responses to the RFPs.  The RFP should be structured to elicit a thorough and helpful response, and accommodate “apples to apples” comparisons of all bidders’ responses.  

Qualified Bidders.  Rick Sigel also noted that a customer should qualify the bidders to whom it wishes to issue an RFP.  Past experience, the carrier’s footprint, service offerings, and, its financial position are among the factors to consider in developing a bidder’s list.  Technology Companies may have more potentially qualified bidders because they typically do not maintain as many locations as other enterprise customers and their priority service tends to be high speed dedicated Internet access which is offered by almost all Tier 1 to Tier 3 carriers.  A related consideration is whether to structure the procurement to award business to a primary and secondary carrier.

Knowledgeable Consultants.  Most companies, except for some of the very largest enterprises, benefit by retaining experienced procurement consultants.  Few enterprises have staff experienced in developing demand sets and structuring RFPs relevant to telecommunications procurements.  Even if inclined to employ these individuals, enterprise staff are not regularly involved in procurements and challenged in determining current pricing trends and carrier strategies.

Current competitive pricing is not publicly available, except for some government contracts. While subject to strict confidentiality obligations, consultants are in a position to advise whether a customer’s current rates or carriers’ proposed rates are “at or near current market rates.” 

Continue Reading Wireline and Wireless Procurements–Sources of Leverage

Photo of C. Douglas Jarrett

This is the first in a series of entries on wireline and wireless procurements, from the perspective and for the benefit of today’s enterprise customers.  This entry highlights the distinctions between wireless and wireline procurements.  In subsequent entries, we identify the sources of customer leverage and explain the merits of negotiating the best possible agreements; review priority business and legal terms and conditions, including positioning the customer for its next procurement; and, conclude with an entry on customer-oriented remedies.

Introduction.  The customer base and demand sets for enterprise wireline services are undergoing a major transition.  E-commerce site operators, social networks and cloud computing entities (“Technology Companies”) have joined the Fortune 1000, state governments and the Federal government as major enterprise services customers.  Technology Companies tend to have noticeably fewer sites, but far higher bandwidth requirements.  High speed Internet access service, not circuit-switched voice, is the ubiquitous wireline service.  MPLS has displaced frame relay.    Customers are demanding  increased bandwidth  for all data services.

Commercial wireless service providers offer “one-size fits all” voice and data services for residential and business customers. The latest smart phones and tablets are offered to residential and business customers without distinction.  On the other hand, non-standard pricing plans and device refresh cycles are offered to business customers. The continued growth of wireless services, particularly the continuing demand for ever higher data rates, suggests undifferentiated services currently meet customer requirements.    The exception is M2M services. These offerings are geared to business customers.  M2M traffic can be routed to customer’s data services, as opposed to the public Internet—a selling point for many businesses.

Wireline and wireless services providers are similar in one major respect:  carriers’ facilities-based services footprints can and do vary widely.  Many companies obtain service from at least one other wireless and wireline carrier, respectively, in addition to their primary carriers.

The major carriers—AT&T and Verizon—market, provision and support wireline and wireless services through distinct organizations.  These providers do not bundle wireline and wireless offerings and have different contract templates for these respective offerings.  Sprint largely follows this practice.  The standard term for wireless agreements is two years, three years for wireline agreements.

Wireline Service Procurements.  Wireline carriers offer an expansive menu of data rates for high speed Internet access services, MPLS and VPLS offerings, high capacity private line Ethernet and TDM services, and multiple voice options (IP and circuit switched).  Wireline carriers consider and often respond to requests for special construction.  Wireline service account teams aggressively market managed services, such as network management, data center/colocation, firewall, and conferencing services, as well as voice and data transport services.  An experienced consultant recently noted  “[c]arriers are aggressively pursuing managed services business because margins are higher than traditional transport services and because the carriers are eager to move up the value chain and provide services that penetrate further into their customers’ premises.”

Wireline carriers offer domestic, international and rest-of-world services.  Many multinational enterprises often look to a primary MPLS carrier to connect the entities’ principal locations throughout the developed and developing regions of the world. Despite the substantial bundling of services, very little, if any, wireline CPE intended for enterprise customers is subsidized by wireline carriers and [mandatory] bundling of CPE with wireline services—enterprise or not—is rare.

Enterprise agreements typically include SLAs with multiple metrics for MPLS, VPLS, and private line offerings and a more limited set of SLAs for high speed Internet access services.  These metrics include site-specific availability and mean-time-to-repair, and latency. Wireline SLAs vary by services provider and region (US and Canada, Mexico, EMEA, South America, and Asia PAC).

Continue Reading Wireline and Wireless Services Procurements: An Introduction

Photo of Tracy Marshall

Lawsuits- class actions in particular- alleging violations of the Telephone Consumer Protection Act of 1991, 47 U.S.C. § 227 (“TCPA”) are on the rise.  The Federal Communications Commission (“FCC”) has also been actively engaged in TCPA enforcement, and just last month released a Declaratory Ruling clarifying that sellers may be held vicariously liable for TCPA violations by third party telemarketers acting on their behalf.  This landscape makes it increasingly important for companies to review their practices to ensure that they comply with applicable laws.

Among other things, the TCPA generally prohibits:

  • Using artificial or pre-recorded voice messages to make calls to residential lines and cellular phones without prior express consent;
  • Using autodialers to call cellular phones and send text messages;
  • Making calls to numbers registered on the national Do-Not-Call Registry; and
  • Sending unsolicited ads via fax without prior express consent (or an established business relationship) and an opt-out mechanism.

Last year, the FCC revised its rules to require, among other things:

  • Prior written consent for autodialed or prerecorded telemarketing calls to wireless and wireline numbers; and
  • An automated opt-out mechanism.

TCPA violations can result in fines of $500 to $1,500 per violation, which can have a severe financial impact on companies that engage in large-scale marketing campaigns that do not comply.

The bottom line: Companies that engage in marketing campaigns via phone, text, and fax should carefully review their policies and practices to ensure that they comply with applicable laws.  Companies that engage third parties to perform these services on their behalf should also perform due diligence on their vendors and incorporate relevant provisions into their contracts.

The Departments of State and Commerce recently proposed rule amendments to ease export controls on satellite-related items.  Under existing export control rules, the vast majority of satellites, related components and technology cannot be exported and related assistance cannot be provided to foreign companies without obtaining a license pursuant to the restrictive International Traffic in Arms Regulations (“ITAR”).  As discussed in an earlier entry, Congress recently passed legislation to facilitate less restrictive approaches to exporting satellites and related technology. The proposed rules published by State and Commerce, respectively, implement this legislation.

Under the proposed rules, fewer satellite items would remain subject to the more onerous ITAR.  The ITAR typically impose rigorous licensing procedures on covered items and technologies.  Satellite-related items are currently controlled under Category XV of the ITAR’s U.S. Munitions List, which essentially covers most satellites and any parts, components and technology “specifically designed or modified” for covered satellites.  The “specially designed or modified” criterion is not defined, thereby extending the scope of the ITAR to an overly broad range of products, including many not related to space applications or otherwise of military significance.

The proposed rules would revise Category XV so that it controls only satellites and related components that have military significance.  This would be accomplished by listing only specific satellites under Category XV, such as satellites that mitigate the effects of nuclear detonations, track military hardware via infrared, radar or laser systems, perform designated logistics functions, such as refueling or signatures intelligence, or those having very specific remote sensing capabilities.  Satellite exporters should assess this proposed list to ensure only items having true military significance remain on the list.  There are also two other notable issues for exporters to review:

1.      Controls on certain GPS receiving equipment would continue to be defined by using the phrase “specifically designed” even though discontinuing use of this undefined and ambiguous term has been a priority of the export control reform effort.  Retaining this approach serves only to perpetuate the problems underlying ITAR reform.

2.      Many parts and components relating to spacecraft will remain controlled if categorized as “space qualified.”  This differs from the approach taken with respect to export control reform applicable to most other industries in that in those contexts parts and components remain controlled under the ITAR if they meet a detailed definition of being “specially designed” for the controlled application.  The definition of “space qualified” generally applies if a part or component is designed, manufactured or qualified through successful testing for operation at altitudes greater than 100km above the earth.  Limiting controls to parts and components that are “space qualified” should reduce regulatory uncertainty associated with the export of satellite-related equipment.

 

Many of the proposed reforms for the export of satellites and related technology likely will benefit industry, but the proposed rules should be reviewed closely to ascertain the impact on particular products and technologies.  Comments on these proposals are due on or before July 8, 2013.

Photo of C. Douglas Jarrett

Derek Khana, the de facto spokesperson for cellphone unlocking, recently published a position piece in Forbes, offering a compelling counter argument to a recent editorial in the Hill in which one of the many D.C. “think tanks” offered up a defense of wireless carriers’ policies that limit unlocking, bubble-wrapped in the importance of intellectual property laws to technological innovation.

In some ways, the most insightful aspect of the Khana’s article is the excerpt of NTIA’s comments filed with the Register of Copyrights, in support of an exemption to the circumvention provision of the Digital Millennium Copyright Act, emphasizing the challenges faced by consumers looking to unlock cellphones which, unfortunately, fell on deaf ears with Register of Copyrights:

“While the record does show that some carriers are unlocking wireless devices on behalf of their customers, it also indicates that carriers generally will only perform this service under certain conditions. Those conditions include, for example, minimum days of continuous service, the expiration of handset exclusivity associated with the carrier, a minimum usage of credit, or prior proof of purchase. While such policies may, in some circumstances, provide an alternative to circumvention, the evidence presented in the record does not obviate the need for an exemption for several reasons.  First, it is unlikely that these policies will serve a large portion of device owners. For example, the common denominator present in the cited terms and conditions is that the owner of the phone must be a current “customer” or “subscriber” of the carrier requested to unlock the phone. This requirement excludes those that obtain a device from a family member, relative, friend, or other lawful source; those users must then resort to the current exemption to unlock such devices, especially if they cannot locate the original proof of purchase. Second, some carriers refuse to unlock certain devices. For example, until recently AT&T’s terms deemed the Apple iPhone as “not eligible to be unlocked.” An exemption is thus warranted to allow iPhone users, as well as users of other devices excluded by such policies, to unlock their devices. Third, an exemption continues to be needed because some of the policies cited dictate that, in order to unlock a device, the carrier must have the necessary code or the ability to reasonably obtain it, therefore it is possible for a consumer to meet the unlocking policy and still be unable to have his device unlocked if the carrier does not possess or is unable to obtain the required information.”

We still believe, as noted in our earlier entry, the FCC should address “what decisions have been issued (or not issued) since 1992 when the FCC allowed the bundling of handsets with wireless service, as an exception to the rule against the [mandatory] bundling of CPE and services, that enables wireless carriers not only dictate which handsets can be used on their networks, but how these handsets can be used after the minimum commitment periods have expired.”

Potentially, the FCC could assess the wireless carriers’ handset locking practices under the just and reasonable standard of Section 203(a) of the Act.  Perhaps, the agency will address device unlocking restrictions in its next Wireless Competition Report.

Three months have passed since the White House released its Executive Order (EO) on Cybersecurity and, as cyber attacks continue to pose an imminent threat, the focus has shifted to Congress to take legislative action.  From the recent debate on the Hill, it is apparent the critical element for successful legislation is striking the delicate balance between ensuring the security of the country’s infrastructure while protecting an individual’s privacy concern to not have their personal information shared with government agencies.

Last month, the House passed Cyber Intelligence Sharing and Protection Act (CISPA).  It is essentially the same bill passed in last year’s House that was reintroduced in February following the White House’s release of the EO.  CISPA creates a voluntary process for private sector entities to provide the government with cyber threat information.  Many telecom and technology entities support the bill’s broad liability protections for private entities sharing threat data with the government and consider it a powerful tool for the private sector to improve the security of their networks.

Privacy groups, however, have criticized CISPA claiming the bill including inadequate consumer privacy protections and the White House stated it would veto the bill.  Some have claimed the bill flies in the face of constitutional protections against search and seizure and creates an avenue for the government to receive personal information without a warrant.  The House Intelligence Committee attempted to dispel the mounting privacy concerns by adding five amendment including measures that direct all cyber threat information from private sector entities to agencies within DHS and DOJ to handle it confidentially and limits the use of all information to cybersecurity and national security interests. The added amendments did little to satisfy the privacy concerns.

Having passed in the House, CISPA now faces the Senate but is unlikely to ever reach a vote.  Senator Rockefeller, Chairman of the Senate Commerce Committee, announced that while passage of CISPA was “important” the privacy protections were “insufficient”.  The Senate Commerce Committee is instead working to gain bipartisan agreement on a bill that can pass in both the House and Senate, but the Commerce Committee has not yet to release a draft cybersecurity bill.

The debate over privacy considerations raises the question of  the importance of personally identifiable information in connection with the collection and distribution of information associated with cyber threat activity.  One perspective may be that, if it were easy to disassociate the personally identifiable information from the balance of the cyber threat activity data, it is likely CISPA would have resolved the privacy concerns.  Regardless of the reasoning, one thing is certain: CISPA may have passed in the House, but the debate over cybersecurity legislation is far from over.