Tracfone Wireless will pay $16 million and take other steps to resolve investigations into whether it failed to reasonably protect customers’ information from unauthorized access in connection with three data breaches, the FCC said Monday. Verizon is Tracfone's owner. The breaches involved exploitation of application programming interfaces (APIs), the agency said. “The Commission takes matters of consumer privacy, data protection, and cybersecurity seriously, including in the context of emerging security issues,” said Loyaan Egal, chief of the Enforcement Bureau. The investigations and consent decree “make clear that API security is paramount and should be on the radar of all carriers,” Egal added. The breaches occurred between 2021 and last year, according to the consent decree. “While APIs greatly improve the modularity and flexibility of software, they dramatically expand the potential attack surface area,” the decree said: “Without adequate protection, an attacker may be able to make an API request to any one of these components to perform a malicious action or retrieve private information, including consumer information.” Among other things, Tracfone agreed to develop a security compliance plan and implement “a comprehensive information security program,” SIM change and port-out protections. "We're pleased that we were able to reach this settlement to address these past TracFone matters,” a Verizon spokesperson said in an email: “Since we purchased TracFone, our combined cybersecurity teams have been working to enhance its security protocols and extend the same robust protections to all Verizon customer accounts."
Courts will likely rule that many FCC enforcement actions trigger the Seventh Amendment right to a jury trial in the wake of the U.S. Supreme Court’s SEC v. Jarkesy decision, said DLA Piper partner and former FCC Deputy General Counsel Peter Karanjia in a white paper posted on the law firm's website. In articles, former FCC General Counsels Chris Wright (see 2407170033) and Tom Johnson (see 2405030066) have also said the ruling has ramifications for FCC enforcement. “Jarkesy is a game-changer for the FCC (as well as other administrative agencies), and the FCC’s Enforcement Bureau will not be able to continue with ‘business as usual,’” Karanjia wrote. Arguments that the FCC’s enforcement proceedings already satisfy the Seventh Amendment because targets can decline to pay their fines, triggering a DOJ collection trial, are unlikely to satisfy the courts, Karanjia wrote. “Absent reform, the FCC also faces litigation risk that courts will interpret Jarkesy to bar virtually any FCC enforcement action that seeks civil penalties.”
The FCC Public Safety Bureau's report on the Feb. 22 nationwide outage of AT&T’s wireless network (see 2403040062) found procedural mistakes by the carrier. Released Monday, the report said the Enforcement Bureau could impose sanctions. Based on information from AT&T, the report said “all voice and 5G data services for all users of AT&T Mobility were unavailable as a result of the outage, affecting more than 125 million registered devices, blocking more than 92 million voice calls, and preventing more than 25,000 calls” to 911. The direct cause was “an error by an employee who misconfigured a single network element, ultimately causing the AT&T Mobility network to respond by entering Protection Mode and disconnecting all wireless devices,” the bureau said: “Adequate peer review should have prevented the network change from being approved, and, in turn, from being loaded onto the network. This peer review did not take place.” The report cited a lack of post-installation testing, inadequate lab testing and “insufficient safeguards and controls” on AT&T's part, as well as insufficient procedures for mitigating problems. It noted the company has “taken numerous steps to prevent a reoccurrence.” For instance, within two days of the outage, “AT&T implemented additional technical controls in its network,” the report found: “This included scanning the network for any network elements lacking the controls that would have prevented the outage, and promptly putting those controls in place. AT&T has engaged in ongoing forensic work and implemented additional enhancements to promote network robustness and resilience.” AT&T has "implemented changes to prevent what happened in February from occurring again," a spokesperson emailed: "We fell short of the standards that we hold ourselves to, and we regret that we failed to meet the expectations of our customers and the public safety community.”
The FCC Space Bureau signed off on launch and operation of Sirius XM's planned replacement geostationary orbit satellite digital audio radio service satellites, SXM-9 and SXM-10 (see 2304070003), the agency said in a pair of approvals last week. The company said it was planning a 2024 launch of SXM-9 and 2025 for SXM-10.
The FCC Wireless Bureau said it added “an enhancement” to the universal licensing system by adding tribal-specific “entity types” to some ULS forms. “This enhancement will improve identification of how and where Tribal Nations are directly accessing licensed wireless spectrum, and use of the new entity types will exempt applications filed by Tribal Nations and Tribally controlled business entities from related FCC Application Fees,” a notice in Friday’s Daily Digest said.
FCC staff changes: Wireline Bureau’s Lauren Garry ends her detail to Commissioner Brendan Carr’s office; Nese Guendelsberger, acting legal adviser-wireless to Commissioner Geoffrey Starks, returns to International Bureau; Anna Holland leaves Commissioner Anna Gomez’s office for National Institute on Aging; Flynn Rico-Johnson, ex-office of Rep. Doris Matsui, D-Calif., joins Starks’ office as policy adviser; Brian Phillips, ex-office of Rep. Yvette Clarke, D-N.Y., joins Office of Media Relations as deputy director; Troy Tanner shifts from Space Bureau to acting director-Office of International Affairs (see 2407180021); and retiring are: Carol Edwards, Office of the Managing Director; Paul Murray, Office of Engineering and Technology; Paul D'Ari, Wireless Bureau; and David Sieradzki, Public Safety Bureau.
Kathy Wallman, who served as chief of the FCC Common Carrier Bureau and deputy chief of the agency’s Cable Services Bureau in the 1990s, died of appendiceal cancer July 14. A Great Falls, Virginia, resident, she was 66. Wallman also chaired the FCC’s Public Safety National Coordination Committee. Prior to joining the FCC, Wallman was a partner at Arnold & Porter. After leaving the agency, Wallman worked in the Clinton White House and later founded Wallman Consulting, a strategic consulting firm specializing in technology, media and telecom. She also was a past board member of Public Knowledge and a former senior adviser to the Brattle Group. Survivors include her husband, Steven, and her sister, Margaret. Services will be held 11 a.m. Aug. 10 at St. Francis Episcopal Church in Great Falls. Contributions may be made to CANCollaborate, a nonprofit organization Wallman and her husband founded to develop collaborative projects in cancer research.
FCC Chairwoman Jessica Rosenworcel announced Thursday that Troy Tanner, deputy chief of the Space Bureau, will serve as acting chief of the FCC Office of International Affairs. The position is considered critical as FCC work heats up in preparation for the next World Radiocommunication Conference. Tanner replaces Ethan Lucarelli, who died suddenly in May (see 2405150037). Lucarelli was the new office's first chief. A 14-year FCC veteran, Tanner previously served as deputy chief of the former International Bureau, and was formerly a lawyer at Bingham McCutchen and Swidler Berlin.
Mongoose Works is entitled to an additional $69,686 in the C-band transition reimbursement, FCC Administrative Law Judge Jane Hinckley Halprin ordered Thursday (docket 21-333). Mongoose appealed a Wireless Bureau decision upholding the C-Band Relocation Payment Clearinghouse’s reducing Mongoose’s lump sum claim amount from $356,052 to $286,366 under the C-band relocation program (see 2309180019). In her 17-page order, the judge said Mongoose proved that its operations weren't restored to pre-reallocation capabilities and that the categorization of two of its antennas is inconsistent with the agency's C-band order.
The FCC on Thursday approved Nokia’s application to begin initial commercial operations as a spectrum access system administrator for the citizens broadband radio service band. Nokia has satisfied the commission’s SAS laboratory testing requirements, a notice from the Wireless Bureau and Office of Engineering and Technology said. Nokia must file at the FCC information on the beginning date of its initial commercial deployment and specific geographic areas covered, the notice said.