Tracfone Wireless will pay $16 million and take other steps to resolve investigations into whether it failed to reasonably protect customers’ information from unauthorized access in connection with three data breaches, the FCC said Monday. Verizon is Tracfone's owner. The breaches involved exploitation of application programming interfaces (APIs), the agency said. “The Commission takes matters of consumer privacy, data protection, and cybersecurity seriously, including in the context of emerging security issues,” said Loyaan Egal, chief of the Enforcement Bureau. The investigations and consent decree “make clear that API security is paramount and should be on the radar of all carriers,” Egal added. The breaches occurred between 2021 and last year, according to the consent decree. “While APIs greatly improve the modularity and flexibility of software, they dramatically expand the potential attack surface area,” the decree said: “Without adequate protection, an attacker may be able to make an API request to any one of these components to perform a malicious action or retrieve private information, including consumer information.” Among other things, Tracfone agreed to develop a security compliance plan and implement “a comprehensive information security program,” SIM change and port-out protections. "We're pleased that we were able to reach this settlement to address these past TracFone matters,” a Verizon spokesperson said in an email: “Since we purchased TracFone, our combined cybersecurity teams have been working to enhance its security protocols and extend the same robust protections to all Verizon customer accounts."
The FCC wants comments by Aug. 19, replies Sept. 3, in docket 80-286 on whether it should extend by six years its freeze on federal-state jurisdictional separations of telecom costs and revenue, said a public notice Monday. Commissioners approved the NPRM earlier this month (see 2407020017).
Courts will likely rule that many FCC enforcement actions trigger the Seventh Amendment right to a jury trial in the wake of the U.S. Supreme Court’s SEC v. Jarkesy decision, said DLA Piper partner and former FCC Deputy General Counsel Peter Karanjia in a white paper posted on the law firm's website. In articles, former FCC General Counsels Chris Wright (see 2407170033) and Tom Johnson (see 2405030066) have also said the ruling has ramifications for FCC enforcement. “Jarkesy is a game-changer for the FCC (as well as other administrative agencies), and the FCC’s Enforcement Bureau will not be able to continue with ‘business as usual,’” Karanjia wrote. Arguments that the FCC’s enforcement proceedings already satisfy the Seventh Amendment because targets can decline to pay their fines, triggering a DOJ collection trial, are unlikely to satisfy the courts, Karanjia wrote. “Absent reform, the FCC also faces litigation risk that courts will interpret Jarkesy to bar virtually any FCC enforcement action that seeks civil penalties.”
The FCC Public Safety Bureau's report on the Feb. 22 nationwide outage of AT&T’s wireless network (see 2403040062) found procedural mistakes by the carrier. Released Monday, the report said the Enforcement Bureau could impose sanctions. Based on information from AT&T, the report said “all voice and 5G data services for all users of AT&T Mobility were unavailable as a result of the outage, affecting more than 125 million registered devices, blocking more than 92 million voice calls, and preventing more than 25,000 calls” to 911. The direct cause was “an error by an employee who misconfigured a single network element, ultimately causing the AT&T Mobility network to respond by entering Protection Mode and disconnecting all wireless devices,” the bureau said: “Adequate peer review should have prevented the network change from being approved, and, in turn, from being loaded onto the network. This peer review did not take place.” The report cited a lack of post-installation testing, inadequate lab testing and “insufficient safeguards and controls” on AT&T's part, as well as insufficient procedures for mitigating problems. It noted the company has “taken numerous steps to prevent a reoccurrence.” For instance, within two days of the outage, “AT&T implemented additional technical controls in its network,” the report found: “This included scanning the network for any network elements lacking the controls that would have prevented the outage, and promptly putting those controls in place. AT&T has engaged in ongoing forensic work and implemented additional enhancements to promote network robustness and resilience.” AT&T has "implemented changes to prevent what happened in February from occurring again," a spokesperson emailed: "We fell short of the standards that we hold ourselves to, and we regret that we failed to meet the expectations of our customers and the public safety community.”
Questions remain about a proposed order on cellular vehicle-to-everything use of the 5.9 GHz band that FCC Chairwoman Jessica Rosenworcel circulated for a vote last week (see 2407170042). The Wi-Fi Alliance asked that the agency also address Wi-Fi in the band. The FCC rewrote rules for the band in 2020, allocating 45 MHz for Wi-Fi and 30 MHz for C-V2X technology (see 2011180043).
Eutelsat/OneWeb is warning the FCC that applicants in the second Ka-/Ku-band processing round and their pending applications are about to become effectively first-round systems. In a docket 21-456 filing Friday recapping meetings with FCC Commissioner Brendan Carr and aides to the other commissioners, Eutelsat/OneWeb said most of those second-round applications are pending. It said that if they're not approved this month, those second-round applicants won't have to deploy satellites before the interference protections sunset for the first processing round's satellites. That effectively makes those second-rounders first-round systems, it said. Eutelsat/OneWeb said the FCC's 2023 order doesn't explain why existing operators received a three-year reduction of their interference protections, from 10 to seven years, in 2023's non-geostationary orbit satellite spectrum sharing order. Eutelsat/OneWeb said the "inequitable" seven-year sunset exacerbates post-sunset spectrum sharing uncertainty. It said that after the sunset date, the FCC should require that only later-round systems that have fully deployed can enjoy co-equal sharing with first-round systems. OneWeb has a pending reconsideration petition for the sunset provisions in the 2023 order (see 2307210037).
The FCC Space Bureau signed off on launch and operation of Sirius XM's planned replacement geostationary orbit satellite digital audio radio service satellites, SXM-9 and SXM-10 (see 2304070003), the agency said in a pair of approvals last week. The company said it was planning a 2024 launch of SXM-9 and 2025 for SXM-10.
DirecTV's use of early termination fees allows the company to let subscribers pay over time for the equipment necessary to receive satellite TV service and associated installation costs, company representatives told multiple 10th-floor FCC offices, according to a docket 23-405 filing Friday. Those equipment and installation costs can run $500 to $700 per subscriber, DirecTV said. Without ETFs, DirecTV might have to require those costs be paid upfront, raise monthly prices or both, the company said. Pointing to NCTA arguments for focusing solely on "unjust or unreasonable" ETFs (see 2406200031), DirecTV said ETFs that let consumers pay for upfront costs over time "should be considered at least presumptively just and reasonable." DirecTV said it spoke with the offices of Chairwoman Jessica Rosenworcel and Commissioners Brendan Carr, Nathan Simington and Anna Gomez.
The FCC Wireless Bureau said it added “an enhancement” to the universal licensing system by adding tribal-specific “entity types” to some ULS forms. “This enhancement will improve identification of how and where Tribal Nations are directly accessing licensed wireless spectrum, and use of the new entity types will exempt applications filed by Tribal Nations and Tribally controlled business entities from related FCC Application Fees,” a notice in Friday’s Daily Digest said.
Utilities Technology Council President Rusty Williams and others from the group met with FCC Commissioners Geoffrey Starks and Brendan Carr to discuss UTC concerns about 6 GHz interference and utility interest in having access to the 4.9 GHz band. “Utilities need highly reliable mission critical communications and additional licensed spectrum with sufficient capacity and coverage to meet increasing demands to meet emerging grid modernization and clean energy requirements and protect against greater and more sophisticated physical and cybersecurity threats and increasingly severe weather events, as well as wildfires,” the filing on the Starks meeting, posted Friday in docket 18-295 and other dockets, said.