Tales of the Sausage Factory:
We Will Have a Dream Team FCC (and NTIA) — But You Still Have To Fight For Your Right To Broadband!

, , , , , , , , , , 0

President Biden has finally made his critical telecom appointments to fill out the Federal Communications Commission and the National Telecommunications Information Administration (NTIA). As expected, Biden named Acting Chair Jessica Rosenworcel to serve as full chair and renominated her to fill her expired term. As hoped, he also nominated my former boss (and all around Telecom Boss) Gigi Sohn to be the third FCC Commissioner. In addition, Biden nominated Alan Davidson to serve as Administrator/Assistant Sec. for NTIA. In addition to the critical role NTIA plays in spectrum policy, NTIA will also be the agency running the multi-billion broadband infrastructure program in the Bipartisan Infrastructure Bill (assuming that passes).

 

This makes lots of important things possible. Not just headline items like reclassifying broadband as Title II (which one would expect any Democratic FCC to do at this point). It includes developing smart and innovative policies to close the digital divide, enhance competition, put consumer protection front and center, and advance new spectrum management technologies that move us from scarcity to abundance. This trio (combined with already serving FCC Commissioner Geoffrey Starks, a champion of privacy and inclusion) are as potentially transformational in telecom policy as the appointment of Lina Kahn and Alvaro Bedoya to the Federal Trade Commission.

 

The Key word here is “potentially.

 

One of the biggest mistakes that people keep making in policy and politics is that you can just elect (or in this case, appoint) the right people and go home to let them solve the problems. Then people get all disappointed when things don’t work out. Incumbents are not going to simply surrender to new policies, and political power has limits. This will be especially true if Congress flips in 2022. So while this is definitely cause for celebration, we are going to have to fight harder than ever to get the policies we need to create the broadband (and media) we need — starting with the fight to get them confirmed over the inevitable Republican resistance.

 

Happily, fighting to achieve the right thing is much more enjoyable than fighting to prevent the wrong thing. But no one should think we can just go home, problem solved. As I have said for over 15 years, you can’t outsource citizenship. Citizen movements are citizen driven, or they either get co-opted or die. We are going to need to support (and occasionally push) the new FCC and NTIA in the face of unflagging industry pressure and political obstacles. The laws of political reality have not been repealed — but we have a unique opportunity to use them to our advantage.

 

A bit more about who these people are and the policy opportunities below. . . .

Continue reading

Tales of the Sausage Factory:
Yes, Facebook Wants a Digital Regulator. It’s Still A Good Idea.

,

This originally appeared on the blog of my employer, Public Knowledge.

Frances Haugen, the (hopefully first of many) Facebook whistleblower, made one thing abundantly clear this week in both her 60 Minutes interview and her Senate Hearing: The United States needs a specialized agency to oversee digital platforms. Antitrust enforcement alone is not enough. Breaking up Facebook would solve some problems, but without additional oversight it will also produce a bunch of smaller companies all running algorithms that maximize engagement regardless of the harm to society (something I have called the “Starfish Problem” — tear up a starfish and the pieces regenerate into lots of smaller starfish). Companies, Haugen warned, “will always put profits over people.” Haugen further emphasized that effectively regulating Facebook (and other digital platforms) requires specialized expertise about the sector. “Right now, the only people in the world trained to analyze these experiences are people who grew up inside of Facebook,” Haugen said. We don’t just need new laws, or to expand the Federal Trade Commission. As Haugen stressed multiple times, we need a specialized, sector-specific regulator to do the job right.

Back in May, Facebook V.P. of Global Public Affairs Nick Clegg wrote an op-ed also calling for the creation of a digital regulator. “Finally,” writes Clegg, “the U.S. could create a new digital regulator. Not only would a new regulator be able to navigate the competing trade-offs in the digital space, it would be able to join the dots between issues like content, data, and economic impact — much like the Federal Communications Commission has successfully exercised regulatory oversight over telecoms and media.”

How do these two diametrically opposed people arrive at the same recommendation? Does the fact that Facebook also says it wants a regulator automatically make it a bad idea? Given that Public Knowledge has repeatedly pushed for a sector-specific regulator since 2018, we obviously don’t think so. But if a sector-specific regulator is the right answer, why is Facebook also pushing for a digital regulator?

Continue reading

Tales of the Sausage Factory:
The T-Mobile Data Breach and Your Basic Primer on CPNI – Part II: How Will the FCC Investigate T-Mo’s Data Breach?

, , , , , ,

In Part I, I provided all the legal and political background to understand why the Federal Communications Commission’s (FCC’s) investigation into T-Mobile’s data breach impacting about 53 million existing customers, former customers, and folks who applied for credit checks but never have been customers, may be complicated politically. But what are the mechanics of the investigation? How does this actually work? What are the rules, and what remedies or penalties can the FCC impose on T-Mobile?

 

I explore these questions below . . . . .

Continue reading

Tales of the Sausage Factory:
The T-Mobile Data Breach and Your Basic Primer on CPNI – Part I: The Major Background You Need to Know for This to Make Sense.

, , , , , , , ,

T-Mobile announced recently that it experienced a major cybersecurity breach, exposing personal information (including credit card numbers) for at least 53 million customers and former customers. Because T-Mobile is a Title II mobile phone provider, this automatically raises the question of whether T-Mobile violated the FCC’s Customer Proprietary Network Information (CPNI) rules. These rules govern, among other things, the obligation of telecommunications service providers to protect CPNI and how to respond to a data breach when one occurs. The FCC has confirmed it is conducting an investigation into the matter.

 

It’s been a long time since we’ve had to think about CPNI, largely because former FCC Chair Ajit Pai made it abundantly clear that he thought the FCC should not enforce privacy rules. Getting the FCC to crack down on even the most egregious violations – such as selling super accurate geolocation data to bounty hunters was like pulling teeth. But back in the Wheeler days, CPNI was a big deal, with Enforcement Bureau Chief Travis LeBlanc terrorizing incumbents by actually enforcing the law with real fines and stuff (and much to the outrage of Republican Commissioners Ajit Pai and Mike O’Reilly). Given that Jessica Rosenworcel is now running the Commission, and both she and Democratic Commissioner Geoffrey Starks are both strong on consumer protection generally and privacy protection in particular, it seems like a good time to fire up the long disused CPNI neurons with a review of how CPNI works and what might or might not happen in the T-Mo investigation.

 

Before diving in, I want to stress that getting hacked and suffering a data breach is not, in and of itself, proof of a rule violation or cause for any sort of fine or punishment. You can do everything right and still get hacked. But the CPNI rules impose obligations on carriers to take suitable precautions to protect CPNI, as well as obligations on what to do when a carrier discovers a breach. If the FCC finds that T-Mobile acted negligently in its data storage practices, or failed to follow appropriate procedures, it could face a substantial fine in addition to the FCC requiring it to come up with a plan to prevent this sort of hack going forward.

 

Assuming, of course, that the breach involved CPNI at all. One of the fights during the Wheeler FCC involved what I will call the “broad” view of CPNI v. the “narrow” view of CPNI. Needless to say, I am an advocate of the “broad” view, and think that’s a proper reading of the law. But I wouldn’t be providing an accurate primer if I didn’t also cover the “narrow” view advanced by the carriers and Pai and O’Reilly.

 

Because (as usual) actually understanding what is going on and its implications requires a lot of background, I’ve broken this up into 2 parts. Part I gives the basic history and background of CPNI, and why this provides the first test of how the Biden FCC will treat CPNI enforcement. Part II will look at application of the FCC’s rules to the T-Mobile breach and what issues are likely to emerge along the way.

 

More below . . .

Continue reading

Tales of the Sausage Factory:
Ohio Lawsuit to Declare Google a Common Carrier Not Obviously Stupid – But No Sure Deal Either.

, , , ,

Yesterday, the Ohio Attorney General filed a lawsuit  asking an Ohio state court to declare Google a common carrier and/or public utility under the laws of Ohio and Ohio common law. (News release here; complaint here.) Here’s my hot take just from reading the complaint and with zero Ohio law research: It’s novel, and not obviously stupid. But it has some real obstacles to overcome.

 

I stress this because I expect most people will find this so mind boggling that they will be tempted to write this off. Don’t. It’s a novel application of traditional common carrier law, but that is how law evolves.

 

That said, I don’t think it’s a winner. But I would need to do some serious research on how Ohio common law has dealt with particular key elements of the common law, embodied in Ohio’s statute as serving the public “reasonably and indiscriminately.” Keep in mind I’m not saying that I think this is necessarily the right policy. Indeed, my colleague John Bergmayer at Public Knowledge has explained why treating digital platforms as common carriers could be a very bad idea.

 

A brief explanation of all this below . . . .

Continue reading

Tales of the Sausage Factory:
U.S. Actually Performed Worse During Covid Than Some Net Neutrality Countries, Not Better.

, , , , , , , ,

Every time the net neutrality debate flares up, the ISP industry and its anti-net neutrality allies come up with some reason why leaving unfettered gatekeeper power in the hands of the people who invented the cable video bundle is awesome rather than something that needs oversight to prevent rip offs and anticompetitive behavior. It used to be “net neutrality/Title II will kill investment.” This claim has been repeatedly disproven (you can see some Free Press explanation for why this is nonsense here, here and here). Furthermore, Covid showing the truly massive dimensions of the persistent digital divide has largely discredited “deregulation will spur investment — really!” to all but the most diehard true believers.

 

With Title II back on the table again, we are seeing the repetition of yet another talking point that sounds plausible but turns out to be totally wrong when you actually dig into the evidence. ISPs and their defenders are repeatedly claiming that the U.S. did better than other net neutrality countries (specifically, the EU27) when it came to handling the crush of Covid-19 induced traffic. Unsurprisingly, they credit the lack of regulation for this amazing response. Once again, this claim does not hold up to real scrutiny.

 

As with the investment nonsense, this is a highly complicated area and therefore subject to a lot of spin and heated arguments over what the data actually show and how to explain it. It is made even more difficult by the complete lack of any official statistics (or, as the recent BITAG report put it more politely: “Data sources vary from independent measurement systems to self-reported internal company sources.” (P 7 n.1) So I will just give a few headlines up top and dig into the details below.

 

Contrary to industry boosterism, everything was not awesome for networks during Covid. As one industry observer put it: “By ‘handling’ the volumes they mean that their networks are not crashing and shutting down. But I think there is a whole lot more to these headlines than what they are telling the public.” For reports from the actual time about U.S. problems, see here, here, and here.

 

The U.S. Performed Worse Than Some Countries With Net Neutrality Laws. Studies vary, but one important one looked at not simply the EU and U.S., but also the European Free Trade Association (EFTA) and Canada. EFTA member states have the same net neutrality mandates as the EU (sometimes referred to as the EU27, referring to the full member 27 as distinct from the EFTA). Canada has treated broadband as a telecom service for something like 2 decades now, and has similar net neutrality laws to the U.S. 2016 rules. As this study found the U.S. internet traffic as a whole suffered a 4.9% increase in congestion as compared to 7.25% for the entire EU27, but this was significantly higher than for EFTA (3.3%) or Canada (2.4%). Additionally, when surveyed a week later, EFTA and Canada had made significantly greater progress on reducing congestion than the U.S. Furthermore, the U.S. numbers were for the largest cities with the strongest networks. If you start taking out members of the EU27 who aren’t considered our economic peers, the numbers for Europe improve to be comparable with those of the U.S. So sure, there were some differences but they had nothing to do with net neutrality regulations.

 

There isn’t a lot of evidence to support the “U.S. did better than the EU” claim. While you can find some studies that support the thesis that the U.S. did “better” by some set of metrics, there are a lot of other studies that show that from a consumer perspective, E.U. and U.S. subscribers had similar experiences. See here, here, here, and here.

 

The Netflix Red Herring. The “EU asked YouTube and Netflix to downgrade traffic” factoid beloved of ISPs and their supporters is a red herring. Yes, EU regulators approached Netflix, YouTube when lockdowns began to reduce the quality of their video from high-def to standard. But this was a prophylactic precaution to head off a potential concern, not a response to congestion. Only in the U.S. — and only among industry and Libertarians — would the idea of government and all industry sectors coordinating and accepting “a joint responsibility to take steps to ensure the smooth functioning of the internet” be regarded as a sign of weakness or regulatory overreach rather than a simple statement of reasonable prudence and preparedness.

 

More below . . .

Continue reading

Tales of the Sausage Factory:
No, California Net Neutrality Law Did Not “Nail” Veterans — Carriers Are Using Vets as Pawns.

, , , , , ,

It’s a cliche villain scene: “Don’t force me to kill the hostages. Unless you do as I say, their blood is on your hands.” While no one would mistake policy fights for a hostage situation (usually), the same principle applies frequently when challenging industry to stop anticompetitive and anti-consumer practices. Industry will take some anti-competitive practice that provides an apparent marginal benefit to someone sympathetic and threaten that the proposed law change will make it impossible for them to do the “nice” because it stops them from doing the bad thing.

 

So it is no surprise that after California’s 2018 net neutrality law survived it’s first day in court, carriers are doing everything in their power to make it look like banning zero-rating (which the California law does to some degree, but not completely. See more detail below.) is bad for consumers. Almost immediate, for example, AT&T announced it would discontinue its anti-competitive practices of zero-rating it’s own video product and “sponsored data” from third parties. But carriers have now reached a new low by claiming that California’s net neutrality law forces them to discontinue zero rating a specific telehealth program available from the Department of Veterans Affairs. Needless to say, opponents of net neutrality have rushed to trumpet this claim without troubling themselves to investigate whether it is even true.

 

Spoiler alert: Its not true.

 

As net neutrality expert and law professor Barbara Van Schewick explained in a blog post immediately after the Politico story broke, California’s net neutrality law does not prevent carriers from zero rating telehealth programs for veterans. What the law does do, as it was designed to do, is prevent carriers from choosing a single program among a universe of competitors and anointing this one program as the only program that gets such special treatment. Or, as I explain below, carriers can choose to continue to zero rate the Veterans Affairs program in a number of ways, provided they don’t disadvantage other programs that do the same thing (here, veterans health). Mind you, carriers could also decide not to impose artificial bandwidth caps as a means of overcharging consumers and/or favoring their own affiliated content. But hey, where’s the fun and profit in that?

 

I break this out below . . . .

Continue reading

Tales of the Sausage Factory:
Does the Amazon “Drone Cam” Violate the FCC’s Anti-Eavesdropping Rule? And If It Does, So What?

, , , , , , ,

Folks may have heard about the new Amazon prototype, the Ring Always Home Cam. Scheduled for release in early 2021, the”Drone Cam” will run a pattern of flight around your house to allow you to check on things when you are away. As you might imagine, given a history of Amazon’s Alexa recording things without permission, the announcement generated plenty of pushback among privacy advocates. But what attracted my attention was this addendum at the bottom of the Amazon blog post:

“As with other devices at this stage of development, Ring Always Home Cam has not been authorized as required by the rules of the Federal Communications Commission. Ring Always Home Cam is not, and may not be, offered for sale or lease or sold or leased, until authorization is obtained.”

 

A number of folks asked me why this device needs FCC authorization. In general, any device that emits radio-frequency radiation as part of its operation requires certification under 47 U.S.C. 302a and Part 15 of the FCC’s rules (47 C.F.R. 15.1, et seq.) In addition, devices that incorporate unlicensed spectrum capability (e.g., like Wi-Fi or Bluetooth) need certification from the FCC to show that they do not exceed the relevant power levels or rules of operation. So mystery easily solved. But this prompted me to ask the following question. “Does the proposed Amazon “Drone Cam” violate the FCC’s rule against using electronic wireless devices to record or listen to conversation without consent?

 

As I discuss below, this would (to my knowledge) be a novel use of 47 C.F.R. 15.9. It’s hardly a slam dunk, especially with an FCC that thinks it has no business enforcing privacy rules. But we have an actual privacy law on the books, and as the history of the rule shows the FCC intended it to prevent the erosion of personal privacy in the face of rapidly developing technology — just like this. If you are wondering why this hasn’t mattered until now, I will observe that — to the best of my knowledge — this is the only such device that relies exclusively on wireless technology. The rule applies to the use of wireless devices, not to all devices certified under the authority of Section 302a* (which did not exist until 1982).

 

I unpack this, and how the anti-eavesdropping rule might impact the certification or operation of home drone cams and similar wireless devices, below . . .

 

*technically, although codified at 47 USC 302a, the actual Section number in the Comms Act is Section 302. Long story not worth getting into here. But I will use 302a for consistency’s sake.

Continue reading

Tales of the Sausage Factory:
What (Not) to Wear on Election Day; or, Would You Rather Vote or Be a Test Case.

, , , , ,

As we run the home stretch to Election Day 2020 (November 3! Don’t forget to vote! And vote down ticket, too! Local races are important, as are ballot question! You can also volunteer to be an election judge, or take part in voter protection projects. Make every vote count by making them count every vote!)

 

O.K., that opening line got hijacked by PSAs. Let’s start again.

 

As we get closer to election day, we have a fun decision to make: what to wear to the polls. I don’t just mean coordinating your mask with your outfit. I mean whether wearing a t-shirt that expresses some suitable sentiment depending on your politics might violate your state’s election rules. The situation is especially complicated this year as this is the Presidential election year since the Supreme Court decided MN Voters Alliance v. Mansky (2018) (opinion here). While this is not legal advice, I thought it might be helpful given the current circumstances (especially the likelihood of extremely aggressive poll watchers eager to challenge folks advertising their sympathy for the other side and a shortage of election judges due to COVID to resolve the challenges quickly) to review some basics to avoid hassle. Sure, if you prefer to be a test case rather than necessarily get to vote, you should wear that “Ruth Sent Me” or “Blue Lives Matter” t-shirt. But you should know what you are potentially getting into, first.

 

More below . . .

Continue reading