2023-25835. Supporting Survivors of Domestic and Sexual Violence; Lifeline and Link Up Reform Modernization
-
Start Preamble
Start Printed Page 84406
AGENCY:
Federal Communications Commission.
ACTION:
Final rule.
SUMMARY:
In this document, the Federal Communications Commission adopted a Report and Order implementing the Safe Connections Act of 2022 (Safe Connections Act or SCA), taking significant steps to improve access to communications services for survivors of domestic abuse and related crimes. The Report and Order adopts rules to implement the line separation provisions in the Safe Connections Act that allow survivors to separate a mobile phone line from an abuser. To protect the privacy of calls and texts to hotlines, the Report and Order requires covered providers and wireline, fixed wireless, and fixed satellite providers of voice service to: omit from consumer-facing logs of calls and text messages any records of calls or text messages to covered hotlines in the central database established by the Commission; and maintain internal records of calls and text messages excluded from consumer-facing logs of calls and text messages. The Report and Order also designates the Lifeline program to support emergency communications service for survivors that have pursued the line separation process and are experiencing financial hardship.
DATES:
Effective date: This rule is effective January 14, 2024.
Compliance date: Compliance with the revisions to 47 CFR 54.403, 54.405, 54.409, 54.410, 54.1800, and 64.2010 and the addition of 47 CFR 54.424 and 64.6400 through 64.6407 is delayed indefinitely. The FCC will publish a document in the Federal Register announcing the compliance date for those sections.
ADDRESSES:
Federal Communications Commission, 45 L Street SW, Washington, DC 20554. In addition to filing comments with the Office of the Secretary, a copy of any comments on the Paperwork Reduction Act information collection requirements contained herein should be submitted to Nicole Ongele, Federal Communications Commission, 45 L Street SW, Washington, DC 20554, or send an email to PRA@fcc.gov.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
For further information, contact Melissa Kirkel at melissa.kirkel@fcc.gov or 202–418–7958 or Nicholas Page at nicholas.page@fcc.gov or 202–418–2783. For additional information concerning the Paperwork Reduction Act information collection requirements contained in this document, send an email to PRA@fcc.gov or contact Nicole Ongele, Nicole.Ongele@fcc.gov.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
This is a summary of the Commission's Report and Order in WC Docket Nos. 22–238, 11–42, and 21–450, FCC 23–96, adopted on November 15, 2023, and released on November 16, 2023. The full text of the document is available on the Commission's website at https://docs.fcc.gov/public/attachments/FCC-23-96A1.pdf. To request materials in accessible formats for people with disabilities ( e.g., braille, large print, electronic files, audio format, etc.), send an email to FCC504@fcc.gov or call the Consumer & Governmental Affairs Bureau at (202) 418–0530 (voice).
Compliance with the rule changes adopted in the Report and Order, except for § 64.6408, shall not be required until the later of: (i) six months after the effective date of the Report and Order; or (ii) after the Office of Management and Budget (OMB) completes review of any information collection requirements associated with the Report and Order that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act. With respect to covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service that are not small service providers, compliance with 47 CFR 64.6408(a) shall be required December 5, 2024. In the event the Wireline Competition Bureau has not released the database download file specification by April 5, 2024, or in the event the Wireline Competition Bureau has not announced that the database administrator has made the initial database download file available for testing by October 7, 2024, the compliance deadline shall be extended consistent with the delay, and the Wireline Competition Bureau is delegated authority to revise 47 CFR 64.6408 accordingly. With respect to small service providers that are covered providers or wireline providers of voice service, compliance with 47 CFR 64.6408(a) shall be required June 5, 2025. In the event the Wireline Competition Bureau has not released the database download file specification by October 7, 2024, or in the event the Wireline Competition Bureau has not announced that the database administrator has made the initial database download file available for testing by April 7, 2025, the compliance deadline set forth in this paragraph shall be extended consistent with the delay, and the Wireline Competition Bureau is delegated authority to revise 47 CFR 64.6408 accordingly.
Paperwork Reduction Act of 1995 Analysis
This document contains new or modified information collection requirements. The Commission, as part of its continuing effort to reduce paperwork burdens, invites the general public to comment on the information collection requirements contained in the Report and Order as required by the Paperwork Reduction Act of 1995, Public Law 104–13. In addition, the Commission notes that pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107–198, see44 U.S.C. 3506(c)(4), we previously sought specific comment on how the Commission might further reduce the information collection burden for small business concerns with fewer than 25 employees.
In the Report and Order, we adopt rules, pursuant to Congress's direction in the SCA, that have an impact on all covered providers, including covered providers that are small entities. We impose certain obligations regarding communications with consumers and survivors. We also establish a compliance date six months after the effective date of the Report and Order, finding that the countervailing public interest in ensuring survivors have access to line separations regardless of their provider outweighs an extended compliance deadline for small covered providers. Further, staggered compliance deadlines could cause confusion for consumers, and we believe that the SCA's operational and technical infeasibility provisions we codify in our rules will account for differences in the capabilities between large and small covered providers regarding information collection requirements. Regarding protecting the privacy of calls and texts to hotlines, we require covered providers and wireline providers of voice service, within 12 months, subject to certain conditions that may extend this time, (1) omit from consumer-facing logs of calls and text messages any records of calls or text messages to covered hotlines in the central database established by the Commission; and (2) maintain internal records of calls and text messages Start Printed Page 84407 excluded from consumer-facing logs of calls and text messages. Covered providers and wireline providers of voice service that are small service providers are given 18 months, subject to certain conditions that may extend this time, to comply with the same obligations. We received comments requesting that smaller providers be afforded 24 months to comply with such obligations. Recognizing that the SCA contains no language regarding specific timeframes with respect to this obligation, we found that granting smaller providers extra implementation time is appropriate, given that they may face more resource challenges than larger providers in complying with the new rules. We acknowledged that this 18-month period is less than the requested 24-month period, but we found that our 18-month compliance deadline for small providers properly balances the significance of the risks faced by domestic abuse survivors, and the benefits of them being able to call hotlines and seek help without fear of the abuser accessing their call records, with the implementation challenges faced by smaller providers. Third, regarding emergency communications support for survivors, we designate the Lifeline program as the program that will support emergency communications efforts for survivors with financial hardship. This will have an impact on eligible telecommunications carriers designated to provide Lifeline support, but we expect any new regulatory impacts to be minor and consistent with our existing rules. As the SCA has no definition for financial hardship we adopt a definition that is more expansive than the current Lifeline eligibility standards, and we adopt an approach for documenting that financial hardship that allows for self-certification. We also direct the Universal Service Administrative Company (USAC) to prepare for a program evaluation of our efforts to provide emergency communications support to survivors. This evaluation will require surveys of relevant stakeholder groups that USAC will develop under the oversight of the Bureau and the Office of Economics and Analytics.
The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs, that this rule is non-major under the Congressional Review Act, 5 U.S.C. 804(2). The Commission will send a copy of the Report and Order to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).
Synopsis
I. Discussion
A. Separation of Lines From Shared Mobile Service Contracts
1. We adopt rules to codify and implement the line separation provisions in the Safe Connections Act of 2022, Public Law 117–223, 116 Stat. 2280. Our rules largely track the statutory language, with key additions and clarifications to address privacy, account security, and fraud detection; operational or technical infeasibility; implementation timelines; and compliance with other laws.
1. Definitions
2. In order to implement the SCA's line separation requirements, we adopt definitions for the terms listed in new section 345 of the Communications Act, as added by the SCA, including “covered act,” “survivor,” “abuser,” “covered provider,” “shared mobile services contract,” and “primary account holder.” We discuss each definition below.
3. Covered Act. As proposed in the “Supporting Survivors of Domestic and Sexual Violence, Lifeline and Link Up Reform and Modernization, Affordable Connectivity Program” notice of proposed rulemaking (NPRM), 88 FR 15558 (March 13, 2023) ( Safe Connections NPRM), we define “covered act” as conduct that constitutes (1) a crime described in section 40002(a) of the Violence Against Women Act of 1994 (34 U.S.C. 12291(a)), including, but not limited to, domestic violence, dating violence, sexual assault, stalking, and sex trafficking; (2) an act or practice described in paragraph (11) or (12) of section 103 of the Trafficking Victims Protection Act of 2000 (22 U.S.C. 7102) (relating to severe forms of trafficking in persons and sex trafficking, respectively); or (3) an act under State law, Tribal law, or the Uniform Code of Military Justice that is similar to an offense described in clause (1) or (2) of this paragraph.
4. As we noted in the Safe Connections NPRM, this definition is identical to the statutory definition, except that we add the phrase “but not limited to” in describing the crimes covered by the first clause. Although the SCA defines “covered act” as “a crime described” in section 40002(a) of the Violence Against Women Act “including domestic violence, dating violence, sexual assault, stalking, and sex trafficking,” it does not say that only those listed crimes may be included. Section 40002(a) of the Violence Against Women Act of 1994 describes a number of additional crimes and abuses beyond those enumerated in the SCA's definition, including abuse in later life, child abuse and neglect, child maltreatment, economic abuse, elder abuse, female genital mutilation or cutting, forced marriage, and technological abuse. We find that the best reading of the definition of “covered act” in the SCA includes all crimes listed in section 40002(a); we see no reason why Congress would choose to protect only a subset of survivors of these crimes. We further find that the second clause of the definition of “covered act” in the SCA, which identifies specific subsections (“an act or practice described in paragraph (11) or (12) of Section 103 of the Trafficking Victims Protection Act of 2000”) also supports our analysis because in contrast, the first clause of the definition of “covered act” does not limit the definition to specific subsections of section 40002(a) of the Violence Against Women Act.
5. Consistent with the SCA, we conclude that a criminal conviction or any other determination of a court is not required for conduct to constitute a covered act. The SCA separately addresses the evidence needed to establish that a covered act has been committed or allegedly committed. We address those requirements below.
6. Survivor. We track the statutory language and define “survivor” as an individual who is not less than 18 years old and either (1) against whom a covered act has been committed or allegedly committed; or (2) who cares for another individual against whom a covered act has been committed or allegedly committed (provided that the individual providing care did not commit or allegedly commit the covered act). Although we share the concerns raised by Asian Pacific Institute on Gender-Based Violence (API–GBV) and the National Domestic Violence Hotline (NDVH) that emancipated minors would not be covered by the statutory definition because they are neither age 18 or older nor likely to be in the care of an individual age 18 or older, the term “survivor” is unambiguously defined by the SCA to only include “individual[s] who [are] not less than 18 years old,” and we do not believe that the SCA otherwise provides us with the authority to extend the scope of that definition. Regardless, we strongly encourage covered providers to treat legally emancipated minors as though they are survivors if they meet the SCA's criteria but for their age, and offer Start Printed Page 84408 them the full scope of protections under the SCA.
7. As we observed in the Safe Connections NPRM, the statutory language describing a survivor as an individual “who cares for another individual” against whom a covered act has been committed or allegedly committed is broad. We conclude that this phrase should be understood to encompass: (1) any individuals who are part of the same household, as defined in § 54.400 of the Commission's rules (47 CFR 54.400(h)); (2) parents or guardians of minor children even if the parents and children live at different addresses; (3) those who care for another individual by valid court order or power of attorney; and (4) an individual who is the parent, guardian, or caretaker of a person over the age of 18 upon whom an individual is financially or physically dependent. The record generally supports a broad interpretation of the phrase “who cares for,” while noting the need to provide clear and certain guidance to providers. We disagree with the NDVH's assertion that our proposed interpretation would have prevented a person who does not live in the same household from claiming survivor status if a covered act were not directly committed against them, but we nonetheless make explicit that we interpret this provision to include those individuals who are the parent, guardian, or caretaker of a person over the age of 18 upon whom an individual is financially or physically dependent ( e.g., a non-minor child financially dependent on his or her parents or guardians, but who no longer lives at the same address). We find that this interpretation appropriately balances the needs of survivors to have meaningful access to line separations and clarity for providers for administrability and fraud deterrence.
8. We decline, however, to adopt NDVH's proposal to include emotional care within the meaning of “care for” as we find that doing so would be difficult to administer and could raise account security risks. The record does not evince any examples of laws or regulations in which the phrase “cares for” is used to connote emotional caring, and as such we have no basis for finding that Congress intended this provision to be interpreted to include such circumstances.
9. We decline to mandate that covered providers establish a process for individuals age 18 or older who are considered in the care of another person to object to a line separation request made on their behalf. We agree with Verizon that an objection process could “hinder a wireless provider's ability to timely effectuate [a line separation request] within the two-business day period, put the wireless provider in an untenable position of uncertainty as to whether an otherwise valid line separation request should move forward, or both.”
10. Abuser. As proposed in the Safe Connections NPRM, we define “abuser” for purposes of our rules as an individual who has committed or allegedly committed a covered act against (1) an individual who seeks relief under section 345 of the Communications Act and the Commission's implementing rules; or (2) an individual in the care of an individual who seeks relief under section 345 of the Communications Act and the Commission's implementing rules, mirroring the substance of the SCA. No commenters objected to our proposed definition. As we explained in the Safe Connections NPRM, we do not intend our definition to serve as independent evidence of, or establish legal liability in regards to, any alleged crime or act of abuse, and adopt this definition only for purposes of implementing the SCA.
11. Covered Provider. Consistent with the SCA, we define “covered provider” as a provider of “a private mobile service or commercial mobile service, as those terms are defined in 47 U.S.C. 332(d).” No commenters objected to the Safe Connections NPRM' s proposal to adopt such a definition. Section 332(d) defines “commercial mobile service” as “any mobile service (as defined in [47 U.S.C. 153]) that is provided for profit and makes interconnected service available (A) to the public or (B) to such classes of eligible users as to be effectively available to a substantial portion of the public, as specified by regulation by the Commission,” and defines “private mobile service” as “any mobile service (as defined in [47 U.S.C. 153]) that is not a commercial mobile service or the functional equivalent of a commercial mobile service, as specified by regulation by the Commission.” We find that the line separation obligations apply to all providers of commercial mobile service or private mobile service, as the Commission might interpret and apply those definitions, regardless of the underlying technology used to provide the service ( e.g., whether provided through land, mobile, or satellite stations).
12. Consistent with the Commission's proposal, we conclude that covered providers include both facilities-based mobile network operators and resellers/mobile virtual network operators (MVNOs). No commenters objected to this proposal, and several concurred. The record indicates that for some MVNOs, the underlying facilities-based provider may have control over some parts of, or all of, the systems and infrastructure necessary to effectuate line separations. Therefore, we find that to the extent that an MVNO relies upon an underlying facilities-based provider to effectuate line separations, the MVNO should fulfill its obligations under the SCA and our rules through its contractual relationship with the underlying facilities-based provider and may satisfy its obligations by utilizing the same procedures and processes the facilities-based provider makes available to its own customers. However, to the extent an MVNO controls any facilities or systems (for example, customer care or billing), the obligations imposed by the SCA fall entirely upon the MVNO and not the underlying facilities-based provider.
13. Additionally, we conclude that the statutory definition of “covered provider” includes a provider of mobile broadband-only or mobile text service that does not also offer mobile voice service, if such provider assigns a telephone number to a device. Because the SCA defines a “covered provider” to include any provider offering private mobile service or commercial mobile service, we conclude that providers offering data-only mobile service or text-only mobile services ( i.e., no voice services) are “covered providers.” We therefore disagree with National Lifeline Association's suggestion that mobile broadband providers who do not offer mobile voice service should not be considered covered providers, as such providers are statutorily covered by the SCA as providers of private mobile service.
14. Shared Mobile Service Contract. Consistent with the Commission's proposal in the Safe Connections NPRM, we define “shared mobile service contract” as a mobile service contract for an account that includes not less than two lines of service and does not include enterprise services offered by a covered provider, mirroring the definition set forth in the SCA, except that we interpret “2 consumers” to mean “two lines of service.” As the Commission explained in the Safe Connections NPRM, “[i]t is our understanding that mobile service contracts are typically structured around the number of lines of service associated with an account rather than the number of consumers.” As a result of this contract structure, providers may not have information about any users other than the primary account holder and are therefore unlikely to be able to Start Printed Page 84409 determine whether an account is a shared mobile service contract ( i.e., has two or more consumers). Our interpretation, however, resolves this issue without requiring providers to collect additional information about each user of a multi-line account, and the record supports our approach. CTIA—The Wireless Association (CTIA) commented that our definition “will help enable program success because it generally aligns with providers' customer service and billing systems” and that “adopting a definition focused on `lines of service' rather than `consumers' will avoid impediments to survivors' ability to obtain line separations,” particularly when providers do not know the identity of each consumer associated with an account. Notably, there were no objections to this proposed definition in the record. Furthermore, we find that the operational language of the SCA supports our interpretation, as it requires providers to separate particular lines rather than particular consumers from shared mobile service contracts. Consistent with the tentative conclusion in the Safe Connections NPRM, we also find that “shared mobile service contract” includes both prepaid and post-paid mobile service contracts. This tentative conclusion was also unopposed and supported by CTIA.
15. We also conclude that a “line of service” under a shared mobile service contract is one that is associated with a telephone number, even if that line of service does not include voice services, and includes all of the mobile services associated with that line under the shared mobile service contract, regardless of classification, including voice, text, and data services. There is nothing in the statutory text to suggest that Congress intended to permit survivors to separate only certain services associated with their line but not others. Each service—voice, text, or data—could play a vital role in addressing survivors' communications needs. For example, although a device may lack voice service or capability over commercial mobile radio service, if a phone number is associated with the device, a survivor may use the number with certain over-the-top (OTT) services to send and receive messages or make voice calls by utilizing Voice over internet Protocol (VoIP) technology using data services or data messaging services. Such OTT services may include, for example, applications like WhatsApp, Signal, Messenger, and Telegram. Permitting separation of such lines may help avoid complications that could arise from disassociating with an existing number for these services. Had Congress wanted to limit line separations to only those lines with voice service, it could have done so explicitly in the statutory text. Congress, however, noted that “perpetrators of violence and abuse increasingly use technological and communications tools to exercise control over, monitor, and abuse their victims.” Clearly, Congress recognized that abusers might try to exercise control over survivors not only by limiting access to or monitoring devices with voice services but also by controlling other technological and communications tools. Because Congress sought to promote “reliable communications tools to maintain essential connections with family, social safety networks, employers, and support services,” we see no reason to limit the definition of “line of service” to only those lines with voice service when so doing could impede a survivor's access to certain devices and hamper their ability to gain support and services they need.
16. We disagree with Verizon's assertion that “it is far from clear that Congress intended certain other devices,” such as tablets with no mobile capability, which only “nominally” have a line associated with a customer account, to be covered by the SCA. Denying a survivor the ability to separate a line simply because it is “nominally” associated with a device could allow an abuser to maintain control over or monitor the line and the device associated with line and inhibit a survivor's ability to break free from an abusive situation. For example, a survivor may want to separate a line for a device in order to protect his or her location information from an abuser with access to the shared mobile account information. Had Congress wanted to limit line separations in the manner Verizon suggests, Congress could have explicitly done so. However, Congress defined a shared mobile service contract as a mobile service contract that includes not less than two “consumers”—it did not in any way cabin “consumer” to a particular type of mobile service. Therefore, rather than “being far from clear,” it would seem counter to congressional intent to disallow a survivor's line separation request because the line at issue is only “nominally” associated with a device.
17. We also disagree with Verizon's assertion that covered providers are not statutorily required to (but may voluntarily) separate more than one line per survivor on the basis that Congress intended to limit separations to one line per survivor because “the statute uses the term `line' in the singular, not plural.” As an initial matter, we read the statutory language in subsection (b) as framing the process to address each discrete line separation request, which grammatically requires the use of “line” in the singular, and in no way limits the number of lines for which a survivor may seek separation. Furthermore, limiting a survivor to one line separation request could potentially allow an abuser to maintain control over or monitor the survivor's other lines (or devices connected to other lines) that remain on the shared contract. We believe this would be contrary to Congress's goals, particularly of helping survivors establish “independent access to a wireless phone plan.” We also believe that had Congress intended to allow only one line separation per survivor (and one line per each individual in the care of a survivor), it would have made this limitation clear in the text. For example, instead of using the term “the line,” Congress could have said that a provider must “separate one line of the survivor, and one line of any individual in the care of the survivor.” Alternatively, Congress could have expressly limited the number of separations by stating that “a survivor is entitled to one line separation for the survivor and one line separation for each individual in the care of the survivor.” Moreover, the statute uses the exact same term “the line” when discussing the separation of an abuser's line as it does when discussing the separation of a survivor's line. Accepting Verizon's statutory interpretation would mean that a survivor is limited to separating only one line of the abuser's from the shared account. We do not believe that Congress intended to limit a survivor's ability to completely remove an abuser from a shared mobile service contract when so doing would likely impair the survivor's ability to establish independent wireless communications and leave the abusive situation. For all these reasons, we disagree with Verizon's assertion and conclude that covered providers must separate multiple lines, when applicable.
18. The SCA's definition of “shared mobile service contract” explicitly excludes “enterprise services.” Consistent with the Commission's proposal in the Safe Connections NPRM, we conclude that enterprise services are those products or services that are not ordinarily available to mass market customers and are primarily offered to entities to support and manage business operations, which may provide greater security, integration, support, or other features than are Start Printed Page 84410 ordinarily available to mass market customers, and excludes services marketed and sold on a standardized basis to residential customers and small businesses. Our conclusion is consistent with the Commission's past findings that mass market services are those that are generally “marketed and sold on a standardized basis to residential customers [and] small businesses” whereas enterprise services are “typically offered to larger organizations through customized or individually negotiated arrangements.”
19. Although we appreciate industry concerns over fraud, we decline to create a presumption that wireless accounts listing a business entity as the primary account holder are “enterprise” accounts. We find the concerns of the NCTA—The internet & Television Association (NCTA) that business accounts will be greater targets for fraud without a presumption that all accounts with a business listed as the primary account holder are enterprise accounts or a presumption that any account for which a party has subscribed to a “business wireless service” is an enterprise account to be overstated. The SCA includes adequate safeguards against the type of potential enterprise account fraud raised by NCTA by requiring survivors to submit documentation along with a line separation request demonstrating that an “abuser” who uses a line under the shared mobile service contract has committed or allegedly committed a covered act against the survivor ( i.e., the person requesting the line separation) and an affidavit that the survivor is the user of the specific line. In practical terms, we expect that it would be challenging for a bad actor to make this required showing where the account holder is a business, and not an individual, unless the abuser's name is also the business name on the account. We believe this required showing will minimize the potential for fraud on business accounts. As such, we decline to adopt the CTIA and NCTA suggested presumptions.
20. Primary Account Holder. Finally, as proposed in the Safe Connections NPRM, we define “primary account holder” as “an individual who is a party to a mobile service contract with a covered provider,” mirroring the definition in the SCA. While no commenters opposed this proposal, Verizon noted that “accounts typically have one named account owner,” and explained that “the possibility that `more than a single individual [may be] a party to a mobile service contract' should not affect how the SCA is implemented in practice.'” As such, we see no need to depart from the statutory definition of primary account holder.
2. Submission of Line Separation Requests
21. In this section, we adopt rules to clarify the requirements for submission of a line separation request under section 345 of the Communications Act. We largely codify the requirements set out in the SCA for how survivors submit line separation requests while adopting some measures that clarify those requirements pursuant to the SCA's command that we consider various factors when enacting regulations for the line separation requirement. In particular, the SCA requires the Commission to consider, among other things, privacy protections; account security and fraud detection; the requirements for remote submission of line separation requests, including submission of verification information; feasibility of remote options for small covered providers; compliance with customer proprietary network information (CPNI) requirements; and ensuring covered providers have the necessary account information to comply with the SCA and our rules. Our aim is to maximize survivors' ability to obtain line separations by ensuring that covered providers have clear direction on their obligations related to the submission of line separation requests. Specifically, we establish requirements regarding the information that survivors must submit to request a line separation and the options providers must give survivors when survivors are making a line separation request, taking into account flexibility for survivors wherever possible. We recognize that there may be some instances in which a survivor may wish to separate an abuser's line but is not able to identify the phone number of the abuser that is associated with the account. We expect that in these instances, covered providers will work with survivors to separate the lines of the survivor and those in the survivor's care from the account.
a. Information Required To Submit Line Separation Requests
22. The rules we adopt concerning the information that survivors must submit to make a line separation request are closely aligned with the requirements set out in the SCA. Specifically, we require that a survivor's line separation request: (1) state that the survivor is requesting relief from the covered provider under section 345 of the Communications Act and our rules; (2) identify each line that should be separated using the phone number associated with the line; (3) regardless of which lines will be separated, identify which line(s) belong to the survivor and state that the survivor is the user of those lines; (4) when a survivor is seeking separation of the line(s) of any individual under the care of the survivor, include an affidavit setting forth that any such individual is in the care of the survivor and is the user of the specific line; (5) when a survivor is seeking separation of the abuser's line, state that the abuser is the user of that specific line; and (6) include documentation that verifies that an individual who uses a line under the shared mobile service contract ( i.e., an “abuser”) has committed or allegedly committed a covered act against the survivor or an individual in the survivor's care. We also require that a line separation request include the name of the survivor and the name of the abuser that is known to the survivor, which may assist covered providers' fraud detection efforts. While some commenters generally expressed that we should ensure the process for requesting line separations is not cumbersome, none specifically addressed our proposed approach. We find that these requirements are consistent with the statutory requirements set forth in the SCA and properly balance the needs of survivors and covered providers' interest in preventing fraudulent line separations.
23. Affidavits Regarding an Individual in the Care of a Survivor. When a survivor is seeking a line separation for an individual in the care of a survivor, we require the survivor to submit an affidavit that is signed by the survivor and dated near the time of submission. We decline to adopt Verizon's suggestion, however, that we require such affidavits include the name of the individual being cared for, relationship of the survivor to the cared-for individual, or other information for fraud deterrence purposes. We conclude that requiring information about such individuals raises privacy concerns that are not outweighed by the potential fraud deterrence benefits, particularly given covered providers may not have this information documented in the shared mobile account in the first place. In addition, we agree with the New York City Mayor's Office to End Domestic and Gender-Based Violence (NYC ENDGBV) that there should not be a notarization requirement for affidavits, as such a requirement would be burdensome for survivors because they “may not have access to a form of identification to verify their identity to a notary and may not have the resources Start Printed Page 84411 to find, travel to, or acquire a notary public.”
24. Documentation Demonstrating Survivor Status. Consistent with the SCA, we require survivors seeking a line separation to submit documentation that verifies that an individual who uses a line under the shared mobile service contract has committed or allegedly committed a covered act against the survivor or an individual in the survivor's care ( i.e., is an “abuser”). To meet the requirement for demonstrating survivor status, survivors must submit one or more of the eligibility documents prescribed by the SCA: (1) a copy of a signed affidavit from a licensed medical or mental health care provider, licensed military medical or mental health care provider, licensed social worker, victim services provider, licensed military victim services provider, or an employee of a court, acting within the scope of that person's employment; or (2) a copy of a police report, statements provided by police, including military or Tribal police, to magistrates or judges, charging documents, protective or restraining orders, military protective orders, or any other official record that documents the covered act. The documentation provided should clearly indicate a known name for the abuser and the survivor, as well as include some kind of affirmative statement that constitutes an indication that the abuser actually or allegedly committed an act that qualifies as a covered act against the survivor or an individual in the care of a survivor. No commenter opposed our establishment of such requirements. Consistent with the Commission's proposal, we also codify the proviso in the SCA stating that nothing in our rules implementing section 345(c) “shall affect any law or regulation of a State providing communications protections for survivors (or any similar category of individuals) that has less stringent requirements for providing evidence of a covered act,” which was unopposed in the record.
25. We interpret the phrase “any other official record that documents a covered act” to mean records from any governmental entity, including Tribal governments. We find that this is the best interpretation of this phrase because the documents listed preceding this phrase are records from government entities, and although they are specifically records from law enforcement entities, Congress did not limit the scope of the phrase by qualifying it with “any other official law enforcement record that documents a covered act.” We also find that this reading is most consistent with the goals of the SCA as it permits survivors to submit official records from other government entities not listed in the statute that might commonly assist survivors, such as child and family service agencies. No commenter urged us to interpret the phrase narrowly, and for the reasons discussed below, we decline to interpret this clause more broadly to allow survivors to submit self-certification of survivor status. We also decline to interpret the “other official record” phrase to include records of domestic violence services organizations, or medical or mental health records that describe treatment for injuries, without the need to obtain a signed affidavit from the provider, as the New York State Office for the Prevention of Domestic Violence requests as the first clause of the SCA's documentation provision specifically requires that such records be accompanied by a signed affidavit from the care provider and we find there is no basis for interpreting the “other official record” phrase to directly contradict that requirement.
26. Although we are sympathetic to concerns raised in the record that some survivors may have difficulty securing the documents specified by the SCA to demonstrate survivor status, or doing so in a timely manner, we find that there is no valid basis for interpreting the statute to allow self-certification of survivor status. Several commenters urge us to permit self-certification, but none explain how the SCA provides the Commission with the authority to do so, or how doing so is consistent with congressional intent. On the contrary, we find that doing so would contradict congressional intent. As the Commission explained in the Safe Connections NPRM, when Congress adopted the SCA, it was not unaware that self-certification could be an option for survivors to demonstrate survivor status, as the Commission had sought comment on allowing self-certification in its Notice of Inquiry. We expect that Congress also likely knew of the option for survivors to self-certify their status given that a similar New York law already permitted it as an option. Congress nevertheless excluded self-certification from its detailed list of permissible documentation. Presumably recognizing that the documentation requirements it set were more stringent than those that already existed in New York, Congress included a savings clause in the statute that specifically preserves states' ability to adopt less stringent certification requirements in state laws or regulations. Although EPIC et al. cites this provision as a reason why the Commission should conclude that the list of permitted documentation is non-exhaustive and that self-certification should be permitted, it is precisely because the SCA sets out a list of permitted documentation and preserves states' rights to set less stringent requirements in separate state laws that we conclude the Commission is restricted in its ability to expand the scope of permitted documentation to include self-certification. We likewise conclude that self-certification does not fit into the phrase permitting survivors to submit “any other official record that documents a covered act,” given our conclusion that Congress intended that clause to be limited to records created by government entities. We also find that the best reading of “official record” is a “record created by, received by, sanctioned by, or proceeding from an individual acting within their designated capacity,” which would not include self-certification. For many of the reasons discussed in this paragraph, we also conclude that the SCA does not permit us to allow survivors to submit any other forms of documentation of survivor status besides those already discussed.
27. Next, we do not require that such documentation be dated or that the date be within a certain time period before the survivor submits the line separation request. We agree with API–GBV that we should “provide flexibility to allow people to disclose victimization or to apply for protections at their own pace, given the risks that survivors face as they plan for their safety.” We also anticipate that many survivors may have sought assistance years before the effective date of the SCA and our implementing rules, and we do not want to deter those survivors from taking advantage of the new benefit that is available to them or require them to seek assistance again just for the purpose of having newer documentation created. We likewise do not require that the documentation show that the covered act occurred within a certain time period prior to the request. We are cognizant of how difficult it may be for survivors to seek assistance and expect there may be instances where a survivor reported a covered act years ago but has not done so again recently despite ongoing abuse.
28. Assessing the Authenticity of Documentation. The record reflects broad agreement from stakeholders that we should not require covered providers to assess the authenticity of the documentation that survivors submit, and therefore we decline to adopt such a requirement. We find this approach is appropriate given concerns that many covered providers may not have the Start Printed Page 84412 expertise to accurately evaluate the authenticity of documentation and could mistakenly deny legitimate requests. We conclude, however, that the SCA does not prohibit covered providers from attempting to assess the authenticity of documentation and from denying line separation requests based on a reasonable belief the request is or may be fraudulent, and we therefore permit them to do so. Such authentication might include confirming the documentation is from an entity that actually exists, assessing whether the documentation has identifiers that demonstrate the documentation is actually a record of that entity, and comparing any identifying information in the documentation about the abuser and survivor with information in the covered provider's records to confirm that it matches. However, to protect survivor privacy, we prohibit covered providers from directly contacting entities that created any documentation to confirm its authenticity. To mediate concerns about the accuracy of covered providers' assessments, we emphasize that covered providers must first form a reasonable belief that a request is or may be fraudulent before denying the request, and urge covered providers to consider possible legitimate reasons for why submitted documentation may not pass a provider's standard authentication checks. For example, mismatched identifying information could result from a document's use of nicknames or other names that would not match providers' records. We find that allowing, but not requiring, a covered provider to attempt to authenticate submitted documentation balances the public interests of fraud prevention and ensuring survivors' ability to obtain legitimate line separations. Accordingly, we decline NYC ENDGBV's suggestion to altogether prohibit covered providers from attempting to authenticate documents submitted by survivors.
29. Assessing the Veracity of Evidence of Survivor Status. We prohibit covered providers from assessing the veracity of the evidence of survivor status contained within the submitted documents, or relying on third parties to do so. We expect that, in most cases, survivors will not be in a position to control what information other entities include in the documentation to ensure it clearly establishes survivor status. Thus, allowing covered providers to evaluate the truthfulness of the information provided and potentially use it as a basis for denying requests could limit legitimate line separations. We also make clear that the prohibition on assessing the veracity of survivor status evidence means that covered providers may not contact survivors to interrogate them about their experience, which “can be retraumatizing for survivors,” particularly since “providers are likely not trained in trauma-informed engagement.” The record affirms our belief that many covered providers may not have the expertise to accurately evaluate the veracity of the documentation survivors submit. We find that it would undermine the goals of the SCA if a covered provider denied a line separation based on an incorrect determination about the veracity of the evidence presented. We agree with Verizon and CTIA that the SCA's liability limitation clause provides protections for covered providers if they reasonably rely on the documentation survivors provide to demonstrate survivor status and approve line separation requests that turn out to be fraudulent.
30. Other Information. We do not, at this time, require a survivor who is not the primary account holder to submit other information, including passwords, about the account or the primary account holder, as the record does not show that such additional information is needed to address fraud and could be unnecessarily burdensome for survivors. No commenter advocated that we require such information. Rather, consistent with the concern raised in the Safe Connections NPRM, Verizon noted that “survivors may have little if any visibility into account information such as PINs, billing addresses, and primary numbers that an abuser may keep private.” We do, however, permit a covered provider to request the account number, primary phone number, full or partial address, and PIN or password associated with the account, as long as the covered provider makes clear to the survivor that such information is not required to process the line separation request and that the request will not be denied if the information is not provided or is inaccurate. We acknowledge Verizon's assertion that such information, if available, “could help a provider to process the [line separation request] more quickly in some cases, and to investigate and remedy transactions that later turn out to have been fraudulent or unauthorized.”
31. Assistance with Completing Line Separation Requests. To maximize survivors' ability to pursue line separation requests, we conclude that survivors may rely on assistance from other individuals, including the survivor's designated representative, to prepare and submit line separation requests. We agree with commenters that this approach maximizes survivor self-determination and agency, and that it could be particularly useful for individuals with disabilities or whose first language is not English. No commenter opposed this approach. While the SCA requires covered providers to effectuate line separations after receiving a completed line separation request from a survivor, it also permits survivors to indicate a designated representative for communications regarding line separation requests, which we find signifies Congress's expectation that survivors might rely on other individuals in relation to line separation requests. To ensure that covered providers have the means to identify the individuals who survivors select to assist with line separation requests, we require providers to request the name and relationship to the survivor for individuals who assist survivors and we require those assisting survivors to provide that information, along with a statement that the person assisted the survivor with the line separation request. Providers may use methods that are reasonably designed to confirm the identity of the “designated representative.” We expect that any added cost for requiring covered providers to request this information will be negligible.
32. Confidential Treatment and Secure Disposal of Personal Information. We adopt our proposal to require a covered provider, including any officer, director, and employee—as well as a covered provider's vendors, agents, or contractors that receive or process line separation requests with the survivor's consent, or as needed to effectuate the request—to treat the fact of the line separation request as well as any documentation or information a survivor submits as part of a line separation request as confidential, and securely dispose of the information not later than 90 days after receiving the information, consistent with the SCA. The record supports adoption of this requirement, including our proposed clarification that a “vendor,” as used in the SCA, includes a “contractor” who may receive a line separation request in its provision of services to a covered provider, on the basis that this interpretation reflects the business practices of covered providers and will mitigate privacy risks to survivors. We note that covered providers must abide by this requirement even if they are unable to process a line separation request. Start Printed Page 84413
33. We conclude that treating the line separation request itself, as well as documentation and information a survivor submits as part of a line separation request, as confidential means not disclosing or permitting access to such information unless subject to a valid court order, except: (1) to the individual survivor submitting the line separation request; (2) to anyone that the survivor specifically designates; (3) to those third parties necessary to effectuate the request ( i.e., vendors, contractors, and agents); and (4) to the extent necessary, to the Commission and the Universal Service Administrative Company (USAC) to process emergency communications support through the designated program or address complaints or investigations. We disagree with CTIA that the Commission should not afford protections to survivors (and alleged abusers) from the misuse of their data by law enforcement on the basis that doing so is outside the scope of the SCA and the Safe Connections NPRM. The SCA directs the Commission to adopt regulations concerning the line separations requirements, which includes the confidentiality requirements, and thus we find that addressing this issue is within the scope of the SCA. Given concerns expressed by EPIC et al., we find that requiring law enforcement to obtain a court order to access information about a line separation request is a necessary protection for survivors (and alleged abusers). We do not anticipate that this requirement will be burdensome for providers to implement given that they already have a duty to protect the confidentiality of proprietary information of customers, including a duty to prevent access to customer proprietary network information (CPNI) “[e]xcept as required by law or with the approval of the customer.” Additionally, requiring a court order prevents covered providers from being placed in a position of having to assess whether a law enforcement official may be misusing their official authority.
34. We limit providers from using, processing, or disclosing the line separation request—or any documentation or information submitted with line separation request—for purposes unrelated to implementing the request, providing services, or otherwise managing the survivor's account. We also conclude that the requirement to “treat” information submitted in connection with a line separation request as “confidential” prohibits covered providers from using, processing, or disclosing ( e.g., to joint-venture partners) such information for marketing purposes.
35. We confirm our tentative conclusion that to the extent that any information a survivor submits as part of a line separation request would be considered CPNI and therefore subject to disclosure to the customer or a designee, the SCA's confidentiality requirement nevertheless requires that such information (along with any information submitted by a survivor that would not be considered CPNI) be treated confidentially and disposed of securely. We conclude that this is the best reading of the SCA's language requiring confidential treatment “[n]otwithstanding Section 222(c)(2)” of the Communications Act. EPIC et al. agrees with this reading, and no commenter offered an alternative interpretation. Thus, although section 222(c)(2) normally requires telecommunications carriers to “disclose customer proprietary network information, upon affirmative written request by the customer, to any person designated by the customer,” when such CPNI is submitted by survivors as part of a line separation request, covered providers must follow the SCA's heightened requirements for confidentiality and secure disposal.
36. We decline to find that the identity of the abuser and the reason for the line separation ( i.e., the alleged abuse) should be treated as CPNI for the purpose of protecting the personal information of abusers, as requested by EPIC et al. Neither data element fits logically within the categories of information that constitute CPNI, and it need not for those data to benefit from the SCA's confidential and secure disposal protections, which protect the privacy of both survivors and alleged abusers. The confidentiality obligation itself, that is, requires that such information be protected.
37. To help ensure confidential treatment and secure disposal of information submitted with line separation requests, we also require covered providers to follow data security measures commensurate with the sensitivity of line separation requests, as well as the information and documentation submitted with line separation requests. Specifically, we require covered providers to implement policies and procedures governing confidential treatment and secure disposal of this information, train employees on those policies and procedures, and restrict access to databases storing such information to only those employees who need access to that information. We believe these baseline requirements will create the foundation for covered providers to treat line separation information confidentially and dispose of it securely. We conclude that these requirements will not be burdensome for most covered providers given that all telecommunications carriers and interconnected Voice over internet Protocol (VoIP) providers must already train employees to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers and that we have specific rules governing the protection of CPNI, and we expect that most providers already have data security policies and procedures to limit access to certain information. In all cases, we anticipate that covered providers will only need to modify their practices and systems to include treatment of line separation information.
38. Understanding that covered providers may need flexibility to comply with the confidentiality and disposal requirements, we otherwise decline to prescribe specific measures that covered providers must use to treat information submitted with a line separation request as confidential and securely dispose of it. We conclude, however, that unauthorized disclosure of, or access to, information survivors submit as part of a line separation request will be considered evidence in an investigation by the Commission that a covered provider has not adopted sufficient measures to protect against such disclosure or access. This approach aligns with our expectations for carriers' treatment of CPNI. The SCA's confidentiality and disposal requirements demonstrate that Congress thought the privacy of information related to line separation requests is paramount, and we anticipate that our approach will incentivize covered providers to adopt best practices as they evolve over time to ensure the confidentiality and secure disposal of such information. Such best practices might include encryption, masking, data minimization ( i.e., only collecting data necessary for the intended purpose and deleting data when it is no longer necessary), access controls, secure password policies, traffic monitoring, and internal firewalls. Indeed, a covered provider may be able to overcome evidence related to a breach of survivor information if the provider is able to show that it used industry best practices at the time of the breach. We are also concerned that prescribing specific data security practices might result in the rules becoming obsolete over time. We Start Printed Page 84414 make clear that the liability protections in the SCA do not shield covered providers, or their vendors, agents, and contractors, from enforcement actions that may result from their failure to adopt adequate practices to treat line separation information as confidential and securely dispose of it. Additionally, we emphasize that covered providers subject to section 222 have an independent responsibility to protect such confidential information and will therefore be subject to potential enforcement action for failures by their vendors, agents, and contractors to adopt sufficient confidentiality and secure disposal measures.
39. We also clarify the limited instances in which a covered provider may retain information about a line separation request beyond the 90-day disposal deadline established by the SCA. First, consistent with the SCA, we permit a covered provider to maintain a record that verifies that a survivor fulfilled the conditions of a line separation request for longer than 90 days, but prohibit providers to retain, as part of this record, the affidavit, documentation of survivor status, or other original records a survivor submits with the request, as that information is deemed confidential and subject to secure disposal within 90 days. Second, we permit a covered provider to retain any confidential record related to the line separation request, including an affidavit and documentation of survivor status, for longer than 90 days upon receipt of a legitimate law enforcement request. In both cases, we require a covered provider to treat the records it retains as confidential, and dispose of such records securely. To be clear, even though the record that verifies that a survivor fulfilled the conditions of a line separation request is not an original record submitted with a request, it must nonetheless be treated as a confidential record. We decline the Boulder Regional Emergency Telephone Service Authority's (BRETSA) suggestion that we require covered providers to deliver a 911 call placed by a survivor over the survivor's separated line with “some indication to the PSAP [public safety answering point] that the call is from service assigned to an individual escaping an abusive relationship.” We agree with commenters that such a requirement falls outside the scope of the SCA and our implementing rules.
b. Required Options Covered Providers Must Offer to Survivors
40. We now adopt requirements regarding basic categories of information covered providers must make available to, or request from, survivors when granting a line separation request. These requirements are intended to streamline the line separation process for covered providers and to maximize the simplicity with which survivors can obtain line separations in a timely manner. First, we codify in our rules the SCA's requirement that a covered provider inform the survivor, through remote means, at the time the survivor submits a line separation request, that the provider may contact the survivor, or the survivor's designated representative, to confirm the line separation or inform the survivor if the provider is unable to complete the line separation. As explained in the Safe Connections NPRM, we find that this approach will allow survivors to make an informed choice regarding which contact information and manner of communication is best given their particular circumstances. No commenter opposed this approach.
41. Second, for line separation requests submitted by a survivor through remote means, we require covered providers to “allow the survivor to elect in the manner in which the covered provider may—(i) contact the survivor, or designated representative of the survivor, in response to the request, if necessary; or (ii) notify the survivor, or designated representative of the survivor, of the inability of the covered provider to complete the line separation,” which mirrors the SCA. We conclude that this requirement simply obligates a covered provider to allow a survivor to select, at the time the survivor submits a line separation request through remote means, the manner the provider must use to communicate with a survivor after the survivor submits the request. Among the communication options offered to the survivor, we require a covered provider to include at least one means of communication that is a “remote means.” We also require covered providers to allow survivors to indicate their preferred language for future communications from among those in which the covered provider currently advertises, and deliver any such future communications in the survivor's preferred language if it is one in which the provider currently advertises. Additionally, we require covered providers to ask survivors to provide the appropriate contact information with their requests. We decline Verizon's suggestion that we require a survivor to submit a telephone number and email address with its request for use in contacting the survivor. The SCA permits survivors to select the means that covered providers must use to communicate with them, which may or may not be both phone and email. To prevent covered providers from attempting to contact survivors using any other means, we only require survivors to provide contact information for the means they select, unless it is otherwise necessary to provide documentation of a completed line separation request for Lifeline purposes, as discussed below. We also prohibit providers from engaging in communications that are not directly related to the line separation request, such as marketing and advertising communications that are not related to assisting survivors with understanding and selecting service options. No commenter opposed adoption of these requirements.
42. Third, we require covered providers to allow a survivor submitting a line separation request to indicate their service choices when they are submitting a line separation request. Specifically, we require covered providers to allow a survivor to indicate the service plan a survivor chooses from among all commercially available plans the covered provider offers for which the survivor may be eligible, including any prepaid plans, as well as whether the survivor intends to retain possession (and therefore take financial responsibility) of any device associated with a separated line. API–GBV and the Competitive Carriers Association (CCA) both supported such a requirement, and no commenter opposed it.
43. Fourth, as mandated by the SCA, we require a covered provider to inform the survivor of the existence of the Lifeline program as a source of support for emergency communications for qualifying survivors, and to include a description of who might qualify for the program and how to participate. We require covered providers to provide this information to survivors as part of the line separation request mechanism as we anticipate that having this information may help survivors determine which service plan may suit them best. We require covered providers, at a minimum, to inform survivors that their participation in the Lifeline program and the Affordable Connectivity Program (ACP) based on their status as survivors will be limited to six months unless they can qualify to participate in Lifeline and/or ACP under the programs' general eligibility requirements. We decline to adopt standardized language regarding the content of this communication as we do not find it necessary at this time. We find that our approach provides sufficient guidance to covered providers regarding what information they must Start Printed Page 84415 include in their communications. We also require covered providers to allow survivors to indicate whether they intend to apply for emergency communications support through the designated program, if available through the provider.
44. Finally, to the extent that a covered provider cannot operationally or technically effectuate certain types of line separations in all instances, we require a covered provider to identify—in a contemporaneous communication to the survivor—which types of line separations the provider cannot perform and state that it cannot perform those separations due to operational or technical limitations.
3. Requirement To Separate Lines Upon Request
45. We codify the SCA's requirement that, for a shared mobile service contract under which a survivor and abuser each use a line, a covered provider must, not later than two business days after receiving a completed line separation request from a survivor, (1) separate the line(s) of the survivor, and the line(s) of any individual in the care of the survivor, from the shared mobile service contract, or (2) separate the line(s) of the abuser from the shared mobile service contract. We conclude, as proposed, that because the SCA requires covered providers to implement line separation requests from survivors for shared mobile service contracts “under which the survivor and the abuser each use a line, ” neither the abuser nor the survivor must be the primary account holder for a line separation to be effectuated, regardless of whose line is separated from the account. We also find that a person who does not use a line on an account—but is a “survivor” under the statute because the person is someone who cares for another individual against whom a covered act has been committed or allegedly committed—would be able to request a line separation because the definition of “survivor” allows that person to stand in for the individuals in their care.
46. We acknowledge the seriousness of concerns raised in the records about dangers to survivors from spyware applications or software installed on a survivor's device that could remain after a line separation. We find, however, that regulation of such third-party applications and software is beyond the scope of the SCA. We further note providers' assertions that removal of such applications and software may not be within the control of the covered provider. However, with respect to carrier-branded apps and software on devices that may enable shared mobile plan account owners to track users' devices or provide access to customer information through online accounts, we expect covered providers to take all steps necessary to ensure that such apps and software do not enable an abuser to retain access to information about a survivor's line or device post-separation.
47. Below, we clarify covered providers' obligations under this requirement, and in doing so, we emphasize the importance of survivors' ability to obtain the line separations of their choosing in a timely manner while recognizing the practical challenges that covered providers may face in effectuating those separations.
a. Identity Authentication
48. We first require that covered providers attempt to authenticate, using multiple authentication methods if necessary, that a survivor, or a person in the care of the survivor, requesting a line separation is a user of a specific line or lines, and permit covered providers to deny line separation requests when the survivor cannot be authenticated or the provider has a reasonable belief that the request is or may be fraudulent. Specifically, when the survivor is the primary account holder or a user designated to have account authority by the primary account holder (designated user), we require covered providers to attempt to authenticate survivors just as they would any other primary account holder or designated user. This means that requests coming from primary account holders and designated users must comply with any other Commission rules that apply to authentication of such individuals, including those related to access to CPNI and the Commission's rules adopted to address Subscriber Identity Module (SIM) swap and port-out fraud. When the survivor is not the primary account holder or a designated user, we require covered providers to attempt to authenticate their identity using methods that are reasonably designed to confirm the survivor, or a person in the care of the survivor, is actually a user of the specified line(s) on the account, and that such authentication shall also be sufficient for requesting a SIM change when made in connection with a line separation request. To the extent this requirement differs from other authentication requirements, see, e.g.,47 CFR 64.2010, the line separation authentication requirement we adopt in this document to implement 47 U.S.C. 345 serves as an exception to those other requirements. We agree with CTIA and CCA that providers may need flexibility to authenticate and therefore we decline to specify or otherwise limit the methods that covered providers can use to authenticate the identity of survivors who are not primary account holders. Although we acknowledge that some authentication methods may be less secure than others, the record demonstrates that certain methods, such as verification using phone calls or text messages delivered to a survivor's number or knowledge-based checks using call detail information, may be the only practical means in some instances to authenticate survivors who are not the primary account holder and about whom covered providers have no other information.
49. Our approach balances our twin goals of maximizing survivors' ability to obtain legitimate line separations and of preventing fraud. On this issue, industry commenters agreed that covered providers should be given flexibility on how to authenticate survivors and their ability to deny individuals who cannot be authenticated. Conversely, EPIC et al. asserted that the Commission should prioritize survivors' ability to access and use the line separations process over speculative concerns that the line separations process will be used for fraud. We find that the rule we adopt is sufficiently supported by the record and therefore we disagree with CTIA that it is necessary to find a consensus before establishing authentication requirements. We also find that the authentication requirement preserves account security by helping to prevent fraudulent account takeovers, protects privacy by preventing unauthorized access to account information, and ensures covered providers have the necessary account information to comply with our rules and the SCA, consistent with the issues the SCA requires the Commission to consider when adopting line separation rules.
50. We decline NCTA's request to permit covered providers to call or text lines of those in the care of the survivor that are the subject of the line separation request to confirm that the non-abuser individual “approves the separation request” or otherwise “confirm that the request is valid before approving it.” NCTA argues that covered providers “should be permitted to decline to process the line separation request if this verification is not completed ( e.g., because the abuser has taken the device associated with the line) and, instead, give the party requesting the separation the option of creating a new account with a new telephone number.” As an initial matter, the SCA contemplates that a survivor would be able to separate a line even when the abuser is in Start Printed Page 84416 possession of the device associated with that line, and therefore we disagree that we should approve of covered providers denying separation requests for those lines in all instances. More significantly, we are concerned that allowing covered providers to attempt verification on other lines may alert abusers about the survivor seeking a line separation at an early stage in the process. This might occur, for example, if the abuser is near to or in possession of the devices associated with those lines, such as if the abuser is with children who are in the care of the survivor while the survivor is elsewhere seeking a separation that includes those children's lines. We therefore find that these potential threats to survivors and those in their care outweigh the potential fraud prevention benefits of NCTA's proposed verification process.
b. Establishing “Secure Remote Means” for Line Separation Request Submissions
51. We codify the SCA's requirement that covered providers “offer a survivor the ability to submit a line separation request . . . through secure remote means that are easily navigable, provided that remote options are commercially available and technically feasible.” No commenter opposed this requirement, and we elaborate on the various aspects of this requirement below.
52. Secure Means. Consistent with the SCA's goals to protect the confidentiality of survivor information, we adopt requirements regarding the secure submission of line separation requests. First, we conclude that any means a covered provider offers survivors to submit a line separation request, including non-remote means, must be secure. Second, we find that, at a minimum, secure means are those that prevent unauthorized disclosure of, or access to, the fact of the line separation request or the information and documentation submitted with the line separation request during the submission process. Third, as with the Commission's CPNI rules and the rules we adopt above for confidential treatment and secure disposal of the records survivors submit to covered providers with a line separation request, we conclude that unauthorized disclosure of, or access to, the fact of the line separation request or the information and documentation submitted with a line separation request will be considered evidence in an investigation by the Commission that a covered provider did not provide a “secure” means for submitting the request. We otherwise decline to prescribe specific requirements for what constitutes “secure” with respect to the means of submitting line separation requests, but as with our rules governing treatment of line separation records, we expect our approach will incentivize covered providers to adopt best practices for security as they evolve over time. No commenter opposed our adoption of any such requirements.
53. Remote Means. Although the SCA does not define what constitutes “remote means,” we interpret that phrase in a manner that maximizes survivor flexibility for submitting line separation requests. First, we conclude that a “remote means” for submitting a line separation request is a mechanism that does not require the survivor to interact in person with an employee of the covered provider at a physical location. No commenter opposed this interpretation. We agree with API–GBV that this interpretation “is particularly important for survivors in remote areas, or in communities in which physically going to a single location might jeopardize a survivor's safety or confidentiality.” As such, requiring survivors to visit a brick and mortar store would not constitute remote means. Conversely, a form on a covered provider's website with the ability to input required information and attach necessary documents would constitute remote means. We also find that submissions via email, a form on a provider's mobile app, a chat feature on a provider's website, interactive voice response (IVR) phone calls, fax, and postal mail would constitute remote means. Additionally, we conclude that a live telephone interaction, text message communication, or video chat with a customer service representative would constitute remote means. We do not intend this list to be exhaustive as there may be other methods currently available or developed in the future that would not require a survivor to interact in person with an employee of a covered provider at a physical location. Furthermore, to maximize survivor choice, we conclude that covered providers can offer survivors means that are not considered remote as long as the provider does not require survivors to use those non-remote means or make it more difficult for survivors to access remote means than to access non-remote means.
54. Second, consistent with API–GBV and NYC ENDGBV's requests, we require covered providers to offer survivors more than one remote means of submitting a line separation request, and encourage them to offer several means. We are concerned that certain remote means may be so obsolete or so novel that they would be difficult for some survivors to access, and that if those means are the only ones a covered provider offers, they would deter survivors from pursuing a line separation. We also anticipate that offering alternative remote means will make line separations more accessible to survivors who may be using different technologies or have different levels of digital literacy. We conclude that when Congress directed covered providers to “offer a survivor the ability to submit a line separation request . . . through secure remote means, ” the word “means” in this context is ambiguous as to whether providers must offer one or more than one means. Given this ambiguity, and the lack of the singular article “a” before the phrase “secure means,” we interpret “means” as a plural noun.
55. Third, we conclude that the remote means a covered provider offers must allow survivors to submit any necessary documentation, but we permit providers to offer means that allow or require survivors to initiate a request using one method (such as an IVR phone call) and submit the documentation through another method (such as via email). This approach received support in the record and was otherwise unopposed. Fourth, we require covered providers to accept documentation in any common format, including, for example, pictures of documents or screenshots. We find that this approach will minimize difficulty for survivors seeking line separations.
56. Additionally, consistent with existing statutory and regulatory requirements, we make clear that a covered provider must offer alternative remote means that are accessible by individuals with different types of disabilities. The Accessibility Advocacy Organizations highlight the importance of such a requirement, explaining that such individuals are often at increased risk of domestic violence, and therefore that it is critical that they be able to access the protections afforded by the SCA. We decline, however, to require that covered providers offer direct video calling (DVC) as a means of submitting line separation requests, as the Accessibility Advocacy Organizations request. Although we appreciate that DVC may have benefits for survivors with disabilities who are seeking line separation requests, we decline at this time to impose any specific technology given the wide variety of providers and accessible technologies available. We instead strongly encourage covered providers to offer the “most accessible and effective services available,” such as DVC, whenever feasible. Start Printed Page 84417
57. Technically Feasible and Commercially Available Means. No commenter addressed whether secure remote means for submitting line separation requests are currently “technically feasible” and “commercially available,” and if not, how long it would take them to be. CTIA noted that the Safe Connections NPRM appropriately incorporated into the proposed rules the “commercial availability” and “technical feasibility” limitations that apply to certain requirements. We observe that the remote means we identify above are commonly used by commercial entities to interact with consumers and there are technological processes available to make each of those means secure. We also anticipate that many, if not all, of these mechanisms can be modified by covered providers to be used for line separation requests. Accordingly, we find that secure remote means for submitting line separation requests are currently both technically feasible and commercially available, and we anticipate that covered providers will be able to update their systems and procedures to implement use of more than one means before the rules go into effect.
58. Easily Navigable. We next address how the means to submit line separation requests must be “easily navigable.” To give covered providers flexibility and ensure they are positioned to request all the information they need to process line separations in a way that is most suitable for their systems, we decline to prescribe the specific format, process, or form covered providers must use for survivors to submit line separation requests, and instead allow covered providers to develop their own mechanisms. However, consistent with the record, to ensure consistency and predictability for survivors and the individuals and entities that assist them, reduce difficulty for survivors, and give covered providers clarity regarding their obligations, we establish several requirements for the mechanisms that covered providers develop to ensure they are easily navigable for survivors submitting line separation requests. Specifically, we require that the mechanisms: (1) use wording that is simple, clear, and concise; (2) present the information requests in a format that is easy to comprehend and use; (3) generally use the same wording and format on all platforms available for submitting a request; and (4) clearly identify the information and documentation that survivors must include with their requests, including clearly listing what survivors should have on hand when contacting the provider, and allow survivors to easily provide that information. We decline to create or mandate the use of a standardized form as requested by NYC ENDGBV as we find that allowing covered providers the flexibility to develop their own approaches while establishing requirements to ensure those mechanisms are easily navigable better balances providers' expertise with the need to streamline the process for survivors. Nevertheless, we encourage stakeholders to work together to develop such a standardized mechanism, to the extent one would be useful for covered providers.
59. We also require that the means through which a covered provider permits survivors to submit line separation requests must be available in all the languages in which the covered provider currently advertises its services as well as all formats ( e.g., large print, braille, etc.) in which the provider makes its service information available to persons with disabilities. We agree with EPIC et al. that a “lack of meaningful language access can further isolation created by an abuser,” and conclude that requiring language availability for the means of submitting requests will help alleviate that isolation. We decline, however, to adopt API–GBV's recommendation that covered providers offer “translated forms and instructions in a minimum of the 10 most commonly used languages in the provider's covered service area, as well as any other languages (if any) that the provider advertises its services in.” We find that such a requirement would be unreasonably burdensome on covered providers, particularly smaller providers, but we encourage all providers to know the predominant languages used in their respective communities and translate their materials into as many different languages as is feasible. At the same time, because we permit survivors to rely on assistance from designated representatives and others to pursue line separations, we anticipate that survivors who speak languages other than those in which a covered provider advertises its services can seek interpretation assistance if necessary.
c. Processing of Line Separation Requests
60. Implementing Survivors' Election of Line Separation. Consistent with the statutory language, we interpret the line separation requirement as granting survivors the flexibility to pursue line separations in the manner that is best for their circumstances. We thus conclude, as proposed, that the SCA gives survivors discretion to request separation from the account of either the line(s) of the survivor (and the line(s) of any individuals in the survivor's care) or the line(s) of the abuser, regardless of whether the survivor is the primary account holder. We decline to prescribe the circumstances in which survivors may pursue each type of line separation, as CTIA and NCTA request. The industry trade groups specifically ask the Commission to dictate that when a survivor is a primary account holder, the abuser's line must be separated from the shared mobile service contract and that covered providers can process such line separations by canceling the abuser's line. NCTA makes a second request that the Commission stipulate that when a survivor is not a primary account holder, their lines (and the lines of individuals in the survivor's care) must be separated from the shared mobile service contract. In both circumstances, the industry groups assert that they are trying to avoid situations where they have to establish new accounts in the name of the abuser, which they say cannot be done without the abuser's knowledge and consent, thereby potentially compromising survivors' safety. NCTA also expresses concern that in instances when an abuser who is the primary account holder is separated from the shared mobile service contract and the survivor becomes the primary account holder, “the abuser likely would know details about the account such as the PIN or account number that could be used to compromise the survivor's service after the line separation.” However, NCTA does not explain why the covered provider would not allow the survivor, as the primary account holder, to change the PIN to prevent the abuser from accessing the account or use other measures to prevent the abuser from accessing the account.
61. As an initial matter, we find that the industry groups' requested approaches are contrary to the text of the SCA and disincentivizes covered providers from developing solutions that will allow survivors to obtain the line separations of their choosing, thereby limiting the SCA's benefits to survivors. For the same reasons, we decline to find that covered providers have the discretion to determine whether to separate the line of the abuser or the lines of the survivor (and those in the survivor's care). If Congress had intended to limit the types of line separations a survivor could request in a given circumstance, it could have easily said so. We are particularly unmoved by the suggestion that Start Printed Page 84418 Congress intended that survivors who are primary account holders must separate the line of the abuser and that the abuser's line would then be canceled, as this outcome is no different than what primary account holder survivors can achieve now, and would therefore make the SCA's benefit in this regard superfluous. We do not presume to understand all the reasons why a survivor might choose to separate an abuser's line or their lines and the lines of those in their care, but Congress chose not to limit survivors' choices and neither do we.
62. Additionally, while we appreciate the practical challenges of effectuating line separations precisely as survivors request, we anticipate that covered providers will be able to address these situations without compromising survivor safety. For instance, covered providers may be able to create a temporary placeholder account and contact the abuser after the line separation has been completed (and the survivor has been notified) to request consent and the necessary information to establish a permanent account. Because temporarily suspended numbers are not permanently disconnected numbers, they are not “aging numbers” under the Commission's rules. Covered providers must ensure that telephone numbers assigned to a user of a shared mobile account and which are the subject of a line separation request remain available to be assigned to the user of that number ( i.e., a survivor, an individual in the care of a survivor, or an abuser).
63. Alternatively, covered providers could give survivors advance notice that the provider would need to contact the abuser prior to effectuating the line separation to request the abuser's consent and necessary account information, and survivors could then choose whether to proceed or select another line separation or account change option. Absent these or other solutions that providers may develop, a third option is that covered providers can rely on the operational and technical infeasibility exception established by the SCA and discussed further below. NCTA suggests that the Commission dictating survivors' line separation options is a better approach than allowing covered providers to deny line separations due to operational or technical infeasibility because “[s]urvivors who chose the incorrect option or required further guidance to complete the separation would be forced to engage in additional communications with the covered provider at a time when it may be difficult or even dangerous for a survivor to be involved in such exchanges.” While we acknowledge NCTA's concern, we believe that our requirement that a covered provider state in a contemporaneous communication which types of requests it cannot complete due to operational or technical infeasibility should address the concern. We nevertheless strongly encourage covered providers to strive to develop the means to allow survivors to separate lines as they see fit.
64. Verizon argues that “[i]f a survivor requests that an account owner abuser be removed from an account, in practice this may technically or operationally require the latter to consent to establishment of a new account, undermining Congress's objective of ensuring the line separation is not visible to the abuser,” and that “[t]he Safe Connections Act envisions that the wireless provider would create a new account for the survivor(s) in those circumstances.” We recognize that in situations where the survivor is not the account holder, it is more likely than not that the survivor will elect to establish a new account (rather than separate the line of the abuser from the existing account) because such a choice will delay notice to the abuser, and in some cases may be the only technical or operational solution available for the covered provider. But, contrary to Verizon's claim, the SCA does not contemplate that the line separation will be invisible to the abuser in all cases. Rather, the statute expressly contemplates that the primary account holder, who may be the abuser, may be notified about the line separation. Therefore we disagree with Verizon that the SCA envisions that covered providers would create a new account for survivors who might otherwise seek to separate an abuser who is the primary account holder just so that the separation is not visible to the abuser.
65. We also address the circumstances under which an individual who is “in the care of” a survivor may receive a line separation. As proposed, we adopt the same approach for determining who qualifies as “in the care of” the survivor for the purposes of line separation requests as we do for who may be considered someone “who cares for another individual” in the definition of “survivor.” Specifically, we conclude that phrase encompasses: (1) any individuals who are part of the same household, as defined in § 54.400 of the Commission's rules; (2) minor children of parents or guardians who are survivors even if the parents and children live at different addresses; (3) individuals who are cared for by a survivor by valid court order or power of attorney; (4) and a person over the age of 18 who is financially or physically dependent upon a parent, guardian, or caretaker ( e.g., a non-minor child financially dependent on his or her parents or guardians, but who no longer lives at the same address). We further find that, unlike the definition of “survivor,” for the purposes of line separation requests, an individual “in the care” of a survivor need not be someone against whom a covered act has been committed or allegedly committed. As we explained in the Safe Connections NPRM, the SCA defines “survivor” as including an individual at least 18 years old who “cares for another individual against whom a covered act has been committed or allegedly committed, ” but it requires covered providers to separate the lines of both the survivor and “ any individual in the care of the survivor,” upon request of the survivor. As such, we interpret these provisions to mean that covered providers must separate the lines, upon request, of any individual in the care of a survivor without regard to whether a covered act has been committed or allegedly committed against the individual in the care of the survivor. Some commenters expressed support for our interpretation and none objected.
66. Timeline for Processing Line Separation Requests. Recognizing the urgency with which survivors may be seeking line separation requests, we adopt a rule that clarifies the SCA's requirement that covered providers effectuate line separations not later than two business days after receiving a completed line separation request from a survivor. No commenters opposed this approach, although Verizon expressed opposition to a more stringent approach, such as requiring processing “48 hours after receipt.” Specifically, we require covered providers to process line separation requests as soon as feasible, but not later than close of business two business days after the day the provider receives a completed request. For example, requests received before midnight at the end of a Monday must be processed no later than close of business on Wednesday. Under our rule, covered providers must take all steps to effectuate line separation requests within the two business day timeframe, including reviewing the request to determine if it is complete and effectuating or rejecting the request. We conclude that our rule is consistent with the text and goals of the SCA. We recognize that in some instances, the two-business day standard we adopt will require the line separation to be Start Printed Page 84419 completed within 48 hours, but that will not always be the case. For instance, when submissions are made on Fridays or during the weekend, a carrier will have longer than 48 hours to effectuate the line separation, though we would encourage them to effectuate it sooner whenever possible.
67. We define business days as Monday–Friday, 8 a.m. to 5 p.m., excluding provider holidays, which fulfills requests from industry commenters that we incorporate the same definition for business hours that make up a business day as is used in the Commission's porting rules. Notwithstanding the two-business day requirement, we clarify that our “rules do not undermine the Safe Connections Act's strong incentives for wireless providers to accommodate [line separation requests].” Therefore, “[i]f effectuating [a line separation request] is technically infeasible for a particular provider in two business days, but three days is feasible,” the covered provider can rely on the technical infeasibility exception to delay completion of the request rather than denying the request and requiring survivors to start the entire process again, as long as the provider notifies the survivor of the status of their request and the expected completion timeline within two business days of receiving the request.
68. We decline to require that covered providers process line separation requests in less than two business days in cases of emergency or extreme hardship for the survivor, as the National Domestic Violence Hotline requests. Although we appreciate that some survivors may experience increased urgency for their line separation requests, we agree with NCTA that Congress was likely aware of the hardship that survivors may be facing when it explicitly gave covered providers up to two business days to complete requests, and we otherwise anticipate that it would be difficult for covered providers to accurately determine which requests qualify as emergencies or extreme hardship. For the same reason, we decline requests to require that covered providers process line separation requests within two calendar days. However, we expect that requiring providers to complete all requests as soon as feasible will prevent undue delay in completion of requests.
69. Operational and Technical Infeasibility. We codify the SCA's provision that covered providers who cannot operationally or technically effectuate a line separation request are relieved of the obligation to effectuate line separation requests. Additionally, we conclude that any line separation a covered provider can complete within two business days under its existing capabilities, as those may change over time, does not qualify as operationally or technically infeasible. We conclude that because this provision specifies that covered providers are only relieved of the “requirement to effectuate a line separation request,” providers are generally obligated to offer survivors the ability to submit requests for line separations described in the statute, even if the provider may not be able to effectuate such separations in some instances. However, to avoid survivor confusion and minimize the need for communications between covered providers and survivors, if a covered provider cannot operationally or technically effectuate certain types of line separations in all instances, we require the covered provider to clearly notify the survivor in its Notice to Consumers and through whatever mechanisms survivors are permitted to use to request line separations, which types of line separations the provider cannot perform and state that it cannot perform those separations due to operational or technical limitations.
70. We require covered providers to take reasonable steps to be able to effectuate all types of line separations permitted by the statute, but decline to prescribe when a provider can rely on the operational or technical infeasibility exception. We find that the intent and spirit of the SCA's line separation requirement is that survivors be able to obtain the line separations of their choosing, and the record indicates that covered providers intend to and will be capable of effectuating most line separation requests. We therefore think it is appropriate that all covered providers be required to take reasonable steps to be able to effectuate all types of line separations. However, given the significant differences in covered providers' processes and systems, we conclude that we cannot categorically define which types of line separations qualify as operationally or technically infeasible and that the better course of action is to give providers flexibility to make such determinations. We nevertheless expect that all covered providers will be able to effectuate at least some types of line separations.
71. We also codify the SCA's requirement that a covered provider that cannot operationally or technically effectuate a line separation request must: (1) notify the survivor who submitted the request of that infeasibility, and (2) provide the survivor with information about alternatives to submitting a line separation request, including starting a new account for the survivor. The SCA uses the phrase “starting a new line of service” which is ambiguous. A new line, if made on the same shared account with the abuser, would not accomplish Congress's goal of ensuring survivors “establish[ ] independence from . . . abuser[s].” We thus understand this phrase to describe starting a new account for the survivor, which we believe accords with Congress's intent. We require covered providers to explain in the notification the nature of the operational or technical limitations that prevent the provider from completing the line separation as requested and any available alternative options that would allow the survivor to obtain a line separation. Consistent with the SCA, we require a covered provider to notify a survivor of any rejection of a line separation request as a result of operational or technical infeasibility at the time of the request, or for a request made using remote means, not later than two business days after the covered provider receives the request. Covered providers shall deliver these notifications in the manner of communication selected by the survivor at the time of the request and in the language selected by the survivor, if applicable. Verizon encourages the Commission to permit providers to give “short plain-English explanations” regarding the nature of a operational or technical limitation preventing the processing of a line separation. While we agree with Verizon that covered providers should not overwhelm survivors with technical explanations, we do require providers to give survivors as much information about the operational or technical limitation as will allow them to make informed decisions about what to do next, such as, e.g., revise their request, initiate a new request, or seek other options.
72. We conclude that covered providers must offer, allow survivors to elect, and effectuate any available alternative options that would allow survivors to obtain a line separation. This proposal was unopposed in the record. For example, if a covered provider is not able to separate an abuser's line from an account because the abuser is the primary account holder, but can separate the survivor's line from the account, the provider must offer that alternative. Likewise, if a covered provider is not capable of processing a line separation request in the middle of a billing cycle but can do so at the end of the billing cycle, the provider must offer that. This approach maximizes the benefits of the line Start Printed Page 84420 separation requirement and helps prevent survivors from being forced into a less desirable alternative. We find that the approach we take here achieves the goals of the SCA without placing undue costs and burdens on covered providers. Verizon explains that “in some cases, a wireless provider may not be able to create a new account for a survivor without initially applying certain financial obligations as part of the account setup” and argues that “as long as those obligations are promptly waived by the system or the customer service employee after the new account is created, Congress's objective is met.” We agree; however, in such instances survivors must not be required to take additional steps for such financial obligations to be waived; the wavier must be automatic.
73. Finally, we also require covered providers to deliver a clear and concise notification to survivors, within two business days after receiving the request, if a line separation request is rejected for any other reason, and such notification must include the basis for the rejection and information about how the survivor can either correct any issues, submit a new line separation request, or select alternative options to obtain a line separation, if available.
74. Resubmissions. To ensure that survivors making legitimate line separation requests can receive timely relief, we conclude that any corrections, resubmissions, or selected alternatives for obtaining a line separation submitted by survivors following a denial should be treated as new requests and therefore must be processed by covered providers as soon as feasible, but not later than close of business two business days after the provider receives the request. We agree with EPIC et al. that “[t]ime may be of the essence when a survivor initiates the line separation request, and there is no reason a provider expected to respond within two days of the initial submission cannot respond within two days for subsequent submissions.”
75. Measures to Stop Abusers from Preventing Survivors from Obtaining Line Separations. We are concerned that some abusers may take preemptive steps to prevent survivors from obtaining line separations, particularly if an abuser becomes aware of a survivor's attempt to separate a line. We reiterate our conclusion in the Safe Connections NPRM that the SCA requires covered providers to complete non-fraudulent line separations as long as the request provides the information required or permitted by the statute and our implementing rules, subject to operational and technical feasibility. Accordingly, we implement rules to ensure survivors can obtain line separations notwithstanding abusers' efforts to prevent them from doing so. First, to stop an abuser or other user from removing the survivor's access to the line before the request is processed, we require covered providers to lock an account to prevent all SIM changes, number ports, and line cancellations (other than those requested as part of the line separation request pursuant to section 345 and our rules) as soon as feasible after receiving a completed line separation request from a survivor, and until a request is processed or denied. Second, given evidence in the record that abusers may seek to exert control over survivors and to ensure that account locks do not become an avenue for perpetuating abuse and other crimes, we require covered providers to effectuate line separations, and any number port and SIM change requests made by the survivor as part of the line separation request, regardless of whether an account lock is activated on the account. There is some evidence in the record that stalkerware apps and spyware can be used to further endanger survivors, and we think it is reasonable to conclude that some survivors may request a SIM change so they can keep their separated number, but use a new device, for safety reasons. Finally, in situations where any customer other than the survivor requests that the covered provider stop or reverse a line separation on the basis that the line separation request was fraudulent, covered providers must complete or maintain any valid line separation request and make a record of the customer's complaint in the customer's existing account and, if applicable, the customer's new account, in the event further evidence shows that the request was in fact fraudulent. We conclude that our approach here best balances the importance of account protection measures to prevent fraud with the goal of ensuring survivors can obtain legitimate line separations.
76. Notification to Primary Account Holders and Abusers. As contemplated by the SCA, we require a covered provider to inform a survivor who has submitted a line separation request, but who is not the primary account holder, of the date on which the covered provider intends to give any formal notification to the primary account holder. We also require covered providers to inform survivors of the date the covered provider will inform the abuser of a line separation, cancellation, or suspension of service, involving the abuser's line to the extent such notification is necessary. We require covered providers to give such notice to the survivor as soon as is feasible after receiving a completed line separation request. As API–GBV notes, by informing survivors of the date the abuser will learn of the line separation, covered providers will give survivors an opportunity to “do relevant and timely safety planning.” We prohibit a covered provider from notifying an abuser who is not the primary account holder when the lines of a survivor or an individual in the care of a survivor are separated from a shared mobile service contract. By limiting the scope of when covered providers may notify abusers of line separations, we acknowledge the concerns of multiple commenters who stress that “[o]ne of the most dangerous times for a victim is when they are attempting to leave an abusive situation and the abuser becomes aware of their intent.” We also prohibit a covered provider from notifying a primary account holder, or an abuser who is not a primary account holder, of a survivor's request for a SIM change when made in connection with a line separation request pursuant to section 345. We decline to require covered providers to further delay notification to a primary account holder or abuser whose line is being separated, as proposed by some commenters, though we permit and encourage covered providers to do so if operationally feasible. As some commenters have noted, a line separation request involving the separation of the abuser's line may require the abuser to become financially responsible for the line immediately following the separation, or to give consent to open a new account. In such situations, the covered provider may need to inform the abuser immediately upon or before separating the abuser's line, making a notification delay infeasible. In implementing processes to ensure that primary account holders and, when necessary, abusers, are not notified about line separations until the date that the covered provider has provided to the survivor, we emphasize that covered providers should be mindful of their existing internal systems and processes that may cause some or all account users to receive automatic notifications about account activity, which may serve as de facto notifications about the line separation request.
d. Documentation of Completed Line Separation Request Submission
77. We require covered providers to provide a survivor with documentation that clearly identifies the survivor and shows that the survivor has submitted a legitimate line separation request under Start Printed Page 84421 section 345(c)(1) and the Commission's rules upon completion of the providers' line separation request review process. The SCA limits access to “emergency communications support” in the designated program to those survivors that meet the requirements of section 345(c)(1) and that are experiencing financial hardship, regardless of their ability to otherwise participate in the designated program. As such, survivors will require documentation demonstrating their submission of a legitimate line separation request to enroll in Lifeline, as the designated program, and receive support. Although no commenter offered specific suggestions about the type of information that should be included in this documentation to process a request for Lifeline support, we rely on the Commission's substantial experience managing its affordability programs to determine an appropriate approach. Specifically, regarding survivor identity, we require that the documentation include the survivor's full name and confirmation that the covered provider authenticated the survivor as a user of the line(s) subject to the line separation request. We further require that covered providers give survivors this documentation even if the line separation request could not be processed due to operational or technical infeasibility, as long as the survivor submitted a completed request in accordance with the requirements of section 345(c)(1) and the Commission's rules. We observe that entry into the emergency communications program is not limited to only those survivors who successfully obtain a line separation, but rather to those who satisfy the requirements of section 345(c)(1) and are experiencing financial hardship. Finally, we require covered providers to provide this documentation to survivors in a manner that would allow the survivor to share that documentation with USAC when the survivor seeks Lifeline support pursuant to the SCA. Accordingly, covered providers must provide the documentation in a written format that can be easily saved and shared by a survivor, such as an electronic notice delivered over email, information in a survivor's new account that can be easily downloaded or captured via a screenshot, some method of text messaging that can be easily captured via screenshot, or regular mail delivered to an address designated in the request. Telephonic delivery of this notice is insufficient, as it will not allow the survivor to confirm that they complied with the requirements of the line separation process. Covered providers should deliver this documentation via the means selected by the survivor for communications regarding the line separation request, to the extent such means satisfy both requirements. We acknowledge, however, that depending on the methods a survivor chooses for communications with a covered provider regarding the line separation request, covered providers may not have contact information that would allow them to send certain written documentation, and we permit providers to request contact information only for the purpose of providing this documentation for Lifeline enrollment under the SCA.
e. Employee Training
78. We conclude that all covered provider employees who may interact with survivors regarding a line separation request must be trained on how to assist them or on how to direct them to other employees who have received such training. Industry commenters stressed the need for flexibility regarding employee training requirements to account for differences in provider resources, customer bases, and systems. Moreover, NCTA noted that “avoiding prescriptive rules also would reduce the implementation burdens associated with the new requirements.” We believe that a flexible approach to training and customer service will best allow providers, particularly small providers, to account for differences in operational capabilities, resources, service models, and customer bases, and as such, we decline to adopt more prescriptive requirements regarding training of employees. Verizon noted that it “maintains a group of customer care employees specially trained to handle the sensitivities surrounding [line separation requests] from domestic violence survivors and to walk the survivors through the secure process of documenting the abuse, establishing a new account (or removing an alleged abuser from an existing account), selecting a service plan and, where requested, facilitating a number change or port out.” While we applaud Verizon's efforts and urge covered providers to consider a similar approach, we decline to mandate that every covered provider maintain specialized staff to address survivor line separation requests, as API–GBV suggests. The record reflects that not all providers, particularly small providers, may have the operational capabilities or resources to establish specialized units of staff.
4. Notice to Consumers
79. As proposed in the Safe Connections NPRM, we require covered providers to provide a “Notice to Consumers” with information about the options and process for a line separation request made readily available to all consumers through the provider's public-facing communication avenues. We specifically incorporate the SCA's requirement that covered providers “make information about the options and process” regarding line separations “readily available to consumers: (1) on the website and the mobile application of the provider; (2) in physical stores; and (3) in other forms of public-facing consumer communication” for this “Notice to Consumers.” The record reflects that the Notice to Consumers should be available in an “easy to find,” “prominent,” or “obvious” place on provider websites and applications, and as such, we require covered providers to place the Notice to Consumers, or a prominent link to it, on a support-related page of the website and mobile application of the provider, such as a customer service page. We agree with Verizon and NCTA that adopting a flexible, rather than a one-size-fits-all, requirement for the placement of the Notice to Consumers on provider websites and applications enables the wide variety of covered providers to display it in the way that is most suitable to their customers, and find that our approach here strikes the right balance between being minimally prescriptive and ensuring that there is some consistency between covered providers' practices. API–GBV suggests that we require providers to include links to other victim-related resources, such as the National Domestic Violence Hotline, or National Sexual Assault Hotline. We decline to do so as this is outside the scope of the requirements of the SCA. In physical stores, we permit covered providers to make the Notice to Consumers readily available via flyers, signage, or other handouts, and require covered providers, at a minimum, to ensure that any materials containing the Notice to Consumers in-store are clearly visible to consumers and accessible. We also require covered providers to provide the Notice to Consumers in-store in all languages in which the provider advertises within that particular store and on its website in all languages in which the provider advertises on its website, and in all formats (large print, braille, etc.) that the provider uses to make its service information available to persons with disabilities. Commenters take no direct Start Printed Page 84422 issue with this approach for the in-store or website Notice to Consumers.
80. We decline at this time to provide more specific guidance regarding the SCA's requirement that covered providers make the Notice to Consumers readily available “in other forms of public-facing consumer communication.” We received no comment regarding what other forms of communication covered providers employ and how such providers should make the Notice to Consumers readily available through those avenues. Given the wide variety of communication methods that could fall within this category, and the lack of record received from industry and consumer stakeholders, we conclude the best approach is to preserve the flexibility of covered providers to determine how best to communicate the Notice to Consumers beyond their websites and stores. We may revisit this approach in the future should we determine that covered providers are not doing enough to apprise consumers of their rights under the SCA.
81. Consistent with the SCA, we require covered providers to include in the Notice to Consumers, at a minimum, an overview of the line separation process that we adopt in this document; a description of survivors' service options that may be available to them; a statement that the SCA does not permit covered providers to make a line separation conditional upon the imposition of penalties, fees, or other requirements or limitations; and at least basic information concerning the availability of the Lifeline support for qualifying survivors. We decline to adopt the suggestion of the NYC ENDGBV that we “require standardized language to explain the entire process of line separation to survivors,” as we find it is most appropriate to allow covered providers to tailor the Notice to Consumers to their services, operations, and systems. By permitting some flexibility in how covered providers communicate the Notice to Consumers, covered providers may give detail regarding how their particular customers may request a line separation. Additionally, given the variety of platforms and media on which the Notice to Consumers will be published, this flexibility will give covered providers the leeway to optimally design the notice for each communication method.
5. Prohibited Practices in Connection With Line Separation Requests
82. We adopt our proposal to codify the provisions of the SCA prohibiting covered providers from making line separations contingent on: (1) payment of a fee, penalty, or other charge; (2) maintaining contractual or billing responsibility of a separated line with the provider; (3) approval of separation by the primary account holder, if the primary account holder is not the survivor; (4) a prohibition or limitation, including payment of a fee, penalty, or other charge, on number portability, provided such portability is technically feasible, or a request to change phone numbers; (5) a prohibition or limitation on the separation of lines as a result of arrears accrued by the account; (6) an increase in the rate charged for the mobile service plan of the primary account holder with respect to service on any remaining line or lines; or (7) any other requirement or limitation not specifically permitted by the SCA. We agree with Verizon that the SCA's “restrictions on various rates, terms, and conditions of service are largely self-executing and self-explanatory,” and commenters generally support our approach in interpreting these provisions of the SCA. We provide further guidance on these prohibitions, as necessary, below.
83. Fees, Penalties, and Other Charges. We adopt the SCA's prohibition on making a line separation contingent on payment of a fee, penalty, or other charge. As explained in the Safe Connections NPRM, and supported by the record, we conclude that this clause would prohibit covered providers from enforcing any contractual early termination fees triggered by the line separation request, if the line separation request was made pursuant to section 345, regardless of whether a survivor continues to receive service from the provider as part of a new arrangement upon a line separation or ceases to receive service from the provider. We make this explicit in our rule implementing this provision.
84. Number Portability and Number Changes. We incorporate into our rules the SCA's prohibition on conditioning a line separation on the customer maintaining service with the provider (provided that such portability is technically feasible). We interpret the SCA's prohibition on number portability restrictions and fees in relation to a line separation request as requiring covered providers to permit both the party remaining on an account and the party separating from an account to port their numbers, without fees or penalties, provided such portability is technically feasible. Likewise, we incorporate into our rules the SCA's provision that prevents a covered provider from prohibiting or limiting a survivor's ability to request a phone number change as part of a line separation request, as proposed. As we explained in the Safe Connections NPRM, a survivor who is the primary account owner requesting separation of an abuser's line from the account might want to keep the account to maintain any promotional deals, complete device pay-off, or avoid early termination fees, but change a telephone number for safety purposes. We conclude that this provision of the SCA bars covered providers from prohibiting such telephone number change requests or attaching a fee or penalty for doing so.
85. Rate Increases. We incorporate in our rules the SCA's provision that prohibits covered providers from making line separations contingent on a rate increase for the primary account holder's plan with respect to service on any remaining line or lines, although a covered provider is not required to provide a rate plan for the primary account holder that is not otherwise commercially available. As proposed in the Safe Connections NPRM, we interpret this provision to prohibit covered providers from denying a survivor's line separation request if the primary account holder for the remaining lines does not agree to a rate increase, or from forcing the remaining primary account holder to switch to a service plan that has a higher rate, although the person may elect to switch to a rate plan that has a higher or lower rate from among those that are commercially available. We also find this provision does not require covered providers to offer survivors or remaining parties a specialized rate plan that is not commercially available if the party does not choose to continue the existing rate plan. We agree with Verizon that beyond this guidance, “it would be unnecessary and counterproductive to micromanage or prescriptively regulate how wireless providers implement” these duties, given their wide variety of “different service plans and business models.” Accordingly, we decline NCTA's suggestion to make explicit in our rules “that it is permissible for accounts affected by a line separation to remain eligible for multi-line discounts based on the number of lines active on each account after the separation has been implemented,” though we note that such a practice would not be prohibited under the SCA or our implementing rules, as long as the line separation was not contingent on the acceptance by the account holder of a new plan.
86. Contractual and Billing Responsibilities. We incorporate in our rules the SCA's prohibition on making a line separation contingent upon Start Printed Page 84423 “maintaining contractual or billing responsibility of a separated line” with the covered provider. As proposed in the Safe Connections NPRM, we interpret this provision as requiring covered providers to give the party with the separated line the option to select any commercially available prepaid or non-contractual service plan offered by the covered provider, whether that party is a survivor or abuser. We also conclude that this provision prohibits covered providers from requiring a survivor who separates a line to maintain the same contract, including any specified contract length or terms, as the account from which those lines were separated ( i.e., continuing a contract for the remainder of the time on the original account for the new account or requiring the survivor to maintain all previously-subscribed services (voice, text, data) under the new account).
87. Credit Checks. Consistent with the record, we adopt our proposal to specify that covered providers may not make line separations contingent on the results of a credit check or other proof of a party's ability to pay. We likewise adopt our proposal to prohibit covered providers from relying on credit check results to determine the service plans from which a survivor is eligible to select and whether a survivor can take on the financial responsibilities for devices associated with lines used by the survivor or individuals in the care of the survivor. As Congress explained, “[s]urvivors often lack meaningful support and options when establishing independence from an abuser, including barriers such as financial insecurity,” and survivors may thus not be able to demonstrate their financial stability as a result of their abusive situation. As such, we find it consistent with the SCA to prohibit covered providers from making line separations contingent on the results of a credit check or other proof of a party's ability to pay. Consistent with our tentative findings in the Safe Connections NPRM, however, we find that these restrictions would not impact the ability of a covered provider to perform credit checks that are part of its routine sign-up process for all customers as long as the covered provider does not take the results of the credit check into account when determining whether it can effectuate a line separation. We believe this approach addresses NCTA's suggestion that the Commission not prohibit covered providers from “requir[ing] other proof of ability to pay or other verification information” as part of “applying their standard payment terms to separated accounts . . . .” Stated another way, we permit covered providers to use credit checks in the generally applicable account sign-up process after they have effectuated the line separation for survivors.
6. Financial Responsibilities and Account Billing Following Line Separations
88. We adopt our proposal to codify the SCA's statutory requirements for financial responsibilities and account billing following line separations. Specifically, unless otherwise ordered by a court, when survivors separate their lines and the lines of individuals in their care from a shared mobile service contract, they must assume the financial responsibilities, including monthly service costs, for the transferred numbers beginning on the date on which a covered provider transfers the billing responsibilities for and use of the transferred numbers to those survivors. Covered providers may not require survivors to assume financial responsibility for mobile devices associated with those separated lines unless the survivor purchased the mobile devices, affirmatively elected to maintain possession of the mobile devices, or are otherwise ordered to by a court. When survivors separate an abuser's line from a shared mobile service contract, a covered provider may not impose on survivors any further financial responsibilities to the transferring covered provider for the services and mobile devices associated with the telephone number of the separated line. To ensure that providers can implement processes and procedures that work with their particular information technology (IT), billing, and other administrative systems, we decline to implement more prescriptive rules governing covered providers' administration of the financial responsibility and account billing requirements. Given the complexities and uniqueness of each provider's systems, we agree with CCA that “flexible rules will enable wireless providers to comply and make necessary technical and operational updates in a manner best adapted to their service model, customer base, and available resources.” Although we decline to implement more prescriptive rules beyond those established in the SCA, in consideration of the record, and pursuant to the SCA's charge that we consider account billing procedures and financial responsibilities in adopting rules governing line separations, we clarify how providers apply those obligations below.
89. Lines. Although the SCA contemplates that survivors will not be financially responsible for the abuser's line the moment the line separation is processed, we recognize that there may be instances when a covered provider cannot practically prorate those financial responsibilities. In such instances, we make clear that a covered provider can rely on the operational and technical infeasibility exception to process the request without prorating the financial responsibilities for the abuser's line, as long as the provider releases the survivor from financial responsibility for the abuser's line at the start of the next billing cycle, which we expect will not be more than one month following the date the request is processed.
90. Similarly, we understand, as Verizon explains, that “in some cases, a wireless provider may not be able to create a new account for a survivor without initially applying certain financial obligations as part of the account setup.” We agree that, “as long as those obligations are promptly waived by the system or the customer service employee after the new account is created, Congress's objective is met.” We stress, however, that covered providers must waive these fees without requiring survivors to follow up or take additional steps.
91. Devices. We clarify how the obligations for device financial responsibilities apply when a third party is involved with the financing or sale of the device. NCTA states that “some providers offer device financing through a third party, and it is the third party that has a contractual relationship with the customer.” In that scenario, NCTA asserts, “the provider may not have the ability to waive device costs and it should not be required to bear such costs.” We observe that, in most cases, a contract to finance a device through a third party is an agreement to “purchase” the device, and as such, a survivor may be financially responsible for the financed device associated with the separated line under the provisions of the SCA. In any event, neither the SCA nor our rules require covered providers to bear device costs. If, however, a covered provider offers a device for sale on its website, in a retail store, or through some other means, we conclude that it is the provider's responsibility to ensure that the financial responsibilities for any devices are assigned to the appropriate party following a line separation, including when the device is purchased using third-party financing offered by the provider. We find that this approach most closely aligns with the goals of the SCA. Start Printed Page 84424
92. We agree with Verizon, however, that when a device is offered and financed by a third party, such as a big-box retailer or directly from the device manufacturer, the covered provider does not have an obligation to ensure that third party complies with the SCA's device financial responsibility obligations. In this scenario, the covered provider was not involved with the sale or financing of the device and has no relationship with the seller or financier, so there is no means by which the covered provider can compel the third party to comply with the obligations the SCA places on the provider.
93. Payment Terms and Conditions. We conclude that the SCA permits covered providers to apply their standard payment or contract terms and conditions to separated lines and devices, to the extent that such terms are consistent with the SCA's limitations on penalties, fees, and other requirements. We agree with NCTA that the statute “is not intended to upend the customer-provider relationship,” and that requiring different terms and conditions in service agreements for survivors could “increase the incidence of fraud.” In this regard, NCTA noted that “some providers may require a credit card to secure the device, require or incentivize enrollment in monthly auto-pay programs, or require other proof of ability to pay or other verification information, such as billing address or the last four digits of the Social Security number.” These provider practices do not appear to run afoul of the SCA's limitations. Providers, however, should be keenly aware that some survivors may lack access to credit, may be in a transitory state and temporarily lack a permanent address, or be otherwise unable to satisfy some other standard provider requirements. In such cases, providers should work closely with survivors by either helping them gather the necessary payment and verification documentation or by providing information on how they can otherwise satisfy provider requirements, such as by applying to the Lifeline program for financial assistance. If a survivor is ultimately unable to satisfy the provider's standard terms, the provider should also be prepared to inform the survivor of alternative communications service options the provider may offer, such as prepaid or postpaid plans, or the ability to port a number to another provider who may offer service to those in similar circumstances. Though not required by the SCA or by our rules, providers should consider waiving certain terms and conditions some survivors may be temporarily unable to satisfy due to extenuating circumstances. Congress's findings note the key role communications services can play in helping survivors establish autonomy and safety from abusers, but provider terms and conditions that are too onerous on survivors could unnecessarily impede survivor access to the SCA's benefits, including the ability to establish independent wireless service.
94. Arrears. We adopt our proposal that any previously accrued arrears on an account following a line separation must stay with the person who was the primary account holder prior to the separation. For example, if the abuser's line is separated and the abuser was the primary account holder, the arrears would be reassigned to the abuser's new account. Similarly, if the survivor was the primary account holder and separates the abuser's line, the arrears would stay with the survivor's account. Conversely, if the survivor's line is separated and the abuser was the primary account holder, the arrears would stay with the abuser's account. No commenters raised any concerns about the administrability of this approach.
7. Effects on Other Laws and Regulations
95. Number Porting. We conclude that the Commission's current telephone number porting rules apply for lines that have been separated pursuant to section 345 of the Communications Act. As explained in the Safe Connections NPRM, we do not believe, and the record provides no indication, that there is anything unique about number ports associated with line separations that would make such ports more or less technically feasible than under other circumstances. Accordingly, we conclude that any ports covered providers are currently required to complete, and technically capable of completing, are technically feasible under the SCA. We also conclude that should the requirements or capabilities for number porting change in the future, any newly feasible ports will also be considered technically feasible when sought in connection with a line separation under the SCA.
96. We also find that, as a practical matter, although survivors may indicate as part of their line separation request that they intend to port out the separated (or remaining) telephone numbers to a new provider, a covered provider must complete a line separation request prior to effectuating a number port pertaining to that line. As the Commission explained in its Safe Connections NPRM, customers who want to port a number to a new provider currently must provide the telephone number, account number, ZIP code, and any passcode on their existing account to the new provider. Survivors who are not primary account holders, however, may have limited access to the necessary account information. However, once a line separation is completed, a survivor will have a new account and presumably have access to all the information needed to port a number to a new provider. Furthermore, as Verizon noted and as NCTA echoed, completing the line separation process and then porting a number will “enable providers to leverage their existing porting processes, to apply appropriate porting fraud prevention measures, and to manage their number inventories in a manner that facilitates continued compliance with the number aging and Reassigned Number Database (RND) reporting requirements.” And, because simple wireless-to-wireless ports typically happen within a few hours, there would be little time saved by requiring providers to concurrently separate lines and process ports. As such, we find that providers should process and complete line separation requests before completing number ports, which will allow them to leverage their existing systems and processes that port numbers “routinely and reliably.” To the extent that a survivor initiates a port-out request with a new service provider for a line that is the subject of an in-process line separation request, we prohibit the current service provider from notifying the account holder of the request to port-out that number until after the line separation request has been completed, to avoid situations where an abuser who is the account owner is notified of a survivor's pending line separation or port-out request on an account shared by an abuser and a survivor.
97. Compliance with Privacy Protections and Other Law Enforcement Requirements. In adopting rules to implement the SCA, Congress directed the Commission to consider, among other things, privacy protections and compliance with the Commission's CPNI rules or any other legal or law enforcement requirements. The Commission's CPNI rules implement section 222 of the Communications Act, which obligates telecommunications carriers to protect the privacy and security of information about their customers to which they have access as a result of their unique position as network operators. Section 222(a) requires carriers to protect the Start Printed Page 84425 confidentiality of proprietary information of and relating to their customers. Subject to certain exceptions, section 222(c)(1) specifically provides that a carrier may use, disclose, or permit access to CPNI that it has received by virtue of its provision of a telecommunications service only: (1) as required by law; (2) with the customer's approval; or (3) in its provision of the telecommunications service from which such information is derived or its provision of services necessary to or used in the provision of such telecommunications service. The Commission's rules implementing section 222 are designed to ensure that telecommunications carriers establish effective safeguards to protect against unauthorized use or disclosure of customers' proprietary information. Among other things, the rules require carriers to appropriately authenticate customers seeking access to CPNI. The Commission's CPNI rules also require carriers to take reasonable measures to both discover and protect against attempts to gain unauthorized access to CPNI and to notify customers immediately of certain account changes, including whenever a customer's password, response to a carrier-designed back-up means of authentication for lost or forgotten passwords, online account, or address of record is created or changed.
98. We provide additional guidance regarding the treatment of historical CPNI and notification of account changes related to lines subject to a line separation request pursuant to section 345. In particular, we make clear that historical CPNI shall remain with the original account, though we permit covered providers to move CPNI associated with a separated line if feasible. We agree with NDVH that retroactively separating historical CPNI by each line on an account and then transferring it along with the separated line to a new account may not be technically feasible or practical for providers. Therefore, we conclude that covered providers are not required to move historical CPNI associated with a separated line to a new account, although we encourage providers to do so to the extent possible.
99. We also modify the Commission's rule requiring telecommunications carriers to notify customers “immediately” whenever a password, customer response to a back-up means of authentication for lost or forgotten passwords, online account, or address of record is created or changed” to clarify that this rule does not apply when such changes are made in connection with a line separation request made pursuant to the SCA.
100. Finally, we make clear that except for any enhanced protections provided to survivors under state law as described in section 345(c)(3), compliance with the line separation provisions of the SCA and the rules we have adopted in this document to implement those provisions supersede and preempt any conflicting obligations under state law, Commission rules, or state rules. Commenters did not raise concerns regarding conflicts with any law enforcement provisions regarding line separations.
8. Implementation
101. Compliance Timeframe. Consistent with prior Commission actions, and in light of the urgency of this issue to survivors' safety, we require covered providers to comply with our rules implementing the SCA's line separation provisions within a short period of time, six months after the effective date of this document or after review of the rules by the Office of Management and Budget (OMB) is completed, whichever is later. The SCA states that the line separation requirements in the statute “shall take effect 60 days after the date on which the Federal Communications Commission adopts the rules implementing” those requirements, but also directs the Commission, in adopting rules, to consider “implementation timelines, including those for small covered providers.” We find the SCA's direction that the Commission consider “implementation timelines” in adopting rules to implement new section 345 of the Communications Act provides the Commission with discretion to establish an appropriate compliance timeframe as necessary based on the record. Because we establish a compliance timeframe for our implementing rules that is after the effective date of new section 345 of the Communications Act, we will delay enforcement of those rule provisions until after the compliance date of the rules. Further, because many of the rules we adopt to implement new section 345 of the Communications Act contain information collections that are subject to review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act (PRA) and the SCA provides no stated exception to the PRA, we have an independent statutory obligation to comply with the PRA in adopting rules to implement the SCA. We therefore require covered providers to comply with the rules implementing the line separation provisions of the SCA six months after the effective date of this document, or after OMB completes review of the rules, whichever is later. We direct the Wireline Competition Bureau to issue a Public Notice announcing the compliance date for the rules implementing section 345 once OMB completes its review.
102. The record demonstrates that implementing the line separation provisions of the SCA will require providers to make significant changes to their systems and processes. As NCTA explains, “providers will need time to build internal systems to meet the requirements of the Commission's rules, to test, deploy, and train. There are a number of unknown variables that make it difficult to fully build out a provider's compliance system until the Commission adopts the final rules.” We agree with CTIA that “[g]iven the highly sensitive nature of supporting survivors, it is vitally important that providers have sufficient time to implement the necessary changes to their systems and processes accurately and effectively.” We are also mindful that, absent sufficient time to modify and test their systems, a significant number of covered providers will employ the technical and operational infeasibility exception to deny line separation requests, leading to widespread survivor confusion. For these reasons, we require covered providers to comply with the rules implementing the statutory line separation requirements six months after the effective date of this document, or after OMB review of those rules that involve information collections under the PRA, whichever is later. We find, however, that permitting a more extended compliance timeframe for implementing the line separation provisions, as advocated for by industry commenters would be inconsistent with the urgency Congress demonstrated with the underlying statutory obligation as well as with the critical wireless communications needs of survivors well-documented in the record. We anticipate that many covered providers will be equipped to effectuate line separations within six months of the effective date of this document, given the steps that the industry has already taken to advance this important process, and we encourage covered providers to implement the rules we adopt in this document as expeditiously as possible given the urgency of the concerns at issue. We also remind covered providers that given the urgency expressed by Congress in the SCA, they should be sensitive to survivors that may need assistance during the six-month implementation and compliance Start Printed Page 84426 timeframe, and strongly encourage covered providers not to subject survivors to fees or other restrictions in conjunction with setting up a new account or cancelling an existing account while the line separation process is technically or operationally infeasible.
103. The SCA directs the Commission to consider implementation timelines for small covered providers, and after examination of the record, we decline to adopt a different compliance timeframe for small providers. First, given the critical and potentially lifesaving importance of independent communications for survivors escaping abusive circumstances, we think it self-evident that survivors who receive service from small covered providers are no less entitled to the protections made available by the SCA than survivors who receive service from other covered providers. Second, we find that adopting inconsistent timelines for small and large providers may make it difficult for stakeholders to carry out effective messaging campaigns touting the availability of line separations. This inconsistency may confuse survivors and ultimately dissuade them from further pursuing a line separation if they are told that their current carrier does not offer the ability despite having been informed of the SCA's features by a stakeholder messaging campaign. Third, we believe that Congress included the technical and operational infeasibility provisions to account for differences in the capabilities of providers (among other reasons), particularly between large and small providers, and to incentivize and protect providers while they work to update or develop systems and processes capable of fully effectuating the SCA's requirements and our rules within the compliance timeframe.
B. Ensuring the Privacy of Calls and Text Messages to Domestic Abuse Hotlines
104. The SCA directs the Commission to consider (i) whether and how to “establish, and update on a monthly basis, a central database of covered hotlines to be used by a covered provider or a wireline provider of voice service,” and (ii) whether and how to “require a covered provider or a wireline provider of voice service to omit from consumer-facing logs of calls or text messages any records of calls or text messages to covered hotlines in [such a] central database, while maintaining internal records of those calls and messages.” As discussed below, we find it is in the public interest to establish such a central database and adopt a process for doing so. We begin our discussion with the requirement for covered providers to exclude calls or text messages to covered hotlines from consumer-facing call logs, and the definitions of key terms.
1. Creating an Obligation To Protect the Privacy of Calls and Text Messages to Covered Hotlines
105. We adopt our proposal to require covered providers and wireline providers of voice service to exclude from consumer-facing logs of calls or text messages any records of calls or text messages to covered hotlines that appear in a central database (discussed further below), and to retain internal records of the omitted calls and text messages. We make clear that the use of the word “omit” in our rule provision regarding this requirement (§ 64.6408(a) (“All covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service shall . . . [o]mit from consumer-facing logs of calls and text messages any records of calls or text messages to covered hotlines in the central database established by the Commission”)), should be understood to mean “completely exclude,” not merely redact identifying detail. Congress determined that “perpetrators of [sexual] violence and abuse . . . increasingly use technological and communications tools to exercise control over, monitor, and abuse their victims,” and that “[s]afeguards within communications services can serve a role in preventing abuse and narrowing the digital divide experienced by survivors of abuse.” These findings are supported by, among other things, field work with domestic violence survivors demonstrating the risk of abusers' accessing domestic abuse survivors' digital footprint, particularly call logs. The record in this docket also reflects concerns raised regarding call and text logs. For example, the New York State Office for the Prevention of Domestic Violence notes that “[r]isk to survivors escalates when they are seeking to leave their abuser and calls to hotlines often precede separation from one's abuser,” and the Network for Victim Recovery of DC (NVRDC) observes that “[c]all and text records to and from covered organizations would likely tip off an abuser who is closely monitoring all communications.” We are concerned that survivors may be deterred in seeking help by the threat of an abuser using access to call and text logs to determine whether the survivor is in the process of seeking help, seeking to report, or seeking to flee. We therefore conclude that protecting the privacy of calls and text messages to covered hotlines, as described by the SCA, is in the public interest. This proposal received broad support and no opposition.
106. The SCA specifically requires the Commission to consider certain matters when determining whether to adopt a requirement for protecting the privacy of calls and text messages to hotlines. Specifically, section 5(b)(3)(B) of the SCA requires us to consider the technical feasibility of such a requirement—that is, “the ability of a covered provider or a wireline provider of voice service to . . . identify logs that are consumer-facing . . . and . . . omit certain consumer-facing logs, while maintaining internal records of such calls and text messages,” as well as “any other factors associated with the implementation of [such requirements], including factors that may impact smaller providers.” Section 5(b)(3)(B) also requires us to consider “the ability of law enforcement agencies or survivors to access a log of calls or text messages in a criminal investigation or civil proceeding.”
107. The Commission tentatively concluded in the Safe Connections NPRM that covered providers and wireline providers of voice service are able to identify consumer-facing call and text logs, and no commenter disputed this assertion. Nor did any commenter contend that excluding calls and text messages to covered hotlines from consumer-facing call logs was technically infeasible, or that it was technically infeasible to retain internal records of such calls while excluding such calls from consumer-facing call logs. Indeed, none of the trade associations representing substantially different segments of covered providers and/or providers of wireline voice service raises specific issues relating to selectively omitting calls and text messages from call and text logs in their discussion of implementation.
108. We also adopt our proposal to require providers that remove calls and text messages to covered hotlines from consumer-facing call logs to retain an internal record of such calls for as long as they normally retain internal records of calls. Retaining such internal records is necessary to ensure some record remains available if disputes or criminal investigations or civil or criminal legal proceedings arise. Further, records of calls and text messages do not appear to exist solely in the form of call logs, but, rather, are independent records—that is, some processing must be applied to the records to create call logs. As a result, Start Printed Page 84427 as proposed, we require service providers to maintain internal records of calls and text messages that they exclude from consumer-facing logs when such records are required for any criminal or civil enforcement proceeding, or for any other reason. No commenter opposed this proposal. We use the term “service provider” to refer all types of providers to which we apply the obligation to protect the privacy of calls and text messages to hotlines—covered providers, wireline providers of voice service, and, as discussed below, fixed wireless and fixed satellite providers.
109. Extension of Obligation to Fixed Wireless and Fixed Satellite Providers of Voice Service. The Commission observed in the Safe Connections NPRM that subscribers to fixed wireless and fixed satellite voice service may expect that the privacy of their calls and text messages to hotlines are also protected, despite the providers of the service likely being neither “covered provider[s]” or wireline providers, and sought comment on whether we should therefore extend related obligations to such providers. No party responded to our request for comment on factors that would prevent such providers from complying with our rules in any respect. We believe that subscribers to such services should be afforded such protections, a matter that no party disputes, and that we should seek to meet survivor expectations regarding the privacy of their calls and text messages to hotlines. We therefore extend our related obligations to fixed wireless and fixed satellite providers of voice service.
110. We conclude that we have direct authority to adopt this requirement under titles II and III of the Communications Act, and we independently assert our ancillary authority to that end as well. We have direct authority to extend our rules protecting the privacy of calls and texts to hotlines to fixed wireless and fixed satellite providers of voice. Section 201(b) of the Communications Act requires that all charges, practices, classifications, and regulations in connection with common carrier service be just and reasonable, and authorizes the Commission to prescribe rules as necessary in the public interest to carry out this requirement. If fixed wireless and fixed satellite providers of voice service were not subject to our rule, they could continue to include calls to hotlines in their call logs. That practice would be unjust and unreasonable, particularly in instances in which the abuser established and controls the household account, and survivors in that household may not know that the relevant service in that account is provided over fixed wireless or fixed satellite rather than wireline facilities. In that situation, the survivors might believe, incorrectly, that their calls to hotlines would be omitted from call logs to which the abuser has access. Further, even if the survivors knew that the household service was fixed wireless or fixed satellite, they often would not appreciate the legal nicety that the Commission's rules shielded only certain types of calls to hotlines (mobile wireless or wireline) but did not shield two other types of calls (fixed wireless and fixed satellite) that were functionally indistinguishable from the survivor's point of view. In either of those situations, the safety, even the lives, of survivors would be threatened. For instance, if a survivor wrongly assumed that a fixed wireless hotline call to a hotline was shielded and then placed such a call, the abuser could readily discover that call and, in retribution, threaten or harm the survivor or prevent the survivor from separating his or her line or fleeing to safety. Such consequences would not be just and reasonable, and we therefore assert our authority under section 201(b) to require common-carrier providers of fixed wireless and fixed satellite voice to comply with new § 64.6408 of our rules. To the extent these providers are wireless or satellite licensees, we also have authority to impose these obligations pursuant to sections 301, 303, and 316 of the Communications Act.
111. As a separate and independent basis, we assert our ancillary authority, which may be employed, at the Commission's discretion, when the Communications Act “covers the regulated subject” and the assertion of jurisdiction is “reasonably ancillary to the effective performance of [the Commission's] various responsibilities.” Section 1 of the Communications Act grants the Commission authority over, among other things, “radio communication,” which fixed wireless and fixed satellite providers of voice services provide when processing originating calls and text messages. The duty to protect the privacy of calls and text messages to hotlines is reasonably ancillary to the Commission's duty to enable survivors safely to obtain line separations under section 4 of the SCA, and its duty under section 5(b)(3)(A) of the SCA to consider whether and how to adopt rules to establish a central database of domestic violence hotlines and to require covered providers and wireline providers of voice service to omit from consumer-facing logs of calls or text messages any records of calls or text messages to such hotlines. As explained above, if our new rule protecting the privacy of calls and text messages to hotlines were to apply to wireline providers of voice service but not fixed wireless or fixed satellite providers of voice, survivors often would not know whether their calls and text messages to hotlines would be omitted from the pertinent call logs. This is more likely to be the case when the abuser controls (and was therefore more likely to have established) the account, which is a common fact pattern when a survivor would be concerned about their abuser being able to see calls and text messages to hotlines on call logs. And that uncertainty likely would have devastating consequences for the safety of survivors, which in turn would defeat the purpose of the line-separation and protection of privacy of calls and texts to hotlines provisions of the SCA and, more generally, would undermine the SCA's overall goal of establishing “safeguards within communications services [that] can serve a role in preventing abuse . . . experienced by survivors of abuse.” Accordingly, we assert our ancillary authority to prevent those harms and ensure that new § 64.6408 works efficaciously.
112. Technical Feasibility and Exceptions. Consistent with the statutory directive, the Commission sought comment in the Safe Connections NPRM on the technical feasibility of imposing an obligation to protect the privacy of calls and text messages to hotlines on certain types of services providers and relating to certain calls. The Commission received requests relating to two matters in addition to a request pertaining to the compliance deadline for small service providers, which we discuss below. First, USTelecom seeks clarification that the rules that the Commission adopts do not apply to calls placed by, and any logs created in association with, (wireline) enterprise and similar multi-line telephone system (MLTS) customers. USTelecom argues that logs relating to such services are not consumer -facing logs and that these systems are managed, maintained, and controlled by the customer rather than the service provider. USTelecom's proposal was unopposed. We agree that both the SCA and the proposed rules are directed to consumer -facing logs and recognize that applying our rules to call logs that are not controlled by the service provider would complicate our implementation of the SCA. In addition, in the event that a survivor were to use Start Printed Page 84428 an enterprise system to place a call to a hotline, we believe that the large number of users of such enterprise systems, as compared to consumer accounts, creates more anonymity for survivors. As a result, we clarify that the rules we adopt pertaining to protecting the privacy of calls and text messages to hotlines do not apply to non-consumer accounts, such as for enterprise and MLTS service.
113. Second, commenters also raise undisputed concerns about the extent to which resellers, such as MVNOs, that “depend on their underlying facilities-based providers for systems necessary to . . . screen call logs” should be expected to comply, arguing that such resellers' obligations should be “limited to the capabilities that the facilities-based provider makes available to its own customers.” We conclude that it is not practical for service providers that do not create their own call logs but, instead, rely on their underlying facilities-based provider to create such call logs, to comply with our rules for protecting the privacy of calls and text messages to hotlines. We therefore exempt such service providers from these obligations. At the same time, however, we conclude that the underlying facilities-based service provider that produces the call logs for its wholesale customers (that is, the call logs that are “consumer-facing” toward the wholesale customers' end user customers) is obligated to comply with our rules. The definitions we adopt for “covered provider,” “wireline provider of voice services,” “fixed wireless provider of voice services,” and “fixed satellite provider of voice services” are not limited to retail services. And the definition we adopt for “consumer-facing logs of calls and text messages” does not state that the consumer at issue has to be a customer of the pertinent covered provider, wireline provider of voice service, fixed wireless provider of voice services, or fixed satellite provider of voice services. Accordingly, the definitions we adopt have the effect of imposing the same duty on wholesale providers that create call logs for their wholesale customers as imposed on providers that produce their own consumer-facing call logs. Imposing this duty also furthers the overall goal of removing calls and text messages to covered hotlines from consumer-facing call logs in the most comprehensive manner possible. Further, we expect resellers that do not control their own call logs to make good faith efforts, such as through their contracts, to ensure that their wholesale providers are complying with our rules.
114. Third, we decline to adopt CTIA's proposal to create a general technical infeasibility exception. While the SCA requires the Commission to consider “the ability of a covered provider or wireline provider of voice service” to identify consumer-facing logs and omit calls from consumer facing logs while retaining internal records of such calls, in contrast to the provisions relating to line separations, the SCA does not contain an explicit technical infeasibility exception. As previously discussed, the record demonstrates that service providers generally have these technical abilities. Furthermore, we find that survivor safety, which is promoted through the uninhibited use of domestic violence hotlines, weighs against leaving technical infeasibility standards to the subjective determination of service providers. Should service providers encounter specific technical feasibility issues in their implementation of the rules we adopt that they believe warrant an exception to those rules, they may use the Commission's general process for requesting waiver of a Commission rule. We delegate consideration of such waiver requests to the Wireline Competition Bureau.
115. Access to Retained Internal Call Records. As noted above, we require providers to retain internal records of the calls and text messages they omit from consumer-facing call logs as a result of the new rules. We do so recognizing, among other things, that section 5(b)(3)(C) of the SCA states that the Commission cannot “limit or otherwise affect” the ability of law enforcement to access call logs “in a criminal investigation” or “alter or otherwise expand provider requirements” under the Communications Access for Law Enforcement Act (CALEA). Although no commenter opposed our proposal to adopt this retention requirement, EPIC et al. proposed that we limit law enforcement's access to such records to instances where the survivor requests that law enforcement be given access, and to require a judicial order or grand jury subpoena before a provider could disclose the internal call or text records to law enforcement. We decline this request. The SCA prohibits us from “limit[ing] or otherwise affect[ing] the ability of a law enforcement agency to access a log of calls or text messages in a criminal investigation[ ],” and EPIC et al.'s request would appear to “affect” law enforcement's access as it would add constraints on law enforcement's access ability to call logs during a criminal investigation, especially in instances where speed is essential or where a survivor is unavailable to give consent. At the same time, we emphasize that while our rules neither limit or otherwise affect the ability of a law enforcement agency to access a log of calls or text messages in a criminal investigation, they are also not intended to enhance such access. They merely preserve the status quo by ensuring that service providers maintain the same records that they maintain today.
2. Definitions
116. How we define certain critical terms in the SCA significantly affects which service providers are subject to the call-log removal obligations discussed above and hotline-database obligations discussed below, the extent of such obligations, and to which hotlines the obligations apply. We adopt definitions of “covered provider,” “voice service,” “call,” “text message,” “covered hotline,” and “consumer-facing logs of calls and text messages.”
117. Covered Provider. We conclude that all “covered provider(s),” as defined in the SCA, should be obligated to protect the privacy of calls and text messages to covered hotlines. We therefore adopt the same definition of covered provider used for the purpose of applying line separation obligations under section 345(a)(3) of the Communications Act, as added by the SCA. EPIC et al. supported this proposal, which received no opposition.
118. The National Lifeline Association argues that “covered providers should not include mobile broadband providers that do not offer mobile voice service.” To the extent that a covered provider does not actually have consumer-facing logs of calls, as the National Lifeline Association seems to assert some covered providers do not, then there is no obligation for omitting certain calls and text messages with which such covered provider must comply. This reasoning applies equally to covered providers that do not actually have consumer-facing logs of text messages. It is therefore unnecessary for us to create an exception for these situations within the definition of “covered provider.”
119. Voice Service. In addition to covered providers, we apply the call-log removal duty to all “wireline providers of voice service,” as suggested by the SCA, as well as “fixed wireless providers of voice service” and “fixed satellite providers of voice service.” These definitions require defining “voice service,” which we base on the definition in section 5 of the SCA. That provision references section 4(a) of the TRACED Act, which defines “voice Start Printed Page 84429 service” as “any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user using resources from the North American Numbering Plan,” including transmissions from facsimile machines and computers and “any service that requires internet protocol-compatible customer premises equipment . . . and permits out-bound calling, whether or not the service is one-way or two-way voice over internet protocol.” No commenter opposed this proposal. We also note that the Commission interpreted the TRACED Act definition when implementing that Act's requirements, and chose to mirror the definition in its rules.
120. Call. The SCA does not define the term “call,” nor does the Communications Act. Consistent with our proposal in the Safe Connections NPRM, solely for purposes of implementing section 5(b)(3) of the SCA, we elect to define a “call” as a voice service transmission, regardless of whether such transmission is completed. Given the expansive definition of “voice service,” which we define without regard to whether the service is wireline or wireless, this term sufficiently captures the means by which survivors would use the public switched telephone network to reach covered hotlines. Although we suspect that only completed transmissions would appear on call logs, out of an abundance of caution in deference to the safety concerns of survivors, we will include completed and uncompleted transmissions in the definition of “call.” No commenter opposed this proposal.
121. Text Message. Section 5(a)(7) of the SCA defines “text message” as having the same meaning as in section 227(e)(8) of the Communications Act, and we adopt the same definition consistent with our proposal in the Safe Connections NPRM. Section 227(e)(8) defines “text message” as “a message consisting of text, images, sounds, or other information that is transmitted to or from a device that is identified as the receiving or transmitting device by means of a 10-digit telephone number” and includes short message service (SMS) and multimedia message service (MMS) messages. This definition explicitly excludes “message[s] sent over an IP-enabled messaging service to another user of the same messaging service” that do not otherwise meet the general definition, as well as “real-time, two-way voice or video communication.” When the Commission previously interpreted section 227(e)(8) for purposes of implementation, it adopted a rule that mirrors the statutory text, and we do the same here, as proposed in the Safe Connections NPRM. No commenter opposed adoption of this definition. Similar to our analysis with respect to uncompleted calls, out of an abundance of caution in deference to the safety concerns of survivors, we will include delivered and undelivered text messages in the definition of “text message.”
122. Covered Hotline. The SCA defines the term “covered hotline” to mean “a hotline related to domestic violence, dating violence, sexual assault, stalking, sex trafficking, severe forms of trafficking in persons, or any other similar act.” We adopt this definition, and further clarify what constitutes a “hotline” and how much of the counseling services and information provided on the “hotline” must relate to “domestic violence, dating violence, sexual assault, stalking, sex trafficking, severe forms of trafficking in persons, or any other similar act[s]” for the “hotline” to be a “covered hotline.”
123. As an initial matter, we note that in providing these clarifications, we strive to meet the broadest reasonable expectations of a survivor seeking to place calls and send text messages without fear that they will appear in logs. Commenters uniformly supported this approach. Turning to the specific definition, we conclude that a “covered hotline” need not exclusively provide counseling and information to serve domestic violence survivors; for instance, the hotline could provide services to individuals in need of other types of support unrelated to domestic violence or other related issues under the SCA. Such a single subject requirement would be overly restrictive and potentially exclude some hotlines that provide essential services to domestic violence survivors. Accordingly, we define “covered hotline” as any hotline that provides counseling and information on topics described in the SCA's definition of “covered hotline” as more than a de minimis portion of the hotline's operations. No commenter opposed this approach.
124. We next conclude that the counseling service associated with the pertinent telephone number must be a “hotline.” Given the SCA's definition of “covered hotline,” as well as the potential use of a central database of “covered hotlines” (calls and text messages which would be omitted from customer-facing logs), we interpret “hotline” generally to mean a telephone number from which counseling and information is provided. The SCA appears to acknowledge this by equating the adjective “covered” to the topics, which, in this case are “domestic violence, dating violence, sexual assault, stalking, sex trafficking, severe forms of trafficking in persons, [and] . . . other similar act[s].” We suspect, however, that certain telephone numbers may serve as “hotlines” and also be used for other purposes, such as the main telephone number for the organization providing the counseling and/or information service. We conclude that telephone numbers should not be excluded from being “covered hotlines” merely because they do not serve exclusively as “hotlines.” We find that we can best achieve the goal of minimizing hotline hesitancy by interpreting “hotline” as broadly as possible, and therefore interpret it to include numbers on which an organization provides anything more than a de minimis amount of counseling service and will use this standard as a component in our definition of “covered hotline.” No commenter opposed this approach and several supported it.
125. The Commission proposed in the Safe Connections NPRM to delegate to the Bureau the task of providing further clarification, as necessary, of the scope and definition of “covered hotline,” in light of the novelty of overseeing a central database of covered hotlines, and to maximize the efficiency in resolving future matters of interpretation under these provisions of the SCA. We adopt this unopposed proposal.
126. Consumer-Facing Logs of Calls and Text Messages. The SCA does not define the term “consumer-facing logs of calls or text messages.” In light of our goal of minimizing any hesitancy by survivors to contact hotlines by preventing abusers from being made aware of survivors' calls and text messages to hotlines, we seek to define the term as broadly as possible. We therefore define such logs, consistent with the proposal in the Safe Connections NPRM, as any means by which a service provider presents to a consumer a listing of telephone numbers to which calls or text messages were directed, regardless of, for example, the medium used (such as by paper, online listing, or electronic file), whether the calls were completed or the text messages were successfully delivered, whether part of a bill or otherwise, and whether requested by the consumer or otherwise provided. In addition, our definition includes both oral disclosures of call and text message information that would appear in consumer-facing logs of calls and text messages (likely through customer service representatives) and written Start Printed Page 84430 disclosures by service providers of individual call or text message records. We exclude from this definition any logs of calls or text messages stored on consumers' wireless devices or wireline telephones, such as recent calls stored in the mobile device's phone app or lists of recently dialed numbers on cordless wireline handsets. The provisions of the SCA regarding the protection of calls and text messages to hotlines appear to apply to call logs under the control of pertinent service providers, not logs that might be generated by or stored on the wireline or wireless device. Thus, the obligation to protect the privacy of calls and text messages to hotlines would still apply to call and text logs accessed on a smart phone or other device through service provider apps or websites. No commenter opposed this approach and several supported it.
127. Wireline Provider of Voice Service. As discussed above, we conclude that we should extend the obligation to protect the privacy of calls and text messages to hotlines to fixed wireless providers of voice service and to fixed satellite providers of voice service, in addition to “covered providers” and “wireline providers of voice service” as identified in the SCA. Because including such providers in our rules requires new definitions, we conclude that to maintain maximum clarity, we should also define the term “wireline provider of voice service.” Such term is defined neither in the Safe Connections Act nor the Communications Act. We adopt as our definition, solely for purposes of our rules implementing the Safe Connections Act, as “a provider of voice service that connects customers to its network primarily by wire.” We believe that this definition captures what is ordinarily considered to be a “wireline provider,” allowing for intermediate legs of wireless transport, such as by microwave.
128. Fixed Wireless Provider of Voice Service. Solely for purposes of our rules implementing the Safe Connections Act, we define the term “fixed wireless provider of voice service” to mean “a provider of voice service to customers at fixed locations that connects such customers to its network primarily by terrestrial wireless transmission.”
129. Fixed Satellite Provider of Voice Service. Solely for purposes of our rules implementing the Safe Connections Act, we define the term “fixed satellite provider of voice service” to mean “a provider of voice service to customers at fixed locations that connects such customers to its network primarily by satellite transmission.”
3. Creating and Maintaining the Central Database of Hotlines
130. The SCA directs the Commission to consider whether and how to establish a central database of hotlines related to domestic violence, dating violence, stalking, sexual assault, human trafficking, and other related crimes, which could be updated monthly and used by providers to determine the covered hotline for which they must remove records from their customer-facing logs. Commenters strongly supported establishing a central database. Establishing a central database will provide certainty as to which call-log records are to be suppressed, thus fulfilling the SCA's objective to protect survivors while also clarifying service providers' compliance obligations.
131. The record supports either the Commission's or a third party's creating and administering the database, but no commenters addressed how the costs incurred by a third party administrator would be recovered. Parties have made a variety of suggestions for engaging with stakeholders, and have noted the complexity of the process. We believe that these decisions are worthy of further consideration, and we therefore delegate to the Bureau, working in conjunction with the Office of the Managing Director (including the Office of the Chief Information Officer (OCIO)) and the Office of General Counsel (including the Senior Agency Official for Privacy (SAOP)), the matter of determining the administrator for the database consistent with the determinations we make in this document. We direct the Bureau to announce the administrator details, and adopt any necessary rules, through a Public Notice or other appropriate means. The Bureau should not select an option that would require recovering costs for the administrator through an assessment on service providers, as we find that such an option would unnecessarily delay establishing the database. We also decline at this time to refer technical details of the database to the North American Numbering Council (NANC), as suggested by CTIA. The Bureau should work with stakeholders as it manages the process of selecting an administrator (whether it be self-provisioned, through a third party, or some combination thereof) and establishing the database. If the Bureau later concludes that input from the NANC is warranted, it will seek out such input.
132. In addition, the Commission also delegates authority to the Bureau, working in conjunction with the Office of the Managing Director (including OCIO) and the Office of General Counsel (including the SAOP), to address all administrative and technical matters relating to the creation and maintenance of the database that are not prescribed in this document. We expect the implementation process could involve complex legal, administrative, or technical questions, and we find that it is important to retain flexibility to address such issues as they arise. This is consistent with the approach the Commission has taken in other areas when overseeing the implementation of new programs such as the Broadband Data Collection and Robocall Mitigation Database.
133. We find that the database should always be as comprehensive and accurate as possible so as to best fulfill the expectations of survivors that their calls and text messages to hotlines will not appear in service provider's consumer-facing call logs. In this regard, we direct the Bureau to work with experienced stakeholders to help in identifying hotlines for the database administrator to include in the database, and developing procedures for updating the database; we direct the Bureau to establish procedures that will enable submissions by both operators of hotlines and from third parties. We likewise direct the Bureau to consider how best to verify the accuracy of submissions while balancing administrative concerns such as the need to initiate use of the database as soon as possible. Should the Bureau elect to use a third party to serve as the database administrator, the Bureau, not the third party, will have final authority over determining whether particular potential database entries are “covered hotlines.”
134. While we recognize that comprehensiveness and accuracy are key elements in database design and administration, the safety of survivors of domestic violence is paramount and should be taken into account in all database-related decisions and administration. As a result, we conclude that the database should not be made publicly available, as proposed in the Safe Connections NPRM. As the NDVH argues, providing convenient public access to such a large database of telephone numbers through which all manner of domestic violence survivor assistance is made available provides opportunities for abusers to interfere with survivors' ability to place calls and send texts to hotlines in the database by a variety of means, thereby undermining the purpose for which we are establishing the database (to enable protection of the privacy of calls and text messages to hotlines). While we Start Printed Page 84431 acknowledge, as the Safe Connections NPRM did, that making the database publicly available could potentially improve the accuracy of the list and be a resource for survivors, we find the benefits of making the database publicly available are outweighed by the potential harms to survivors as identified by the NDVH.
135. Consistent with our concerns regarding the sensitivity of the database, we direct the Bureau to ensure that access to the full database file is available only to covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service through secure means. Recognizing the potential value of the database to governmental agencies with general subject matter jurisdiction (law enforcement and health and human service-type agencies), however, we direct the Bureau to also permit such agencies access to the full database file through secure means as long as an administratively reasonable method of determining eligibility for access can be arranged. Moreover, although the database itself will not be publicly accessible, survivors still will be able to view the administrator's public website, and we therefore direct the Bureau to consider a means by which the administrator's website could identify, for survivors' benefit, any covered service provider that has been granted a technical-infeasibility exception from the call-log obligation, as well as any service providers that have been granted an extension of the compliance deadline. More generally, we encourage the Bureau to consider the possibility of designing a limited form of access for survivors to determine whether a call that they are about to make or a text that they are about to send to a hotline will not appear in a call log. To this end, we direct the Bureau to explore creating a web-based lookup feature that would allow survivors to determine if a particular number appears in the database while, at the same time, preventing such a lookup feature being exploited by bad actors to reverse-engineer the full list of hotlines. Such a feature may also permit operators of hotlines to determine if their number has been properly included.
4. Using the Central Database of Hotlines
136. Service Provider Compliance Deadline. For ease of discussion, we use the term “compliance deadline” to refer to the effective date of our rules regarding the protection of the privacy of calls and text messages to hotlines. The record reflects the urgency of issues faced by survivors of domestic abuse. Survivors need to place calls and send text messages to hotlines without fear of discovery (and potential reprisal) by their abuser as soon as possible as such calls and text messages save lives. Further, no party claims that the implementation challenges faced by service providers, which in some cases appear to be complex, are insurmountable. At the same time, there are important administrative milestones on which a successful database rollout depends. Although the Commission sought comment in the Safe Connections NPRM on how long service providers would take to implement the requirements that it proposed, the record has only one specific proposal, a request for at least 24 months for smaller carriers. Balancing the immediate need to provide help to survivors of domestic violence with the potential complexity of implementing systems to comply with our consumer-facing call log rules, we believe that 12 months from the date of publication of this document in the Federal Register is a reasonable timeline for all but the smaller service providers, particularly because the record lacks evidence that it would take such providers longer. We therefore adopt a 12-month compliance deadline.
137. We delegate to the Bureau the responsibility of implementing this compliance deadline and communicating with all stakeholders about progress towards completing the database, associated milestones, and service provider requirements, consistent with the decisions in this document. In establishing this timeline, we recognize the need for service providers to have the necessary detail as early as possible for designing their systems and to be able to test the database files in such systems prior to full implementation. In this regard, we also establish two milestones affecting the final compliance deadline. First, the compliance deadline will be no earlier than eight months after the Bureau has published the database download file specification, which should be the final detail necessary for service providers to complete design of their systems. Second, the compliance deadline will be no earlier than two months after the Bureau announces that the database administrator has made the initial database download file available for testing. In light of the compliance deadline being no less than two months after the availability of the initial database file for download, we do not condition such deadline on any approval by OMB review under the PRA of any data collection necessary to create the database. This is because any necessary approval would have to occur prior to creation of the initial database file. To the extent that the date of either announcement causes the deadline to be later than 12 months after Federal Register publication, the Bureau should provide notice of the new compliance deadline for implementation based on the date of the announcement. Given the potential unpredictability of the implementation process, including development of the database, we delegate authority to the Bureau to extend the compliance deadline as necessary. Although we delegate such details to the Bureau, we observe that the most likely form of the database file would be comma separated value (CSV) formatted with three fields for each database record: (1) a seven-digit integer representing a unique record identifier; (2) a ten-digit integer representing the hotline telephone number; and (3) the date, in yyyy/mm/dd format, representing the vintage of database file in which the hotline was added to the database.
138. Thus, for example, if the Bureau's announcement of the availability of the initial download file for testing were not to come until 11 months after publication of this document in the Federal Register , the Bureau would announce that the compliance deadline has become 13 months after Federal Register publication—in this example, continuing to ensure that service providers have two months to test the file. We note that this second database implementation milestone cannot be met without a database administrator having been selected and well-established. Service providers will be assured at least an eight-month period between the availability of the database download file specification and their compliance deadline. As a result, service providers will not be prejudiced by any potential delay introduced by deferring the determination of who should administer the database to a later decision by the Bureau.
139. For smaller service providers, we adopt a compliance deadline of 18 months from the date of publication of this document in the Federal Register to comply with our new rules on consumer-facing call logs. We find that granting smaller providers extra implementation time is appropriate, given that they may face more resource challenges than larger providers in complying with the new rules, and consistent with the SCA's charge to the Commission to consider “factors that may impact smaller providers.” The 18- Start Printed Page 84432 month period is less than the 24 months sought by CCA, but we find that our 18-month compliance deadline for small providers properly balances the significance of the risks faced by domestic abuse survivors, and the benefits of them being able to call hotlines and seek help without fear of the abuser accessing their call records, against the implementation challenges faced by smaller providers.
140. We define a small provider as “a provider that has 100,000 or fewer voice service subscriber lines (counting the total of all business and residential fixed subscriber lines and mobile phones and aggregated over all of the provider's affiliates).” We find it appropriate to adopt the definition of “small voice service provider” that the Commission adopted for the purpose of creating a delayed deadline for such providers to implement the Commission's call authentication rules stemming from the TRACED Act and in defining which small service providers are exempt from certain rural call completion rules. In both cases, the Commission was establishing rules relating to service providers' processing of calls, which is relevant to the rules for protecting the privacy of calls and text messages to hotlines, and the Commission considered the 100,000-line threshold to appropriately balance the need for implementation with the rules with burdens on small service providers. We believe that for the same reasons, a 100,000-line threshold is appropriate here. We reject CCA's proposal to define small providers as those that do not provide nationwide service. We find that the “small provider” definition we adopt is better established by Commission precedent, creates more administrative certainty as it obviates the need for the Commission to make determinations as to what constitutes “nationwide” service, and fosters technological neutrality given that it will not discriminate between wireline providers, none of which have “nationwide” service areas, and wireless providers, some of which may. CCA claims that the Commission has made the nationwide/non-nationwide distinction in public safety proceedings, but CCA's cited examples are only to proposals on which the Commission sought comment, and, in any event, were not seeking to define the term “small provider,” a term used in the Safe Connections Act.
141. We recognize that in extending the compliance deadline for small service providers, we need to ensure that this translates to additional system development time after the data file specification is announced. As a result, the compliance deadline for small service providers will in no case be earlier than 14 months after the Bureau has published the database download file specification, ensuring that small service providers will have sufficient time to complete design of their systems. Further, exercising an abundance of caution, the compliance deadline for small service providers will be no earlier than two months after the Bureau announces that the database administrator has made the initial database download file available for testing for larger service providers.
142. Creating a later compliance deadline for small service providers, however, will lead to a six-month period in which some survivors' calls and text messages to hotlines will be omitted from call logs (those served by non-small providers) while calls and text messages of other survivors (those served by small providers, likely the vast minority of survivors) will not. To minimize confusion, we direct the Bureau to consider creating a means by which survivors can determine on the database administrator's website whether their service provider is currently (at the time of inquiry) required to comply with the obligation to protect the privacy of calls and text messages to hotlines.
143. We also provide clarity regarding the relationship between compliance deadlines and the dates of particular calls and text messages that may be subject to our rules. We recognize that service providers may maintain two kinds of relevant call logs: (1) online consumer-facing logs, and (2) consumers' bills (whether electronic or paper), which we also consider to be logs. We also recognize that, as of a service provider's compliance deadline, the service provider's online consumer-facing logs will include records of calls and text messages from prior to the compliance deadline—and, in the ordinary course of business, such service provider may continue to make such online logs of pre-compliance deadline calls and text messages available for potentially multiple months. These online call logs may be difficult to retroactively revise. Similarly, we acknowledge that consumers' bills that pertain exclusively to periods before the compliance deadline may remain available on service providers' websites on and after the compliance deadline. Not only might it be difficult for service providers to retroactively revise such bills, but such bills may have already been emailed or physically mailed to the account holder.
144. Balancing these considerations, we establish the following requirements. With respect to online consumer-facing logs, we clarify that, after a service provider's compliance deadline, such logs may continue to display records of calls and text messages to hotlines that were placed or sent prior to a service provider's compliance deadline. That same service provider's online consumer-facing logs, however, must omit calls and text messages to hotlines that were placed or sent on or after the compliance deadline. With respect to consumers' bills, we clarify that bills for periods exclusively before the compliance deadline need not omit calls placed to and text messages sent to hotlines omitted. For bills that include calls and text messages both before and after the compliance deadline, service providers need only omit calls placed to and text messages sent to hotlines on or after the compliance deadline. Service providers are also welcome to voluntarily omit such calls and texts for all days in such bills. Bills exclusively for periods on or after the compliance deadline must fully comply with our rules. With regard to other written and oral disclosures of information regarding calls placed to and text messages sent to hotlines, our rules apply only to such calls and text messages placed or sent on or after the compliance deadline.
145. Database Updates. As proposed in the Safe Connections NPRM and consistent with the SCA, we require service providers to download the central database once it is established, and thereafter to download updates from the central database once per calendar month. This is necessary to ensure service providers stay up to date on the covered hotlines in order to abide by their call-log removal duties. We anticipate new covered hotlines will be added to, and potentially removed from, the central database on an ongoing basis, so regular downloading of the updated database will be necessary. Commenters broadly supported a monthly download requirement, which strikes a balance between requiring providers to stay current but not requiring constant updates. To make updates easier, we direct the Bureau to work with the database administrator to set a fixed date each month (for example, the 1st or 15th of the month) when it will update the database, so providers can schedule their monthly downloads of the updated database accordingly. Service providers will be required to download and implement their monthly downloaded updates in their systems within 15 days of the Start Printed Page 84433 release of these new monthly updates. We decline USTelecom's request to permit providers to perform database updates “any time within the month after the central database is updated.” Because we do not believe manual updates will be required, as USTelecom posits, we find that 15 days will be sufficient for providers to download the necessary updates for use in their systems.
146. Penalties, Safe Harbor, and Interplay With Other Laws and Regulations. We conclude that we should not establish special penalties for violations of our rules pertaining to protecting the privacy of calls and text messages to hotlines. We believe that the relative novelty of the requirements that we establish make appropriate penalties difficult to assess in advance and are likely, at least initially, to be best assessed on a case-by-case basis. Thus, we conclude that, contrary to EPIC et al.'s suggestion, we should rely on pre-existing penalties and enforcement mechanisms, but will revisit this topic in the future if such mechanisms prove to be insufficient.
147. Some service providers have raised concerns about facing civil liability for unintentional errors or failures in removing calls and text messages to covered hotlines from their call logs, and recommended the Commission establish a “safe harbor” in this area. As an initial matter, we note that the SCA already establishes a safe harbor from civil liability for providers that update their databases every 30 days to match the Commission's central database. The rules that we establish make clear that covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service need omit from consumer-facing call and text logs only calls and text messages to numbers that appear in the database. Thus, as long as these providers are faithfully downloading updates to the database and have properly implemented systems for redacting calls and text messages to such numbers from consumer-facing call logs, they will not be in violation of our rules. Put another way, such providers will not have an independent duty to authenticate and verify the accuracy of the central database.
148. Commenters have raised examples of laws and regulations that service providers might arguably violate through their compliance with the privacy rules that we establish for the protection of calls and text messages to hotlines. In response, and consistent with the principle that subsequent, more specific statutes control in the event of a conflict with earlier broader statutes, we make clear our intent that the rules we adopt here to implement the SCA supersede any conflicting requirements in the Communications Act, other Commission rules, or state requirements. This would include the requirement in section 222(c)(2) of the Act that a telecommunications carrier disclose CPNI to the customer upon request. However, we remind parties that pursuant to section 5(b)(3)(C) of the SCA, the rules that we adopt in this document pertaining to the protection of calls and text messages to hotlines do not alter service provider obligations under CALEA.
149. We decline to adopt a number of requests and recommendations put forth by EPIC et al. pertaining to matters that extend beyond implementation of the SCA. For example, EPIC et al. asks that we require providers to help survivors detect/delete stalkerware from phones and investigate dual-use tracking apps that can double as stalkerware, compile list sources of Commission authority over stalkerware. We decline to adopt these proposals, which fall outside the scope of the SCA and Safe Connections NPRM and raise complex issues on which we have no record other than EPIC et al.'s request.
C. Emergency Communications Support for Survivors
150. We designate the Lifeline program as the program that will provide emergency communications support for survivors. As further detailed below, we also define financial hardship to allow survivors to receive this support, establish the application and enrollment processes for qualifying survivors, and address additional implementation challenges.
1. The Designated Program for Emergency Communications Support
151. The SCA requires the Commission to designate either the Lifeline program or the Affordable Connectivity Program to provide emergency communications support to survivors who have pursued the line separation process and are suffering from financial hardship, regardless of whether the survivor might otherwise meet the designated program's eligibility requirements. Given this requirement and the record before us, we designate the Lifeline program to provide emergency communications support to impacted survivors. The Lifeline program allows participants to receive discounts on voice-only service, broadband service, or bundled service. The ACP does not allow consumers to receive a discount on voice-only services. We believe the flexibility offered by the Lifeline program to support voice-only services makes the program uniquely valuable for survivors, who may be experiencing significant disruption in their lives and need the ability to choose a voice-only service to help them reach other social support services.
152. While “emergency communications support” is not defined by the SCA, we construe the Act's references to emergency communications support to be the time-limited support offered to survivors suffering financial hardship through the designated program. We note that one commenter suggested that the Commission allow survivors to choose either the ACP or Lifeline. We do not believe we have the authority to pursue that option given the SCA's specific direction to designate a “single program.” In addition, in its comments, the National Lifeline Association (NaLA) also advocated for additional Lifeline reforms including increasing the Lifeline support amount, acting on pending Lifeline compliance plans and petitions for Eligible Telecommunications Carrier (ETC) designation, eliminating minimum service standards for Lifeline service, expanding Lifeline to support consumer devices, limiting Lifeline subscribers' ability to transfer their benefit, and limiting provider liability for noncompliance with our rules. As these issues are not the focus of this proceeding and were not raised in the Safe Connections NPRM, we decline to address them in the Report and Order.
153. Particularly in light of the SCA's focus on enabling survivors to establish connections independent from their abusers, we recognize the importance of allowing qualifying survivors to choose to apply their emergency communications support benefit to a voice-only option. Voice services are ubiquitous and provide reliable access for reaching necessary support services and, if necessary, accessing emergency services. Additionally, real-time human voice communications can provide connection, comfort, and reassurance to the survivor during a time of upheaval and new challenges. By designating Lifeline as the emergency communications support program under the SCA, we enable survivors to maintain their voice-only service connection if they so choose.
154. In addition to voice services, Lifeline also provides discounts on broadband services, which may be equally essential in different ways to many survivors as they research support services for assistance as they flee their Start Printed Page 84434 abusers. While both Lifeline and the ACP allow consumers to receive bundled support, the Lifeline program offers the greatest flexibility for survivors. As such, by selecting the Lifeline program, we are providing survivors with the option to access either or both of these crucial communications services, broadband and voice, giving survivors the security and autonomy we believe that Congress intended with the Safe Connections Act.
155. The maximum Lifeline discount for voice-only services is currently set at $5.25, and further phasedown in that support level is currently paused. To ensure the designated program best serves qualifying survivors, we believe that the Lifeline program should offer survivors the maximum base Lifeline discount, even for voice-only services. As noted in the Safe Connections NPRM, we also believe that survivors receiving emergency communications support should be able to benefit from the Lifeline program's enhanced Tribal benefit if they reside on qualifying Tribal lands. As such, we modify our rules at § 54.403 to allow survivors to receive support of up to $9.25 per month for all qualifying Lifeline services and up to a $34.25 monthly discount on Lifeline-supported services for survivors residing on qualifying Tribal lands. Regardless of any future changes to the reimbursement amount for voice-only services in the Lifeline program, we believe that survivors' needs present a unique situation that should permit survivors choosing voice-only plans to receive the full Lifeline reimbursement amount for which they are eligible. This level of support will be limited to the survivor's six-month emergency communications support period. If a survivor is eligible to participate in the Lifeline program beyond their initial emergency support period, and they choose to subscribe to a voice-only plan, then they will receive the voice-only discount applicable for all non-Tribal Lifeline subscribers, which is currently $5.25. Survivors on qualifying Tribal lands still qualify for the enhanced Tribal benefit.
156. USTelecom urges the Commission to limit this enhanced support opportunity for voice-only services to only mobile wireless service plans. We decline to adopt such a limitation. The SCA requires that survivors pursue a line separation request that meets the requirements under section 345(c)(1) before receiving emergency communications support, but it does not limit the type of service that a survivor can then receive after completing that line separation request. Additionally, the SCA's direction to the Commission to designate either the Lifeline program or the ACP, which both allow eligible households to apply their benefit to fixed service, indicates that survivors enrolling in the designated program pursuant to the SCA should be afforded the same choice. We also believe that imposing this suggested limitation would not serve the public interest. Further, we believe that the implementation concerns raised by USTelecom will be minimized by our direction to USAC to identify survivor enrollments in its systems, which will not only allow service providers to treat survivor information with heightened sensitivity, but will also give service providers the appropriate insight necessary to determine whether a consumer is a survivor eligible to receive up to $9.25 in support for voice-only services.
157. We note that some commenters expressed support for the ACP as the designated program because it offers a higher monthly benefit amount. While we certainly recognize that as an advantage of the ACP, we believe that the Lifeline program overall offers the better longer-term solution for survivors because of its ability to support voice-only services and because of its stable funding source. We also believe that our efforts to expand the Lifeline benefit amount for voice-only support help to address the concerns raised by these commenters regarding the difference in the program benefit amounts.
158. In addition to being unable to support voice-only services, the ACP has a finite source of funds and its continuation is dependent upon additional congressional appropriations. Therefore, the ACP does not present the same long-term funding stability as the Lifeline program. Consumers eligible for the Lifeline program are also eligible to participate in the ACP, pursuant to the Infrastructure Investment and Jobs Act (Infrastructure Act), and the amendments to the Lifeline rules that we make in this document preserve that option for survivors enrolling in Lifeline pursuant to the SCA as well. We believe it is appropriate, however, to limit this combined Lifeline and ACP support to the emergency communications support period of six months because adhering to the time limitation is consistent with both the language and intent of the SCA. This will protect program integrity and target limited funding where it is most needed. Survivors will have the opportunity to confirm their eligibility to participate in Lifeline and/or ACP under each respective program's existing eligibility criteria as they approach the end of their emergency support periods, as detailed below.
159. Some commenters identified the Lifeline program's requirement that service providers be designated as Eligible Telecommunications Carriers (ETC) as a drawback of designating the Lifeline program for emergency communications support, with one commenter briefly suggesting that the Commission exempt carriers from the ETC requirement to allow more service providers to support survivors in the emergency communications period. The ETC requirement is a statutory requirement and cannot be waived. The ETC requirement is also a critical oversight component of the Communications Act, and the record here does not include the level of analysis required for us to consider whether forbearance would be appropriate or warranted. Furthermore, as we discussed above regarding line separations, the Safe Connections Act prohibits providers from limiting or preventing survivors from porting their line to another service provider. Therefore, survivors have the ability to port their line to a service provider that is designated as an ETC. Survivors will be able to receive the intended emergency support by receiving service from ETCs in the Lifeline program. Any service provider that is not currently an ETC but wishes to support survivors eligible for benefits under the SCA can do so by obtaining designation as a Lifeline-only ETC from the relevant state commission or the Commission, as applicable, and we encourage providers to do so. Providers participating in the ACP are not required to be ETCs. Because we permit survivors that qualify for emergency communications support through Lifeline to enroll in ACP, survivors benefitting from emergency communications support through ACP can receive ACP service from non-ETCs in addition to Lifeline service from an ETC.
160. In the Safe Connections NPRM we sought comment on the impact of the designated program's benefit as it pertains to survivors' access to devices. There was limited discussion of this issue among commenters, but some commenters advocated for support for devices through the SCA designated program or suggested that the Commission take steps to incentivize service providers to provide devices to survivors. Historically, the Lifeline program has not generally supported devices, and on balance here, we believe it would be appropriate to continue focusing Lifeline funding on the subscriber's service offering. This approach is consistent with the Commission's long-standing approach Start Printed Page 84435 in other universal service programs, which also do not fund end-user devices. One commenter suggested that the Commission should create a pilot device program for survivors, but we believe that the limited duration of emergency communications support cautions against funding devices. We are aware that certain providers and community organizations have provided survivors with access to free devices, and we are supportive of those efforts, but we do not believe it would be appropriate to support devices for survivors through the Lifeline program. Although the Lifeline program does not offer support for devices, if survivors who qualify for the Lifeline program use that qualification to enroll in the ACP, then they may avail themselves of the connected device benefit available under the ACP.
2. Defining Financial Hardship
161. As proposed in the Safe Connections NPRM, we define “financial hardship” to largely mirror the ACP's eligibility requirements as outlined in the Infrastructure Act. Defining financial hardship in this way gives survivors greater flexibility to confirm their status, and we hope that this more expansive definition for financial hardship will enable greater participation for survivors. Consumers can qualify to participate in the ACP if they participate in certain Federal assistance programs or if their household income is at or below 200% of the Federal Poverty Guidelines. These eligibility standards are more expansive than the standards used by the Lifeline program, which allows consumers to qualify for the program through participation in fewer Federal assistance programs or if their household income is at or below 135% of the Federal Poverty Guidelines. We believe that adopting this more expansive approach in our definition of financial hardship allows the emergency communications support effort to reach a wider range of survivors, as contemplated by the SCA. Indeed, Congress noted in its findings that survivors often face significant financial insecurity. In adopting this approach, however, we decline to allow survivors who participate in a provider's existing low-income program, which are based on the provider's own eligibility criteria, to use that participation as a basis for demonstrating financial hardship. The Lifeline program has not historically relied on provider-specific eligibility criteria, and the record does not provide a basis for concluding that such programs are prevalent among Lifeline providers, or that these programs would be a predominant qualifying program for survivors given the other expansive qualifying criteria.
162. With the definition of financial hardship that we adopt in this document, we believe that we are aligning with the spirit of the congressional findings in the SCA and commenter concerns in our record. We also note that in addition to demonstrating financial hardship, survivors are also required by the SCA to meet the requirements of section 345(c)(1), which details the process for a survivor completing a line separation request. We anticipate that the documentation confirming submission of a valid and completed line separation request as detailed above will be sufficient to satisfy the requirement that survivors seeking to receive emergency communications support must have pursued a line separation request and, when paired with some substantiation of financial hardship, will allow us to ensure compliance with the SCA's limitations for receiving emergency communications support.
163. Though there are no significant comments in the record offering a specific definition of financial hardship, there is some support among commenters for the Commission implementing an approach that would presume that all survivors suffer financial hardship. We decline to implement this approach. Although (as noted) Congress found in the SCA that “survivors often lack meaningful support and options when establishing independence from an abuser, including barriers such as financial insecurity,” that finding indicates that not all survivors face financial hardship. A presumption of financial hardship for all survivors for purposes of qualifying for emergency communications support would be inconsistent with this finding. In addition, and most critically, the SCA specifically states that survivors may qualify for emergency communications support if the survivor attempts a line separation request with their communications service provider and they are suffering financial hardship. A presumption of financial hardship for all consumers applying for the Lifeline benefit through the SCA would fail to give effect to the second qualification prong established by the statute, and would also pose an unacceptable risk to the program's integrity. We therefore do not adopt such a presumption, but we take steps to streamline the application process for survivors seeking to qualify for emergency communications support.
164. As further discussed below, we believe that the use of the National Verifier for all applications for emergency communications support will allow for the most streamlined process for survivors and will best protect program integrity by ensuring a unified review process. As our definition of financial hardship will largely align with the eligibility standards for the ACP, the National Verifier and its connections to relevant state databases may allow for automatic confirmation of a survivor's financial hardship status. In instances where an individual's eligibility cannot be determined through these database connections, however, we believe that it is appropriate to allow survivors to self-certify their financial hardship in the National Verifier. By allowing self-certification of financial hardship, we recognize that survivors often lack access to financial documentation to verify their financial hardship and could place themselves in danger if they made an attempt to access such documentation. Currently, if a consumer cannot automatically confirm their participation in a qualifying Federal assistance program through USAC's database checks, then they must submit appropriate documentation to USAC that demonstrates their participation in the relevant program. The SCA, however, requires that the Commission allow survivors' entrance into the designated program regardless of their ability to otherwise participate in the program. With a self-certification approach, we offer that greater flexibility and also protect program integrity by securing a self-certification under penalty of perjury from the survivor. By combining a self-certification approach with the use of the National Verifier, we can reduce the barriers of participation for survivors and help survivors access the benefits of the designated program “as quickly as is feasible.” To implement this process, we direct the Bureau to work with USAC to develop standardized self-certification documentation and implement changes to USAC's application workflows to allow for survivors from across the United States to easily enter the program through the National Verifier. In implementing the application and certification process, we direct the Bureau and USAC to ensure that those processes are appropriately accommodating and user-friendly for survivors while still protecting program integrity.
165. We believe that concerns about the risks of a self-certification approach to program integrity are mitigated by the statutory limitation of emergency communications support to survivors who are seeking to separate a line from Start Printed Page 84436 a shared mobile service contract and meet the line separation requirements discussed above, and the temporary nature of the emergency communications support benefit. First, the SCA mandates that survivors seeking to receive emergency communications support through the designated program also demonstrate that they have met the line separation requirements of section 345(c)(1). That statutory requirement means that survivors will have to compile and submit documentation of their abuse in order to pursue a line separation request. Satisfying such an obligation will protect Lifeline program integrity, as survivors should be a small subset of the overall population, and those receiving emergency communications support will be an even smaller subset of those survivors as these survivors would have to pursue a line separation request and be suffering financial hardship. Second, the SCA limits survivor participation in the designated program to six months, also limiting the potential impact on the Lifeline program's resources. Between these two requirements for receiving emergency communications support, we believe that permitting self-certification for the financial hardship component strikes the best balance between program integrity concerns and ensuring that survivors have access to vital connectivity services.
166. One commenter suggested that if the Commission adopted a self-certification approach for survivors documenting their financial hardship, then the Commission should determine that National Verifier review of such documentation provides an “ironclad safe harbor for service providers.” We decline to adopt this approach. The National Verifier relies on the information it receives from service providers, and while it is an important tool for protecting program integrity, to say that approval by the National Verifier creates a safe harbor for provider activity would open the program to potential service provider abuse. Service providers remain responsible for implementing policies that ensure compliance with the Lifeline program's rules, and this includes, among other things, implementing policies that ensure that information received by the National Verifier is accurate. The Commission has never intended for the National Verifier to be a safe harbor, and we do not believe that it would be appropriate to implement such an approach here. If service provider policies, when implemented in conjunction with the National Verifier, are found to be inadequate for ensuring that a subscriber is eligible to receive Lifeline service, then such service provider may be subject to recovery action from USAC or forfeiture efforts from the Commission's Enforcement Bureau.
167. In the Safe Connections NPRM, we sought comment on how we might be able to address survivors with a temporary financial hardship. These are survivors who might have a reliable source of income that would otherwise not qualify them to meet our definition of financial hardship but may be facing a short-term, acute financial strain as a result of experiencing or escaping domestic violence or abuse. We received no specific comments on how we might treat survivors suffering temporary financial hardship. While we understand the challenges that these individuals might encounter, we do not believe it would be appropriate to allow entry into the program based only on a position of temporary financial hardship. In the case of a temporary financial hardship, a benefit that extends for six months could significantly outlast the subscriber's actual financial hardship and see the program supporting an individual with significant financial resources. Making the emergency communications support available in that situation would be inconsistent with the conditions established in the SCA and would be an ineffective use of limited USF funding. We also do not have a reliable way of confirming temporary financial hardship, so implementing such an approach would raise significant program integrity concerns. For these reasons, we decline to define financial hardship to include temporary financial hardship.
3. Program Application and Enrollment
168. In the Safe Connections NPRM, we proposed that survivors entering the designated program be required to use the National Verifier to have their eligibility to participate in the program confirmed by USAC. We adopt this proposal and direct USAC to allow for such an approach for survivors living in all states, including the National Lifeline Accountability Database (NLAD) opt-out States of California, Texas, and Oregon. There was limited discussion of this issue in the record, but NaLA and USTelecom both supported such an approach. We believe that this approach will create a more streamlined application and enrollment experience for survivors. It will also allow USAC to better protect program integrity. USAC will be able to develop a greater understanding of the material provided by service providers after an attempted line separation request, and, therefore, is in the best position to verify the validity of line separation request documentation. USAC will also be able to act as a centralized repository for this information, minimizing the potential for data leakages compared to having this information reviewed by both USAC and a state administrator. As noted above, survivors will be able to leverage the database connections that the National Verifier uses to confirm program participation when seeking to confirm their financial hardship status. Finally, by requiring survivors to apply through the National Verifier, we ensure more consistent messaging to survivors and review standards for all documentation. To this end, we direct USAC to explore avenues for ensuring that application information and materials are made available to survivors in a variety of different formats and languages. In adopting this approach, we do not remove any of the existing channels by which consumers can be supported in their Lifeline application process.
169. In applying for emergency communications support through the National Verifier, we believe that the current amount of personal information collected for enrollment into the Lifeline program is generally appropriate. This information allows USAC to confirm that individuals are who they say they are—and by collecting the last four digits of an applicant's or subscriber's Social Security number or Tribal Identification number, that process can often be completed automatically. That automated confirmation often allows subscribers to provide less documentation than if they were required to confirm their identity through a manual review process. Some survivor advocates called for either omitting survivor identifiers or using alternative identifiers, and to avoid using Social Security numbers whenever possible. We find that requiring only the last four digits of an applicant's Social Security number will balance the legitimate interests in protecting the safety and security of survivors while also adequately verifying survivors' identities. Given the similar program integrity concerns and significant administrative challenges, we also decline to modify the information collected from survivors to permit alias names as EPIC suggests.
170. We understand, however, that current address information is extremely sensitive information for survivors escaping domestic violence or abuse. Unlike a survivor's name or the Start Printed Page 84437 last four digits of their Social Security number, if address information is disclosed it could imminently allow an abuser to locate a survivor, and because of this risk, survivors may not reside at one location or have a fixed address. A survivor also may be hesitant to seek emergency communications support if they believe doing so could risk disclosing their location to an abuser. In light of these unique risks, we will allow survivors to submit prior address information from within the last six months on their Lifeline applications, thereby giving survivors the opportunity to shield their current address information and to confirm their identity automatically. By requiring a survivor's name, the last four digits of their Social Security Number, and a relatively recent address, we may have enough information to allow USAC to automatically confirm the survivor's identity without further information. At the same time, by allowing survivors to submit prior address information where possible, we acknowledge and accommodate the critical privacy and safety concern of survivors and survivor advocacy organizations in protecting the current location information of survivors. However, if it is not possible to confirm the survivor's identity in this manner, then the survivor will need to submit their documentation manually and should rely on their current address in such instances.
171. Having current address information better allows USAC to conduct consumer outreach and prevent against duplicate household enrollment, but we believe that affording flexibility to apply with prior address information is appropriate for survivors. We confirm, however, that USAC should not modify its practices for protecting the program against enrolling duplicate households. In instances where the survivor's submitted address indicates a potential duplicate enrollment, that survivor will need to complete the Lifeline program's Household Worksheet. This approach should allow for authentication of a survivor's identity, while also speaking to concerns of commenters related to protecting program integrity. Finally, during the emergency communications support period, enrolled survivors will not be required to comply with the current requirement in the Lifeline program's rules that subscribers must update their address within 30 days of moving.
172. In the Safe Connections NPRM, we sought comment on how we might collect information from survivors when they are applying or enrolling in the designated program. It does not appear that the Commission's forms and other documents require significant changes to account for survivors, and we did not receive any specific feedback from commenters suggesting changes to the forms. However, we do believe that there will need to be some minor refinements to account for survivors' entry into the emergency communications support program. To that end, we direct the Bureau and USAC, in coordination with the Office of General Counsel, as necessary, to consider and adopt appropriate revisions to the relevant forms. We expect that the Bureau and USAC will work to update the forms to request confirmation of a survivor's line separation request, consistent with the documentation that service providers will give to survivors. We also expect similar updates regarding the submission of material to demonstrate financial hardship. Finally, we direct the Bureau and USAC to include in appropriate program forms information soliciting communications preferences, so that survivors can make clear how USAC should contact them in the future. This may be particularly helpful for survivors who do not wish to receive mail at their address. Survivors should be given options for such outreach such as physical mail, email, text messaging, and Interactive Voice Response (IVR).
173. We also do not believe that any significant changes need to be made to the enrollment process and the information that is provided to survivors to share with their service provider for enrolling in the program or the information that is shared between USAC's systems and service providers through any API connections that might exist. We direct USAC to make the necessary system changes to flag survivor entries in its systems so that service providers are aware of a survivor's status and treat such information with heightened sensitivity. While we decline to prescribe specifics at this time, we also direct the Bureau and USAC to implement enhancements as they deem appropriate to protect survivor information that is shared with service providers. We strongly encourage service providers to take steps similar to those taken in this document around address submission in their systems, and we remind service providers of their obligations under the confidentiality rules we adopt in this document, as well as section 222 of the Communications Act and the Commission's Customer Proprietary Network Information (CPNI) rules when it comes to survivor privacy.
174. General Program Requirements. As proposed in the Safe Connections NPRM, the Lifeline program's general rules and requirements will remain largely in effect for survivors and service providers. Any areas where there might be confusion between the existing Lifeline program's general rules and the rules meant to implement the SCA have been specifically addressed in our amendments to the Lifeline program's rules. There were no commenters that addressed this concern specifically in the context of the designated program for emergency communications support. However, several commenters had more open-ended statements suggesting that the Commission should clearly articulate that rules meant to implement the SCA should supersede existing program rules. Because we amend our Lifeline program rules to incorporate our actions in this document taken pursuant to the SCA, we do not need to issue such a blanket statement to address provider concerns. Where we have not acted to specifically address the SCA changes adopted in this document, we expect that the Lifeline program's rules remain appropriate as applied to survivors seeking emergency communications support, and Lifeline providers should continue to comply with the program rules, including the amendments we make through this document.
175. Perhaps most significantly, we do not modify any of the Lifeline program's usage requirements for survivors receiving emergency communications support. We do not believe that the rationale for those requirements, namely ensuring that limited program resources go to individuals that truly need the service, is less compelling when applied to survivors. NaLA urges the Commission to eliminate the program's usage requirement and contends that survivors may value any communications access they receive as an “emergency phone,” which we interpret to mean a phone or device that may not be used by the survivor. As explained above, we do not believe that adopting such an understanding would result in the best usage of the limited financial resources available to the Lifeline program. We also decline to change the Lifeline program's limit of one benefit per household. While “survivor” is defined as inclusive of an individual caring for another individual against whom a covered act has been committed, we view such a situation as inclusive of our current definition of household. We did not receive significant comments expressing concerns with this portion of the Lifeline rules or identifying any potential challenges that survivors Start Printed Page 84438 might encounter were we to continue to adhere to the one per household limitation. Finally, we allow survivors to enter the Lifeline program while requiring that service providers adhere to the program's existing record retention and audit rules. We have not received any specific concerns indicating how tensions might arise from the need to adhere to these requirements while serving survivors.
4. Additional Program Concerns
176. In the Safe Connections NPRM, we raised a number of concerns dealing with how survivors can take advantage of the benefit and how low-income survivors might be transitioned to longer-term participation in the program after their emergency support runs its course. As proposed in the Safe Connections NPRM, we will permit survivors receiving emergency communications support to receive six monthly benefits from the Lifeline program and by extension the ACP in accordance with the SCA. While we expect that this support will largely be provided in a single six-month time frame, we do not believe it would be appropriate to limit survivors to such a requirement. As such, we direct USAC to implement processes and procedures for tracking the emergency communications support provided to survivors to ensure that they do not receive more than six months of emergency communications support tied to a single line separation, even if that support is not provided in a single six-month block of time. We also do not believe that we need to place any limitations on the ability of survivors to change their service, as available to any other Lifeline subscriber, during this time period. To ensure the smooth operation of this effort, we strongly encourage service providers to file claims for reimbursement for emergency communications support provided to survivors on a monthly basis. Service providers are permitted to submit claims for reimbursement for Lifeline service within one year, but in the context of emergency communications support, timely claim submission allows USAC to accurately track and apprise survivors and service providers of the status of the survivor's remaining available emergency communications support.
177. The SCA is silent on whether emergency communications support can be received more than once in a survivor's lifetime, but survivor advocates expressed support for allowing survivors to participate in the program beyond an initial six-month period if appropriate. To best support survivors, we allow a survivor to receive multiple periods of emergency communications support through the designated program if each period is paired with proof of completion of a new line separation process. With the SCA silent on this exact issue, we believe that the requirement that any further emergency support be paired with a new line separation request, as adopted here, is consistent with the statute and sufficiently supports survivors who need to leave abusive situations more than once in their lives while ensuring the benefits are not unjustifiably expanded beyond the six-month period prescribed by the SCA. We believe that this approach reflects the realities of survivors' situations while also ensuring the protection of the designated program and adhering to the requirements of the SCA. Any process established by USAC to ensure survivors' compliance with the six-month period of support should account for situations where a survivor may need to re-enter the designated program for a new emergency support period tied to a new line separation request and demonstration of financial hardship, in accordance with the rules adopted in this document.
178. The SCA specifically contemplates that survivors may wish to continue to receive support from the designated program beyond their initial support period if they can qualify for the underlying program. Because USAC will process initial applications and enrollments into the emergency support program, we believe that USAC will be well-positioned to handle this transition for survivors eligible to continue to receive Lifeline and/or ACP benefits after their emergency communications support period has finished. We therefore adopt a process to allow survivors who wish to continue in the program to demonstrate their eligibility to do so. We note that survivors going through this process must meet the standard eligibility requirements for participation in Lifeline and/or the ACP.
179. To support longer-term low-income survivor enrollment and to ease customer transition efforts, we direct USAC to notify a survivor receiving emergency communications support approximately 75 days before the period of emergency support is meant to expire. Prior to this notification, USAC will attempt to verify the survivor's eligibility through its automated eligibility database check process. If the survivor's eligibility can be automatically confirmed through this process, USAC's outreach to the survivor will notify them that they are eligible to continue receiving the Lifeline benefit and will continue to do so with their current provider unless they de-enroll or transfer their benefit to a different Lifeline provider. If USAC cannot confirm a survivor's eligibility through its automated database checks, then USAC will notify the survivor that they can continue to participate in the program if they meet the Lifeline program's eligibility requirements and submit documentation to confirm their eligibility to participate. USAC will notify the survivor of this change in status through written communication, either through email, written letter, text messaging, or other automated process as appropriate. Where possible, this outreach should also align with a survivor's expressed contact preferences. USAC's communication will also make the survivor aware of any changes in their benefit amount that might result from the transition from emergency communications support, in which a survivor may receive the full base Lifeline support for a voice-only plan, to the standard Lifeline support amounts for voice-only service. Any potential change to the voice-only support from the survivor option of $9.25 to the standard Lifeline reimbursement amount of $5.25 should be communicated to survivors so they are aware of the change and can pursue an alternative plan if so desired. For survivors who take advantage of their Lifeline participation to enroll in the ACP, this outreach will also provide information on qualifying for ACP longer-term, and the general differences between the programs in eligibility requirements and features.
180. In responding to this outreach for continued support, survivors must confirm their eligibility in accordance with the existing requirements for entry into the Lifeline program—that is, a self-certification of financial hardship will not be sufficient to confirm long-term eligibility to participate in Lifeline. USAC largely follows the documentation requirements applied by our rules to service providers when assessing documentation used for enrollment and recertification in the Lifeline program. This approach is consistent with the SCA. Throughout this process, service providers may contact survivors as they might through the regular continued eligibility or recertification process, in addition to USAC-led outreach. Similarly, survivors that rely on their enrollment in Lifeline through the emergency communications support process to qualify for ACP will also be required to demonstrate that they are eligible to remain in ACP. We encourage such outreach to be Start Printed Page 84439 respectful of survivors' communications preferences and the sensitive nature of their personal information. Finally, consistent with our standard processes, survivors who are unable to confirm their eligibility to continue to participate in the Lifeline program should have their de-enrollment from the Lifeline program processed by USAC within five business days of the end of their six-month period of emergency participation. This de-enrollment requirement also applies where a survivor used their Lifeline enrollment through emergency communications support processes to qualify for and enroll in the ACP.
181. Privacy Concerns. Under the Privacy Act of 1974, the Federal Information Security Modernization Act of 2014 (FISMA), and applicable guidance, the Commission and USAC have strong privacy protections in place for the information collected in the administration of the Commission's programs. However, we believe that handling survivor data may present some unique challenges. As such, we direct the Bureau to work with USAC, in coordination with the Office of Managing Director (OMD) (and specifically Office of Chief Information Officer (OCIO)) and the Commission's Senior Agency Official for Privacy, to consider ways in which USAC might further limit access to data tied to survivors. The Bureau and USAC should consider, for the USAC-run call center, requiring call center supervisor review before the release of any survivor personal information from a USAC (or its contractor's) call center, developing and delivering specific training on handling survivor data for all support center staff, and limiting the type of survivor data shared with service providers outside of more routine system interactions. With oversight from the Bureau, USAC should implement responsive changes that cause minimal burdens on consumers and service providers.
182. The systems that USAC uses to manage the Lifeline program and the ACP collect only data elements that have been prescribed by the Commission to allow for the effective management of the programs and to protect program integrity. We direct USAC to pay particular attention to whether inclusion of survivor enrollments in USAC reports could reveal sensitive information about enrollees. For example, if a survivor is the only enrollee, or one of a few enrollees, in a geographic region for which there is a report, then a savvy analyst, perhaps with local knowledge, might be able to deduce the survivor's identity. In cases in which inclusion of survivor enrollments could reveal sensitive information, USAC should utilize privacy enhancing technologies or methodologies ( e.g., excluding data, masking data, or employing differential privacy) to avoid doing so. We also direct service providers to protect the privacy of both the survivor and the alleged abuser consistent with the standards we adopt above regarding covered provider obligations for handling survivor information.
183. Program Evaluation. The SCA requires the Commission to complete a program evaluation within two years of the Commission completing its rulemaking. The evaluation is meant to examine the impact and effectiveness of the support offered to survivors suffering from financial hardship and to assess the detection and reduction of risks to program integrity with respect to the support offered. To this end, the Commission directs USAC, under the oversight of the Bureau and either directly or with the support of a vendor, to complete an evaluation of the effectiveness of the support offered to survivors. This evaluation should be completed and approved by the Bureau no later than two years after this document is published in the Federal Register , and the Commission will share the completed evaluation with the appropriate congressional committees. To develop this evaluation, USAC, operating under the guidance of the Bureau and the Office of Economics and Analytics, with coordination from the Senior Agency Official for Privacy, should develop surveys that can be sent to stakeholder groups that work directly with survivors, inclusive of service providers, for program evaluation input. These surveys should be ready to be shared with relevant stakeholder groups no later than sixteen months after the adoption of this document, a time frame we believe will properly accommodate the necessary Paperwork Reduction Act and Privacy Act timelines that may accompany such outreach. By working with stakeholder groups we avoid going directly to survivors, who may have privacy and safety concerns. Information developed through the survey process can be supplemented by any data that USAC is able to develop through its general maintenance of survivor data in USAC's systems. In response to the Safe Connections NPRM, no commenter provided significant feedback regarding program evaluations.
II. Procedural Matters
184. Paperwork Reduction Act Analysis. This document may contain new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104–13. All such requirements will be submitted to OMB for review under section 3507(d) of the PRA. OMB, the general public, and other Federal agencies will be invited to comment on any new or modified information collection requirements contained in this proceeding. In addition, we note that pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107–198, see 44 U.S.C. 3506(c)(4), we previously sought specific comment on how the Commission might further reduce the information collection burden for small business concerns with fewer than 25 employees.
185. In this document, we adopt rules, pursuant to Congress's direction in the SCA, that have an impact on all covered providers, including covered providers that are small entities. We impose certain obligations regarding communications with consumers and survivors. We also establish a compliance date six months after the effective date of this document, finding that the countervailing public interest in ensuring survivors have access to line separations regardless of their provider outweighs an extended compliance deadline for small covered providers. Further, staggered compliance deadlines could cause confusion for consumers, and we believe that the SCA's operational and technical infeasibility provisions we codify in our rules will account for differences in the capabilities between large and small covered providers regarding information collection requirements. Regarding protecting the privacy of calls and texts to hotlines, we require covered providers and wireline providers of voice service, within 12 months, subject to certain conditions that may extend this time, (1) omit from consumer-facing logs of calls and text messages any records of calls or text messages to covered hotlines in the central database established by the Commission; and (2) maintain internal records of calls and text messages excluded from consumer-facing logs of calls and text messages. Covered providers and wireline providers of voice service that are small service providers are given 18 months, subject to certain conditions that may extend this time, to comply with the same obligations. We received comments requesting that smaller providers be afforded 24 months to comply with such obligations. Recognizing that the SCA contains no language regarding specific timeframes with respect to this obligation, we found Start Printed Page 84440 that granting smaller providers extra implementation time is appropriate, given that they may face more resource challenges than larger providers in complying with the new rules. We acknowledged that this 18-month period is less than the requested 24-month period, but we found that our 18-month compliance deadline for small providers properly balances the significance of the risks faced by domestic abuse survivors, and the benefits of them being able to call hotlines and seek help without fear of the abuser accessing their call records, with the implementation challenges faced by smaller providers. Third, regarding emergency communications support for survivors, we designate the Lifeline program as the program that will support emergency communications efforts for survivors with financial hardship. This will have an impact on eligible telecommunications carriers designated to provide Lifeline support, but we expect any new regulatory impacts to be minor and consistent with our existing rules. As the SCA has no definition for financial hardship we adopt a definition that is more expansive than the current Lifeline eligibility standards, and we adopt an approach for documenting that financial hardship that allows for self-certification. We also direct USAC to prepare for a program evaluation of our efforts to provide emergency communications support to survivors. This evaluation will require surveys of relevant stakeholder groups that USAC will develop under the oversight of the Bureau and the Office of Economics and Analytics.
186. Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980, as amended (RFA) requires that an agency prepare a regulatory flexibility analysis for notice and comment rulemakings, unless the agency certifies that “the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.” Accordingly, the Commission has prepared a Final Regulatory Flexibility Analysis (FRFA) concerning the potential impact of the rule and policy changes adopted in the Report and Order on small entities. The FRFA is set forth in section III of this document.
187. Congressional Review Act. The Commission will send a copy of the Report and Order to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).
III. Final Regulatory Flexibility Analysis
188. As required by the Regulatory Flexibility Act of 1980, as amended (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the Safe Connections NPRM, released in February 2023. The Commission sought written public comment on the proposals in the Safe Connections NPRM, including comment on the IRFA. No comments were filed addressing the IRFA. This present Final Regulatory Flexibility Analysis (FRFA) conforms to the RFA.
A. Need for and Objectives of the Report and Order
189. Congress enacted the Safe Connections Act of 2022 (Safe Connections Act or SCA) in November of 2022 to ensure survivors of domestic violence can separate from abusers without losing independent access to their mobile service plan. The SCA amends the Communications Act of 1934 (Communications Act) to require mobile service providers to separate the line of a survivor of domestic violence (and other related crimes and abuse), and any individuals in the care of the survivor, from a mobile service contract shared with an abuser within two business days after receiving a request from the survivor. The SCA also directs the Commission to issue rules, within 18 months of the statute's enactment, implementing the line separation requirement. Additionally, the SCA requires the Commission to designate either the Lifeline program or Affordable Connectivity Program (ACP) as the vehicle for providing survivors suffering financial hardship with emergency communications support for up to six months. Further, the legislation requires the Commission to open a rulemaking within 180 days of enactment to consider whether to, and how the Commission should, establish a central database of domestic abuse hotlines to be used by service providers and require such providers to omit, subject to certain conditions, any records of calls or text messages to the hotlines from consumer-facing call and text message logs.
190. The Report and Order implements the SCA, adopting measures we believe will aid survivors who lack meaningful support and communications options when establishing independence from an abuser. We take action to ensure that survivors of domestic violence are able to maintain critical access to reliable, safe, and affordable connectivity. Such connectivity permits survivors to contact family and friends, and seek help through services such as domestic abuse hotlines. Survivors whose devices and associated telephone numbers are part of multi-line or shared plans with abusers can face difficulties separating lines from such plans and maintaining affordable service. Survivors may be reluctant to call support services such as hotlines for fear of the call log exposing the call to an abuser. Survivors may also experience financial hardship as a result of leaving a relationship with an abuser.
191. Specifically, the Report and Order adopts rules to implement the line separation requirement in the Safe Connections Act; adopts the Commission's proposal from the Safe Connections NPRM relating to protecting the privacy of calls and text messages to domestic abuse hotlines to establish a central database of domestic abuse hotlines to be used by service providers and require such providers to omit, subject to certain conditions, any records of calls or text messages to the hotlines from consumer-facing call and text message logs; and designates the Lifeline program as the vehicle for providing survivors suffering financial hardship with emergency communications support for up to six months.
B. Summary of Significant Issues Raised by Public Comments in Response to the IRFA
192. There were no comments raised that specifically addressed the proposed rules and policies presented in the IRFA. Nonetheless, we considered the potential impact of the rules proposed in the IRFA on small entities and took steps where appropriate and feasible to reduce the compliance burden for small entities in order to reduce the economic impact of the rules enacted herein on such entities.
C. Response to Comments by the Chief Counsel for Advocacy of the Small Business Administration
193. Pursuant to the Small Business Jobs Act of 2010, which amended the RFA, the Commission is required to respond to any comments filed by the Chief Counsel for Advocacy of the Small Business Administration (SBA), and to provide a detailed statement of any change made to the proposed rules as a result of those comments. The Chief Counsel did not file any comments in response to the proposed rules in this proceeding.
D. Description and Estimate of the Number of Small Entities To Which the Rules Will Apply
194. The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that may be affected by the rules adopted herein. The RFA generally defines the term “small entity” as having the same meaning as Start Printed Page 84441 the terms “small business,” “small organization,” and “small governmental jurisdiction.” In addition, the term “small business” has the same meaning as the term “small business concern” under the Small Business Act. A “small business concern” is one which: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the SBA.
195. Small Businesses, Small Organizations, Small Governmental Jurisdictions. Our actions, over time, may affect small entities that are not easily categorized at present. We therefore describe, at the outset, three broad groups of small entities that could be directly affected herein. First, while there are industry specific size standards for small businesses that are used in the regulatory flexibility analysis, according to data from the Small Business Administration's (SBA) Office of Advocacy, in general a small business is an independent business having fewer than 500 employees. These types of small businesses represent 99.9% of all businesses in the United States, which translates to 33.2 million businesses.
196. Next, the type of small entity described as a “small organization” is generally “any not-for-profit enterprise which is independently owned and operated and is not dominant in its field.” The Internal Revenue Service (IRS) uses a revenue benchmark of $50,000 or less to delineate its annual electronic filing requirements for small exempt organizations. Nationwide, for tax year 2020, there were approximately 447,689 small exempt organizations in the U.S. reporting revenues of $50,000 or less according to the registration and tax data for exempt organizations available from the IRS.
197. Finally, the small entity described as a “small governmental jurisdiction” is defined generally as “governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.” U.S. Census Bureau data from the 2017 Census of Governments indicate there were 90,075 local governmental jurisdictions consisting of general purpose governments and special purpose governments in the United States. Of this number, there were 36,931 general purpose governments (county, municipal, and town or township) with populations of less than 50,000 and 12,040 special purpose governments—independent school districts with enrollment populations of less than 50,000. Accordingly, based on the 2017 U.S. Census of Governments data, we estimate that at least 48,971 entities fall into the category of “small governmental jurisdictions.”
198. Wired Telecommunications Carriers. The U.S. Census Bureau defines this industry as establishments primarily engaged in operating and/or providing access to transmission facilities and infrastructure that they own and/or lease for the transmission of voice, data, text, sound, and video using wired communications networks. Transmission facilities may be based on a single technology or a combination of technologies. Establishments in this industry use the wired telecommunications network facilities that they operate to provide a variety of services, such as wired telephony services, including VoIP services, wired (cable) audio and video programming distribution, and wired broadband internet services. By exception, establishments providing satellite television distribution services using facilities and infrastructure that they operate are included in this industry. Wired Telecommunications Carriers are also referred to as wireline carriers or fixed local service providers.
199. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 4,590 providers that reported they were engaged in the provision of fixed local services. Of these providers, the Commission estimates that 4,146 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.
200. Local Exchange Carriers (LECs). Neither the Commission nor the SBA has developed a size standard for small businesses specifically applicable to local exchange services. Providers of these services include both incumbent and competitive local exchange service providers. Wired Telecommunications Carriers is the closest industry with an SBA small business size standard. Wired Telecommunications Carriers are also referred to as wireline carriers or fixed local service providers. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 4,590 providers that reported they were fixed local exchange service providers. Of these providers, the Commission estimates that 4,146 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.
201. Competitive Local Exchange Carriers (LECs). Neither the Commission nor the SBA has developed a size standard for small businesses specifically applicable to local exchange services. Providers of these services include several types of competitive local exchange service providers. Wired Telecommunications Carriers is the closest industry with an SBA small business size standard. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 3,378 providers that reported they were competitive local exchange service providers. Of these providers, the Commission estimates that 3,230 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.
202. Interexchange Carriers (IXCs). Neither the Commission nor the SBA have developed a small business size standard specifically for Interexchange Carriers. Wired Telecommunications Carriers is the closest industry with an SBA small business size standard. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms that operated in this industry for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 127 providers that reported they were Start Printed Page 84442 engaged in the provision of interexchange services. Of these providers, the Commission estimates that 109 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, the Commission estimates that the majority of providers in this industry can be considered small entities.
203. Cable System Operators (Telecom Act Standard). The Communications Act of 1934, as amended, contains a size standard for a “small cable operator,” which is “a cable operator that, directly or through an affiliate, serves in the aggregate fewer than one percent of all subscribers in the United States and is not affiliated with any entity or entities whose gross annual revenues in the aggregate exceed $250,000,000.” For purposes of the Telecom Act Standard, the Commission determined that a cable system operator that serves fewer than 498,000 subscribers, either directly or through affiliates, will meet the definition of a small cable operator. Based on industry data, only six cable system operators have more than 498,000 subscribers. Accordingly, the Commission estimates that the majority of cable system operators are small under this size standard. We note, however, that the Commission neither requests nor collects information on whether cable system operators are affiliated with entities whose gross annual revenues exceed $250 million. Therefore, we are unable at this time to estimate with greater precision the number of cable system operators that would qualify as small cable operators under the definition in the Communications Act.
204. Other Toll Carriers. Neither the Commission nor the SBA has developed a definition for small businesses specifically applicable to Other Toll Carriers. This category includes toll carriers that do not fall within the categories of interexchange carriers, operator service providers, prepaid calling card providers, satellite service carriers, or toll resellers. Wired Telecommunications Carriers is the closest industry with an SBA small business size standard. The SBA small business size standard for Wired Telecommunications Carriers classifies firms having 1,500 or fewer employees as small. U.S. Census Bureau data for 2017 show that there were 3,054 firms in this industry that operated for the entire year. Of this number, 2,964 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 90 providers that reported they were engaged in the provision of other toll services. Of these providers, the Commission estimates that 87 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.
205. Wireless Telecommunications Carriers (except Satellite). This industry comprises establishments engaged in operating and maintaining switching and transmission facilities to provide communications via the airwaves. Establishments in this industry have spectrum licenses and provide services using that spectrum, such as cellular services, paging services, wireless internet access, and wireless video services. The SBA size standard for this industry classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that there were 2,893 firms in this industry that operated for the entire year. Of that number, 2,837 firms employed fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 594 providers that reported they were engaged in the provision of wireless services. Of these providers, the Commission estimates that 511 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.
206. Satellite Telecommunications. This industry comprises firms “primarily engaged in providing telecommunications services to other establishments in the telecommunications and broadcasting industries by forwarding and receiving communications signals via a system of satellites or reselling satellite telecommunications.” Satellite telecommunications service providers include satellite and earth station operators. The SBA small business size standard for this industry classifies a business with $38.5 million or less in annual receipts as small. U.S. Census Bureau data for 2017 show that 275 firms in this industry operated for the entire year. Of this number, 242 firms had revenue of less than $25 million. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 65 providers that reported they were engaged in the provision of satellite telecommunications services. Of these providers, the Commission estimates that approximately 42 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, a little more than half of these providers can be considered small entities.
207. Wireless Broadband Internet Access Service Providers (Wireless ISPs or WISPs). Providers of wireless broadband internet access service include fixed and mobile wireless providers. The Commission defines a WISP as “[a] company that provides end-users with wireless access to the internet[.]” Wireless service that terminates at an end user location or mobile device and enables the end user to receive information from and/or send information to the internet at information transfer rates exceeding 200 kilobits per second (kbps) in at least one direction is classified as a broadband connection under the Commission's rules. Neither the SBA nor the Commission have developed a size standard specifically applicable to Wireless Broadband internet Access Service Providers. The closest applicable industry with an SBA small business size standard is Wireless Telecommunications Carriers (except Satellite). The SBA size standard for this industry classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that there were 2,893 firms in this industry that operated for the entire year. Of that number, 2,837 firms employed fewer than 250 employees.
208. Additionally, according to Commission data on internet access services as of June 30, 2019, nationwide there were approximately 1,237 fixed wireless and 70 mobile wireless providers of connections over 200 kbps in at least one direction. The Commission does not collect data on the number of employees for providers of these services, therefore, at this time we are not able to estimate the number of providers that would qualify as small under the SBA's small business size standard. However, based on data in the Commission's 2022 Communications Marketplace Report on the small number of large mobile wireless nationwide and regional facilities-based providers, the dozens of small regional facilities-based providers and the number of wireless mobile virtual network providers in general, as well as on terrestrial fixed wireless broadband providers in general, we believe that the majority of wireless internet access service providers can be considered small entities.
209. Local Resellers. Neither the Commission nor the SBA have developed a small business size standard specifically for Local Resellers. Telecommunications Resellers is the Start Printed Page 84443 closest industry with an SBA small business size standard. The Telecommunications Resellers industry comprises establishments engaged in purchasing access and network capacity from owners and operators of telecommunications networks and reselling wired and wireless telecommunications services (except satellite) to businesses and households. Establishments in this industry resell telecommunications; they do not operate transmission facilities and infrastructure. Mobile virtual network operators (MVNOs) are included in this industry. The SBA small business size standard for Telecommunications Resellers classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that 1,386 firms in this industry provided resale services for the entire year. Of that number, 1,375 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 207 providers that reported they were engaged in the provision of local resale services. Of these providers, the Commission estimates that 202 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.
210. Toll Resellers. Neither the Commission nor the SBA have developed a small business size standard specifically for Toll Resellers. Telecommunications Resellers is the closest industry with an SBA small business size standard. The Telecommunications Resellers industry comprises establishments engaged in purchasing access and network capacity from owners and operators of telecommunications networks and reselling wired and wireless telecommunications services (except satellite) to businesses and households. Establishments in this industry resell telecommunications; they do not operate transmission facilities and infrastructure. Mobile virtual network operators (MVNOs) are included in this industry. The SBA small business size standard for Telecommunications Resellers classifies a business as small if it has 1,500 or fewer employees. U.S. Census Bureau data for 2017 show that 1,386 firms in this industry provided resale services for the entire year. Of that number, 1,375 firms operated with fewer than 250 employees. Additionally, based on Commission data in the 2022 Universal Service Monitoring Report, as of December 31, 2021, there were 457 providers that reported they were engaged in the provision of toll services. Of these providers, the Commission estimates that 438 providers have 1,500 or fewer employees. Consequently, using the SBA's small business size standard, most of these providers can be considered small entities.
211. All Other Telecommunications. This industry is comprised of establishments primarily engaged in providing specialized telecommunications services, such as satellite tracking, communications telemetry, and radar station operation. This industry also includes establishments primarily engaged in providing satellite terminal stations and associated facilities connected with one or more terrestrial systems and capable of transmitting telecommunications to, and receiving telecommunications from, satellite systems. Providers of internet services ( e.g., dial-up ISPs) or Voice over internet Protocol (VoIP) services, via client-supplied telecommunications connections are also included in this industry. The SBA small business size standard for this industry classifies firms with annual receipts of $35 million or less as small. U.S. Census Bureau data for 2017 show that there were 1,079 firms in this industry that operated for the entire year. Of those firms, 1,039 had revenue of less than $25 million. Based on this data, the Commission estimates that the majority of “All Other Telecommunications” firms can be considered small.
E. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements for Small Entities
212. In the Report and Order, the rules we adopt regarding the separation of lines from shared mobile service contracts require all small and other covered providers to take several actions with regard to reporting, recordkeeping, and other compliance matters.
213. Specifically, within two business days of receiving a completed line separation request from a survivor, a covered provider must separate the line(s) of a survivor (and any line(s) of an individual in the care of a survivor) or the line(s) of an abuser from a shared mobile service contract under which a survivor and abuser each use a line. To facilitate such line separations, a covered provider must establish more than one secure remote means through which a survivor may submit all information required to effectuate a line separation request and such means must be accessible by survivors with disabilities. A covered provider must treat any information submitted by a survivor in connection with a line separation request as confidential, which means the covered provider must securely dispose of such information within 90 days, subject to certain exceptions; implement policies and procedures governing the treatment and disposal of such information; train employees on such procedures; and restrict access to databases storing such information. Furthermore, at the time a survivor submits a line separation request, a covered provider must allow the survivor to indicate service choices, including from among any commercially available plans offered by the covered provider. Our rules also require that, as part of the line separation request mechanism, a covered provider inform a survivor of the availability of funding from the Lifeline program, and about the rules pertaining to participation in Lifeline.
214. After receiving a line separation request from a survivor, a covered provider must notify the survivor that the covered provider may contact the survivor or the survivor's designated representative to confirm the line separation or to inform them of the covered provider's inability to complete the line separation. When communicating with a survivor or a survivor's designated representative, a covered provider must allow the survivor or the designated representative to select the manner of communication. Furthermore, a covered provider must provide documentation confirming receipt of the survivor's legitimate line separation request that clearly identifies the survivor by name. A covered provider must attempt to authenticate that a survivor submitting a line separation request is in fact a user of the specific line identified by the survivor. A covered provider must also lock the account subject to a line separation to prevent all SIM changes, number ports, and line cancellations and effectuate a line separation for the completed request, subject to operational or technical infeasibility. If a line separation is operationally or technically infeasible, a covered provider must inform the survivor of the nature of the infeasibility and provide information about alternative options, such as establishing a new account for the survivor. A covered provider must notify the survivor of the date it will notify the primary account holder of the completed line separation if the survivor who submitted a complete line separation request is not also the primary account holder. In the event a survivor elects to separate an abuser's line, a covered provider must also Start Printed Page 84444 provide notice to the survivor of when it will notify the abuser of the separation. Additionally, if the covered provider rejects a line separation request for any reason other than operational or technical infeasibility, the covered provider must notify the survivor within two business days through the manner of communication selected by the survivor of the rejection. This notification must also explain the basis for rejection, describe how the survivor can correct any issues with the existing request or submit a new one, and, if applicable, provide the survivor with information about alternative options, including starting a new account.
215. The new rules also require a covered provider to effectuate a line separation request regardless of whether an account lock is activated on the account. To balance the need to protect survivors with the need to protect against fraud, our rules also require that covered providers make a record of any customer other than the survivor who requests that the covered provider stop or reverse a line separation because of fraud.
216. In addition to the procedural requirements mentioned above, we require that covered providers train employees who will interact with survivors on the sensitivities surrounding such interactions. We also require that covered providers notify consumers of the availability of line separations from shared mobile service contracts on its website, in physical stores, and in other forms of public-facing consumer communication. Our rules detail the specific information that must be included by covered providers and we require that this notice be in any language in which the covered provider currently advertises.
217. Our rules also implement the SCA's statutory requirements that covered providers take certain actions with regard to financial responsibilities and account billing following completed line separations. Specifically, unless otherwise ordered by a court, when survivors separate their lines and the lines of individuals in their care from a shared mobile service contract, a covered provider must ensure that the financial responsibilities, including monthly service costs, for the transferred numbers are assumed by the survivor beginning on the date on which the covered provider transfers the billing responsibilities for and use of the transferred numbers to those survivors. We also require covered providers to ensure that any previously accrued arrears on an account following a line separation stay with the person who was the primary account holder prior to the line separation.
218. The rules we adopt relating to protecting the privacy of calls and text messages to domestic abuse hotlines require all covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service to omit from consumer-facing logs of calls and text messages any records of calls or text messages to covered hotlines in the central database that we establish. These service providers must maintain internal records of these omitted calls and text messages. In addition, these providers are responsible for downloading the initial database file and subsequent updates to the database file from the central database that we establish. Updates must be downloaded and implemented by covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service no later than 15 days after such updates are made available for download. In the Report and Order, we exempt from its rules pertaining to protecting the privacy of calls and text messages to domestic abuse hotlines service providers that do not create their own call logs but, instead, rely on their underlying facilities-based provider to create such call logs and clarifying that wholesale service providers incur such an obligation.
219. We delegate many of the details regarding establishing the central database of hotlines to the Wireline Competition Bureau (Bureau), but direct the Bureau not to fund creation and maintenance of the database through an assessment on service providers. The rules adopted in the Report and Order service providers serving the vast majority of Americans to comply with the rules 12 months after publication of the Report and Order in the Federal Register . Small service providers, defined as covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service that have 100,000 or fewer voice service subscriber lines (counting the total of all business and residential fixed subscriber lines and mobile phones and aggregated over all of the provider's affiliates), are provided additional time an additional six months to comply (18 months). We provide two important caveats to aid the ability of service providers to comply with these deadlines. First, the deadline for compliance will be no earlier than eight months after the Bureau has published the database download file specification (14 months for small service providers), which should be the final detail necessary for service providers to complete design of their systems. Second, the deadline will be no earlier than two months after the Bureau announces that the database administrator has made the initial database download file available for testing (eight months for small service providers). To the extent that the date of either announcement causes the deadline to be later than 12 months after Federal Register publication (18 months for small service providers), the Bureau should announce the new deadline for implementation based on the date of the announcement.
220. The Report and Order directs the Universal Service Administrative Company (USAC) to ensure that survivors experiencing financial hardship will be able to apply for and enroll in the Lifeline program. The Report and Order also directs USAC to implement processes to transition survivors from emergency communications support at the end of the six-month emergency support period mandated by the SCA. The actions taken in the Report and Order do not place any significant new requirements on service providers that are also eligible telecommunications carriers (ETC) participating in the Lifeline program, regardless of whether ETCs are large or small businesses. The Lifeline rules already applicable to ETCs remain largely the same. We therefore expect the actions we have taken in the Report and Order achieve the goals of the SCA without placing additional costs and burdens on covered providers; however, there is not sufficient information on the record to quantify the cost of compliance for small entities, or to determine whether it will be necessary for small entities to hire professionals to comply with the adopted requirements.
F. Steps Taken To Minimize the Significant Economic Impact on Small Entities, and Significant Alternatives Considered
221. The RFA requires an agency to provide, “a description of the steps the agency has taken to minimize the significant economic impact on small entities . . . including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each one of the other significant alternatives to the rule considered by the agency which affect the impact on small entities was rejected.”
222. With regard to line separations, the Safe Connections Act directs the Start Printed Page 84445 Commission to consider implementation timelines for small covered providers, and after examining the record, we declined to adopt a different implementation timeframe for small providers. First, while the record indicated that small covered providers may need additional time to comply with the Safe Connections Act and our rules as a whole, commenters failed to provide sufficient justification for why small covered providers would require additional time to implement the line separation provisions specifically. Second, given the critical and potentially lifesaving importance of independent communications for survivors escaping abusive circumstances, we think it self-evident that survivors who receive service from small covered providers are no less entitled to the protections made available by the Safe Connections Act than survivors who receive service from other covered providers. Third, we found that adopting inconsistent timelines for small and large providers may make it difficult for stakeholders to carry out effective messaging campaigns touting the availability of line separations. This inconsistency may confuse survivors and ultimately dissuade them from further pursuing a line separation if they are told that their current carrier does not offer the ability despite having been informed of the Safe Connections Act's features by a stakeholder messaging campaign. Fourth, we believe that Congress included the technical and operational infeasibility provisions to account for differences in the capabilities of providers (among other reasons), particularly between large and small providers, and to incentivize and protect providers while they work to update or develop systems and processes capable of fully effectuating the SCA's requirements and our rules within the statutory timeframe. For these reasons, we declined to extend the implementation timeline for small entities.
223. With regard to our rules pertaining to protecting the privacy of calls and texts to hotlines, we received comments noting that smaller service providers work with limited staff and other resources, requiring it taking longer to implement changes in their systems, specifically requesting 24 months to comply with any obligations that the Commission might establish. As part of the directive under the Safe Connections Act to consider factors reflecting implementation of such requirements on smaller providers, we adopted a deadline of 18 months from the date of publication of the Report and Order in the Federal Register to comply with our new rules. We found that granting smaller providers extra implementation time is appropriate, given that they may face more resource challenges than larger providers (which are given 12 months) in complying with the new rules. We found that our 18-month compliance deadline for small providers properly balances the significance of the risks faced by domestic abuse survivors, and the benefits of them being able to call hotlines and seek help without fear of the abuser accessing their call records, with the implementation challenges faced by smaller providers. We also adjusted the guaranteed periods between the two important database creation milestones and the compliance deadline for smaller service providers to compensate for the additional six months that such providers are granted to comply. Our decision to exempt from the requirements service providers that do not create their own call logs but, instead, rely on their underlying facilities-based provider to create such call logs should be of significant benefit to smaller service providers that rely on resale rather than constructing capital-intensive networks to provide service.
224. We delegated many of the details regarding establishing the central database of hotlines to the Wireline Competition Bureau (Bureau), but direct the Bureau not to fund the creation and maintenance of the database through an assessment on service providers. In designating the Lifeline program to provide emergency communications support to survivors experiencing financial hardship, the Report and Order largely places requirements on USAC, as the Lifeline program administrator, to implement the mandated requirements. Service providers that are also ETCs are still required to ensure their compliance with all Lifeline rules, but this is not a new requirement. There are limited new requirements for ETCs, large and small, but these requirements align with existing requirements for participation in the Lifeline program and merely clarify that such requirements will also apply to survivors that might enter the Lifeline program. This approach allowed the Commission to minimize any significant impact on all participating entities.
G. Report to Congress
225. The Commission will send a copy of the Report and Order, including the FRFA, in a report to Congress pursuant to the Congressional Review Act. In addition, the Commission will send a copy of the Report and Order, including the FRFA, to the Chief Counsel for Advocacy of the SBA. A copy of the Report and Order and FRFA (or summaries thereof) will also be published in the Federal Register .
IV. Ordering Clauses
226. Accordingly, it is ordered that, pursuant to the authority contained in sections 1, 4(i), 4(j), 201, 251, 254, 301, 303, 316, 332, 345, and 403 of the Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 154(j), 201, 251, 254, 301, 303, 316, 332, 345, and 403, section 5(b) of the Safe Connections Act of 2022, Public Law 117–223, 136 Stat. 2280, and section 904 of Division N, Title IX of the Consolidated Appropriations Act, 2021, Public Law 116–260, 134 Stat. 1182, as amended by the Infrastructure Investment and Jobs Act, Public Law 117–58, 135 Stat. 429, the Report and Order in WC Docket Nos. 22–238, 11–42, and 21–450 is adopted and that parts 54 and 64 of the Commission's Rules, 47 CFR parts 54, 64, are amended as set forth in the amendments at the end of this document.
227. It is further ordered that the Report and Order shall be effective January 14, 2024. Compliance with the rule changes adopted in the Report and Order, except for § 64.6408, shall not be required until the later of: (i) six months after the effective date of the Report and Order; or (ii) after the Office of Management and Budget (OMB) completes review of any information collection requirements associated with the Report and Order that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act. The Commission directs the Wireline Competition Bureau to announce the compliance date for these rule changes by subsequent Public Notice and to cause part 54, §§ 54.403, 54.405, 54.409, 54.410, 54.424, and 54.1800, and part 64, § 64.2010 and subpart II, to be revised accordingly. Compliance with § 64.6408 shall be required as described in paragraphs 138–145 of the Report and Order. The Wireline Competition Bureau is delegated authority to extend the dates upon which compliance with the provisions of § 64.6408 shall be required, consistent with paragraphs 138–145 of the Report and Order, and to revise § 64.6408 accordingly.
228. It is further ordered that the Commission's Office of the Secretary, Reference Information Center, shall send a copy of the Report and Order, including the Final Regulatory Flexibility Analysis and Initial Regulatory Flexibility Analysis, to the Start Printed Page 84446 Chief Counsel for Advocacy of the Small Business Administration.
229. It is further ordered that the Office of the Managing Director, Performance Evaluation and Records Management, shall send a copy of the Report and Order in a report to be sent to Congress and the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. 801(a)(1)(A).
Start List of SubjectsList of Subjects in 47 CFR Parts 54 and 64
- Communications
- Communications common carriers
- Privacy
- Telecommunications
- Reporting and recordkeeping requirements
Federal Communications Commission.
Marlene Dortch,
Secretary.
Final Rules
For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR parts 54 and 64 as follows:
Start PartPART 54—UNIVERSAL SERVICE
End Part Start Amendment Part1. The authority citation for part 54 continues to read as follows:
End Amendment Part Start Amendment Part2. Amend § 54.400 by adding paragraphs (q) through (s) to read as follows:
End Amendment PartTerms and definitions.* * * * *(q) Survivor. “Survivor” has the meaning given such term at 47 CFR 64.6400(m).
(r) Emergency communications support. “Emergency communications support” means support received through the Lifeline program by qualifying survivors pursuant to the Safe Connections Act of 2022, Public Law 117–223.
(s) Financial hardship. A survivor is suffering from “financial hardship” when the survivor's household satisfies the requirements detailed at § 54.409(a)(1) or (2) or is a household in which—
(1) The household's income as defined in paragraph (f) of this section is at or below 200% of the Federal Poverty Guidelines for a household of that size;
(2) At least one member of the household has applied for and been approved to receive benefits under the free and reduced price lunch program under the Richard B. Russell National School Lunch Act (42 U.S.C. 1751 et seq.) or the school breakfast program under section 4 of the Child Nutrition Act of 1966 (42 U.S.C. 1773), or at least one member of the household is enrolled in a school or school district that participates in the Community Eligibility Provision (42 U.S.C. 1759a);
(3) At least one member of the household has received a Federal Pell Grant under section 401 of the Higher Education Act of 1965 (20 U.S.C. 1070a) in the current award year, if such award is verifiable through the National Verifier or National Lifeline Accountability Database or the participating provider verifies eligibility under § 54.1806(a)(2); and
(4) At least one member of the household receives assistance through the special supplemental nutritional program for women, infants and children established by section 17 of the Child Nutrition Act of 1996 (42 U.S.C. 1786).
3. Amend § 54.403 by adding paragraphs (a)(4) and (5) to read as follows:
End Amendment PartLifeline support amount.(a) * * *
(4) Emergency communications support amount. Emergency communications support in the amount of up to $9.25 per month will be made available to eligible telecommunications carriers providing service to qualifying survivors. An eligible telecommunications carrier must certify to the Administrator that it will pass through the full amount of support to the qualifying survivor and that it has received any non-Federal regulatory approvals necessary to implement the rate reduction.
(i) The base reimbursement in this paragraph (a)(4) can be applied to survivors receiving service that meets either the minimum service standard for voice service or broadband internet access service, as determined in accordance with § 54.408.
(ii) Additional Federal Lifeline support of up to $25 per month will be made available to an eligible telecommunications carrier providing emergency communications support to an eligible survivor resident of Tribal lands, as defined in § 54.400(e), to the extent that the eligible telecommunications carrier certifies to the Administrator that it will pass through the full Tribal lands support amount to the qualifying eligible resident of Tribal lands and that it has received any non-Federal regulatory approvals necessary to implement the required rate reduction.
(5) Compliance date. Compliance with paragraph (a)(4) of this section will not be required until this paragraph (a)(5) is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after the Office of Management and Budget (OMB) completes review of any information collection requirements in paragraph (a)(4) that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for paragraph (a)(4) by subsequent Public Notice and notification in the Federal Register and to cause this section to be revised accordingly.
* * * * *4. Amend § 54.405 by adding paragraphs (e)(6) and (7) to read as follows:
End Amendment PartCarrier obligation to offer Lifeline.* * * * *(e) * * *
(6) De-enrollment from emergency communications support. Notwithstanding paragraph (e)(1) of this section, upon determination by the Administrator that a subscriber receiving emergency communications support has exhausted the subscriber's six months of support and has not qualified to participate in the Lifeline program as defined by § 54.409, the Administrator must de-enroll the subscriber from participation in the Lifeline program within five business days. An eligible telecommunications carrier shall not be eligible for Lifeline reimbursement for any de-enrolled subscriber following the date of that subscriber's de-enrollment.
(7) Compliance date. Compliance with paragraph (e)(6) of this section will not be required until this paragraph (e)(7) is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after OMB completes review of any information collection requirements in this subpart, §§ 54.403(a)(4), 54.410(d)(2)(ii), 54.410(i), and 54.424, that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for the requirements of paragraph (e)(6) by subsequent Public Notice and notification in the Federal Register and Start Printed Page 84447 to cause this section to be revised accordingly.
5. Amend § 54.409 by adding paragraphs (a)(3) and (4) to read as follows:
End Amendment PartConsumer qualification for Lifeline.(a) * * *
(3) Consumers that are survivors can qualify to receive emergency communications support from the Lifeline program without regard to whether the survivor meets the otherwise applicable eligibility requirements of the Lifeline program in this part, if:
(i) The survivor suffers from financial hardship as defined by § 54.400(s); and
(ii) The survivor requested a line separation as required under 47 U.S.C. 345(c)(1) of the Communications Act of 1934.
(4) Compliance with paragraph (a)(3) of this section will not be required until this paragraph (a)(4) is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after OMB completes review of any information collection requirements in this subpart, §§ 54.403(a)(4), 54.410(d)(2)(ii), 54.410(i), and 54.424, that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for the requirements of paragraph (a)(3) by subsequent Public Notice and notification in the Federal Register and to cause this section to be revised accordingly.
* * * * *6. Amend § 54.410 by revising paragraph (d)(2)(ii) and adding paragraphs (i) and (j) to read as follows:
End Amendment PartSubscriber eligibility determination and certification.* * * * *(d) * * *
(2) * * *
(ii) The subscriber's full residential address, or, for a subscriber seeking to receive emergency communications support from the Lifeline program, a prior billing or residential address from within the past six months;
* * * * *(i) Survivors of domestic violence. All survivors seeking to receive emergency communications support from the Lifeline program must have their eligibility to participate in the program confirmed through the National Verifier. The National Verifier will also transition survivors approaching the end of their six-month emergency support period in a manner consistent with the requirements applied to eligible telecommunications carriers at paragraph (f) of this section, and the National Verifier will de-enroll survivors whose continued eligibility to participate in the Lifeline program cannot be confirmed, consistent with § 54.405(e)(6).
(j) Compliance date. Compliance with paragraph (d)(2)(ii) and paragraph (i) will not be required until this paragraph (j) is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after OMB completes review of any information collection requirements in paragraph (d)(2)(ii) and paragraph (i) that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for paragraph (d)(2)(ii) and paragraph (i) by subsequent Public Notice and notification in the Federal Register and to cause this section to be revised accordingly.
7. Add § 54.424 to read as follows:
End Amendment PartEmergency communications support for survivors.(a) Confirmation of subscriber eligibility. All eligible telecommunications carriers must implement policies and procedures for ensuring that subscribers receiving emergency communications support from the Lifeline program are eligible to receive such support. An eligible telecommunications carrier must not seek reimbursement for providing Lifeline service to a subscriber, based on that subscriber's eligibility to receive emergency communications support, unless the carrier has received from the National Verifier:
(1) Notice that the prospective subscriber meets the eligibility criteria set forth in § 54.409(a)(3).
(2) A copy of the subscriber's certification that complies with the requirements set forth in § 54.410(d).
(3) An eligible telecommunications carrier must securely retain all information and documentation provided by the National Verifier or received from the survivor to document their line separation request as required by § 54.417.
(b) Emergency communications support duration. Qualified survivors shall be eligible to receive emergency communications support for a total of no more than six months. The Administrator will inform eligible telecommunications carriers when participating survivors have reached their limit of allowable emergency communications support. A survivor may seek and receive further emergency communications support if that request is related to a new line separation request and a showing of financial hardship completed by the survivor and confirmed by the National Verifier.
(c) Compliance date. Compliance with paragraphs (a) and (b) of this section will not be required until this paragraph (c) is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after OMB completes review of any information collection requirements in paragraphs (a) and (b) that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for paragraphs (a) and (b) by subsequent Public Notice and notification in the Federal Register and to cause this section to be revised accordingly.
8. Amend § 54.1800 by revising paragraph (j)(1) and adding paragraph (j)(7) to read as follows:
End Amendment PartDefinitions.* * * * *(j) * * *
(1) At least one member of the household meets the qualifications in § 54.409(a)(2) or (3) or (b);
* * * * *(7) Compliance with paragraph (j)(1) of this section will not be required until this paragraph (j)(7) is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after OMB completes review of any information collection requirements in subpart E of this part, §§ 54.403(a)(4), 54.410(d)(2)(ii), 54.410(i), and 54.424, that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for the requirements of paragraph (j)(1) by subsequent Public Notice and notification in the Federal Register and to cause this section to be revised accordingly.
* * * * *PART 64—MISCELLANEOUS RULES RELATING TO COMMON CARRIERS
End Part Start Amendment Part9. The authority citation for part 64 is revised to read as follows:
End Amendment Part Start Amendment Part10. Amend § 64.2010 by revising paragraph (f) and adding paragraph (h) to read as follows:
End Amendment PartSafeguards on the disclosure of customer proprietary network information.* * * * *(f) Notification of account changes. (1) Telecommunications carriers must notify customers immediately whenever a password, customer response to a back-up means of authentication for lost or forgotten password, online account, or address of record is created or changed. This notification is not required when the customer initiates service, including the selection of a password at service initiation. This notification may be through a carrier-originated voicemail or text message to the telephone number of record, or by mail to the address of record, and must not reveal the changed information or be sent to the new account information.
(2) Paragraph (f)(1) of this section does not apply to a change made in connection with a line separation request under 47 U.S.C. 345 and subpart II of this part.
* * * * *(h) Compliance date. Compliance with the provision in paragraph (f) of this section applicable to line separation requests under 47 U.S.C. 345 and subpart II of this part will not be required until this paragraph (h) is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after OMB completes review of any information collection requirements in subpart II of this part that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for the requirements of paragraph (f) by subsequent Public Notice and notification in the Federal Register and to cause this section to be revised accordingly.
11. Add subpart II, consisting of §§ 64.6400 through 64.6409, to read as follows:
End Amendment PartSubpart II—Communications Service Protections for Victims of Domestic Violence, Human Trafficking, and Related Crimes
- 64.6400
- Definitions.
- 64.6401
- Line separation request submission requirements.
- 64.6402
- Processing of separation of lines from a shared mobile service contract.
- 64.6403
- Establishment of mechanisms for submission of line separation requests.
- 64.6404
- Prohibitions and limitations for line separation requests.
- 64.6405
- Financial responsibility following line separations.
- 64.6406
- Notice of line separation availability to consumers.
- 64.6407
- Employee training.
- 64.6408
- Protection of the privacy of calls and text messages to covered hotlines.
- 64.6409
- Compliance date.
Definitions.For purposes of this subpart:
(a) Abuser. Abuser means an individual who has committed or allegedly committed a covered act, as defined in 47 U.S.C. 345 and this subpart, against:
(1) An individual who seeks relief under 47 U.S.C. 345 and this subpart; or
(2) An individual in the care of an individual who seeks relief under 47 U.S.C. 345 and this subpart.
(b) Business day. Business day means the traditional work week of Monday through Friday, 8 a.m. to 5 p.m., excluding the covered provider's company-defined holidays.
(c) Call. Call means a voice service transmission, regardless of whether such transmission is completed.
(d) Consumer-facing logs of calls and text messages. Consumer-facing logs of calls and text messages means any means by which a covered provider, wireline provider of voice service, fixed wireless provider of voice service, or fixed satellite provider of voice service presents to a consumer a listing of telephone numbers to which calls or text messages were directed, regardless of, for example, the medium used (such as by paper, online listing, or electronic file), whether the call was completed or the text message was delivered, whether part of a bill or otherwise, and whether requested by the consumer or otherwise provided. The term includes oral and written disclosures by covered providers, wireline provider of voice service, fixed wireless provider of voice service, and fixed satellite provider wireline providers of voice service of individual call and text message records.
(e) Covered act. Covered act means conduct that constitutes:
(1) A crime described in section 40002(a) of the Violence Against Women Act of 1994 (34 U.S.C. 12291(a)), including, but not limited to, domestic violence, dating violence, sexual assault, stalking, and sex trafficking;
(2) An act or practice described in paragraph (11) or (12) of section 103 of the Trafficking Victims Protection Act of 2000 (22 U.S.C. 7102) (relating to severe forms of trafficking in persons and sex trafficking, respectively); or
(3) An act under State law, Tribal law, or the Uniform Code of Military Justice that is similar to an offense described in paragraph (e)(1) or (2) of this section.
(4) A criminal conviction or any other determination of a court shall not be required for conduct described in this paragraph (e) to constitute a covered act.
(f) Covered hotline. Covered hotline means a hotline related to domestic violence, dating violence, sexual assault, stalking, sex trafficking, severe forms of trafficking in persons, or any other similar act. Such term includes any telephone number on which more than a de minimis amount of counseling and/or information is provided on domestic violence, dating violence, sexual assault, stalking, sex trafficking, severe forms of trafficking in persons, or any other similar acts.
(g) Covered provider. Covered provider means a provider of a private mobile service or commercial mobile service, as those terms are defined in 47 U.S.C. 332(d).
(h) Fixed wireless provider of voice service. Fixed wireless provider of voice service means a provider of voice service to customers at fixed locations that connects such customers to its network primarily by terrestrial wireless transmission.
(i) Fixed satellite provider of voice service. Fixed satellite provider of voice service means a provider of voice service to customers at fixed locations that connects such customers to its network primarily by satellite transmission.
(j) Primary account holder. Primary account holder means an individual who is a party to a mobile service contract with a covered provider.
(k) Shared mobile service contract. Shared mobile service contract means a mobile service contract for an account that includes not less than two lines of service, and does not include enterprise services offered by a covered provider. For purposes of this subpart, a “line of service” shall mean one that is associated with a telephone number, and includes all of the services Start Printed Page 84449 associated with that line under the shared mobile service contract, regardless of classification, including voice, text, and data services.
(l) Small service provider. Small service provider means a covered provider, wireline provider of voice service, fixed wireless provider of voice service, or fixed satellite provider of voice service that has 100,000 or fewer voice service subscriber lines (counting the total of all business and residential fixed subscriber lines and mobile phones and aggregated over all of the provider's affiliates).
(m) Survivor. Survivor means an individual who is not less than 18 years old and:
(1) Against whom a covered act has been committed or allegedly committed; or
(2) Who cares for another individual against whom a covered act has been committed or allegedly committed (provided that the individual providing care did not commit or allegedly commit the covered act). For purposes of this subpart, an individual who “cares for” another individual, or individual “in the care of” another individual, shall encompass:
(i) Any individuals who are part of the same household, as defined in § 54.400 of this chapter;
(ii) Parents, guardians, and minor children even if the parents and children live at different addresses;
(iii) Those who care for, or are in the care of, another individual by valid court order or power of attorney; and
(iv) An individual who is the parent, guardian, or caretaker of a person over the age of 18 upon whom an individual is financially or physically dependent (and those persons financially or physically dependent on the parent, guardian or caretaker).
(n) Text message. Text message has the meaning given such term in section 227(e)(8) of the Communications Act of 1934, as amended (47 U.S.C. 227(e)(8)).
(o) Voice service. Voice service has the meaning given such term in section 4(a) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (47 U.S.C. 227b(a)).
(p) Wireline provider of voice service. Wireline provider of voice service means a provider of voice service that connects customers to its network primarily by wire.
Line separation request submission requirements.(a) A survivor seeking to separate a line from a shared mobile service contract pursuant to 47 U.S.C. 345 and this subpart, or a designated representative of such survivor, shall submit to the covered provider a line separation request that:
(1) Requests relief under 47 U.S.C. 345 and this subpart;
(2) Identifies each line that should be separated, using the phone number associated with the line;
(3) Identifies which line(s) belong to the survivor and states that the survivor is the user of those lines;
(4) In the case of a survivor seeking separation of the line(s) of any individual in the care of a survivor, includes a signed and dated affidavit that states that the individual is in the care of the survivor and is the user of the specific line(s) to be separated;
(5) In the case of a survivor seeking separation of the abuser's line(s), states that the abuser is the user of that specific line;
(6) Includes the name of the survivor and the name of the abuser that is known to the survivor;
(7) Provides survivor's preferred contact information for communications regarding the line separation request;
(8) In the case of a designated representative assisting with or submitting the line separation request on behalf of a survivor, provides the name of that designated representative and the designated representative's relationship to the survivor, and states that the designated representative assisted the survivor;
(9) Includes evidence that verifies that an individual who uses a line under the shared mobile contract has committed or allegedly committed a covered act against the survivor or an individual in the survivor's care. Such evidence shall be either:
(i) A copy of a signed affidavit from a licensed medical or mental health care provider, licensed military medical or mental health care provider, licensed social worker, victim services provider, or licensed military victim services provider, or an employee of a court, acting within the scope of that person's employment; or
(ii) A copy of a police report, statements provided by police, including military or Tribal police, to magistrates or judges, charging documents, protective or restraining orders, military protective orders, or any other official record that documents the covered act.
(b) A covered provider may attempt to assess the authenticity of the evidence of survivor status submitted pursuant to paragraph (a)(9) of this section, and may deny a line separation request if the covered provider forms a reasonable belief of fraud from such an assessment, but in any case shall not directly contact entities that created any such evidence to confirm its authenticity.
(c) A covered provider shall not assess the veracity of the evidence of survivor status submitted pursuant to paragraph (a)(9) of this section.
(d) Notwithstanding 47 U.S.C. 222(c)(2), and except as provided in paragraphs (d)(1) through (3) of this section, a covered provider; any officer, director, or employee of a covered provider; and any vendor, agent, or contractor of a covered provider that receives or processes line separation requests with the survivor's consent or as needed to effectuate the request, shall treat the fact of the line separation request and any information or documents a survivor submits under this subpart, including any customer proprietary network information, as confidential and securely dispose of the information not later than 90 days after receiving the information, except as provided in paragraphs (d)(2) and (3) of this section.
(1) A covered provider may only disclose or permit access to information a survivor submits under this subpart pursuant to a valid court order; to the individual survivor submitting the line separation request; to anyone that the survivor specifically designates; to those third parties necessary to effectuate the request ( i.e., vendors, contractors, and agents); or, to the extent necessary, to the Commission or the Universal Service Administrative Company for processing of emergency communications support through the Lifeline program for qualifying survivors, as provided in § 54.424 of this chapter.
(2) A covered provider may retain any confidential record related to the line separation request for longer than 90 days upon receipt of a legitimate law enforcement request.
(3) A covered provider may maintain a record that verifies that a survivor fulfilled the conditions of a line separation request under this subpart for longer than 90 days after receiving the information as long as the covered provider also treats such records as confidential and securely disposes of them. This record shall not contain the documentation of survivor status described in paragraph (a)(9) of this section or other original records a survivor submits with a request under this subpart.
(4) A covered provider shall implement data security measures commensurate with the sensitivity of the information submitted with line separation requests, including policies and procedures governing confidential treatment and secure disposal of the Start Printed Page 84450 information a survivor submits under this subpart, train employees on those policies and procedures, and restrict access to databases storing such information to only those employees who need access to that information.
(5) A covered provider shall not use, process, or disclose the fact of a line separation request or any information or documentation provided with such a request to market any products or services.
(e) Nothing in this section shall affect any law or regulation of a State providing communications protections for survivors (or any similar category of individuals) that has less stringent requirements for providing evidence of a covered act (or any similar category of conduct) than this section.
Processing of separation of lines from a shared mobile service contract.(a) Subject to the requirements of this section, as soon as feasible, but not later than close of business two businesses days after receiving a completed line separation request from a survivor submitted pursuant to § 64.6401, a covered provider shall, consistent with the survivor's request:
(1) Separate the line(s) of the survivor, and the line(s) of any individual in the care of the survivor, from the shared mobile service contract; or
(2) Separate the line(s) of the abuser from the shared mobile service contract.
(b) A covered provider shall attempt to authenticate, using multiple authentication methods if necessary, that a survivor requesting a line separation is a user of the specific line(s).
(1) If the survivor is the primary account holder or a user designated to have account authority by the primary account holder, a covered provider shall attempt to authenticate the identity of the survivor in accordance with the covered provider's authentication measures for primary account holders or designated users.
(2) If the survivor is not the primary account holder or a designated user, the covered provider shall attempt to authenticate the identity of the survivor using methods that are reasonably designed to confirm the survivor is actually a user of the specified line(s) on the account.
(c) At the time a survivor submits a line separation request, a covered provider shall:
(1) Inform the survivor, through remote means established in § 64.6403, that the provider may contact the survivor (or the survivor's designated representative) to confirm the line separation or inform the survivor if the provider is unable to complete the line separation;
(2) Inform the survivor of the existence of the Lifeline program as a source of support for emergency communications for qualifying survivors, as provided in § 54.424 of this chapter, including a description of who might qualify for the Lifeline program, how to participate, and information about the Affordable Connectivity Program, or other successor program, for which the survivor may be eligible due to their survivor status;
(3) If the line separation request was submitted through remote means, allow the survivor to elect the manner in which the covered provider may contact the survivor (or designated representative of the survivor) in response to the request, if necessary, which must include at least one means of communications that does not require a survivor to interact in person with an employee of the covered provider at a physical location;
(4) If the line separation request was submitted through remote means, allow a survivor to select a preferred language for future communications from among those in which the covered provider advertises, and deliver any such future communications in the language selected by the survivor; and
(5) Allow a survivor submitting a line separation request to indicate the service plan the survivor chooses from among all commercially available plans the covered provider offers for which the survivor may be eligible, including any prepaid plans; whether the survivor intends to retain possession of any device associated with a separated line; and whether the survivor intends to apply for emergency communications support through the Lifeline program, as provided in § 54.424 of this chapter, if available through the covered provider.
(d) If a covered provider cannot operationally or technically effectuate a line separation request after taking reasonable steps to do so, the covered provider shall, at the time of the request (or for a request made using remote means, not later than two business days after receiving the request) notify the survivor (or designated representative of the survivor) of that infeasibility. The covered provider shall explain the nature of the operational or technical limitations that prevent the provider from completing the line separation as requested and provide the survivor with information about available alternative options to obtain a line separation and alternatives to submitting a line separation request, including starting a new account for the survivor. The covered provider shall deliver any such notification through the manner of communication and in the language selected by the survivor at the time of the request.
(e) If a covered provider rejects a line separation request for any reason other than operational or technical infeasibility, the covered provider shall, not later than two business days after receiving the request, notify the survivor (or designated representative of the survivor), through the manner of communication and the language selected by the survivor at the time of the request, of the rejection. The covered provider shall explain the basis for the rejection, describe how the survivor can either correct any issues with the existing line separation request or submit a new line separation request, and, if applicable, provide the survivor with information about available alternative options to obtain a line separation and alternatives to submitting a line separation request, including starting a new account for the survivor.
(f) A covered provider shall treat any correction, resubmission, or alternatives selected by a survivor following a denial as a new request.
(g) As soon as feasible after receiving a legitimate line separation request, a covered provider shall notify a survivor of the date on which the covered provider intends to give any formal notification of a line separation, cancellation, or suspension of service:
(1) To the primary account holder, if the survivor is not the primary account holder; and
(2) To the abuser, if the line separation involves the abuser's line.
(h) A covered provider shall not notify an abuser who is not the primary account holder when the covered provider separates the line(s) of a survivor or an individual in the care of a survivor from a shared mobile service contract.
(i) A covered provider shall not notify a primary account holder of a request by a survivor to port-out a number that is the subject of a line separation request. A covered provider shall not notify a primary account holder of a survivor's request for a Subscriber Identity Module (SIM) change when made in connection with a line separation request pursuant to 47 U.S.C. 345 and this subpart.
(j) A covered provider shall only communicate with a survivor as required by this subpart or as necessary to effectuate a line separation. A covered provider shall not engage in marketing and advertising communications that are not related to assisting the survivor with Start Printed Page 84451 understanding and selecting service options.
(k) As soon as feasible after receiving a legitimate line separation request from a survivor, a covered provider shall lock the account affected by the line separation request to prevent all SIM changes, number ports, and line cancellations other than those requested as part of the line separation request pursuant to 47 U.S.C. 345 and this subpart until the request is processed or denied.
(l) A covered provider shall effectuate a legitimate line separation request submitted pursuant to this subpart, and any associated number port and SIM change requests, regardless of whether an account lock is activated on the account.
(m) A covered provider receiving a request from any customer other than the survivor requesting that the covered provider stop or reverse a line separation on the basis that the line separation request was fraudulent shall make a record of the request in the customer's existing account and, if applicable, the customer's new account, in the event further evidence shows that the line separation request was in fact fraudulent.
(n)(1) A covered provider shall provide a survivor with documentation that clearly identifies the survivor and shows that the survivor has submitted a legitimate line separation request under 47 U.S.C. 345(c)(1) and this subpart upon completion of the provider's line separation request review process. The documentation shall include:
(i) The survivor's full name;
(ii) Confirmation that the covered provider authenticated the survivor as a user of the line(s) subject to the line separation request; and
(ii) A statement that the survivor has submitted a legitimate line separation request under 47 U.S.C. 345(c)(1).
(2) The covered provider shall provide the documentation in paragraph (n)(1) to survivors in a written format that can be easily saved and shared by a survivor.
Establishment of mechanisms for submission of line separation requests.(a) A covered provider shall offer a survivor the ability to submit a line separation request through secure remote means that are easily navigable, provided that remote options are commercially available and technically feasible. A covered provider shall offer more than one remote means of submitting a line separation request and shall offer alternative means to accommodate individuals with different disabilities. A covered provider may offer means of submitting a line separation request that are not remote if the provider does not require a survivor to use such non-remote means or make it more difficult for survivors to access remote means than to access non-remote means. For purposes of this subpart, remote means are those that do not require a survivor to interact in person with an employee of the covered provider at a physical location.
(b) The means a covered provider offers pursuant to this section must allow survivors to submit any information and documentation required by 47 U.S.C. 345 and this subpart. A covered provider may offer means that allow or require survivors to initiate a request using one method and submit documentation using another method. A covered provider shall permit a survivor to submit any documentation required by 47 U.S.C. 345 and this subpart in any common format.
(c) Any means that a covered provider offers pursuant to this section shall:
(1) Use wording that is simple, clear, and concise;
(2) Present the information requests in a format that is easy to comprehend and use;
(3) Generally use the same wording and format on all platforms available for submitting a request;
(4) Clearly identify the information and documentation that a survivor must include with a line separation request and allow survivors to provide that information and documentation easily;
(5) Be available in all the languages in which the covered provider advertises its services; and
(6) Be accessible by individuals with disabilities, including being available in all formats ( e.g., large print, braille) in which the covered provider makes its service information available to individuals with disabilities.
Prohibitions and limitations for line separation requests.(a) A covered provider may not make separation of a line from a shared mobile service contract under this subpart contingent on any limitation or requirement other than those described in § 64.6405, including, but not limited to:
(1) Payment of a fee, penalty, or other charge;
(2) Maintaining contractual or billing responsibility of a separated line with the provider;
(3) Approval of separation by the primary account holder, if the primary account holder is not the survivor;
(4) A prohibition or limitation, including payment of a fee, penalty, or other charge, on number portability, provided such portability is technically feasible;
(5) A prohibition or limitation, including payment of a fee, penalty, or other charge, on a request to change phone numbers;
(6) A prohibition or limitation on the separation of lines as a result of arrears accrued by the account;
(7) An increase in the rate charged for the mobile service plan of the primary account holder with respect to service on any remaining line or lines;
(8) The results of a credit check or other proof of a party's ability to pay; or
(9) Any other requirement or limitation not specifically permitted by the Safe Connections Act of 2022, Public Law 117–223, 47 U.S.C. 345.
(b) Nothing in paragraph (a) of this section shall be construed to require a covered provider to provide a rate plan for the primary account holder that is not otherwise commercially available or to prohibit a covered provider from requiring a survivor requesting a line separation to comply with the general terms and conditions associated with using the covered provider's services, as long as those terms and conditions do not contain the enumerated prohibitions in 47 U.S.C. 345(b)(2) and this section, and do not otherwise hinder a survivor from obtaining a line separation.
Financial responsibility following line separations.(a) Beginning on the date on which a covered provider transfers billing responsibilities for and use of telephone number(s) to a survivor following a line separation under § 64.6402(a), the survivor shall assume financial responsibility, including for monthly service costs, for the transferred telephone number(s), unless ordered otherwise by a court. Upon the transfer of the telephone number(s) under § 64.6402(a) to separate the line(s) of the abuser from a shared mobile service contract, the survivor shall have no further financial responsibilities to the transferring covered provider for the services provided by the transferring covered provider for the telephone number(s) or for any mobile device associated with the abuser's telephone number(s).
(b) Beginning on the date on which a covered provider transfers billing responsibilities for and rights to telephone number(s) to a survivor following a line separation under § 64.6402(a), the survivor shall not assume financial responsibility for any mobile device(s) associated with the separated line(s), unless the survivor purchased the mobile device(s), or Start Printed Page 84452 affirmatively elects to maintain possession of the mobile device(s), unless otherwise ordered by a court.
(c) Following a line separation under § 64.6402(a), a covered provider shall maintain any arrears previously accrued on the account with the subscriber who was the primary account holder prior to the line separation.
Notice of line separation availability to consumers.(a) A covered provider shall make information about the line separation options and processes described in this subpart readily available to consumers:
(1) On a support-related page of the website and mobile application of the provider in all languages in which the provider advertises on the website;
(2) On physical stores via flyers, signage, or other handouts that are clearly visible and accessible to consumers, in all languages in which the provider advertises in that particular store and on its website;
(3) In a manner that is accessible to individuals with disabilities, including all formats ( e.g., large print, braille) in which a covered provider makes its service information available to individuals with disabilities; and
(4) In other forms of public-facing consumer communication.
(b) In providing the information in paragraph (a) of this section to consumers, a covered provider shall include, at a minimum, an overview of the line separation process; a description of survivors' service options that may be available to them; a statement that the Safe Connections Act does not permit covered providers to make a line separation conditional upon the imposition of penalties, fees, or other requirements or limitations; basic information concerning the availability of the Lifeline support for qualifying survivors; and a description of which types of line separations the provider cannot perform in all instances due to operational or technical limitations, if any.
Employee training.A covered provider must train its employees who may interact with survivors regarding a line separation request on how to assist them or on how to direct them to other employees who have received such training.
Protection of the privacy of calls and text messages to covered hotlines.(a) All covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service shall:
(1) Omit from consumer-facing logs of calls and text messages any records of calls or text messages to covered hotlines in the central database established by the Commission.
(2) Maintain internal records of calls and text messages omitted from consumer-facing logs of calls and text messages pursuant to paragraph (a)(1) of this section.
(3) Be responsible for downloading the initial database file and subsequent updates to the database file from the central database established by the Commission. Updates must be downloaded and implemented by covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service no later than 15 days after such updates are made available for download.
(b) With respect to covered providers, wireline providers of voice service, fixed wireless providers of voice service, and fixed satellite providers of voice service that are not small service providers, compliance with paragraph (a) of this section shall be required December 5, 2024. In the event the Wireline Competition Bureau has not released the database download file specification by April 5, 2024, or in the event the Wireline Competition Bureau has not announced that the database administrator has made the initial database download file available for testing by October 7, 2024, the compliance deadline set forth in this paragraph (b) shall be extended consistent with the delay, and the Wireline Competition Bureau is delegated authority to revise this section accordingly.
(c) With respect to small service providers that are covered providers or wireline providers of voice service, compliance with paragraph (a) of this section shall be required June 5, 2025. In the event the Wireline Competition Bureau has not released the database download file specification by October 7, 2024, or in the event the Wireline Competition Bureau has not announced that the database administrator has made the initial database download file available for testing by April 7, 2025, the compliance deadline set forth in this paragraph (c) shall be extended consistent with the delay, and the Wireline Competition Bureau is delegated authority to revise this section accordingly.
Compliance date.Compliance with §§ 64.6400 through 64.6407 will not be required until this section is removed or contains a compliance date, which will not occur until the later of July 15, 2024; or after the Office of Management and Budget completes review of any information collection requirements in §§ 64.6400 through 64.6407 that the Wireline Competition Bureau determines is required under the Paperwork Reduction Act or the Wireline Competition Bureau determines that such review is not required. The Commission directs the Wireline Competition Bureau to announce a compliance date for §§ 64.6400 through 64.6407 by subsequent Public Notice and notification in the Federal Register and to cause this subpart to be revised accordingly.
[FR Doc. 2023–25835 Filed 12–4–23; 8:45 am]
BILLING CODE 6712–01–P
Document Information
- Effective Date:
- 1/14/2024
- Published:
- 12/05/2023
- Department:
- Federal Communications Commission
- Entry Type:
- Rule
- Action:
- Final rule.
- Document Number:
- 2023-25835
- Dates:
- Effective date: This rule is effective January 14, 2024.
- Pages:
- 84406-84452 (47 pages)
- Docket Numbers:
- WC Docket Nos. 22-238, 11-42, 21-450, FCC 23-96, FR ID 183619
- Topics:
- Communications, Communications common carriers, Privacy, Reporting and recordkeeping requirements, Telecommunications
- PDF File:
- 2023-25835.pdf
- CFR: (2)
- 47 CFR 54
- 47 CFR 64