Rule2023-25835
Supporting Survivors of Domestic and Sexual Violence; Lifeline and Link Up Reform Modernization
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
December 5, 2023
Effective
January 14, 2024
Issuing agencies
Federal Communications Commission
Abstract
In this document, the Federal Communications Commission adopted a Report and Order implementing the Safe Connections Act of 2022 (Safe Connections Act or SCA), taking significant steps to improve access to communications services for survivors of domestic abuse and related crimes. The Report and Order adopts rules to implement the line separation provisions in the Safe Connections Act that allow survivors to separate a mobile phone line from an abuser. To protect the privacy of calls and texts to hotlines, the Report and Order requires covered providers and wireline, fixed wireless, and fixed satellite providers of voice service to: omit from consumer-facing logs of calls and text messages any records of calls or text messages to covered hotlines in the central database established by the Commission; and maintain internal records of calls and text messages excluded from consumer- facing logs of calls and text messages. The Report and Order also designates the Lifeline program to support emergency communications service for survivors that have pursued the line separation process and are experiencing financial hardship.
Full Text
<html>
<head>
<title>Federal Register, Volume 88 Issue 232 (Tuesday, December 5, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 232 (Tuesday, December 5, 2023)]
[Rules and Regulations]
[Pages 84406-84452]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-25835]
[[Page 84405]]
Vol. 88
Tuesday,
No. 232
December 5, 2023
Part II
Federal Communications Commission
-----------------------------------------------------------------------
47 CFR Parts 54 and 64
Supporting Survivors of Domestic and Sexual Violence; Lifeline and Link
Up Reform Modernization; Final Rule
��Federal Register / Vol. 88 , No. 232 / Tuesday, December 5, 2023 /
Rules and Regulations��
[[Page 84406]]
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Parts 54 and 64
[WC Docket Nos. 22-238, 11-42, 21-450; FCC 23-96, FR ID 183619]
Supporting Survivors of Domestic and Sexual Violence; Lifeline
and Link Up Reform Modernization
AGENCY: Federal Communications Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: In this document, the Federal Communications Commission
adopted a Report and Order implementing the Safe Connections Act of
2022 (Safe Connections Act or SCA), taking significant steps to improve
access to communications services for survivors of domestic abuse and
related crimes. The Report and Order adopts rules to implement the line
separation provisions in the Safe Connections Act that allow survivors
to separate a mobile phone line from an abuser. To protect the privacy
of calls and texts to hotlines, the Report and Order requires covered
providers and wireline, fixed wireless, and fixed satellite providers
of voice service to: omit from consumer-facing logs of calls and text
messages any records of calls or text messages to covered hotlines in
the central database established by the Commission; and maintain
internal records of calls and text messages excluded from consumer-
facing logs of calls and text messages. The Report and Order also
designates the Lifeline program to support emergency communications
service for survivors that have pursued the line separation process and
are experiencing financial hardship.
DATES:
Effective date: This rule is effective January 14, 2024.
Compliance date: Compliance with the revisions to 47 CFR 54.403,
54.405, 54.409, 54.410, 54.1800, and 64.2010 and the addition of 47 CFR
54.424 and 64.6400 through 64.6407 is delayed indefinitely. The FCC
will publish a document in the Federal Register announcing the
compliance date for those sections.
ADDRESSES: Federal Communications Commission, 45 L Street SW,
Washington, DC 20554. In addition to filing comments with the Office of
the Secretary, a copy of any comments on the Paperwork Reduction Act
information collection requirements contained herein should be
submitted to Nicole Ongele, Federal Communications Commission, 45 L
Street SW, Washington, DC 20554, or send an email to <a href="/cdn-cgi/l/email-protection#3d6d6f7c7d5b5e5e135a524b"><span class="__cf_email__" data-cfemail="64343625240207074a030b12">[email protected]</span></a>.
FOR FURTHER INFORMATION CONTACT: For further information, contact
Melissa Kirkel at <a href="/cdn-cgi/l/email-protection#f29f979e9b818193dc999b8099979eb2949191dc959d84"><span class="__cf_email__" data-cfemail="315c545d584242501f5a58435a545d715752521f565e47">[email protected]</span></a> or 202-418-7958 or Nicholas
Page at <a href="/cdn-cgi/l/email-protection#325c5b515a5d5e53411c42535557725451511c555d44"><span class="__cf_email__" data-cfemail="d7b9beb4bfb8bbb6a4f9a7b6b0b297b1b4b4f9b0b8a1">[email protected]</span></a> or 202-418-2783. For additional
information concerning the Paperwork Reduction Act information
collection requirements contained in this document, send an email to
<a href="/cdn-cgi/l/email-protection#0d5d5f4c4d6b6e6e236a627b"><span class="__cf_email__" data-cfemail="4d1d1f0c0d2b2e2e632a223b">[email protected]</span></a> or contact Nicole Ongele, <a href="/cdn-cgi/l/email-protection#5f11363c30333a711031383a333a1f393c3c71383029"><span class="__cf_email__" data-cfemail="e7a98e84888b82c9a88980828b82a7818484c9808891">[email protected]</span></a>.
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Report
and Order in WC Docket Nos. 22-238, 11-42, and 21-450, FCC 23-96,
adopted on November 15, 2023, and released on November 16, 2023. The
full text of the document is available on the Commission's website at
<a href="https://docs.fcc.gov/public/attachments/FCC-23-96A1.pdf">https://docs.fcc.gov/public/attachments/FCC-23-96A1.pdf</a>. To request
materials in accessible formats for people with disabilities (e.g.,
braille, large print, electronic files, audio format, etc.), send an
email to <a href="/cdn-cgi/l/email-protection#34727777010400745257571a535b42"><span class="__cf_email__" data-cfemail="3d7b7e7e080d097d5b5e5e135a524b">[email protected]</span></a> or call the Consumer & Governmental Affairs
Bureau at (202) 418-0530 (voice).
Compliance with the rule changes adopted in the Report and Order,
except for Sec. 64.6408, shall not be required until the later of: (i)
six months after the effective date of the Report and Order; or (ii)
after the Office of Management and Budget (OMB) completes review of any
information collection requirements associated with the Report and
Order that the Wireline Competition Bureau determines is required under
the Paperwork Reduction Act. With respect to covered providers,
wireline providers of voice service, fixed wireless providers of voice
service, and fixed satellite providers of voice service that are not
small service providers, compliance with 47 CFR 64.6408(a) shall be
required December 5, 2024. In the event the Wireline Competition Bureau
has not released the database download file specification by April 5,
2024, or in the event the Wireline Competition Bureau has not announced
that the database administrator has made the initial database download
file available for testing by October 7, 2024, the compliance deadline
shall be extended consistent with the delay, and the Wireline
Competition Bureau is delegated authority to revise 47 CFR 64.6408
accordingly. With respect to small service providers that are covered
providers or wireline providers of voice service, compliance with 47
CFR 64.6408(a) shall be required June 5, 2025. In the event the
Wireline Competition Bureau has not released the database download file
specification by October 7, 2024, or in the event the Wireline
Competition Bureau has not announced that the database administrator
has made the initial database download file available for testing by
April 7, 2025, the compliance deadline set forth in this paragraph
shall be extended consistent with the delay, and the Wireline
Competition Bureau is delegated authority to revise 47 CFR 64.6408
accordingly.
Paperwork Reduction Act of 1995 Analysis
This document contains new or modified information collection
requirements. The Commission, as part of its continuing effort to
reduce paperwork burdens, invites the general public to comment on the
information collection requirements contained in the Report and Order
as required by the Paperwork Reduction Act of 1995, Public Law 104-13.
In addition, the Commission notes that pursuant to the Small Business
Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C.
3506(c)(4), we previously sought specific comment on how the Commission
might further reduce the information collection burden for small
business concerns with fewer than 25 employees.
In the Report and Order, we adopt rules, pursuant to Congress's
direction in the SCA, that have an impact on all covered providers,
including covered providers that are small entities. We impose certain
obligations regarding communications with consumers and survivors. We
also establish a compliance date six months after the effective date of
the Report and Order, finding that the countervailing public interest
in ensuring survivors have access to line separations regardless of
their provider outweighs an extended compliance deadline for small
covered providers. Further, staggered compliance deadlines could cause
confusion for consumers, and we believe that the SCA's operational and
technical infeasibility provisions we codify in our rules will account
for differences in the capabilities between large and small covered
providers regarding information collection requirements. Regarding
protecting the privacy of calls and texts to hotlines, we require
covered providers and wireline providers of voice service, within 12
months, subject to certain conditions that may extend this time, (1)
omit from consumer-facing logs of calls and text messages any records
of calls or text messages to covered hotlines in the central database
established by the Commission; and (2) maintain internal records of
calls and text messages
[[Page 84407]]
excluded from consumer-facing logs of calls and text messages. Covered
providers and wireline providers of voice service that are small
service providers are given 18 months, subject to certain conditions
that may extend this time, to comply with the same obligations. We
received comments requesting that smaller providers be afforded 24
months to comply with such obligations. Recognizing that the SCA
contains no language regarding specific timeframes with respect to this
obligation, we found that granting smaller providers extra
implementation time is appropriate, given that they may face more
resource challenges than larger providers in complying with the new
rules. We acknowledged that this 18-month period is less than the
requested 24-month period, but we found that our 18-month compliance
deadline for small providers properly balances the significance of the
risks faced by domestic abuse survivors, and the benefits of them being
able to call hotlines and seek help without fear of the abuser
accessing their call records, with the implementation challenges faced
by smaller providers. Third, regarding emergency communications support
for survivors, we designate the Lifeline program as the program that
will support emergency communications efforts for survivors with
financial hardship. This will have an impact on eligible
telecommunications carriers designated to provide Lifeline support, but
we expect any new regulatory impacts to be minor and consistent with
our existing rules. As the SCA has no definition for financial hardship
we adopt a definition that is more expansive than the current Lifeline
eligibility standards, and we adopt an approach for documenting that
financial hardship that allows for self-certification. We also direct
the Universal Service Administrative Company (USAC) to prepare for a
program evaluation of our efforts to provide emergency communications
support to survivors. This evaluation will require surveys of relevant
stakeholder groups that USAC will develop under the oversight of the
Bureau and the Office of Economics and Analytics.
The Commission has determined, and the Administrator of the Office
of Information and Regulatory Affairs, Office of Management and Budget,
concurs, that this rule is non-major under the Congressional Review
Act, 5 U.S.C. 804(2). The Commission will send a copy of the Report and
Order to Congress and the Government Accountability Office pursuant to
5 U.S.C. 801(a)(1)(A).
Synopsis
I. Discussion
A. Separation of Lines From Shared Mobile Service Contracts
1. We adopt rules to codify and implement the line separation
provisions in the Safe Connections Act of 2022, Public Law 117-223, 116
Stat. 2280. Our rules largely track the statutory language, with key
additions and clarifications to address privacy, account security, and
fraud detection; operational or technical infeasibility; implementation
timelines; and compliance with other laws.
1. Definitions
2. In order to implement the SCA's line separation requirements, we
adopt definitions for the terms listed in new section 345 of the
Communications Act, as added by the SCA, including ``covered act,''
``survivor,'' ``abuser,'' ``covered provider,'' ``shared mobile
services contract,'' and ``primary account holder.'' We discuss each
definition below.
3. Covered Act. As proposed in the ``Supporting Survivors of
Domestic and Sexual Violence, Lifeline and Link Up Reform and
Modernization, Affordable Connectivity Program'' notice of proposed
rulemaking (NPRM), 88 FR 15558 (March 13, 2023) (Safe Connections
NPRM), we define ``covered act'' as conduct that constitutes (1) a
crime described in section 40002(a) of the Violence Against Women Act
of 1994 (34 U.S.C. 12291(a)), including, but not limited to, domestic
violence, dating violence, sexual assault, stalking, and sex
trafficking; (2) an act or practice described in paragraph (11) or (12)
of section 103 of the Trafficking Victims Protection Act of 2000 (22
U.S.C. 7102) (relating to severe forms of trafficking in persons and
sex trafficking, respectively); or (3) an act under State law, Tribal
law, or the Uniform Code of Military Justice that is similar to an
offense described in clause (1) or (2) of this paragraph.
4. As we noted in the Safe Connections NPRM, this definition is
identical to the statutory definition, except that we add the phrase
``but not limited to'' in describing the crimes covered by the first
clause. Although the SCA defines ``covered act'' as ``a crime
described'' in section 40002(a) of the Violence Against Women Act
``including domestic violence, dating violence, sexual assault,
stalking, and sex trafficking,'' it does not say that only those listed
crimes may be included. Section 40002(a) of the Violence Against Women
Act of 1994 describes a number of additional crimes and abuses beyond
those enumerated in the SCA's definition, including abuse in later
life, child abuse and neglect, child maltreatment, economic abuse,
elder abuse, female genital mutilation or cutting, forced marriage, and
technological abuse. We find that the best reading of the definition of
``covered act'' in the SCA includes all crimes listed in section
40002(a); we see no reason why Congress would choose to protect only a
subset of survivors of these crimes. We further find that the second
clause of the definition of ``covered act'' in the SCA, which
identifies specific subsections (``an act or practice described in
paragraph (11) or (12) of Section 103 of the Trafficking Victims
Protection Act of 2000'') also supports our analysis because in
contrast, the first clause of the definition of ``covered act'' does
not limit the definition to specific subsections of section 40002(a) of
the Violence Against Women Act.
5. Consistent with the SCA, we conclude that a criminal conviction
or any other determination of a court is not required for conduct to
constitute a covered act. The SCA separately addresses the evidence
needed to establish that a covered act has been committed or allegedly
committed. We address those requirements below.
6. Survivor. We track the statutory language and define
``survivor'' as an individual who is not less than 18 years old and
either (1) against whom a covered act has been committed or allegedly
committed; or (2) who cares for another individual against whom a
covered act has been committed or allegedly committed (provided that
the individual providing care did not commit or allegedly commit the
covered act). Although we share the concerns raised by Asian Pacific
Institute on Gender-Based Violence (API-GBV) and the National Domestic
Violence Hotline (NDVH) that emancipated minors would not be covered by
the statutory definition because they are neither age 18 or older nor
likely to be in the care of an individual age 18 or older, the term
``survivor'' is unambiguously defined by the SCA to only include
``individual[s] who [are] not less than 18 years old,'' and we do not
believe that the SCA otherwise provides us with the authority to extend
the scope of that definition. Regardless, we strongly encourage covered
providers to treat legally emancipated minors as though they are
survivors if they meet the SCA's criteria but for their age, and offer
[[Page 84408]]
them the full scope of protections under the SCA.
7. As we observed in the Safe Connections NPRM, the statutory
language describing a survivor as an individual ``who cares for another
individual'' against whom a covered act has been committed or allegedly
committed is broad. We conclude that this phrase should be understood
to encompass: (1) any individuals who are part of the same household,
as defined in Sec. 54.400 of the Commission's rules (47 CFR
54.400(h)); (2) parents or guardians of minor children even if the
parents and children live at different addresses; (3) those who care
for another individual by valid court order or power of attorney; and
(4) an individual who is the parent, guardian, or caretaker of a person
over the age of 18 upon whom an individual is financially or physically
dependent. The record generally supports a broad interpretation of the
phrase ``who cares for,'' while noting the need to provide clear and
certain guidance to providers. We disagree with the NDVH's assertion
that our proposed interpretation would have prevented a person who does
not live in the same household from claiming survivor status if a
covered act were not directly committed against them, but we
nonetheless make explicit that we interpret this provision to include
those individuals who are the parent, guardian, or caretaker of a
person over the age of 18 upon whom an individual is financially or
physically dependent (e.g., a non-minor child financially dependent on
his or her parents or guardians, but who no longer lives at the same
address). We find that this interpretation appropriately balances the
needs of survivors to have meaningful access to line separations and
clarity for providers for administrability and fraud deterrence.
8. We decline, however, to adopt NDVH's proposal to include
emotional care within the meaning of ``care for'' as we find that doing
so would be difficult to administer and could raise account security
risks. The record does not evince any examples of laws or regulations
in which the phrase ``cares for'' is used to connote emotional caring,
and as such we have no basis for finding that Congress intended this
provision to be interpreted to include such circumstances.
9. We decline to mandate that covered providers establish a process
for individuals age 18 or older who are considered in the care of
another person to object to a line separation request made on their
behalf. We agree with Verizon that an objection process could ``hinder
a wireless provider's ability to timely effectuate [a line separation
request] within the two-business day period, put the wireless provider
in an untenable position of uncertainty as to whether an otherwise
valid line separation request should move forward, or both.''
10. Abuser. As proposed in the Safe Connections NPRM, we define
``abuser'' for purposes of our rules as an individual who has committed
or allegedly committed a covered act against (1) an individual who
seeks relief under section 345 of the Communications Act and the
Commission's implementing rules; or (2) an individual in the care of an
individual who seeks relief under section 345 of the Communications Act
and the Commission's implementing rules, mirroring the substance of the
SCA. No commenters objected to our proposed definition. As we explained
in the Safe Connections NPRM, we do not intend our definition to serve
as independent evidence of, or establish legal liability in regards to,
any alleged crime or act of abuse, and adopt this definition only for
purposes of implementing the SCA.
11. Covered Provider. Consistent with the SCA, we define ``covered
provider'' as a provider of ``a private mobile service or commercial
mobile service, as those terms are defined in 47 U.S.C. 332(d).'' No
commenters objected to the Safe Connections NPRM's proposal to adopt
such a definition. Section 332(d) defines ``commercial mobile service''
as ``any mobile service (as defined in [47 U.S.C. 153]) that is
provided for profit and makes interconnected service available (A) to
the public or (B) to such classes of eligible users as to be
effectively available to a substantial portion of the public, as
specified by regulation by the Commission,'' and defines ``private
mobile service'' as ``any mobile service (as defined in [47 U.S.C.
153]) that is not a commercial mobile service or the functional
equivalent of a commercial mobile service, as specified by regulation
by the Commission.'' We find that the line separation obligations apply
to all providers of commercial mobile service or private mobile
service, as the Commission might interpret and apply those definitions,
regardless of the underlying technology used to provide the service
(e.g., whether provided through land, mobile, or satellite stations).
12. Consistent with the Commission's proposal, we conclude that
covered providers include both facilities-based mobile network
operators and resellers/mobile virtual network operators (MVNOs). No
commenters objected to this proposal, and several concurred. The record
indicates that for some MVNOs, the underlying facilities-based provider
may have control over some parts of, or all of, the systems and
infrastructure necessary to effectuate line separations. Therefore, we
find that to the extent that an MVNO relies upon an underlying
facilities-based provider to effectuate line separations, the MVNO
should fulfill its obligations under the SCA and our rules through its
contractual relationship with the underlying facilities-based provider
and may satisfy its obligations by utilizing the same procedures and
processes the facilities-based provider makes available to its own
customers. However, to the extent an MVNO controls any facilities or
systems (for example, customer care or billing), the obligations
imposed by the SCA fall entirely upon the MVNO and not the underlying
facilities-based provider.
13. Additionally, we conclude that the statutory definition of
``covered provider'' includes a provider of mobile broadband-only or
mobile text service that does not also offer mobile voice service, if
such provider assigns a telephone number to a device. Because the SCA
defines a ``covered provider'' to include any provider offering private
mobile service or commercial mobile service, we conclude that providers
offering data-only mobile service or text-only mobile services (i.e.,
no voice services) are ``covered providers.'' We therefore disagree
with National Lifeline Association's suggestion that mobile broadband
providers who do not offer mobile voice service should not be
considered covered providers, as such providers are statutorily covered
by the SCA as providers of private mobile service.
14. Shared Mobile Service Contract. Consistent with the
Commission's proposal in the Safe Connections NPRM, we define ``shared
mobile service contract'' as a mobile service contract for an account
that includes not less than two lines of service and does not include
enterprise services offered by a covered provider, mirroring the
definition set forth in the SCA, except that we interpret ``2
consumers'' to mean ``two lines of service.'' As the Commission
explained in the Safe Connections NPRM, ``[i]t is our understanding
that mobile service contracts are typically structured around the
number of lines of service associated with an account rather than the
number of consumers.'' As a result of this contract structure,
providers may not have information about any users other than the
primary account holder and are therefore unlikely to be able to
[[Page 84409]]
determine whether an account is a shared mobile service contract (i.e.,
has two or more consumers). Our interpretation, however, resolves this
issue without requiring providers to collect additional information
about each user of a multi-line account, and the record supports our
approach. CTIA--The Wireless Association (CTIA) commented that our
definition ``will help enable program success because it generally
aligns with providers' customer service and billing systems'' and that
``adopting a definition focused on `lines of service' rather than
`consumers' will avoid impediments to survivors' ability to obtain line
separations,'' particularly when providers do not know the identity of
each consumer associated with an account. Notably, there were no
objections to this proposed definition in the record. Furthermore, we
find that the operational language of the SCA supports our
interpretation, as it requires providers to separate particular lines
rather than particular consumers from shared mobile service contracts.
Consistent with the tentative conclusion in the Safe Connections NPRM,
we also find that ``shared mobile service contract'' includes both
prepaid and post-paid mobile service contracts. This tentative
conclusion was also unopposed and supported by CTIA.
15. We also conclude that a ``line of service'' under a shared
mobile service contract is one that is associated with a telephone
number, even if that line of service does not include voice services,
and includes all of the mobile services associated with that line under
the shared mobile service contract, regardless of classification,
including voice, text, and data services. There is nothing in the
statutory text to suggest that Congress intended to permit survivors to
separate only certain services associated with their line but not
others. Each service--voice, text, or data--could play a vital role in
addressing survivors' communications needs. For example, although a
device may lack voice service or capability over commercial mobile
radio service, if a phone number is associated with the device, a
survivor may use the number with certain over-the-top (OTT) services to
send and receive messages or make voice calls by utilizing Voice over
internet Protocol (VoIP) technology using data services or data
messaging services. Such OTT services may include, for example,
applications like WhatsApp, Signal, Messenger, and Telegram. Permitting
separation of such lines may help avoid complications that could arise
from disassociating with an existing number for these services. Had
Congress wanted to limit line separations to only those lines with
voice service, it could have done so explicitly in the statutory text.
Congress, however, noted that ``perpetrators of violence and abuse
increasingly use technological and communications tools to exercise
control over, monitor, and abuse their victims.'' Clearly, Congress
recognized that abusers might try to exercise control over survivors
not only by limiting access to or monitoring devices with voice
services but also by controlling other technological and communications
tools. Because Congress sought to promote ``reliable communications
tools to maintain essential connections with family, social safety
networks, employers, and support services,'' we see no reason to limit
the definition of ``line of service'' to only those lines with voice
service when so doing could impede a survivor's access to certain
devices and hamper their ability to gain support and services they
need.
16. We disagree with Verizon's assertion that ``it is far from
clear that Congress intended certain other devices,'' such as tablets
with no mobile capability, which only ``nominally'' have a line
associated with a customer account, to be covered by the SCA. Denying a
survivor the ability to separate a line simply because it is
``nominally'' associated with a device could allow an abuser to
maintain control over or monitor the line and the device associated
with line and inhibit a survivor's ability to break free from an
abusive situation. For example, a survivor may want to separate a line
for a device in order to protect his or her location information from
an abuser with access to the shared mobile account information. Had
Congress wanted to limit line separations in the manner Verizon
suggests, Congress could have explicitly done so. However, Congress
defined a shared mobile service contract as a mobile service contract
that includes not less than two ``consumers''--it did not in any way
cabin ``consumer'' to a particular type of mobile service. Therefore,
rather than ``being far from clear,'' it would seem counter to
congressional intent to disallow a survivor's line separation request
because the line at issue is only ``nominally'' associated with a
device.
17. We also disagree with Verizon's assertion that covered
providers are not statutorily required to (but may voluntarily)
separate more than one line per survivor on the basis that Congress
intended to limit separations to one line per survivor because ``the
statute uses the term `line' in the singular, not plural.'' As an
initial matter, we read the statutory language in subsection (b) as
framing the process to address each discrete line separation request,
which grammatically requires the use of ``line'' in the singular, and
in no way limits the number of lines for which a survivor may seek
separation. Furthermore, limiting a survivor to one line separation
request could potentially allow an abuser to maintain control over or
monitor the survivor's other lines (or devices connected to other
lines) that remain on the shared contract. We believe this would be
contrary to Congress's goals, particularly of helping survivors
establish ``independent access to a wireless phone plan.'' We also
believe that had Congress intended to allow only one line separation
per survivor (and one line per each individual in the care of a
survivor), it would have made this limitation clear in the text. For
example, instead of using the term ``the line,'' Congress could have
said that a provider must ``separate one line of the survivor, and one
line of any individual in the care of the survivor.'' Alternatively,
Congress could have expressly limited the number of separations by
stating that ``a survivor is entitled to one line separation for the
survivor and one line separation for each individual in the care of the
survivor.'' Moreover, the statute uses the exact same term ``the line''
when discussing the separation of an abuser's line as it does when
discussing the separation of a survivor's line. Accepting Verizon's
statutory interpretation would mean that a survivor is limited to
separating only one line of the abuser's from the shared account. We do
not believe that Congress intended to limit a survivor's ability to
completely remove an abuser from a shared mobile service contract when
so doing would likely impair the survivor's ability to establish
independent wireless communications and leave the abusive situation.
For all these reasons, we disagree with Verizon's assertion and
conclude that covered providers must separate multiple lines, when
applicable.
18. The SCA's definition of ``shared mobile service contract''
explicitly excludes ``enterprise services.'' Consistent with the
Commission's proposal in the Safe Connections NPRM, we conclude that
enterprise services are those products or services that are not
ordinarily available to mass market customers and are primarily offered
to entities to support and manage business operations, which may
provide greater security, integration, support, or other features than
are
[[Page 84410]]
ordinarily available to mass market customers, and excludes services
marketed and sold on a standardized basis to residential customers and
small businesses. Our conclusion is consistent with the Commission's
past findings that mass market services are those that are generally
``marketed and sold on a standardized basis to residential customers
[and] small businesses'' whereas enterprise services are ``typically
offered to larger organizations through customized or individually
negotiated arrangements.''
19. Although we appreciate industry concerns over fraud, we decline
to create a presumption that wireless accounts listing a business
entity as the primary account holder are ``enterprise'' accounts. We
find the concerns of the NCTA--The internet & Television Association
(NCTA) that business accounts will be greater targets for fraud without
a presumption that all accounts with a business listed as the primary
account holder are enterprise accounts or a presumption that any
account for which a party has subscribed to a ``business wireless
service'' is an enterprise account to be overstated. The SCA includes
adequate safeguards against the type of potential enterprise account
fraud raised by NCTA by requiring survivors to submit documentation
along with a line separation request demonstrating that an ``abuser''
who uses a line under the shared mobile service contract has committed
or allegedly committed a covered act against the survivor (i.e., the
person requesting the line separation) and an affidavit that the
survivor is the user of the specific line. In practical terms, we
expect that it would be challenging for a bad actor to make this
required showing where the account holder is a business, and not an
individual, unless the abuser's name is also the business name on the
account. We believe this required showing will minimize the potential
for fraud on business accounts. As such, we decline to adopt the CTIA
and NCTA suggested presumptions.
20. Primary Account Holder. Finally, as proposed in the Safe
Connections NPRM, we define ``primary account holder'' as ``an
individual who is a party to a mobile service contract with a covered
provider,'' mirroring the definition in the SCA. While no commenters
opposed this proposal, Verizon noted that ``accounts typically have one
named account owner,'' and explained that ``the possibility that `more
than a single individual [may be] a party to a mobile service contract'
should not affect how the SCA is implemented in practice.''' As such,
we see no need to depart from the statutory definition of primary
account holder.
2. Submission of Line Separation Requests
21. In this section, we adopt rules to clarify the requirements for
submission of a line separation request under section 345 of the
Communications Act. We largely codify the requirements set out in the
SCA for how survivors submit line separation requests while adopting
some measures that clarify those requirements pursuant to the SCA's
command that we consider various factors when enacting regulations for
the line separation requirement. In particular, the SCA requires the
Commission to consider, among other things, privacy protections;
account security and fraud detection; the requirements for remote
submission of line separation requests, including submission of
verification information; feasibility of remote options for small
covered providers; compliance with customer proprietary network
information (CPNI) requirements; and ensuring covered providers have
the necessary account information to comply with the SCA and our rules.
Our aim is to maximize survivors' ability to obtain line separations by
ensuring that covered providers have clear direction on their
obligations related to the submission of line separation requests.
Specifically, we establish requirements regarding the information that
survivors must submit to request a line separation and the options
providers must give survivors when survivors are making a line
separation request, taking into account flexibility for survivors
wherever possible. We recognize that there may be some instances in
which a survivor may wish to separate an abuser's line but is not able
to identify the phone number of the abuser that is associated with the
account. We expect that in these instances, covered providers will work
with survivors to separate the lines of the survivor and those in the
survivor's care from the account.
a. Information Required To Submit Line Separation Requests
22. The rules we adopt concerning the information that survivors
must submit to make a line separation request are closely aligned with
the requirements set out in the SCA. Specifically, we require that a
survivor's line separation request: (1) state that the survivor is
requesting relief from the covered provider under section 345 of the
Communications Act and our rules; (2) identify each line that should be
separated using the phone number associated with the line; (3)
regardless of which lines will be separated, identify which line(s)
belong to the survivor and state that the survivor is the user of those
lines; (4) when a survivor is seeking separation of the line(s) of any
individual under the care of the survivor, include an affidavit setting
forth that any such individual is in the care of the survivor and is
the user of the specific line; (5) when a survivor is seeking
separation of the abuser's line, state that the abuser is the user of
that specific line; and (6) include documentation that verifies that an
individual who uses a line under the shared mobile service contract
(i.e., an ``abuser'') has committed or allegedly committed a covered
act against the survivor or an individual in the survivor's care. We
also require that a line separation request include the name of the
survivor and the name of the abuser that is known to the survivor,
which may assist covered providers' fraud detection efforts. While some
commenters generally expressed that we should ensure the process for
requesting line separations is not cumbersome, none specifically
addressed our proposed approach. We find that these requirements are
consistent with the statutory requirements set forth in the SCA and
properly balance the needs of survivors and covered providers' interest
in preventing fraudulent line separations.
23. Affidavits Regarding an Individual in the Care of a Survivor.
When a survivor is seeking a line separation for an individual in the
care of a survivor, we require the survivor to submit an affidavit that
is signed by the survivor and dated near the time of submission. We
decline to adopt Verizon's suggestion, however, that we require such
affidavits include the name of the individual being cared for,
relationship of the survivor to the cared-for individual, or other
information for fraud deterrence purposes. We conclude that requiring
information about such individuals raises privacy concerns that are not
outweighed by the potential fraud deterrence benefits, particularly
given covered providers may not have this information documented in the
shared mobile account in the first place. In addition, we agree with
the New York City Mayor's Office to End Domestic and Gender-Based
Violence (NYC ENDGBV) that there should not be a notarization
requirement for affidavits, as such a requirement would be burdensome
for survivors because they ``may not have access to a form of
identification to verify their identity to a notary and may not have
the resources
[[Page 84411]]
to find, travel to, or acquire a notary public.''
24. Documentation Demonstrating Survivor Status. Consistent with
the SCA, we require survivors seeking a line separation to submit
documentation that verifies that an individual who uses a line under
the shared mobile service contract has committed or allegedly committed
a covered act against the survivor or an individual in the survivor's
care (i.e., is an ``abuser''). To meet the requirement for
demonstrating survivor status, survivors must submit one or more of the
eligibility documents prescribed by the SCA: (1) a copy of a signed
affidavit from a licensed medical or mental health care provider,
licensed military medical or mental health care provider, licensed
social worker, victim services provider, licensed military victim
services provider, or an employee of a court, acting within the scope
of that person's employment; or (2) a copy of a police report,
statements provided by police, including military or Tribal police, to
magistrates or judges, charging documents, protective or restraining
orders, military protective orders, or any other official record that
documents the covered act. The documentation provided should clearly
indicate a known name for the abuser and the survivor, as well as
include some kind of affirmative statement that constitutes an
indication that the abuser actually or allegedly committed an act that
qualifies as a covered act against the survivor or an individual in the
care of a survivor. No commenter opposed our establishment of such
requirements. Consistent with the Commission's proposal, we also codify
the proviso in the SCA stating that nothing in our rules implementing
section 345(c) ``shall affect any law or regulation of a State
providing communications protections for survivors (or any similar
category of individuals) that has less stringent requirements for
providing evidence of a covered act,'' which was unopposed in the
record.
25. We interpret the phrase ``any other official record that
documents a covered act'' to mean records from any governmental entity,
including Tribal governments. We find that this is the best
interpretation of this phrase because the documents listed preceding
this phrase are records from government entities, and although they are
specifically records from law enforcement entities, Congress did not
limit the scope of the phrase by qualifying it with ``any other
official law enforcement record that documents a covered act.'' We also
find that this reading is most consistent with the goals of the SCA as
it permits survivors to submit official records from other government
entities not listed in the statute that might commonly assist
survivors, such as child and family service agencies. No commenter
urged us to interpret the phrase narrowly, and for the reasons
discussed below, we decline to interpret this clause more broadly to
allow survivors to submit self-certification of survivor status. We
also decline to interpret the ``other official record'' phrase to
include records of domestic violence services organizations, or medical
or mental health records that describe treatment for injuries, without
the need to obtain a signed affidavit from the provider, as the New
York State Office for the Prevention of Domestic Violence requests as
the first clause of the SCA's documentation provision specifically
requires that such records be accompanied by a signed affidavit from
the care provider and we find there is no basis for interpreting the
``other official record'' phrase to directly contradict that
requirement.
26. Although we are sympathetic to concerns raised in the record
that some survivors may have difficulty securing the documents
specified by the SCA to demonstrate survivor status, or doing so in a
timely manner, we find that there is no valid basis for interpreting
the statute to allow self-certification of survivor status. Several
commenters urge us to permit self-certification, but none explain how
the SCA provides the Commission with the authority to do so, or how
doing so is consistent with congressional intent. On the contrary, we
find that doing so would contradict congressional intent. As the
Commission explained in the Safe Connections NPRM, when Congress
adopted the SCA, it was not unaware that self-certification could be an
option for survivors to demonstrate survivor status, as the Commission
had sought comment on allowing self-certification in its Notice of
Inquiry. We expect that Congress also likely knew of the option for
survivors to self-certify their status given that a similar New York
law already permitted it as an option. Congress nevertheless excluded
self-certification from its detailed list of permissible documentation.
Presumably recognizing that the documentation requirements it set were
more stringent than those that already existed in New York, Congress
included a savings clause in the statute that specifically preserves
states' ability to adopt less stringent certification requirements in
state laws or regulations. Although EPIC et al. cites this provision as
a reason why the Commission should conclude that the list of permitted
documentation is non-exhaustive and that self-certification should be
permitted, it is precisely because the SCA sets out a list of permitted
documentation and preserves states' rights to set less stringent
requirements in separate state laws that we conclude the Commission is
restricted in its ability to expand the scope of permitted
documentation to include self-certification. We likewise conclude that
self-certification does not fit into the phrase permitting survivors to
submit ``any other official record that documents a covered act,''
given our conclusion that Congress intended that clause to be limited
to records created by government entities. We also find that the best
reading of ``official record'' is a ``record created by, received by,
sanctioned by, or proceeding from an individual acting within their
designated capacity,'' which would not include self-certification. For
many of the reasons discussed in this paragraph, we also conclude that
the SCA does not permit us to allow survivors to submit any other forms
of documentation of survivor status besides those already discussed.
27. Next, we do not require that such documentation be dated or
that the date be within a certain time period before the survivor
submits the line separation request. We agree with API-GBV that we
should ``provide flexibility to allow people to disclose victimization
or to apply for protections at their own pace, given the risks that
survivors face as they plan for their safety.'' We also anticipate that
many survivors may have sought assistance years before the effective
date of the SCA and our implementing rules, and we do not want to deter
those survivors from taking advantage of the new benefit that is
available to them or require them to seek assistance again just for the
purpose of having newer documentation created. We likewise do not
require that the documentation show that the covered act occurred
within a certain time period prior to the request. We are cognizant of
how difficult it may be for survivors to seek assistance and expect
there may be instances where a survivor reported a covered act years
ago but has not done so again recently despite ongoing abuse.
28. Assessing the Authenticity of Documentation. The record
reflects broad agreement from stakeholders that we should not require
covered providers to assess the authenticity of the documentation that
survivors submit, and therefore we decline to adopt such a requirement.
We find this approach is appropriate given concerns that many covered
providers may not have the
[[Page 84412]]
expertise to accurately evaluate the authenticity of documentation and
could mistakenly deny legitimate requests. We conclude, however, that
the SCA does not prohibit covered providers from attempting to assess
the authenticity of documentation and from denying line separation
requests based on a reasonable belief the request is or may be
fraudulent, and we therefore permit them to do so. Such authentication
might include confirming the documentation is from an entity that
actually exists, assessing whether the documentation has identifiers
that demonstrate the documentation is actually a record of that entity,
and comparing any identifying information in the documentation about
the abuser and survivor with information in the covered provider's
records to confirm that it matches. However, to protect survivor
privacy, we prohibit covered providers from directly contacting
entities that created any documentation to confirm its authenticity. To
mediate concerns about the accuracy of covered providers' assessments,
we emphasize that covered providers must first form a reasonable belief
that a request is or may be fraudulent before denying the request, and
urge covered providers to consider possible legitimate reasons for why
submitted documentation may not pass a provider's standard
authentication checks. For example, mismatched identifying information
could result from a document's use of nicknames or other names that
would not match providers' records. We find that allowing, but not
requiring, a covered provider to attempt to authenticate submitted
documentation balances the public interests of fraud prevention and
ensuring survivors' ability to obtain legitimate line separations.
Accordingly, we decline NYC ENDGBV's suggestion to altogether prohibit
covered providers from attempting to authenticate documents submitted
by survivors.
29. Assessing the Veracity of Evidence of Survivor Status. We
prohibit covered providers from assessing the veracity of the evidence
of survivor status contained within the submitted documents, or relying
on third parties to do so. We expect that, in most cases, survivors
will not be in a position to control what information other entities
include in the documentation to ensure it clearly establishes survivor
status. Thus, allowing covered providers to evaluate the truthfulness
of the information provided and potentially use it as a basis for
denying requests could limit legitimate line separations. We also make
clear that the prohibition on assessing the veracity of survivor status
evidence means that covered providers may not contact survivors to
interrogate them about their experience, which ``can be retraumatizing
for survivors,'' particularly since ``providers are likely not trained
in trauma-informed engagement.'' The record affirms our belief that
many covered providers may not have the expertise to accurately
evaluate the veracity of the documentation survivors submit. We find
that it would undermine the goals of the SCA if a covered provider
denied a line separation based on an incorrect determination about the
veracity of the evidence presented. We agree with Verizon and CTIA that
the SCA's liability limitation clause provides protections for covered
providers if they reasonably rely on the documentation survivors
provide to demonstrate survivor status and approve line separation
requests that turn out to be fraudulent.
30. Other Information. We do not, at this time, require a survivor
who is not the primary account holder to submit other information,
including passwords, about the account or the primary account holder,
as the record does not show that such additional information is needed
to address fraud and could be unnecessarily burdensome for survivors.
No commenter advocated that we require such information. Rather,
consistent with the concern raised in the Safe Connections NPRM,
Verizon noted that ``survivors may have little if any visibility into
account information such as PINs, billing addresses, and primary
numbers that an abuser may keep private.'' We do, however, permit a
covered provider to request the account number, primary phone number,
full or partial address, and PIN or password associated with the
account, as long as the covered provider makes clear to the survivor
that such information is not required to process the line separation
request and that the request will not be denied if the information is
not provided or is inaccurate. We acknowledge Verizon's assertion that
such information, if available, ``could help a provider to process the
[line separation request] more quickly in some cases, and to
investigate and remedy transactions that later turn out to have been
fraudulent or unauthorized.''
31. Assistance with Completing Line Separation Requests. To
maximize survivors' ability to pursue line separation requests, we
conclude that survivors may rely on assistance from other individuals,
including the survivor's designated representative, to prepare and
submit line separation requests. We agree with commenters that this
approach maximizes survivor self-determination and agency, and that it
could be particularly useful for individuals with disabilities or whose
first language is not English. No commenter opposed this approach.
While the SCA requires covered providers to effectuate line separations
after receiving a completed line separation request from a survivor, it
also permits survivors to indicate a designated representative for
communications regarding line separation requests, which we find
signifies Congress's expectation that survivors might rely on other
individuals in relation to line separation requests. To ensure that
covered providers have the means to identify the individuals who
survivors select to assist with line separation requests, we require
providers to request the name and relationship to the survivor for
individuals who assist survivors and we require those assisting
survivors to provide that information, along with a statement that the
person assisted the survivor with the line separation request.
Providers may use methods that are reasonably designed to confirm the
identity of the ``designated representative.'' We expect that any added
cost for requiring covered providers to request this information will
be negligible.
32. Confidential Treatment and Secure Disposal of Personal
Information. We adopt our proposal to require a covered provider,
including any officer, director, and employee--as well as a covered
provider's vendors, agents, or contractors that receive or process line
separation requests with the survivor's consent, or as needed to
effectuate the request--to treat the fact of the line separation
request as well as any documentation or information a survivor submits
as part of a line separation request as confidential, and securely
dispose of the information not later than 90 days after receiving the
information, consistent with the SCA. The record supports adoption of
this requirement, including our proposed clarification that a
``vendor,'' as used in the SCA, includes a ``contractor'' who may
receive a line separation request in its provision of services to a
covered provider, on the basis that this interpretation reflects the
business practices of covered providers and will mitigate privacy risks
to survivors. We note that covered providers must abide by this
requirement even if they are unable to process a line separation
request.
[[Page 84413]]
33. We conclude that treating the line separation request itself,
as well as documentation and information a survivor submits as part of
a line separation request, as confidential means not disclosing or
permitting access to such information unless subject to a valid court
order, except: (1) to the individual survivor submitting the line
separation request; (2) to anyone that the survivor specifically
designates; (3) to those third parties necessary to effectuate the
request (i.e., vendors, contractors, and agents); and (4) to the extent
necessary, to the Commission and the Universal Service Administrative
Company (USAC) to process emergency communications support through the
designated program or address complaints or investigations. We disagree
with CTIA that the Commission should not afford protections to
survivors (and alleged abusers) from the misuse of their data by law
enforcement on the basis that doing so is outside the scope of the SCA
and the Safe Connections NPRM. The SCA directs the Commission to adopt
regulations concerning the line separations requirements, which
includes the confidentiality requirements, and thus we find that
addressing this issue is within the scope of the SCA. Given concerns
expressed by EPIC et al., we find that requiring law enforcement to
obtain a court order to access information about a line separation
request is a necessary protection for survivors (and alleged abusers).
We do not anticipate that this requirement will be burdensome for
providers to implement given that they already have a duty to protect
the confidentiality of proprietary information of customers, including
a duty to prevent access to customer proprietary network information
(CPNI) ``[e]xcept as required by law or with the approval of the
customer.'' Additionally, requiring a court order prevents covered
providers from being placed in a position of having to assess whether a
law enforcement official may be misusing their official authority.
34. We limit providers from using, processing, or disclosing the
line separation request--or any documentation or information submitted
with line separation request--for purposes unrelated to implementing
the request, providing services, or otherwise managing the survivor's
account. We also conclude that the requirement to ``treat'' information
submitted in connection with a line separation request as
``confidential'' prohibits covered providers from using, processing, or
disclosing (e.g., to joint-venture partners) such information for
marketing purposes.
35. We confirm our tentative conclusion that to the extent that any
information a survivor submits as part of a line separation request
would be considered CPNI and therefore subject to disclosure to the
customer or a designee, the SCA's confidentiality requirement
nevertheless requires that such information (along with any information
submitted by a survivor that would not be considered CPNI) be treated
confidentially and disposed of securely. We conclude that this is the
best reading of the SCA's language requiring confidential treatment
``[n]otwithstanding Section 222(c)(2)'' of the Communications Act. EPIC
et al. agrees with this reading, and no commenter offered an
alternative interpretation. Thus, although section 222(c)(2) normally
requires telecommunications carriers to ``disclose customer proprietary
network information, upon affirmative written request by the customer,
to any person designated by the customer,'' when such CPNI is submitted
by survivors as part of a line separation request, covered providers
must follow the SCA's heightened requirements for confidentiality and
secure disposal.
36. We decline to find that the identity of the abuser and the
reason for the line separation (i.e., the alleged abuse) should be
treated as CPNI for the purpose of protecting the personal information
of abusers, as requested by EPIC et al. Neither data element fits
logically within the categories of information that constitute CPNI,
and it need not for those data to benefit from the SCA's confidential
and secure disposal protections, which protect the privacy of both
survivors and alleged abusers. The confidentiality obligation itself,
that is, requires that such information be protected.
37. To help ensure confidential treatment and secure disposal of
information submitted with line separation requests, we also require
covered providers to follow data security measures commensurate with
the sensitivity of line separation requests, as well as the information
and documentation submitted with line separation requests.
Specifically, we require covered providers to implement policies and
procedures governing confidential treatment and secure disposal of this
information, train employees on those policies and procedures, and
restrict access to databases storing such information to only those
employees who need access to that information. We believe these
baseline requirements will create the foundation for covered providers
to treat line separation information confidentially and dispose of it
securely. We conclude that these requirements will not be burdensome
for most covered providers given that all telecommunications carriers
and interconnected Voice over internet Protocol (VoIP) providers must
already train employees to protect the confidentiality of proprietary
information of, and relating to, other telecommunication carriers,
equipment manufacturers, and customers and that we have specific rules
governing the protection of CPNI, and we expect that most providers
already have data security policies and procedures to limit access to
certain information. In all cases, we anticipate that covered providers
will only need to modify their practices and systems to include
treatment of line separation information.
38. Understanding that covered providers may need flexibility to
comply with the confidentiality and disposal requirements, we otherwise
decline to prescribe specific measures that covered providers must use
to treat information submitted with a line separation request as
confidential and securely dispose of it. We conclude, however, that
unauthorized disclosure of, or access to, information survivors submit
as part of a line separation request will be considered evidence in an
investigation by the Commission that a covered provider has not adopted
sufficient measures to protect against such disclosure or access. This
approach aligns with our expectations for carriers' treatment of CPNI.
The SCA's confidentiality and disposal requirements demonstrate that
Congress thought the privacy of information related to line separation
requests is paramount, and we anticipate that our approach will
incentivize covered providers to adopt best practices as they evolve
over time to ensure the confidentiality and secure disposal of such
information. Such best practices might include encryption, masking,
data minimization (i.e., only collecting data necessary for the
intended purpose and deleting data when it is no longer necessary),
access controls, secure password policies, traffic monitoring, and
internal firewalls. Indeed, a covered provider may be able to overcome
evidence related to a breach of survivor information if the provider is
able to show that it used industry best practices at the time of the
breach. We are also concerned that prescribing specific data security
practices might result in the rules becoming obsolete over time. We
[[Page 84414]]
make clear that the liability protections in the SCA do not shield
covered providers, or their vendors, agents, and contractors, from
enforcement actions that may result from their failure to adopt
adequate practices to treat line separation information as confidential
and securely dispose of it. Additionally, we emphasize that covered
providers subject to section 222 have an independent responsibility to
protect such confidential information and will therefore be subject to
potential enforcement action for failures by their vendors, agents, and
contractors to adopt sufficient confidentiality and secure disposal
measures.
39. We also clarify the limited instances in which a covered
provider may retain information about a line separation request beyond
the 90-day disposal deadline established by the SCA. First, consistent
with the SCA, we permit a covered provider to maintain a record that
verifies that a survivor fulfilled the conditions of a line separation
request for longer than 90 days, but prohibit providers to retain, as
part of this record, the affidavit, documentation of survivor status,
or other original records a survivor submits with the request, as that
information is deemed confidential and subject to secure disposal
within 90 days. Second, we permit a covered provider to retain any
confidential record related to the line separation request, including
an affidavit and documentation of survivor status, for longer than 90
days upon receipt of a legitimate law enforcement request. In both
cases, we require a covered provider to treat the records it retains as
confidential, and dispose of such records securely. To be clear, even
though the record that verifies that a survivor fulfilled the
conditions of a line separation request is not an original record
submitted with a request, it must nonetheless be treated as a
confidential record. We decline the Boulder Regional Emergency
Telephone Service Authority's (BRETSA) suggestion that we require
covered providers to deliver a 911 call placed by a survivor over the
survivor's separated line with ``some indication to the PSAP [public
safety answering point] that the call is from service assigned to an
individual escaping an abusive relationship.'' We agree with commenters
that such a requirement falls outside the scope of the SCA and our
implementing rules.
b. Required Options Covered Providers Must Offer to Survivors
40. We now adopt requirements regarding basic categories of
information covered providers must make available to, or request from,
survivors when granting a line separation request. These requirements
are intended to streamline the line separation process for covered
providers and to maximize the simplicity with which survivors can
obtain line separations in a timely manner. First, we codify in our
rules the SCA's requirement that a covered provider inform the
survivor, through remote means, at the time the survivor submits a line
separation request, that the provider may contact the survivor, or the
survivor's designated representative, to confirm the line separation or
inform the survivor if the provider is unable to complete the line
separation. As explained in the Safe Connections NPRM, we find that
this approach will allow survivors to make an informed choice regarding
which contact information and manner of communication is best given
their particular circumstances. No commenter opposed this approach.
41. Second, for line separation requests submitted by a survivor
through remote means, we require covered providers to ``allow the
survivor to elect in the manner in which the covered provider may--(i)
contact the survivor, or designated representative of the survivor, in
response to the request, if necessary; or (ii) notify the survivor, or
designated representative of the survivor, of the inability of the
covered provider to complete the line separation,'' which mirrors the
SCA. We conclude that this requirement simply obligates a covered
provider to allow a survivor to select, at the time the survivor
submits a line separation request through remote means, the manner the
provider must use to communicate with a survivor after the survivor
submits the request. Among the communication options offered to the
survivor, we require a covered provider to include at least one means
of communication that is a ``remote means.'' We also require covered
providers to allow survivors to indicate their preferred language for
future communications from among those in which the covered provider
currently advertises, and deliver any such future communications in the
survivor's preferred language if it is one in which the provider
currently advertises. Additionally, we require covered providers to ask
survivors to provide the appropriate contact information with their
requests. We decline Verizon's suggestion that we require a survivor to
submit a telephone number and email address with its request for use in
contacting the survivor. The SCA permits survivors to select the means
that covered providers must use to communicate with them, which may or
may not be both phone and email. To prevent covered providers from
attempting to contact survivors using any other means, we only require
survivors to provide contact information for the means they select,
unless it is otherwise necessary to provide documentation of a
completed line separation request for Lifeline purposes, as discussed
below. We also prohibit providers from engaging in communications that
are not directly related to the line separation request, such as
marketing and advertising communications that are not related to
assisting survivors with understanding and selecting service options.
No commenter opposed adoption of these requirements.
42. Third, we require covered providers to allow a survivor
submitting a line separation request to indicate their service choices
when they are submitting a line separation request. Specifically, we
require covered providers to allow a survivor to indicate the service
plan a survivor chooses from among all commercially available plans the
covered provider offers for which the survivor may be eligible,
including any prepaid plans, as well as whether the survivor intends to
retain possession (and therefore take financial responsibility) of any
device associated with a separated line. API-GBV and the Competitive
Carriers Association (CCA) both supported such a requirement, and no
commenter opposed it.
43. Fourth, as mandated by the SCA, we require a covered provider
to inform the survivor of the existence of the Lifeline program as a
source of support for emergency communications for qualifying
survivors, and to include a description of who might qualify for the
program and how to participate. We require covered providers to provide
this information to survivors as part of the line separation request
mechanism as we anticipate that having this information may help
survivors determine which service plan may suit them best. We require
covered providers, at a minimum, to inform survivors that their
participation in the Lifeline program and the Affordable Connectivity
Program (ACP) based on their status as survivors will be limited to six
months unless they can qualify to participate in Lifeline and/or ACP
under the programs' general eligibility requirements. We decline to
adopt standardized language regarding the content of this communication
as we do not find it necessary at this time. We find that our approach
provides sufficient guidance to covered providers regarding what
information they must
[[Page 84415]]
include in their communications. We also require covered providers to
allow survivors to indicate whether they intend to apply for emergency
communications support through the designated program, if available
through the provider.
44. Finally, to the extent that a covered provider cannot
operationally or technically effectuate certain types of line
separations in all instances, we require a covered provider to
identify--in a contemporaneous communication to the survivor--which
types of line separations the provider cannot perform and state that it
cannot perform those separations due to operational or technical
limitations.
3. Requirement To Separate Lines Upon Request
45. We codify the SCA's requirement that, for a shared mobile
service contract under which a survivor and abuser each use a line, a
covered provider must, not later than two business days after receiving
a completed line separation request from a survivor, (1) separate the
line(s) of the survivor, and the line(s) of any individual in the care
of the survivor, from the shared mobile service contract, or (2)
separate the line(s) of the abuser from the shared mobile service
contract. We conclude, as proposed, that because the SCA requires
covered providers to implement line separation requests from survivors
for shared mobile service contracts ``under which the survivor and the
abuser each use a line,'' neither the abuser nor the survivor must be
the primary account holder for a line separation to be effectuated,
regardless of whose line is separated from the account. We also find
that a person who does not use a line on an account--but is a
``survivor'' under the statute because the person is someone who cares
for another individual against whom a covered act has been committed or
allegedly committed--would be able to request a line separation because
the definition of ``survivor'' allows that person to stand in for the
individuals in their care.
46. We acknowledge the seriousness of concerns raised in the
records about dangers to survivors from spyware applications or
software installed on a survivor's device that could remain after a
line separation. We find, however, that regulation of such third-party
applications and software is beyond the scope of the SCA. We further
note providers' assertions that removal of such applications and
software may not be within the control of the covered provider.
However, with respect to carrier-branded apps and software on devices
that may enable shared mobile plan account owners to track users'
devices or provide access to customer information through online
accounts, we expect covered providers to take all steps necessary to
ensure that such apps and software do not enable an abuser to retain
access to information about a survivor's line or device post-
separation.
47. Below, we clarify covered providers' obligations under this
requirement, and in doing so, we emphasize the importance of survivors'
ability to obtain the line separations of their choosing in a timely
manner while recognizing the practical challenges that covered
providers may face in effectuating those separations.
a. Identity Authentication
48. We first require that covered providers attempt to
authenticate, using multiple authentication methods if necessary, that
a survivor, or a person in the care of the survivor, requesting a line
separation is a user of a specific line or lines, and permit covered
providers to deny line separation requests when the survivor cannot be
authenticated or the provider has a reasonable belief that the request
is or may be fraudulent. Specifically, when the survivor is the primary
account holder or a user designated to have account authority by the
primary account holder (designated user), we require covered providers
to attempt to authenticate survivors just as they would any other
primary account holder or designated user. This means that requests
coming from primary account holders and designated users must comply
with any other Commission rules that apply to authentication of such
individuals, including those related to access to CPNI and the
Commission's rules adopted to address Subscriber Identity Module (SIM)
swap and port-out fraud. When the survivor is not the primary account
holder or a designated user, we require covered providers to attempt to
authenticate their identity using methods that are reasonably designed
to confirm the survivor, or a person in the care of the survivor, is
actually a user of the specified line(s) on the account, and that such
authentication shall also be sufficient for requesting a SIM change
when made in connection with a line separation request. To the extent
this requirement differs from other authentication requirements, see,
e.g., 47 CFR 64.2010, the line separation authentication requirement we
adopt in this document to implement 47 U.S.C. 345 serves as an
exception to those other requirements. We agree with CTIA and CCA that
providers may need flexibility to authenticate and therefore we decline
to specify or otherwise limit the methods that covered providers can
use to authenticate the identity of survivors who are not primary
account holders. Although we acknowledge that some authentication
methods may be less secure than others, the record demonstrates that
certain methods, such as verification using phone calls or text
messages delivered to a survivor's number or knowledge-based checks
using call detail information, may be the only practical means in some
instances to authenticate survivors who are not the primary account
holder and about whom covered providers have no other information.
49. Our approach balances our twin goals of maximizing survivors'
ability to obtain legitimate line separations and of preventing fraud.
On this issue, industry commenters agreed that covered providers should
be given flexibility on how to authenticate survivors and their ability
to deny individuals who cannot be authenticated. Conversely, EPIC et
al. asserted that the Commission should prioritize survivors' ability
to access and use the line separations process over speculative
concerns that the line separations process will be used for fraud. We
find that the rule we adopt is sufficiently supported by the record and
therefore we disagree with CTIA that it is necessary to find a
consensus before establishing authentication requirements. We also find
that the authentication requirement preserves account security by
helping to prevent fraudulent account takeovers, protects privacy by
preventing unauthorized access to account information, and ensures
covered providers have the necessary account information to comply with
our rules and the SCA, consistent with the issues the SCA requires the
Commission to consider when adopting line separation rules.
50. We decline NCTA's request to permit covered providers to call
or text lines of those in the care of the survivor that are the subject
of the line separation request to confirm that the non-abuser
individual ``approves the separation request'' or otherwise ``confirm
that the request is valid before approving it.'' NCTA argues that
covered providers ``should be permitted to decline to process the line
separation request if this verification is not completed (e.g., because
the abuser has taken the device associated with the line) and, instead,
give the party requesting the separation the option of creating a new
account with a new telephone number.'' As an initial matter, the SCA
contemplates that a survivor would be able to separate a line even when
the abuser is in
[[Page 84416]]
possession of the device associated with that line, and therefore we
disagree that we should approve of covered providers denying separation
requests for those lines in all instances. More significantly, we are
concerned that allowing covered providers to attempt verification on
other lines may alert abusers about the survivor seeking a line
separation at an early stage in the process. This might occur, for
example, if the abuser is near to or in possession of the devices
associated with those lines, such as if the abuser is with children who
are in the care of the survivor while the survivor is elsewhere seeking
a separation that includes those children's lines. We therefore find
that these potential threats to survivors and those in their care
outweigh the potential fraud prevention benefits of NCTA's proposed
verification process.
b. Establishing ``Secure Remote Means'' for Line Separation Request
Submissions
51. We codify the SCA's requirement that covered providers ``offer
a survivor the ability to submit a line separation request . . .
through secure remote means that are easily navigable, provided that
remote options are commercially available and technically feasible.''
No commenter opposed this requirement, and we elaborate on the various
aspects of this requirement below.
52. Secure Means. Consistent with the SCA's goals to protect the
confidentiality of survivor information, we adopt requirements
regarding the secure submission of line separation requests. First, we
conclude that any means a covered provider offers survivors to submit a
line separation request, including non-remote means, must be secure.
Second, we find that, at a minimum, secure means are those that prevent
unauthorized disclosure of, or access to, the fact of the line
separation request or the information and documentation submitted with
the line separation request during the submission process. Third, as
with the Commission's CPNI rules and the rules we adopt above for
confidential treatment and secure disposal of the records survivors
submit to covered providers with a line separation request, we conclude
that unauthorized disclosure of, or access to, the fact of the line
separation request or the information and documentation submitted with
a line separation request will be considered evidence in an
investigation by the Commission that a covered provider did not provide
a ``secure'' means for submitting the request. We otherwise decline to
prescribe specific requirements for what constitutes ``secure'' with
respect to the means of submitting line separation requests, but as
with our rules governing treatment of line separation records, we
expect our approach will incentivize covered providers to adopt best
practices for security as they evolve over time. No commenter opposed
our adoption of any such requirements.
53. Remote Means. Although the SCA does not define what constitutes
``remote means,'' we interpret that phrase in a manner that maximizes
survivor flexibility for submitting line separation requests. First, we
conclude that a ``remote means'' for submitting a line separation
request is a mechanism that does not require the survivor to interact
in person with an employee of the covered provider at a physical
location. No commenter opposed this interpretation. We agree with API-
GBV that this interpretation ``is particularly important for survivors
in remote areas, or in communities in which physically going to a
single location might jeopardize a survivor's safety or
confidentiality.'' As such, requiring survivors to visit a brick and
mortar store would not constitute remote means. Conversely, a form on a
covered provider's website with the ability to input required
information and attach necessary documents would constitute remote
means. We also find that submissions via email, a form on a provider's
mobile app, a chat feature on a provider's website, interactive voice
response (IVR) phone calls, fax, and postal mail would constitute
remote means. Additionally, we conclude that a live telephone
interaction, text message communication, or video chat with a customer
service representative would constitute remote means. We do not intend
this list to be exhaustive as there may be other methods currently
available or developed in the future that would not require a survivor
to interact in person with an employee of a covered provider at a
physical location. Furthermore, to maximize survivor choice, we
conclude that covered providers can offer survivors means that are not
considered remote as long as the provider does not require survivors to
use those non-remote means or make it more difficult for survivors to
access remote means than to access non-remote means.
54. Second, consistent with API-GBV and NYC ENDGBV's requests, we
require covered providers to offer survivors more than one remote means
of submitting a line separation request, and encourage them to offer
several means. We are concerned that certain remote means may be so
obsolete or so novel that they would be difficult for some survivors to
access, and that if those means are the only ones a covered provider
offers, they would deter survivors from pursuing a line separation. We
also anticipate that offering alternative remote means will make line
separations more accessible to survivors who may be using different
technologies or have different levels of digital literacy. We conclude
that when Congress directed covered providers to ``offer a survivor the
ability to submit a line separation request . . . through secure remote
means,'' the word ``means'' in this context is ambiguous as to whether
providers must offer one or more than one means. Given this ambiguity,
and the lack of the singular article ``a'' before the phrase ``secure
means,'' we interpret ``means'' as a plural noun.
55. Third, we conclude that the remote means a covered provider
offers must allow survivors to submit any necessary documentation, but
we permit providers to offer means that allow or require survivors to
initiate a request using one method (such as an IVR phone call) and
submit the documentation through another method (such as via email).
This approach received support in the record and was otherwise
unopposed. Fourth, we require covered providers to accept documentation
in any common format, including, for example, pictures of documents or
screenshots. We find that this approach will minimize difficulty for
survivors seeking line separations.
56. Additionally, consistent with existing statutory and regulatory
requirements, we make clear that a covered provider must offer
alternative remote means that are accessible by individuals with
different types of disabilities. The Accessibility Advocacy
Organizations highlight the importance of such a requirement,
explaining that such individuals are often at increased risk of
domestic violence, and therefore that it is critical that they be able
to access the protections afforded by the SCA. We decline, however, to
require that covered providers offer direct video calling (DVC) as a
means of submitting line separation requests, as the Accessibility
Advocacy Organizations request. Although we appreciate that DVC may
have benefits for survivors with disabilities who are seeking line
separation requests, we decline at this time to impose any specific
technology given the wide variety of providers and accessible
technologies available. We instead strongly encourage covered providers
to offer the ``most accessible and effective services available,'' such
as DVC, whenever feasible.
[[Page 84417]]
57. Technically Feasible and Commercially Available Means. No
commenter addressed whether secure remote means for submitting line
separation requests are currently ``technically feasible'' and
``commercially available,'' and if not, how long it would take them to
be. CTIA noted that the Safe Connections NPRM appropriately
incorporated into the proposed rules the ``commercial availability''
and ``technical feasibility'' limitations that apply to certain
requirements. We observe that the remote means we identify above are
commonly used by commercial entities to interact with consumers and
there are technological processes available to make each of those means
secure. We also anticipate that many, if not all, of these mechanisms
can be modified by covered providers to be used for line separation
requests. Accordingly, we find that secure remote means for submitting
line separation requests are currently both technically feasible and
commercially available, and we anticipate that covered providers will
be able to update their systems and procedures to implement use of more
than one means before the rules go into effect.
58. Easily Navigable. We next address how the means to submit line
separation requests must be ``easily navigable.'' To give covered
providers flexibility and ensure they are positioned to request all the
information they need to process line separations in a way that is most
suitable for their systems, we decline to prescribe the specific
format, process, or form covered providers must use for survivors to
submit line separation requests, and instead allow covered providers to
develop their own mechanisms. However, consistent with the record, to
ensure consistency and predictability for survivors and the individuals
and entities that assist them, reduce difficulty for survivors, and
give covered providers clarity regarding their obligations, we
establish several requirements for the mechanisms that covered
providers develop to ensure they are easily navigable for survivors
submitting line separation requests. Specifically, we require that the
mechanisms: (1) use wording that is simple, clear, and concise; (2)
present the information requests in a format that is easy to comprehend
and use; (3) generally use the same wording and format on all platforms
available for submitting a request; and (4) clearly identify the
information and documentation that survivors must include with their
requests, including clearly listing what survivors should have on hand
when contacting the provider, and allow survivors to easily provide
that information. We decline to create or mandate the use of a
standardized form as requested by NYC ENDGBV as we find that allowing
covered providers the flexibility to develop their own approaches while
establishing requirements to ensure those mechanisms are easily
navigable better balances providers' expertise with the need to
streamline the process for survivors. Nevertheless, we encourage
stakeholders to work together to develop such a standardized mechanism,
to the extent one would be useful for covered providers.
59. We also require that the means through which a covered provider
permits survivors to submit line separation requests must be available
in all the languages in which the covered provider currently advertises
its services as well as all formats (e.g., large print, braille, etc.)
in which the provider makes its service information available to
persons with disabilities. We agree with EPIC et al. that a ``lack of
meaningful language access can further isolation created by an
abuser,'' and conclude that requiring language availability for the
means of submitting requests will help alleviate that isolation. We
decline, however, to adopt API-GBV's recommendation that covered
providers offer ``translated forms and instructions in a minimum of the
10 most commonly used languages in the provider's covered service area,
as well as any other languages (if any) that the provider advertises
its services in.'' We find that such a requirement would be
unreasonably burdensome on covered providers, particularly smaller
providers, but we encourage all providers to know the predominant
languages used in their respective communities and translate their
materials into as many different languages as is feasible. At the same
time, because we permit survivors to rely on assistance from designated
representatives and others to pursue line separations, we anticipate
that survivors who speak languages other than those in which a covered
provider advertises its services can seek interpretation assistance if
necessary.
c. Processing of Line Separation Requests
60. Implementing Survivors' Election of Line Separation. Consistent
with the statutory language, we interpret the line separation
requirement as granting survivors the flexibility to pursue line
separations in the manner that is best for their circumstances. We thus
conclude, as proposed, that the SCA gives survivors discretion to
request separation from the account of either the line(s) of the
survivor (and the line(s) of any individuals in the survivor's care) or
the line(s) of the abuser, regardless of whether the survivor is the
primary account holder. We decline to prescribe the circumstances in
which survivors may pursue each type of line separation, as CTIA and
NCTA request. The industry trade groups specifically ask the Commission
to dictate that when a survivor is a primary account holder, the
abuser's line must be separated from the shared mobile service contract
and that covered providers can process such line separations by
canceling the abuser's line. NCTA makes a second request that the
Commission stipulate that when a survivor is not a primary account
holder, their lines (and the lines of individuals in the survivor's
care) must be separated from the shared mobile service contract. In
both circumstances, the industry groups assert that they are trying to
avoid situations where they have to establish new accounts in the name
of the abuser, which they say cannot be done without the abuser's
knowledge and consent, thereby potentially compromising survivors'
safety. NCTA also expresses concern that in instances when an abuser
who is the primary account holder is separated from the shared mobile
service contract and the survivor becomes the primary account holder,
``the abuser likely would know details about the account such as the
PIN or account number that could be used to compromise the survivor's
service after the line separation.'' However, NCTA does not explain why
the covered provider would not allow the survivor, as the primary
account holder, to change the PIN to prevent the abuser from accessing
the account or use other measures to prevent the abuser from accessing
the account.
61. As an initial matter, we find that the industry groups'
requested approaches are contrary to the text of the SCA and
disincentivizes covered providers from developing solutions that will
allow survivors to obtain the line separations of their choosing,
thereby limiting the SCA's benefits to survivors. For the same reasons,
we decline to find that covered providers have the discretion to
determine whether to separate the line of the abuser or the lines of
the survivor (and those in the survivor's care). If Congress had
intended to limit the types of line separations a survivor could
request in a given circumstance, it could have easily said so. We are
particularly unmoved by the suggestion that
[[Page 84418]]
Congress intended that survivors who are primary account holders must
separate the line of the abuser and that the abuser's line would then
be canceled, as this outcome is no different than what primary account
holder survivors can achieve now, and would therefore make the SCA's
benefit in this regard superfluous. We do not presume to understand all
the reasons why a survivor might choose to separate an abuser's line or
their lines and the lines of those in their care, but Congress chose
not to limit survivors' choices and neither do we.
62. Additionally, while we appreciate the practical challenges of
effectuating line separations precisely as survivors request, we
anticipate that covered providers will be able to address these
situations without compromising survivor safety. For instance, covered
providers may be able to create a temporary placeholder account and
contact the abuser after the line separation has been completed (and
the survivor has been notified) to request consent and the necessary
information to establish a permanent account. Because temporarily
suspended numbers are not permanently disconnected numbers, they are
not ``aging numbers'' under the Commission's rules. Covered providers
must ensure that telephone numbers assigned to a user of a shared
mobile account and which are the subject of a line separation request
remain available to be assigned to the user of that number (i.e., a
survivor, an individual in the care of a survivor, or an abuser).
63. Alternatively, covered providers could give survivors advance
notice that the provider would need to contact the abuser prior to
effectuating the line separation to request the abuser's consent and
necessary account information, and survivors could then choose whether
to proceed or select another line separation or account change option.
Absent these or other solutions that providers may develop, a third
option is that covered providers can rely on the operational and
technical infeasibility exception established by the SCA and discussed
further below. NCTA suggests that the Commission dictating survivors'
line separation options is a better approach than allowing covered
providers to deny line separations due to operational or technical
infeasibility because ``[s]urvivors who chose the incorrect option or
required further guidance to complete the separation would be forced to
engage in additional communications with the covered provider at a time
when it may be difficult or even dangerous for a survivor to be
involved in such exchanges.'' While we acknowledge NCTA's concern, we
believe that our requirement that a covered provider state in a
contemporaneous communication which types of requests it cannot
complete due to operational or technical infeasibility should address
the concern. We nevertheless strongly encourage covered providers to
strive to develop the means to allow survivors to separate lines as
they see fit.
64. Verizon argues that ``[i]f a survivor requests that an account
owner abuser be removed from an account, in practice this may
technically or operationally require the latter to consent to
establishment of a new account, undermining Congress's objective of
ensuring the line separation is not visible to the abuser,'' and that
``[t]he Safe Connections Act envisions that the wireless provider would
create a new account for the survivor(s) in those circumstances.'' We
recognize that in situations where the survivor is not the account
holder, it is more likely than not that the survivor will elect to
establish a new account (rather than separate the line of the abuser
from the existing account) because such a choice will delay notice to
the abuser, and in some cases may be the only technical or operational
solution available for the covered provider. But, contrary to Verizon's
claim, the SCA does not contemplate that the line separation will be
invisible to the abuser in all cases. Rather, the statute expressly
contemplates that the primary account holder, who may be the abuser,
may be notified about the line separation. Therefore we disagree with
Verizon that the SCA envisions that covered providers would create a
new account for survivors who might otherwise seek to separate an
abuser who is the primary account holder just so that the separation is
not visible to the abuser.
65. We also address the circumstances under which an individual who
is ``in the care of'' a survivor may receive a line separation. As
proposed, we adopt the same approach for determining who qualifies as
``in the care of'' the survivor for the purposes of line separation
requests as we do for who may be considered someone ``who cares for
another individual'' in the definition of ``survivor.'' Specifically,
we conclude that phrase encompasses: (1) any individuals who are part
of the same household, as defined in Sec. 54.400 of the Commission's
rules; (2) minor children of parents or guardians who are survivors
even if the parents and children live at different addresses; (3)
individuals who are cared for by a survivor by valid court order or
power of attorney; (4) and a person over the age of 18 who is
financially or physically dependent upon a parent, guardian, or
caretaker (e.g., a non-minor child financially dependent on his or her
parents or guardians, but who no longer lives at the same address). We
further find that, unlike the definition of ``survivor,'' for the
purposes of line separation requests, an individual ``in the care'' of
a survivor need not be someone against whom a covered act has been
committed or allegedly committed. As we explained in the Safe
Connections NPRM, the SCA defines ``survivor'' as including an
individual at least 18 years old who ``cares for another individual
against whom a covered act has been committed or allegedly committed,''
but it requires covered providers to separate the lines of both the
survivor and ``any individual in the care of the survivor,'' upon
request of the survivor. As such, we interpret these provisions to mean
that covered providers must separate the lines, upon request, of any
individual in the care of a survivor without regard to whether a
covered act has been committed or allegedly committed against the
individual in the care of the survivor. Some commenters expressed
support for our interpretation and none objected.
66. Timeline for Processing Line Separation Requests. Recognizing
the urgency with which survivors may be seeking line separation
requests, we adopt a rule that clarifies the SCA's requirement that
covered providers effectuate line separations not later than two
business days after receiving a completed line separation request from
a survivor. No commenters opposed this approach, although Verizon
expressed opposition to a more stringent approach, such as requiring
processing ``48 hours after receipt.'' Specifically, we require covered
providers to process line separation requests as soon as feasible, but
not later than close of business two business days after the day the
provider receives a completed request. For example, requests received
before midnight at the end of a Monday must be processed no later than
close of business on Wednesday. Under our rule, covered providers must
take all steps to effectuate line separation requests within the two
business day timeframe, including reviewing the request to determine if
it is complete and effectuating or rejecting the request. We conclude
that our rule is consistent with the text and goals of the SCA. We
recognize that in some instances, the two-business day standard we
adopt will require the line separation to be
[[Page 84419]]
completed within 48 hours, but that will not always be the case. For
instance, when submissions are made on Fridays or during the weekend, a
carrier will have longer than 48 hours to effectuate the line
separation, though we would encourage them to effectuate it sooner
whenever possible.
67. We define business days as Monday-Friday, 8 a.m. to 5 p.m.,
excluding provider holidays, which fulfills requests from industry
commenters that we incorporate the same definition for business hours
that make up a business day as is used in the Commission's porting
rules. Notwithstanding the two-business day requirement, we clarify
that our ``rules do not undermine the Safe Connections Act's strong
incentives for wireless providers to accommodate [line separation
requests].'' Therefore, ``[i]f effectuating [a line separation request]
is technically infeasible for a particular provider in two business
days, but three days is feasible,'' the covered provider can rely on
the technical infeasibility exception to delay completion of the
request rather than denying the request and requiring survivors to
start the entire process again, as long as the provider notifies the
survivor of the status of their request and the expected completion
timeline within two business days of receiving the request.
68. We decline to require that covered providers process line
separation requests in less than two business days in cases of
emergency or extreme hardship for the survivor, as the National
Domestic Violence Hotline requests. Although we appreciate that some
survivors may experience increased urgency for their line separation
requests, we agree with NCTA that Congress was likely aware of the
hardship that survivors may be facing when it explicitly gave covered
providers up to two business days to complete requests, and we
otherwise anticipate that it would be difficult for covered providers
to accurately determine which requests qualify as emergencies or
extreme hardship. For the same reason, we decline requests to require
that covered providers process line separation requests within two
calendar days. However, we expect that requiring providers to complete
all requests as soon as feasible will prevent undue delay in completion
of requests.
69. Operational and Technical Infeasibility. We codify the SCA's
provision that covered providers who cannot operationally or
technically effectuate a line separation request are relieved of the
obligation to effectuate line separation requests. Additionally, we
conclude that any line separation a covered provider can complete
within two business days under its existing capabilities, as those may
change over time, does not qualify as operationally or technically
infeasible. We conclude that because this provision specifies that
covered providers are only relieved of the ``requirement to effectuate
a line separation request,'' providers are generally obligated to offer
survivors the ability to submit requests for line separations described
in the statute, even if the provider may not be able to effectuate such
separations in some instances. However, to avoid survivor confusion and
minimize the need for communications between covered providers and
survivors, if a covered provider cannot operationally or technically
effectuate certain types of line separations in all instances, we
require the covered provider to clearly notify the survivor in its
Notice to Consumers and through whatever mechanisms survivors are
permitted to use to request line separations, which types of line
separations the provider cannot perform and state that it cannot
perform those separations due to operational or technical limitations.
70. We require covered providers to take reasonable steps to be
able to effectuate all types of line separations permitted by the
statute, but decline to prescribe when a provider can rely on the
operational or technical infeasibility exception. We find that the
intent and spirit of the SCA's line separation requirement is that
survivors be able to obtain the line separations of their choosing, and
the record indicates that covered providers intend to and will be
capable of effectuating most line separation requests. We therefore
think it is appropriate that all covered providers be required to take
reasonable steps to be able to effectuate all types of line
separations. However, given the significant differences in covered
providers' processes and systems, we conclude that we cannot
categorically define which types of line separations qualify as
operationally or technically infeasible and that the better course of
action is to give providers flexibility to make such determinations. We
nevertheless expect that all covered providers will be able to
effectuate at least some types of line separations.
71. We also codify the SCA's requirement that a covered provider
that cannot operationally or technically effectuate a line separation
request must: (1) notify the survivor who submitted the request of that
infeasibility, and (2) provide the survivor with information about
alternatives to submitting a line separation request, including
starting a new account for the survivor. The SCA uses the phrase
``starting a new line of service'' which is ambiguous. A new line, if
made on the same shared account with the abuser, would not accomplish
Congress's goal of ensuring survivors ``establish[ ] independence from
. . . abuser[s].'' We thus understand this phrase to describe starting
a new account for the survivor, which we believe accords with
Congress's intent. We require covered providers to explain in the
notification the nature of the operational or technical limitations
that prevent the provider from completing the line separation as
requested and any available alternative options that would allow the
survivor to obtain a line separation. Consistent with the SCA, we
require a covered provider to notify a survivor of any rejection of a
line separation request as a result of operational or technical
infeasibility at the time of the request, or for a request made using
remote means, not later than two business days after the covered
provider receives the request. Covered providers shall deliver these
notifications in the manner of communication selected by the survivor
at the time of the request and in the language selected by the
survivor, if applicable. Verizon encourages the Commission to permit
providers to give ``short plain-English explanations'' regarding the
nature of a operational or technical limitation preventing the
processing of a line separation. While we agree with Verizon that
covered providers should not overwhelm survivors with technical
explanations, we do require providers to give survivors as much
information about the operational or technical limitation as will allow
them to make informed decisions about what to do next, such as, e.g.,
revise their request, initiate a new request, or seek other options.
72. We conclude that covered providers must offer, allow survivors
to elect, and effectuate any available alternative options that would
allow survivors to obtain a line separation. This proposal was
unopposed in the record. For example, if a covered provider is not able
to separate an abuser's line from an account because the abuser is the
primary account holder, but can separate the survivor's line from the
account, the provider must offer that alternative. Likewise, if a
covered provider is not capable of processing a line separation request
in the middle of a billing cycle but can do so at the end of the
billing cycle, the provider must offer that. This approach maximizes
the benefits of the line
[[Page 84420]]
separation requirement and helps prevent survivors from being forced
into a less desirable alternative. We find that the approach we take
here achieves the goals of the SCA without placing undue costs and
burdens on covered providers. Verizon explains that ``in some cases, a
wireless provider may not be able to create a new account for a
survivor without initially applying certain financial obligations as
part of the account setup'' and argues that ``as long as those
obligations are promptly waived by the system or the customer service
employee after the new account is created, Congress's objective is
met.'' We agree; however, in such instances survivors must not be
required to take additional steps for such financial obligations to be
waived; the wavier must be automatic.
73. Finally, we also require covered providers to deliver a clear
and concise notification to survivors, within two business days after
receiving the request, if a line separation request is rejected for any
other reason, and such notification must include the basis for the
rejection and information about how the survivor can either correct any
issues, submit a new line separation request, or select alternative
options to obtain a line separation, if available.
74. Resubmissions. To ensure that survivors making legitimate line
separation requests can receive timely relief, we conclude that any
corrections, resubmissions, or selected alternatives for obtaining a
line separation submitted by survivors following a denial should be
treated as new requests and therefore must be processed by covered
providers as soon as feasible, but not later than close of business two
business days after the provider receives the request. We agree with
EPIC et al. that ``[t]ime may be of the essence when a survivor
initiates the line separation request, and there is no reason a
provider expected to respond within two days of the initial submission
cannot respond within two days for subsequent submissions.''
75. Measures to Stop Abusers from Preventing Survivors from
Obtaining Line Separations. We are concerned that some abusers may take
preemptive steps to prevent survivors from obtaining line separations,
particularly if an abuser becomes aware of a survivor's attempt to
separate a line. We reiterate our conclusion in the Safe Connections
NPRM that the SCA requires covered providers to complete non-fraudulent
line separations as long as the request provides the information
required or permitted by the statute and our implementing rules,
subject to operational and technical feasibility. Accordingly, we
implement rules to ensure survivors can obtain line separations
notwithstanding abusers' efforts to prevent them from doing so. First,
to stop an abuser or other user from removing the survivor's access to
the line before the request is processed, we require covered providers
to lock an account to prevent all SIM changes, number ports, and line
cancellations (other than those requested as part of the line
separation request pursuant to section 345 and our rules) as soon as
feasible after receiving a completed line separation request from a
survivor, and until a request is processed or denied. Second, given
evidence in the record that abusers may seek to exert control over
survivors and to ensure that account locks do not become an avenue for
perpetuating abuse and other crimes, we require covered providers to
effectuate line separations, and any number port and SIM change
requests made by the survivor as part of the line separation request,
regardless of whether an account lock is activated on the account.
There is some evidence in the record that stalkerware apps and spyware
can be used to further endanger survivors, and we think it is
reasonable to conclude that some survivors may request a SIM change so
they can keep their separated number, but use a new device, for safety
reasons. Finally, in situations where any customer other than the
survivor requests that the covered provider stop or reverse a line
separation on the basis that the line separation request was
fraudulent, covered providers must complete or maintain any valid line
separation request and make a record of the customer's complaint in the
customer's existing account and, if applicable, the customer's new
account, in the event further evidence shows that the request was in
fact fraudulent. We conclude that our approach here best balances the
importance of account protection measures to prevent fraud with the
goal of ensuring survivors can obtain legitimate line separations.
76. Notification to Primary Account Holders and Abusers. As
contemplated by the SCA, we require a covered provider to inform a
survivor who has submitted a line separation request, but who is not
the primary account holder, of the date on which the covered provider
intends to give any formal notification to the primary account holder.
We also require covered providers to inform survivors of the date the
covered provider will inform the abuser of a line separation,
cancellation, or suspension of service, involving the abuser's line to
the extent such notification is necessary. We require covered providers
to give such notice to the survivor as soon as is feasible after
receiving a completed line separation request. As API-GBV notes, by
informing survivors of the date the abuser will learn of the line
separation, covered providers will give survivors an opportunity to
``do relevant and timely safety planning.'' We prohibit a covered
provider from notifying an abuser who is not the primary account holder
when the lines of a survivor or an individual in the care of a survivor
are separated from a shared mobile service contract. By limiting the
scope of when covered providers may notify abusers of line separations,
we acknowledge the concerns of multiple commenters who stress that
``[o]ne of the most dangerous times for a victim is when they are
attempting to leave an abusive situation and the abuser becomes aware
of their intent.'' We also prohibit a covered provider from notifying a
primary account holder, or an abuser who is not a primary account
holder, of a survivor's request for a SIM change when made in
connection with a line separation request pursuant to section 345. We
decline to require covered providers to further delay notification to a
primary account holder or abuser whose line is being separated, as
proposed by some commenters, though we permit and encourage covered
providers to do so if operationally feasible. As some commenters have
noted, a line separation request involving the separation of the
abuser's line may require the abuser to become financially responsible
for the line immediately following the separation, or to give consent
to open a new account. In such situations, the covered provider may
need to inform the abuser immediately upon or before separating the
abuser's line, making a notification delay infeasible. In implementing
processes to ensure that primary account holders and, when necessary,
abusers, are not notified about line separations until the date that
the covered provider has provided to the survivor, we emphasize that
covered providers should be mindful of their existing internal systems
and processes that may cause some or all account users to receive
automatic notifications about account activity, which may serve as de
facto notifications about the line separation request.
d. Documentation of Completed Line Separation Request Submission
77. We require covered providers to provide a survivor with
documentation that clearly identifies the survivor and shows that the
survivor has submitted a legitimate line separation request under
[[Page 84421]]
section 345(c)(1) and the Commission's rules upon completion of the
providers' line separation request review process. The SCA limits
access to ``emergency communications support'' in the designated
program to those survivors that meet the requirements of section
345(c)(1) and that are experiencing financial hardship, regardless of
their ability to otherwise participate in the designated program. As
such, survivors will require documentation demonstrating their
submission of a legitimate line separation request to enroll in
Lifeline, as the designated program, and receive support. Although no
commenter offered specific suggestions about the type of information
that should be included in this documentation to process a request for
Lifeline support, we rely on the Commission's substantial experience
managing its affordability programs to determine an appropriate
approach. Specifically, regarding survivor identity, we require that
the documentation include the survivor's full name and confirmation
that the covered provider authenticated the survivor as a user of the
line(s) subject to the line separation request. We further require that
covered providers give survivors this documentation even if the line
separation request could not be processed due to operational or
technical infeasibility, as long as the survivor submitted a completed
request in accordance with the requirements of section 345(c)(1) and
the Commission's rules. We observe that entry into the emergency
communications program is not limited to only those survivors who
successfully obtain a line separation, but rather to those who satisfy
the requirements of section 345(c)(1) and are experiencing financial
hardship. Finally, we require covered providers to provide this
documentation to survivors in a manner that would allow the survivor to
share that documentation with USAC when the survivor seeks Lifeline
support pursuant to the SCA. Accordingly, covered providers must
provide the documentation in a written format that can be easily saved
and shared by a survivor, such as an electronic notice delivered over
email, information in a survivor's new account that can be easily
downloaded or captured via a screenshot, some method of text messaging
that can be easily captured via screenshot, or regular mail delivered
to an address designated in the request. Telephonic delivery of this
notice is insufficient, as it will not allow the survivor to confirm
that they complied with the requirements of the line separation
process. Covered providers should deliver this documentation via the
means selected by the survivor for communications regarding the line
separation request, to the extent such means satisfy both requirements.
We acknowledge, however, that depending on the methods a survivor
chooses for communications with a covered provider regarding the line
separation request, covered providers may not have contact information
that would allow them to send certain written documentation, and we
permit providers to request contact information only for the purpose of
providing this documentation for Lifeline enrollment under the SCA.
e. Employee Training
78. We conclude that all covered provider employees who may
interact with survivors regarding a line separation request must be
trained on how to assist them or on how to direct them to other
employees who have received such training. Industry commenters stressed
the need for flexibility regarding employee training requirements to
account for differences in provider resources, customer bases, and
systems. Moreover, NCTA noted that ``avoiding prescriptive rules also
would reduce the implementation burdens associated with the new
requirements.'' We believe that a flexible approach to training and
customer service will best allow providers, particularly small
providers, to account for differences in operational capabilities,
resources, service models, and customer bases, and as such, we decline
to adopt more prescriptive requirements regarding training of
employees. Verizon noted that it ``maintains a group of customer care
employees specially trained to handle the sensitivities surrounding
[line separation requests] from domestic violence survivors and to walk
the survivors through the secure process of documenting the abuse,
establishing a new account (or removing an alleged abuser from an
existing account), selecting a service plan and, where requested,
facilitating a number change or port out.'' While we applaud Verizon's
efforts and urge covered providers to consider a similar approach, we
decline to mandate that every covered provider maintain specialized
staff to address survivor line separation requests, as API-GBV
suggests. The record reflects that not all providers, particularly
small providers, may have the operational capabilities or resources to
establish specialized units of staff.
4. Notice to Consumers
79. As proposed in the Safe Connections NPRM, we require covered
providers to provide a ``Notice to Consumers'' with information about
the options and process for a line separation request made readily
available to all consumers through the provider's public-facing
communication avenues. We specifically incorporate the SCA's
requirement that covered providers ``make information about the options
and process'' regarding line separations ``readily available to
consumers: (1) on the website and the mobile application of the
provider; (2) in physical stores; and (3) in other forms of public-
facing consumer communication'' for this ``Notice to Consumers.'' The
record reflects that the Notice to Consumers should be available in an
``easy to find,'' ``prominent,'' or ``obvious'' place on provider
websites and applications, and as such, we require covered providers to
place the Notice to Consumers, or a prominent link to it, on a support-
related page of the website and mobile application of the provider,
such as a customer service page. We agree with Verizon and NCTA that
adopting a flexible, rather than a one-size-fits-all, requirement for
the placement of the Notice to Consumers on provider websites and
applications enables the wide variety of covered providers to display
it in the way that is most suitable to their customers, and find that
our approach here strikes the right balance between being minimally
prescriptive and ensuring that there is some consistency between
covered providers' practices. API-GBV suggests that we require
providers to include links to other victim-related resources, such as
the National Domestic Violence Hotline, or National Sexual Assault
Hotline. We decline to do so as this is outside the scope of the
requirements of the SCA. In physical stores, we permit covered
providers to make the Notice to Consumers readily available via flyers,
signage, or other handouts, and require covered providers, at a
minimum, to ensure that any materials containing the Notice to
Consumers in-store are clearly visible to consumers and accessible. We
also require covered providers to provide the Notice to Consumers in-
store in all languages in which the provider advertises within that
particular store and on its website in all languages in which the
provider advertises on its website, and in all formats (large print,
braille, etc.) that the provider uses to make its service information
available to persons with disabilities. Commenters take no direct
[[Page 84422]]
issue with this approach for the in-store or website Notice to
Consumers.
80. We decline at this time to provide more specific guidance
regarding the SCA's requirement that covered providers make the Notice
to Consumers readily available ``in other forms of public-facing
consumer communication.'' We received no comment regarding what other
forms of communication covered providers employ and how such providers
should make the Notice to Consumers readily available through those
avenues. Given the wide variety of communication methods that could
fall within this category, and the lack of record received from
industry and consumer stakeholders, we conclude the best approach is to
preserve the flexibility of covered providers to determine how best to
communicate the Notice to Consumers beyond their websites and stores.
We may revisit this approach in the future should we determine that
covered providers are not doing enough to apprise consumers of their
rights under the SCA.
81. Consistent with the SCA, we require covered providers to
include in the Notice to Consumers, at a minimum, an overview of the
line separation process that we adopt in this document; a description
of survivors' service options that may be available to them; a
statement that the SCA does not permit covered providers to make a line
separation conditional upon the imposition of penalties, fees, or other
requirements or limitations; and at least basic information concerning
the availability of the Lifeline support for qualifying survivors. We
decline to adopt the suggestion of the NYC ENDGBV that we ``require
standardized language to explain the entire process of line separation
to survivors,'' as we find it is most appropriate to allow covered
providers to tailor the Notice to Consumers to their services,
operations, and systems. By permitting some flexibility in how covered
providers communicate the Notice to Consumers, covered providers may
give detail regarding how their particular customers may request a line
separation. Additionally, given the variety of platforms and media on
which the Notice to Consumers will be published, this flexibility will
give covered providers the leeway to optimally design the notice for
each communication method.
5. Prohibited Practices in Connection With Line Separation Requests
82. We adopt our proposal to codify the provisions of the SCA
prohibiting covered providers from making line separations contingent
on: (1) payment of a fee, penalty, or other charge; (2) maintaining
contractual or billing responsibility of a separated line with the
provider; (3) approval of separation by the primary account holder, if
the primary account holder is not the survivor; (4) a prohibition or
limitation, including payment of a fee, penalty, or other charge, on
number portability, provided such portability is technically feasible,
or a request to change phone numbers; (5) a prohibition or limitation
on the separation of lines as a result of arrears accrued by the
account; (6) an increase in the rate charged for the mobile service
plan of the primary account holder with respect to service on any
remaining line or lines; or (7) any other requirement or limitation not
specifically permitted by the SCA. We agree with Verizon that the SCA's
``restrictions on various rates, terms, and conditions of service are
largely self-executing and self-explanatory,'' and commenters generally
support our approach in interpreting these provisions of the SCA. We
provide further guidance on these prohibitions, as necessary, below.
83. Fees, Penalties, and Other Charges. We adopt the SCA's
prohibition on making a line separation contingent on payment of a fee,
penalty, or other charge. As explained in the Safe Connections NPRM,
and supported by the record, we conclude that this clause would
prohibit covered providers from enforcing any contractual early
termination fees triggered by the line separation request, if the line
separation request was made pursuant to section 345, regardless of
whether a survivor continues to receive service from the provider as
part of a new arrangement upon a line separation or ceases to receive
service from the provider. We make this explicit in our rule
implementing this provision.
84. Number Portability and Number Changes. We incorporate into our
rules the SCA's prohibition on conditioning a line separation on the
customer maintaining service with the provider (provided that such
portability is technically feasible). We interpret the SCA's
prohibition on number portability restrictions and fees in relation to
a line separation request as requiring covered providers to permit both
the party remaining on an account and the party separating from an
account to port their numbers, without fees or penalties, provided such
portability is technically feasible. Likewise, we incorporate into our
rules the SCA's provision that prevents a covered provider from
prohibiting or limiting a survivor's ability to request a phone number
change as part of a line separation request, as proposed. As we
explained in the Safe Connections NPRM, a survivor who is the primary
account owner requesting separation of an abuser's line from the
account might want to keep the account to maintain any promotional
deals, complete device pay-off, or avoid early termination fees, but
change a telephone number for safety purposes. We conclude that this
provision of the SCA bars covered providers from prohibiting such
telephone number change requests or attaching a fee or penalty for
doing so.
85. Rate Increases. We incorporate in our rules the SCA's provision
that prohibits covered providers from making line separations
contingent on a rate increase for the primary account holder's plan
with respect to service on any remaining line or lines, although a
covered provider is not required to provide a rate plan for the primary
account holder that is not otherwise commercially available. As
proposed in the Safe Connections NPRM, we interpret this provision to
prohibit covered providers from denying a survivor's line separation
request if the primary account holder for the remaining lines does not
agree to a rate increase, or from forcing the remaining primary account
holder to switch to a service plan that has a higher rate, although the
person may elect to switch to a rate plan that has a higher or lower
rate from among those that are commercially available. We also find
this provision does not require covered providers to offer survivors or
remaining parties a specialized rate plan that is not commercially
available if the party does not choose to continue the existing rate
plan. We agree with Verizon that beyond this guidance, ``it would be
unnecessary and counterproductive to micromanage or prescriptively
regulate how wireless providers implement'' these duties, given their
wide variety of ``different service plans and business models.''
Accordingly, we decline NCTA's suggestion to make explicit in our rules
``that it is permissible for accounts affected by a line separation to
remain eligible for multi-line discounts based on the number of lines
active on each account after the separation has been implemented,''
though we note that such a practice would not be prohibited under the
SCA or our implementing rules, as long as the line separation was not
contingent on the acceptance by the account holder of a new plan.
86. Contractual and Billing Responsibilities. We incorporate in our
rules the SCA's prohibition on making a line separation contingent upon
[[Page 84423]]
``maintaining contractual or billing responsibility of a separated
line'' with the covered provider. As proposed in the Safe Connections
NPRM, we interpret this provision as requiring covered providers to
give the party with the separated line the option to select any
commercially available prepaid or non-contractual service plan offered
by the covered provider, whether that party is a survivor or abuser. We
also conclude that this provision prohibits covered providers from
requiring a survivor who separates a line to maintain the same
contract, including any specified contract length or terms, as the
account from which those lines were separated (i.e., continuing a
contract for the remainder of the time on the original account for the
new account or requiring the survivor to maintain all previously-
subscribed services (voice, text, data) under the new account).
87. Credit Checks. Consistent with the record, we adopt our
proposal to specify that covered providers may not make line
separations contingent on the results of a credit check or other proof
of a party's ability to pay. We likewise adopt our proposal to prohibit
covered providers from relying on credit check results to determine the
service plans from which a survivor is eligible to select and whether a
survivor can take on the financial responsibilities for devices
associated with lines used by the survivor or individuals in the care
of the survivor. As Congress explained, ``[s]urvivors often lack
meaningful support and options when establishing independence from an
abuser, including barriers such as financial insecurity,'' and
survivors may thus not be able to demonstrate their financial stability
as a result of their abusive situation. As such, we find it consistent
with the SCA to prohibit covered providers from making line separations
contingent on the results of a credit check or other proof of a party's
ability to pay. Consistent with our tentative findings in the Safe
Connections NPRM, however, we find that these restrictions would not
impact the ability of a covered provider to perform credit checks that
are part of its routine sign-up process for all customers as long as
the covered provider does not take the results of the credit check into
account when determining whether it can effectuate a line separation.
We believe this approach addresses NCTA's suggestion that the
Commission not prohibit covered providers from ``requir[ing] other
proof of ability to pay or other verification information'' as part of
``applying their standard payment terms to separated accounts . . . .''
Stated another way, we permit covered providers to use credit checks in
the generally applicable account sign-up process after they have
effectuated the line separation for survivors.
6. Financial Responsibilities and Account Billing Following Line
Separations
88. We adopt our proposal to codify the SCA's statutory
requirements for financial responsibilities and account billing
following line separations. Specifically, unless otherwise ordered by a
court, when survivors separate their lines and the lines of individuals
in their care from a shared mobile service contract, they must assume
the financial responsibilities, including monthly service costs, for
the transferred numbers beginning on the date on which a covered
provider transfers the billing responsibilities for and use of the
transferred numbers to those survivors. Covered providers may not
require survivors to assume financial responsibility for mobile devices
associated with those separated lines unless the survivor purchased the
mobile devices, affirmatively elected to maintain possession of the
mobile devices, or are otherwise ordered to by a court. When survivors
separate an abuser's line from a shared mobile service contract, a
covered provider may not impose on survivors any further financial
responsibilities to the transferring covered provider for the services
and mobile devices associated with the telephone number of the
separated line. To ensure that providers can implement processes and
procedures that work with their particular information technology (IT),
billing, and other administrative systems, we decline to implement more
prescriptive rules governing covered providers' administration of the
financial responsibility and account billing requirements. Given the
complexities and uniqueness of each provider's systems, we agree with
CCA that ``flexible rules will enable wireless providers to comply and
make necessary technical and operational updates in a manner best
adapted to their service model, customer base, and available
resources.'' Although we decline to implement more prescriptive rules
beyond those established in the SCA, in consideration of the record,
and pursuant to the SCA's charge that we consider account billing
procedures and financial responsibilities in adopting rules governing
line separations, we clarify how providers apply those obligations
below.
89. Lines. Although the SCA contemplates that survivors will not be
financially responsible for the abuser's line the moment the line
separation is processed, we recognize that there may be instances when
a covered provider cannot practically prorate those financial
responsibilities. In such instances, we make clear that a covered
provider can rely on the operational and technical infeasibility
exception to process the request without prorating the financial
responsibilities for the abuser's line, as long as the provider
releases the survivor from financial responsibility for the abuser's
line at the start of the next billing cycle, which we expect will not
be more than one month following the date the request is processed.
90. Similarly, we understand, as Verizon explains, that ``in some
cases, a wireless provider may not be able to create a new account for
a survivor without initially applying certain financial obligations as
part of the account setup.'' We agree that, ``as long as those
obligations are promptly waived by the system or the customer service
employee after the new account is created, Congress's objective is
met.'' We stress, however, that covered providers must waive these fees
without requiring survivors to follow up or take additional steps.
91. Devices. We clarify how the obligations for device financial
responsibilities apply when a third party is involved with the
financing or sale of the device. NCTA states that ``some providers
offer device financing through a third party, and it is the third party
that has a contractual relationship with the customer.'' In that
scenario, NCTA asserts, ``the provider may not have the ability to
waive device costs and it should not be required to bear such costs.''
We observe that, in most cases, a contract to finance a device through
a third party is an agreement to ``purchase'' the device, and as such,
a survivor may be financially responsible for the financed device
associated with the separated line under the provisions of the SCA. In
any event, neither the SCA nor our rules require covered providers to
bear device costs. If, however, a covered provider offers a device for
sale on its website, in a retail store, or through some other means, we
conclude that it is the provider's responsibility to ensure that the
financial responsibilities for any devices are assigned to the
appropriate party following a line separation, including when the
device is purchased using third-party financing offered by the
provider. We find that this approach most closely aligns with the goals
of the SCA.
[[Page 84424]]
92. We agree with Verizon, however, that when a device is offered
and financed by a third party, such as a big-box retailer or directly
from the device manufacturer, the covered provider does not have an
obligation to ensure that third party complies with the SCA's device
financial responsibility obligations. In this scenario, the covered
provider was not involved with the sale or financing of the device and
has no relationship with the seller or financier, so there is no means
by which the covered provider can compel the third party to comply with
the obligations the SCA places on the provider.
93. Payment Terms and Conditions. We conclude that the SCA permits
covered providers to apply their standard payment or contract terms and
conditions to separated lines and devices, to the extent that such
terms are consistent with the SCA's limitations on penalties, fees, and
other requirements. We agree with NCTA that the statute ``is not
intended to upend the customer-provider relationship,'' and that
requiring different terms and conditions in service agreements for
survivors could ``increase the incidence of fraud.'' In this regard,
NCTA noted that ``some providers may require a credit card to secure
the device, require or incentivize enrollment in monthly auto-pay
programs, or require other proof of ability to pay or other
verification information, such as billing address or the last four
digits of the Social Security number.'' These provider practices do not
appear to run afoul of the SCA's limitations. Providers, however,
should be keenly aware that some survivors may lack access to credit,
may be in a transitory state and temporarily lack a permanent address,
or be otherwise unable to satisfy some other standard provider
requirements. In such cases, providers should work closely with
survivors by either helping them gather the necessary payment and
verification documentation or by providing information on how they can
otherwise satisfy provider requirements, such as by applying to the
Lifeline program for financial assistance. If a survivor is ultimately
unable to satisfy the provider's standard terms, the provider should
also be prepared to inform the survivor of alternative communications
service options the provider may offer, such as prepaid or postpaid
plans, or the ability to port a number to another provider who may
offer service to those in similar circumstances. Though not required by
the SCA or by our rules, providers should consider waiving certain
terms and conditions some survivors may be temporarily unable to
satisfy due to extenuating circumstances. Congress's findings note the
key role communications services can play in helping survivors
establish autonomy and safety from abusers, but provider terms and
conditions that are too onerous on survivors could unnecessarily impede
survivor access to the SCA's benefits, including the ability to
establish independent wireless service.
94. Arrears. We adopt our proposal that any previously accrued
arrears on an account following a line separation must stay with the
person who was the primary account holder prior to the separation. For
example, if the abuser's line is separated and the abuser was the
primary account holder, the arrears would be reassigned to the abuser's
new account. Similarly, if the survivor was the primary account holder
and separates the abuser's line, the arrears would stay with the
survivor's account. Conversely, if the survivor's line is separated and
the abuser was the primary account holder, the arrears would stay with
the abuser's account. No commenters raised any concerns about the
administrability of this approach.
7. Effects on Other Laws and Regulations
95. Number Porting. We conclude that the Commission's current
telephone number porting rules apply for lines that have been separated
pursuant to section 345 of the Communications Act. As explained in the
Safe Connections NPRM, we do not believe, and the record provides no
indication, that there is anything unique about number ports associated
with line separations that would make such ports more or less
technically feasible than under other circumstances. Accordingly, we
conclude that any ports covered providers are currently required to
complete, and technically capable of completing, are technically
feasible under the SCA. We also conclude that should the requirements
or capabilities for number porting change in the future, any newly
feasible ports will also be considered technically feasible when sought
in connection with a line separation under the SCA.
96. We also find that, as a practical matter, although survivors
may indicate as part of their line separation request that they intend
to port out the separated (or remaining) telephone numbers to a new
provider, a covered provider must complete a line separation request
prior to effectuating a number port pertaining to that line. As the
Commission explained in its Safe Connections NPRM, customers who want
to port a number to a new provider currently must provide the telephone
number, account number, ZIP code, and any passcode on their existing
account to the new provider. Survivors who are not primary account
holders, however, may have limited access to the necessary account
information. However, once a line separation is completed, a survivor
will have a new account and presumably have access to all the
information needed to port a number to a new provider. Furthermore, as
Verizon noted and as NCTA echoed, completing the line separation
process and then porting a number will ``enable providers to leverage
their existing porting processes, to apply appropriate porting fraud
prevention measures, and to manage their number inventories in a manner
that facilitates continued compliance with the number aging and
Reassigned Number Database (RND) reporting requirements.'' And, because
simple wireless-to-wireless ports typically happen within a few hours,
there would be little time saved by requiring providers to concurrently
separate lines and process ports. As such, we find that providers
should process and complete line separation requests before completing
number ports, which will allow them to leverage their existing systems
and processes that port numbers ``routinely and reliably.'' To the
extent that a survivor initiates a port-out request with a new service
provider for a line that is the subject of an in-process line
separation request, we prohibit the current service provider from
notifying the account holder of the request to port-out that number
until after the line separation request has been completed, to avoid
situations where an abuser who is the account owner is notified of a
survivor's pending line separation or port-out request on an account
shared by an abuser and a survivor.
97. Compliance with Privacy Protections and Other Law Enforcement
Requirements. In adopting rules to implement the SCA, Congress directed
the Commission to consider, among other things, privacy protections and
compliance with the Commission's CPNI rules or any other legal or law
enforcement requirements. The Commission's CPNI rules implement section
222 of the Communications Act, which obligates telecommunications
carriers to protect the privacy and security of information about their
customers to which they have access as a result of their unique
position as network operators. Section 222(a) requires carriers to
protect the
[[Page 84425]]
confidentiality of proprietary information of and relating to their
customers. Subject to certain exceptions, section 222(c)(1)
specifically provides that a carrier may use, disclose, or permit
access to CPNI that it has received by virtue of its provision of a
telecommunications service only: (1) as required by law; (2) with the
customer's approval; or (3) in its provision of the telecommunications
service from which such information is derived or its provision of
services necessary to or used in the provision of such
telecommunications service. The Commission's rules implementing section
222 are designed to ensure that telecommunications carriers establish
effective safeguards to protect against unauthorized use or disclosure
of customers' proprietary information. Among other things, the rules
require carriers to appropriately authenticate customers seeking access
to CPNI. The Commission's CPNI rules also require carriers to take
reasonable measures to both discover and protect against attempts to
gain unauthorized access to CPNI and to notify customers immediately of
certain account changes, including whenever a customer's password,
response to a carrier-designed back-up means of authentication for lost
or forgotten passwords, online account, or address of record is created
or changed.
98. We provide additional guidance regarding the treatment of
historical CPNI and notification of account changes related to lines
subject to a line separation request pursuant to section 345. In
particular, we make clear that historical CPNI shall remain with the
original account, though we permit covered providers to move CPNI
associated with a separated line if feasible. We agree with NDVH that
retroactively separating historical CPNI by each line on an account and
then transferring it along with the separated line to a new account may
not be technically feasible or practical for providers. Therefore, we
conclude that covered providers are not required to move historical
CPNI associated with a separated line to a new account, although we
encourage providers to do so to the extent possible.
99. We also modify the Commission's rule requiring
telecommunications carriers to notify customers ``immediately''
whenever a password, customer response to a back-up means of
authentication for lost or forgotten passwords, online account, or
address of record is created or changed'' to clarify that this rule
does not apply when such changes are made in connection with a line
separation request made pursuant to the SCA.
100. Finally, we make clear that except for any enhanced
protections provided to survivors under state law as described in
section 345(c)(3), compliance with the line separation provisions of
the SCA and the rules we have adopted in this document to implement
those provisions supersede and preempt any conflicting obligations
under state law, Commission rules, or state rules. Commenters did not
raise concerns regarding conflicts with any law enforcement provisions
regarding line separations.
8. Implementation
101. Compliance Timeframe. Consistent with prior Commission
actions, and in light of the urgency of this issue to survivors'
safety, we require covered providers to comply with our rules
implementing the SCA's line separation provisions within a short period
of time, six months after the effective date of this document or after
review of the rules by the Office of Management and Budget (OMB) is
completed, whichever is later. The SCA states that the line separation
requirements in the statute ``shall take effect 60 days after the date
on which the Federal Communications Commission adopts the rules
implementing'' those requirements, but also directs the Commission, in
adopting rules, to consider ``implementation timelines, including those
for small covered providers.'' We find the SCA's direction that the
Commission consider ``implementation timelines'' in adopting rules to
implement new section 345 of the Communications Act provides the
Commission with discretion to establish an appropriate compliance
timeframe as necessary based on the record. Because we establish a
compliance timeframe for our implementing rules that is after the
effective date of new section 345 of the Communications Act, we will
delay enforcement of those rule provisions until after the compliance
date of the rules. Further, because many of the rules we adopt to
implement new section 345 of the Communications Act contain information
collections that are subject to review by the Office of Management and
Budget (OMB) under the Paperwork Reduction Act (PRA) and the SCA
provides no stated exception to the PRA, we have an independent
statutory obligation to comply with the PRA in adopting rules to
implement the SCA. We therefore require covered providers to comply
with the rules implementing the line separation provisions of the SCA
six months after the effective date of this document, or after OMB
completes review of the rules, whichever is later. We direct the
Wireline Competition Bureau to issue a Public Notice announcing the
compliance date for the rules implementing section 345 once OMB
completes its review.
102. The record demonstrates that implementing the line separation
provisions of the SCA will require providers to make significant
changes to their systems and processes. As NCTA explains, ``providers
will need time to build internal systems to meet the requirements of
the Commission's rules, to test, deploy, and train. There are a number
of unknown variables that make it difficult to fully build out a
provider's compliance system until the Commission adopts the final
rules.'' We agree with CTIA that ``[g]iven the highly sensitive nature
of supporting survivors, it is vitally important that providers have
sufficient time to implement the necessary changes to their systems and
processes accurately and effectively.'' We are also mindful that,
absent sufficient time to modify and test their systems, a significant
number of covered providers will employ the technical and operational
infeasibility exception to deny line separation requests, leading to
widespread survivor confusion. For these reasons, we require covered
providers to comply with the rules implementing the statutory line
separation requirements six months after the effective date of this
document, or after OMB review of those rules that involve information
collections under the PRA, whichever is later. We find, however, that
permitting a more extended compliance timeframe for implementing the
line separation provisions, as advocated for by industry commenters
would be inconsistent with the urgency Congress demonstrated with the
underlying statutory obligation as well as with the critical wireless
communications needs of survivors well-documented in the record. We
anticipate that many covered providers will be equipped to effectuate
line separations within six months of the effective date of this
document, given the steps that the industry has already taken to
advance this important process, and we encourage covered providers to
implement the rules we adopt in this document as expeditiously as
possible given the urgency of the concerns at issue. We also remind
covered providers that given the urgency expressed by Congress in the
SCA, they should be sensitive to survivors that may need assistance
during the six-month implementation and compliance
[[Page 84426]]
timeframe, and strongly encourage covered providers not to subject
survivors to fees or other restrictions in conjunction with setting up
a new account or cancelling an existing account while the line
separation process is technically or operationally infeasible.
103. The SCA directs the Commission to consider implementation
timelines for small covered providers, and after examination of the
record, we decline to adopt a different compliance timeframe for small
providers. First, given the critical and potentially lifesaving
importance of independent communications for survivors escaping abusive
circumstances, we think it self-evident that survivors who receive
service from small covered providers are no less entitled to the
protections made available by the SCA than survivors who receive
service from other covered providers. Second, we find that adopting
inconsistent timelines for small and large providers may make it
difficult for stakeholders to carry out effective messaging campaigns
touting the availability of line separations. This inconsistency may
confuse survivors and ultimately dissuade them from further pursuing a
line separation if they are told that their current carrier does not
offer the ability despite having been informed of the SCA's features by
a stakeholder messaging campaign. Third, we believe that Congress
included the technical and operational infeasibility provisions to
account for differences in the capabilities of providers (among other
reasons), particularly between large and small providers, and to
incentivize and protect providers while they work to update or develop
systems and processes capable of fully effectuating the SCA's
requirements and our rules within the compliance timeframe.
B. Ensuring the Privacy of Calls and Text Messages to Domestic Abuse
Hotlines
104. The SCA directs the Commission to consider (i) whether and how
to ``establish, and update on a monthly basis, a central database of
covered hotlines to be used by a covered provider or a wireline
provider of voice service,'' and (ii) whether and how to ``require a
covered provider or a wireline provider of voice service to omit from
consumer-facing logs of calls or text messages any records of calls or
text messages to covered hotlines in [such a] central database, while
maintaining internal records of those calls and messages.'' As
discussed below, we find it is in the public interest to establish such
a central database and adopt a process for doing so. We begin our
discussion with the requirement for covered providers to exclude calls
or text messages to covered hotlines from consumer-facing call logs,
and the definitions of key terms.
1. Creating an Obligation To Protect the Privacy of Calls and Text
Messages to Covered Hotlines
105. We adopt our proposal to require covered providers and
wireline providers of voice service to exclude from consumer-facing
logs of calls or text messages any records of calls or text messages to
covered hotlines that appear in a central database (discussed further
below), and to retain internal records of the omitted calls and text
messages. We make clear that the use of the word ``omit'' in our rule
provision regarding this requirement (Sec. 64.6408(a) (``All covered
providers, wireline providers of voice service, fixed wireless
providers of voice service, and fixed satellite providers of voice
service shall . . . [o]mit from consumer-facing logs of calls and text
messages any records of calls or text messages to covered hotlines in
the central database established by the Commission'')), should be
understood to mean ``completely exclude,'' not merely redact
identifying detail. Congress determined that ``perpetrators of [sexual]
violence and abuse . . . increasingly use technological and
communications tools to exercise control over, monitor, and abuse their
victims,'' and that ``[s]afeguards within communications services can
serve a role in preventing abuse and narrowing the digital divide
experienced by survivors of abuse.'' These findings are supported by,
among other things, field work with domestic violence survivors
demonstrating the risk of abusers' accessing domestic abuse survivors'
digital footprint, particularly call logs. The record in this docket
also reflects concerns raised regarding call and text logs. For
example, the New York State Office for the Prevention of Domestic
Violence notes that ``[r]isk to survivors escalates when they are
seeking to leave their abuser and calls to hotlines often precede
separation from one's abuser,'' and the Network for Victim Recovery of
DC (NVRDC) observes that ``[c]all and text records to and from covered
organizations would likely tip off an abuser who is closely monitoring
all communications.'' We are concerned that survivors may be deterred
in seeking help by the threat of an abuser using access to call and
text logs to determine whether the survivor is in the process of
seeking help, seeking to report, or seeking to flee. We therefore
conclude that protecting the privacy of calls and text messages to
covered hotlines, as described by the SCA, is in the public interest.
This proposal received broad support and no opposition.
106. The SCA specifically requires the Commission to consider
certain matters when determining whether to adopt a requirement for
protecting the privacy of calls and text messages to hotlines.
Specifically, section 5(b)(3)(B) of the SCA requires us to consider the
technical feasibility of such a requirement--that is, ``the ability of
a covered provider or a wireline provider of voice service to . . .
identify logs that are consumer-facing . . . and . . . omit certain
consumer-facing logs, while maintaining internal records of such calls
and text messages,'' as well as ``any other factors associated with the
implementation of [such requirements], including factors that may
impact smaller providers.'' Section 5(b)(3)(B) also requires us to
consider ``the ability of law enforcement agencies or survivors to
access a log of calls or text messages in a criminal investigation or
civil proceeding.''
107. The Commission tentatively concluded in the Safe Connections
NPRM that covered providers and wireline providers of voice service are
able to identify consumer-facing call and text logs, and no commenter
disputed this assertion. Nor did any commenter contend that excluding
calls and text messages to covered hotlines from consumer-facing call
logs was technically infeasible, or that it was technically infeasible
to retain internal records of such calls while excluding such calls
from consumer-facing call logs. Indeed, none of the trade associations
representing substantially different segments of covered providers and/
or providers of wireline voice service raises specific issues relating
to selectively omitting calls and text messages from call and text logs
in their discussion of implementation.
108. We also adopt our proposal to require providers that remove
calls and text messages to covered hotlines from consumer-facing call
logs to retain an internal record of such calls for as long as they
normally retain internal records of calls. Retaining such internal
records is necessary to ensure some record remains available if
disputes or criminal investigations or civil or criminal legal
proceedings arise. Further, records of calls and text messages do not
appear to exist solely in the form of call logs, but, rather, are
independent records--that is, some processing must be applied to the
records to create call logs. As a result,
[[Page 84427]]
as proposed, we require service providers to maintain internal records
of calls and text messages that they exclude from consumer-facing logs
when such records are required for any criminal or civil enforcement
proceeding, or for any other reason. No commenter opposed this
proposal. We use the term ``service provider'' to refer all types of
providers to which we apply the obligation to protect the privacy of
calls and text messages to hotlines--covered providers, wireline
providers of voice service, and, as discussed below, fixed wireless and
fixed satellite providers.
109. Extension of Obligation to Fixed Wireless and Fixed Satellite
Providers of Voice Service. The Commission observed in the Safe
Connections NPRM that subscribers to fixed wireless and fixed satellite
voice service may expect that the privacy of their calls and text
messages to hotlines are also protected, despite the providers of the
service likely being neither ``covered provider[s]'' or wireline
providers, and sought comment on whether we should therefore extend
related obligations to such providers. No party responded to our
request for comment on factors that would prevent such providers from
complying with our rules in any respect. We believe that subscribers to
such services should be afforded such protections, a matter that no
party disputes, and that we should seek to meet survivor expectations
regarding the privacy of their calls and text messages to hotlines. We
therefore extend our related obligations to fixed wireless and fixed
satellite providers of voice service.
110. We conclude that we have direct authority to adopt this
requirement under titles II and III of the Communications Act, and we
independently assert our ancillary authority to that end as well. We
have direct authority to extend our rules protecting the privacy of
calls and texts to hotlines to fixed wireless and fixed satellite
providers of voice. Section 201(b) of the Communications Act requires
that all charges, practices, classifications, and regulations in
connection with common carrier service be just and reasonable, and
authorizes the Commission to prescribe rules as necessary in the public
interest to carry out this requirement. If fixed wireless and fixed
satellite providers of voice service were not subject to our rule, they
could continue to include calls to hotlines in their call logs. That
practice would be unjust and unreasonable, particularly in instances in
which the abuser established and controls the household account, and
survivors in that household may not know that the relevant service in
that account is provided over fixed wireless or fixed satellite rather
than wireline facilities. In that situation, the survivors might
believe, incorrectly, that their calls to hotlines would be omitted
from call logs to which the abuser has access. Further, even if the
survivors knew that the household service was fixed wireless or fixed
satellite, they often would not appreciate the legal nicety that the
Commission's rules shielded only certain types of calls to hotlines
(mobile wireless or wireline) but did not shield two other types of
calls (fixed wireless and fixed satellite) that were functionally
indistinguishable from the survivor's point of view. In either of those
situations, the safety, even the lives, of survivors would be
threatened. For instance, if a survivor wrongly assumed that a fixed
wireless hotline call to a hotline was shielded and then placed such a
call, the abuser could readily discover that call and, in retribution,
threaten or harm the survivor or prevent the survivor from separating
his or her line or fleeing to safety. Such consequences would not be
just and reasonable, and we therefore assert our authority under
section 201(b) to require common-carrier providers of fixed wireless
and fixed satellite voice to comply with new Sec. 64.6408 of our
rules. To the extent these providers are wireless or satellite
licensees, we also have authority to impose these obligations pursuant
to sections 301, 303, and 316 of the Communications Act.
111. As a separate and independent basis, we assert our ancillary
authority, which may be employed, at the Commission's discretion, when
the Communications Act ``covers the regulated subject'' and the
assertion of jurisdiction is ``reasonably ancillary to the effective
performance of [the Commission's] various responsibilities.'' Section 1
of the Communications Act grants the Commission authority over, among
other things, ``radio communication,'' which fixed wireless and fixed
satellite providers of voice services provide when processing
originating calls and text messages. The duty to protect the privacy of
calls and text messages to hotlines is reasonably ancillary to the
Commission's duty to enable survivors safely to obtain line separations
under section 4 of the SCA, and its duty under section 5(b)(3)(A) of
the SCA to consider whether and how to adopt rules to establish a
central database of domestic violence hotlines and to require covered
providers and wireline providers of voice service to omit from
consumer-facing logs of calls or text messages any records of calls or
text messages to such hotlines. As explained above, if our new rule
protecting the privacy of calls and text messages to hotlines were to
apply to wireline providers of voice service but not fixed wireless or
fixed satellite providers of voice, survivors often would not know
whether their calls and text messages to hotlines would be omitted from
the pertinent call logs. This is more likely to be the case when the
abuser controls (and was therefore more likely to have established) the
account, which is a common fact pattern when a survivor would be
concerned about their abuser being able to see calls and text messages
to hotlines on call logs. And that uncertainty likely would have
devastating consequences for the safety of survivors, which in turn
would defeat the purpose of the line-separation and protection of
privacy of calls and texts to hotlines provisions of the SCA and, more
generally, would undermine the SCA's overall goal of establishing
``safeguards within communications services [that] can serve a role in
preventing abuse . . . experienced by survivors of abuse.''
Accordingly, we assert our ancillary authority to prevent those harms
and ensure that new Sec. 64.6408 works efficaciously.
112. Technical Feasibility and Exceptions. Consistent with the
statutory directive, the Commission sought comment in the Safe
Connections NPRM on the technical feasibility of imposing an obligation
to protect the privacy of calls and text messages to hotlines on
certain types of services providers and relating to certain calls. The
Commission received requests relating to two matters in addition to a
request pertaining to the compliance deadline for small service
providers, which we discuss below. First, USTelecom seeks clarification
that the rules that the Commission adopts do not apply to calls placed
by, and any logs created in association with, (wireline) enterprise and
similar multi-line telephone system (MLTS) customers. USTelecom argues
that logs relating to such services are not consumer-facing logs and
that these systems are managed, maintained, and controlled by the
customer rather than the service provider. USTelecom's proposal was
unopposed. We agree that both the SCA and the proposed rules are
directed to consumer-facing logs and recognize that applying our rules
to call logs that are not controlled by the service provider would
complicate our implementation of the SCA. In addition, in the event
that a survivor were to use
[[Page 84428]]
an enterprise system to place a call to a hotline, we believe that the
large number of users of such enterprise systems, as compared to
consumer accounts, creates more anonymity for survivors. As a result,
we clarify that the rules we adopt pertaining to protecting the privacy
of calls and text messages to hotlines do not apply to non-consumer
accounts, such as for enterprise and MLTS service.
113. Second, commenters also raise undisputed concerns about the
extent to which resellers, such as MVNOs, that ``depend on their
underlying facilities-based providers for systems necessary to . . .
screen call logs'' should be expected to comply, arguing that such
resellers' obligations should be ``limited to the capabilities that the
facilities-based provider makes available to its own customers.'' We
conclude that it is not practical for service providers that do not
create their own call logs but, instead, rely on their underlying
facilities-based provider to create such call logs, to comply with our
rules for protecting the privacy of calls and text messages to
hotlines. We therefore exempt such service providers from these
obligations. At the same time, however, we conclude that the underlying
facilities-based service provider that produces the call logs for its
wholesale customers (that is, the call logs that are ``consumer-
facing'' toward the wholesale customers' end user customers) is
obligated to comply with our rules. The definitions we adopt for
``covered provider,'' ``wireline provider of voice services,'' ``fixed
wireless provider of voice services,'' and ``fixed satellite provider
of voice services'' are not limited to retail services. And the
definition we adopt for ``consumer-facing logs of calls and text
messages'' does not state that the consumer at issue has to be a
customer of the pertinent covered provider, wireline provider of voice
service, fixed wireless provider of voice services, or fixed satellite
provider of voice services. Accordingly, the definitions we adopt have
the effect of imposing the same duty on wholesale providers that create
call logs for their wholesale customers as imposed on providers that
produce their own consumer-facing call logs. Imposing this duty also
furthers the overall goal of removing calls and text messages to
covered hotlines from consumer-facing call logs in the most
comprehensive manner possible. Further, we expect resellers that do not
control their own call logs to make good faith efforts, such as through
their contracts, to ensure that their wholesale providers are complying
with our rules.
114. Third, we decline to adopt CTIA's proposal to create a general
technical infeasibility exception. While the SCA requires the
Commission to consider ``the ability of a covered provider or wireline
provider of voice service'' to identify consumer-facing logs and omit
calls from consumer facing logs while retaining internal records of
such calls, in contrast to the provisions relating to line separations,
the SCA does not contain an explicit technical infeasibility exception.
As previously discussed, the record demonstrates that service providers
generally have these technical abilities. Furthermore, we find that
survivor safety, which is promoted through the uninhibited use of
domestic violence hotlines, weighs against leaving technical
infeasibility standards to the subjective determination of service
providers. Should service providers encounter specific technical
feasibility issues in their implementation of the rules we adopt that
they believe warrant an exception to those rules, they may use the
Commission's general process for requesting waiver of a Commission
rule. We delegate consideration of such waiver requests to the Wireline
Competition Bureau.
115. Access to Retained Internal Call Records. As noted above, we
require providers to retain internal records of the calls and text
messages they omit from consumer-facing call logs as a result of the
new rules. We do so recognizing, among other things, that section
5(b)(3)(C) of the SCA states that the Commission cannot ``limit or
otherwise affect'' the ability of law enforcement to access call logs
``in a criminal investigation'' or ``alter or otherwise expand provider
requirements'' under the Communications Access for Law Enforcement Act
(CALEA). Although no commenter opposed our proposal to adopt this
retention requirement, EPIC et al. proposed that we limit law
enforcement's access to such records to instances where the survivor
requests that law enforcement be given access, and to require a
judicial order or grand jury subpoena before a provider could disclose
the internal call or text records to law enforcement. We decline this
request. The SCA prohibits us from ``limit[ing] or otherwise
affect[ing] the ability of a law enforcement agency to access a log of
calls or text messages in a criminal investigation[ ],'' and EPIC et
al.'s request would appear to ``affect'' law enforcement's access as it
would add constraints on law enforcement's access ability to call logs
during a criminal investigation, especially in instances where speed is
essential or where a survivor is unavailable to give consent. At the
same time, we emphasize that while our rules neither limit or otherwise
affect the ability of a law enforcement agency to access a log of calls
or text messages in a criminal investigation, they are also not
intended to enhance such access. They merely preserve the status quo by
ensuring that service providers maintain the same records that they
maintain today.
2. Definitions
116. How we define certain critical terms in the SCA significantly
affects which service providers are subject to the call-log removal
obligations discussed above and hotline-database obligations discussed
below, the extent of such obligations, and to which hotlines the
obligations apply. We adopt definitions of ``covered provider,''
``voice service,'' ``call,'' ``text message,'' ``covered hotline,'' and
``consumer-facing logs of calls and text messages.''
117. Covered Provider. We conclude that all ``covered
provider(s),'' as defined in the SCA, should be obligated to protect
the privacy of calls and text messages to covered hotlines. We
therefore adopt the same definition of covered provider used for the
purpose of applying line separation obligations under section 345(a)(3)
of the Communications Act, as added by the SCA. EPIC et al. supported
this proposal, which received no opposition.
118. The National Lifeline Association argues that ``covered
providers should not include mobile broadband providers that do not
offer mobile voice service.'' To the extent that a covered provider
does not actually have consumer-facing logs of calls, as the National
Lifeline Association seems to assert some covered providers do not,
then there is no obligation for omitting certain calls and text
messages with which such covered provider must comply. This reasoning
applies equally to covered providers that do not actually have
consumer-facing logs of text messages. It is therefore unnecessary for
us to create an exception for these situations within the definition of
``covered provider.''
119. Voice Service. In addition to covered providers, we apply the
call-log removal duty to all ``wireline providers of voice service,''
as suggested by the SCA, as well as ``fixed wireless providers of voice
service'' and ``fixed satellite providers of voice service.'' These
definitions require defining ``voice service,'' which we base on the
definition in section 5 of the SCA. That provision references section
4(a) of the TRACED Act, which defines ``voice
[[Page 84429]]
service'' as ``any service that is interconnected with the public
switched telephone network and that furnishes voice communications to
an end user using resources from the North American Numbering Plan,''
including transmissions from facsimile machines and computers and ``any
service that requires internet protocol-compatible customer premises
equipment . . . and permits out-bound calling, whether or not the
service is one-way or two-way voice over internet protocol.'' No
commenter opposed this proposal. We also note that the Commission
interpreted the TRACED Act definition when implementing that Act's
requirements, and chose to mirror the definition in its rules.
120. Call. The SCA does not define the term ``call,'' nor does the
Communications Act. Consistent with our proposal in the Safe
Connections NPRM, solely for purposes of implementing section 5(b)(3)
of the SCA, we elect to define a ``call'' as a voice service
transmission, regardless of whether such transmission is completed.
Given the expansive definition of ``voice service,'' which we define
without regard to whether the service is wireline or wireless, this
term sufficiently captures the means by which survivors would use the
public switched telephone network to reach covered hotlines. Although
we suspect that only completed transmissions would appear on call logs,
out of an abundance of caution in deference to the safety concerns of
survivors, we will include completed and uncompleted transmissions in
the definition of ``call.'' No commenter opposed this proposal.
121. Text Message. Section 5(a)(7) of the SCA defines ``text
message'' as having the same meaning as in section 227(e)(8) of the
Communications Act, and we adopt the same definition consistent with
our proposal in the Safe Connections NPRM. Section 227(e)(8) defines
``text message'' as ``a message consisting of text, images, sounds, or
other information that is transmitted to or from a device that is
identified as the receiving or transmitting device by means of a 10-
digit telephone number'' and includes short message service (SMS) and
multimedia message service (MMS) messages. This definition explicitly
excludes ``message[s] sent over an IP-enabled messaging service to
another user of the same messaging service'' that do not otherwise meet
the general definition, as well as ``real-time, two-way voice or video
communication.'' When the Commission previously interpreted section
227(e)(8) for purposes of implementation, it adopted a rule that
mirrors the statutory text, and we do the same here, as proposed in the
Safe Connections NPRM. No commenter opposed adoption of this
definition. Similar to our analysis with respect to uncompleted calls,
out of an abundance of caution in deference to the safety concerns of
survivors, we will include delivered and undelivered text messages in
the definition of ``text message.''
122. Covered Hotline. The SCA defines the term ``covered hotline''
to mean ``a hotline related to domestic violence, dating violence,
sexual assault, stalking, sex trafficking, severe forms of trafficking
in persons, or any other similar act.'' We adopt this definition, and
further clarify what constitutes a ``hotline'' and how much of the
counseling services and information provided on the ``hotline'' must
relate to ``domestic violence, dating violence, sexual assault,
stalking, sex trafficking, severe forms of trafficking in persons, or
any other similar act[s]'' for the ``hotline'' to be a ``covered
hotline.''
123. As an initial matter, we note that in providing these
clarifications, we strive to meet the broadest reasonable expectations
of a survivor seeking to place calls and send text messages without
fear that they will appear in logs. Commenters uniformly supported this
approach. Turning to the specific definition, we conclude that a
``covered hotline'' need not exclusively provide counseling and
information to serve domestic violence survivors; for instance, the
hotline could provide services to individuals in need of other types of
support unrelated to domestic violence or other related issues under
the SCA. Such a single subject requirement would be overly restrictive
and potentially exclude some hotlines that provide essential services
to domestic violence survivors. Accordingly, we define ``covered
hotline'' as any hotline that provides counseling and information on
topics described in the SCA's definition of ``covered hotline'' as more
than a de minimis portion of the hotline's operations. No commenter
opposed this approach.
124. We next conclude that the counseling service associated with
the pertinent telephone number must be a ``hotline.'' Given the SCA's
definition of ``covered hotline,'' as well as the potential use of a
central database of ``covered hotlines'' (calls and text messages which
would be omitted from customer-facing logs), we interpret ``hotline''
generally to mean a telephone number from which counseling and
information is provided. The SCA appears to acknowledge this by
equating the adjective ``covered'' to the topics, which, in this case
are ``domestic violence, dating violence, sexual assault, stalking, sex
trafficking, severe forms of trafficking in persons, [and] . . . other
similar act[s].'' We suspect, however, that certain telephone numbers
may serve as ``hotlines'' and also be used for other purposes, such as
the main telephone number for the organization providing the counseling
and/or information service. We conclude that telephone numbers should
not be excluded from being ``covered hotlines'' merely because they do
not serve exclusively as ``hotlines.'' We find that we can best achieve
the goal of minimizing hotline hesitancy by interpreting ``hotline'' as
broadly as possible, and therefore interpret it to include numbers on
which an organization provides anything more than a de minimis amount
of counseling service and will use this standard as a component in our
definition of ``covered hotline.'' No commenter opposed this approach
and several supported it.
125. The Commission proposed in the Safe Connections NPRM to
delegate to the Bureau the task of providing further clarification, as
necessary, of the scope and definition of ``covered hotline,'' in light
of the novelty of overseeing a central database of covered hotlines,
and to maximize the efficiency in resolving future matters of
interpretation under these provisions of the SCA. We adopt this
unopposed proposal.
126. Consumer-Facing Logs of Calls and Text Messages. The SCA does
not define the term ``consumer-facing logs of calls or text messages.''
In light of our goal of minimizing any hesitancy by survivors to
contact hotlines by preventing abusers from being made aware of
survivors' calls and text messages to hotlines, we seek to define the
term as broadly as possible. We therefore define such logs, consistent
with the proposal in the Safe Connections NPRM, as any means by which a
service provider presents to a consumer a listing of telephone numbers
to which calls or text messages were directed, regardless of, for
example, the medium used (such as by paper, online listing, or
electronic file), whether the calls were completed or the text messages
were successfully delivered, whether part of a bill or otherwise, and
whether requested by the consumer or otherwise provided. In addition,
our definition includes both oral disclosures of call and text message
information that would appear in consumer-facing logs of calls and text
messages (likely through customer service representatives) and written
[[Page 84430]]
disclosures by service providers of individual call or text message
records. We exclude from this definition any logs of calls or text
messages stored on consumers' wireless devices or wireline telephones,
such as recent calls stored in the mobile device's phone app or lists
of recently dialed numbers on cordless wireline handsets. The
provisions of the SCA regarding the protection of calls and text
messages to hotlines appear to apply to call logs under the control of
pertinent service providers, not logs that might be generated by or
stored on the wireline or wireless device. Thus, the obligation to
protect the privacy of calls and text messages to hotlines would still
apply to call and text logs accessed on a smart phone or other device
through service provider apps or websites. No commenter opposed this
approach and several supported it.
127. Wireline Provider of Voice Service. As discussed above, we
conclude that we should extend the obligation to protect the privacy of
calls and text messages to hotlines to fixed wireless providers of
voice service and to fixed satellite providers of voice service, in
addition to ``covered providers'' and ``wireline providers of voice
service'' as identified in the SCA. Because including such providers in
our rules requires new definitions, we conclude that to maintain
maximum clarity, we should also define the term ``wireline provider of
voice service.'' Such term is defined neither in the Safe Connections
Act nor the Communications Act. We adopt as our definition, solely for
purposes of our rules implementing the Safe Connections Act, as ``a
provider of voice service that connects customers to its network
primarily by wire.'' We believe that this definition captures what is
ordinarily considered to be a ``wireline provider,'' allowing for
intermediate legs of wireless transport, such as by microwave.
128. Fixed Wireless Provider of Voice Service. Solely for purposes
of our rules implementing the Safe Connections Act, we define the term
``fixed wireless provider of voice service'' to mean ``a provider of
voice service to customers at fixed locations that connects such
customers to its network primarily by terrestrial wireless
transmission.''
129. Fixed Satellite Provider of Voice Service. Solely for purposes
of our rules implementing the Safe Connections Act, we define the term
``fixed satellite provider of voice service'' to mean ``a provider of
voice service to customers at fixed locations that connects such
customers to its network primarily by satellite transmission.''
3. Creating and Maintaining the Central Database of Hotlines
130. The SCA directs the Commission to consider whether and how to
establish a central database of hotlines related to domestic violence,
dating violence, stalking, sexual assault, human trafficking, and other
related crimes, which could be updated monthly and used by providers to
determine the covered hotline for which they must remove records from
their customer-facing logs. Commenters strongly supported establishing
a central database. Establishing a central database will provide
certainty as to which call-log records are to be suppressed, thus
fulfilling the SCA's objective to protect survivors while also
clarifying service providers' compliance obligations.
131. The record supports either the Commission's or a third party's
creating and administering the database, but no commenters addressed
how the costs incurred by a third party administrator would be
recovered. Parties have made a variety of suggestions for engaging with
stakeholders, and have noted the complexity of the process. We believe
that these decisions are worthy of further consideration, and we
therefore delegate to the Bureau, working in conjunction with the
Office of the Managing Director (including the Office of the Chief
Information Officer (OCIO)) and the Office of General Counsel
(including the Senior Agency Official for Privacy (SAOP)), the matter
of determining the administrator for the database consistent with the
determinations we make in this document. We direct the Bureau to
announce the administrator details, and adopt any necessary rules,
through a Public Notice or other appropriate means. The Bureau should
not select an option that would require recovering costs for the
administrator through an assessment on service providers, as we find
that such an option would unnecessarily delay establishing the
database. We also decline at this time to refer technical details of
the database to the North American Numbering Council (NANC), as
suggested by CTIA. The Bureau should work with stakeholders as it
manages the process of selecting an administrator (whether it be self-
provisioned, through a third party, or some combination thereof) and
establishing the database. If the Bureau later concludes that input
from the NANC is warranted, it will seek out such input.
132. In addition, the Commission also delegates authority to the
Bureau, working in conjunction with the Office of the Managing Director
(including OCIO) and the Office of General Counsel (including the
SAOP), to address all administrative and technical matters relating to
the creation and maintenance of the database that are not prescribed in
this document. We expect the implementation process could involve
complex legal, administrative, or technical questions, and we find that
it is important to retain flexibility to address such issues as they
arise. This is consistent with the approach the Commission has taken in
other areas when overseeing the implementation of new programs such as
the Broadband Data Collection and Robocall Mitigation Database.
133. We find that the database should always be as comprehensive
and accurate as possible so as to best fulfill the expectations of
survivors that their calls and text messages to hotlines will not
appear in service provider's consumer-facing call logs. In this regard,
we direct the Bureau to work with experienced stakeholders to help in
identifying hotlines for the database administrator to include in the
database, and developing procedures for updating the database; we
direct the Bureau to establish procedures that will enable submissions
by both operators of hotlines and from third parties. We likewise
direct the Bureau to consider how best to verify the accuracy of
submissions while balancing administrative concerns such as the need to
initiate use of the database as soon as possible. Should the Bureau
elect to use a third party to serve as the database administrator, the
Bureau, not the third party, will have final authority over determining
whether particular potential database entries are ``covered hotlines.''
134. While we recognize that comprehensiveness and accuracy are key
elements in database design and administration, the safety of survivors
of domestic violence is paramount and should be taken into account in
all database-related decisions and administration. As a result, we
conclude that the database should not be made publicly available, as
proposed in the Safe Connections NPRM. As the NDVH argues, providing
convenient public access to such a large database of telephone numbers
through which all manner of domestic violence survivor assistance is
made available provides opportunities for abusers to interfere with
survivors' ability to place calls and send texts to hotlines in the
database by a variety of means, thereby undermining the purpose for
which we are establishing the database (to enable protection of the
privacy of calls and text messages to hotlines). While we
[[Page 84431]]
acknowledge, as the Safe Connections NPRM did, that making the database
publicly available could potentially improve the accuracy of the list
and be a resource for survivors, we find the benefits of making the
database publicly available are outweighed by the potential harms to
survivors as identified by the NDVH.
135. Consistent with our concerns regarding the sensitivity of the
database, we direct the Bureau to ensure that access to the full
database file is available only to covered providers, wireline
providers of voice service, fixed wireless providers of voice service,
and fixed satellite providers of voice service through secure means.
Recognizing the potential value of the database to governmental
agencies with general subject matter jurisdiction (law enforcement and
health and human service-type agencies), however, we direct the Bureau
to also permit such agencies access to the full database file through
secure means as long as an administratively reasonable method of
determining eligibility for access can be arranged. Moreover, although
the database itself will not be publicly accessible, survivors still
will be able to view the administrator's public website, and we
therefore direct the Bureau to consider a means by which the
administrator's website could identify, for survivors' benefit, any
covered service provider that has been granted a technical-
infeasibility exception from the call-log obligation, as well as any
service providers that have been granted an extension of the compliance
deadline. More generally, we encourage the Bureau to consider the
possibility of designing a limited form of access for survivors to
determine whether a call that they are about to make or a text that
they are about to send to a hotline will not appear in a call log. To
this end, we direct the Bureau to explore creating a web-based lookup
feature that would allow survivors to determine if a particular number
appears in the database while, at the same time, preventing such a
lookup feature being exploited by bad actors to reverse-engineer the
full list of hotlines. Such a feature may also permit operators of
hotlines to determine if their number has been properly included.
4. Using the Central Database of Hotlines
136. Service Provider Compliance Deadline. For ease of discussion,
we use the term ``compliance deadline'' to refer to the effective date
of our rules regarding the protection of the privacy of calls and text
messages to hotlines. The record reflects the urgency of issues faced
by survivors of domestic abuse. Survivors need to place calls and send
text messages to hotlines without fear of discovery (and potential
reprisal) by their abuser as soon as possible as such calls and text
messages save lives. Further, no party claims that the implementation
challenges faced by service providers, which in some cases appear to be
complex, are insurmountable. At the same time, there are important
administrative milestones on which a successful database rollout
depends. Although the Commission sought comment in the Safe Connections
NPRM on how long service providers would take to implement the
requirements that it proposed, the record has only one specific
proposal, a request for at least 24 months for smaller carriers.
Balancing the immediate need to provide help to survivors of domestic
violence with the potential complexity of implementing systems to
comply with our consumer-facing call log rules, we believe that 12
months from the date of publication of this document in the Federal
Register is a reasonable timeline for all but the smaller service
providers, particularly because the record lacks evidence that it would
take such providers longer. We therefore adopt a 12-month compliance
deadline.
137. We delegate to the Bureau the responsibility of implementing
this compliance deadline and communicating with all stakeholders about
progress towards completing the database, associated milestones, and
service provider requirements, consistent with the decisions in this
document. In establishing this timeline, we recognize the need for
service providers to have the necessary detail as early as possible for
designing their systems and to be able to test the database files in
such systems prior to full implementation. In this regard, we also
establish two milestones affecting the final compliance deadline.
First, the compliance deadline will be no earlier than eight months
after the Bureau has published the database download file
specification, which should be the final detail necessary for service
providers to complete design of their systems. Second, the compliance
deadline will be no earlier than two months after the Bureau announces
that the database administrator has made the initial database download
file available for testing. In light of the compliance deadline being
no less than two months after the availability of the initial database
file for download, we do not condition such deadline on any approval by
OMB review under the PRA of any data collection necessary to create the
database. This is because any necessary approval would have to occur
prior to creation of the initial database file. To the extent that the
date of either announcement causes the deadline to be later than 12
months after Federal Register publication, the Bureau should provide
notice of the new compliance deadline for implementation based on the
date of the announcement. Given the potential unpredictability of the
implementation process, including development of the database, we
delegate authority to the Bureau to extend the compliance deadline as
necessary. Although we delegate such details to the Bureau, we observe
that the most likely form of the database file would be comma separated
value (CSV) formatted with three fields for each database record: (1)
[…truncated; see source link]Indexed from Federal Register on December 5, 2023.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.