FCC Increases Spectrum Concentration Screen

In an otherwise unremarkable order approving AT&T’s acquisition of multiple licenses in the 2.3 GHz band, the FCC yesterday changed its rules on spectrum concentration.  Generally speaking, the FCC reviews an acquiring firm’s spectrum holdings and applies a “spectrum screen” to ensure that no more than one-third of the total pool of available broadband spectrum resources rests with any one company in any given market.  Yesterday’s order, however, increases the screen to incorporate twenty megahertz of Wireless Communications Service (WCS) spectrum into the total amount of spectrum the FCC considers useful and available for broadband use. 

As a result, the new spectrum screen for wireless transactions and auctions is as follows:

  • 102 megahertz or more of cellular, PCS, SMR, 700 MHz, and WCS spectrum, where neither BRS nor AWS-1 spectrum is available;
  • 121 megahertz or more of spectrum, where BRS spectrum is available, but AWS-1 spectrum is not available;
  • 132 megahertz or more of spectrum, where AWS-1 spectrum is available, but BRS spectrum is not available; or
  • 151 megahertz or more of spectrum where both AWS-1 and BRS spectrum are available.

The FCC reasoned that “in light of our recent revisions to the WCS service rules to facilitate the provision of mobile broadband services, we find that 20 megahertz of WCS spectrum – comprised of the paired A and B Blocks – are suitable and available for the provision of mobile telephony/broadband services and should therefore be added to the spectrum screen. Further, AT&T has indicated that it will take substantial steps to deploy LTE in the band (including through the acquisition of the spectrum at issue in these transactions).”

The FCC also declined to include additional 2.5 GHz spectrum of the type held by Clearwire and, by extension, Sprint Nextel:  “We find that [AT&T and the licensees of the WCS spectrum AT&T sought to acquire] have provided no new arguments that persuade us to change” the agency’s prior determination that including additional 2.5 GHz was not warranted, “particularly given that we do not yet have the benefit of a full record in the Mobile Spectrum Holdings Notice of Proposed Rulemaking.”

The FCC also rejected AT&T’s call for changing the screen only through an industry-wide rulemaking as opposed to the case-by-case approach the FCC followed in yesterday’s decision.  While the FCC noted AT&T’s argument for an industry-wide re-evaluation of the agency’s approach, the FCC said it would “continue to apply [its] current case-by-case approach to evaluate mobile spectrum holdings in secondary market transactions and initial spectrum licensing after auctions” while the Mobile Spectrum Holdings NPRM remains pending. 

If the FCC moves quickly to finalizes alternative spectrum concentration rules in the Mobile Spectrum Holdings NPRM, the increased headroom for wireless mergers and acquisitions adopted yesterday could prove fleeting.

 

 

The US Telephone Consumer Protection Act and Litigation Risk

 Michele Farquhar and Mark W. Brennan authored an article for the December 2012 issue of E-Commerce Law & Policy.  Titled “The US Telephone Consumer Protection Act and Litigation Risk,” the article highlights a number of recent Telephone Consumer Protection Act legal developments and their impact on mobile financial services and other new wireless services and technologies.  The article is available here.

Setting the Arena - The German Regulator Proposes Possible Scenarios for the Future Allocation of Mobile Broadband Frequencies

 By Dr. Harm-Randolf Döpkens

The German telecoms regulator Bundesnetzagentur (BNetzA) is currently considering different scenarios for the future allocation of frequencies for mobile broadband services.  This initiative relates to the discussion about the 900 and 1,800 MHz frequencies that are currently used by mobile operators for their GSM networks. The current licenses for these frequencies will expire by the end of 2016. Mobile operators are therefore urging BNetzA for an early extension of the existing licenses while other market players make the case for a reallocation of these frequencies in an open auction. At the same time, frequency policy is required to deal with the ever increasing demand for mobile broadband services and thus needs to develop a broader strategy, taking into account the different frequency bands that are allocated and/or suitable for mobile broadband services. Apart from the GSM frequencies this includes the UMTS frequencies in the 2 GHz band (expiring 2020), the BWA frequencies in the 3.5 GHz band (expiring 2021) and the frequencies of the 2010 auction in the 800 and 1,800 MHz and the 2 and 2.6 GHz bands (expiring 2025). In addition, further frequencies in the 700 MHz and other bands may become available for mobile broadband services as a result of the 2015 summit of the World Radio Conference.

Against this backdrop, BNetzA on November 9, 2012 issued a discussion paper (full text and press release published in German on the BNetzA website) setting out four possible scenarios for the future allocation of the 900 and 1,800 MHz and other frequencies:

  • Scenario 1 – Prolongation: This scenario proposes a short-term prolongation of the mobile operators' licenses for the 900 and 1,800 MHz (GSM) frequencies, which would be the fastest and easiest way to provide a stable investment environment for these operators. However, under German telecommunications law the allocation of scarce frequencies must generally be done by way of a tendering process. Exemptions can only be justified if so required by the aims of telecoms regulation.  BNetzA does not seem to be convinced that such exemption can be justified with regard to the GSM frequencies. In particular BNetzA points out that a prolongation of the existing licenses would also extend the current fragmentation of frequencies. And further, a prolongation of existing licenses would clearly not provide equal access to spectrum for newcomers.
  • Scenario 2 – Allocation 900/1,800 MHz: This scenario proposes an early reallocation and flexibilization of the 900 and 1,800 MHz frequencies, giving newcomers an early opportunity to enter the mobile broadband market. However, an isolated auction of these frequencies cannot take into account other frequency bands for mobile broadband, such as the UMTS frequencies in the 2 GHz band that will expire by the end of 2020. In BNetzA's view this scenario is thus likely to increase the regulatory complexity calling for certain measures such as spectrum caps in order to ensure effective competition in the mobile broadband market.
  • Scenario 3 – Allocation 900/1,800 MHz Plus: This scenario proposes a joint auction of the GSM frequencies in the 900 and 1,800 MHz band with other frequencies that will become available for mobile broadband services in the coming years, i.e. the UMTS frequencies in the 2 GHz band, the BWA frequencies in the 3.5 GHz band, and possibly frequencies in the 700 MHz and other bands as a result of the 2015 summit of the World Radio Conference. In terms of timing, BNetzA clearly prefers an early auction before the expiry of the GSM frequencies by the end of 2016, which would provide a clear and stable investment environment for all stakeholders early on.
  • Scenario 4 – Global Allocation 2025: This scenario even goes a step further and aims to also include the frequencies of the 2010 auction (expiring 2025), in a global auction of all frequencies for mobile broadband services. To achieve this, the license terms of the different frequencies ranging from 2016 to 2025 would need to be harmonized, either by prolonging existing licenses until 2025 or by granting new licenses for expiring frequencies only until 2025. However, BNetzA does not seem to be too convinced by this scenario. In particular, market entry for newcomers would be rather difficult before such global auction. And then it might be difficult for any stakeholder to have the required funds for all frequency resources and network infrastructure available in one go.

Stakeholders now have the opportunity to comment on the scenarios presented by BNetzA until January 31, 2013. However, from the reasoning of the BNetzA discussion paper, an implementation of scenarios 1 (prolongation) or 4 (global allocation 2025) appears to be an unlikely outcome. BNetzA rather seems to be aiming at a middleground solution as described in scenarios 2 (allocation 900/1,800 MHz) and 3 (allocation 900/1,800 MHz plus), which gives newcomers an early opportunity for market entry and, at the same time, allows sufficient coordination in the allocation of the different frequency bands. This means that in the short to medium term, Germany is likely to see one or more frequency auctions that may have the potential to reshuffle the mobile broadband market. Stakeholders should continue to monitor this area to prepare for future BNetzA action. 

California AG Sends Enforcement Letter to Developers of Popular Mobile Apps

On Tuesday, October 30, the Office of California Attorney General Kamala Harris issued a press release confirming that it had begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”).  Those companies -- many of which are major marketers -- now have 30 days to bring their apps in line with the statute’s privacy policy requirements or risk fines of up to $2,500 per app download.

As background, CalOPPA requires operators (i.e., owners) of commercial web sites or online services that collect personally identifiable information (“PII”) on California residents who use/visit the web sites or online service to “conspicuously post” a privacy policy. The Attorney General’s office has taken the position that mobile apps that use the Internet to collect PII are “online services” subject to CalOPPA.  California’s population size makes it safe for most app developers to assume that California residents comprise at least a portion of the app’s download audience.  This week, the Attorney General’s Office began sending letters to companies behind approximately 100 of the most popular apps asserting that they failed to “conspicuously post” the required privacy policy.

 

 

The letters are the latest effort by Harris to encourage companies to improve the transparency of their data privacy and security practices.  In February 2012, she entered into a Joint Statement of Principles agreement with six major app store platforms, setting forth requirements related to app privacy (see our prior update here).  Facebook later joined the agreement and is now requiring that all apps in its App Center have privacy policies.

Under the statute, the following information must be included in the privacy policy: (1) the categories of PII collected through the app and the categories of third-party persons or entities with whom the operator may share that PII; (2) the process by which consumers can review and request changes to any of their PII that was collected through the app, if the operator maintains such a process; (3) a description of the process by which the operator notifies app users of material changes to the policy; and (4) the effective date of the policy.

The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.

 

FTC Provides Guidance to (All) Mobile App Developers

Marketing Your Mobile AppFollowing up on a public workshop held earlier this year, today the Federal Trade Commission (FTC) issued a set of truth-in-advertising and privacy guidelines for mobile device application (app) developers. Titled "Marketing Your Mobile App: Get it Right From the Start," the guidelines provide an overview of key issues for all app developers to consider.

At the outset, the FTC makes clear that these Guidelines are intended to apply to all app developers, large and small, start-up and established. It notes, however, that there is no "one-size-fits-all" approach to advertising and privacy compliance.

The privacy section of the Guidelines includes several key recommendations:

  • Build privacy considerations in from the start (i.e., Privacy by Design)
  • Be transparent about your data practices;
  • Offer choices that are easy to find and easy to use;
  • Honor your privacy promises;
  • Protect kids’ privacy;
  • Collect sensitive information only with consent; and
  • Keep user data secure.

Privacy 

  • Build privacy considerations in from the start (i.e., Privacy by Design). The Guidelines recommend that parties incorporate privacy protections into their practices, limit the information they collect, securely store collected information, and dispose of it safely when it is no longer needed. They also encourage parties to select default app settings based on what people using the app would expect. For any collection or sharing of information that is not apparent, the Guidelines state that app developers should obtain express agreement from users.
  • Be transparent about your data practices. App developers should “be clear to users” about their practices and explain what information is collected and how it is used. Interestingly, the Guidelines also reference an expanded disclosure for third-party sharing – “if you share information with another company, tell your users and give them information about that company’s data practices.”
  • Offer choices that are easy to find and easy to use. The Guidelines state that app developers should provide users with tools to exercise control how their personal information is collected and shared. Such tools should also be easy to find and use, and companies should honor users’ choices.
  • Honor your privacy promises. App developers must live up to their privacy promises. They also need to obtain affirmative consent to make materials changes to their privacy policies. The Guidelines note that such promises should also be made in clear language; easy to read on a small screen; and use colors, fonts, and other design elements to bring attention to key information.
  • Protect kids’ privacy. Apps designed for children or that collect personal information from kids may have additional requirements under the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule.
  • Collect sensitive information only with consent. The Guidelines encourage parties to obtain affirmative consent before collecting “sensitive” data such as medical, financial, or precise geolocation information.
  • Keep user data secure. The Guidelines state that even if parties do not make specific data security promises, they “still have to take reasonable steps to keep sensitive data secure.” They also recommend that parties: (1) collect only the data they need; (2) secure the data by taking reasonable precautions against well-known security risks; (3) limit access to the data on a need-to-know basis; and (4) safely dispose of data that is no longer needed. App developers that work with contractors and other third parties should “make sure” that the third parties also comply with these standards.

Truth-in-Advertising

With respect to truth-in-advertising, the Guidelines advise parties to:

  • Tell the truth about what your app can do
  • Be transparent about your data practices.


The Guidelines encourage app developers to look at their product -- and their advertising -- from "the perspective of average users, not just software engineers or app experts." Objective claims need to be backed up with solid proof, also referred to as “competent and reliable evidence.” Health, safety, or performance claims may need competent and reliable scientific evidence. Disclosures need to be "big enough and clear enough that users actually notice them and understand what they say." In other words, avoid burying important terms and conditions.

Parties Divided Over FCC Involvement in Mobile Privacy

Parties that submitted comments and replies in response to a Federal Communications Commission (FCC) Public Notice on the privacy and security of information stored on mobile devices are deeply divided over whether the agency should pursue further action in the area.  The FCC proceeding follows up on a recent report from the agency on Location-Based Services, issued earlier this year.  It also references last year’s Carrier IQ news headlines and notes that much has changed in the wireless industry during the last five years (the last time that the FCC sought comment on these issues).

Parties that submitted comments and replies in response to a Federal Communications Commission (FCC) Public Notice on the privacy and security of information stored on mobile devices are deeply divided over whether the agency should pursue further action in the area.  The FCC proceeding follows up on a recent report from the agency on Location-Based Services, issued earlier this year.  It also references last year’s Carrier IQ news headlines and notes that much has changed in the wireless industry during the last five years (the last time that the FCC sought comment on these issues).

In their comments, public interest groups and privacy advocates generally called for the FCC to ramp up its efforts to protect consumer privacy and data security, with some seeking new mobile regulations focused on wireless carrier activity.  The Electronic Privacy Information Center, for example, suggested that the FCC require carriers to implement “comprehensive privacy and security protections based on Fair Information Practices” and “give consumers a range of choices about the collection and retention of consumer data before or at the time of collection.”  The New America Foundation’s Open Technology Institute added that last year’s Carrier IQ events “make it clear that [industry] efforts, if they are occurring, are inadequate to give consumers knowledge and control to ensure that their data is being protected.”

Wireless carriers and other industry commenters, on the other hand, encouraged the FCC to defer to current self-regulatory efforts, as well as the ongoing NTIA multistakeholder process. They also pointed out the FCC’s limited jurisdiction in this area and its inability to address comprehensively problems involving a wide range of parties in the mobile wireless ecosystem.  But public interest groups responded that the FCC is the agency best suited to regulate customer proprietary network information (CPNI) and has explicit statutory authority to address CPNI issues.  Those groups also noted that the NTIA effort could be a lengthy endeavor. 

The Future of Privacy Forum, which has actively worked to focus attention on the data collection issues raised by mobile apps and other mobile services, encouraged the FCC to work with stakeholders and help educate consumers and app developers about the importance of protecting personal information.

The Federal Trade Commission also commented in the proceeding, detailing its privacy experience and noting that it “look[ed] forward to working with the FCC to ensure that [they] avoid duplicative actions in areas where . . . jurisdictions may be overlapping.”

Most observers believe that the FCC is unlikely to move forward on these issues in the near future, although some think it could be heading towards a set of proposed rules to update its legacy CPNI framework.

Mobile Data Monitoring -- Draft U.S. Congressional Bill Would Impose New Requirements

A draft bill circulated by Rep. Ed Markey (D-Mass) would require the Federal Trade Commission (FTC) to adopt regulations addressing monitoring software installed on mobile devices.  The bill stems from media reports last year regarding Carrier IQ's monitoring software, which is installed on millions of mobile devices.  If enacted, the Mobile Device Privacy Act would result in new obligations for wireless service providers, equipment manufacturers, device retailers, operating system providers, website operators, and other online service providers, underscoring both the number of industry segments involved and the complexity of addressing privacy concerns in today's mobile ecosystem.

One particularly noteworthy element of the Markey bill is the definition of monitoring software that spurs a host of new regulations.

The term monitoring software means software that has the capability automatically to monitor the usage of a mobile telephone or the location of the user and to transmit the information collected to another device or system, whether or not such capability is the primary function of the software or the purpose for which the software is marketed.

This broad definition would encompass a wide array of mobile apps and services available today.

Under the draft Mobile Device Privacy Act, the FTC would have one year to issue regulations requiring carriers and device retailers to disclose at the point of sale in a clear and conspicuous manner the fact that monitoring software is installed, the type of information the software is capable of collecting and transmitting, the identity of parties with which the information will be shared, and how the information will be used.  If the monitoring software is installed after the consumer purchases the device or service, the entity installing the software or providing the software download (e.g., carrier, equipment manufacturer, operating system provider, website operator, or other online service provider) would have to make the disclosure. 

The bill would also require parties to obtain express consent from consumers before the monitoring software begins collecting and transmitting data.

In addition, the bill would impose new information security requirements.  The FTC would have one year to adopt regulations requiring recipients of the monitoring data to establish information security policies and procedures to protect the data.  Parties that enter into agreements to share the monitoring data would have to file those agreements with the FTC and the Federal Communications Commission (FCC).

The Markey bill would also establish joint FTC and FCC enforcement, with the FCC having enforcement authority over commercial mobile service providers, mobile broadband service providers, and mobile telephone manufacturers and the FTC having authority over other parties.  The bill also provides for state attorney general suits and a private right of action.