VoIP Providers Face Regulatory Compliance Deadlines

WHILE STOPPING SHORT OF DECLARING providers of interconnected VoIP services to be offering telecommunications services, the Federal Communications Commission has imposed increased regulation on such providers. Further regulatory burdens are likely in the coming months and years.

Late last year, the FCC established deadlines of Feb. 12 and March 12, 2007, by which interconnected VoIP providers must file Communications Assistance for Law Enforcement Act (CALEA) monitoring reports and systems security plans, respectively. In addition, on Dec. 15, the United States Court of Appeals for the District of Columbia Circuit upheld the application of the FCCs E911 regulations to interconnected VoIP providers. Interconnected VoIP providers now are subject to the FCCs electronic surveillance, registration, universal service and E911 requirements, and need to be aware of current regulatory obligations as well as recently passed and quickly approaching deadlines.

The FCC defines interconnected VoIP services as those VoIP services that enable real-time, two-way voice communications; require a broadband connection; require IP-compatible customer equipment (e.g., SIP phones); and permit subscribers to receive calls from and initiate calls over the PSTN.

CALEA requirements. CALEA was passed in 1994 with the intention of requiring the nations telecommunications providers to be technically capable of providing call interception and call identification information to law enforcement pursuant to valid legal process. In September 2005, the FCC determined that the CALEA technical and reporting requirements applicable to telecommunications carriers would apply to interconnected VoIP providers.

Last May, in a subsequent order, the FCC detailed the implementation requirements that interconnected VoIP providers must meet to comply with CALEA by May 14, 2007. The safest and easiest way to comply is to implement the accepted industry standard. Although providers do not have to use the standard, compliance with the standard is a safe harbor under which a provider will be deemed to have complied with CALEA requirements. The FCC adopted the same approach for the extension of CALEA requirements to interconnected VoIP providers and determined that it would leave technical compliance to the standards-setting bodies.

Pursuant to the May 2006 order, interconnected VoIP providers also may use the services of a trusted third party to comply with CALEA. The third party would remotely access and manage the intercept process for the provider. The process is permitted but not required, and it should be noted that the interconnected VoIP provider remains responsible for all CALEA compliance requirements.

In addition, interconnected VoIP providers are required to develop and file with the FCC a CALEA systems security plan, a requirement to which other telecommunications carriers have been subject for several years. The security plan includes company policies and procedures for providing call interception and access to callidentifying information only pursuant to lawful request, maintaining adequate records and satisfying applicable reporting requirements. The systems security plan also identifies a senior officer responsible for such company policies and procedures, recordkeeping and reporting. Companies that wish to withhold the report from public inspection must request confidential treatment pursuant to the FCCs rules. The FCC can assess a monetary penalty against any provider that fails to file a systems security plan. The deadline for interconnected VoIP providers to file this plan is March 12.

The FCC also determined in its May 2006 order that all interconnected VoIP providers must file a monitoring report with the FCC demonstrating the actions the company has taken toward CALEA compliance and establishing a date by which compliance is anticipated. Monitoring reports are treated as confidential by the FCC and are not made available routinely for public inspection. The deadline for filing this monitoring report was Feb. 12.

The FCCs decision expressed concern about identifying impediments to timely compliance and required monitoring reports to avoid delay in compliance. VoIP providers were to provide specific reasons for noncompliance, if they will not meet the May 14 deadline, and were required to identify the companys compliance method.

Registration and USF. In order to submit the monitoring report, interconnected VoIP providers first had to provide company contact information, including an FCC registration number (FRN) and Filer 499 ID. The ID is obtained by filing an FCC Form 499-A with the Universal Service Administrative Co., which interconnected VoIP providers should have done by Aug. 1, 2006. This registration establishes the company as a contributor under the federal USF program.

E911 requirements. Pursuant to FCC rules adopted in a June 2005 order, interconnected VoIP providers must transmit all 911 calls to the appropriate public safety answering point (PSAP), designated statewide default answering point or appropriate local emergency authority. They also must transmit a callback number (automatic numbering information or ANI) and registered location for each 911 caller to the PSAP.

An interconnected VoIP provider also must advise all subscribers to its service (existing and new) of the circumstances under which E911 service may not be available or may be limited in comparison to traditional E911 service (e.g., power outages, Internet connection failure and network congestion). These notifications must be prominent and in plain language. Such providers must obtain and maintain a record of an affirmative acknowledgement from all subscribers that they received this advisory and understood it. Customers also must be notified as to E911 limitations via warning stickers that the customer is instructed to place on VoIP handsets.

On Dec. 15, the United States Court of Appeals for the District of Columbia Circuit, widely recognized as the second-highest federal court in the country, upheld the FCCs 2005 order against challenge. The argument by a VoIP provider that the deadline for compliance was not technically feasible was rejected by the court largely because Vonage already had developed a technical compliance solution that would meet the deadline.

The court also recognized the important public safety need of the availability of 911 and E911 services to VoIP customers.

Whether because of public need or political ease, the FCC has begun its regulation of VoIP providers with those requirements that are least likely to be overturned by a court or to raise objections from Congress. VoIP regulation began with E911 requirements for public safety, then CALEA requirements for law enforcement, and finally contribution to the federal USF, the largest and most politically important federal subsidy in the industry.

Although the FCC has not determined interconnected VoIP providers to be providers of telecommunications services, the agency has received support for its extension of substantial regulations to such providers from a recent federal court decision. All interconnected VoIP providers should have a comprehensive regulatory compliance plan for the obligations imposed by the FCC in the past several years, including E911, USF reporting and contributions and CALEA compliance, which includes filing the CALEA monitoring report and systems security plan.

Joshua T. Guyan Esq. is an attorney with the Law Offices of Thomas K. Crowe P.C., a Washington, D.C.-based firm specializing in communications legal/regulatory matters. He can be reached at +1 202 263 3640 or via e-mail at [email protected].