Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 1 Nos. 24-3133, 24-3206, 24-3252 IN THE UNITED STATES COURT OF APPEALS FOR THE SIXTH CIRCUIT OHIO TELECOM ASSOCIATION; TEXAS ASSOCIATION OF BUSINESS; CTIA – THE WIRELESS ASSOCIATION; NCTA – THE INTERNET & TELEVISION ASSOCIATION; USTELECOM – THE BROADBAND ASSOCIATION, Petitioners, HAMILTON RELAY, INC., Intervenor, v. FEDERAL COMMUNICATIONS COMMISSION and UNITED STATES OF AMERICA, Respondents. On Petition for Review of an Order of the Federal Communications Commission RESPONSE TO PETITIONS FOR REHEARING EN BANC Dina Kallay D. Adam Candeub Deputy Assistant General Counsel Attorney General Jacob M. Lewis Robert B. Nicholson Associate General Counsel Attorney Sarah E. Citrin U.S. DEPARTMENT OF JUSTICE Deputy Associate General Counsel ANTITRUST DIVISION 950 Pennsylvania Ave. NW Adam L. Sorensen Washington, DC 20530 Counsel FEDERAL COMMUNICATIONS COMMISSION 45 L Street NE Washington, DC 20554 (202) 418-1740 fcclitigation@fcc.gov Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 2 TABLE OF CONTENTS Page TABLE OF AUTHORITIES ....................................................................... iii INTRODUCTION ........................................................................................ 1 STATEMENT OF THE CASE ..................................................................... 4 A. Statutory And Regulatory Background .................................. 4 1. Consumer privacy under the Communications Act .................................................................................... 4 2. The Commission’s rulemaking authority ...................... 5 3. The Commission’s privacy orders ................................... 6 4. The Congressional Review Act and 2017 Disapproval Resolution ................................................... 8 B. The Data Breach Order ........................................................... 9 C. The Panel Decision ................................................................. 11 ARGUMENT ............................................................................................. 14 EN BANC REVIEW IS NOT WARRANTED ..................................... 14 A. The Panel Decision Does Not Conflict With That Of Any Other Court Of Appeals ................................................. 14 B. Petitioners Overstate the Panel Decision’s Consequences ......................................................................... 16 C. Mere Disagreement on the Merits Does Not Warrant En Banc Review ..................................................................... 19 CONCLUSION .......................................................................................... 21 CERTIFICATE OF COMPLIANCE .......................................................... 22 (ii) Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 3 TABLE OF AUTHORITIES Cases Bartlett ex rel. Neuman v. Bowen, 824 F.2d 1240 (D.C. Cir. 1987) ............................................................ 14 In re Lazarus, 478 F.3d 12 (1st Cir. 2007) .................................................................. 16 In re MCP No. 185, 124 F.4th 993 (6th Cir. 2025) ................................................................ 8 Mitts v. Bagley, 626 F.3d 366 (6th Cir. 2010) ...................................................... 4, 14, 19 Nat’l Ass’n of Immigr. Judges v. Owen, 160 F.4th 100 (4th Cir. 2025) .............................................................. 20 Nat’l Ass’n of Priv. Fund Managers v. SEC, 103 F.4th 1097 (5th Cir. 2024) ............................................................ 16 NFIB v. OSHA, 595 U.S. 109 (2022)(per curiam) ......................................................... 17 Ohio Telecom Ass’n v. FCC, 150 F.4th 694 (6th Cir. 2025) ...................................................... passim RadLAX Gateway Hotel, LLC v. Amalgamated Bank, 566 U.S. 639 (2012) .............................................................................. 15 Safari Club Int’l v. Haaland, 31 F.4th 1157 (9th Cir. 2022) .............................................................. 15 United States v. Shafer, 573 F.3d 267 (6th Cir. 2009) ................................................................ 19 Statutes 5 U.S.C. § 801(b)(1) ..................................................................................... 8 5 U.S.C. § 801(b)(2) ..................................................................................... 8 (iii) Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 4 TABLE OF AUTHORITIES (continued) Page(s) 47 U.S.C. § 201(b) ................................................................................... 4, 5 47 U.S.C. § 222............................................................................................ 4 47 U.S.C. § 222(a) ....................................................................................... 4 47 U.S.C. § 222(c) ........................................................................................ 5 47 U.S.C. § 222(h)(1) ................................................................................... 5 47 U.S.C. § 225(a)(3) ............................................................................. 5, 18 47 U.S.C. § 225(d)(1) ................................................................................... 6 47 U.S.C. § 303(r) ........................................................................................ 6 Rules Fed. R. App. P. 40(a) ................................................................................. 14 Administrative Materials Data Breach Reporting Requirements, 38 FCC Rcd 12523 (2023) ................................................................ 2, 19 Implementation of the Telecommunications Act of 1996, 13 FCC Rcd 8061 (1998) ........................................................................ 6 Implementation of the Telecommunications Act of 1996, 22 FCC Rcd 6927 (2007) ........................................................................ 7 Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, 31 FCC Rcd 13911 (2016) ...................................................................... 8 (iv) Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 5 TABLE OF AUTHORITIES (continued) Page(s) Structure and Practices of the Video Relay Service Program; Telecommunications Relay Services and Speech-to-Speech Services for Individuals with Hearing and Speech Disabilities, 28 FCC Rcd 8618 (2013) ........................................................................ 7 Legislative Materials Joint Resolution, Pub. L. No. 115-22, 131 Stat. 88 (2017) ........................ 8 Other Materials 6th Circuit IOP 40(b)(1) ........................................................................... 14 (v) Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 6 Nos. 24-3133, 24-3206, 24-3252 IN THE UNITED STATES COURT OF APPEALS FOR THE SIXTH CIRCUIT OHIO TELECOM ASSOCIATION; TEXAS ASSOCIATION OF BUSINESS; CTIA – THE WIRELESS ASSOCIATION; NCTA – THE INTERNET & TELEVISION ASSOCIATION; USTELECOM – THE BROADBAND ASSOCIATION, Petitioners, HAMILTON RELAY, INC., Intervenor, v. FEDERAL COMMUNICATIONS COMMISSION and UNITED STATES OF AMERICA, Respondents. On Petition for Review of an Order of the Federal Communications Commission RESPONSE TO PETITIONS FOR REHEARING EN BANC INTRODUCTION This case presents a narrow question of the Federal Communications Commission’s authority over telecommunications consumer data, along with a rarely encountered dispute over congressional procedure. A panel of this court thoroughly explored those issues in an opinion last year. While the FCC continues to evaluate the - 1 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 7 underlying rule at issue1—the panel’s decision does not fit this Court’s exacting criteria for en banc review. Responding to the increasing frequency and sophistication of attacks targeting customers’ personal data, the Commission in 2023 revised its privacy rules for telecommunications carriers. See Data Breach Reporting Requirements, 38 FCC Rcd 12523 (2023), Petitioners’ Appendix (A) 1–104. Among other things, the revised rules provide that carriers are obligated to protect customers’ “personally identifiable information” (PII)—such as government identification numbers and biometrics. PII is a broader category of customer data than “Customer Proprietary Network Information” (CPNI), which the FCC has long protected against improper disclosure. In challenging those revised rules, petitioners argued that the Commission’s undisputed statutory authority to safeguard CPNI did not extend a step further to PII. And they contended that the Commission’s new rules were improper because, in petitioners’ view, they were too similar to rules included in a previous order disapproved by Congress 1 See FCC June 16, 2026 Status Report, Dkt. 93. - 2 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 8 under the Congressional Review Act (CRA). A divided panel of this Court disagreed on both fronts. Unhappy with that outcome, petitioners now cast this case as a fundamental struggle over the separation of powers. But the realities cannot match petitioners’ overbroad framing. The courts of appeals are not in conflict over the questions raised by this case, and the stakes are confined. There is no dispute as to whether the FCC may adopt breach notification rules; the disagreement is simply as to which particular classification of customer data the rules may cover. Similarly, the quarrel over the disapproval bar of the Congressional Review Act is a matter of degree, not of kind. The parties agree that an agency may not reenact a previously disapproved rule; that Congress may always disapprove any new rule it does not like; and that Congress may at any time strip the Commission of authority to act in a given area. The specific contours of the FCC’s statutory authority over customer data, as well as the precise scope of the CRA’s disapproval bar under the circumstances of this case, are thus issues of limited significance. To be sure, petitioners strongly disagree with the panel decision. But mere disagreement on the merits does not warrant this Court’s en - 3 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 9 banc review. See, e.g., Mitts v. Bagley, 626 F.3d 366 (6th Cir. 2010) (Sutton, J., concurring in the denial of rehearing en banc). The petitions for rehearing en banc should be denied. STATEMENT OF THE CASE A. Statutory And Regulatory Background 1. Consumer privacy under the Communications Act Section 201(b) of the Communications Act provides that “[a]ll charges, practices, classifications, and regulations for and in connection with [interstate or foreign] communication service [by wire or radio] shall be just and reasonable, and any such charge, practice, classification, or regulation that is unjust or unreasonable is declared to be unlawful.” 47 U.S.C. § 201(b). Section 222 requires telecommunications carriers to protect the confidentiality of certain information belonging to other carriers, equipment manufacturers, and customers. 47 U.S.C. § 222. Subsection (a) obligates “[e]very telecommunications carrier . . . to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers.” 47 U.S.C. § 222(a). - 4 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 10 Subsection (c) restricts carriers’ use of “customer proprietary network information” (“CPNI”), id. § 222(c), a statutorily defined term, which includes “information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service . . . that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship.” See id. § 222(h)(1). Section 225 charges the Commission with ensuring the availability and efficiency of “telecommunications relay services”—“telephone transmission services that provide the ability for an individual who is deaf, hard of hearing, deaf-blind, or who has a speech disability to engage in communication by wire or radio . . . in a manner that is functionally equivalent to the ability of a hearing individual who does not have a speech disability.” 47 U.S.C. § 225(a)(3). 2. The Commission’s rulemaking authority The Communications Act provides the Commission with broad rulemaking authority to carry out its provisions. Section 201(b) authorizes the Commission to “prescribe such rules and regulations as may be necessary in the public interest to carry out the provisions of this chapter.” 47 U.S.C. § 201(b). Similarly, Section - 5 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 11 303(r) empowers the Commission to “[m]ake such rules and regulations and prescribe such restrictions and conditions, not inconsistent with law, as may be necessary to carry out the provisions of this chapter.” Id. § 303(r). And Section 225(d) empowers the Commission to “establish functional requirements, guidelines, and operations procedures for telecommunications relay services” and “establish minimum standards that shall be met in carrying out” the provision of those services. Id. § 225(d)(1). 3. The Commission’s privacy orders The Commission’s privacy rules have evolved over time to keep pace with emerging threats and changes in the legal landscape. After Congress enacted the Telecommunications Act of 1996, the Commission adopted implementing rules that established restrictions on telecommunications carriers’ use and disclosure of CPNI, and required carriers to take effective steps to protect CPNI. Implementation of the Telecommunications Act of 1996, 13 FCC Rcd 8061, 8195, ¶193 (1998) (1998 CPNI Order). In 2007, responding to the rising incidence of “pretexting” scams— in which a party seeking access to a customer’s private communications records pretends to be a customer or authorized user to obtain that - 6 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 12 information—the Commission, among other things, amended its customer privacy rules to require carriers to notify law enforcement and customers of security breaches involving CPNI. Implementation of the Telecommunications Act of 1996, 22 FCC Rcd 6927, 6943–45, ¶¶26–32 (2007). In 2013, responding to rampant fraud and abuse in the provision of telecommunications relay services, the Commission applied CPNI protections to telecommunications relay service providers that largely mirrored preexisting rules applicable to other telecommunications service providers. Structure and Practices of the Video Relay Service Program; Telecommunications Relay Services and Speech-to-Speech Services for Individuals with Hearing and Speech Disabilities, 28 FCC Rcd 8618, 8684–85, ¶¶164–169 (2013). In 2016, in the wake of the Commission’s reclassification of broadband Internet as a telecommunications service subject to Title II of the Communications Act, the Commission issued a wide-ranging order adopting a host of privacy regulations primarily addressing broadband - 7 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 13 Internet service providers.2 See Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, 31 FCC Rcd 13911 (2016) (2016 Broadband Privacy Order). That order included revisions to preexisting privacy rules governing telecommunications carriers. Among other things, the Commission clarified that the information protected by its rules included not only CPNI, but also “personally identifiable information” and the “content of communications.” Id. at 13913–14, ¶6. 4. The Congressional Review Act and 2017 Disapproval Resolution The CRA provides, in relevant part, that an agency “rule shall not take effect (or continue), if the Congress enacts a joint resolution of disapproval.” 5 U.S.C. § 801(b)(1). Such a disapproved rule “may not be reissued in substantially the same form, and a new rule that is substantially the same as such a rule may not be issued” unless specifically authorized by Congress. 5 U.S.C. § 801(b)(2). In 2017, Congress disapproved the Commission’s 2016 Broadband Privacy Order. See Joint Resolution, Pub. L. No. 115-22, 131 Stat. 88 (2017) (“Congress disapproves the rule submitted by the Federal 2 This Court subsequently held that the Commission lacks statutory authority to reclassify broadband internet as a telecommunications service. See In re MCP No. 185, 124 F.4th 993, 998 (6th Cir. 2025). - 8 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 14 Communications Commission relating to ‘Protecting the Privacy of Customers of Broadband and Other Telecommunications Services’ (81 Fed. Reg. 87274 (Dec. 2, 2016)), and such rule shall have no force or effect.”). B. The Data Breach Order Six years later, the Commission, concerned with the rising frequency and sophistication of customer data breaches, proposed new rules updating the breach notification obligations of telecommunications carriers and telecommunications relay service providers. See A120–21 (Data Breach Reporting Requirements, 38 FCC Rcd 566, 566–67, ¶1 & n.3 (2023) (published as a final rule in Data Breach Reporting Requirements, 89 Fed. Reg. 9968 (Feb. 12, 2024) (2024 Order)). The order, by a 3-2 vote, adopted six primary changes to the Commission’s data breach rules. See A2–3 (Order ¶¶3–4). First, the Commission expanded its breach notification rules to cover not just CPNI, but also consumers’ “personally identifiable information” (or “PII”). A8–12 (Order ¶¶15–20). PII means “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.” A9–10 (Order ¶17). For purposes of the - 9 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 15 Commission’s notification rules, covered PII is limited to information obtained “in connection with the customer relationship,” A9 (Order ¶16), and that specifically includes: (1) first name or first initial, and last name, in combination with any government-issued identification numbers or information issued on a government document used to verify the identity of a specific individual, or other unique identification number used for authentication purposes; (2) user name or e-mail address, in combination with a password or security question and answer, or any other authentication method or information necessary to permit access to an account; or (3) unique biometric, genetic, or medical data. A10 (Order ¶18). Second, the Commission altered its definition of a “breach” for carriers to include inadvertent access, use, or disclosure of customer information, except in those cases where such information is acquired in good faith by an employee or agent of a carrier, and such information is not used improperly or further disclosed. A12–17 (Order ¶¶21–27). Third, the Commission required carriers to notify the Commission, alongside their existing obligations to notify the Secret Service and the FBI, as soon as practicable after a reasonable determination of a breach, but no later than seven business days following such determination. A18–30 (Order ¶¶28–51). - 10 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 16 Fourth, the Commission eliminated its previous requirement that carriers notify customers of a breach in cases where a carrier can reasonably determine that no harm to customers is reasonably likely to occur as a result of the breach. A30–36 (Order ¶¶52–58). Fifth, the Commission eliminated a mandatory waiting period for carriers to notify customers, and instead required carriers to notify customers without unreasonable delay after notification to federal agencies, and in no case more than 30 days following reasonable determination of a breach (unless a delay is requested by law enforcement). A36–37 (Order ¶¶59–61). Finally, to fulfill its statutory duty to ensure that people who rely on telecommunications relay services receive equivalent protections to other telecommunications consumers, the Commission adopted equivalent changes to the data breach obligations of telecommunications relay service providers. A39–57 (Order ¶¶65–116). Then Commissioner (now Chairman) Carr and former Commissioner Simington dissented. A98–99, A102–03. C. The Panel Decision In consolidated petitions for review, petitioners challenged the Commission’s statutory authority to enact the data breach order and the - 11 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 17 order’s compliance with the Congressional Review Act. A divided panel of the Court denied the petitions. See Ohio Telecom Ass’n v. FCC, 150 F.4th 694 (6th Cir. 2025).3 The panel “conclud[ed], based on the statutory text, context, and structure, that § 201(b) [of the Communications Act] gives the FCC the authority to impose reporting requirements in the event of a data breach of customer PII.” 150 F.4th at 710–18. The panel likewise concluded the Commission had “authority to extend the same data privacy protections to the [telecommunications relay services] context.” 150 F.4th at 720–21. The panel reasoned that the statutory phrase “practice[ ] ... in connection with [a] communication service” was best read to cover “a carrier’s handling of data breaches, including the refusal or failure to notify customers and the government in response to a data breach of customer PII.” Id. at 711. “The plain meaning of the term ‘practice,’” the panel explained, “refers to a carrier’s usual mode of operating, which can encompass both positive acts and the refusal to act.” Id. In the panel’s view, statutory context and Supreme Court precedent confirm that Section 201(b) “encompasses the assortment of practices that directly 3 Judge Griffin dissented on both issues. Id. at 725. - 12 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 18 implicate a carrier’s furnishing of communication services,” including data breach notification obligations. Id. at 713. And the panel declined to read Section 222’s CPNI-specific provisions “as wholly displacing § 201(b)’s authority over all aspects of data privacy, in contravention of § 201(b)’s text.” Id. at 717. The panel also concluded that the challenged order complied with the Congressional Review Act, holding that the new rules were not “substantially the same” as the disapproved 2016 rule. Id. at 722–26. Because “‘the rule’ that Congress rejected and rendered inoperable was the entire 2016 Order,” the panel rejected petitioners’ contention that “any constituent part of the broader rule that ha[d] been nullified” could not be reissued. Id. at 723. “The 2016 Order was far more expansive” than the 2024 Order, “imposing a broad array of privacy rules on broadband Internet access services.” Id. at 724. “The 2024 Order, by contrast, addresses only data breach reporting requirements.” Id. And even on petitioners’ reading, the panel observed, “notable differences between the two sets of reporting requirements” in the 2016 and 2024 orders—including the definition of the term “breach”—show that “the regulations are not ‘substantially the same.’” Id. at 724–25. - 13 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 19 ARGUMENT EN BANC REVIEW IS NOT WARRANTED “[R]ehearing en banc is not favored.” Fed. R. App. P. 40(a); 6th Circuit IOP 40(b)(1) (en banc rehearing petition is an “extraordinary request”). “The decision to grant en banc consideration is unquestionably among the most serious non-merits determinations an appellate court can make, because it may have the effect of vacating a panel opinion that is the product of a substantial expenditure of time and effort by three judges and numerous counsel.” Mitts, 626 F.3d at 370 (Sutton, J., concurring in the denial of rehearing en banc) (quoting Bartlett ex rel. Neuman v. Bowen, 824 F.2d 1240, 1243–44 (D.C. Cir. 1987) (Edwards, J., concurring in the denial of rehearing en banc)). Accordingly, “[s]uch a determination should be made only in the most compelling circumstances.” Id. There are no such circumstances here. A. The Panel Decision Does Not Conflict With That Of Any Other Court Of Appeals To start, there is no circuit split. See Mitts, 626 F.3d at 370 (Sutton, J., concurring in the denial of rehearing en banc). Petitioners themselves state (Ohio Telecom Rehearing Pet. 10), that “this is the first court ruling - 14 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 20 directly addressing the CRA’s reissuance bar.”4 That is mostly true: the Ninth Circuit has addressed the scope of the reissuance bar, but its decision is entirely consistent with the panel decision here. See Safari Club Int’l v. Haaland, 31 F.4th 1157, 1170 (9th Cir. 2022) (rejecting argument that disapproval of a broader rule barred a narrower one because the rules were not “substantively identical”). Likewise, no other court of appeals has addressed whether Section 201(b) or 222 of the Communications Act authorizes the Commission to regulate the disclosure of PII or any other aspect of the challenged data breach reporting rule. Petitioners do not suggest otherwise. Instead, they argue that the panel’s “treatment of the general/specific canon . . . conflicts with decisions from other courts of appeals addressing analogous statutes.” Ohio Telecom Rehearing Pet. 14; see also Hamilton Relay Rehearing Pet. 8. But those cases apply the same specific/general principles the panel cited here to different statutory contexts. Compare Ohio Telecom, 150 F.4th at 716 (citing RadLAX Gateway Hotel, LLC v. Amalgamated Bank, 566 U.S. 639, 645 (2012) for the proposition that “where a specific statute conflicts or overlaps with a general statute, the 4 Intervenor Hamilton Relay does not address the Congressional Review Act issue in its rehearing petition. - 15 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 21 ‘specific governs the general’”); Nat’l Ass’n of Priv. Fund Managers v. SEC, 103 F.4th 1097, 1112 (5th Cir. 2024) (same). As here, the outcomes of those cases turned on the particular statutory context, history, and structure at issue. See id. at 1113 (“While the Dodd-Frank Act expanded the Commission’s oversight in many respects, it did not do so to the extent the Commission argues here in a section enacted decades earlier in 1940.”); In re Lazarus, 478 F.3d 12, 19 (1st Cir. 2007) (“The contemporaneousness test [for avoidable transfers in bankruptcy] was added late in the day to address a much broader generic problem” and thus “was assuredly not meant to override the specific 10–day requirement” to perfect a transfer.). Petitioners point to no conflicting application of the specific/general canon in the statutory context presented here. B. Petitioners Overstate the Panel Decision’s Consequences Petitioners’ policy concerns are exaggerated. Nothing in the panel’s interpretation of the Congressional Review Act alters the fundamental relationship between Congress and administrative agencies. Congress remains free to disapprove under the CRA any subsequent rule issued by an agency. And even outside the CRA process, Congress is always free - 16 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 22 through legislation to strip a federal agency of authority to act in a given area. Agencies “are creatures of statute,” and “accordingly possess only the authority that Congress has provided.” NFIB v. OSHA, 595 U.S. 109, 117 (2022)(per curiam). Petitioners fear that, under the panel’s decision, “an agency need only add or subtract a provision, or make a few cosmetic tweaks, to resurrect a rule Congress disapproved.” Ohio Telecom Rehearing Pet. 9. But that is not what happened here. The panel found “notable differences between” the 2016 and 2024 data breach reporting requirements, and it concluded that, “[e]ven under Petitioners’ conception of the CRA,” the rules were “not ‘substantially the same.’” Ohio Telecom, 150 F.4th at 724- 25. Petitioners disagree with the panel’s characterization, but en banc re-examination of the fact-specific details of the differences between the two Commission orders is unwarranted. Petitioners likewise overstate (Ohio Telecom Rehearing Pet. 16–17, Hamilton Relay Pet. 15–17) the import of the panel’s interpretation of the Communications Act. The panel’s Communications Act ruling is limited to a narrow question of FCC authority: whether the Act authorizes the Commission to impose data breach reporting requirements on telecommunications carriers (and telecommunications - 17 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 23 relay service providers) only for CPNI, or for a broader category of customer information (PII) that includes government identification, account access, and medical data. See Ohio Telecom, 150 F.4th at 705– 06, 720; A10 (Order ¶18) (defining scope of covered PII). The stakes are particularly modest because telecommunications carriers are already subject to similar reporting requirements under other breach notification regimes. See A11 (Order ¶19). Nothing in the panel decision or the Commission’s order purports to claim authority for “all manner of carrier business activities” under Section 201(b), Ohio Telecom Rehearing Pet. 17, to assert “nigh-limitless authority far afield from traditional common carriage regulation,” Hamilton Relay Pet. 11, or to speak for future cases. Petitioners’ contrary speculation about hypothetical agency overreach does not justify en banc review. In its rehearing petition, intervenor Hamilton Relay also advances a new statutory argument: that Section 225’s “functionally equivalent” standard, 47 U.S.C. § 225(a)(3), authorizes the Commission to impose privacy requirements on telecommunications relay service providers only when the equivalent protections are grounded in Section 222, but not when such protections are grounded in Section 201(b). Hamilton Relay Rehearing Pet. 12–15. This Court “typically do[es] not consider - 18 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 24 arguments raised for the first time in a petition for rehearing.” United States v. Shafer, 573 F.3d 267, 275 (6th Cir. 2009). In any event, Section 225’s plain text makes no such distinction, nor does the challenged order purport to tie the Commission’s authority over telecommunications relay service providers only to Section 222. See, e.g., Data Breach Order, 38 FCC Rcd. at 12588, ¶130 (“[T]he specific mandate of section 225 to establish ‘functional requirements, guidelines, and operations procedures for TRS’ authorizes the Commission to make the privacy protections included in the Commission's data breach regulations applicable to TRS users.”). Even then, for the reasons already discussed, this issue is merely a narrower iteration of an already narrow statutory question undeserving of en banc review. C. Mere Disagreement on the Merits Does Not Warrant En Banc Review Faced with two narrow holdings that create no circuit conflict, petitioners devote most of their en banc petitions to arguing the merits. See Ohio Telecom Rehearing Pet. 6–9, 11–15; Hamilton Relay Pet. 7–15. But “[i]n the run-of-the-mine case that ground rarely suffices, else many cases a year would be decided in panels of 16, a rarely satisfying, often unproductive, always inefficient process.” Mitts, 626 F.3d at 370 (Sutton, - 19 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 25 J., concurring in the denial of rehearing en banc); see also Nat’l Ass’n of Immigr. Judges v. Owen, 160 F.4th 100, 101 (4th Cir. 2025) (Wilkinson, J., concurring in the denial of rehearing en banc) (“Mere disagreement with the merits of a panel’s decision is seldom sufficient grounds for deviating from our normal respect for panel adjudication.”). So too here. Because “the central ground for review is mere disagreement on the merits,” id., rehearing en banc is unwarranted. - 20 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 26 CONCLUSION The petitions for rehearing en banc should be denied. Dated: July 2, 2026 Respectfully submitted, /s/ Adam L. Sorensen Dina Kallay Deputy Assistant D. Adam Candeub Attorney General General Counsel Jacob M. Lewis Robert B. Nicholson Associate General Counsel Attorney Sarah E. Citrin U.S. DEPARTMENT OF JUSTICE Deputy Associate General Counsel ANTITRUST DIVISION Adam L. Sorensen 950 Pennsylvania Ave. NW Counsel Washington, DC 20530 FEDERAL COMMUNICATIONS Counsel for Respondent COMMISSION United States of America 45 L Street NE Washington, DC 20554 (202) 418-1740 fcclitigation@fcc.gov Counsel for Respondent Federal Communications Commission - 21 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 27 CERTIFICATE OF COMPLIANCE Certificate of Compliance With Type-Volume Limitation, Typeface Requirements and Type Style Requirements 1. This document complies with the type-volume limit of Fed. R. App. P. 32(a)(7)(B) because, excluding the parts of the document exempted by Fed. R. App. P. 32(f): ☒ this document contains 3,564 words, or ☐ this document uses a monospaced typeface and contains lines of text. 2. This document complies with the typeface requirements of Fed. R. App. P. 32(a)(5) and the type style requirements of Fed. R. App. P. 32(a)(6) because: ☒ this document has been prepared in a proportionally spaced typeface using Microsoft Word for Office 365 in 14-point Century Schoolbook, or ☐ this document has been prepared in a monospaced spaced typeface using with . /s/ Adam L. Sorensen Adam L. Sorensen Counsel for Respondents - 22 - Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 28 STATUTORY ADDENDUM Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 29 STATUTORY ADDENDUM CONTENTS Page 5 U.S.C. § 551 .................................................................................... Add. 2 5 U.S.C. § 801 .................................................................................... Add. 3 47 U.S.C. § 201................................................................................... Add. 7 47 U.S.C. § 222................................................................................... Add. 8 47 U.S.C. § 225................................................................................. Add. 13 Add. 1 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 30 5 U.S.C. § 551 provides in pertinent part: (4) “rule” means the whole or a part of an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or describing the organization, procedure, or practice requirements of an agency and includes the approval or prescription for the future of rates, wages, corporate or financial structures or reorganizations thereof, prices, facilities, appliances, services or allowances therefor or of valuations, costs, or accounting, or practices bearing on any of the foregoing; Add. 2 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 31 5 U.S.C. § 801 provides: § 801. Congressional review (a)(1)(A) Before a rule can take effect, the Federal agency promulgating such rule shall submit to each House of the Congress and to the Comptroller General a report containing— (i) a copy of the rule; (ii) a concise general statement relating to the rule, including whether it is a major rule; and (iii) the proposed effective date of the rule. (B) On the date of the submission of the report under subparagraph (A), the Federal agency promulgating the rule shall submit to the Comptroller General and make available to each House of Congress-- (i) a complete copy of the cost-benefit analysis of the rule, if any; (ii) the agency's actions relevant to sections 603, 604, 605, 607, and 609; (iii) the agency's actions relevant to sections 202, 203, 204, and 205 of the Unfunded Mandates Reform Act of 1995; and (iv) any other relevant information or requirements under any other Act and any relevant Executive orders. (C) Upon receipt of a report submitted under subparagraph (A), each House shall provide copies of the report to the chairman and ranking member of each standing committee with jurisdiction under the rules of the House of Representatives or the Senate to report a bill to amend the provision of law under which the rule is issued. (2)(A) The Comptroller General shall provide a report on each major rule to the committees of jurisdiction in each House of the Congress by the end of 15 calendar days after the submission or publication date as provided in section 802(b)(2). The report of the Comptroller General shall include an assessment of the agency's compliance with procedural steps required by paragraph (1)(B), and shall in addition include an assessment of the agency's compliance with such requirements of the Administrative Pay-As-You-Go Act of 2023 as may be applicable. Add. 3 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 32 (B) Federal agencies shall cooperate with the Comptroller General by providing information relevant to the Comptroller General's report under subparagraph (A). (3) A major rule relating to a report submitted under paragraph (1) shall take effect on the latest of-- (A) the later of the date occurring 60 days after the date on which- (i) the Congress receives the report submitted under paragraph (1); or (ii) the rule is published in the Federal Register, if so published; (B) if the Congress passes a joint resolution of disapproval described in section 802 relating to the rule, and the President signs a veto of such resolution, the earlier date-- (i) on which either House of Congress votes and fails to override the veto of the President; or (ii) occurring 30 session days after the date on which the Congress received the veto and objections of the President; or (C) the date the rule would have otherwise taken effect, if not for this section (unless a joint resolution of disapproval under section 802 is enacted). (4) Except for a major rule, a rule shall take effect as otherwise provided by law after submission to Congress under paragraph (1). (5) Notwithstanding paragraph (3), the effective date of a rule shall not be delayed by operation of this chapter beyond the date on which either House of Congress votes to reject a joint resolution of disapproval under section 802. (b)(1) A rule shall not take effect (or continue), if the Congress enacts a joint resolution of disapproval, described under section 802, of the rule. (2) A rule that does not take effect (or does not continue) under paragraph (1) may not be reissued in substantially the same form, and a new rule that is substantially the same as such a rule may not be issued, unless the reissued or new rule is specifically authorized by a law enacted after the date of the joint resolution disapproving the original rule. Add. 4 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 33 (c)(1) Notwithstanding any other provision of this section (except subject to paragraph (3)), a rule that would not take effect by reason of subsection (a)(3) may take effect, if the President makes a determination under paragraph (2) and submits written notice of such determination to the Congress. (2) Paragraph (1) applies to a determination made by the President by Executive order that the rule should take effect because such rule is-- (A) necessary because of an imminent threat to health or safety or other emergency; (B) necessary for the enforcement of criminal laws; (C) necessary for national security; or (D) issued pursuant to any statute implementing an international trade agreement. (3) An exercise by the President of the authority under this subsection shall have no effect on the procedures under section 802 or the effect of a joint resolution of disapproval under this section. (d)(1) In addition to the opportunity for review otherwise provided under this chapter, in the case of any rule for which a report was submitted in accordance with subsection (a)(1)(A) during the period beginning on the date occurring-- (A) in the case of the Senate, 60 session days, or (B) in the case of the House of Representatives, 60 legislative days, before the date the Congress adjourns a session of Congress through the date on which the same or succeeding Congress first convenes its next session, section 802 shall apply to such rule in the succeeding session of Congress. (2)(A) In applying section 802 for purposes of such additional review, a rule described under paragraph (1) shall be treated as though-- (i) such rule were published in the Federal Register (as a rule that shall take effect) on-- (I) in the case of the Senate, the 15th session day, or (II) in the case of the House of Representatives, the 15th legislative day, Add. 5 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 34 after the succeeding session of Congress first convenes; and (ii) a report on such rule were submitted to Congress under subsection (a)(1) on such date. (B) Nothing in this paragraph shall be construed to affect the requirement under subsection (a)(1) that a report shall be submitted to Congress before a rule can take effect. (3) A rule described under paragraph (1) shall take effect as otherwise provided by law (including other subsections of this section). (e)(1) For purposes of this subsection, section 802 shall also apply to any major rule promulgated between March 1, 1996, and the date of the enactment of this chapter. (2) In applying section 802 for purposes of Congressional review, a rule described under paragraph (1) shall be treated as though-- (A) such rule were published in the Federal Register on the date of enactment of this chapter; and (B) a report on such rule were submitted to Congress under subsection (a)(1) on such date. (3) The effectiveness of a rule described under paragraph (1) shall be as otherwise provided by law, unless the rule is made of no force or effect under section 802. (f) Any rule that takes effect and later is made of no force or effect by enactment of a joint resolution under section 802 shall be treated as though such rule had never taken effect. (g) If the Congress does not enact a joint resolution of disapproval under section 802 respecting a rule, no court or agency may infer any intent of the Congress from any action or inaction of the Congress with regard to such rule, related statute, or joint resolution of disapproval. Add. 6 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 35 47 U.S.C. § 201 provides in pertinent part: (b) All charges, practices, classifications, and regulations for and in connection with such communication service, shall be just and reasonable, and any such charge, practice, classification, or regulation that is unjust or unreasonable is declared to be unlawful: Provided, That communications by wire or radio subject to this chapter may be classified into day, night, repeated, unrepeated, letter, commercial, press, Government, and such other classes as the Commission may decide to be just and reasonable, and different charges may be made for the different classes of communications: Provided further, That nothing in this chapter or in any other provision of law shall be construed to prevent a common carrier subject to this chapter from entering into or operating under any contract with any common carrier not subject to this chapter, for the exchange of their services, if the Commission is of the opinion that such contract is not contrary to the public interest: Provided further, That nothing in this chapter or in any other provision of law shall prevent a common carrier subject to this chapter from furnishing reports of positions of ships at sea to newspapers of general circulation, either at a nominal charge or without charge, provided the name of such common carrier is displayed along with such ship position reports. The Commission may prescribe such rules and regulations as may be necessary in the public interest to carry out the provisions of this chapter. Add. 7 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 36 47 U.S.C. § 222 provides: § 222. Privacy of customer information (a) In general Every telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier. (b) Confidentiality of carrier information A telecommunications carrier that receives or obtains proprietary information from another carrier for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts. (c) Confidentiality of customer proprietary network information (1) Privacy requirements for telecommunications carriers Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories. (2) Disclosure on request by customers A telecommunications carrier shall disclose customer proprietary network information, upon affirmative written request by the customer, to any person designated by the customer. (3) Aggregate customer information Add. 8 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 37 A telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information other than for the purposes described in paragraph (1). A local exchange carrier may use, disclose, or permit access to aggregate customer information other than for purposes described in paragraph (1) only if it provides such aggregate information to other carriers or persons on reasonable and nondiscriminatory terms and conditions upon reasonable request therefor. (d) Exceptions Nothing in this section prohibits a telecommunications carrier from using, disclosing, or permitting access to customer proprietary network information obtained from its customers, either directly or indirectly through its agents-- (1) to initiate, render, bill, and collect for telecommunications services; (2) to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services; (3) to provide any inbound telemarketing, referral, or administrative services to the customer for the duration of the call, if such call was initiated by the customer and the customer approves of the use of such information to provide such service; and (4) to provide call location information concerning the user of a commercial mobile service (as such term is defined in section 332(d) of this title) or the user of an IP-enabled voice service (as such term is defined in section 615b of this title)-- (A) to a public safety answering point, emergency medical service provider or emergency dispatch provider, public safety, fire service, or law enforcement official, or hospital emergency or trauma care facility, in order to respond to the user's call for emergency services; Add. 9 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 38 (B) to inform the user's legal guardian or members of the user's immediate family of the user's location in an emergency situation that involves the risk of death or serious physical harm; or (C) to providers of information or database management services solely for purposes of assisting in the delivery of emergency services in response to an emergency. (e) Subscriber list information Notwithstanding subsections (b), (c), and (d), a telecommunications carrier that provides telephone exchange service shall provide subscriber list information gathered in its capacity as a provider of such service on a timely and unbundled basis, under nondiscriminatory and reasonable rates, terms, and conditions, to any person upon request for the purpose of publishing directories in any format. (f) Authority to use location information For purposes of subsection (c)(1), without the express prior authorization of the customer, a customer shall not be considered to have approved the use or disclosure of or access to-- (1) call location information concerning the user of a commercial mobile service (as such term is defined in section 332(d) of this title) or the user of an IP-enabled voice service (as such term is defined in section 615b of this title), other than in accordance with subsection (d)(4); or (2) automatic crash notification information to any person other than for use in the operation of an automatic crash notification system. (g) Subscriber listed and unlisted information for emergency services Add. 10 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 39 Notwithstanding subsections (b), (c), and (d), a telecommunications carrier that provides telephone exchange service or a provider of IP- enabled voice service (as such term is defined in section 615b of this title) shall provide information described in subsection (i)(3)(A)1 (including information pertaining to subscribers whose information is unlisted or unpublished) that is in its possession or control (including information pertaining to subscribers of other carriers) on a timely and unbundled basis, under nondiscriminatory and reasonable rates, terms, and conditions to providers of emergency services, and providers of emergency support services, solely for purposes of delivering or assisting in the delivery of emergency services. (h) Definitions As used in this section: (1) Customer proprietary network information The term “customer proprietary network information” means-- (A) information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship; and (B) information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier; except that such term does not include subscriber list information. (2) Aggregate information The term “aggregate customer information” means collective data that relates to a group or category of services or customers, from which individual customer identities and characteristics have been removed. (3) Subscriber list information The term “subscriber list information” means any information-- Add. 11 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 40 (A) identifying the listed names of subscribers of a carrier and such subscribers' telephone numbers, addresses, or primary advertising classifications (as such classifications are assigned at the time of the establishment of such service), or any combination of such listed names, numbers, addresses, or classifications; and (B) that the carrier or an affiliate has published, caused to be published, or accepted for publication in any directory format. (4) Public safety answering point The term “public safety answering point” means a facility that has been designated to receive emergency calls and route them to emergency service personnel. (5) Emergency services The term “emergency services” means 9-1-1 emergency services and emergency notification services. (6) Emergency notification services The term “emergency notification services” means services that notify the public of an emergency. (7) Emergency support services The term “emergency support services” means information or data base management services used in support of emergency services. Add. 12 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 41 47 U.S.C. § 225 provides in pertinent part: (a) Definitions As used in this section-- (1) Common carrier or carrier The term “common carrier” or “carrier” includes any common carrier engaged in interstate communication by wire or radio as defined in section 153 of this title and any common carrier engaged in intrastate communication by wire or radio, notwithstanding sections 152(b) and 221(b) of this title. (2) TDD The term “TDD” means a Telecommunications Device for the Deaf, which is a machine that employs graphic communication in the transmission of coded signals through a wire or radio communication system. (3) Telecommunications relay services The term “telecommunications relay services” means telephone transmission services that provide the ability for an individual who is deaf, hard of hearing, deaf-blind, or who has a speech disability to engage in communication by wire or radio with one or more individuals, in a manner that is functionally equivalent to the ability of a hearing individual who does not have a speech disability to communicate using voice communication services by wire or radio. (b) Availability of telecommunications relay services (1) In general In order to carry out the purposes established under section 151 of this title, to make available to all individuals in the United States a rapid, efficient nationwide communication service, and to increase the utility of the telephone system of the Nation, the Commission shall ensure that interstate and intrastate telecommunications relay services are available, to the extent possible and in the most efficient manner, to hearing-impaired and speech-impaired individuals in the United States. (2) Use of general authority and remedies For the purposes of administering and enforcing the provisions of this section and the regulations prescribed thereunder, the Commission shall have the same authority, power, and functions Add. 13 Case: 24-3133 Document: 94 Filed: 07/02/2026 Page: 42 with respect to common carriers engaged in intrastate communication as the Commission has in administering and enforcing the provisions of this subchapter with respect to any common carrier engaged in interstate communication. Any violation of this section by any common carrier engaged in intrastate communication shall be subject to the same remedies, penalties, and procedures as are applicable to a violation of this chapter by a common carrier engaged in interstate communication. (c) Provision of services Each common carrier providing telephone voice transmission services shall, not later than 3 years after July 26, 1990, provide in compliance with the regulations prescribed under this section, throughout the area in which it offers service, telecommunications relay services, individually, through designees, through a competitively selected vendor, or in concert with other carriers. A common carrier shall be considered to be in compliance with such regulations-- (1) with respect to intrastate telecommunications relay services in any State that does not have a certified program under subsection (f) and with respect to interstate telecommunications relay services, if such common carrier (or other entity through which the carrier is providing such relay services) is in compliance with the Commission's regulations under subsection (d); or (2) with respect to intrastate telecommunications relay services in any State that has a certified program under subsection (f) for such State, if such common carrier (or other entity through which the carrier is providing such relay services) is in compliance with the program certified under subsection (f) for such State. (d) Regulations (1) In general The Commission shall, not later than 1 year after July 26, 1990, prescribe regulations to implement this section, including regulations that-- (A) establish functional requirements, guidelines, and operations procedures for telecommunications relay services; (B) establish minimum standards that shall be met in carrying out subsection (c); Add. 14