Federal Communications Commission FCC 20-20 Before the Federal Communications Commission Washington, D.C. 20554 In the Matter of Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications Petition of California Public Utilities Commission and the People of the State of California for Rulemaking on States’ Access to the Network Outage Reporting System (“NORS”) and a Ruling Granting California Access to NORS ) ) ) ) ) ) ) ) ) ) PS Docket No. 15-80 RM No. 11588 (terminated) SECOND FURTHER NOTICE OF PROPOSED RULEMAKING Adopted: February 28, 2020 Released: March, 2, 2020 Comment Date: (30 days after date of publication in the Federal Register) Reply Comment Date: (60 days after date of publication in the Federal Register) By the Commission: Chairman Pai and Commissioners O’Rielly and Carr issuing separate statements; Commissioners Rosenworcel and Starks dissenting and issuing separate statements. TABLE OF CONTENTS Heading Paragraph # I. INTRODUCTION 1 II. BACKGROUND 4 III. DISCUSSION 15 A. Sharing NORS filings with State and Federal Agencies 16 B. Sharing DIRS Filings with State and Federal Agencies 19 C. Eligible State, Federal, and Tribal Nation Government Agencies 23 D. Confidentiality Protections 28 E. Proposed Safeguards for Direct Access to NORS and DIRS Filings 34 1. Read-Only Direct Access to NORS and DIRS 34 2. Sharing of Confidential NORS and DIRS Information 37 3. Disclosing Aggregated NORS and DIRS Information 44 4. Direct Access to NORS and DIRS Filings Based on Jurisdiction 47 5. Limiting the Number of User Accounts Per Participating Agency 54 6. Training Requirements 58 F. Procedures for Requesting Direct Access to NORS and DIRS 64 G. Compliance Dates 68 IV. PROCEDURAL MATTERS 70 V. ORDERING CLAUSES 76 Appendix A: Proposed Rule Appendix B: Initial Regulatory Flexibility Analysis Appendix C: Certification Form I. INTRODUCTION 1. The Commission supports our Nation’s incident preparedness goals and emergency response efforts by, among other things, collecting and providing accurate and timely communications outage and infrastructure status information via our Network Outage Reporting System (NORS) and Disaster Information Reporting System (DIRS). NORS and DIRS provide critical information about significant disruptions or outages to communication services, including among others, wireline, wireless, cable, broadcast (radio and television), satellite, and interconnected VoIP, as well as communications disruptions affecting Enhanced 9-1-1 facilities and airports. Given the sensitive nature of this data to both national security and commercial competitiveness, the outage data is presumed to be confidential. 2. Today when a major disaster or outage occurs, we make this information available to the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC). DHS uses this information to assess the needs of an affected area and to coordinate overall emergency response efforts with state and local first responders so that assets such as equipment, fuel, and personnel can be directed to where they are most needed. 3. Our experience over the years with major outages—from the 2017 hurricanes, tornadoes, and flooding, to power shutdowns in California and the latest earthquakes in Puerto Rico—all underscore the value of reliable and timely outage information to the rapid restoration of communications (including wireline and wireless telephone, television, radio, and satellite). This experience has also heightened our understanding of the crucial role state and local authorities can play in the successful restoration of disrupted communications. We thus now consider how more direct access to outage information might improve the situational awareness and ability of state and local authorities to respond more quickly to outages impacting their communities and to help save lives. Specifically, this Second Further Notice of Proposed Rulemaking proposes an information sharing framework that would provide state and federal agencies with access to NORS and DIRS information while also preserving the confidentiality of that data. II. BACKGROUND 4. In 2004, the Commission adopted rules that require outage reporting for certain communications providers to address “the critical need for rapid, complete, and accurate information on service disruptions that could affect homeland security, public health or safety, and the economic well-being of our Nation, especially in view of the increasing importance of non-wireline communications in the Nation’s communications networks and critical infrastructure.” New Part 4 of the Commission’s Rules Concerning Disruptions to Communications, ET Docket No. 04-35, Report and Order and Further Notice of Proposed Rulemaking, 19 FCC Rcd 16830 (2004) (2004 Part 4 Report and Order). (adopting 47 CFR Part 4). 5. Under these rules, certain service providers must submit outage reports to NORS for outages that exceed specified duration and magnitude thresholds. See 47 CFR § 4.9. Service providers are required to submit a notification into NORS generally within 30 minutes of determining that an outage is reportable to provide the Commission with timely preliminary information. The service provider must then either (i) provide an initial report within three calendar days, followed by a final report with complete information on the outage within 30 calendar days of the notification; Id. (describing the outage reporting requirements for communications service providers). Interconnected VoIP service providers do not file initial reports and instead file a notification and then a final report. 47 CFR § 4.9(g). or (ii) withdraw the notification and initial reports if further investigation indicates that the outage did not in fact meet the applicable reporting thresholds. 47 CFR § 4.11 (stating that “[n]otifications and initial reports may be withdrawn under legitimate circumstances, e.g., when the filing was made under the mistaken assumption that an outage was required to be reported”). 6. All three types of NORS filings—notifications, initial reports, and final reports—contain service disruption or outage information that, among other things, include: the reason the event is reportable, incident date/time and location details, state affected, number of potentially affected customers, and whether enhanced 911 (E911) was affected. FCC, Network Outage Reporting System User Manual, version 3 (2018), https://www.fcc.gov/file/12265/download. The Commission analyzes NORS outage reports to, in the short-term, assess the magnitude of major outages, and in the long-term, identify network reliability trends and determine whether the outages likely could have been prevented or mitigated had the service providers followed certain network reliability best practices. Information collected in NORS has contributed to several of the Commission’s outage investigations and recommendations for improving network reliability. See, e.g., FCC, Public Safety and Homeland Security Bureau, December 27, 2018 CenturyLink Network Outage Report (PSHSB 2018), https://docs.fcc.gov/public/attachments/DOC-359134A1.pdf; FCC, Public Safety and Homeland Security Bureau, March 8th, 2017 AT&T VoLTE 911 Outage Report and Recommendations, PS Docket No. 17-68, (PSHSB 2017) https://docs.fcc.gov/public/attachments/DOC-344941A1.pdf; FCC, Public Safety and Homeland Security Bureau, April 2014 Multistate 911 Outage: Cause and Impact, Report and Recommendations, PS Docket No. 14-72, (PSHSB 2014) https://docs.fcc.gov/public/attachments/DOC-330012A1.pdf; FCC, Public Safety and Homeland Security Bureau, Impact of the June 2012 Derecho on Communications Networks and Services, Report and Recommendations, (PSHSB 2013) https://docs.fcc.gov/public/attachments/DOC-318331A1.pdf. 7. NORS filings are presumed confidential and thus withheld from routine public inspection. 47 CFR §§ 0.457(d)(vi), 4.2. See 2004 Part 4 Report and Order, 19 FCC Rcd at 16834, 16852-53, 16855-56, 16922, paras. 3, 40, 45-46 and Appendix A; Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, et al., PS Docket No. 15-80 et al., Notice of Proposed Rulemaking, Second Report and Order, and Order on Reconsideration, 30 FCC Rcd 3206, 3224, para. 51 (2015) (2015 Part 4 NPRM); Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, et al., PS Docket No. 15-80 et al., Report and Order, Further Notice of Proposed Rulemaking, and Order on Reconsideration, 31 FCC Rcd 5817, 5848-49, 5875-76 paras. 81,144 (2016) (2016 Part 4 Order and Further Notice) (referencing Section 4.2 for current filings and seeking comment on extending the presumption of confidentiality for the broadband outage reporting filings proposed in the Further Notice). The Commission grants read-only access to outage report filings in NORS to the NCCIC at DHS, Department of Homeland Security, National Cybersecurity and Communications Integration Center, https://www.dhs.gov/cisa/national-cybersecurity-communications-integration-center (last visited Dec. 12, 2019). but it does not currently grant access to other federal agencies, state governments, or other entities. 2004 Part 4 Report and Order, 19 FCC Rcd at 16856, para. 47 (making NORS reports available to DHS “in encrypted form and immediately upon receipt”). DHS, however, may share relevant information with other federal agencies at its discretion. See id. The Commission publicly shares limited analyses of aggregated and anonymized data to collaboratively address industry-wide network reliability issues and improvements. 8. In the wake of Hurricane Katrina, the Commission established DIRS as a means for service providers, including wireless, wireline, broadcast, and cable providers, to voluntarily report to the Commission their communications infrastructure status and situational awareness information during times of crisis. See Public Safety and Homeland Security Bureau Launches Disaster Information Reporting System (DIRS), DA 07-3871, Public Notice, 22 FCC Rcd 16757 (PSHSB 2007); Recommendations of the Independent Panel Reviewing the Impact of Hurricane Katrina on Communications Networks, Order, EB Docket No. 06-119 et al., 22 FCC Rcd at 10547-49, paras. 19-21 (2007) (directing the Public Safety and Homeland Security Bureau to continue its work to activate a system and process for communications companies serving areas affected by disasters to voluntarily submit information regarding among other things, the status of their operations, restoration efforts, power availability, and fuel). The Commission recently required a subset of service providers that receive Stage 2 funding from the Uniendo a Puerto Rico Fund or the Connect USVI Fund to report in DIRS when it is activated in the respective territories. The Uniendo a Puerto Rico Fund and the Connect USVI Fund, et al., WC Docket No. 18-143, et al., Report and Order and Order on Reconsideration, 34 FCC Rcd 9109, 9174, 9176-77, paras. 133,138-140 (2019) (Puerto Rico & USVI USF Fund Report and Order). DIRS, like NORS, is a web-based filing system. The Commission analyzes infrastructure status information submitted in DIRS to provide public reports on communications status during DIRS activation periods, See FCC, Public Safety and Homeland Security Bureau, Operations and Emergency Management Division, FCC Hurricane Response (Oct. 11, 2018), https://www.fcc.gov/fcc-hurricane-response (presenting a collection of public reports released during DIRS activation periods for recent hurricanes). as well as to help inform investigations about the reliability of communications following disasters. See PSHSB Hurricane Michael Report. 9. The Commission treats DIRS filings as presumptively confidential and limits the disclosure of information derived from those filings. The Commission grants direct access to the DIRS database to the NCCIC at DHS. FCC, Communications Disaster Information Reporting System (DIRS), 3060-1003, Supporting Statement (2018). The Commission prepares and provides aggregated DIRS information, without company identifying information, to the NCCIC, which then distributes the information to Emergency Support Function #2 (ESF-2) participants, including other units in DHS, during an ESF-2 incident. ESF-2 is led by DHS and composed by other participants, including the Department of Agriculture, Department of Commerce, Department of Defense, General Services Administration, Department of Interior, and the Federal Communications Commission. See Federal Emergency Management Agency, Emergency Support Function #2, Communications Annex at 1 (June 2016), https://www.fema.gov/media-library-data/1473679033823-d7c256b645e9a67cbf09d3c08217962f/ESF_2_Communications_FINAL.pdf. ESF-2’s purpose is to support the restoration of communications infrastructure, coordinate communications support to restoration efforts, facilitate the delivery of information to emergency management decision makers, and assist in the stabilization and reestablishment of systems and applications during incidents. Id. DHS, at its discretion and subject to its governing statutes, may choose to further share this information with other federal agencies. The Commission does not oversee such additional sharing by DHS, including when DHS through the NCCIC shares the Commission’s aggregated and anonymized DIRS information with ESF-2 partners. Agencies use the analyses for their situational awareness and for restoration priorities for communications infrastructure in affected areas. Chris Anderson, Chief, Operations and Emergency Management Division, Public Safety and Homeland Security Bureau, FCC, Response to Hurricanes Harvey, Irma, and Maria, Presentation at Commission Open Meeting at 2, (PSHSB 2017), https://docs.fcc.gov/public/attachments/DOC-346920A2.pdf (describing FEMA and other federal agencies’ use of DIRS information “to understand the status of communications infrastructure in…impacted areas and to set restoration priorities”). The Commission also provides aggregated data, without company-identifying information, to the public during disasters. 10. In 2009, the California Public Utilities Commission (CPUC) filed a petition requesting that the Commission amend its rules in order to permit state agencies to directly access the Commission’s NORS filings for outages filed in their respective states. See Petition of the California Public Utilities Commission and the People of the State of California, ET Docket No. 04-35 (filed Nov. 12, 2009) (CPUC Petition); Public Safety and Homeland Security Bureau Seeks Comment on Petition for Rulemaking by the California Public Utilities Commission Requesting That State Public Utilities Commissions Be Granted Direct Access to the Commission’s Network Outage Reporting Systems, ET Docket No. 04-35, Public Notice, DA 10-220 (2010) (2010 CPUC Petition Public Notice). The Commission sought public comment on the CPUC’s request. 2010 CPUC Petition Public Notice. The 2009 CPUC Petition has since been withdrawn. See Motion of the California Public Utilities Commission and the People of the State of California to Withdraw California’s Request for a Ruling Granting California Access to the Network Outage Reporting System (“NORS”) Database, ET Docket No. 04-35, RM-11588 (filed Apr. 4, 2018). Accordingly, the Commission is terminating RM-11588. We note, however, that the record in RM-11588 remains available to help inform and resolve issues that are raised in the instant proceeding. 11. In 2015, the Commission proposed to grant state governments “read-only access to those portions of the NORS database that pertain to communications outages in their respective states.” 2015 Part 4 NPRM, 30 FCC Rcd at 3224, para. 51. The Commission also asked if this access should extend beyond states and include “the District of Columbia, U.S. territories and possessions, and Tribal nations.” Id. at 3224, para. 51, n.101. The Commission proposed to condition access on a state’s certification that it “will keep the data confidential and that it has in place confidentiality protections at least equivalent to those set forth in the federal Freedom of Information Act (FOIA).” Id. at 3224, para. 51. The Commission sought comment on other key implementation details, including how to “ensure that the data is shared with officials most in need of the information while maintaining confidentiality and assurances that the information will be properly safeguarded.” Id. at 3224, para. 52. Similarly, in the 2015 Part 4 NPRM, the Commission sought comment on sharing NORS filings with federal agencies pursuant to certain safeguards to protect presumptively confidential information. Id. at 3224-25, para. 54. 12. In the 2016 Order and Further Notice, the Commission found that the record reflected broad agreement that state and federal agencies would benefit from direct access to NORS data and that “such a process would serve the public interest if implemented with appropriate and sufficient safeguards.” 2016 Part 4 Order and Further Notice, 31 FCC Rcd at 5850-53, paras. 84-88. The Commission determined that providing state and federal government agencies with direct access to NORS filings would have public benefits but concluded that the process required more development for “a careful consideration of the details that may determine the long-term success and effectiveness of the NORS program.” Id. at 5853, para. 88. Finding that the record was not fully developed and that the “information sharing proposals raise a number of complex issues that warrant further consideration,” Id. at 5853-54, para. 89. the Commission directed the Public Safety and Homeland Security Bureau (PSHSB) to further study and develop proposals regarding how NORS filings could be shared with state commissions and federal agencies in real time, keeping in mind the information sharing privileges already granted to DHS. Id. at 5853-54, para. 89. 13. The Bureau subsequently conducted ex parte meetings to solicit additional viewpoints from industry, state public service commissions, trade associations, and other public safety stakeholders on the issue of granting state and federal government agencies direct access to NORS and DIRS filings. See generally Letter from Jill Canfield, Vice President of Legal & Industry, Assistant General Counsel, NTCA-The Rural Broadband Association to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al., (filed Nov. 1, 2018); Letter from James Bradford Ramsay, General Counsel, NARUC, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al., (filed Nov. 1, 2018) (NARUC Ex Parte); Letter from Hien Vo Winter, Staff Counsel, California Public Utilities Commission, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al. (filed Nov. 5, 2018); Letter from Francisco Sanchez, Jr., Deputy Emergency Management Coordinator, Harris County Office of Homeland Security & Emergency Management, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al. (filed Nov. 26, 2018); Letter from Robert G. Morse, Associate General Counsel, Federal Regulatory and Legal Affairs, Verizon, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al., at 1-2 (filed Oct. 31, 2018) (Verizon Ex Parte). 14. This Second Further Notice of Proposed Rulemaking FNPRM is part of our overarching effort to promote the reliability and redundancy of communications service in the United States. For example, the Commission is undertaking a comprehensive re-examination of the Wireless Resiliency Cooperative Framework to ensure that it is meeting the needs of communities, with a particular focus on increasing wireless service provider coordination with backhaul providers and electric utilities. See, e.g., Public Safety and Homeland Security Bureau Seeks Comment on Improving Wireless Network Resiliency Through Coordination with Backhaul Providers, PS Docket No. 11-60, Public Notice, 33 FCC Rcd 11742 (PSHSB 2018); Public Safety and Homeland Security Bureau Seeks Comment on Improving Wireless Network Resiliency Through Encouraging Coordination with Power Companies, PS Docket No. 11-60, Public Notice, DA 19-13 (PSHSB 2019); Public Safety and Homeland Security Bureau Seeks Comment on Improving The Wireless Resiliency Cooperative Framework, PS Docket No. 11-60, Public Notice, DA 19-242 (PSHSB 2019). Two federal advisory committees to the Commission, the Broadband Deployment Advisory Committee (BDAC) and the Communications Security, Reliability, and Interoperability Council VII (CSRIC VII) are developing recommendations to improve broadband and broadcast resiliency, respectively. See FCC Announces Next Meeting of the Broadband Deployment Advisory Committee, GN Docket No. 17-83, Public Notice, 34 FCC Rcd 9557 (WCB 2019); FCC, CSRIC VII Working Group Descriptions, https://www.fcc.gov/files/csric7wgdescriptionsdocx (last visited Feb. 25, 2020). PSHSB conducted an investigation into the preparations for and impact of 2018’s Hurricane Michael on communications services and issued a report with recommendations to improve future recovery efforts. FCC, October 2018 Hurricane Michael’s Impact on Communications: Preparation, Effect, and Recovery Report and Recommendations (2019), https://docs.fcc.gov/public/attachments/DOC-357387A1.pdf. The Bureau also sent letters to wireless providers seeking information on their preparations for electric power shutoffs and wildfires in California, See Lisa M. Fowlkes, Wildfires and Wireless Service: We Must be Prepared (Sept. 12, 2019), https://www.fcc.gov/news-events/blog/2019/09/12/wildfires-and-wireless-service-we-must-be-prepared. and it conducted outreach with communications and electric industry stakeholders to assess lessons learned. III. DISCUSSION 15. Based on the record before us, the majority of commenters agree that sharing NORS and DIRS information with state and federal agencies—in a manner that preserves the confidentiality of that information—would provide important public safety benefits. Accordingly, we propose a framework for granting state and federal government agencies direct access to NORS and DIRS filings that will assist agencies in their efforts to keep the public safe while preserving confidentiality, ensuring appropriate access, and facilitating reasonable information sharing. A. Sharing NORS filings with State and Federal Agencies 16. NORS filings contain timely information on communications service disruptions or outages impacting a provider’s networks. For example, NORS filings may include useful information about the operational status of communications services or 911 elements that have been affected, as well as incident date, time, and location details. The Commission previously found that sharing NORS data with state and federal agencies would serve the public interest—provided that appropriate and sufficient safeguards were implemented. See 2016 Part 4 Order and Further Notice, 31 FCC Rcd at 5850-53, paras. 84-88. We now propose to reaffirm this finding and to refresh the record. 17. The Puerto Rico Telecommunications Bureau shared its experience in responding to Hurricane Maria in 2017, specifically that the outages impacted communication services for the government agencies responsible for providing essential services. Further, the Puerto Rico Telecommunications Bureau strongly encouraged the Commission to grant state access to NORS so that the agency can coordinate assistance to companies and to emergency government agencies in order to restore communication services and assist its citizens. See Letter from Sandra E. Torres López, Chairwoman, Puerto Rico Telecommunications Board, to Ajit Pai, Chairman, Federal Communications Commission, PS Docket No. 15-80, et al., at 2-3 (Nov. 21, 2018) (Puerto Rico Telecommunications Bureau 2018 Ex Parte). The Massachusetts Department of Telecommunications and Cable (Massachusetts DTC) in turn argues that state agencies need “timely, unrestricted access to accurate outage information in order to respond quickly and maintain public safety.” Massachusetts Department of Telecommunications and Cable Ex Parte at 2. Massachusetts DTC supports state access to NORS, citing the specific challenges it faced in accessing accurate and reliable information during the nationwide CenturyLink outage in December 2018, which also disrupted 911 service throughout the state. Id. at 2 (stating that “[s]tates cannot continue to be left a step behind or in the dark altogether when . . . outages occur”); see also FCC, Public Safety and Homeland Security Bureau, December 27, 2018 CenturyLink Network Outage Report at 11 (2019), https://docs.fcc.gov/public/attachments/DOC-359134A1.pdf. Massachusetts DTC states that during the December 2018 outage, “misinformation was disseminated” regarding the extent of the state’s 911 outages. Massachusetts Department of Telecommunications and Cable Ex Parte at 2; see also Hiawatha Bray & Emily Sweeney, The Boston Globe, “State officials say 911 issues in Mass. ‘have been corrected’,” (Dec. 28, 2018) (https://www.bostonglobe.com/metro/2018/12/28/internet-outage-affecting-wireless-calls-mass/OhYDQH7cgskeN7gugkRpCO/story.html) (stating that the outage that disrupted 911 calls in Massachusetts and across the country “creat[ed] confusion among first responders and expos[ed] a major weakness in the emergency response network”). 18. We believe that subject to appropriate safeguards, giving qualified state and federal agencies NORS access would help restore affected communications and ultimately help save lives. To what extent are state or federal agencies’ efforts to ensure the safety of the public frustrated by the fact that information about communications outages is either difficult to obtain or unavailable? Have there been recent public safety incidents where state or federal agencies could have led a more successful response had they been granted direct access to NORS filings at the time of the incident? How would direct access to NORS filings have assisted in the response for such public safety incidents? Are there additional benefits associated with granting direct access to NORS that we should consider? B. Sharing DIRS Filings with State and Federal Agencies 19. As with NORS data sharing, we propose sharing DIRS filings with eligible state and federal agencies. Unlike NORS filings, which provide a baseline measure for network reliability in a jurisdiction prior to and after disasters, DIRS filings are focused on network status during disasters and in their immediate aftermath. As emergency management officials in California have reported, their currently available resources for identifying the status of communications networks reflect data gaps and inconsistencies at times, For example, California emergency management officials shared that in one instance, the DIRS public report reported that a county had 223,973 customers out of service, while the state agency’s reporting system reported 56,898 customers out of service, a difference of 167,000 customers. Testimony from Paul Troxel, 9-1-1 Communications Branch, California Governor’s Office of Emergency Services, before the California Public Utilities Commission, Prehearing Conference, “Order Instituting Rulemaking Regarding Emergency Disaster Relief Program to Support California Residents, Rulemaking 18-03-011, at 26 (Nov. 20, 2019) http://docs.cpuc.ca.gov/PublishedDocs/Efile/G000/M320/K714/320714651.PDF (reporting that its ability to provide “this information to local agencies is solely dependent on the data provided by the telecommunication service providers”) (Troxel Testimony CPUC Hearing). which make it difficult for officials to make informed emergency management decisions at the local level, such as identifying and knowing how to move the public of out danger and how to report “medically-difficult situations.” Id. at 25-29; Remarks from Marybel Batjer, President, California Public Utilities Commission, before the California Public Utilities Commission, Prehearing Conference, “Order Instituting Rulemaking Regarding Emergency Disaster Relief Program to Support California Residents, Rulemaking 18-03-011, at 123 (Nov. 20, 2019) http://docs.cpuc.ca.gov/PublishedDocs/Efile/G000/M320/K714/320714651.PDF (reporting that needed information was provided to the FCC but not to the state of California, and the desire to ensure that the information is given to the state in a “timely, appropriate manner that can indeed be acted upon by the people who most need it”). 20. DIRS filings, on the other hand, contain timely information about the operational status of service providers’ networks and the associated infrastructure equipment, typically submitted on a daily basis during disaster conditions. DIRS filings also reflect a snapshot of whether specific service provider infrastructure equipment is running on backup power or out of service, as well as the operational status of 911 call centers. As we have found in past communications outages following a disaster, information indicating which counties have a large percentage of its cell towers out of service can provide state authorities the situational awareness they need to appropriately address the communications needs of vulnerable populations in affected areas. After its experience with Hurricane Maria, the Puerto Rico Telecommunications Bureau shared that the DIRS information that it received from communication service providers, not available from the DIRS public reports, was helpful and future access to DIRS information would be an “essential tool” to coordinate assistance to the companies and emergency government agencies in order to restore communication services and assist citizens affected by an outage. See Puerto Rico Telecommunications Bureau 2018 Ex Parte at 2-3. For these reasons, we believe that sharing DIRS information with qualified state and federal agencies would help them to better direct their limited resources, including field staff, to areas of most need, thereby enhancing their communications response and recovery efforts in times of disaster. Service providers who report in DIRS submit information as frequently as on a daily basis. Thus, the information submitted may often represent near-real time status updates on critical communications infrastructure inside the counties most devasted during a natural disaster like a category 5 hurricane or wildfire. 21. Moreover, because the Commission affirmatively waives mandatory NORS reporting requirements for service providers that voluntary report in counties where DIRS is activated, See, e.g., Public Safety & Homeland Security Bureau Extends the Disaster Information Reporting System Collection to All Counties in the U.S. Virgin Islands, Public Notice, DA 19-845 at 2 (PSHSB 2019) https://docs.fcc.gov/public/attachments/DA-19-845A1.pdf (stating that for Tropical Storm Dorian that “[c]ommunications providers are reminded that for providers that participate in DIRS, the separate Network Outage Reporting System (NORS) obligations are suspended for the duration of the DIRS activation with respect to outages in the counties/municipalities where DIRS has been activated”). DIRS sharing will provide more complete and actionable status of communications outages. As the Michigan Public Service Commission observed, a state agency would have an “incomplete picture of outages” without access to both NORS and DIRS whenever DIRS is activated. Letter from Emily A. Jefferson, Assistant Attorney General, Michigan Public Service Commission, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al., at 2 (filed Nov. 16, 2018). 22. We seek comment on our analysis and these anticipated benefits. To what extent would our proposal to share DIRS filings with state and federal agencies improve the effectiveness of response and recovery efforts during and after disasters and emergencies? Are there other, equally effective methods that state and federal agencies may already use to obtain communications status information on a daily basis, especially during and after a devastating event such as a hurricane or wildfire, that does not require access to DIRS? Conversely, what, if any, harms may arise from granting state and federal agencies access to DIRS information? Given that service providers may voluntarily report confidential information in DIRS, we seek comment on whether federal and state agency access to DIRS filings would in any way reduce service provider participation or diminish the level of detail that service providers submit in DIRS. To what extent would any such harms outweigh the benefits of sharing that information? Could those harms be mitigated through the implementation of the safeguards proposed below, and if so, to what extent? C. Eligible State, Federal, and Tribal Nation Government Agencies 23. We believe that providing state and federal agencies, including Tribal Nation government agencies, access to NORS and DIRS information will help promote the timely restoration of communications in affected communities. However, access to NORS and DIRS must be balanced against a need to safeguard and protect the presumed confidentiality of that information. We therefore believe it is necessary to limit the types of agencies that are eligible to receive direct access to NORS and DIRS. We propose that direct access to NORS and DIRS be limited to agencies acting on behalf of the federal government, We note that the NCCIC of DHS already has direct access to NORS and DIRS information; we do not propose to modify the terms by which the NCCIC accesses this information. the fifty states, the District of Columbia, Tribal Nation governments, and United States territories (including Puerto Rico and the U.S. Virgin Islands) that reasonably require access to the information in order to prepare for, or respond to, an event that threatens public safety, pursuant to its official duties (i.e., agencies with a “need to know”). Henceforth, we use the term “state” in this Further Notice to broadly refer to any of the fifty states, the District of Columbia, tribal governments, and United States territories. For purposes of our proposal, we use the term “agency” to refer to any distinct governmental department, commission, board, office, or other organization established to fulfill a specific purpose or role, including a state public utility commission or state department of public safety. We also propose that NORS and DIRS information accessed by these agencies should only be used for public safety purposes. We believe that this proposal provides NORS and DIRS access to the agencies that are in the best position to use outage and infrastructure status information to promote public safety across their jurisdictions. We seek comment on our definition of “need to know” and on any objective criteria that would be sufficient or necessary for a state or federal agency to establish that it satisfies the “need to know” standard. What supporting materials should a state or federal agency provide to the Commission to support its assertion that it has a “need to know” as a condition of access to the NORS and DIRS data? We seek comment on the public safety purposes for which eligible agencies may use NORS and DIRS information, as well as on our proposal to condition access to this information on its use for public safety purposes only. 24. While local agencies will not be able to access NORS and DIRS directly under our proposal, we note that these agencies generally fall within the oversight jurisdiction of state agencies that are eligible. Therefore, the local entities would be in a position to obtain NORS and DIRS filings or information from an affiliated state agency, on a case-by-case basis, provided that the state agency finds that the local entities have a “need to know” justification. We further believe this approach is necessary for a NORS and DIRS information sharing framework to be administrable by the Commission, as county and local eligibility would be likely to result in tens of thousands of applications for access, which would take significant time to process and place significant burdens on Commission staff. We seek comment on our proposal. 25. Are there reasons why local entities require direct access to NORS and DIRS filings, and if so, how could these filings be protected from improper disclosure in view of the extremely large number of such local entities in the nation? Are there other entities, besides the state and federal agencies that we have identified above, that also should be eligible to participate in the proposed information sharing framework? How can we best balance addressing the public safety need for enhanced situational awareness against the risk of inadvertent disclosure of NORS and DIRS information, particularly given the large number of local entities in the nation? 26. For example, should additional criteria be applied to determine whether a specific type of local entity (e.g., local alert-originating entities) should be granted direct access to NORS and DIRS filings? If so, what should those additional criteria be? Should we introduce additional criteria for state-level agencies, such as limiting access to certain types of state agencies (e.g., state public safety and emergency management departments)? Should we exclude from eligibility agencies located in states that have diverted or transferred 911/Enhanced 911 (E911) fees for purposes other than 911/E911? See FCC, Eleventh Annual Report to Congress on State Collection and Distribution of 911 and Enhanced 911 Fees and Charges at 3 (rel. Dec. 19, 2019), https://www.fcc.gov/file/17724/download (identifying five states, including New Jersey, New York, Rhode Island, West Virginia, and Nevada, that diverted or transferred 911/E911 fees for purposes other than 911/E911 in 2018). If so, how should we address conditions of access for states that have inadequately responded to Commission inquiries as to their practices for using 911/E911 fees? Relatedly, should the types of federal agencies eligible for direct access to NORS and DIRS filings be limited and if so, what criteria should we consider? 27. Tribal Nation Governments. We seek comment on our inclusion of Tribal Nation governments in today’s proposed information sharing framework. Given the rural location of many Tribal Nation governments, there may be fewer providers offering service in Tribal lands and each piece of communications equipment may be more critical to maintaining connectivity. See FCC, Report on Broadband Deployment in Indian Country, Pursuant to the Repack Airwaves Yielding Better Access for Users of Modern Services Act of 2018 at 1 (rel. May 1, 2019), https://docs.fcc.gov/public/attachments/DOC-357269A1.pdf (“Tribal lands experience lower rates of both fixed and mobile broadband deployment as compared to non-Tribal areas of the United States, particularly in rural areas. . . . generally, individuals living on Tribal lands that are covered have access to fewer carriers providing 4G LTE coverage.”), submitted to the Senate Committee on Commerce, Science, and Transportation; House of Representatives Committee on Energy and Commerce. Does this consideration weigh in favor of different standards for determining whether Tribal Nation government agencies should be granted access to NORS and DIRS filings compared to the other government agencies described in today’s proposal? If so, what alternative standards should we use to best tailor our proposal to Tribal Nation governments? D. Confidentiality Protections 28. The Commission currently treats NORS and DIRS filings as presumptively confidential. This means that the filings and the information contained therein would be withheld from public disclosure, shared on a limited basis to eligible entities, and provided to others in summarized and aggregated form and only in narrow circumstances. We propose to extend this policy by requiring that participating state and federal government agencies treat NORS and DIRS filings as confidential unless the Commission finds otherwise. For clarity, “eligible agencies” refers to agencies that qualify for direct access to NORS and DIRS under this proposal, while “participating agencies” refers to agencies that have applied for and been granted direct access by the Commission. 29. We continue to believe that NORS filings should be presumptively confidential due to the “sensitive data” they contain that “could be used by hostile parties to attack . . . networks, which are part of the Nation’s critical information infrastructure.” 2004 Part 4 Report and Order, 19 FCC Rcd at 16852-53, para. 40. We also continue to believe that DIRS filings should be presumptively confidential “[b]ecause the information that communications companies input to DIRS is sensitive, for national security and/or commercial reasons.” 2007 DIRS Public Notice, 22 FCC Rcd at 16758. DIRS filings include voluntarily reported “weaknesses in and damage to the national communications infrastructure” and the public disclosure of this information could potentially facilitate targeting of critical infrastructure and key resources. Id. Moreover, we recognize that DIRS filings may contain “internal confidential information that constitutes trade secrets and commercial or financial information,” and data that reflects “the types and deployment of their equipment and the traffic that flows across their networks.” Id. We remain concerned that our national defense and public safety goals could be undermined if information from outage reports could be used by malicious actors to harm, rather than improve, the nation’s communications infrastructure. 2004 Part 4 Report and Order, 19 FCC Rcd at 16855, para. 45. 30. Further, we continue to be sensitive to the notion that the public disclosure of the NORS information, and more likely, the public disclosure of voluntarily submitted DIRS information, could make “regulated entities less forthright in the information submitted to the Commission” due to the “likelihood of substantial competitive harm from disclosure” of their submitted outage or infrastructure status information. Id. at 16855, para. 45. We seek comment on these views and on any alternative approaches. We note that some service providers have recently announced plans to publicly release outage information not previously disclosed. See, e.g., Letter from Rudolph M. Reyes, Jr., Vice President and Associate General Counsel, Western Region, Verizon, to Marybel Batjer, President, California Public Utilities Commission, at 1 (Nov. 18, 2019) (https://www.cpuc.ca.gov/uploadedFiles/CPUCWebsite/Content/News_Room/NewsUpdates/2019/Nov.%2018%202019%20Verizon%20Response%20to%20President%20Batjer%20Nov.%2013%20Letter.pdf) (Verizon Power Shutoff Letter) (announcing that “Verizon will begin making available — on a public and nonconfidential basis — information about the percentage of Verizon’s cell sites in service during disaster situations”). See generally Mallory Moench, San Francisco Chronicle, California Wildfires, California Lawmakers Push for Cell-Tower Backup Power After Wireless Service Failures (Nov. 22, 2019, 4:05pm), https://www.sfchronicle.com/california-wildfires/article/State-lawmakers-push-for-cell-tower-backup-power-14856180.php (reporting that “AT&T, T-Mobile and Verizon pledged Wednesday to publicly disclose data about sites down during outages. They had previously said the information should remain confidential, citing security and competitive concerns.”). We seek comment on the status of current policies, as well as any future plans, of service providers with regard to publicly releasing outage and infrastructure status information, including specific details as to the types of information that providers intend to release and the circumstances under which they will release it. Verizon has argued that “increased public disclosure of company-specific outage information will further improve information flow and transparency during disasters and other emergencies without compromising competitively sensitive data.” Verizon Power Shutoff Letter at 2. We seek comment on how this argument should affect our views on the presumption of confidentiality afforded to NORS and DIRS data. 31. Moreover, we seek to provide confidence to NORS and DIRS filers that the information they submit would continue to be protected against public disclosure at its current level and to ensure consistency in the information that is publicly disclosed. We believe that a uniform confidentiality standard for granting state and federal agencies access to NORS and DIRS filings would help secure these results. We therefore propose that a participating agency’s direct access to NORS and DIRS filings be conditioned on the participating agency agreeing to treat the filings as confidential and not disclose them absent a finding by the Commission that allows them to do so. We propose that participating agencies that seek to disclose information would request the Commission’s review, which would occur in the same manner that the Commission reviews requests for disclosure under FOIA. 2015 Part 4 NPRM, 30 FCC Rcd at 3224, para. 51; 2016 Part 4 Order and Further Notice, 31 FCC Rcd at 5849, 5850-5852, paras. 82, 85; See 5 USC § 552 (2006), amended by OPEN Government Act of 2007, Pub. L. No. 110-175, 121 Stat. 2524 (stating the FOIA disclosure standard, including the relevant commercial and financial information exemption from disclosure); see also CenturyLink Comments, PS Docket No. 15-80 et al., at 18 (rec. Aug. 29, 2016) (CenturyLink Aug. 29, 2016, Comments) (stating that “[a]ppropriate confidentiality protections would include, at a minimum, state and federal agencies certifying that they will keep the information in the reports confidential, and that they have confidentiality protections in place at least equivalent to those set forth in the Freedom of Information Act”). This proposal mirrors the way in which federal agencies share homeland security information with state governments under section 892 of the Homeland Security Act of 2002, in which the federal agency remains in control of the information and state law that otherwise authorizes disclosure of information does not apply. See 6 U.S.C. § 482(e). We believe that our proposal would limit distribution of the information for unauthorized purposes, ensure the security and confidentiality of the information, and protect the rights of companies that submit the information. We seek comment on this approach. 32. We seek comment on alternative proposals that may address confidentiality concerns. Do any states have substantially different disclosure standards than federal FOIA and, if so, would this condition be satisfied in jurisdictions with more permissive state open record laws or with court decisions favoring more permissive disclosure? We note that the Commission has dealt with similar issues before. With respect to competitively sensitive information submitted by carriers with respect to the North American Numbering Plan, the Commission recognized that some states had open record laws that might not allow state public utility commissions to protect the information from public disclosure. The Commission stated that it would work with those commissions to enable them to obtain the information they needed while protecting the confidential nature of the information. Numbering Resource Optimization, CC Docket No. 99-200, Report and Order and Further Notice of Proposed Rulemaking, 15 FCC Rcd 7574, 7609, para. 82 (2000). We acknowledge that in all cases, agencies would need to determine whether they can certify to the Commission that the agency would uphold the confidentiality protections we propose. We seek comment on whether these approaches are appropriate and workable here. Should the Commission rely on additional procedures to protect confidential materials from public disclosure by participating state or federal government agencies in this context? 33. To further ensure consistency in disclosure and confidence that submitted information will continue to be protected as it is today, we also propose to require participating state and federal agencies to notify the Commission on issues related to confidentiality in two instances. First, we propose that state and federal agencies notify the Commission within 14 calendar days from the date the agency receives requests from third parties for NORS filings and DIRS filings, or related records. This would provide the Commission the ability to notify the original NORS or DIRS submitter and give them an opportunity to object. Second, we propose that state and federal agencies notify the Commission at least 30 calendar days prior to the effective date of any change in relevant statutes or rules that would affect the agency’s ability to adhere to the confidentiality protections that we require. This would provide the Commission with an opportunity to determine whether to terminate an agency’s access to NORS or DIRS filings or take other appropriate steps as necessary, before the agency is no longer in a position to protect this information. We seek comment on this approach or on any alternative approaches that may achieve the stated goals. E. Proposed Safeguards for Direct Access to NORS and DIRS Filings 1. Read-Only Direct Access to NORS and DIRS 34. We believe that agencies should receive access to NORS and DIRS in a format that reduces or eliminates the risk that their employees would make unauthorized modifications to the filings, whether unintentional or malicious. The current NORS database only allows users assigned to a company to modify reports submitted by that company. Preventing such modifications would ensure the accuracy of the Commission’s oversight work and that of its partners, who rely on the accuracy of NORS and DIRS filings at all times. We thus renew our proposal that participating state and federal agencies be granted direct access to NORS and DIRS filings in a read-only manner. In doing so, we maintain our proposal from the 2015 Part 4 NPRM that state agency access to the NORS database be read-only. In the 2015 Part 4 NPRM, the Commission proposed to grant state agencies direct “read-only access to those portions of the NORS database that pertain to communications outages in their respective states.” See 2015 Part 4 NPRM, 30 FCC Rcd at 3224, para. 51. Many commenters to the 2015 Part 4 NPRM supported a read-only access approach. For example, Verizon stated that “limit[ing] access to read-only format is [an] appropriate safeguard” based on “public safety, security, and competitive sensitivities.” Verizon Jul. 15, 2015, Comments at 12; see also NASNA Jul. 16, 2015, Comments at 2 (“NASNA supports the Commission’s proposal to grant states read-only access to those portions of the NORS database concerning outages in their respective sates.”); see also American Cable Association Reply, PS Docket Nos. 15-80, et al., at 27 (rec. Sept. 12, 2016) (“The record supports providing states with direct read-only access to the NORS database only under strict conditions that include confidentiality protections and related limitations”). Similarly, many commenters since the 2015 Part 4 NPRM support a read-only approach. See Letter from Jill Canfield, Vice President of Legal & Industry, Assistant General Counsel, NTCA—The Rural Broadband Association, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80, et al., at 2 (filed Nov. 1, 2018) (“any such permitted access to NORS should be read-only”). We seek further comment on the proposed read-only approach. Have any developments occurred since 2015, when we proposed to grant state governments read-only access, that weigh in favor or against providing access in a read-only manner? In addition, we currently require each user account in NORS and DIRS to use a password to access the systems. We seek comment on whether we should implement other technology protections to prevent unauthorized access to these databases given today’s proposal, which would expand the number and scope of individuals with access to NORS and DIRS. 35. We believe that providing participating agencies with direct access to historical NORS and DIRS information would allow them to identify trends in outages and infrastructure status that would further enhance their real-time recovery and restoration efforts. We thus propose to grant participating agencies access to NORS and DIRS filings made after the effective date of this proposed information sharing framework, even if the agency begins its participation at a later date. Historical information will allow agencies to determine outage and infrastructure status baseline levels in their jurisdictions and identify trends, so that they can better predict and respond to emerging exigencies more rapidly than would otherwise be possible. We propose to limit access agency access to filings made after the effective date of this framework to address potential concerns that service providers may have about a potential dissemination of filings that they originally made to the Commission under an expectation that we would keep the filings presumptively confidential and withhold them from disclosure, even from federal and state government agencies that might seek them. 36. Are there reasons why we should not provide an agency access to filings after the effective date and prior to their participation in the proposed framework? Are there reasons that we should provide access to all historical filings that can be made available or, instead, that are made as of the date of today’s proposal? The Commission estimates internal costs of approximately $50,000 to revise its NORS and DIRS processes to ensure the compatibility of the NORS and DIRS databases with historical (e.g., non-multistate) filings. We seek comments on these costs. Alternatively, should participating agencies’ access to NORS and DIRS information be limited to timeframes relevant to specific disasters or other events that threaten public safety for which those agencies are contemporaneously preparing or responding? 2. Sharing of Confidential NORS and DIRS Information 37. We recognize that, in many cases, there are individuals, including key decision-makers and first responders, who would not directly access NORS and DIRS and yet play a vital role within their respective jurisdictions in ensuring public safety during times of crisis. We believe there would be significant benefit in ensuring that these individuals also have access to the information in NORS and DIRS filings, in whatever form is most useful to them in furtherance of their duties. Accordingly, for each participating state or federal government agency, we propose to allow individuals granted credentials for direct access to NORS and DIRS filings to share copies (e.g., printouts) of NORS and DIRS filings, in whole or part, and any confidential information derived from NORS or DIRS filings (collectively, confidential NORS and DIRS information), within or outside their participating agency, on a strict “need to know” basis. Confidential NORS and DIRS information may include, as illustrative examples, presentations, e-mail summaries, and analysis and oral communication reflecting the content of, or informed by, NORS and DIRS filings. We also propose to require that this information be used for public safety purposes only. 38. A “need to know” basis exists where the recipient would need to reasonably require access to the information in order to prepare for, or respond to, an event that threatens public safety, pursuant to the recipient’s official duties. We propose that the sharing of confidential NORS and DIRS information be allowed “downstream” as well, meaning that once an agency with direct NORS and DIRS access shares confidential NORS and DIRS information with a recipient, that recipient can further summarize and/or share the information with others who also have a “need to know.” To ensure that non-participating agencies maintain the confidentiality of NORS and DIRS information, we propose to require that participating agencies condition access to this information on non-participating agencies’ certification that it will treat the information as confidential, not disclose it absent a finding by the Commission that allows them to do so, and securely destroy information when the public safety event that warrants their access to the information has concluded. We propose to hold participating agencies responsible for inappropriate disclosures of NORS and DIRS information by the non-participating agencies with which they share it and expect that participating agencies will take all necessary steps to have confidence that confidentiality will be preserved. We also note that individuals or agencies that make inappropriate disclosures of NORS in DIRS information may be subject to disciplinary action and/or liability under federal, Tribal and/or state laws that protect data, containing, e.g., trade secrets or other commercially sensitive information. See, e.g., CAL. PENAL CODE § 499c (providing for imprisonment of up to one year in a county jail, by a fine of up to $5,000, or both). We seek comment on any federal and non-federal restrictions that may apply to the improper dissemination of private information by employees of participating agencies and those with whom they share NORS and DIRS information, and the consequences of violating them. 39. We seek comment on this approach of participating agencies agreeing to be held responsible for downstream information sharing as a pre-requisite for accessing NORS and DIRS information. Would the measures proposed be sufficient to ensure that downstream recipients preserve the confidentiality of NORS and DIRS information they receive? Relatedly, we seek comment on state laws and penalties would be sufficient to deter any inappropriate disclosure of NORS/DIRS information. If these measures and state laws are not sufficient, we seek comment on any additional measures that we should include to ensure that confidentiality is maintained when sharing NORS and DIRS information downstream. For example, to what extent should the Commission hold downstream recipients responsible when NORS and DIRS information is improperly disclosed and what should the consequences be (apart from, for instance, immediate cut-off of access for the agency that accessed the NORS and DIRS filings)? To what extent would additional measures hinder the ability of first responders and other emergency response officials to receive critical information, thereby undermining their restoration and recovery efforts? Are there measures we can take that would adequately preserve the confidentiality of information that was earlier shared downstream after the public safety event that necessitated sharing is over? We seek comment on the public safety purposes for which downstream recipients may use NORS and DIRS information, as well as on our proposal to condition access to this information on its use for public safety purposes only. 40. We propose that the sharing agency determine whether a “need to know” exists on the part of the recipient. We believe that the sharing agency is in a strong position to make this determination based on their “on the ground” knowledge of the public safety-related activities of agencies that are not eligible to access NORS and DIRS directly. Moreover, we find that it would be impractical for Commission to either make these case-by-case determinations, which would often be made during on-going exigencies. 41. Under our proposals, confidential NORS and DIRS information could be shared when the recipient has a “need to know” basis, for example, in the following illustrative scenarios: (a) an employee with direct NORS and DIRS access in a participating agency may share confidential NORS and DIRS information within any number of agency employees or contractors (e.g., a public utility agency may share information among its employees and contractors to resolve a power outage situation); (b) an employee with direct NORS and DIRS access in a participating agency may share confidential NORS and DIRS information with the employees and contractors of other participating or non-participating agencies within the same state/jurisdiction or in a different state/jurisdiction (e.g., a public utility agency may share information with a neighboring state governor’s office responding to a hurricane; or a state emergency management agency may share information with a region-level fire chief); (c) an employee at a non-participating agency who receives the confidential NORS and DIRS information on a “need to know” basis may then share the information with an employee at another non-participating agency based on the latter’s “need to know” (e.g., a region-level fire chief may share information with a county sheriff’s department for the purpose sending first responders to an affected area). We seek comment on this proposal, as well as on other ways to permit sharing of NORS and DIRS information by participating agencies when such sharing helps to address public safety issues. 42. Does our approach provide sufficient benefits to key decision-makers and first responders to outweigh the risk of potential over-disclosure of confidential information? What additional steps can we take, if any, to mitigate such risks while preserving the benefits? What would be the burden to participating agencies and others if we were to take additional steps? For example, should we require, as a condition for access to the data, that participating agencies notify the Commission when they share NORS and DIRS information with a downstream recipient, and if so, what form should the notification take? Should notification include specific information on which individuals, localities, and Tribal lands are receiving this information downstream and describe the basis for any “need to know” determinations? Should notification be provided to the Commission within a certain timeframe after the sharing occurs? Alternatively, in order to ensure that participating agencies’ focus during a public safety event remains on response and restoration, should notification be provided to the Commission in advance in the form of a list of those downstream agencies with which it is anticipated the information will be shared? For such an approach, we seek comment on whether, in the event there is an exigency that necessitates sharing with agencies that were not on the advance list, participating agencies should be given a certain period of time to notify the Commission of additional downstream agencies with which the information was shared? 43. What steps can we take to ensure that agencies are handling and sharing confidential information appropriately? Are there reasons why downstream sharing or sharing outside an agency should be more limited than described here? Should we adopt further measures to control or limit the downstream sharing of confidential NORS and DIRS information beyond the specific individuals with direct access, and if so, what specific measures should we adopt and what should be the consequences if they are not followed? On the other hand, should downstream agencies without access to NORS and DIRS be allowed to keep NORS and DIRS data, perhaps to allow it to be studied in an after-action review of their response efforts? To the extent that commenters recommend less or more restrictive frameworks (including ones that nonetheless facilitate broader sharing in emergency situations), we request that commenters identify in detail how such mechanisms would work, as well as their benefits and costs. 3. Disclosing Aggregated NORS and DIRS Information 44. We believe that the aggregated information in NORS and DIRS filings can be of significant benefit to the general public. For example, this information can be used to keep the public informed of on-going emergency and network outage situations, timelines for recovery, and geographic areas to avoid while disaster and emergency events are ongoing. We therefore propose to allow agencies to provide aggregated NORS and DIRS information to any entity including the broader public (e.g., by posting such information on a public website). 45. We define “aggregated NORS and DIRS information” to refer to information from the NORS and DIRS filings of at least four service providers that has been aggregated and anonymized to avoid identifying any service providers by name or in substance. We seek comment on this approach and whether there are other appropriate aggregation requirements that we should consider. For example, should we require aggregation over a larger number of service providers? We note that allowing the public disclosure of aggregated NORS and DIRS information is consistent with the Commission’s own practices. 46. Here, we propose extending the ability to generate and supply aggregated NORS and DIRS information to participating state agencies themselves. We believe that granting participating agencies this flexibility will allow them to disseminate information to the broader public and better fulfill their public safety missions. Moreover, we believe that this proposal carries at most a minimal risk of the over-disclosure of sensitive information since participating agencies must anonymize aggregated NORS and DIRS information. We seek comment on this proposal. Are there any specifics steps that agencies should take beyond aggregating over four or more providers to ensure that NORS and DIRS information is adequately aggregated and anonymized prior to disclosure? Should we adopt specific measures to ensure that, as a condition of access to NORS and DIRS filings and information, participating agencies adequately aggregate and anonymize the information in NORS and DIRS filings and information prior to disclosure? If so, what should those measures be and what should be the consequences if they are not followed? 4. Direct Access to NORS and DIRS Filings Based on Jurisdiction 47. We observe that an outage or a disaster—such as a hurricane—may cross multiple jurisdictional boundaries. We believe that agency access to NORS and DIRS filings should account for this reality. We propose that a participating agency receive direct access to all NORS notifications, initial reports, and final reports and all DIRS filings for events reported to occur at least partially in their jurisdiction. For federal agencies, this generally means for events reported to occur anywhere in the country. For state agencies, this generally means for the events reported to occur at least partially in the state’s geographic boundaries. Commenters support granting states access to NORS filings See NASNA Jul. 16, 2015, Comments at 2 (“NASNA supports the Commission’s proposal to grant states read-only access to those portions of the NORS database concerning outages in their respective states.”); Verizon Jul. 15, 2015, Comments at 12 (stating that “[a]gencies should use the information for their public safety functions, limited to the geographic area subject to the agency’s jurisdiction”); COMPTEL Comments, PS Docket No. 15-80 et al., at 8 (rec. Jul. 15, 2015) (stating that “[t]here is no question that the public interest would be served if state governments were made and kept aware of communications outages within their borders,” but urging confidentiality protections). See also CenturyLink Aug. 29, 2016, Comments at 18-19 (stating support for grating states but with appropriate confidentiality protections); Letter from Jamie M. Tan, Director, Federal Regulatory, AT&T, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al., at 2 (filed Nov. 5, 2018). and DIRS filings NARUC Ex Parte at 1-2. for events that occur within their jurisdiction. We propose that it would serve the public interest for participating state agencies to access NORS and DIRS filings for outage events and disasters that occur in portions of their respective state but also span across additional states. 48. We seek comment on this proposal. How would participating agencies make use of NORS and DIRS filings that affect states beyond their own? Do participating agencies have a “need to know” about the effects of multistate outages and infrastructure status outside their jurisdiction? Do county or local agencies that cannot access NORS and DIRS under our proposal have similar needs? What benefits are expected to arise from granting participating state agencies access to these NORS and DIRS filings? Are there any harms that may potentially arise from granting participating state agency access to multistate outage and infrastructure information? As an alternative to our proposal, should participating agencies’ access to NORS and DIRS filings be limited only to those aspects of multistate outages that occur solely in their jurisdiction? Are there specific aspects of multistate outages for which participating agencies do not have a “need to know?” In addition, we anticipate that there may be situations where a participating agency may share confidential information derived from DIRS or NORS filings with non-participating state or federal agencies on a strict “need to know” basis. We seek comment on this view. 49. Does a participating federally recognized Tribal Nation’s government agency that receives direct access to NORS and DIRS filings have a “need to know” about events that occur entirely outside of its borders but within the border of one the state where the Tribal land is located? For example, should a participating Tribal Nation agency located in Arizona receive direct access to filings throughout all of Arizona? Conversely, should a state agency receive direct access to NORS and DIRS filings reflecting events occurring entirely within Tribal land located in the state’s boundaries? For example, should a participating Arizona state agency receive direct access to NORS and DIRS filings for outages occurring only within Tribal lands located in Arizona? We believe that both aspects of this approach are justified given the technical nature of many outages, where equipment located in a Tribal land affects service in the traditional state(s) surrounding the territory, and vice versa. We seek comment on this approach. Are there any harms that may potentially arise from granting Tribal Nation authorities access to outage and infrastructure information outside of their territories? As an alternative to our proposal, should Tribal Nation authorities’ access to NORS and DIRS filings be limited only to those aspects of multistate outages that occur solely in their territories? Are there specific aspects of multistate outages for which these authorities do not have a “need to know?” 50. We seek comment on the technical implementation of our proposals. Since the DIRS form already requests filers to include data at the county level, we do not anticipate that service providers will need to modify their DIRS reporting processes to accommodate multistate reporting. We thus estimate that the nation’s service providers will incur minimal, if any, burdens related to DIRS. We seek comment on this assessment. 51. For NORS filings, however, commenters raise concerns that sharing filings with state agencies will require technical adjustments for both the service providers’ systems and the Commission’s internal systems. See Intrado Reply, PS Docket 15-80 et al., at 25 (rec. Jul. 30, 2015) (Intrado Reply). Verizon shared that service providers should use current “monitoring, billing, and other relevant systems” to determine in good faith whether and to what extent a multistate outage impacts a particular state; that it “would take industry several months of IT work to incorporate these capabilities into their reporting systems;” and that this would need to be “coordinated with development of the Commission’s own platform.” Verizon Ex Parte at 1-2. For example, the current NORS forms are designed with a drop-down menu for a user to select the state where the outage occurred. A NORS user may select either a single state or the general option of “MULTI STATE” in the current form without specifying the individual states. See FCC, Network Outage Reporting System, Glossary of Fields in NORS Reports, v. 1 at 7 (rel. Jul. 25, 2016) https://transition.fcc.gov/pshs/docs/NORS/NORS_Glossaryv3.docx (defining the geographic area affected, state affected, where if the outage “affect[ed] major parts of more than one state [the outage] should be listed as ‘MULTI STATES’”); Intrado Reply at 25. This existing approach makes it challenging to identify which multistate outage filings each participating state agency should have permission to access. As Intrado noted previously, in order to filter and display the NORS filings that pertain to any given state, including multi-outage filings, the NORS form would require adjustments. Intrado Reply at 25. 52. We propose to change the Commission’s NORS form to allow users to select more than one state when submitting a NORS filing. This approach will allow us to limit state agencies’ access to only those outages that occur within their states. We expect that service providers will need to make corresponding changes to their NORS reporting processes to provide us with information on a state-by-state basis. We currently estimate that the nation’s service providers will incur total initial set up costs of $3.2 million based on our estimate of 1,000 service providers incurring costs of $80 per hour and spending 40 hours to update or revise their software used to report multi-state outages to the Commission in NORS. In developing this analysis, the Commission estimates that the cost of a software developer of systems software is $80/hour, inclusive of wage and benefits.  This number has been derived from May 2018 national wage information from the Bureau of Labor and Statistics.  See Bureau of Labor and Statistics, Occupational Employment and Wages, May 201815-1133 Software Developers, Systems Software (May 29, 2019), https://www.bls.gov/oes/current/oes151133.htm. We seek comment on the burden and timelines associated with such modifications. We seek comment on whether the benefits associated with these modifications would outweigh the costs incurred by service providers. 53. We seek comment on this approach, as well as on any potential alternatives, including any adjustments, if needed, to account for Tribal land borders. For example, we seek comment on whether, instead of modifying the NORS form, we should require service providers to submit several state-specific filings instead of submitting single aggregated filings for each outage that list all affected states. 5. Limiting the Number of User Accounts Per Participating Agency 54. We believe that it would be beneficial to limit the number of users at an agency who have access to NORS and DIRS filings to minimize the potential for over-disclosure of the sensitive information contained in the filings. At the same time, we recognize that agencies typically employ teams of staff members, rather than a lone individual, to provide “around the clock” coverage for incident response. We propose to presumptively limit the number of user accounts granted to a participating agency to five NORS and DIRS accounts per state or federal agency with additional accounts permitted on an agency’s reasonable showing of need. We further propose to require that an agency assign each user account to a unique employee and manage the process of reassigning user accounts as its roster of employees changes (e.g., due to arrivals and departures or a chance in roles at the participating agency). We believe that these requirements will limit access to NORS and DIRS information to the employees that are intended to receive it and allow participating agencies to identify misuse by specific employees. 55. We seek comment on this approach. For example, are there reasons why the Commission, rather than participating agencies, should be responsible for assigning individualized user accounts, i.e., accounts corresponding with specific named employees, and for re-assigning user accounts as participating agency personnel changes with time? We observe that AT&T, based on concerns for safeguarding the commercially and national security-sensitive nature of NORS information, proposed a similar approach, suggesting that we impose a limit of “three individuals unless the state can provide adequate justification for more employees.” See AT&T Jul. 15, 2015, Comments at 27 (“the Commission should impose a limit on the number of state commission personnel who have access to the NORS database. AT&T recommends that this limit be no more than three individuals unless the state can provide adequate justification for more employees.”). We agree with a presumptive limit, but we believe that the presumptive limit should be at least five employees, given our understanding of the size and complexity of network monitoring and emergency response operations at many state and most federal agencies. Other commenters to the 2015 Part 4 NPRM generally support limiting the number of direct access users to NORS. See West Safety Services, Inc. Reply, PS Docket No. 15-80 et al., at 6 (rec. Sept. 12, 2016) (proposing access be restricted to “a small group of critical state personnel”). 56. We recognize that some agencies—such as federal agencies or state agencies responsible for large populations or coverage areas—may have a reasonable need to provide more than five employees with direct access to fulfill their public safety mandate. Thus, we propose to consider, on a case-by-case basis, an agency’s request to increase their limit upon written request to the Commission specifying how many additional employees require access and providing specific reasons why their access is necessary. We propose to grant such requests upon an agency’s reasonable showing of need. We seek comment on this approach. Would this approach provide such agencies with sufficient flexibility, or should we establish a different presumptive limit for federal agencies or state agencies with the largest populations or coverage areas? Should there be a different presumptive limit of employees for agencies that serve a coverage area or population above a certain size? If there should be a different presumptive limit, what presumptive limit and qualifying size would be appropriate to ensure the confidentiality of the information provided NORS and DIRS filings? Are there additional or alternative criteria that the Commission should use to evaluate requests? 57. We believe that multiple state and federal agencies often need to collaborate on issues such as disaster response, operating with jurisdictional boundaries that may not always be clearly demarcated under challenging and time-constrained circumstances. For this reason, we propose that the Commission review all reasonable requests from state and federal agencies, rather than proposing a presumptive limit on the number of participating state and federal agencies eligible for direct access to NORS and DIRS filings. Given the important and time sensitive work of these agencies, we seek to reduce the reliance of any one agency on another by allowing each to apply for direct access to NORS and DIRS filings. We seek comment on this proposal. 6. Training Requirements 58. We believe that our proposed sharing framework would be more effective, and the risk of over-disclosure of NORS and DIRS information minimized, if individuals who receive direct access to NORS and DIRS filings also receive training on their privileges and obligations under the program, particularly given that NORS and DIRS filings implicate both national security and commercial interests. We believe that an annual training requirement is justified both generally as an industry standard practice and because there are a number of important procedural details associated with our proposed safeguards that could be easily forgotten and overlooked with time in the absence of continued training. 59. For each participating agency, we propose that each individual to be granted a user account for direct access to NORS and DIRS filings be required to complete security training on the proper access to, use of, and compliance with safeguards to protect these filings. We propose that this training be completed by each individual prior to being granted initial access to NORS and DIRS filings and then on at least an annual basis thereafter. 60. Rather than mandate an agency’s use of a specific program, we propose to allow agencies to develop their own training program or rely on an outside training program that covers, at a minimum, each of the following topics or “program elements”: (i) procedures and requirements for accessing NORS and DIRS filings; (ii) parameters by which agency employees may share confidential and aggregated NORS and DIRS information; (iii) initial and continuing requirements to receive trainings; (iv) notification that failure to abide by the required program elements will result in personal or agency termination of access to NORS and DIRS filings and liability to service providers and third-parties under applicable state and federal law; and (v) notification to the Commission, at its designated e-mail address, concerning any questions, concerns, account management issues, reporting any known or reasonably suspected breach of protocol and, if needed, requesting service providers’ contact information upon learning of a known or reasonably suspected breach. We seek comment on this proposal, including each of the elements. 61. The majority of commenters who opined on the issue of training believe that some form of training is necessary. For example, AT&T stated that the “[C]omission should require states to train their authorized employees (annually) on proper handling of NORS information,” and Sprint stated that “[t]he Commission should require that personnel charged with obtaining the information be required to have security training, and the identity of these individuals should be supplied to the FCC.” AT&T Comments, PS Docket No. 15-80 et al., at 22 (rec. Aug. 26, 2016); Sprint Jul. 16, 2015, Comments at 12; see also, e.g., Letter from Jill Canfield, Vice President of Legal & Industry, The Rural Broadband Association, to Marlene H. Dortch, Secretary, FCC, PS Docket No. 15-80 et al., at 1-2 (filed Nov. 1, 2018) (“The Commission should also require, at a minimum, any personnel with access to the database (whether federal, state, or local employees or agents) to sign a certification attesting that have undertaken security training and will access and use the information only for the public safety purposes for which it is intended.”). We acknowledge that a minority of commenters believe that training is not necessary. NARUC Ex Parte at 3. Contrary to the concerns expressed by some of these commenters, we are not proposing to require that any state or federal agency participate in the proposed sharing framework. Rather, participation by an agency would be entirely voluntary. Further, to the extent training costs are an issue for a participating agency, we propose to reduce the agency burden through the use of exemplar training programs. 62. To aid agencies’ compliance with our training requirements, we propose that the Commission direct PSHSB to identify one or more exemplar training programs which would satisfy the required program elements. Once finalized, agencies could adopt these program(s) at their discretion in place of developing their own training program, thereby reducing their compliance time and costs. ATIS suggested that an exemplar-type training program could be developed (by its Network Reliability Steering Committee) in a matter of “months” once the Commission issues information sharing rules. See ATIS Ex Parte at 1. We seek comment on the benefits and drawbacks to the Commission potentially working with one or more external partners, such as ATIS, to develop exemplar training programs(s). 63. We seek comment on whether the Commission should take steps to ensure that state and federal agencies’ training programs comply with our proposed required program elements. Should the Commission require a third-party audit of a partner-developed training program? What specific steps should the Commission take, if any, to ensure the adequacy of such programs? We seek comment on whether additional individuals, beyond those granted a user account for direct access to NORS and DIRS filings, should be subject to the proposed training requirements. Should anyone who receives confidential NORS and DIRS information, including downstream recipients, be required to complete formal training? Would such a requirement be practical or overly burdensome? If we impose such a requirement, what should the consequences be if that training is not provided? F. Procedures for Requesting Direct Access to NORS and DIRS 64. We believe that our proposed information sharing framework would be more effective, and the risk of over-disclosure of NORS and DIRS information minimized, if we institute specific procedures for state and federal agencies to follow in applying for and managing their direct access to NORS and DIRS filings. We believe that these goals would also be furthered if we require that agency representatives provide a signed certification acknowledging their agreement to adhere to the key safeguards of our proposed framework. 65. We therefore propose to institute the following procedures for state and federal agencies to apply for and manage their direct access to NORS and DIRS filings. Eligible state and federal agencies must apply for direct access to NORS and DIRS filings by sending a request to the agency’s designated e-mail address. The request would include: (i) a signed statement from an agency official, on the agency’s official letterhead, including the official’s full contact information and formally requesting access to NORS and DIRS filings; (ii) a description of why the agency has a need to access NORS and DIRS filings and how it intends to use the information in practice; (iii) if applicable, a request to exceed the proposed presumptive limits on the number of individuals (i.e., user accounts) permitted to access NORS and DIRS filings with an explanation of why this is necessary and (iv) a completed copy of a Certification Form, a template of which is provided in this item as Appendix C. On receipt, the Commission would review the request, follow-up with the agency official with any potential questions or issues. Once the Commission has reviewed the application and confirmed the application requirements are satisfied, the Commission would grant NORS and DIRS access to the agency by issuing the agency NORS and DIRS user accounts. We note that the proposed Certification Form is similar in many respects to one that the Commission currently requires for sharing sensitive numbering data with states using its Form 477 data. See FCC, State Regulatory Commissions Access to State-specific Form 477 Data (July 22, 14), https://www.fcc.gov/general/process-state-regulatory-commissions-obtain-state-specific-fcc-form-477-data. 66. As described in detail at Appendix C, an agency official with authority to obligate and bind the agency must certify that the agency: will treat NORS and DIRS filings and data as confidential under federal and state FOIA statutes and similar laws and regulations, implement a NORS and DIRS security training program, adhere to continuing requirements for access (including annual recertification), understands that the Commission does not guarantee the accuracy of NORS or DIRS filings and understands that there may be times access to the filings is unavailable. We believe that these requirements would create accountability within a state agency and help avoid the over-disclosure of sensitive NORS and DIRS information sharing framework. We seek comment on this approach and the details included in Appendix C. Is our requirement, set forth in Appendix C, that the Commission be notified if an agency’s certifying official ceases to have authority to obligate and bind the agency to the provisions of Appendix C justified or would this requirement cause undue burden for an agency? 67. In addition, we propose to direct PSHSB to promulgate any additional procedural requirements that may be necessary to implement our proposals for the sharing of NORS and DIRS information, consistent with the Administrative Procedure Act. We foresee that such procedural requirements may include implementation of agency application processing procedures, necessary technical modifications to the NORS and DIRS databases (including, potentially, modifications designed to improve data protection and guard against unauthorized disclosure), and reporting guidelines to ensure that the Commission receives the notifications identified in Appendix C. We seek comment on these proposals, and whether there are additional safeguards we should adopt for the application process. Are there other procedural requirements that are anticipated to be necessary to implement our proposals? G. Compliance Dates 68. We seek to give interested state and federal agencies ample time to prepare their certifications and to give service providers sufficient time to adjust their NORS and DIRS filing processes to conform with the any technical changes required by the proposed final rule changes.  We also anticipate that the Commission will require time to implement the regime contemplated by our proposed rules in order to take such steps as securing OMB approval to the extent required under the Paperwork Reduction Act and modifying NORS and DIRS. 69. To that end, we propose to require revised outage reports be filed by a date specified in a Public Notice issued by the Public Safety and Homeland Security Bureau, announcing: (i) OMB has approved the revised information collections for DIRS and NORS, respectively, in accordance with the final order; and (ii) the Commission has made the necessary technical adjustments to the NORS and DIRS databases to facilitate sharing. The Commission would begin accepting certification forms and granting direct NORS and DIRS access to eligible state and federal agencies as of the specified date. This approach would permit the Bureau to account for the contingencies, i.e., the readiness of the databases and the OMB approval that facilitates the implementation of the revised regime. We seek comment on this approach, as well as alternatives. Commenters proposing alternatives should explain the advantages and disadvantages of their preferred approaches. IV. PROCEDURAL MATTERS 70. Paperwork Reduction Act. This document contains proposed modified information collection requirements. The Commission, as part of its continuing effort to reduce paperwork burdens, invites the general public and the Office of Management and Budget (OMB) to comment on the information collection requirements contained in this document, as required by the Paperwork Reduction Act of 1995, Public Law 104-13. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), we seek specific comment on how we might further reduce the information collection burden for small business concerns with fewer than 25 employees. 71. Ex Parte Rules - Permit-But-Disclose. This proceeding shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission’s ex parte rules. 47 CFR §§ 1.1200 et seq. Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter’s written comments, memoranda or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with Rule 1.1206(b). In proceedings governed by Rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc, .xml, .ppt, searchable .pdf). Participants in this proceeding should familiarize themselves with the Commission’s ex parte rules. 72. Initial Regulatory Flexibility Analysis. As required by the Regulatory Flexibility Act, 5 U.S.C. § 603. the Commission has prepared an Initial Regulatory Flexibility Analysis (IRFA) of the possible significant economic impact on a substantial number of small entities of the proposals addressed in this Notice of Proposed Rulemaking. The IRFA is set forth in Appendix B. Written public comments are requested on the IRFA. These comments must be filed in accordance with the same filing deadlines for comments on the Notice, and they should have a separate and distinct heading designating them as responses to the IRFA. The Commission’s Consumer and Governmental Affairs Bureau, Reference Information Center, will send a copy of this Notice, including the IRFA, to the Chief Counsel for Advocacy of the Small Business Administration, in accordance with the Regulatory Flexibility Act. 5 U.S.C. § 603(a). 73. Filing of Comments and Reply Comments. Pursuant to sections 1.415 and 1.419 of the Commission’s rules, 47 CFR §§ 1.415, 1.419, interested parties may file comments and reply comments on or before the dates indicated on the first page of this document. Comments may be filed using the Commission’s Electronic Comment Filing System (ECFS). See Electronic Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1998). · Electronic Filers: Comments may be filed electronically using the Internet by accessing the ECFS: http://fjallfoss.fcc.gov/ecfs2/. · Paper Filers: Parties who choose to file by paper must file an original and one copy of each filing. If more than one docket or rulemaking number appears in the caption of this proceeding, filers must submit two additional copies for each additional docket or rulemaking number. Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission’s Secretary, Office of the Secretary, Federal Communications Commission. o All hand-delivered or messenger-delivered paper filings for the Commission’s Secretary must be delivered to FCC Headquarters at 445 12th St., SW, Room TW-A325, Washington, DC 20554. The filing hours are 8:00 a.m. to 7:00 p.m. All hand deliveries must be held together with rubber bands or fasteners. Any envelopes and boxes must be disposed of before entering the building. o Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701. o U.S. Postal Service first-class, Express, and Priority mail must be addressed to 445 12th Street, SW, Washington, DC 20554. 74. Availability of Documents. Comments, reply comments, and ex parte submissions will be publicly available online via ECFS. Documents will generally be available electronically in ASCII, Microsoft Word, and/or Adobe Acrobat. These documents will also be available for public inspection during regular business hours in the FCC Reference Information Center, which is located in Room CYA257 at FCC Headquarters, 445 12th Street, SW, Washington, DC 20554. The Reference Information Center is open to the public Monday through Thursday from 8:00 a.m. to 4:30 p.m. and Friday from 8:00 a.m. to 11:30 a.m. 75. People with Disabilities. To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (tty). V. ORDERING CLAUSES 76. ACCORDINGLY IT IS ORDERED that, pursuant to the authority contained in sections 1, 4(i), 4(j), 4(o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, and 615c of the Communications Act of 1934, as amended, and section 706 of the Communications Act of 1996, 47 U.S.C. §§ 151, 154(i)-(j) & (o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, 615c, and 1302, this Second Further Notice of Proposed Rulemaking in PS Docket No. 15-80 and RM No. 11588 is ADOPTED. 77. IT IS FURTHER ORDERED that RM No. 11588 IS TERMINATED. 78. IT IS FURTHER ORDERED that the Commission’s Consumer and Governmental Affairs Bureau, Reference Information Center, SHALL SEND a copy of this Further Notice of Proposed Rulemaking, including the Initial Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration. FEDERAL COMMUNICATIONS COMMISSION Marlene H. Dortch Secretary 45 APPENDIX A Proposed Rules Part 4 of Chapter 1 of Title 47 of the Code of Federal Regulations is proposed to be amended as follows: 1. The authority citation for part 4 continues to read as follows: Authority: 47 U.S.C. 151, 154(i)-(j) & (o), 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a–1, 615c, 1302 2. Section 4.2 is proposed to be amended to read as follows: § 4.2 of reports filed under this part. Reports filed under this part will be presumed to be confidential, except that the Chief of the Public Safety and Homeland Security Bureau may grant agencies of the states, the District of Columbia, Tribal Nations, territories and federal governments access to portions of the information collections affecting their respective jurisdictions only after each requesting agency has certified to the Commission that it has protections in place to safeguard and limit disclosure of confidential information to third parties as described in the Commission’s Certification Form. Public access to reports filed under this part may be sought only pursuant to the procedures set forth in 47 CFR § 0.461. Notice of any requests for public inspection of outage reports will be provided pursuant to 47 CFR 0.461(d)(3). APPENDIX B Initial Regulatory Flexibility Analysis 1. As required by the Regulatory Flexibility Act of 1980, as amended (RFA),  5 U.S.C. § 603. The RFA, see 5 U.S.C. § 601-12., has been amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA), Pub. L. No. 104-121. Title II, 110 Stat. 857 (1996). the Federal Communications Commission (Commission) has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the possible significant economic impact on a substantial number of small entities by the policies and rules proposed in the Further Notice of Proposed Rule Making (Further Notice). Written public comments are requested on this IRFA. Comments must be identified as responses to the IRFA and must be filed by the deadlines for comments provided in “Comment Period and Procedures” of the Further Notice. The Commission will send a copy of the Further Notice, including this IRFA, to the Chief Counsel for Advocacy of the Small Business Administration (SBA). 5 U.S.C. § 603(a). In addition, the Further Notice and IRFA (or summaries thereof) will be published in the Federal Register. See id. A. Need for, and Objectives of, the Proposed Rules 2. The Further Notice seeks additional comment on various proposals first issued in a Notice of Proposed Rulemaking in PS Docket No. 15-80, adopted in 2015, Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications; New Part 4 of the Commission’s Rules Concerning Disruptions to Communications, Notice of Proposed Rulemaking, Second Report and Order, and Order on Reconsideration, 30 FCC Rcd 3206 (2015) (Notice). and a Report and Order and Further Notice of Proposed Rulemaking in PS Docket Nos. 15-80 and 11-82, adopted in 2016, Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications; New Part 4 of the Commission’s Rules Concerning Disruptions to Communications; The Proposed Extension of Part 4 of the Commission’s Rules Regarding Outage Reporting to Interconnected Voice Over Internet Protocol Service Providers and Broadband Internet Service Providers, Report and Order, Further Notice of Proposed Rulemaking, and Order on Reconsideration, 31 FCC Rcd 5817 (2016). to update the Commission’s Part 4 outage reporting rules. More specifically, in the Further Notice the Commission proposes an information sharing framework to ensure that state and federal government agencies have access to communications network information to aid these agencies’ response, recovery and restoration efforts and allow them to direct their resources quickly, and to the areas of greatest need. 3. The proposals in the Further Notice to grant participating agencies of the states, the District of Columbia, Tribal Nations, territories, and the federal government, We note that the NCCIC of DHS already has direct access to NORS and DIRS information; we do not propose to modify the terms by which the NCCIC accesses this information. hereinafter agencies, direct access to outage and infrastructure status information establish safeguards to protect the confidentiality of Network Outage Reporting System (NORS) and Disaster Information Reporting System (DIRS) filings. The Commission’s proposals define the scope of eligible government entities that would be able to participate and propose confidentiality protections that include requiring that NORS and DIRS data be treated as presumptively confidential. The proposals consider providing read-only access, limiting access based on agency jurisdiction, limiting the number of employees with access at each agency, requiring training requirements for employees with access, and specifying procedures for the sharing of confidential NORS and DIRS information. The proposed rules also include access request and certifications procedures for agencies to apply for and manage their direct access NORS and DIRS filings. 4. The Further Notice seeks further comment on a number of the implementation details for proposed agencies’ direct access to NORS and DIRS filings. To establish appropriate safeguards, the Further Notice specifically seeks comment on: · Providing agencies with read-only access to NORS and DIRS filings to reduce the potential for unauthorized modifications; · Presumptively limiting the number of identified and trained personnel that have direct access to NORS and DIRS filings by limiting the number of user accounts to five per agency; · Requiring agencies to treat NORS and DIRS filings and data as confidential under federal and state FOIA statutes and similar laws and regulations; · Requiring each individual granted a user account for direct access to NORS and DIRS filings complete security training on the proper access to, use of, and compliance with safeguards to protect the information contained in the filings; · Limiting agency access to NORS and DIRS filings for events reported to occur at least partially within their jurisdictional or geographic boundaries; · Allowing participating agencies to share confidential NORS and DIRS information inside or outside the agency if a recipient reasonably requires access to the confidential NORS and DIRS information to prepare for, or respond to, an event that threatens public safety, pursuant to the recipient’s official duties; · Allowing participating agencies to share information from the NORS and DIRS filings of at least four service providers that has been aggregated and anonymized to avoid identifying any service provider by name or in substance with any entity, including the broader public; and · Requiring agencies to provide certain assurances and suitable attestation that they will take measures to protect NORS and DIRS filings from unauthorized access. B. Legal Basis 5. The proposed action is authorized pursuant to Sections 1, 4(i), 4(j), 4(o), 201(b), 214(d), 218, 222, 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, and 615c, 706 of the Communications Act of 1934, as amended, 47 U.S.C. §§ 151, 154(i)-(j) & (o), 201(b), 214(d), 218, 222, 251(e)(3), 254, 301, 303(b), 303(g), 303(r), 307, 309(a), 309(j), 316, 332, 403, 615a-1, and 615c, 1302(a) and 1302(b). C. Description and Estimate of the Number of Small Entities to Which the Proposed Rules Will Apply 6. The RFA directs agencies to provide a description of, and, where feasible, an estimate of, the number of small entities that may be affected by the proposed rules , if adopted. 5 U.S.C. § 603(b)(3). The RFA generally defines the term “small entity” the same as the terms “small business,” “small organization,” and “small governmental jurisdiction.” 5 U.S.C. § 601(6). In addition, the term “small business” has the same meaning as the term “small business concern” under the Small Business Act. 5 U.S.C. § 601(3) (incorporating by reference the definition of “small business concern” in the Small Business Act, 15 U.S.C. § 632). Pursuant to 5 U.S.C. § 601(3), the statutory definition of a small business applies “unless an agency, after consultation with the Office of Advocacy of the Small Business Administration and after opportunity for public comment, establishes one or more definitions of such term which are appropriate to the activities of the agency and publishes such definition(s) in the Federal Register.” A small business concern is one which: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the Small Business Administration (SBA). Small Business Act, 15 U.S.C. § 632. 1. Total Small Entities 7. Small Businesses, Small Organizations, Small Governmental Jurisdictions. Our actions, over time, may affect small entities that are not easily categorized at present. We therefore describe here, at the outset, three broad groups of small entities that could be directly affected herein. See 5 U.S.C. § 601(3)-(6). First, while there are industry specific size standards for small businesses that are used in the regulatory flexibility analysis, according to data from the SBA’s Office of Advocacy, in general a small business is an independent business having fewer than 500 employees. See SBA, Office of Advocacy, “Frequently Asked Questions, Question 1 – What is a small business?” https://www.sba.gov/sites/default/files/advocacy/SB-FAQ-2016_WEB.pdf (June 2016) These types of small businesses represent 99.9% of all businesses in the United States which translates to 30.7 million businesses. See SBA, Office of Advocacy, “Frequently Asked Questions, Question 2- How many small businesses are there in the U.S.?” https://www.sba.gov/sites/default/files/advocacy/SB-FAQ-2016_WEB.pdf (June 2016). 8. Next, the type of small entity described as a “small organization” is generally “any not-for-profit enterprise which is independently owned and operated and is not dominant in its field.” 5 U.S.C. § 601(4). The Internal Revenue Service (IRS) uses a revenue benchmark of $50,000 or less to delineate its annual electronic filing requirements for small exempt organizations. The IRS benchmark is similar to the population of less than 50,000 benchmark in 5 U.S.C § 601(5) that is used to define a small governmental jurisdiction. Therefore, the IRS benchmark has been used to estimate the number small organizations in this small entity description. See Annual Electronic Filing Requirement for Small Exempt Organizations — Form 990-N (e-Postcard), “Who must file,” https://www.irs.gov/charities-non-profits/annual-electronic-filing-requirement-for-small-exempt-organizations-form-990-n-e-postcard. We note that the IRS data does not provide information on whether a small exempt organization is independently owned and operated or dominant in its field. Nationwide, for tax year 2018, there were approximately 571,709 small exempt organizations in the U.S. reporting revenues of $50,000 or less according to the registration and tax data for exempt organizations available from the IRS. See Exempt Organizations Business Master File Extract (EO BMF), “CSV Files by Region,” https://www.irs.gov/charities-non-profits/exempt-organizations-business-master-file-extract-eo-bmf. The IRS Exempt Organization Business Master File (EO BMF) Extract provides information on all registered tax-exempt/non-profit organizations. The data utilized for purposes of this description was extracted from the IRS EO BMF data for Region 1-Northeast Area (76,886), Region 2-Mid-Atlantic and Great Lakes Areas (221,121), and Region 3-Gulf Coast and Pacific Coast Areas (273,702) which includes the continental U.S., Alaska, and Hawaii. This data does not include information for Puerto Rico. 9. Finally, the small entity described as a “small governmental jurisdiction” is defined generally as “governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.” 5 U.S.C. § 601(5). U.S. Census Bureau data from the 2017 Census of Governments See 13 U.S.C. § 161. The Census of Governments survey is conducted every five (5) years compiling data for years ending with “2” and “7”. See also Census of Governments, https://www.census.gov/programs-surveys/cog/about.html. indicate that there were 90,075 local governmental jurisdictions consisting of general purpose governments and special purpose governments in the United States. See U.S. Census Bureau, 2017 Census of Governments – Organization Table 2. Local Governments by Type and State: 2017 [CG1700ORG02]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. Local governmental jurisdictions are made up of general purpose governments (county, municipal and town or township) and special purpose governments (special districts and independent school districts). See also Table 2. CG1700ORG02 Table Notes_Local Governments by Type and State_2017. Of this number there were 36,931 general purpose governments (county See U.S. Census Bureau, 2017 Census of Governments - Organization, Table 5. County Governments by Population-Size Group and State: 2017 [CG1700ORG05]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. There were 2,105 county governments with populations less than 50,000. This category does not include subcounty (municipal and township) governments. , municipal and town or township See U.S. Census Bureau, 2017 Census of Governments - Organization, Table 6. Subcounty General-Purpose Governments by Population-Size Group and State: 2017 [CG1700ORG06]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. There were 18,729 municipal and 16,097 town and township governments with populations less than 50,000. ) with populations of less than 50,000 and 12,040 special purpose governments - independent school districts See U.S. Census Bureau, 2017 Census of Governments - Organization, Table 10. Elementary and Secondary School Systems by Enrollment-Size Group and State: 2017 [CG1700ORG10]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. There were 12,040 independent school districts with enrollment populations less than 50,000. See also Table 4. Special-Purpose Local Governments by State Census Years 1942 to 2017 [CG1700ORG04], CG1700ORG04 Table Notes_Special Purpose Local Governments by State_Census Years 1942 to 2017. with enrollment populations of less than 50,000. While the special purpose governments category also includes local special district governments, the 2017 Census of Governments data does not provide data aggregated based on population size for the special purpose governments category. Therefore, only data from independent school districts is included in the special purpose governments category. Accordingly, based on the 2017 U.S. Census of Governments data, we estimate that at least 48,971 entities fall into the category of “small governmental jurisdictions.” This total is derived from the sum of the number of general purpose governments (county, municipal and town or township) with populations of less than 50,000 (36,931) and the number of special purpose governments - independent school districts with enrollment populations of less than 50,000 (12,040), from the 2017 Census of Governments - Organizations Tables 5, 6, and 10. 2. Interconnected VoIP services 10. Internet Service Providers (Non-Broadband). Internet access service providers such as Dial-up Internet service providers, VoIP service providers using client-supplied telecommunications connections and Internet service providers using client-supplied telecommunications connections (e.g., dial-up ISPs) fall in the category of All Other Telecommunications. See U.S. Census Bureau, 2017 NAICS Definitions, NAICS Code “517919 All Other Telecommunications”, https://www.census.gov/cgi-bin/sssd/naics/naicsrch?input=517919&search=2017+NAICS+Search&search=2017. The SBA has developed a small business size standard for All Other Telecommunications which consists of all such firms with gross annual receipts of $35 million or less. 13 CFR § 121.201; NAICS Code 517919. For this category, U.S. Census Bureau data for 2012 show that there were 1,442 firms that operated for the entire year. U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ4, Information: Subject Series - Estab and Firm Size: Receipts Size of Firms for the United States: 2012, NAICS code 517919, https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ4//naics~517919. Of these firms, a total of 1,400 had gross annual receipts of less than $25 million. Id. Consequently, under this size standard a majority of firms in this industry firms can be considered small. 3. Wireline Providers 11. Incumbent Local Exchange Carriers (Incumbent LECs). Neither the Commission nor the SBA has developed a small business size standard specifically for incumbent local exchange services. The closest applicable NAICS Code category is Wired Telecommunications Carriers. See 13 CFR § 121.201. The Wired Telecommunications Carrier category formerly used the NAICS code of 517110. As of 2017 the U.S. Census Bureau definition shows the NAICs code as 517311 for Wired Telecommunications Carriers. See https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017. Under the applicable SBA size standard, such a business is small if it has 1,500 or fewer employees. Id. U.S. Census Bureau data for 2012 indicate that 3,117 firms operated the entire year. See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information: Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 (517110 Wired Telecommunications Carriers). https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110. Of this total, 3,083 operated with fewer than 1,000 employees. Id. Consequently, the Commission estimates that most providers of incumbent local exchange service are small businesses that may be affected by our actions. According to Commission data, one thousand three hundred and seven (1,307) Incumbent Local Exchange Carriers reported that they were incumbent local exchange service providers. See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service). Of this total, an estimated 1,006 have 1,500 or fewer employees. Id. Thus, using the SBA’s size standard the majority of incumbent LECs can be considered small entities. 12. Interexchange Carriers. Neither the Commission nor the SBA has developed a small business size standard specifically for Interexchange Carriers. The closest applicable NAICS Code category is Wired Telecommunications Carriers.See 13 CFR § 121.201. The Wired Telecommunications Carrier category formerly used the NAICS code of 517110. As of 2017 the U.S. Census Bureau definition shows the NAICs code as 517311 for Wired Telecommunications Carriers. See U.S. Census Bureau, 2017 NAICS Definition, https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017. The appropriate size standard under SBA rules is that such a business is small if it has 1,500 or fewer employees. Id. U.S. Census Bureau data for 2012 indicate that 3,117 firms operated for the entire year. See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information: Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 (517110 Wired Telecommunications Carriers). https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110. Of that number, 3,083 operated with fewer than 1,000 employees. Id. Thus, under this size standard, the majority of firms in this industry can be considered small. According to internally developed Commission data, 359 companies reported that their primary telecommunications service activity was the provision of interexchange services. See Trends in Telephone Service at Table 5.3. Of this total, an estimated 317 have 1,500 or fewer employees. Id. Consequently, the Commission estimates that the majority of interexchange service providers are small entities. 13. Operator Service Providers (OSPs). Neither the Commission nor the SBA has developed a small business size standard specifically for operator service providers. The closest applicable size standard under SBA rules is for the category of Wired Telecommunications Carriers. See 13 CFR § 120.201. The Wired Telecommunications Carrier category formerly used the NAICS code of 517110. As of 2017 the U.S. Census Bureau definition shows the NAICS code as 517311 for Wired Telecommunications Carriers. See also U.S. Census Bureau, 2017 NAICS Definition, https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017. Under the size standard for Wired Telecommunications Carriers, such a business is small if it has 1,500 or fewer employees. 13 CFR § 121.201, NAICS code 517311 (previously 517110). U.S. Census Bureau data for 2012 show that there were 3,117 firms that operated that year. See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information: Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 (517110 Wired Telecommunications Carriers). https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110. Of this total, 3,083 operated with fewer than 1,000 employees. Id. Consequently, the Commission estimates that the majority of OSPs are small entities. According to Commission data, 33 carriers have reported that they are engaged in the provision of operator services. Of these, an estimated 31 have 1,500 or fewer employees and 2 has more than 1,500 employees. Trends in Telephone Service at Table 5.3. Consequently, the Commission estimates that the majority of operator service providers are small entities that may be affected by our proposed action. 4. Wireless Providers – Fixed and Mobile 14. To the extent the wireless services listed below are used by wireless firms for fixed and mobile broadband Internet access services, the NPRM’s proposed rules may have an impact on those small businesses as set forth above and further below. Accordingly, for those services subject to auctions, we note that, as a general matter, the number of winning bidders that claim to qualify as small businesses at the close of an auction does not necessarily represent the number of small businesses currently in service. Also, the Commission does not generally track subsequent business size unless, in the context of assignments and transfers or reportable eligibility events, unjust enrichment issues are implicated. 15. Wireless Telecommunications Carriers (except Satellite). This industry comprises establishments engaged in operating and maintaining switching and transmission facilities to provide communications via the airwaves. Establishments in this industry have spectrum licenses and provide services using that spectrum, such as cellular services, paging services, wireless internet access, and wireless video services. U.S. Census Bureau, 2012 NAICS Definitions, “517210 Wireless Telecommunications Carriers (Except Satellite),” See https://factfinder.census.gov/faces/affhelp/jsf/pages/metadata.xhtml?lang=en&type= ib&id=ib.en./ECN.NAICS2012.517210. The appropriate size standard under SBA rules is that such a business is small if it has 1,500 or fewer employees. 13 CFR § 121.201, NAICS code 517210. For this industry, U.S. Census Bureau data for 2012 show that there were 967 firms that operated for the entire year. U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ5, Information: Subject Series: Estab and Firm Size: Employment Size of Firms for the U.S.: 2012 NAICS Code 517210. https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517210. Of this total, 955 firms had employment of 999 or fewer employees and 12 had employment of 1000 employees or more. Id. Available census data does not provide a more precise estimate of the number of firms that have employment of 1,500 or fewer employees; the largest category provided is for firms with “1000 employees or more.” Thus under this category and the associated size standard, the Commission estimates that the majority of wireless telecommunications carriers (except satellite) are small entities. 16. Wireless Communications Services. This service can be used for fixed, mobile, radiolocation, and digital audio broadcasting satellite uses. The Commission defined “small business” for the wireless communications services (WCS) auction as an entity with average gross revenues of $40 million for each of the three preceding years, and a “very small business” as an entity with average gross revenues of $15 million for each of the three preceding years. Amendment of the Commission’s Rules to Establish Part 27, the Wireless Communications Service (WCS), Report and Order, 12 FCC Rcd 10785, 10879, para. 194 (1997). The SBA has approved these small business size standards. Letter from Aida Alvarez, Administrator, SBA, to Amy Zoslov, Chief, Auctions and Industry Analysis Division, Wireless Telecommunications Bureau, FCC (filed Dec. 2, 1998) (Alvarez Letter 1998). In the Commission’s auction for geographic area licenses in the WCS there were seven winning bidders that qualified as “very small business” entities, and one winning bidder that qualified as a “small business” entity. 17. 1670–1675 MHz Services. This service can be used for fixed and mobile uses, except aeronautical mobile. 47 CFR § 2.106; see generally 47 CFR §§ 27.1–.70. An auction for one license in the 1670–1675 MHz band was conducted in 2003. One license was awarded. The winning bidder was not a small entity. 18. Wireless Telephony. Wireless telephony includes cellular, personal communications services, and specialized mobile radio telephony carriers. The closest applicable SBA category is Wireless Telecommunications Carriers (except Satellite). U.S. Census Bureau, 2012 NAICS Definitions, 517210 Wireless Telecommunications Carriers (Except Satellite), https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517210&search=2012+NAICS+Search. Under the SBA small business size standard, a business is small if it has 1,500 or fewer employees. 13 CFR § 121.201, NAICS code 517210. For this industry, U.S. Census Bureau data for 2012 show that there were 967 firms that operated for the entire year. U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ5, Information: Subject Series: Estab and Firm Size: Employment Size of Firms for the U.S.: 2012 NAICS Code 517210 (rel. Jan. 8, 2016). https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517210. Of this total, 955 firms had fewer than 1,000 employees and 12 firms had 1000 employees or more. Id. Available census data do not provide a more precise estimate of the number of firms that have employment of 1,500 or fewer employees; the largest category provided is for firms with “1000 employees or more.” Thus under this category and the associated size standard, the Commission estimates that a majority of these entities can be considered small. According to Commission data, 413 carriers reported that they were engaged in wireless telephony. See Trends in Telephone Service at Table 5.3. Of these, an estimated 261 have 1,500 or fewer employees and 152 have more than 1,500 employees. Id. More than half of these entities therefore can be considered small. Broadband Personal Communications Service. The broadband personal communications services (PCS) spectrum is divided into six frequency blocks designated A through F, and the Commission has held auctions for each block. The Commission initially defined a “small business” for C- and F-Block licenses as an entity that has average gross revenues of $40 million or less in the three previous calendar years. Amendment of Parts 20 and 24 of the Commission’s Rules – Broadband PCS Competitive Bidding and the Commercial Mobile Radio Service Spectrum Cap et al., Report and Order, 11 FCC Rcd 7824, 7850–52, paras. 57–60 (1996) (PCS Report and Order); see also 47 CFR § 24.720(b). For F-Block licenses, an additional small business size standard for “very small business” was added and is defined as an entity that, together with its affiliates, has average gross revenues of not more than $15 million for the preceding three calendar years. PCS Report and Order, 11 FCC Rcd at 7852, para. 60. These small business size standards, in the context of broadband PCS auctions, have been approved by the SBA. See Alvarez Letter 1998. No small businesses within the SBA-approved small business size standards bid successfully for licenses in Blocks A and B. There were 90 winning bidders that claimed small business status in the first two C-Block auctions. A total of 93 bidders that claimed small business status won approximately 40 percent of the 1,479 licenses in the first auction for the D, E, and F Blocks. See Broadband PCS, D, E and F Block Auction Closes, Public Notice, Doc. No. 89838 (rel. Jan. 14, 1997). On April 15, 1999, the Commission completed the re-auction of 347 C-, D-, E-, and F-Block licenses in Auction No. 22. See C, D, E, and F Block Broadband PCS Auction Closes, Public Notice, 14 FCC Rcd 6688 (WTB 1999). Before Auction No. 22, the Commission established a very small standard for the C Block to match the standard used for F Block. Amendment of the Commission’s Rules Regarding Installment Payment Financing for Personal Communications Services (PCS) Licensees, WT Docket No. 97-82, Fourth Report and Order, 13 FCC Rcd 15743, 15768, para. 46 (1998). Of the 57 winning bidders in that auction, 48 claimed small business status and won 277 licenses. 19. On January 26, 2001, the Commission completed the auction of 422 C and F Block Broadband PCS licenses in Auction No. 35. Of the 35 winning bidders in that auction, 29 claimed small business status. C and F Block Broadband PCS Auction Closes; Winning Bidders Announced, Public Notice, 16 FCC Rcd 2339 (2001). Subsequent events concerning Auction 35, including judicial and agency determinations, resulted in a total of 163 C and F Block licenses being available for grant. On February 15, 2005, the Commission completed an auction of 242 C-, D-, E-, and F-Block licenses in Auction No. 58. Of the 24 winning bidders in that auction, 16 claimed small business status and won 156 licenses. Broadband PCS Spectrum Auction Closes; Winning Bidders Announced for Auction No. 58, Public Notice, 20 FCC Rcd 3703 (2005). On May 21, 2007, the Commission completed an auction of 33 licenses in the A, C, and F Blocks in Auction No. 71. Auction of Broadband PCS Spectrum Licenses Closes; Winning Bidders Announced for Auction No. 71, Public Notice, 22 FCC Rcd 9247 (2007). Of the 12 winning bidders in that auction, five claimed small business status and won 18 licenses. Id. On August 20, 2008, the Commission completed the auction of 20 C-, D-, E-, and F-Block Broadband PCS licenses in Auction No. 78. Auction of AWS-1 and Broadband PCS Licenses Closes; Winning Bidders Announced for Auction 78, Public Notice, 23 FCC Rcd 12749 (WTB 2008). Of the eight winning bidders for Broadband PCS licenses in that auction, six claimed small business status and won 14 licenses. Id. 20. Specialized Mobile Radio Licenses. The Commission awards “small entity” bidding credits in auctions for Specialized Mobile Radio (SMR) geographic area licenses in the 800 MHz and 900 MHz bands to firms that had revenues of no more than $15 million in each of the three previous calendar years. 47 CFR § 90.814(b)(1). The Commission awards “very small entity” bidding credits to firms that had revenues of no more than $3 million in each of the three previous calendar years. Id. The SBA has approved these small business size standards for the 900 MHz Service. Letter from Aida Alvarez, Administrator, SBA, to Thomas Sugrue, Chief, Wireless Telecommunications Bureau, FCC (filed Aug. 10, 1999) (Alvarez Letter 1999). The Commission has held auctions for geographic area licenses in the 800 MHz and 900 MHz bands. The 900 MHz SMR auction began on December 5, 1995, and closed on April 15, 1996. Sixty bidders claiming that they qualified as small businesses under the $15 million size standard won 263 geographic area licenses in the 900 MHz SMR band. The 800 MHz SMR auction for the upper 200 channels began on October 28, 1997, and was completed on December 8, 1997. Ten bidders claiming that they qualified as small businesses under the $15 million size standard won 38 geographic area licenses for the upper 200 channels in the 800 MHz SMR band. Correction to Public Notice DA 96-586 “FCC Announces Winning Bidders in the Auction of 1020 Licenses to Provide 900 MHz SMR in Major Trading Areas,” Public Notice, 18 FCC Rcd 18367 (WTB 1996). A second auction for the 800 MHz band was held on January 10, 2002 and closed on January 17, 2002 and included 23 BEA licenses. One bidder claiming small business status won five licenses. Multi-Radio Service Auction Closes, Public Notice, 17 FCC Rcd 1446 (WTB 2002). 21. The auction of the 1,053 800 MHz SMR geographic area licenses for the General Category channels began on August 16, 2000, and was completed on September 1, 2000. Eleven bidders won 108 geographic area licenses for the General Category channels in the 800 MHz SMR band and qualified as small businesses under the $15 million size standard. 800 MHz Specialized Mobile Radio (SMR) Service General Category (851–854 MHz) and Upper Band (861–865 MHz) Auction Closes; Winning Bidders Announced, Public Notice, 15 FCC Rcd 17162 (2000). In an auction completed on December 5, 2000, a total of 2,800 Economic Area licenses in the lower 80 channels of the 800 MHz SMR service were awarded. 800 MHz SMR Service Lower 80 Channels Auction Closes; Winning Bidders Announced, Public Notice, 16 FCC Rcd 1736 (2000). Of the 22 winning bidders, 19 claimed small business status and won 129 licenses. Thus, combining all four auctions, 41 winning bidders for geographic licenses in the 800 MHz SMR band claimed status as small businesses. 22. In addition, there are numerous incumbent site-by-site SMR licenses and licensees with extended implementation authorizations in the 800 and 900 MHz bands. We do not know how many firms provide 800 MHz or 900 MHz geographic area SMR service pursuant to extended implementation authorizations, nor how many of these service providers have annual revenues of no more than $15 million. In addition, we do not know how many of these firms have 1,500 or fewer employees, which is the SBA-determined size standard. See generally 13 CFR § 121.201, NAICS code 517210. We assume, for purposes of this analysis, that all of the remaining extended implementation authorizations are held by small entities, as defined by the SBA. 23. Lower 700 MHz Band Licenses. The Commission previously adopted criteria for defining three groups of small businesses for purposes of determining their eligibility for special provisions such as bidding credits. See Reallocation and Service Rules for the 698–746 MHz Spectrum Band (Television Channels 52–59), Report and Order, 17 FCC Rcd 1022 (2002) (Channels 52–59 Report and Order). The Commission defined a “small business” as an entity that, together with its affiliates and controlling principals, has average gross revenues not exceeding $40 million for the preceding three years. Channels 52–59 Report and Order, 17 FCC Rcd at 1087-88, para. 172. A “very small business” is defined as an entity that, together with its affiliates and controlling principals, has average gross revenues that are not more than $15 million for the preceding three years. See id. Additionally, the lower 700 MHz Service had a third category of small business status for Metropolitan/Rural Service Area (MSA/RSA) licenses—”entrepreneur”—which is defined as an entity that, together with its affiliates and controlling principals, has average gross revenues that are not more than $3 million for the preceding three years. See id., 17 FCC Rcd at 1088, para. 173. The SBA approved these small size standards. Alvarez Letter 1999. An auction of 740 licenses (one license in each of the 734 MSAs/RSAs and one license in each of the six Economic Area Groupings (EAGs)) commenced on August 27, 2002, and closed on September 18, 2002. Of the 740 licenses available for auction, 484 licenses were won by 102 winning bidders. Seventy-two of the winning bidders claimed small business, very small business or entrepreneur status and won a total of 329 licenses. Lower 700 MHz Band Auction Closes, Public Notice, 17 FCC Rcd 17272 (WTB 2002). A second auction commenced on May 28, 2003, closed on June 13, 2003, and included 256 licenses: 5 EAG licenses and 476 Cellular Market Area licenses. Lower 700 MHz Band Auction Closes, Public Notice, 18 FCC Rcd 11873 (WTB 2003). Seventeen winning bidders claimed small or very small business status and won 60 licenses, and nine winning bidders claimed entrepreneur status and won 154 licenses. See id. On July 26, 2005, the Commission completed an auction of 5 licenses in the Lower 700 MHz band (Auction No. 60). There were three winning bidders for five licenses. All three winning bidders claimed small business status. 24. In 2007, the Commission reexamined its rules governing the 700 MHz band in the 700 MHz Second Report and Order. 700 MHz Second Report and Order, Second Report and Order, 22 FCC Rcd 15289, 15359 n.434 (2007). An auction of 700 MHz licenses commenced January 24, 2008 and closed on March 18, 2008, which included, 176 Economic Area licenses in the A Block, 734 Cellular Market Area licenses in the B Block, and 176 EA licenses in the E Block. Auction of 700 MHz Band Licenses Closes, Public Notice, 23 FCC Rcd 4572 (WTB 2008). Twenty winning bidders, claiming small business status (those with attributable average annual gross revenues that exceed $15 million and do not exceed $40 million for the preceding three years) won 49 licenses. Thirty-three winning bidders claiming very small business status (those with attributable average annual gross revenues that do not exceed $15 million for the preceding three years) won 325 licenses. 25. Upper 700 MHz Band Licenses. In the 700 MHz Second Report and Order, the Commission revised its rules regarding Upper 700 MHz licenses. 700 MHz Second Report and Order, 22 FCC Rcd 15289. On January 24, 2008, the Commission commenced Auction 73 in which several licenses in the Upper 700 MHz band were available for licensing: 12 Regional Economic Area Grouping licenses in the C Block, and one nationwide license in the D Block. Auction of 700 MHz Band Licenses Closes, Public Notice, 23 FCC Rcd 4572 (WTB 2008). The auction concluded on March 18, 2008, with 3 winning bidders claiming very small business status (those with attributable average annual gross revenues that do not exceed $15 million for the preceding three years) and winning five licenses. 26. 700 MHz Guard Band Licensees. In 2000, in the 700 MHz Guard Band Order, the Commission adopted size standards for “small businesses” and “very small businesses” for purposes of determining their eligibility for special provisions such as bidding credits and installment payments. Service Rules for the 746–764 MHz Bands, and Revisions to Part 27 of the Commission’s Rules, Second Report and Order, 15 FCC Rcd 5299 (2000) (746–764 MHz Band Second Report and Order). A small business in this service is an entity that, together with its affiliates and controlling principals, has average gross revenues not exceeding $40 million for the preceding three years. 746–764 MHz Band Second Report and Order, 15 FCC Rcd at 5343, para. 108. Additionally, a very small business is an entity that, together with its affiliates and controlling principals, has average gross revenues that are not more than $15 million for the preceding three years. See id. SBA approval of these definitions is not required. See id. at 5343, para. 108 n.246 (for the 746–764 MHz and 776–794 MHz bands, the Commission is exempt from 15 U.S.C. § 632, which requires Federal agencies to obtain SBA approval before adopting small business size standards). An auction of 52 Major Economic Area licenses commenced on September 6, 2000, and closed on September 21, 2000. 700 MHz Guard Bands Auction Closes: Winning Bidders Announced, Public Notice, 15 FCC Rcd 18026 (WTB 2000). Of the 104 licenses auctioned, 96 licenses were sold to nine bidders. Five of these bidders were small businesses that won a total of 26 licenses. A second auction of 700 MHz Guard Band licenses commenced on February 13, 2001, and closed on February 21, 2001. All eight of the licenses auctioned were sold to three bidders. One of these bidders was a small business that won a total of two licenses. 700 MHz Guard Bands Auction Closes: Winning Bidders Announced, Public Notice, 16 FCC Rcd 4590 (WTB 2001). 27. Air-Ground Radiotelephone Service. The Commission has previously used the SBA’s small business size standard applicable to Wireless Telecommunications Carriers (except Satellite). U.S. Census Bureau, 2012 NAICS Definitions, “517210 Wireless Telecommunications Carriers (Except Satellite),” See https://factfinder.census.gov/faces/affhelp/jsf/pages/metadata.xhtml?lang=en&type= ib&id=ib.en./ECN.NAICS2012.517210. The appropriate size standard under SBA rules is that such a business is small if it has 1,500 or fewer employees. 13 CFR § 121.201, NAICS code 517210. For this industry, U.S. Census Bureau data for 2012 show that there were 967 firms that operated for the entire year. U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ5, Information: Subject Series: Estab and Firm Size: Employment Size of Firms for the U.S.: 2012 NAICS Code 517210. https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517210. Of this total, 955 firms had fewer than 1,000 employees and 12 had employment of 1000 employees or more. Id. Available census data do not provide a more precise estimate of the number of firms that have employment of 1,500 or fewer employees; the largest category provided is for firms with “1000 employees or more.” There are approximately 100 licensees in the Air-Ground Radiotelephone Service, and under that definition, we estimate that almost all of them qualify as small entities under the SBA definition. For purposes of assigning Air-Ground Radiotelephone Service licenses through competitive bidding, the Commission has defined “small business” as an entity that, together with controlling interests and affiliates, has average annual gross revenues for the preceding three years not exceeding $40 million. Amendment of Part 22 of the Commission’s Rules to Benefit the Consumers of Air-Ground Telecommunications Services et al., Order on Reconsideration and Report and Order, 20 FCC Rcd 19663, paras. 28–42 (2005). A “very small business” is defined as an entity that, together with controlling interests and affiliates, has average annual gross revenues for the preceding three years not exceeding $15 million. Id. These definitions were approved by the SBA. Letter from Hector V. Barreto, Administrator, SBA, to Gary D. Michaels, Deputy Chief, Auctions and Spectrum Access Division, Wireless Telecommunications Bureau, FCC (filed Sept. 19, 2005). In May 2006, the Commission completed an auction of nationwide commercial Air-Ground Radiotelephone Service licenses in the 800 MHz band (Auction No. 65). On June 2, 2006, the auction closed with two winning bidders winning two Air-Ground Radiotelephone Services licenses. Neither of the winning bidders claimed small business status. 28. AWS Services (1710–1755 MHz and 2110–2155 MHz bands (AWS-1); 1915–1920 MHz, 1995–2000 MHz, 2020–2025 MHz and 2175–2180 MHz bands (AWS-2); 2155–2175 MHz band (AWS-3)). For the AWS-1 bands, The service is defined in section 90.1301 et seq. of the Commission’s Rules, 47 CFR § 90.1301 et seq. the Commission has defined a “small business” as an entity with average annual gross revenues for the preceding three years not exceeding $40 million, and a “very small business” as an entity with average annual gross revenues for the preceding three years not exceeding $15 million. Service Rules for Advanced Wireless Services in the 1.7 GHz and 2.1 GHz Bands, Report and Order, 18 FCC Rcd 25,162, App. B (2003), modified by Service Rules for Advanced Wireless Services In the 1.7 GHz and 2.1 GHz Bands, Order on Reconsideration, 20 FCC Rcd 14,058, App. C (2005). For AWS-2 and AWS-3, although we do not know for certain which entities are likely to apply for these frequencies, we note that the AWS-1 bands are comparable to those used for cellular service and personal communications service. The Commission has not yet adopted size standards for the AWS-2 or AWS-3 bands but has proposed to treat both AWS-2 and AWS-3 similarly to broadband PCS service and AWS-1 service due to the comparable capital requirements and other factors, such as issues involved in relocating incumbents and developing markets, technologies, and services. Service Rules for Advanced Wireless Services in the 1915–1920 MHz, 1995–2000 MHz, 2020–2025 MHz and 2175–2180 MHz Bands et al., Notice of Proposed Rulemaking, 19 FCC Rcd 19,263, App. B (2005); Service Rules for Advanced Wireless Services in the 2155–2175 MHz Band, Notice of Proposed Rulemaking, 22 FCC Rcd 17,035, App. (2007); Service Rules for Advanced Wireless Services in the 2155-2175 MHz Band, Further Notice of Proposed Rulemaking, 23 FCC Rcd 9859, App. B (2008). 29. 3650–3700 MHz band. In March 2005, the Commission released a Report and Order and Memorandum Opinion and Order that provides for nationwide, non-exclusive licensing of terrestrial operations, utilizing contention-based technologies, in the 3650 MHz band (i.e., 3650–3700 MHz). The service is defined in section 90.1301 et seq. of the Commission’s Rules, 47 CFR § 90.1301 et seq. As of April 2010, more than 1270 licenses have been granted and more than 7433 sites have been registered. The Commission has not developed a definition of small entities applicable to 3650–3700 MHz band nationwide, non-exclusive licensees. We estimate however that the majority of these licensees are Internet Access Service Providers (ISPs) and that most of those licensees are small businesses. 30. Fixed Microwave Services. Microwave services include common carrier, 47 CFR Part 101, Subparts C and I. private-operational fixed, 47 CFR Part 101, Subparts C and H. and broadcast auxiliary radio services. Auxiliary Microwave Service is governed by Part 74 of Title 47 of the Commission’s Rules. See 47 CFR Part 74. Available to licensees of broadcast stations and to broadcast and cable network entities, broadcast auxiliary microwave stations are used for relaying broadcast television signals from the studio to the transmitter, or between two points such as a main studio and an auxiliary studio. The service also includes mobile TV pickups, which relay signals from a remote location back to the studio. They also include the Local Multipoint Distribution Service (LMDS), 47 CFR Part 101, Subpart L. the Digital Electronic Message Service (DEMS), 47 CFR Part 101, Subpart G. and the 24 GHz Service, See id. where licensees can choose between common carrier and non-common carrier status. 47 CFR §§ 101.533, 101.1017. The Commission has not yet defined a small business with respect to microwave services. There are approximately 66,680 common carrier fixed licensees, 69,360 private and public safety operational-fixed licensees, 20,150 broadcast auxiliary radio licensees, 411 LMDS licenses, 33 24 GHz DEMS licenses, 777 39 GHz licenses, and five 24 GHz licenses, and 467 Millimeter Wave licenses in the microwave services. These statistics are based on a review of the Universal Licensing System on September 22, 2015. The Commission has not yet defined a small business with respect to microwave services. The closest applicable SBA category is Wireless Telecommunications Carriers (except Satellite) U.S. Census Bureau, 2012 NAICS Definitions, “517210 Wireless Telecommunications Carriers (Except Satellite),” See https://factfinder.census.gov/faces/affhelp/jsf/pages/metadata.xhtml?lang=en&type= ib&id=ib.en./ECN.NAICS2012.517210. and the appropriate size standard for this category under SBA rules is that such a business is small if it has 1,500 or fewer employees. See 13 CFR § 121.201, NAICS code 517210. For this industry, U.S. Census Bureau data for 2012 show that there were 967 firms that operated for the entire year. U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ5, Information: Subject Series, “Estab and Firm Size: Employment Size of Firms for the U.S.: 2012 NAICS Code 517210” (rel. Jan. 8, 2016). https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517210. Of this total, 955 firms had employment of 999 or fewer employees and 12 had employment of 1000 employees or more. Id. Available census data do not provide a more precise estimate of the number of firms that have employment of 1,500 or fewer employees; the largest category provided is for firms with “1000 employees or more.” Thus under this SBA category and the associated size standard, the Commission estimates that a majority of fixed microwave service licensees can be considered small. 31. The Commission does not have data specifying the number of these licensees that have more than 1,500 employees, and thus is unable at this time to estimate with greater precision the number of fixed microwave service licensees that would qualify as small business concerns under the SBA’s small business size standard. Consequently, the Commission estimates that there are up to 36,708 common carrier fixed licensees and up to 59,291 private operational-fixed licensees and broadcast auxiliary radio licensees in the microwave services that may be small and may be affected by the rules and policies discussed herein. We note, however, that the common carrier microwave fixed licensee category does include some large entities. 32. Local Multipoint Distribution Service. Local Multipoint Distribution Service (LMDS) is a fixed broadband point-to-multipoint microwave service that provides for two-way video telecommunications. Local Multipoint Distribution Service, Second Report and Order, 12 FCC Rcd 12545 (1997). The Commission established a small business size standard for LMDS licenses as an entity that has average gross revenues of less than $40 million in the three previous years. See LMDS Second Report and Order, 12 FCC Rcd at 12689-90, para. 348. An additional small business size standard for “very small business” was added as an entity that, together with its affiliates, has average gross revenues of not more than $15 million for the preceding three years. See id. The SBA has approved these small business size standards in the context of LMDS auctions. See Letter to D. Phythyon, Chief, Wireless Telecommunications Bureau, Federal Communications Commission, from Aida Alvarez, Administrator, SBA (Jan. 6, 1998) (Alvarez to Phythyon Letter 1998). There were 93 winning bidders that qualified as small entities in the LMDS auctions. A total of 93 small and very small businesses won approximately 277 A Block licenses and 387 B Block licenses. In 1999, the Commission re-auctioned 161 licenses and there were 32 small and very small businesses that won 119 licenses. 33. Broadband Radio Service and Educational Broadband Service. Broadband Radio Service systems, previously referred to as Multipoint Distribution Service (MDS) and Multichannel Multipoint Distribution Service (MMDS) systems, and “wireless cable,” transmit video programming to subscribers and provide two-way high speed data operations using the microwave frequencies of the Broadband Radio Service (BRS) and Educational Broadband Service (EBS) (previously referred to as the Instructional Television Fixed Service (ITFS)). Amendment of Parts 21 and 74 of the Commission’s Rules with Regard to Filing Procedures in the Multipoint Distribution Service and in the Instructional Television Fixed Service and Implementation of Section 309(j) of the Communications Act—Competitive Bidding, MM Docket No. 94-131, PP Docket No. 93-253, Report and Order, 10 FCC Rcd 9589, 9593, para. 7 (1995). 34. BRS - In connection with the 1996 BRS auction, the Commission established a small business size standard as an entity that had annual average gross revenues of no more than $40 million in the previous three calendar years. 47 CFR § 21.961(b)(1). The BRS auctions resulted in 67 successful bidders obtaining licensing opportunities for 493 Basic Trading Areas (BTAs). Of the 67 auction winners, 61 met the definition of a small business. BRS also includes licensees of stations authorized prior to the auction. At this time, we estimate that of the 61 small business BRS auction winners, 48 remain small business licensees. In addition to the 48 small businesses that hold BTA authorizations, there are approximately 392 incumbent BRS licensees that are considered small entities. 47 U.S.C. § 309(j). Hundreds of stations were licensed to incumbent MDS licensees prior to implementation of Section 309(j) of the Communications Act of 1934, 47 U.S.C. § 309(j). For these pre-auction licenses, the applicable standard is SBA’s small business size standard of 1500 or fewer employees. After adding the number of small business auction licensees to the number of incumbent licensees not already counted, we initially find that there are currently approximately 440 BRS licensees that are defined as small businesses under either the SBA or the Commission’s rules. In 2009, the Commission conducted Auction 86, the sale of 78 licenses in the BRS areas. Auction of Broadband Radio Service (BRS) Licenses, Scheduled for October 27, 2009, Notice and Filing Requirements, Minimum Opening Bids, Upfront Payments, and Other Procedures for Auction 86, Public Notice, 24 FCC Rcd 8277 (2009). The Commission offered three levels of bidding credits: (i) a bidder with attributed average annual gross revenues that exceed $15 million and do not exceed $40 million for the preceding three years (small business) will receive a 15 percent discount on its winning bid; (ii) a bidder with attributed average annual gross revenues that exceed $3 million and do not exceed $15 million for the preceding three years (very small business) will receive a 25 percent discount on its winning bid; and (iii) a bidder with attributed average annual gross revenues that do not exceed $3 million for the preceding three years (entrepreneur) will receive a 35 percent discount on its winning bid. Id. at 8296. Auction 86 concluded in 2009 with the sale of 61 licenses. Auction of Broadband Radio Service Licenses Closes, Winning Bidders Announced for Auction 86, Down Payments Due November 23, 2009, Final Payments Due December 8, 2009, Ten-Day Petition to Deny Period, Public Notice, 24 FCC Rcd 13572 (2009). Of the ten winning bidders, two bidders that claimed small business status won 4 licenses; one bidder that claimed very small business status won three licenses; and two bidders that claimed entrepreneur status won six licenses. 35. EBS - Educational Broadband Service has been included within the broad economic census category and SBA size standard for Wired Telecommunications Carriers since 2007. Wired Telecommunications Carriers are comprised of establishments primarily engaged in operating and/or providing access to transmission facilities and infrastructure that they own and/or lease for the transmission of voice, data, text, sound, and video using wired telecommunications networks. Transmission facilities may be based on a single technology or a combination of technologies.” U.S. Census Bureau, 2017 NAICS Definitions, “517311 Wired Telecommunications Carriers,” (partial definition), http://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017. The SBA’s small business size standard for this category is all such firms having 1,500 or fewer employees. See 13 CFR § 121.201. The Wired Telecommunications Carrier category formerly used the NAICS code of 517110. As of 2017 the U.S. Census Bureau definition shows the NAICs code as 517311 for Wired Telecommunications Carriers. See https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017. U.S. Census Bureau data for 2012 show that there were 3,117 firms that operated that year. See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information: Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 (517110 Wired Telecommunications Carriers). https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110. Of this total, 3,083 operated with fewer than 1,000 employees. Id. Thus, under this size standard, the majority of firms in this industry can be considered small. 36. In addition to U.S. Census Bureau data, the Commission’s Universal Licensing System indicates that as of March 2019 there are 1,300 licensees holding over 2,190 active EBS licenses. The Commission estimates that of these 2,190 licenses, the majority are held by non-profit educational institutions and school districts, which are by statute defined as small businesses. The term “small entity” within SBREFA applies to small organizations (non-profits) and to small governmental jurisdictions (cities, counties, towns, townships, villages, school districts, and special districts with populations of less than 50,000). 5 U.S.C. §§ 601(4)-(6). 5. Satellite Service Providers 37. Satellite Telecommunications. This category comprises firms “primarily engaged in providing telecommunications services to other establishments in the telecommunications and broadcasting industries by forwarding and receiving communications signals via a system of satellites or reselling satellite telecommunications.” U.S. Census Bureau, 2017 NAICS Definitions, “517410 Satellite Telecommunications”; https://www.census.gov/cgi-bin/sssd/naics/naicsrch?input=517410&search=2017+NAICS+Search&search=2017. Satellite telecommunications service providers include satellite and earth station operators. The category has a small business size standard of $35 million or less in average annual receipts, under SBA rules. 13 CFR § 121.201, NAICS code 517410. For this category, U.S. Census Bureau data for 2012 show that there was a total of 333 firms that operated for the entire year. U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ4, Information: Subject Series - Estab and Firm Size: Receipts Size of Firms for the United States: 2012, NAICS code 517410 https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ4//naics~517410. Of this total, 299 firms had annual receipts of less than $25 million. Id. The available U.S. Census Bureau data does not provide a more precise estimate of the number of firms that meet the SBA size standard of annual receipts of $35 million or less. 38. All Other Telecommunications. The “All Other Telecommunications” category is comprised of establishments primarily engaged in providing specialized telecommunications services, such as satellite tracking, communications telemetry, and radar station operation. See U.S. Census Bureau, 2017 NAICS Definitions, NAICS Code “517919 All Other Telecommunications”, https://www.census.gov/cgi-bin/sssd/naics/naicsrch?input=517919&search=2017+NAICS+Search&search=2017. This industry also includes establishments primarily engaged in providing satellite terminal stations and associated facilities connected with one or more terrestrial systems and capable of transmitting telecommunications to, and receiving telecommunications from, satellite systems. Id. Establishments providing Internet services or voice over Internet protocol (VoIP) services via client-supplied telecommunications connections are also included in this industry.Id. The SBA has developed a small business size standard for All Other Telecommunications, which consists of all such firms with annual receipts of $35 million or less. See 13 CFR § 121.201, NAICS code 517919. For this category, U.S. Census Bureau data for 2012 show that there were 1,442 firms that operated for the entire year. U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ4, Information: Subject Series - Estab and Firm Size: Receipts Size of Firms for the United States: 2012, NAICS code 517919, https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ4//naics~517919. Of those firms, a total of 1,400 had annual receipts less than $25 million and 15 firms had annual receipts of $25 million to $49, 999,999. Id. Thus, the Commission estimates that the majority of “All Other Telecommunications” firms potentially affected by our action can be considered small. 6. Cable Service Providers 39. Because Section 706 requires us to monitor the deployment of broadband regardless of technology or transmission media employed, we know that some broadband service providers do not provide voice telephony service. Accordingly, we describe below other types of firms that may provide broadband services, including cable companies, MDS providers, and utilities, among others. 40. Wired Telecommunications Carriers. The U.S. Census Bureau defines this industry as “establishments primarily engaged in operating and/or providing access to transmission facilities and infrastructure that they own and/or lease for the transmission of voice, data, text, sound, and video using wired telecommunications networks. Transmission facilities may be based on a single technology or a combination of technologies. Establishments in this industry use the wired telecommunications network facilities that they operate to provide a variety of services, such as wired telephony services, including VoIP services; wired (cable) audio and video programming distribution; and wired broadband Internet services. By exception, establishments providing satellite television distribution services using facilities and infrastructure that they operate are included in this industry.” See 13 CFR § 120.201. The Wired Telecommunications Carrier category formerly used the NAICS code of 517110. As of 2017 the U.S. Census Bureau definition shows the NAICS code as 517311 for Wired Telecommunications Carriers. See U.S. Census Bureau, 2017 NAICS Definition, https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017 (last visited Dec. 13, 2019). The SBA has developed a small business size standard for Wired Telecommunications Carriers, which consists of all such companies having 1,500 or fewer employees.See 13 CFR § 120.201, NAICS Code 517311 (previously 517110). U.S. Census Bureau data for 2012 show that there were 3,117 firms that operated that year. See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information: Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 (517110 Wired Telecommunications Carriers). https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110. Of this total, 3,083 operated with fewer than 1,000 employees. Id. Thus, under this size standard, the majority of firms in this industry can be considered small. 41. Cable Companies and Systems (Rate Regulation). The Commission has also developed its own small business size standards, for the purpose of cable rate regulation. Under the Commission’s rules, a “small cable company” is one serving 400,000 or fewer subscribers nationwide. 47 CFR § 76.901(e). The Commission determined that this size standard equates approximately to a size standard of $100 million or less in annual revenues. Implementation of Sections of the 1992 Cable Act: Rate Regulation, Sixth Report and Order and Eleventh Order on Reconsideration, 10 FCC Rcd 7393, 7408 (1995). Industry data indicate that there are 4,600 active cable systems in the United States. The number of active, registered cable systems comes from the Commission’s Cable Operations and Licensing System (COALS) database on August 15, 2015. See FCC, Cable Operations and Licensing System (COALS), www.fcc.gov/coals (last visited Dec. 13, 2019). Of this total, all but seven cable operators nationwide are small under the 400,000-subscriber size standard. S&P Global Market Intelligence, Top Cable MSOs as of 12/2016, (Dec 2018) https://platform.marketintelligence.spglobal.com/. In addition, under the Commission’s rate regulation rules, a “small system” is a cable system serving 15,000 or fewer subscribers. 47 CFR § 76.901(c). Commission records show 4,600 cable systems nationwide. See supra n. 149. Of this total, 3,900 cable systems have fewer than 15,000 subscribers, and 700 systems have 15,000 or more subscribers, based on the same records. See FCC, Cable Operations and Licensing System (COALS), www.fcc.gov/coals (last visited Dec. 13, 2019). Thus, under this standard as well, we estimate that most cable systems are small entities. 42. Cable System Operators (Telecom Act Standard). The Communications Act of 1934, as amended, also contains a size standard for small cable system operators, which is “a cable operator that, directly or through an affiliate, serves in the aggregate fewer than one percent of all subscribers in the United States and is not affiliated with any entity or entities whose gross annual revenues in the aggregate exceed $250,000,000.” 47 U.S.C. § 543(m)(2); see 47 CFR § 76.901(f) & nn.1–3. As of 2018, there were approximately 50,504,624 cable video subscribers in the United States. S&P Global Market Intelligence, U.S. Cable Subscriber Highlights, Basic Subscribers(actual) 2018, U.S. Cable MSO Industry Total, (Dec 2018) https://platform.marketintelligence.spglobal.com. Accordingly, an operator serving fewer than 505,046 subscribers shall be deemed a small operator if its annual revenues, when combined with the total annual revenues of all its affiliates, do not exceed $250 million in the aggregate. 47 CFR § 76.901(f) and notes ff. 1, 2, and 3. Based on available data, we find that all but six incumbent cable operators are small entities under this size standard. S&P Global Market Intelligence, Top Cable MSOs as of 12/2018, (Dec 2018) https://platform.marketintelligence.spglobal.com. The six cable operators all had more than 505,046 basic cable subscribers. We note that the Commission neither requests nor collects information on whether cable system operators are affiliated with entities whose gross annual revenues exceed $250 million. The Commission does receive such information on a case-by-case basis if a cable operator appeals a local franchise authority’s finding that the operator does not qualify as a small cable operator pursuant to § 76.901(f) of the Commission’s rules. See 47 CFR § 76.909(b). Therefore we are unable at this time to estimate with greater precision the number of cable system operators that would qualify as small cable operators under the definition in the Communications Act. D. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements 43. We expect the proposed rules in the Further Notice will impose new or additional reporting or recordkeeping and/or other compliance obligations on service providers, and if they choose to participate, on agencies that are granted direct access to NORS and DIRS filings, and these entities may have to hire professionals to fulfill their compliance obligations. The rules proposed in the Further Notice would require minor adjustments to the existing reporting process used by service providers to account for new or refined multistate reporting for the NORS and DIRS filings. We estimate that service providers will incur total initial set up costs of $3.2 million based on our estimate of 1,000 service provider incurring costs of $80 per hour and spending 40 hours to implement update or revise their software used to report outages to the Commission in NORS and DIRS. We seek comment on costs to service providers associated with any updates or modifications to their automated software and other systems that would be required for them to continue to file NORS reports under our proposed information sharing framework. 44. Pursuant to the proposed confidential protections, if adopted, voluntarily participating agencies will be required to notify the Commission when they receive requests for NORS filings, DIRS filings, or related records and prior to the effective date of any change in relevant statutes of laws that would affect the agency’s ability to adhere to the confidentiality protections that the Commission requires. We believe these agencies would incur initial costs to review and revise their confidentiality protections in accordance with the proposed information sharing framework and minimal reoccurring costs to notify the Commission about a request for NORS/DIRS filings or relevant statutory changes as described above. The Commission cannot quantify the costs for these activities, which would vary based on each participating agency’s particular circumstances, however, we tentatively conclude that the benefits of participation would exceed the costs for any participating agency and seek comment on these matters. 45. Under the proposed information sharing framework, voluntarily participating agencies will be required to submit to the Commission requests for direct access to NORS and DIRS filings which includes a description of why the agency has a need to access NORS and DIRS filings and how it intends to use the information in practice. These agencies will also be required to administer annual security training to each person granted a user account for NORS and DIRS filings. In the event of any known or reasonably suspected breach of protocol involving NORS and DIRS filings participating agencies will be required to report this information to the Commission and all affected providers within 24 hours of the breach or suspected breach. The Commission believes these participating agencies will incur costs to comply with the above requirements, however, we cannot quantify the costs for these activities, which would vary based on each participating agency’s particular circumstances, however, we tentatively conclude that the benefits of participation would exceed the costs for any participating agency and seek comment on these matters. 46. In the Further Notice, the Commission proposes to allow participating agencies to share confidential NORS and DIRS information within and outside the agency subject to certain limitations. A participating agency would likely incur initial costs to determine how to appropriately handle and disseminate confidential NORS and DIRS information consistent with the proposed information sharing framework. The Further Notice also proposes to require participating agencies to execute an annual attestation form certifying and acknowledging compliance with requirements of the information sharing framework that the Commission adopts. These agencies will undoubtably incur costs to comply these new requirements if adopted, but the Commission cannot quantify the costs for these activities, which would vary based on each participating agency’s particular circumstances and therefore seeks comment on the matters. E. Steps Taken to Minimize the Significant Economic Impact on Small Entities, and Significant Alternatives Considered 47. The RFA requires an agency to describe any significant, specifically small business, alternatives that it has considered in reaching its proposed approach, which may include (among others) the following four alternatives: (1) the establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance or reporting requirements under the rule for such small entities; (3) the use of performance, rather than design, standards; and (4) an exemption from coverage of the rule, or any part thereof, for such small entities. 5 U.S.C. § 603(c). 48. The Commission expects the information sharing infrastructure that it proposes and seeks comment on in the Further Notice to aid the response, recovery and restoration efforts by agencies during natural disasters and other emergencies and allow them to rapidly direct their resources, and to the areas of greatest need. To safeguard and protect the confidentiality of the NORS and DIRS filings, information sharing framework requirements will apply equally to all affected service providers’ information, and agencies that choose to participate. The Commission is mindful however, that agencies that voluntarily participate in the information sharing as well as service providers will incur costs should the proposals we make, and the alternatives upon which we seek comment in the Further Notice be adopted. To assist in the Commission’s evaluation of the economic impact on small entities and others that may become involved in the information sharing process we have proposed, the Commission therefore seeks comment on the costs and benefits of various proposals and alternatives in the Further Notice. We anticipate that for those agencies that already incur costs to collect this outage or infrastructure status information from service provider, may see a cost savings in accessing the same or similar information in NORS or DIRS. The electronic functions in NORS and DIRS may also help smaller government agencies, including Tribal Nation and territorial agencies, that may not have the resources to dedicate to collecting outage or infrastructure status update information. 49. Information sharing of NORS filing information with participating agencies will necessitate technical and software system changes by service providers. For example, to allow NORS to limit state agencies’ access to only those outages that occur within their states, we propose to change the NORS form to allow users to select more than one state when submitting a NORS filing. We seek comment on this approach and any potential alternatives. We specifically raise as an alternative whether, instead of modifying the NORS form, we should require service providers to submit several state-specific filings instead of submitting single aggregated filings for each outage, and we seek comment on this approach. Additionally, we seek comment on costs to service providers on the changes required to facilitate the direct access by agencies that we propose in the Further Notice. 50. The Commission has taken specific steps to address some of the costs for agencies that choose to participate in the information sharing process proposed in the Further Notice. As discussed in the Further Notice, to provide agencies maximum flexibility and reduce potential costs of compliance with the training requirements, we propose rather than mandate an agency’s use of a specific program, we propose to allow agencies to develop their own training program or rely on an outside training program that covers, at a minimum, each of the following topics or “program elements”: (i) procedures and requirements for accessing NORS and DIRS filings; (ii) parameters by which agency employees may share confidential and aggregated NORS and DIRS information; (iii) initial and continuing requirements to receive trainings; (iv) notification that failure to abide by the required program elements will result in personal or agency termination of access to NORS and DIRS filings and liability to service providers and third-parties under applicable state and federal law; and (v) notification to the Commission, at its designated e-mail address, concerning any questions, concerns, account management issues, reporting any known or reasonably suspected breach of protocol and, if needed, requesting service providers’ contact information upon learning of a known or reasonably suspected breach. We seek comment on this proposal. 51. The Commission has also proposed a single form contained in Appendix C, to address the certifications and acknowledgments required for direct access to NORS and DIRS filings and seek comment on the elements of the certification form in the Further Notice. Once an agency has applied for direct access and been approved, the agency head would receive a customized version of the certification & acknowledgment form for execution by an agency official with authority to obligate and bind the agency and submission to the Commission. Using a single form coupled with the fact that the proposed certification form is similar to one that the Commission currently requires for sharing sensitive numbering data with states using FCC Form 477 data, should help minimize preparation time and costs, specifically for those smaller agencies. We expect to more fully consider the economic impact on small entities following our review of comments filed in response to the Further Notice in reaching our final conclusions and promulgating the information sharing framework rules in this proceeding. F. Federal Rules that May Duplicate, Overlap, or Conflict with the Proposed Rule 52. None. APPENDIX C CERTIFICATION FORM Instructions: Please review and complete the form below. Please send your completed form to NORS_DIRS_information_sharing@fcc.gov. On review, the Commission contact you to resolve any questions with your application papers or issue your agency login credentials for accessing NORS and DIRS. [NAME OF AGENCY] CERTIFICATION FORM FOR NORS AND DIRS SHARING [your title] [name of agency] [address] [address] Dear Commission: [Agency name] requests access to Network Outage Reporting System (NORS) and Disaster Information Reporting System (DIRS) filings involving [name of state or nationwide] (filings). These filings are made pursuant to the Commission’s reporting rules and practices. See, e.g., 47 CFR Part 4; see also, e.g., The FCC’s Public Safety & Homeland Security Bureau Launches Disaster Information Reporting System (DIRS), Public Notice, DA 07-3871, 22 FCC Rcd 16757 (PSHSB 2007). I hereby certify and acknowledge that I am authorized to act on behalf of the [name of agency] and that [name of agency] is willing and able to be bound by the terms and conditions provided in this document. On behalf of [agency name], I acknowledge and certify that [agency name] agrees to the terms below. I hereby certify and acknowledge that each user account is to be assigned to a single employee and that [agency name] will promptly reassign user accounts to reflect changes as its roster of designated employees changes (e.g., due to employee departure and arrival). I hereby certify and acknowledge that [agency name] will change user account passwords and take other reasonable measures to ensure that user account credentials are not used by individuals who are not [agency name]’s designated employees. I hereby certify and acknowledge that NORS and DIRS filings, and the information contained therein (collectively, NORS and DIRS filings and information) are sensitive and presumed confidential for national security and commercial competitiveness reasons. The Commission has noted that the outage reports “will contain sensitive data” and that this data “could be used by hostile parties to attack those networks, which are part of the Nation’s critical information infrastructure.” 2004 Part 4 Report and Order, 19 FCC Rcd at 16852-53, para. 40. Further, the Commission stated that the “national defense and public safety goals” sought with outage reporting would be “seriously undermined if [the Commission] were to permit these reports to fall into the hands of terrorists who seek to cripple the nation’s communications infrastructure.” 2004 Part 4 Report and Order, 19 FCC Rcd at 16855, para. 45. I hereby certify that [agency name] will treat NORS and DIRS filings and data as confidential under federal and state Freedom of Information Act statutes and similar laws and regulations and not disclose them absent a finding by the Commission that allows [agency name] to do so. I hereby certify that [agency name] will treat NORS and DIRS filings and information in accordance with procedural and substantive protections that are equivalent to or greater than those afforded under federal confidentiality statutes and rules, including but not limited to the federal Freedom of Information Act. See 5 U.S.C. § 552(b)(4). To the extent that federal confidentiality statutes and rules impose a higher standard of confidentiality than applicable state law or regulations provide, I represent that the [name of agency] is legally able to and will adhere to the higher federal standard. I agree that the [name of agency] will notify the Commission, within 14 calendar days via the e-mail, NORS_DIRS_information_sharing@fcc.gov, when a request under the [name of agency’s state/jurisdiction] records access statute or agency regulations is filed that implicates NORS and DIRS filings and information. I agree to notify the Commission via the e-mail, NORS_DIRS_information_sharing@fcc.gov, at least 30 calendar days prior to the effective date of any change in relevant statutes of laws that would affect [name of agency]’s ability to adhere to at least the federal confidentiality rules and statutes standard. I hereby certify and acknowledge that the Commission’s rules place restrictions on the access to and use of NORS and DIRS filings and information. I certify that I have reviewed and agree to comply with the restrictions described at [cite to forthcoming Order]. I hereby certify and acknowledge that the [name of agency] will adopt or develop a NORS and DIRS security training program, if it has not already, that satisfies each of the required training program elements identified at [cite to forthcoming Order], that the [name of agency] will administer this training to each of its designated employees prior to their access to NORS and DIRS filings and information and then at least annually thereafter. I further acknowledge that [name of agency] will report to any affected service providers and to the Commission, via the e-mail NORS_DIRS_information_sharing@fcc.gov, any known or reasonable suspected breach of the protocol specified in the training program within 24 hours. I further acknowledge that if [name of agency] needs contact information for a provider, that [agency name] may request this information from the Commission at NORS_DIRS_information_sharing@fcc.gov, and that this does not toll [agency name]’s obligation to notify any affected service providers, using the best contact information known to [agency name], within 24 hours. I hereby certify and acknowledge that the Commission does not guarantee the accuracy of either the NORS or DIRS filings as both sets of filings are submitted to the respective web-based databases by service providers pursuant to mandatory reporting timeframes for NORS filings and voluntary reporting timeframes for DIRS filings. Further, I acknowledge that there may be times access to the filings is unavailable, e.g., due to planned or unplanned service and maintenance. I hereby certify and acknowledge that [agency name’s] continued access to NORS and DIRS filings and information is conditioned on its annual recertification of a current version of this form, available on the Commission’s website. I acknowledge that the Public Safety and Homeland Security Bureau (Bureau) of the Commission may terminate [agency name]’s access at any time, and for any reason, by giving written notice to [name of agency]. If access is terminated, I agree that [name of agency] will, upon the Commission’s termination notice, cause to be securely destroyed any and all NORS and DIRS filings and information or other data received pursuant to this grant, whether electronic or hardcopy form. I hereby certify and acknowledge that all the terms and conditions provided in this document apply to past and future NORS and DIRS filings and information. I hereby certify and acknowledge my and [agency name]’s obligation to inform the Commission if I cease to be a designated representative of [agency name] with authority to obligate and bind the agency to the statements above. The Bureau makes no determinations about any provisions of [name of state] law or agency regulations or your statements about such provisions. Sincerely, [name and title of official], on behalf of [name of agency] Affirmed: Lisa M. Fowlkes Chief Public Safety and Homeland Security Bureau Federal Communications Commission STATEMENT OF CHAIRMAN AJIT PAI Re: Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, PS Docket No. 15-80; Petition of California Public Utilities Commission and the people of the State of California for Rulemaking on States’ Access to the Network Outage Reporting System (“NORS”) and a Ruling Granting California Access to NORS, RM No. 11588 (terminated). Over the last five years, the United States has experienced 69 billion-dollar disasters, affecting millions of Americans and, in some cases, displacing entire communities. Our experience with these disasters has taught us the importance of knowing the operational status of communications services in an impacted area. That information is critical to developing an effective emergency response, restoring communications, and ultimately saving lives. That’s why today, we are proposing new rules to enable more public entities to access network outage information collected by the Commission. In this Second Further Notice of Proposed Rulemaking, we build upon two mechanisms already in place to gather information about the reliability and security of the nation’s communications infrastructure: the Network Outage Reporting System, or NORS, and the Disaster Information Reporting System, or DIRS. We already have rules on the books that require communications providers to report network service disruptions or outages by filing electronically in NORS. And, in times of crisis, such as hurricanes and earthquakes, communications providers may use DIRS to voluntarily report outage information. But here’s the concern: Other than the U.S. Department of Homeland Security, federal and state agencies currently do not have direct access to information from NORS or DIRS. Instead, they can only review aggregate data—information that isn’t specific to any company. As I’ve heard firsthand in areas like Florida, Puerto Rico, and the U.S. Virgin Islands, specific information is essential to help those on the front lines respond to a disaster, whether it’s a major hurricane, earthquake, or wildfire. This Second Further Notice of Proposed Rulemaking would address that gap. It proposes a framework to provide state and federal agencies—including Tribal entities—with access to granular and actionable outage information contained in NORS and DIRS. At the same time, we’re also proposing several safeguards to preserve the presumptively confidential treatment of NORS and DIRS data and protect national security. For example, we sensibly propose that only officials who demonstrate a “need to know” may have access to such information and that access to these filings be permitted in a read-only format. I’d like to thank the FCC staff who worked on this item: Michael Caiafa, Rochelle Cohen, Lisa Fowlkes, John Healy, Jennifer Holtz, Nicole McGinnis, Saswat Misra, Austin Randazzo, Julia Tu, and Brenda Villanueva of the Public Safety and Homeland Security Bureau; Matthew Duchesne of the Consumer and Government Affairs Bureau; Jason Koslofsky of the Enforcement Bureau; Kenneth Lynch and Chuck Needy of the Office of Economics and Analytics; David Horowitz, Joel Rabinovitz, Bill Richardson, and Anjali Singh of the Office of General Counsel; Chana Wilkerson of the Office of Communications Business Opportunities; Rebekah Douglas and Dangkhoa Nguyen of the Wireline Competition Bureau; and Sean Spivey of the Wireless Telecommunications Bureau. And more generally, I fully support our stalwart staff in the Public Safety and Homeland Security Bureau who are responsible for faithfully executing this agency’s emergency management and response duties 24/7. Through actual storms or political maelstroms, your commitment and resolve never waver. You remind me every day of what it means to serve and protect the American people, and I’m privileged to be your co-worker. 49 Federal Communications Commission FCC 20-20 STATEMENT OF COMMISSIONER MICHAEL O’RIELLY Re: Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, PS Docket No. 15-80; Petition of California Public Utilities Commission and the people of the State of California for Rulemaking on States’ Access to the Network Outage Reporting System (“NORS”) and a Ruling Granting California Access to NORS, RM No. 11588 (terminated). Every effort should be made to restore communication capabilities when a disaster or outage occurs. All Americans should have the ability to communicate with emergency call centers, first responders, and loved ones in times of need. And, to these ends, the Commission has been actively pursuing an agenda to facilitate restoration of networks should networks or systems go down. In fact, the Commission previously considered sharing the information it collects regarding outages with federal and local entities but declined to do so out of deep and appropriate confidentiality concerns. Needless to say, protecting this data is extremely important both from a market and national security standpoint. Today’s notice starts a proceeding to consider the mechanisms that would be put in place for sharing this information with federal, tribal, and state agencies, which they, in turn, could share with others. While well-intentioned, I have serious doubts about the framework that is being considered. In the originally circulated draft, the controls proposed to ensure the confidentiality of this information appeared to be seriously lacking. Once the Commission were to hand over the sensitive information to a state agency, for instance, the data could be shared with other state agencies and with those in a locality on a “need to know” basis, but that is a very vague and subjective standard, left completely undefined in the item. As proposed, the Commission also would not be able to track who was given our information either at the original state agency or downstream. Further, I was concerned about the breadth of information that would appear to be made available about outages in surrounding areas not under the jurisdiction of a requesting state, locality or tribal land; the absence of limits on how the information could be used; the ability to access this information at any time, as opposed to during a specific event; and the training – or lack thereof – to be required of those receiving the sensitive information on a “need to know” basis. Most importantly, perhaps, there was very little information about the penalties to be levied or the remedies available to a wireless provider should their information be leaked. Simply saying that we would discontinue access to the information is not enough of an incentive to stop careless recipients. Unfortunately, when it comes to states in particular, their track record of doing the right thing is less than stellar. Take, for example, California’s recent attempts to waylay and drag-out the Sprint-T-Mobile merger; states diverting 9-1-1 fees (especially New York, New Jersey, and Rhode Island); New York’s vanishing commitments to reach its unserved citizens in return for a special allocation of USF money; or the many efforts to profit from or delay infrastructure siting at the state and local level. Taking these entities at their word, without much more than a handshake, that extremely sensitive outage information will remain confidential and only be used for appropriate purposes is not something I can accept without strong safeguards. Despite these concerns, I will support today’s notice, because, at my request, the Chairman agreed to include edits that will seek comment on these very issues and others. I thank him for being receptive to my many concerns, and I hope that these issues are addressed in a fulsome record. It should be noted, however, that if the Commission ultimately decides to go down a route that doesn’t include strong enough protections for this private information, I will be the first one to demand that access be revoked at the first sign of abuse or misuse. I approve. 54 STATEMENT OF COMMISSIONER BRENDAN CARR Re: Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, PS Docket No. 15-80; Petition of California Public Utilities Commission and the people of the State of California for Rulemaking on States’ Access to the Network Outage Reporting System (“NORS”) and a Ruling Granting California Access to NORS, RM No. 11588 (terminated). At 1:30 PM on October 10, 2018, Hurricane Michael smashed into Florida’s Gulf Coast. It peaked at a Category 5 with sustained winds clocked at 160 miles per hour. It ranks as the strongest hurricane to touch down on U.S. soil in nearly 50 years. Mexico Beach, Florida, took a direct hit. It devastated the community. Jack—a retired teacher and Army vet—stood on top of the mangled remains of a home he bought just two months earlier, and he pointed towards an empty lot a few blocks away. He told me that’s where a house was ripped off its foundation and sent tumbling nearly a quarter mile down the road, disintegrating every structure in its path. The city’s water tower—made out of reinforced steel—bent like a paperclip, taking down the antennas used for public safety communications with it. The punishing winds and debris were followed by a storm surge 14 feet high. Cars and entire parking structures were pushed inland with the surge, trapping residents in their homes. It was a level of destruction that veteran first responders told me they had never seen. Even with significant communications outages in the wake of Hurricane Michael, many portions of the network, including the fiber and cable plant, showed notable resiliency. While spending two days in Mexico Beach with a telecom crew rebuilding the network, the team showed me a fiber line that sat yards under the storm surge yet remained operational. In many cases, however, lines that weathered the storm were cut (sometimes multiple times) during the recovery and restoration effort. Line cuts during storm restoration are nothing new—it’s why we often see ups and downs in the FCC’s daily outage reports following a storm. In this case, many of those cuts and communications losses were preventable and only slowed down work to get the network back online. In the immediate aftermath of the storm, thousands of energy company crews and contractors worked around the clock to restore power, and this meant cutting, pulling, and replacing thousands of utility poles. Unfortunately, their work resulted in a significant number of cuts to fiber and other communications lines. In fact, one fiber company reported 37 cuts in the first few days following the storm. Sometimes, lines were cut clean off damaged poles when they could have been detached and put on the ground or left in place. Following that recovery effort, the communication and power industries have worked to improve their coordination efforts to avoid unnecessary line cuts. The FCC has also continued our work to improve network resiliency. Chairman Pai has launched a comprehensive effort to strengthen our communications networks and recovery efforts. That work includes the Public Safety and Homeland Security Bureau’s initiatives as well as a BDAC working group on disaster response and recovery. We continue that effort today with a proposal that would share additional outage information with qualified federal, state, and local agencies. This can help ensure greater coordination in the wake of natural disasters, help avoid unnecessary lines cuts during recovery efforts, and speed the restoration of networks. With the right safeguards in place to ensure that sensitive information is protected, I’m confident that information sharing will empower first responders—from public safety officials to telecom crews that hit the ground as soon as it is safe—to get their important work done. Thank you to the Public Safety and Homeland Security Bureau for its hard work on this item. It has my support. STATEMENT OF COMMISSIONER JESSICA ROSENWORCEL Re: Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, PS Docket No. 15-80; Petition of California Public Utilities Commission and the people of the State of California for Rulemaking on States’ Access to the Network Outage Reporting System (“NORS”) and a Ruling Granting California Access to NORS, RM No. 11588 (terminated). After Superstorm Sandy ravaged the mid-Atlantic, I traveled to the New Jersey coast. I won’t ever forget what I saw. The storm surge had propelled sand dunes blocks beyond the beachfront with a cruel disregard for the cars and houses in the way. Streets were torn up, businesses were boarded up, but communities were not giving up. They wanted to rebuild. Still, the task was hard because in so many places communications were totally knocked out after the storm. After the Oso Mudslide washed away a rural community in Washington state, I visited the site of the disaster. It was harrowing. There was only a field of wet dirt, laced with broken building materials and the household detritus of a community that had totally disappeared. It happened fast. Calls to 911 went unanswered, communications faltered, and forty-three people died trapped in a towering wall of mud. After Hurricane Maria wreaked havoc on Puerto Rico, I headed south to San Juan and then inland to rural communities on the island. Puerto Rico is undeniably lush and beautiful, but the damage was right out in the open: tarps covered buildings; traffic lights didn’t work; and stray blocks of concrete and rebar were everywhere. Across the island communications totally failed, with more than 95 percent of cell sites knocked out of service. In events like these the Federal Communications Commission activates its Disaster Information Reporting System, or DIRS. DIRS is a reporting system used by communications providers to update the FCC about the operational status of their networks in disaster. It’s a voluntary system, but it is designed to work hand in glove with our mandatory Network Outage Reporting System known as NORS, so that we have a clear picture of what outages occurred, when they occurred, and where they occurred. During the last ten years DIRS has been activated for communications failures in at least 23 states and territories. The last decade is important. Because it was ten years ago that the California Public Utilities Commission petitioned this agency to help provide state authorities with timely access to outage information like what we have in DIRS. The FCC asked for comment. It was five years ago that this agency issued a rulemaking that proposed to grant state officials access to NORS data regarding outages in their states. Again, the FCC asked for comment. That means we have a decade of experience with disasters. We also have a decade-long record with comments about just how to relay outage information to our state colleagues. So let me submit that we don’t need another rulemaking. We need to do something. But you won’t find that urgency here. Because we’re going to start yet another rulemaking on what is obvious—we have a problem with communications failing in disasters and we should change our rules so state public safety officials have the information from our outage reporting systems they need to do their job. We could do that right here and now. There is nothing in the law preventing us from adopting the policies we propose today in this rulemaking. The evidence is already here. In too many disasters, communications fail. It’s happening in hurricanes. It’s happening in floods. It’s happening in wildfires. It’s happening everywhere. And everywhere across the country the number of households that rely on wireless-only service are multiplying. That has long-term implications for our network safety, security, resiliency. It’s time for this agency to stop these modest gestures and fundamentally refresh our playbook for disaster response. Here’s how. First, we need to make it standard practice for the FCC to learn from every major communication outage. Every significant weather event causing damage to our networks should be the subject of a timely report from the FCC. It should be supported by timely field hearings—as was done immediately after Hurricane Katrina and Superstorm Sandy. Second, we need to update our Wireless Resiliency Framework. The Government Accountability Office has criticized the FCC for its failure to promote network resiliency and urged us to do more. In response this agency has sought comment in four public notices on just how to do so. Enough seeking comment. It’s time to take action. We need enforceable rules on network resiliency before the next disaster strikes. Third, we need to update the outage information the FCC collects. It’s hard to believe, but while the FCC collects information about outages on telephone lines, it does not collect information about disruptions involving broadband service. That means if the infrastructure that supports modern life goes down, the FCC will not have a full picture of the problem. How is it possible that we are the expert agency with responsibility for our nation’s communications but do not have a mandatory requirement to report where broadband service was cut off and when? A proposal to address this gap in our reporting systems has been pending for four years. It’s time to take action. Fourth, we need to revisit our policies when it comes to backup power. When utilities in California turned off power to mitigate wildfires it exposed a glaring weakness in our preparation for disaster. In some areas more than half the cell sites were rendered inoperable. We need to rethink our policies regarding backup power and while we’re at it we need to recognize that the topology of our networks is changing. The introduction of small cells means our old ways of tracking the sites that go down and ensuring sustainability is growing more complicated. But what is most important is that we get started on all this now, so our resiliency policies are ready for the 5G future. That’s what I think we need. I’m not alone. There is legislation pending right now in the House of Representatives to strengthen disaster response, including the RESILIENT Networks Act from Chairman Pallone and Representative McNerney and the Emergency Reporting Act from Representatives Matsui, Eshoo, Thompson, and Huffman. In the end, we don’t need to wait for another Superstorm Sandy, Oso Mudslide, or Hurricane Maria to know that we have to do more to ensure our communications work when the unthinkable occurs. We don’t need more comment to work with state public safety officials to help restore communications after a disaster. We need action. We can change our rules right here and now. Because we do not, I regretfully dissent. STATEMENT OF COMMISSIONER GEOFFREY STARKS Re: Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, PS Docket No. 15-80; Petition of California Public Utilities Commission and the people of the State of California for Rulemaking on States’ Access to the Network Outage Reporting System (“NORS”) and a Ruling Granting California Access to NORS, RM No. 11588 (terminated). One of the Commission’s primary duties is to promote access to communications services so that all Americans can access and share critical information—especially in support of public safety. Last weekend, I visited Puerto Rico because I wanted to hear directly from Puerto Ricans about the steps taken to improve the resiliency of communications networks since Hurricanes Irma and Maria, how communications networks and recovery efforts performed during the recent earthquakes, and what additional actions are needed to ensure that communications networks are always available. I held a field hearing, and I am grateful to the many individuals and stakeholders from local government, the labor movement, the healthcare and education sectors, disaster recovery workers, and the communications sector who shared their on-the-ground experience with me. I heard personal stories of loss and tragedy. About schools that have closed, and never re-opened. About homes that were destroyed, and how hard it has been to rebuild. And of course, well beyond structures, I heard from people working hard to rebuild lives that were forever altered by communications failures. Jaime Pla-Cortes, Executive President of the Puerto Rico Hospital Association, told me that mental health has been the number one ongoing medical issue on the island. And most movingly, I heard from a volunteer working to restore communications in areas impacted by the earthquakes about how her own father died after Hurricane Maria because they were unable to call 911 and get the medical help he urgently needed. We cannot take away the anxiety and fear that many Puerto Ricans felt when they could not reach friends, family, and emergency services, and we cannot bring back loved ones who died because help was unreachable, but we can work to make sure communications failures like the one Puerto Rico experienced never happen again. That’s why I am calling on the FCC to bring the full strength of its resources and to come to Puerto Rico, engage with all stakeholders here to understand what happened to the communications networks on the island and its people, understand what can be done better, and issue a report after a thorough assessment. For months after Hurricane Maria, critical communications infrastructure remained out of service, making it overwhelmingly difficult for Puerto Ricans to access potentially lifesaving information. As I have said many times, as a former enforcement official I believe in accountability, and it is imperative that the FCC hold itself accountable for how it responded to Hurricane Maria. One broader theme I took away from those conversations is the need for fast and effective coordination during an emergency. That includes coordination between ordinary Americans and government, between companies, across levels of government, among first responders, and across industries. But I heard specifically from Puerto Rican communications providers who also indicated that as important as all this communication is, it comes with tradeoffs. Coordination takes time, and time during a disaster response is in short supply. The FCC needs to help make disaster-related coordination predictable, fast, efficient, and effective. Which brings us to today. Giving state and local officials access to the Network Outage Reporting System (NORS) and the Disaster Information Reporting System (DIRS) is a step in the right direction, but I believe we have a sufficient record to move forward with rules. Bringing those officials into the DIRS and NORS systems will help minimize duplicative reporting and ensure that different levels of government are working from the same playbook. Securing and maintaining the confidentiality of those systems remains important, but I believe we can provide adequate protections while still expanding access to this lifesaving and recovery-enhancing information. As our communications networks have expanded, we sometimes take stable, reliable access to communications—and the access to friends and family, emergency services, employment, and all of the many benefits those networks provide—for granted. Puerto Rico’s experience, especially in the wake of Hurricanes Irma and Maria, shows that we shouldn’t. The next hurricane season is already on its way, and we need to take action now. Going forward, I think it is time we considered making provider participation in DIRS mandatory. In dire instances, this information is frequently lifesaving, and participation should not be optional. Yesterday, the House Energy and Commerce Committee held a legislative hearing on the RESILIENT Networks Act sponsored by Chairman Pallone and Representative McNerney. That bill would, among many promising proposals, require the FCC to expand access to DIRS and make participation for all advanced communications service providers mandatory during times of emergency. DIRS has proven to be valuable tool in disaster response, and I support congressional efforts to make it even more useful. I thank the staff of the Public Safety and Homeland Security Bureau for their hard work on this item. 56