Federal Communications Commission FCC 23-81 Before the Federal Communications Commission Washington, D.C. 20554 In the Matter of ) ) Lumen Technologies, Inc. ) File No.: EB-SED-22-00034071 ) NAL/Acct. No.: 202432100001 ) FRN: 0018626853 NOTICE OF APPARENT LIABILITY FOR FORFEITURE Adopted: October 12, 2023 Released: October 17, 2023 TABLE OF CONTENTS By the Commission: Commissioner Gomez not participating. Paragraph # I. INTRODUCTION .................................................................................................................................. 1 II. BACKGROUND .................................................................................................................................... 5 A. Legal Framework ............................................................................................................................. 5 B. Factual Background ....................................................................................................................... 10 1. Investigation ............................................................................................................................ 11 2. First 911 Outage in South Dakota ........................................................................................... 12 3. Second 911 Outage in North Dakota ....................................................................................... 21 C. Lumen’s Prior 911 Outage-Related Consent Decrees ................................................................... 31 III. DISCUSSION ...................................................................................................................................... 32 A. Lumen Apparently Violated Section 4.9(f) of the Commission’s Rules for Both Outages. .......... 33 B. Lumen Apparently Violated Section 9.4 of the Commission’s Rules for the Second 911 Outage. ........................................................................................................................................... 37 C. Proposed Forfeiture ........................................................................................................................ 46 1. Forfeiture Assessment on a Per Call (Section 9.4 Apparent Violations) and Per PSAP Basis (Section 4.9 Apparent Violations) ................................................................................. 47 2. Base Forfeiture Applied .......................................................................................................... 52 3. Upward Adjustments ............................................................................................................... 53 4. Downward Adjustments .......................................................................................................... 57 IV. CONCLUSION .................................................................................................................................... 59 V. ORDERING CLAUSES ....................................................................................................................... 60 I. INTRODUCTION 1. We propose a penalty of $867,000 against Lumen Technologies, Inc. (Lumen or Company) for apparently willfully and repeatedly failing to reasonably design and operate its network to “transmit all 911 calls,” and to “notify, as soon as possible” Public Safety Answering Points (PSAPs) for two 911 outages that occurred in February 2022.1 The PSAP notification apparent violations occurred in both outages. The 911 call transmission apparent violations occurred in the second outage. 2. On February 17, 2022, Lumen experienced an outage affecting 911 calls in South Dakota that lasted for almost five hours (First 911 Outage). Because of flaws in its system to notify PSAPs, Lumen did not notify the two affected PSAPs until days after the outage had ended. On February 22, 1 See 47 CFR §§ 4.9(f), 9.4. For purposes of brevity, we use the term PSAP to refer to all of the appropriate authorities identified by sections 4.9 and 9.4 of the Commission’s rules. Federal Communications Commission FCC 23-81 2022, Lumen experienced another 911 outage, this time related to its Bismarck, North Dakota switch (Second 911 Outage). This outage disrupted 911 service for more than seven hours in North Dakota. Similarly, because of flaws in its PSAP notification system, Lumen managed to notify only two of eleven affected PSAPs in a timely manner. This outage resulted in hundreds of calls failing to reach 911 emergency call centers. 3. Such failures are not acceptable. We propose a penalty of $867,000 against Lumen for apparently violating sections 4.9 and 9.4 of the Commission’s rules by failing to notify PSAPs in a timely manner of the 911 outages and by deploying a system that was insufficient to transmit all 911 calls reliably to PSAPs in the Second 911 outage. Lumen apparently willfully and repeatedly violated our rules and created a significant threat to the life and property of tens of thousands of people. II. BACKGROUND A. Legal Framework 4. The 911 Statute. Congress passed the Wireless Communications and Public Safety Act (911 Act) in 1999 and directed the Commission to make 911 the universal emergency telephone number in the United States for wireline and wireless telephone service “for reporting an emergency to appropriate authorities and requesting assistance.”2 Congress identified the critical importance of 911 service reliability in defining the purpose of the 911 Act as “to encourage and facilitate the prompt deployment throughout the United States of a seamless, ubiquitous, and reliable end-to-end infrastructure for communications, including wireless communications, to meet the nation’s public safety and other communications needs.”3 5. The FCC’s 911 Rules. It is a bedrock principle embedded in the Commission’s rules that reliable 911 service must be available to all consumers at all times. Even before Congress passed the 911 Act, the Commission was committed to advancing our country’s wireline and wireless 911 networks.4 That commitment grew following the passage of the 911 Act, with the Commission adopting numerous rules intended to ensure seamless, ubiquitous, and reliable 911 service nationwide.5 In this regard, section 2 47 U.S.C. § 251(e)(3); see Wireless Communications and Public Safety Act of 1999, Pub. L. No. 106-81, 113 Stat. 1286 (1999) (codified at 47 U.S.C. §§ 222, 251, 615) (911 Act). 3 911 Act § 2(b) (codified at 47 U.S.C. § 615 note). Congress found that “the construction and operation of seamless, ubiquitous, and reliable wireless telecommunications systems promote public safety and provide immediate and critical communications links among members of the public; emergency medical service providers and emergency dispatch providers; public safety, fire service and law enforcement officials; transportation officials, and hospital emergency and trauma care facilities.” Id. § 2(a)(6) (codified at 47 U.S.C. § 615 note). 4 The Commission’s rules have long emphasized the importance of 911 network reliability. See, e.g., Revision of the Commission’s Rules to Ensure Compatibility with Enhanced 911 Emergency Calling Systems, Report and Order and Further Notice of Proposed Rulemaking, 11 FCC Rcd 18676, 18678, para. 1 (1996) (E911 Rules Order) (911 rules adopted “to foster major improvements in the quality and reliability of 911 services”). 5 See Implementation of 911 Act, Fifth Report and Order, Memorandum Opinion and Order on Reconsideration, 16 FCC Rcd 22264, 22265, para. 1 (2001) (“These actions will make emergency dialing for consumers traveling across the country simpler, will assist carriers in delivering 911 calls more promptly, and thus, will improve the response of public safety entities and emergency services personnel in their efforts to save lives.”); Implementation of the NET 911 Improvement Act of 2008, Report and Order, 23 FCC Rcd 15884, 15884, para. 1 (2008) (issuing rules giving interconnected VoIP providers rights of access to 911 and E911 capabilities); See Improving 911 Reliability; Reliability and Continuity of Communications Networks, Including Broadband Technologies, Report and Order, 28 FCC Rcd 17476, 17477, para. 1 (2013) (911 Reliability Report and Order) (adopting “rules to improve the reliability and resiliency of 911 communications networks nationwide by requiring that 911 service providers take reasonable measures to provide reliable 911 service, as evidenced by an annual certification”); Wireless E911 Location Accuracy Requirements, Fourth Report and Order, 30 FCC Rcd 1259, 1261–62, para. 6 (2015) (adopting indoor location accuracy rules for 911 calls); Ensuring Continuity of 911 Communications, Report and Order, 30 FCC Rcd 8677, 8678 (2015) (implementing rules to ensure that callers have access to 911 during power outages); (continued….) 2 Federal Communications Commission FCC 23-81 9.4 of the Commission’s rules requires telecommunications carriers to transmit all 911 calls to a PSAP or other appropriate entity.6 In addition, section 4.9(f) of the Commission’s rules requires wireline service providers to notify PSAPs “as soon as possible” of an outage that potentially affects PSAPs and convey to them “all available information that may be useful to the management of the affected facility in mitigating the effects of the outage . . . .”7 6. Best Practices. To establish accepted industry standards for network design, operation, and maintenance, the Commission’s Communications Security, Reliability and Interoperability Council (CSRIC) publishes a series of best practices. CSRIC includes members from both industry and public safety organizations and has developed, among other things, network-reliability best practices. CSRIC has published several practices that are relevant in assessing the reasonableness of Lumen’s conduct in connection with the 911 Outages and are discussed in detail in section III.A, below. These CSRIC best practices relate to training, network monitoring, and proper follow-up procedures.8 Although implementation of CSRIC best practices is not mandatory, it may prove valuable in evaluating the reasonableness of a party’s actions. 7. Legacy 911 Call Network Architecture. The function of the 911 network is to route an emergency call quickly, efficiently, and reliably from the caller to the PSAP that serves the caller’s location.9 In the legacy 911 call flow, a 911 call traditionally begins with the originating service provider (OSP) of the 911 caller transmitting the 911 call, along with caller location, calling party numbering data and other relevant information, to a selective router (or its functional equivalent)10 operated by a covered 911 service provider.11 The OSP thus has the responsibility to transmit the 911 call to the appropriate selective router based on the caller’s location.12 The covered 911 service provider, which may or may not be the same entity as the OSP, then has the responsibility to translate and route the 911 call from the selective router (or its equivalent) to the appropriate PSAP.13 8. Agency Law. Section 217 of the Communications Act of 1934, as amended (the Act), states that common carriers are responsible for the acts and omissions of “any officer, agent, or other person acting for or employed by any common carrier.”14 In the context of 911 systems, the Commission has made clear this means that telecommunications carriers and other providers retain responsibility when Implementing Kari’s Law and Section 506 of RAY BAUM’S Act, Report and Order, 34 FCC Rcd 6607, 6608 (2019) (implementing direct 911 dialing and notification requirements for multi-line telephone systems and IP-based systems); Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications; Improving 911 Reliability; New Part 4 of Commission’s Rules Concerning Disruptions to Communications, Second Report and Order, FCC 22-88, 2022 WL 17100963 (rel. Nov. 18, 2022) (Part 4 Second R&O). 6 See 47 CFR § 9.4 (“All telecommunications carriers shall transmit all 911 calls to a PSAP, to a designated statewide default answering point, or to an appropriate local emergency authority as set forth in § 9.5.”). 7 See id. § 4.9(f). 8 CSRIC best practices are available at: https://opendata fcc.gov/Public-Safety/CSRIC-Best-Practices/qb45- rw2t/data. See infra notes 108-112, 115-116 for application of specific best practices in this case. 9 See, e.g., E911 Rules Order, 11 FCC Rcd at 18678, para. 3 (observing that “[d]ialing 911 is the most effective and familiar way the American public has of finding help in an emergency”). 10 The selective router identifies the appropriate destination PSAP for a 911 call based on the location associated with the caller’s automatic number information and routes it to that PSAP. See 911 Reliability Report and Order, 28 FCC Rcd at 17478, para. 7. 11 See 47 CFR § 9.19(a)(4). 12 See e.g., 911 Reliability Report and Order, supra note 5, at 17478, para. 7. 13 See 47 CFR § 9.19(a)(4); 911 Reliability Report and Order, supra note 5, at 17488, para. 36. 14 47 U.S.C. § 217; see also id. § 153(51) (“A telecommunications carrier shall be treated as a common carrier only to the extent that it is engaged in providing telecommunications services[.]”). 3 Federal Communications Commission FCC 23-81 they rely on contractors—“[t]he Commission has long held that licensees and other regulatees are responsible for the acts and omissions of their employees and independent contractors.”15 The Commission has also recognized that “under long established principles of common law, statutory duties are nondelegable.”16 B. Factual Background 9. Lumen is a publicly traded, multi-national corporation that, through affiliates, operates, among others, wireline telephone networks in many parts of the United States, including North and South Dakota.17 Moreover, the outages at issue took place within Lumen’s wireline networks.18 In this capacity, Lumen states that it meets the statutory definition of a “telecommunications carrier” in those two states.19 On February 17 and February 22, 2022, Lumen experienced two network outages that adversely impacted its provision of 911 service in South and North Dakota, respectively. 1. Investigation 10. The Commission’s Public Safety and Homeland Security Bureau (PSHSB) referred the outages to the Enforcement Bureau (Bureau) for investigation. On July 27, 2022, the Bureau's Spectrum Enforcement Division (SED) issued a letter of inquiry to Lumen.20 On September 2, 2022 and October 7, 2022, Lumen submitted responses to SED.21 On November 7, 2022, SED issued a follow-up letter of inquiry to Lumen.22 On November 30, 2022, Lumen submitted follow-up responses to SED.23 On January 6, 2023, SED issued a second follow-up letter of inquiry to Lumen.24 On January 27, 2023, Lumen submitted responses to the second follow-up letter of inquiry.25 2. First 911 Outage in South Dakota 11. On February 16, 2022, at approximately 5:51 AM Central Standard Time (CST), a switch card failed at a signaling transfer point (STP) link, Path A – St. Paul (STP Path A), at Lumen’s Pierre 15 Part 4 Second R&O, 2022 WL 17100963, at *6, para. 13 (quoting Eure Family Limited Partnership, Memorandum Opinion and Order, 17 FCC Rcd 21861, 21863-64 (2002) (citing MTD, Inc., Memorandum Opinion and Order, 6 FCC Rcd 34, 35 (1991), Wagenvoord Broadcasting Co., Memorandum Opinion and Order, 35 F.C.C.2d 361 (1972))). 16 Id. 17 Response to Letter of Inquiry, from Lumen Technologies, Inc., to Spectrum Enforcement Division, FCC Enforcement Bureau, at 4-5, Ex. 1-1 (Sept. 2, 2022) (September 2 LOI Response); Response to Letter of Inquiry, from Lumen Technologies, Inc., to Spectrum Enforcement Division, FCC Enforcement Bureau, and supporting documents, at 5 (Oct. 7, 2022) (October 7 LOI Response) (both on file in EB-SED-22-00034071). 18 September 2 LOI Response at 3; October 7 LOI Response at 8. 19 September 2 LOI Response at 5; October 7 LOI Response at 5. 20 Letter of Inquiry, from FCC Enforcement Bureau, to Lumen Technologies, Inc. (June 27, 2022) (on file in EB- SED-22-00034071) (LOI). 21 See generally Lumen September 2 and October 7 LOI Responses. 22 See E-mail, Spectrum Enforcement Division, FCC Enforcement Bureau, to Lumen Technologies, Inc. (Nov. 11, 2022, 11:20 AM EST) (on file in EB-SED-22-00034071). 23 See Response to Follow-up Letter of Inquiry, from Lumen Technologies, Inc., to Spectrum Enforcement Division, FCC Enforcement Bureau, and supporting documents (Nov. 30, 2022) (on file in EB-SED-22-00034071) (FLOI Response). 24 See E-mail, Spectrum Enforcement Division, FCC Enforcement Bureau, to Lumen Technologies, Inc. (Jan. 6, 2023, 9:36 AM EST) (on file in EB-SED-22-00034071). 25 See Response to Second Follow-up Letter of Inquiry, from Lumen Technologies, Inc., to Spectrum Enforcement Division, FCC Enforcement Bureau, and supporting documents (Jan. 27, 2023) (on file in EB-SED-22-00034071) (Second FLOI Response). 4 Federal Communications Commission FCC 23-81 Switch in South Dakota.26 Such switch cards provide an interface to the STP links on the Signaling System 7 (SS7) portion of Lumen’s network. SS7 is an integral part of Lumen’s wireline communications network and is necessary for call set-up, routing, and completion, as well as for network management between interconnected SS7 networks.27 12. When the card failed, Lumen received an alarm indicating that STP Path A was no longer functioning.28 This indicated to Lumen that the network lost redundancy for the STP links.29 The alarm did not indicate the specific issue that caused STP Path A to fail.30 Moreover, the Bureau’s investigation did not find any record of Lumen attempting to trouble shoot the cause of the failure at this time.31 13. Twenty-four hours later, February 17, 2022, at approximately 5:50 AM CST, the switch card failed at the second STP link for the Pierre Switch, Path B – Minneapolis (STP Path B). At that time, Lumen received an alarm indicating that STP Path B was down.32 Because both STP paths were down, SS7 was no longer functioning at the Pierre Switch.33 Consequently, calls designated for destinations outside of the Pierre Switch’s local calling area could not be completed. This, in turn, caused 911 service in that area to fail because 911 calls there had to travel outside the switch’s local calling area to NG911 facilities to be processed.34 14. Lumen became aware of the First 911 Outage at 5:50 AM CST, when the second STP link failed.35 But Lumen did not yet know the underlying cause of the outage. An hour later, at 6:50 AM CST, Lumen dispatched a technician to the Pierre Switch.36 The technician determined that the two failed switch cards at the Pierre Switch—one for STP Path A and one for STP Path B—were the root cause of the failure of the two STP links and thus the outage. Lumen had warehoused switch cards onsite, and the technician replaced the failed cards restoring service at 10:43 AM CST.37 15. The First 911 Outage lasted almost five hours and potentially affected the ability of up to 14,339 Lumen wireline customers to call 911.38 However, Lumen reports that none of these customers attempted to call 911 during the outage, and there were, consequently, no failed 911 calls during this outage.39 16. Lumen states that, under its standard procedures, the alarm related to a switch card failure would generate a trouble ticket to notify the Lumen network operations center of an SS7 isolation and potential 911 impact. That ticket would then have enough information to trigger distribution of an automated PSAP notification to the appropriate PSAP(s) with accurate information about the network 26 September 2 LOI Response, supra note 17, at 2, 7. 27 Id. at 2. 28 Id. at 9. 29 FLOI Response, supra note 23, at 5. 30 September 2 LOI Response, supra note 17, at 9. 31 FLOI Response, supra note 23, at 3. 32 September 2 LOI Response, supra note 17, at 9. 33 FLOI Response, supra note 23, at 5. 34 September 2 LOI Response, supra note 17, at 2. 35 Id. at 9; FLOI Response, supra note 23, at 3. 36 FLOI Response, supra note 23, at 3, 4. 37 September 2 LOI Response, supra note 17, at 2, 6. 38 Id. at 1. 39 Id. at 2. 5 Federal Communications Commission FCC 23-81 event. However, the ticket obtains its information from various Lumen systems.40 These systems work together to determine the appropriate PSAP(s) to be notified in response to different network events. During the First 911 Outage, the ticket that was generated from the Path B STP Minneapolis link failure contained insufficient information due to a data flow problem that populated the ticket with incomplete and invalid information. While this data flow is generally automated, the automated data flow did not occur in that instance. Lumen has been unable to determine the reason(s) for this.41 17. When the automated data flow fails, Lumen’s process is for {[ ]} At the time of the First 911 Outage, however, {[ ]} Simply put, {[ ]} incorrectly interpreted the information Lumen had received, which resulted in incorrect information being passed on. Without the correct information, Lumen’s systems could not determine the location of the impacted switch card and the associated PSAP impacts. As a result, automatic PSAP notification distribution failed to occur.42 18. When an automatic PSAP notification distribution fails, Lumen claims its standard procedure {[ ]} However, the appropriate follow-up from the Public Safety Service team did not occur at the time of the First 911 Outage. Rather, a Public Safety Service team member saw the automated PSAP notification failure but cancelled the PSAP notification ticket as the Public Safety Service team member mistakenly decided the automated PSAP notification failure had been generated in error given the incomplete and invalid {[ ]} information it contained.43 19. The following day, after the First 911 Outage had been resolved, a member of Lumen’s outage reporting team reviewed the restore time of that outage and noticed that the PSAP notification ticket looked unusual.44 Data fields that should have been populated in the ticket were not populated.45 Through subsequent internal review, Lumen then determined that 911 service would have been impacted by the First 911 Outage, that automated PSAP notifications should have been triggered but were not, and ultimately discovered the foregoing causes of these problems.46 Lumen also determined there had been a 911 service impact to two PSAPs in South Dakota and PSAP notifications had not been sent. Lumen sent PSAP notifications at that time, i.e., five days after the First 911 Outage had ended.47 3. Second 911 Outage in North Dakota 20. Five days after the First 911 Outage, Lumen experienced a 911 outage in North Dakota that impacted all calls that relied on SS7 including all 911 calls in the area. On February 19, 2022, Lumen noticed network instability on an STP path serving Lumen’s Bismarck, Dickinson and Mandan switches. Lumen deactivated this STP path to these three switches for testing. Lumen’s second STP link to these switches stayed open so calls continued to complete as normal. After testing was completed, the 40 Id. at 15. 41 Id. at 16. 42 Id. at 16. Material in this paragraph and in the remainder of the NAL set off by double brackets {[ ]} is confidential and is redacted from the public version of this document. 43 Id. at 16. 44 Id. at 17; FLOI Response, supra note 23, at 5. 45 FLOI Response, supra note 23, at 6. 46 September 2 LOI Response, supra note 17, at 17. 47 Id. at 3. 6 Federal Communications Commission FCC 23-81 Lumen technician failed to reactivate the first STP path for the Bismarck and Mandan switches (but reactivated the path for the Dickinson switch). However, the switches continued to function over the second STP path but with no redundant STP path.48 21. The second STP path relied on two diverse fiber transport circuits operated by a third- party contractor, one through Fargo, ND (Fargo Transport Path) and one through Chicago, IL (Chicago Transport Path).49 On February 21, 2022, at approximately 12:18 PM CST, a fiber cut occurred on the Chicago Transport Path near Henderson, Colorado.50 The next morning, on February 22, 2022, the Fargo Transport Path began to experience HVAC problems.51 Equipment was overheating and shutting down, affecting traffic flow over the path.52 However, Lumen was unaware at the time of either the fiber cut on the Chicago Transport Path or the serious HVAC issues on the Fargo Transport Path. In fact, Lumen claims it did not become aware of the HVAC problem on the Fargo Transport Path until about 30 minutes after the outage actually ended. And Lumen claims it did not learn about the fiber cut on the Chicago Transport Path until about an hour and forty-five minutes after the outage had ended.53 22. On February 22, 2022, at 8:15 AM CST, problems with Lumen’s traffic on the Fargo Transport Path reached a sufficient threshold to generate a loss of redundancy alarm for the loss of the Chicago Transport Path.54 Then, at 9:00 AM CST, Lumen received an alert indicating an SS7 outage condition.55 This SS7 connectivity loss began the Second 911 Outage, preventing the transmission of 911 calls to 11 PSAPs in Western North Dakota.56 23. Lumen initially told the Bureau that the fiber cut on the Chicago Transport Path caused the second STP path to fail for the Bismarck and Mandan, ND switches, in turn causing the loss of SS7 connectivity that occurred at 9:00 AM CST.57 During the course of this investigation, the Bureau inquired why the complete loss of SS7 connectivity occurred a substantial time after that fiber cut.58 Although Lumen has been unable to explain how the outage occurred, the Company speculated that the Fargo Transport Path was still at least partially functional and may have continued to allow the second STP path to operate until “the HVAC issue degraded service on [it] and contributed to the SS7 connectivity failure Lumen experienced at approximately 9:00 AM CST.”59 24. At approximately 10:45 AM CST a Lumen technician restored the first STP path SS7 connectivity to the Bismarck and Mandan switches, ending this phase of the outage.60 However, at 11:10 48 October 7 LOI Response, supra note 17, at 2. 49 Id. at 2. 50 FLOI Response, supra note 23, at 9. 51 October 7 LOI Response, supra note 17, at 3. 52 Id. at 11. 53 FLOI Response, supra note 23, at 12. 54 Id. at 9-10; Second FLOI Response, supra note 25, at 5. Lumen had implemented {[ ]} Id. 55 FLOI Response, supra note 23, at 10. 56 October 7 LOI Response, supra note 17, at 2. These 11 PSAPs were the {[ ]}. Id., fn 3. 57 See Letter from Lumen Technologies, Inc., to Spectrum Enforcement Division, FCC Enforcement Bureau, at 4 (March 9, 2022) (on file in EB-SED-22-00034071) (March 9 Non-compliance Report). 58 LOI, supra note 20, at 10. 59 Id. at 10; FLOI Response, supra note 23, at 11. 60 October 7 LOI Response, supra note 17, at 2-3. 7 Federal Communications Commission FCC 23-81 AM CST, the same HVAC issue caused the Fargo transport path to shut down, ending traffic flow over the path.61 At that time, Lumen received a network alarm, which indicated that traffic was failing on the third party’s fiber transport network. Thus, Lumen was then aware that both the Fargo and Chicago Transport Paths, on which the second STP path relied, were non-operational.62 Again, however, the alarm {[ ]}63 25. This did not disrupt all SS7 communications again because earlier the Lumen technician had restored the first STP path, but it did cease all 911 traffic to the impacted PSAPs. At the time of the outage, the Bismarck switch was a component of Lumen’s legacy wireline network and previously served as a selective router for 911 calls.64 With the transition to NG911, selective routing no longer occurred at Lumen’s Bismarck switch at the time of the Second 911 Outage, but the ingress architecture remained. Lumen, which billed the {[ ]} for this part of the 911 call flow, maintained the Bismarck office as an ingress point for 911 calls going into North Dakota’s NG911 network.65 As part of this ingress, Lumen’s Emergency Service (ES) trunks, which ran from the Bismarck switch to North Dakota’s NG911 network,66 used the same two fiber transport paths as the second STP path, i.e., the Fargo and Chicago Transport Paths.67 Because Lumen designed its Bismarck switch to serve as the required ingress point for delivery to the NG911 network for 911 traffic from multiple originating service providers, who had no alternative route available to reach the NG911 network, the failure of the Fargo and Chicago Paths resulted in 911 service stopping at Lumen’s Bismarck switch.68 This affected the same 11 PSAPs as had been affected by the earlier loss of SS7 connectivity.69 26. On February 22, 2022, at approximately 4:08 PM CST, the third-party transport carrier resolved the HVAC issues in Fargo and 911 services resumed due to the restoration of the Fargo Transport Path.70 27. The following provides an overview of the timeline for the Second 911 Outage. Second 911 Outage Timeline February 19, 2022 A Lumen technician deactivates one of two SS7 links at Lumen’s Bismarck switch and then fails to reactivate it. Lumen remains unaware this link is deactivated until a related 911 outage begins three days later. 61 Id. at 3, 11. 62 FLOI Response, supra note 23, at 10. 63 Id. 64 October 7 LOI Response, supra note 17, at 8, 11, 13. See also Inquiry Concerning 911 Access, Routing, and Location in Enterprise Communication Systems, PS Docket 17-239, Notice of Inquiry, 32 FCC Rcd 7923, 7939, Appendix A (“Wireline carriers accomplish [routing of 911 calls to PSAPs] by use of selective routers to receive 911 calls from LEC [Local Exchange Carrier] central offices over dedicated trunks.”). 65 October 7 LOI Response, supra note 17, at 8, 13. 66 Id. at 3; FLOI Response, supra note 23, at 11. 67 October 7 LOI Response, supra note 17, at 3, n.4. 68 Id. at 8. 69 Id. at 17. 70 Id. at 3. 8 Federal Communications Commission FCC 23-81 February 21, 2022 At approximately 12:18 PM CST – a fiber cut occurs on one of the two, third-party fiber optic paths (Chicago Transport Path) supporting the second, active SS7 link at Lumen’s Bismarck switch. February 22, 2022 Morning – due to HVAC issues, the other fiber optic path (Fargo Transport Path) supporting the second, active SS7 link at Lumen’s Bismarck switch begins to experience problems. 8:15 AM CST – Lumen receives a loss of redundancy alarm indicating the Chicago Transport Path is down – about 20 hours after the fiber cut occurred. 9:00 AM CST – the HVAC problems on the Fargo Transport Path reach a sufficient degree to cut-off SS7 transmission to the second SS7 link at the Bismarck’s switch, thereby starting a 911 outage. 9:07 AM CST – Lumen notifies two of the eleven affected PSAPs. 9:32 – 9:53 AM CST – Lumen notifies three more of the eleven affected PSAPs {[ ]}. 10:45 AM CST – this SS7 outage ends when a Lumen technician reactivates the first, deactivated SS7 link at Lumen’s Bismarck switch. 11:10 AM CST – the HVAC issue on the Fargo Transport Path now completely shuts down that path. With both the Chicago and Fargo Transport Paths down, Lumen’s Bismarck switch is now disconnected from North Dakota’s NG911 network, preventing 911 calls from reaching that network. 12:21 – 12:30 PM CST – Lumen notifies the remaining six affected PSAPs. At approximately 4:08 PM CST – the 911 outage ends when the third-party resolves the HVAC issues on the Fargo Transport Path restoring the connection between Lumen’s Bismarck switch and North Dakota’s NG911 network. At approximately 4:38 PM CST – Lumen learns about the HVAC issues that shut down the Fargo Transport Path. At approximately 4:53 PM CST – Lumen learns about the fiber cut that shut down the Chicago Transport Path. 28. Approximately 155,792 users were affected by this 911 outage.71 Because Lumen is the statewide NG911 service provider for North Dakota and Lumen required other OSPs to route their customers’ 911 calls to Lumen’s Bismarck switch, these customers came from many different originating service providers, including Lumen itself.72 Calls came from wireline, wireless, and Voice over Internet Protocol (VoIP) phones.73 In all, a total of 413 calls to 911 failed to complete as a result of these events,74 and 49 of these appear to have been test calls made by a carrier.75 Therefore, 364 consumer calls to 911 in North Dakota did not reach a PSAP because of the Lumen network failure. 71 Id. at 6. 72 Id. at 7. 73 Id., Ex. 73-1. 74 Id. at 3. 75 Id., Ex. 73-1. 9 Federal Communications Commission FCC 23-81 29. Lumen automatically sent two PSAP notifications at 9:07 AM CST because it had designed its network to send PSAP notifications when an affected PSAP was directly served by the Lumen office experiencing an SS7 outage, rather than PSAPs indirectly affected because the Bismarck switch was an ingress point for 911 calls.76 Lumen sent outage notifications to three PSAPs between approximately 9:32 and 9:53 AM CST {[ ]}.77 At the time of the Second 911 Outage, Lumen {[ ]}.78 At {[ ]} Lumen determined that additional PSAPs were impacted. Lumen sent outage notifications to these six PSAPs between approximately 12:21 and 12:30 PM CST.79 Following the outage, Lumen modified its network so that it would send automated PSAP notifications not only to PSAPs directly served by an affected office but also to PSAPs {[ ]}.80 30. Subsequent to the Second 911 Outage, Lumen provided the Bureau with conflicting information regarding the outage causes. On March 9, 2022, Lumen reported the outage in accordance with the provision of a 2019 consent decree requiring it to report material non-compliance with the Commission’s 911 rules.81 That report stated in relevant part: “At approximately 8:15 AM (CST) on February 22, 2022, a fiber cut occurred on [an] OC192 on the path to Chicago. This failure caused the remaining SS7 link serving the Bismarck and Mandan offices to fail by approximately 9:00 AM (CST).”82 The report did not indicate that there were any other factors leading to the failure of that SS7 link. However, seven months later in its LOI response, Lumen indicated that it then believed the failure of the Fargo Transport Path at 9:00 AM CST was due to HVAC issues, in combination with the cut to the Chicago Transport Path, and likely both were necessary initial causes of that SS7 link failure.83 Then, in its FLOI response, some ten months after the outage occurred, Lumen stated that the first fiber cut on the Chicago Transport Path actually occurred near Henderson, Colorado, that this actually occurred the previous day (February 21, 2022) at 12:18 PM CST – some 18 hours before Lumen previously stated the initial cut occurred,84 and that the cut to that path in the Chicago area was actually the second cut and did not occur until 11:17 AM CST on February 22, 2022.85 C. Lumen’s Prior 911 Outage-Related Consent Decrees 31. Since 2015, Lumen has entered into four consent decrees with the Bureau to settle investigations into Lumen’s potential violations of one or both of the same two 911-related rules (sections 76 FLOI Response, supra note 23, at 14, 15; October 7 LOI Response, supra note 17, Ex. 88-1. 77 Id., Ex. 88-1; FLOI Response, supra note 23, at 14. (The exact times of these PSAP notifications were {[ ]}). 78 Id. at 15. 79 October 7 LOI Response, supra note 17, Ex. 88-1; FLOI Response, supra note 23, at 14. (Five of these PSAP notifications were sent at {[ ]} and the sixth was sent at {[ ]}. 80 FLOI Response, supra note 23, at 15. 81 CenturyLink, Inc., Order and Consent Decree, 34 FCC Rcd 10257, 10260-10263, Consent Decree para. 14 (EB 2019) (CenturyLink 2019 Consent Decree) (Consent Decree: “‘911 Rules’ means sections 4.9 and 9.4 of the Rules and other Communications Laws governing provision of NG911 services.”) Id. at 10259. 82 March 9 Non-compliance Report, supra note 57, at 4. 83 October 7 LOI Response, supra note 17, at 2, 10. 84 FLOI Response, supra note 23, at 9. 85 Id. at 10. 10 Federal Communications Commission FCC 23-81 4.9 and 9.4) it has apparently violated in regard to the First 911 and Second 911 Outages.86 Lumen admitted it did not timely notify PSAPs in a 2015 Consent Decree, and collectively paid over $20 million to settle the four investigations into the Company’s compliance with sections 4.9 and 9.4 (and their predecessors) of the Commission’s rules involving several outages impacting 911 service. III. DISCUSSION 32. We find that Lumen apparently willfully and repeatedly violated sections 4.9 and 9.4 of the Commission’s rules by failing to provide potentially affected PSAPs with timely notice of the First 911 Outage and Second 911 Outage and by deploying a system that was insufficient to transmit 911 calls reliably to PSAPs during the Second 911 Outage leading to multiple 911 call failures.87 A. Lumen Apparently Violated Section 4.9(f) of the Commission’s Rules for Both Outages 33. During both the First 911 Outage and the Second 911 Outage, Lumen failed to notify affected PSAPs in a timely manner in apparent violation of section 4.9(f) of the Commission’s rules. Lumen was a “wireline communications provider” pursuant to section 4.9(f) of the Commission’s rules in both outages.88 Pursuant to section 4.9(f), a wireline communications provider that experiences a network outage of at least 30 minutes in duration, potentially affecting at least 900,000 user-minutes, and that potentially affects a PSAP, must notify as soon as possible the designated official at the PSAP of the outage.89 Such notification must convey to the PSAP “all available information that may be useful to the management of the affected facility in mitigating the effects of the outage on efforts to communicate with that facility.”90 34. In the First 911 Outage, Lumen’s systems designed to enable the company to meet this requirement unreasonably failed at multiple points. First, the process that should have automatically populated the notification ticket with relevant information failed to work for reasons Lumen has not been able to determine. As a result, no automatic notifications to the two affected PSAPs were sent. Second, Lumen’s first-line backup process of a Lumen employee manually interpreting data and responding— specifically,{[ 86 CenturyLink, Inc., Order and Consent Decree, 30 FCC Rcd 2848, 2852, 2856 (EB 2015) (CenturyLink 2015 Consent Decree); CenturyLink 2019 Consent Decree, supra note 81, at 10260-61, Consent Decree para. 3 (EB 2019) (“The Bureau has interpreted this rule to ensure seamless, ubiquitous, and reliable 911 service nationwide, requiring all telecommunications carriers to implement a 911 system with the fundamental capacity to transmit all 911 calls to a PSAP, including the capability to prevent, detect, and quickly resolve outages.”); CenturyLink, Inc., Order and Consent Decree, 35 FCC Rcd 14532 (EB 2020) (CenturyLink 2020 Consent Decree); CenturyLink, Inc., nka Lumen Technologies, Inc., Order and Consent Decree, 36 FCC Rcd 17113, 17113, Adopting Order para. 1 (EB 2021) (CenturyLink 2021 Consent Decree). 87 Section 312(f)(1) of the Act defines willful as “the conscious and deliberate commission or omission of [any] act, irrespective of any intent to violate” the law. 47 U.S.C. § 312(f)(1). The legislative history to section 312(f)(1) of the Act clarifies that this definition of willful applies to both section 312 and 503(b) of the Act, See H.R. Rep. No. 97-765, at 51 (1982) (Conf. Rep.). The Commission has so interpreted the term in the section 503(b) context. See Southern California Broadcasting Co., Memorandum Opinion and Order, 6 FCC Rcd 4387, 4388, para. 5 (1991) (Southern California), recon. denied, 7 FCC Rcd 3454 (1992). Section 312(f)(2) of the Act provides that “[t]he term ‘repeated,’ when used with reference to the commission or omission of any act, means the commission or omission of such act more than once or, if such commission or omission is continuous, for more than one day.” 47 U.S.C. § 312(f)(2). 88 See September 2 LOI Response supra note 17, at 5; October 7 LOI Response, supra note 17, at 5. 89 47 CFR § 4.9(f)(4) (requiring notification when an outage “[p]otentially affects a 911 special facility”); id. § 4.5(e) (providing that “[a]n outage that potentially affects a 911 special facility occurs whenever,” inter alia, there is a loss of communications to a PSAP potentially affecting at least 900,000 user-minutes and the outage lasts 30 minutes or more). 90 Id. § 4.9(f)(4). 11 Federal Communications Commission FCC 23-81 ]}—also failed, {[ ]}. Thus, this process failed to result in the generation of PSAP notifications. And, finally, Lumen’s second-line backup for such a failure—having {[ ]}—also failed due to {[ ]}.91 As a result of these errors, Lumen did not notify the two affected PSAPs for multiple days—(five)—after the First 911 Outage had ended.92 This is well after section 4.9(f)’s requirement to notify these PSAPs “as soon as possible.” We thus find Lumen apparently willfully and repeatedly violated section 4.9(f) of the Commission’s rules for the First 911 Outage by failing to notify two potentially affected PSAPs as soon as possible. 35. During the Second 911 Outage, Lumen timely notified two PSAPs but failed to notify nine PSAPs “as soon as possible” when compared to the earlier automated notifications. This outage began at 9:00 AM CST; and by 9:07 AM CST, Lumen’s network had automatically notified two potentially affected PSAPs because it had designed its network to automatically notify PSAPs directly served by one of its switch offices. The Lumen notification system thus functioned as it should have for these two PSAPs, and Lumen made these required notifications “as soon as possible.” However, Lumen did not notify the other nine affected PSAPs “as soon as possible.” Although it was reasonably foreseeable at the time that an SS7 failure at the Bismarck switch would affect PSAPs{[ ]}, not just PSAPs directly served by one of its switch offices, and Lumen had the technical capability to design its system to notify such PSAPs automatically, it had not done so.93 Only after three such PSAPs {[ ]} did Lumen send the required notifications to those PSAPs between 9:32 AM CST and 9:53 AM CST. Moreover, almost two hours after the second batch of notifications, and more than three hours after the first PSAPs were notified, Lumen manually identified additional similarly affected PSAPs and sent the six related notifications between 12:22 PM CST and 12:48 PM CST. 36. Lumen and other regulated companies have long been on notice that section 4.9 of the Commission’s rules requires them to ensure timely identification and notification of all potentially affected PSAPs during 911 outages.94 Indeed, in 2015, a predecessor-in-interest to Lumen admitted that its failure to notify PSAPs of a 911 outage in a timely manner violated this rule.95 Because the PSAP notification system problem was reasonably foreseeable, and Lumen had the means to design that system 91 September 2 LOI Response, supra note 17, at 16. 92 Id. at 3. 93 FLOI Response, supra note 23, at 15. 94 See, e.g., CenturyLink 2015 Consent Decree, supra note 86, at 2848, Adopting Order para. 1 (“To settle this matter, CenturyLink will implement a far-reaching compliance plan to develop and implement proactive risk management principles designed to … plan for and provide expeditious notification to PSAPs affected by 911 outages.”); CenturyLink 2021 Consent Decree CenturyLink, supra note 86, at 17113, Consent Decree para. 17 (CenturyLink shall “[a]ssess its existing PSAP notification system . . . and implement . . . a plan for a PSAP notification system updates sufficient to timely notify affected PSAPs of NG911 outages . . .”); see also, e.g., T- Mobile USA, Inc., Order and Consent Decree, 30 FCC Rcd 7247, Adopting Order para. 3 (EB 2015) (T-Mobile 2015 Consent Decree) (“To settle this matter, T-Mobile will . . . implement a compliance plan to adopt proactive risk management principles designed to . . . provide timely notification to PSAPs affected by 911 outages.”); AT&T Mobility, Inc., Order and Consent Decree, 33 FCC Rcd 6142, Adopting Order para. 3 (EB 2018) (AT&T Mobility 2018 Consent Decree) (“To settle this matter, AT&T Mobility will . . . implement a compliance plan to adopt proactive risk management principles designed to . . . enable the provision of timely 911 outage notification to PSAPs.”); T-Mobile USA, Inc., Order and Consent Decree, 36 FCC Rcd 16178, Adopting Order para. 1 (EB 2021) (T-Mobile 2021 Consent Decree) (“These rules require wireless providers to reasonably design and operate their networks to . . . timely notify potentially affected PSAPs of reportable 911 outages.”). 95 See CenturyLink 2015 Consent Decree, supra note 86, at 2852, Consent Decree para. 9. 12 Federal Communications Commission FCC 23-81 to identify and notify in a timely manner all of the potentially affected PSAPs without the need for additional research that delayed notifications to affected PSAPs, it has no excuse for not doing so.96 That it did not do so indicates that nine of the eleven PSAP notifications were not sent to nine potentially affected PSAPs “as soon as possible” and constitutes apparent willful and repeated violations of section 4.9(f) of the Commission’s rules. B. Lumen Apparently Violated Section 9.4 of the Commission’s Rules for the Second 911 Outage 37. Lumen implemented a 911 transmission system in North Dakota that was inadequate to meet its obligations under section 9.4 of the Commission’s rules in connection with the Second 911 Outage. Specifically, Lumen failed to include sufficient, reasonably available safeguards in its network to reliably avoid, warn of, or timely resolve a significant outage of its 911 service. We therefore find that Lumen apparently willfully and repeatedly violated section 9.4. 38. Section 9.4 of the Commission’s rules requires telecommunications carriers to transmit all 911 calls to a PSAP or other appropriate entity.97 Lumen was a “telecommunications carrier” in North Dakota at the time of the outage.98 In promulgating section 9.4, the Commission required telecommunications carriers to develop and implement the necessary “translation and routing” to ensure that all 911 calls are able to reach PSAPs.99 The Commission’s 911 rules anticipate that some disruptions in service may be unavoidable despite providers’ best efforts to mitigate risks of failure. Therefore, we do not suggest that any failure whatsoever in a 911 network would violate section 9.4. The Commission and Bureau have, however, indicated that 911 networks must meet minimum standards of technical and operational readiness to comply with applicable service requirements.100 Thus where, as here, a 911 96 Well-established Commission precedent holds that regulatees must make reasonable efforts to fulfill their regulatory duties. Southern California, 6 FCC Rcd 4387, para 3 (actions taken by violator were not “good faith” efforts to comply with the Act, in light of prior Commission actions); Rural Call Completion, Second Report and Order and Third Further Notice of Proposed Rulemaking, 33 FCC Rcd 4199, 4219, 4211, para. 25 (2018) (Rural Call Completion) (provider must use “commercially reasonable efforts” to fulfill Act section 201 responsibilities); see also Twenty-One Sound Communications, Inc., Forfeiture Order, 20 FCC Rcd 12497, 12499, para. 8 (EB 2005), petition for reconsideration denied, Memorandum Opinion and Order, 20 FCC Rcd 18064 (B 2005), application for review denied, Order on Review, 23 FCC Rcd 2436 (2008) (station owner should have made reasonable efforts to maintain Emergency Alert System Equipment in operational readiness condition); National Television Company, Memorandum Opinion and Order, 18 FCC Rcd 19219, 19221, para. 7 (WTB 2003) (obligation to make reasonable efforts to return a station to operational status); Leaco Rural Telephone Cooperative, Inc., and Pine Belt Cellular, Inc., Order, 31 FCC Rcd 9001, 9006, para. 17 (WTB 2016) (licensees must make reasonable plans and efforts to timely fulfill their Mobility Fund obligations). 97 See 47 CFR § 9.4 (“All telecommunications carriers shall transmit all 911 calls to a PSAP, to a designated statewide default answering point, or to an appropriate local emergency authority as set forth in § 9.5.”). 98 October 7 LOI Response, supra note 17, at 5. 99 47 CFR § 9.5. 100 Lumen has entered into multiple consent decrees with the Bureau to settle investigations into whether it reasonably complied with section 9.4 and its predecessors. See CenturyLink 2015 Consent Decree, supra note 86, at 2848, Adopting Order para. 1 (“To settle this matter, CenturyLink will implement a far-reaching compliance plan to develop and implement proactive risk management principles designed to reduce the likelihood and impact of 911 failures [and] ensure reliable 911 call completion . . .”); CenturyLink 2019 Consent Decree, supra note 81 at 10260, Consent Decree para. 3 (“Section 64.3001 of the Rules states that “[a]ll telecommunications carriers shall transmit all 911 calls to a PSAP, to a designated statewide default answering point, or to an appropriate local emergency authority as set forth in § 64.3002.”[footnote omitted] The Bureau has interpreted this rule to ensure seamless, ubiquitous, and reliable 911 service nationwide, requiring all telecommunications carriers to implement a 911 system with the fundamental capacity to transmit all 911 calls to a PSAP, including the capability to prevent, detect, and quickly resolve outages.”); CenturyLink 2020 Consent Decree, supra note 86, at 14532, Adopting Order para. 1 (“The Commission’s Enforcement Bureau has entered into a Consent Decree to resolve its investigation into (continued….) 13 Federal Communications Commission FCC 23-81 network is not reasonably designed and operated to detect and eliminate network problems in order to reliably transmit all 911 calls to PSAPs under reasonably foreseeable conditions, it cannot satisfy the minimum requirements of section 9.4 of the Commission’s rules. 39. Classic “Sunny Day” outage. The Second 911 Outage did not result from an extraordinary natural disaster or other unforeseeable catastrophe; rather, it was a prototypical “sunny day” failure that was caused by two separate failures on the part of Lumen that show the apparent failure to comply with section 9.4. First, Lumen unreasonably failed to reconnect the first STP link for the Bismarck switch for two days after Lumen’s technician disconnected it for testing, eliminating the redundancy in Lumen’s network and thereby ensuring a 911 outage would occur should the second STP link at that switch fail. This failure to reconnect the link should not have occurred, at least not for this duration, and only did so because of the lack of proper supervision, training, and technical elements, all of which were within Lumen’s control. Had Lumen adequately trained its own technician to reconnect the disconnected STP link, had in place monitoring to warn it that a redundant SS7 link had not been reactivated, or had a more robust technical solution to prevent technicians from failing to reconnect SS7 links after testing, the SS7 portion of the Second 911 outage would likely have been prevented. 40. Second, “the Commission has consistently refused to excuse licensees from forfeiture penalties where actions of employees or independent contractors result in violations.”101 And, Lumen has repeatedly acknowledged this responsibility in earlier 911 outage-related consent decrees with the Bureau.102 Lumen relied on its transport contractor both to transmit vital SS7 data and to connect its whether CenturyLink, Inc. violated the Commission’s rules in connection with a multistate outage on one of CenturyLink’s transport networks that . . . affected CenturyLink’s delivery of some 911 calls. These rules [sections 9.4 and 9.5 of the Commission’s rules] ensure that telecommunications carriers take reasonable measures to ensure the transmission of the public’s 911 calls to emergency call centers.”); CenturyLink 2021 Consent Decree, supra note 86, at 17113, Adopting Order para. 1 (“The Enforcement Bureau . . . has entered into a Consent Decree to resolve its investigation into whether CenturyLink . . . now known as Lumen Technologies, Inc., failed to deliver 911 calls . . . Congress has made emergency communication services a national priority, and the Commission has repeatedly emphasized that robust and reliable 911 service must be available nationwide. It is therefore incumbent upon the Commission to ensure that telecommunications carriers provide reliable 911 service at all times.”). Consent decrees with other providers have also resolved investigations into whether 911 network design and operation reasonably ensured transmission of 911 calls under these rules. See, e.g., T-Mobile 2015 Consent Decree, supra note 94, at 7247, Adopting Order para. 3 (“To settle this matter, T-Mobile will . . . implement a compliance plan to adopt proactive risk management principles designed to reduce the likelihood and impact of 911 failures [and] ensure reliable 911 call completion….”); AT&T Mobility 2018 Consent Decree, supra note 94, at 6142, Adopting Order para. 3 (“To settle this matter, AT&T Mobility will . . . implement a compliance plan to adopt proactive risk management principles designed to reduce the likelihood and impact of future 911 outages [and] ensure reliable 911 call completion . . . .”); T-Mobile 2021 Consent Decree, supra note 94, at 16178, Adopting Order para. 1 (“These rules [sections 9.4 and 9.10 of the Commission’s rules] require wireless providers to reasonably design and operate their networks to ensure reliable transmission of all 911 calls . . . .”). The foregoing obligation is also in line with similar obligations the Commission has imposed on telecommunications carriers in other call-completion contexts. See e.g., Rural Call Completion, 33 FCC Rcd at 4219, para. 42 (“We do not impose strict liability on covered providers for a call completion failure; rather, we may impose a penalty where a covered provider fails to take actions to prevent reasonably foreseeable problems or, if it knows or should know that a problem has arisen, where it fails to investigate or take appropriate remedial action.”). Finally, it accords with the well-established principle that Commission regulatees must make reasonable efforts to fulfill their regulatory duties. 101 Triad Broadcasting Company, Inc., Memorandum Opinion and Order, 96 FCC 2d 1235, 1244, para. 21 (1984); see also para. 8, supra. (explaining that common carriers are responsible for the acts and omissions of those contractors or agents performing duties on their behalf). 102 CenturyLink 2021 Consent Decree, supra note 86, at 17117-18, Consent Decree paras. 4-7) (“CenturyLink acknowledges that it is responsible for complying with applicable Commission rules regardless of any alleged (continued….) 14 Federal Communications Commission FCC 23-81 Bismarck switch to the North Dakota’s NG911 Gateway. Had Lumen ensured that its transport contractor timely notified Lumen of outages in those transmission capabilities and taken action when the fiber was cut on the Chicago path and/or when the HVAC system experienced problems, the outage also would likely not have occurred, or, at the least, its effects would have been substantially minimized. The Company’s failure to monitor adequately the fiber optic lines on which both the SS7 link and the connection between the Bismarck switch and North Dakota’s NG911 network gateway relied created an avoidable point of failure. 41. As discussed below, Lumen failed to employ reasonable steps in designing and operating key aspects of its network as evidenced by not applying both critical industry best practices and basic good judgment, leading to the Second 911 Outage. Actions contrary to best practices are not rule violations; however, best practices are evidence of reasonable steps to ensure reliable 911 service.103 In turn, the failure to follow a best practice is evidence of the lack of reasonable steps to ensure reliable 911 service. In 2013, the Commission noted that “because of the collaborative and consensus-based nature of this process, CSRIC’s best practices generally involve aspects of service that providers have indicated they were already adopting consistently.”104 Moreover, as noted below, all of the best practices we reference were last revised between 2013 and 2019—well before the February 22 Outage.105 Further, a Lumen representative was involved in the drafting of the majority of these best practices.106 Finally, the Bureau has incorporated various best practices into consent decrees related to 911 outages.107 Accordingly, for all of these reasons, Lumen should reasonably have been aware of, and incorporated, all of these best practices into its networks. 42. Insufficient Training. Lumen unreasonably failed to provide its technician with sufficient training. It is a basic industry practice for network operators to provide their staff with sufficient training to do their jobs adequately.108 However, in the Second 911 Outage, Lumen unreasonably failed to provide sufficient training and supervision to its technician to ensure that the basic measure of reactivating a deactivated SS7 link after testing was completed. Sufficient training would have ensured that the technician double-checked to ensure the deactivated SS7 link had been reactivated after testing; it may have included an established close-out procedure following testing that required the technician to go through steps to ensure everything had been restored. And sufficient supervision would have provided a backstop should the SS7 link still had not been reactivated after the technician thought the work was complete. This unnecessary error was critical in establishing the conditions for the outage to take place. 43. Insufficient Network Monitoring. Lumen unreasonably failed to monitor its network. It is a fundamental and well-recognized industry practice that network operators monitor their networks failures by its subcontractors.”); CenturyLink 2019 Consent Decree, supra note 81, at 10260-61, Consent Decree paras. 4-5; CenturyLink 2015 Consent Decree, supra note 86, at 2853, Consent Decree para. 11.b.v. 103 See e.g., 911 Reliability Report and Order, supra note 5, at 17477, para. 1 (Commission views implementation of certain industry-backed “best practices” as taking reasonable measures to provide reliable 911 service); FCC’s Public Safety and Homeland Security Bureau Reminds Telecommunications Service Providers of Importance of Implementing Established 9-1-1 and Enhanced 9-1-1 Services Best Practices, Public Notice, 27 FCC Rcd 6085 (PSHSB 2012). 104 911 Reliability Report and Order, supra note 5, at 17479, para. 10. 105 See infra notes 108-112, 115-116. 106 Id. 107 See, e.g., T-Mobile 2021 Consent Decree, supra note 94, at 16178, Consent Decree para. 13(b); Intrado Safety Communications, Inc., Order and Consent Decree, 36 FCC Rcd 17090, para. 16(b)(ii) (EB 2021). 108 See CSRIC Best Practice 13-12-8124 (“Network Operators .. . should ensure staff is given awareness training on security policies, standards, procedures, and general best practices.”) (last revised 2019), https://opendata fcc.gov/Public-Safety/CSRIC-Best-Practices/qb45-rw2t/data. 15 Federal Communications Commission FCC 23-81 sufficiently to enable a quick response to network problems.109 This applies in particular to the monitoring of sensitive equipment and systems.110 Yet, in the Second 911 Outage, Lumen remained unaware for several days that one of the SS7 links at its Bismarck switch had remained deactivated after testing had been completed. These links were necessary for call set-up, routing, completion, and management of its wireline communications; and thus, the monitoring of these links was critical.111 44. Additionally, the need for a network operator to monitor its networks reasonably extends to those portions of its networks that it chooses to have third-parties operate.112 Indeed, the Act and agency law make Lumen liable for the acts of its subcontractors, and Lumen has acknowledged this in several consent decrees with the Bureau.113 However, in the Second 911 Outage, Lumen remained unaware for more than a day that a critical fiber link necessary for SS7 connectivity and connectivity to North Dakota’s NG911 gateway had been cut. Lumen also remained unaware for many hours that the redundant fiber link was also experiencing severe HVAC problems that impaired and even threatened serviceability in any manner. Indeed, Lumen did not become aware of either of these problems until after the outage had ended and the problems were resolved. Without timely knowledge of these events, which adversely affected critical components of its network, Lumen could not take any steps to prevent them from causing the outage, or at least potentially mitigating the effects of the outage. Moreover, because of Lumen’s insufficient network monitoring, for months after the outage ended, it remained unaware of both the actual timing and location of the cut to one of its critical fiber links and, as of the filing of the last information with the Bureau, cannot fully explain the cause of the failure of its first SS7 link during the Second 911 Outage.114 If not corrected, this lack of reasonable monitoring could delay or prevent Lumen from taking appropriate remedial measures to avert similar types of 911 outages in the future. 109 CSRIC Best Practice 13-9-0401 (“Network Operators . . . should monitor their network to enable quick response to network issues.”) (last revised 2013), https://opendata.fcc.gov/Public-Safety/CSRIC-Best-Practices/qb45- rw2t/data. Lumen Representatives were both the Chair and Steering Committee Chair of the CSRIC that revised this best practice. See Federal Commc’ns Comm’n, “Communications Security, Reliability, and Interoperability Council III,” https://www.fcc.gov/about-fcc/advisory-committees/communications-security-reliability-and- interoperability-1 (CSRIC III). 110 CSRIC Best Practice 13-10-0656 (“Network Operators . . . should establish a requirement for . . . monitoring . . . for sensitive equipment.”) (last revised 2015), https://opendata fcc.gov/Public-Safety/CSRIC-Best-Practices/qb45- rw2t/data. Lumen representatives were involved in working groups in the CSRIC that revised this best practice. See Federal Communications Commission, “CSRIC IV Working Group Descriptions and Leadership,” https://transition.fcc.gov/bureaus/pshs/advisory/csric4/CSRIC%20IV%20Working%20Group%20Descriptions%201 0%2023%2014.pdf (CSRIC IV). 111 October 7 LOI Response, supra note 17, at 1-2 (“SS7 is an integral part of TDM communications and is necessary for call set-up, routing, and completion, as well as for network management between interconnected SS7 networks.”). 112 See, e.g., CSRIC Best Practice 13-9-0574 (“Network Operators … should actively monitor and manage the 9-1-1 network components using network management controls, where available, to quickly restore 9-1-1 service and provide priority repair during network failure events. When multiple interconnecting providers and vendors are involved, they will need to cooperate to provide end-to-end analysis of complex call-handling problems”) (last revised 2013). Lumen Representatives were both the Chair and Steering Committee Chair of the CSRIC that revised this best practice. See CSRIC III; CSRIC Best Practice 13-12-0529 (“Network Operators, Service Providers, Equipment Suppliers and Public Safety should support sharing of appropriate information pertaining to outages as an effort to decrease the potential of further propagation.”) (last revised 2019), https://opendata.fcc.gov/Public- Safety/CSRIC-Best-Practices/qb45-rw2t/data. 113 See para. 8, supra (explaining that common carriers are responsible for the acts and omissions of those contractors or agents performing duties on their behalf); note 102, supra (Lumen has acknowledged its responsibility for its subcontractors). 114 See paras. 23, 30, supra (discussing Lumen’s failure to adequately monitor its network). 16 Federal Communications Commission FCC 23-81 45. Insufficient Follow-up and Post-Mortem Procedures. Lumen unreasonably failed to provide basic follow-up and post-mortem procedures. It is a basic industry practice for network operators to establish the proper steps for restoration of service following maintenance activities.115 These were insufficient in the Second 911 Outage—following testing, the Lumen technician simply failed to reactivate the SS7 link at the Bismarck and Manden switches. A network operator should also have a sufficient post-mortem process to determine the root causes of an outage and thereby take measures to prevent a recurrence.116 However, because Lumen’s network monitoring was inadequate, it has to date been unable to determine the root causes of the SS7 failure during the Second 911 Outage,117 which means Lumen seemingly cannot take measures to prevent a similar issue from causing an outage in the future.118 C. Proposed Forfeiture 46. Section 503(b) of the Act authorizes the Commission to impose a forfeiture against any entity that “willfully or repeatedly fail[s] to comply with any of the provisions of [the Act] or of any rule, regulation, or order issued by the Commission[.]”119 Here, section 503(b)(2)(B) of the Act authorizes us to assess a forfeiture against a common carrier of up to $237,268 for each day of a continuing violation, up to a statutory maximum of $2,372,677 for a single act or failure to act.120 In exercising our forfeiture authority, we must consider the “nature, circumstances, extent, and gravity of the violation and, with respect to the violator, the degree of culpability, any history of prior offenses, ability to pay, and such other matters as justice may require.”121 In addition, the Commission has established forfeiture guidelines, which establish base penalties for certain violations and identify criteria that we consider when determining the appropriate penalty in any given case.122 Under these guidelines, we may adjust a forfeiture upward for violations that are egregious, intentional, or repeated, or that cause substantial harm or generate substantial economic gain for the violator.123 115 See, e.g., CSRIC Best Practice 13-10-0418 (“Network Operators … should where appropriate, have a documented back-out plan as part of a Method of Procedure (MOP) for scheduled and unscheduled maintenance activities.”) (last revised 2015), https://opendata.fcc.gov/Public-Safety/CSRIC-Best-Practices/qb45-rw2t/data. Lumen representatives were involved in working groups in the CSRIC that revised this best practice. See CSRIC IV, supra. 116 CSRIC Best Practice 13-10-0548 (“Network Operators … should have an internal post mortem process, which engages . . . other involved parties as appropriate, to complete root cause analysis of major network events with follow-up implementation of corrective and preventive actions to minimize the probability of recurrence.”) (last revised 2015). Lumen representatives were involved in working groups in the CSRIC that revised this best practice. See CSRIC IV, supra. CSRIC Best Practice 13-12-0616 (“Network Operators . . . should design and implement procedures to evaluate failure and emergency conditions affecting network capacity.”) (last revised 2019), both available at https://opendata fcc.gov/Public-Safety/CSRIC-Best-Practices/qb45-rw2t/data. 117 See paras. 23, 30, supra (discussing Lumen’s failure to adequately monitor its network). 118 We also note here that the First 911 Outage was avoidable had Lumen taken action to investigate and fix the failure of the first SS7 link in the 24-hour time period before the second SS7 link failed. Additionally, it apparently took Lumen five hours to determine the switch cards had failed, a time period that could have been lessened had the switch cards been alarmed. However, Lumen reports no 911 calls failed during the First 911 Outage, so we find no apparent violation of section 9.4 of the Commission’s rules in that outage. 119 47 U.S.C. § 503(b). 120 See 47 U.S.C. § 503(b)(B); 47 CFR § 1.80(b)(2); see Amendment of Section 1.80(b) of the Commission’s Rules, Adjustment of Civil Monetary Penalties to Reflect Inflation, Order, DA 22-1356, 2022 WL 18023008 (EB Dec. 23, 2022). 121 47 U.S.C. § 503(b)(2)(E). 122 47 CFR § 1.80(b)(11), Note 2 to paragraph (b)(11). 123 Id. 17 Federal Communications Commission FCC 23-81 1. Forfeiture Assessment on a Per Call (Section 9.4 Apparent Violations) and Per PSAP Basis (Section 4.9 Apparent Violations) 47. To assess an appropriate forfeiture for Lumen’s violations, we must establish a base forfeiture methodology for violations of sections 4.9 and 9.4 of the Commission’s rules. Neither the Commission’s forfeiture guidelines nor our case law does this. In these circumstances, the Commission has substantial discretion in proposing forfeitures and may establish new forfeitures.124 The Commission retains its discretion to issue forfeitures on a case-by-case basis.125 To establish a base forfeiture for violations of sections 4.9 and 9.4, we look to the base forfeitures established or issued in other cases for guidance. 48. Because section 9.4 requires carriers to transmit all 911 calls to PSAPs and the harm from a failure to transmit 911 calls to PSAPs accrues for each failed 911 call, we will assess a proposed forfeiture for section 9.4 violations on a per-failed 911 call basis. We then look to other forfeiture methodologies applied on a per-call basis to determine the appropriate value per-failed 911 call.126 First, we note that, while impossible to precisely quantify, the monetary value of a single failed 911 call can be immense, and that violations of rules related to 911 have long been considered extremely serious because of the critical function these requirements serve in promoting and safeguarding life and property.127 The American public relies on 911 calls in a time of crisis to reach first responders. We thus look to other significant enforcement areas for guidance where the harm is based on individual calls. In the context of spoofed robocalls, the Commission has determined a $1,000 base forfeiture per unlawful spoofed robocall in mass-spoofing enforcement actions is appropriate.128 Because the requirement to transmit 911 calls is 124 Syntax-Brillian Corporation, Notice of Apparent Liability for Forfeiture, 22 FCC Rcd 10530, 10535, para. 12 (2007), aff’d Forfeiture Order and Notice of Apparent Liability for Forfeiture, 23 FCC Rcd 6323 (2008) (Syntax Brillian); The Commission's Forfeiture Policy Statement and Amendment of section 1.80 of the Rules to Incorporate the Forfeiture Guidelines, Report and Order, 12 FCC Rcd 17087, 17099, para. 22 (1997) (Forfeiture Policy Statement), recons. denied, Memorandum Opinion and Order, 15 FCC Rcd 303 (1999) (The Commission has found that the “omission of a specific rule violation from the list [establishing base forfeiture amounts] should not signal that the Commission considers any unlisted violation as nonexistent or unimportant. The Commission expects, and it is each licensee’s obligation, to know and comply with all of Commission’s rules.”). 125 Id. “[T]he breadth of agency discretion is, if anything, at zenith when the action assailed relates primarily not to the issue of ascertaining whether conduct violates the statute, or regulations, but rather to the fashioning of ... remedies and sanctions.” American Telephone and Telegraph Co. v. FCC, 454 F.3d 329, 334 (D.C. Cir. 2006) (quoting Niagara Mohawk Power Corp. v. FPC, 379 F.2d 153, 159 (D.C. Cir. 1967)). 126 See, e.g., John C. Spiller, Notice of Apparent Liability for Forfeiture, 35 FCC Rcd 5948, 5963-64, paras. 38-39 (2020) (proposing a forfeiture for each spoofed call) (Spiller), forfeiture ordered, 36 FCC Rcd 6225 (2021). 127 See Dobson Cellular Sys., Inc. and Am. Cellular Corp., Notice of Apparent Liability for Forfeiture, 21 FCC Rcd 4684, 4707, para. 59 (2006) (“Violations of E911 requirements are extremely serious, given the critical function these requirements serve in promoting and safeguarding life and property.”) (Dobson Cellular), consent decree ordered, Order and Consent Decree, 22 FCC Rcd 7968 (2007); see also Cardinal Broadband LLC, 23 FCC Rcd 12224, 12230, para. 16 (EB 2008); Sprint Nextel Corp., Notice of Apparent Liability for Forfeiture, 22 FCC Rcd 16414, 16418, para. 10 (2007); T-Mobile USA, Inc., Notice of Apparent Liability for Forfeiture, 18 FCC Rcd 3501, 3504, para. 7 (2003) (forfeiture paid); Alltel Corp., Notice of Apparent Liability for Forfeiture, 22 FCC Rcd 16432, 16435, para. 10 (2007) (forfeiture paid); 47 U.S.C. § 503(b)(2)(E); Forfeiture Policy Statement, 12 FCC Rcd at 17100–01, para. 27; 47 CFR § 1.80(b)(8), Note to paragraph (b)(8). 128 See, e.g., Spiller, 35 FCC Rcd at 5963-64, paras. 38-39 (proposing a base forfeiture of $1,000 to each spoofed call); Kenneth Moser dba Marketing Support Systems, Notice of Apparent Liability for Forfeiture, 34 FCC Rcd 12753, 12764, para. 31 (2019) (same), forfeiture ordered, 35 FCC Rcd 13415 (2020); Adrian Abramovich, Notice of Apparent Liability for Forfeiture, 32 FCC Rcd 5418, 5426, para. 25 (2017) (same), forfeiture ordered, 33 FCC Rcd 4663 (2018) (Abramovich). “Spoofing” a phone call is causing a caller identification service to knowingly transmit misleading or inaccurate caller identification information. See Call Blocking Tools Available to Consumers: Second Report on Call Blocking, 36 FCC Rcd 10122, 10128 para. 14 (CGB 2022). (continued….) 18 Federal Communications Commission FCC 23-81 at least as important as enforcing regulations regarding spoofed robocalls, and the potential harm from a failed 911 call is potentially much more grievous, we conservatively also apply a $1,000 base forfeiture to each failed 911 call. However, we note that if we determine that $1,000 per call does not appear to be a strong enough deterrent for carriers to comply with the Commission’s 911 rules, we may in future cases assess a larger per call amount.129 49. For apparent violations of section 4.9 of the Commission’s rules, we apply a per-affected PSAP formula. As with our approach for violations of section 9.4, for violations of section 4.9, we propose a forfeiture approach that tracks the language of the rule and the harm caused by a violation. For failures to notify a PSAP, the harm accrues most directly to each PSAP not timely notified of the 911 outage. Section 4.9 of the Commission’s rules requires various providers to notify PSAPs of outages that affect 911 service, and without timely notice of outages, PSAPs are not able to react to and mitigate the outage.130 We will apply a base forfeiture for each PSAP that a provider fails to notify in a timely manner on a sliding scale basis: $10,000 per PSAP for the first 500 PSAPs, $5,000 per PSAP for the next 500 PSAPs, and $1,000 per PSAPs for each additional PSAP. 50. With regard to the base forfeiture amount, precedent related to violations of another obligation in section 4.9 provides useful guidance here. In addition to the obligation to notify PSAPs, section 4.9(f) also requires wireline communications providers that experience an outage to file notifications with the Commission within 120 minutes, 72 hours, and 30 days of discovering a reportable outage.131 The Bureau has previously determined that a base forfeiture of $40,000 is appropriate for the failure to file the first outage notification timely with the Commission, because the notification provides a critical public safety function in immediately alerting the Commission to potential widespread network See also, e.g., Call Authentication Trust Anchor, WC Docket No. 17-97, Sixth Report and Order and Further Notice of Proposed Rulemaking, FCC 23-18, 2023 WL 2582652, at *19, para. 54 (rel. Mar. 17, 2023) (establishing forfeiture penalty on a per-call basis for violations of Commission’s robocall blocking rules); Implementation of the Middle Class Tax Relief and Job Creation Act of 2012, Establishment of a Public Safety Answering Point Do-Not- Call Registry, CG Docket No. 12-129, Report and Order, 27 FCC Rcd 13615, 13629-30, para. 30 (2012) (establishing monetary penalties that are not less than $10,000 per call for automatic dialing of numbers on PSAP do-not-call registry). 129 See Syntax Brillian, 22 FCC Rcd at 10536, para. 15 (noting that the Commission may in the future depart from the methodology applied there if it does not have adequate deterrent effect or if other circumstances require); see also T-Mobile USA, Inc., a subsidiary of T-Mobile USA, Forfeiture Order, 29 FCC Rcd 10752, 10757 para. 14 (2014) (“[T]he agency—on both the Commission and Bureau levels— has repeatedly stated that it retains the discretion to depart from existing guidelines and issue forfeitures on a case-by-case basis, pursuant to its general forfeiture authority contained in section 503 of the Act.”). 130 See 47 CFR § 4.9(f). 131 47 CFR § 4.9(f)(4). Other subsections of section 4.9 also require Commission notifications for entities like wireless service providers. 19 Federal Communications Commission FCC 23-81 problems.132 The base forfeiture is $20,000 for failing to submit the second and third notifications.133 Given that the rule specifically links notification to the Commission and notification to designated PSAP officials, and given the similar public safety reasons that an entity should notify a PSAP of an outage affecting its facilities so that the PSAP can take immediate mitigating actions, the two types of notifications are highly analogous. We note that a Commission notification violation can occur only three times per outage while, because there are approximately 5,748 PSAPs nationwide, there could potentially be hundreds or even thousands of PSAP notification violations in a single, large outage.134 Accordingly, we find that the structure we adopt here, a $10,000 base forfeiture per PSAP for the first 500 violations of section 4.9(f)(4), followed by $5,000 per PSAP for the next 500 PSAPs, and $1,000 per PSAPs for each additional PSAP, is in fact beneficial to providers when compared to a straightforward application of $40,000 (or $20,000) per failed PSAP notification that could be implemented. 51. Moreover, we find a descending sliding scale appropriate because it both (i) accounts for the serious nature of the violation even in circumstances that are geographically confined to a small area and a small number of PSAPs, and (ii) avoids automatically resulting in potentially excessive penalties for nationwide outages. In sum, we base these tiers and per-PSAP penalties on our reasonable judgment of the harm caused by the number of PSAPs affected which is consistent with Commission enforcement precedent in other areas.135 However, we again note that if we determine that this sliding scale approach we adopt today for PSAP notification violations does not appear to be a strong enough deterrent for carriers to comply with the Commission’s 911 rules, we may in future cases assess a larger per PSAP amount.136 2. Base Forfeiture Applied 52. Applying the base forfeitures discussed above for failed 911 calls (section 9.4) and PSAPs not timely notified of 911 outages (section 4.9(f)), we propose a total base forfeiture of $474,000. 132 See Alpheus Commc’ns, LP, Notice of Apparent Liability for Forfeiture, 25 FCC Rcd 8993, 8997, para. 11 (Enf. Bur. 2010), consent decree entered, 26 FCC Rcd 11169 (EB 2011) (“[F]ailure to timely file the Notification has a more critical and significantly higher impact on public safety than does failure to timely file the Initial and Final Communications Outage Reports. … We set the base forfeiture at $40,000 per late filing for failure to timely file Notifications and at $20,000 per late filing for failure to timely file Initial and Final Communications Outage Reports.”); see also id. at 8995, para. 6 (“The Notification serves to inform the Commission that a major event has occurred and assists the Commission in determining ‘whether an immediate response is required (e.g., terrorist attack or systemic failure) and whether patterns of outages are emerging (e.g., phased terrorist attacks) that warrant further coordination or other action.’”) (footnote omitted). Although Alpheus was a Notice of Apparent Liability for Forfeiture issued by the Enforcement Bureau and was resolved by a Consent Decree, we find the reasoning convincing in terms of setting a base forfeiture amount for a violation of section 4.9 of the Commission’s rules for the reasons stated in the text. 133 Id. 134 See NENA: The 911 Association, 9-1-1 Statistics, https://www.nena.org/page/911Statistics (last visited May 12, 2023) (based on February 2021 statistics). 135 The Commission has applied a sliding scale to calculate forfeitures in other contexts, including for importing noncompliant DTV tuners. See, e.g., Syntax-Brillian, 22 FCC Rcd at 10536, para. 15; Hanspree North America, Inc., 23 FCC Rcd. 12902, 12907 para. 14 (EB 2008), aff’d Forfeiture Order, 24 FCC Rcd 3616 (EB 2009), modified Memorandum Opinion and Order, 27 FCC Rcd 7968 (EB 2012); see, also Qwest Corp., Notice of Apparent Liability for Forfeiture, 23 FCC Rcd 13451, 13455, para. 9 (2008) (implementing increasing sliding scale forfeiture methodology for violations of DTV education requirements). Although the overall number of possible violations is much lower, the sliding scale adopted by the Enforcement Bureau for Commission notification violations of section 4.9 of the Commission’s rules also supports a sliding scale here. See, also, supra note 132. 136 See supra note 129; see, also, e.g., T-Mobile USA, Inc., A Subsidiary of T-Mobile US, Inc., Forfeiture Order, FCC Rcd 10752, 10756, para. 11 (EB 2014) (revising forfeiture methodology to adequately reflect the nature and scope of violations); Caguas Educational TV, Inc., Notice of Apparent Liability for Forfeiture, 20 FCC Rcd 6093, 6097, para. 10 (EB 2005) (adjusting forfeiture amount to avoid excessive penalty). 20 Federal Communications Commission FCC 23-81 This is comprised of a base forfeiture of $364,000 for 364 failed 911 calls in the Second 911 Outage (364 x $1,000), a base forfeiture of $20,000 for the two untimely PSAP notifications in the First 911 Outage (2 x $10,000), and a base forfeiture of $90,000 for the nine untimely PSAP notifications in the Second 911 Outage (9 x $10,000). 3. Upward Adjustments 53. In addition, given the totality of the circumstances, and consistent with the Forfeiture Policy Statement, we conclude that a significant upward adjustment to the base forfeiture is warranted. First, the Commission has determined that large or highly profitable companies should expect to pay higher forfeitures for violations of the Act and the Commission’s rules.137 In 2022, Lumen’s gross revenues were more than $20.7 billion.138 Thus, to ensure that the forfeiture is an effective deterrent and not simply a cost of doing business for Lumen, a significant upward adjustment of the base forfeiture amount is further justified. In the present case, a larger forfeiture will protect the interests of consumers and deter entities from violating the Commission’s rules.139 54. Second, we also find that an upward adjustment is warranted for egregiousness. Lumen’s multi-day delay in notifying affected PSAPs of the First 911 Outage was so substantial as to constitute an egregious violation because Lumen failed to treat PSAP notification as a priority commensurate with the public safety nature of the matter.140 55. Finally, the Commission may also adjust a forfeiture upward where there is a history of prior violations of FCC requirements.141 With regard to its PSAP notification violations, in a 2015 consent decree, CenturyLink, Inc.—Lumen’s name at the time—paid a $16 million fine as part of settling an investigation into whether it (i) timely notified potentially affected PSAPs of a 911 outage in compliance with section 4.9(f) of the Commission’s rules, which it admitted it did not, and (ii) properly transmitted 911 calls to those PSAPs pursuant to section 64.3001 of the Commission’s rules (the former numbering of present section 9.4 of the Commission’s rules).142 In that consent decree, Lumen admitted to violating section 4.9(f) of the Commission’s rule by failing to timely notify 83 PSAPs in seven 137 See Forfeiture Policy Statement, supra note 124, at 17099–17100, paras. 23–24 (cautioning all entities and individuals that the Commission will take into account the violator’s ability to pay in determining a forfeiture to guarantee that large or highly profitable entities do not consider forfeitures merely an affordable cost of doing business, and noting that such entities should expect proposed forfeitures against them to be well above the applicable base amount); see also SM Radio, Inc., Order on Review, 23 FCC Rcd 2429, 2433, para. 12 (2008) (citations omitted); Tesla Exploration, Inc., Notice of Apparent Liability for Forfeiture, 27 FCC Rcd 9808, 9811, para. 10 & n.20 (2012); Union Oil, 27 FCC Rcd 13806, 13810, para. 10 (2012); GCI Commc’ns Corp., Notice of Apparent Liability for Forfeiture, 28 FCC Rcd 12991 (EB 2013) (doubling base forfeiture based on company’s ability to pay); Am. Movil, S.A.B. de C.V., Parent of Puerto Rico Tel. Co., Inc., Notice of Apparent Liability for Forfeiture, 26 FCC Rcd 8672, 8676, para. 10 (EB 2011) (same). 138 See Sec. & Exch. Comm’n, Lumen’s 2022 SEC 10-K filing, https://ir.lumen.com/financials/sec- filings/default.aspx. 139 See, e.g., Forfeiture Policy Statement, supra note 124, at 17098, para. 20 (1997) (recognizing the relevance of creating the appropriate deterrent effect in choosing a forfeiture); see also 47 CFR § 1.80(b)(11), Note 2 to paragraph (b)(11) (identifying upward adjustment criteria for section 503 forfeitures). 140 The Commission has upwardly adjusted for egregious conduct in prior 911 cases. See, e.g., Dobson Cellular, 21 FCC Rcd at 4707, para. 59. 141 47 CFR § 1.80(b)(11) at Table 3. 142 CenturyLink 2015 Consent Decree, supra note 86, at 2848. 21 Federal Communications Commission FCC 23-81 states.143 Lumen has also previously violated other Commission rules.144 These prior violations also warrant an upward adjustment. 56. Based on the foregoing, we propose to upwardly adjust the proposed forfeiture by $393,000 and resulting in a proposed forfeiture of $867,000. 4. Downward Adjustments 57. In applying the applicable statutory factors, we also consider whether there is any basis for a downward adjustment of the proposed forfeiture. Here, we find none. 58. Therefore, after applying the Forfeiture Policy Statement, section 1.80 of the Commission’s rules, and the statutory factors, we propose a total forfeiture of $867,000. IV. CONCLUSION 59. We have determined that Lumen apparently willfully and repeatedly violated sections 4.9 and 9.4 of the Commission’s rules. As such, Lumen is apparently liable for a forfeiture of $867,000. V. ORDERING CLAUSES 60. Accordingly, IT IS ORDERED that, pursuant to section 503(b) of the Act, 47 U.S.C. § 503(b), and section 1.80 of the Commission’s rules, 47 CFR § 1.80, Lumen Technologies, Inc. is hereby NOTIFIED of this APPARENT LIABILITY FOR A FORFEITURE in the amount of eight hundred and sixty-seven thousand dollars ($867,000) for willful and repeated violations of sections 4.9 and 9.4 of the Commission’s rules, 47 CFR §§ 4.9, 9.4. 61. IT IS FURTHER ORDERED that, pursuant to section 1.80 of the Commission’s rules, 47 CFR § 1.80, within thirty (30) calendar days of the release date of this Notice of Apparent Liability for Forfeiture, Lumen Technologies, Inc., SHALL PAY the full amount of the proposed forfeiture or SHALL FILE a written statement seeking reduction or cancellation of the proposed forfeiture consistent with paragraph 64 below. 62. In order for Lumen Technologies, Inc., to pay the proposed forfeiture, Lumen Technologies, Inc., shall notify the Spectrum Enforcement Division at EB-SED-Response@fcc.gov of its intent to pay, whereupon an invoice will be posted in the Commission’s Registration System (CORES) at https://apps.fcc.gov/cores/userLogin.do. Upon payment, Lumen Technologies, Inc., shall send electronic notification of payment to the Spectrum Enforcement Division, Enforcement Bureau, Federal Communications Commission, at EB-SED-Response@fcc.gov on the date said payment is made. Payment of the forfeiture must be made by credit card using CORES at https://apps.fcc.gov/cores/userLogin.do, ACH (Automated Clearing House) debit from a bank account, or by wire transfer from a bank account. The Commission no longer accepts forfeiture payments by check or money order. Below are instructions that payors should follow based on the form of payment selected:145 • Payment by wire transfer must be made to ABA Number 021030004, receiving bank TREAS/NYC, and Account Number 27000001. In the OBI field, enter the FRN(s) captioned 143 Id. at 2848, para. 1, 2850, para. 2(c), 2852, para. 9. 144 For example, the Commission’s Consumer and Governmental Affairs Bureau has found that CenturyLink engaged in the unauthorized change of a subscriber’s telecommunications carrier. See e.g., CenturyLink Complaints Regarding Unauthorized Change of Subscribers' Telecommunications Carrier, Order, 34 FCC Rcd 2839 (CGB 2019). 145 For questions regarding payment procedures, please contact the Financial Operations Group Help Desk by phone at 1-877-480-3201 (option #1). 22 Federal Communications Commission FCC 23-81 above and the letters “FORF”. In addition, a completed Form 159146 or printed CORES form147 must be faxed to the Federal Communications Commission at 202-418-2843 or e-mailed to RROGWireFaxes@fcc.gov on the same business day the wire transfer is initiated. Failure to provide all required information in Form 159 or CORES may result in payment not being recognized as having been received. When completing FCC Form 159 or CORES, enter the Account Number in block number 23A (call sign/other ID), enter the letters “FORF” in block number 24A (payment type code), and enter in block number 11 the FRN(s) captioned above (Payor FRN).148 For additional detail and wire transfer instructions, go to https://www.fcc.gov/licensing-databases/fees/wire-transfer. • Payment by credit card must be made by using CORES at https://apps.fcc.gov/cores/userLogin.do. To pay by credit card, log-in using the FCC Username associated to the FRN captioned above. If payment must be split across FRNs, complete this process for each FRN. Next, select “Manage Existing FRNs | FRN Financial | Bills & Fees” from the CORES Menu, then select FRN Financial and the view/make payments option next to the FRN. Select the “Open Bills” tab and find the bill number associated with the NAL Acct. No. The bill number is the NAL Acct. No. with the first two digits excluded (e.g., NAL 1912345678 would be associated with FCC Bill Number 12345678). After selecting the bill for payment, choose the “Pay by Credit Card” option. Please note that there is a $24,999.99 limit on credit card transactions. • Payment by ACH must be made by using CORES at https://apps.fcc.gov/cores/userLogin.do. To pay by ACH, log in using the FCC Username associated to the FRN captioned above. If payment must be split across FRNs, complete this process for each FRN. Next, select “Manage Existing FRNs | FRN Financial | Bills & Fees” on the CORES Menu, then select FRN Financial and the view/make payments option next to the FRN. Select the “Open Bills” tab and find the bill number associated with the NAL Acct. No. The bill number is the NAL Acct. No. with the first two digits excluded (e.g., NAL 1912345678 would be associated with FCC Bill Number 12345678). Finally, choose the “Pay from Bank Account” option. Please contact the appropriate financial institution to confirm the correct Routing Number and the correct account number from which payment will be made and verify with that financial institution that the designated account has authorization to accept ACH transactions. 63. Any request for making full payment over time under an installment plan should be sent to: Chief Financial Officer—Financial Operations, Federal Communications Commission, 45 L Street, NE, Washington, D.C. 20554.149 Questions regarding payment procedures should be directed to the Financial Operations Group Help Desk by phone, 1-877-480-3201, or by e-mail, ARINQUIRIES@fcc.gov. 64. The written statement seeking reduction or cancellation of the proposed forfeiture, if any, must include a detailed factual statement supported by appropriate documentation and affidavits pursuant to sections 1.16 and 1.80(f)(3) of the Commission’s rules.150 The written statement must be mailed to the Office of the Secretary, Federal Communications Commission, 45 L Street, NE, Washington, D.C. 20554, ATTN: Enforcement Bureau – Spectrum Enforcement Division, and must include the NAL/Account 146 FCC Form 159 is accessible at https://www fcc.gov/licensing-databases/fees/fcc-remittance-advice-form-159. 147 Information completed using the Commission’s Registration System (CORES) does not require the submission of an FCC Form 159. CORES is accessible at https://apps fcc.gov/cores/userLogin.do. 148 Instructions for completing the form may be obtained at http://www.fcc.gov/Forms/Form159/159.pdf. 149 See 47 CFR § 1.1914. 150 Id. §§ 1.16, 1.80(f)(3). 23 Federal Communications Commission FCC 23-81 Number referenced in the caption. The statement must also be e-mailed to the Spectrum Enforcement Division at EB-SED-Response@fcc.gov.151 65. The Commission will not consider reducing or canceling a forfeiture in response to a claim of inability to pay unless the petitioner submits the following documentation: (1) federal tax returns for the past three years; (2) financial statements for the past three years prepared according to generally accepted accounting practices; or (3) some other reliable and objective documentation that accurately reflects the petitioner’s current financial status.152 Any claim of inability to pay must specifically identify the basis for the claim by reference to the financial documentation. Inability to pay, however, is only one of several factors that the Commission will consider in determining the appropriate forfeiture, and we retain the discretion to decline reducing or canceling the forfeiture if other prongs of 47 U.S.C. § 503(b)(2)(E) support that result.153 66. IT IS FURTHER ORDERED that a copy of this Notice of Apparent Liability for Forfeiture shall be sent by first class mail and certified mail, return receipt requested, to Craig Brown, Assistant General Counsel, Lumen Technologies, Inc., 1025 Eldorado Blvd., Broomfield, CO 80021. FEDERAL COMMUNICATIONS COMMISSION Marlene H. Dortch Secretary 151 Any entity that is a “Small Business Concern” as defined in the Small Business Act (Pub. L. 85-536, as amended) may avail itself of rights set forth in that Act, including rights set forth in 15 U.S.C. § 657, “Oversight of Regulatory Enforcement,” in addition to other rights set forth herein. 152 47 U.S.C. § 503(b)(2)(E). 153 See, e.g., Ocean Adrian Hinson, Surry County, North Carolina, Forfeiture Order, 34 FCC Rcd 7619, 7621, para. 9 & n.21 (2019); Vearl Pennington and Michael Williamson, Forfeiture Order, 34 FCC Rcd 770, paras. 18–21 (2019); Fabrice Polynice, Harold Sido and Veronise Sido, North Miami, Florida, Forfeiture Order, 33 FCC Rcd 6852, 6860–62, paras. 21–25 (2018); Abramovich, 33 FCC Rcd at 4678-79, paras. 44-45; Purple Communications, Inc., Forfeiture Order, 30 FCC Rcd 14892, 14903-904, paras. 32-33 (2015); TV Max, Inc., et al., Forfeiture Order, 29 FCC Rcd 8648, 8661, para. 25 (2014). 24