Connect with us

Expert Opinion

Rick Boucher: Data Privacy Rules Should Create Consistency, Not Chaos

Published

on

Following a string of data breaches that touched tens of millions of consumers, and revelations of user data exploitation by popular social media platforms, there’s a broad national consensus: It’s time for internet users to have guarantees about privacy and data protection. Legislation is long overdue.

Some states, such as California, have already taken action. One year ago, California passed a sweeping privacy protections law. Other states have expressed an intention to do so, and Congress is expected to consider legislation. What’s the best way forward?

Congress must take its responsibility to protect user privacy and data seriously. At a minimum, any new federal law should provide internet users with the knowledge of which personal information is collected by the websites they visit and how that information is used. They should have a meaningful opportunity to opt out of these collection and use practices.

Congress should also ensure that any user’s sensitive personal identification information — such as a driver’s license, credit card number or Social Security number — can be collected and retained only with that user’s consent. Reasonable rights to access and correct user-provided information should also be afforded.

But it’s important to realize that web services are offered on a national basis and many would be disrupted by a multiplicity of diverse and contradictory state privacy requirements. The compliance costs could be enormous, particularly for small and startup businesses. There may be situations where it’s literally impossible to comply with the conflicting requirements of different states’ laws.

Not only would compliance with various state requirements be exceedingly difficult, consumers would be constantly unsure about which state’s privacy requirements apply. Consider the mobile service provider whose customer lives in one state, travels to another state and accesses an e-commerce site headquartered in a third state. The service provider is headquartered in a fourth state and uses a server data center in a fifth state.

Whose law applies — the state of residence of the customer or internet edge provider? The state of location of the customer or that of the service provider? Or the state where a server sends and receives customer messages?

To avoid this obvious confusion, it’s far better for Congress to adopt one strong, clear national privacy standard that would be applicable across the entire internet ecosystem, from the service provider to content-providing companies. In order to prevent disruption and consumer confusion in the application of an internet privacy law, Congress should pass its own privacy standard that preempts the states from their own regulation.

Such action would certainly not be new. Congress routinely preempts states in instances where a single uniform national standard is called for.

For example, in the Energy Policy and Conservation Act, Congress preempted state (and local) action on the energy efficiency of appliances where a national standard is in place. In the Toxic Substances Control Act, Congress preempted state action in favor of national regulation of chemicals covered by Environmental Protection Agency rules. Congress has also been quite clear that action by the Food and Drug Administration preempts conflicting state standards in the area of approval of new pharmaceuticals and medical devices.

Appliances, chemicals, prescription drugs, medical devices — all of these are goods of major importance to the national economy. So too is e-commerce involving the sale of both physical and digital goods. Federal preemption was right in the areas referenced above and, to avoid harming the internet economy and preventing consumer misunderstanding, is also right for data privacy standards.

It would be a critical mistake for Congress to enact a data privacy law that only provides a base from which the states can add additional requirements. Through the resulting disruption and chaos, harm would come to the internet economy while doing little if anything to advance real privacy for internet users.

A single, strong national data privacy standard would provide clear rules for companies to follow while fostering consumer understanding of the privacy assurances that have been extended to them.

Fortunately, the need for data privacy protection enjoys rare, widespread bipartisan support. It’s now Congress’ turn to act.

Rick Boucher was a member of the U.S. House for 28 years, representing Virginia’s ninth district. He chaired the House Energy and Commerce Committee’s Subcommittee on Communications and the Internet. He is honorary chairman of the Internet Innovation Alliance and a partner in the Washington, D.C., office of the law firm Sidley Austin. (This piece was originally published in the San Francisco Chronicle on June 26, 2019, and is reprinted with permission of the author.)

BroadbandBreakfast.com accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@broadbandcensus.com. The views reflected in Expert Opinion pieces do not necessarily reflect the views of BroadbandBreakfast.com and Breakfast Media LLC.

Rick Boucher was a member of the U.S. House for 28 years, representing Virginia’s ninth district. He chaired the House Energy and Commerce Committee’s Subcommittee on Communications and the Internet. He is honorary chairman of the Internet Innovation Alliance and a partner in the Washington, D.C., office of the law firm Sidley Austin.

Broadband's Impact

Steve Lacoff: A New Standard for the ‘Cloudification’ of Communications Services

The cloudification of communications services makes it easy to include voice, data, SMS, and video within any existing service.

Published

on

The author of this Expert Opinion is Steve Lacoff, general manager of Avalara for communications

The line of demarcation between what has traditionally been considered a telecommunications service was once very clear. It was tangible – there were wires, end points, towers, switches, facilities. Essentially, there was infrastructure required to relay voice or data from point A to point B.

Today that line is fuzzy, if not invisible. The legacy infrastructure remains, but an industry of cloud-based services that don’t require the physical connections has exploded. Voice, data, SMS, and video conferencing can now be conveniently delivered OTT. Enabled by simple API integrations, businesses can embed just one of these services or a complete communications platform-as-a-service (CPaaS) into an app, service, or product.

Cloudification is a game changer

This “cloudification” of communications services makes it easy to include voice, data, SMS, and video within any existing application, product, or service. These are essential components for many business models.

Consider these services we have come to rely on in our daily lives: food or grocery delivery, ride services, and business and personal communications. These require multiple methods of communication with shoppers, drivers, co-workers, watch party groups, and external business partners.

The exciting news is there is no end in sight. Use cases will continue to evolve and growth will continue to skyrocket. The scale cloud delivery accommodates is massive. These untethered, easy to embed communications services are a critical differentiator for both business-to-business and business-to-consumer buyers, and the lifeblood of the businesses providing both the end user subscriptions and the APIs.

In fact, one industry juggernaut saw H1 YoY video application service demand grow nearly 600% in 2020.

Not surprisingly, as business demand for these services increases smaller CPaaS players continue to enter the market to quickly snag market share. According to a recent IDC study, “the global market revenue for CPaaS reached $5.9bn in 2020, up from $4.26bn in 2019, and is expected to reach $17.71bn by 2024.”

Merger and acquisition activity is aligned with this hockey stick growth forecast. Large telcos, SaaS providers, and even other CPaaS providers are all on the hunt. Whether they want to add additional features to punch up their products or eliminate the competition in a very tight, nuanced market, the end game is clear – as the market expands, the players will ultimately contract leaving only the most competitive offerings.

Don’t let communications tax take you by surprise

One of the least understood risks when adding cloud-based voice, data, SMS, or video conferencing to an existing product or service is new eligibility for and exposure to the complex world of communications taxation. Making mistakes can get costly very quickly.

Here are some of the key pitfalls to keep an eye on:

  • Expanded nexus: Understanding communications tax nexus is different – and exceptionally more complicated – than sales tax. There are approximately 60,000 federal, state, local, and special taxing jurisdictions, each with uniquely complex rules that tend to change at their own pace. Rules are very different for each service.
  • More complex calculations: The more communications services you provide via API, the more complicated communications taxes will be. Each feature can be taxed at different rates in each individual jurisdiction, or the whole bundle can be taxed at one rate. It’s critical to monitor monthly to avoid audit issues.
  • Maintaining overall compliance: Just as tax rates and rules need to be maintained, so must tax and regulatory filing forms in each jurisdiction. Some of these are very long and require significant detail.  They must be filed in a timely, accurate cadence to avoid additional audit risk.

Bottom line: Don’t assume, be prepared! As these communications services become more pervasive a larger swath of technology providers will find themselves liable for communications tax. The more your business falls behind, the more it can cost you.

It pays to be proactive and prepared. Tax and legal advisory experts can help determine your level of risk, and tax and compliance software providers can help you keep up with changing rules and regulations. Don’t underestimate the ongoing value of networking with peers who are either struggling to answer the same questions or have already overcome the hurdles you’re facing today.

Steve Lacoff is General Manager of Avalara for Communications. With a focus on data, VoIP, and video streaming, Steve has spent 15 years in various product and marketing leadership roles in communications and technology industries, including Disney’s streaming services and Comcast technology solutions. Steve now drives business strategy on today’s changing industry landscape and associated tax impacts. This piece is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views expressed in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Expert Opinion

Jonathan Marashlian: The Legal Landscape Emerging for Robocalls Under the TRACED Act

The biggest risk is likely to come through enforcement actions by state attorneys general and civil litigation, says Marashlian.

Published

on

Jonathan Marashlian, Managing Partner of Marashlian & Donahue, LLC, The CommLaw Group, is the author of this Expert Opinion

Requirements for voice service providers emerging from the TRACED Act and the Federal Communications Commission orders that followed have changed the risks and threats to voice service providers.

Voice service providers have just passed some major milestones: Certifying SHAKEN and/or robocall mitigation in the FCC database and refusing calls from unregistered upstream providers. Does that mean it is time to kick back and relax?

Not at all. The legal landscape in the new STIR/SHAKEN era is much larger and more diverse than mere technical compliance with FCC requirements.

We are already seeing clear and unmistakable signs that compliance with the bare minimum requirements established by the FCC—implementing STIR/SHAKEN and robocall mitigation plan procedures—is insufficient to mitigate the myriad of business risks arising from the government onslaught against the scourge of illegal robocalling.

Reading the tea leaves, the biggest risk or threat is likely to come through enforcement actions by state attorneys general and civil litigation initiated by private parties. Wherever the legal landscape provides the opportunity to recover damages, class action plaintiff’s lawyers and attorneys for large enterprise consumers of voice services, such as call center operators, are certain to seize upon those opportunities.

‘Know your Customer’ rules come to the telecom industry

We anticipate that questions around the meaning of and extent to which the “Know Your Customer” requirements apply in different contexts will ultimately be answered through litigation and enforcement, and less so through the FCC regulatory rulemaking process. Questions around damages and who is or can be held responsible for originating, passing, or terminating illegal robocalls are also going to be fleshed out by regulatory enforcement and private litigation.

Perhaps the most significant risk, even more so than the FCC, are the federal and state consumer protection laws that are being developed around robocall mitigation. Starting with the Federal Trade Commission (FTC), where the FTC’s strict “known or should have known” standard is applied to hold voice service providers accountable for illegal robocallers using their networks.

Many service providers and telecom consultants pore over FCC regulations to try and understand the requirements. Is that sufficient? Are there other things they need to worry about?

FCC regulations are a good starting point and, telecommunications providers should stay abreast of updated regulations and releases. However, FCC regulatory compliance alone may not be enough to defend an action if provider’s face the FTC and state attorneys general’s “known or should have known” standard or the creative, evolving litigation strategy of the plaintiff’s bar.

Marriott filed a lawsuit in federal court against unknown perpetrators, “John Does,” who made illegal robocalls misusing Marriott’s name. Why would Marriott do that? What’s the point?

This is sheer speculation, but as often turns out, the actual perpetrators who harmed Marriott likely will be insolvent or outside the reach of Marriott. By using “John Does,” Marriott preserves its ability to amend its complaint to implead carriers and providers that carried or transported the fraudulent traffic.

Marriott could rely on the FTC’s “known or should have known” standard to show underlying carriers are the “John Does” that profited from bad actors (now insolvent or extra-judicial). It’s unlikely Marriott would commence this litigation without a strategy outside positive public relations for pursuing bad actions; rather, the “John Does” will likely turn out to be carriers of bad traffic who settle Marriott’s claims.

The Call Authentication Trust Anchor Working Group issued Caller ID Authentication Best Practices, which the FCC published and endorsed as voluntary measures. Then the Fourth Report and Order on Robocall Prevention mandated affirmative obligations to prevent service providers from originating robocalls. It seems like momentum is building toward holding service providers responsible for knowing their customers and the nature of their calls.

Based on recent trends, there is certainly momentum in that direction and Know Your Customer will likely continue to grow in importance. Thus, providers should ensure they have a good KYC policy in place, particularly as new risks emerge, and scrutiny grows. However, as discussed above, this appears largely driven by the FTC and state attorney general actions.

Of note, the Industry Traceback Group in July 2021 published a Policies and Procedures booklet with a best practices section. All voice service providers should review the booklet, and particularly the best practices. Accountability will keep mounting and the weakest link—the weakest KYC policy—will be the first to break, and that provider will be accountable and “holding the bag.”

Jonathan Marashlian is Managing Partner of Marashlian & Donahue, PLLC, The CommLaw Group, a full-service telecom law firm located in the Washington, D.C., area catering to businesses operating in and around the dynamic and diverse communications and information technology industries. Their clients include providers of VoIP, wireless and traditional telecommunications services, SaaS-based and cloud computing technologists and Internet-of-Things application and network vendors. The CommLaw Group has formed a Robocall Mitigation Response Team to help clients achieve the level of compliance needed to avoid the emerging threats of litigation and regulatory enforcement. Jonathan S. Marashlian may be reached by email or by phone at 703-714-1313.

A prior version of this piece was published on October 6, 2021, on TransNexus. This lightly-edited Expert Opinion is reprinted with permission. Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views expressed in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Expert Opinion

Mike Harris: Investing in Open Access Fiber Optics is Investing in the Future

Chattanooga’s municipal broadband network has delivered $2.7 billion in social and economic benefits during its first decade.

Published

on

The author of this Expert Opinion is Mike Harris, the co-founder of SiFi Networks.

In the United States, most Internet Service Providers are privately owned companies who have established copper network infrastructure exclusively for their own use, forcing customers into often unreliable, unsustainable internet package deals. But in 2010, the small city of Chattanooga, Tennessee invested in an early publicly owned fiber optic network.

As the co-founder of open-access telecom company SiFi Networks, I believe that investments in similar open-access infrastructure will help bridge community divides and futureproof a city’s economic and social prosperity.

According to a study by Bento Lobo, department head of finance and economics at the University of Tennessee, Chattanooga’s municipal broadband has delivered over $2.69 billion worth of social and economic benefits during its first decade. With a population of just 185,000, imagine the potential savings for a city the size of New York.

So, how did Chattanooga achieve this and what were the city’s motivations?

Motives behind the madness

In 1969, Chattanooga was dubbed America’s dirtiest city. A post-industrial wasteland, it entered the late twentieth century with a stagnant economy, declining population and high levels of unemployment following the closure of its large manufacturing factories. It’s not surprising that decades later publicly owned utility company, EPB, chose to invest in its residents’ future.

EPB began replacing the underground copper wiring — originally established to exclusively handle telephone calls — with fiber optic cables feeding connectivity to the entire community. Fiber optic networks are vastly superior to copper because they can transport data using photons travelling at the speed of light. Previous infrastructure uses electrons capable of less than one per cent of that speed.

Where before Chattanooga was perceived as an underdeveloped, low-income area, suddenly businesses were moving in, employment was growing, and more adolescents were graduating from high school. Is it about time for other cities to follow suit?

Why other cities should follow suit

Internet connectivity is a human right much like water, electricity and gas utilities. Yet 21 million U.S. citizens are still living without reliable broadband according to the Pew Charitable Trusts. Research also shows that 40 percent of schools and 60 percent of healthcare facilities outside metropolitan regions lack internet download speeds of at least 25 Megabits per second (Mbps) and upload speeds of at least 3 Mbps. This is the acceptable speed defining a reliable broadband connection.

As the Chattanooga model demonstrates, the solution is the establishment of fiber optic infrastructure. With fiber networks, EPB offers residents and businesses gigabit speeds of up to 1,000 Mbps, or 1 Gigabit per second. In hindsight, with this capacity Hamilton County was well equipped to deal with the 75 percent increase in total volume of bandwidth being used per day during the pandemic, with residents being forced to work and educate from their homes.

These gigabit speeds also allow for a high degree of network responsiveness necessary for establishing a smart grid system. Most US cities use standard grid systems, which rely on consumers informing a service when they have a power outage or system failure.

Smart grids establish a two-way communication network using digital devices and automation so that service providers are notified immediately when problems occur. EPB’s Hamilton County smart grid, for example, can quickly re-route power around storm damage decreasing outages by 40 per cent in minutes, according to Lobo’s study. He estimates Chattanooga’s consumers will save $20.6 million per annum simply from avoiding spoilage and loss of productivity due to power outages.

Saving money, saving livelihoods

EPB has more than proven that fiber networks are a socioeconomic investment benefitting everyone, not just those lucky enough to live in a fiber area. Better, faster connectivity will enable businesses in all neighbourhoods to thrive, creating job opportunities. During the ‘gig decade’ (2011-2020), EPB’s fiber network directly supported the creation or retention of approximately 9,500 jobs in Hamilton County, luring the migration of global corporations like Volkswagen. The U.S. Bureau of Labor Statistics has reflected this, stating Hamilton County’s unemployment rate being 4.7 percent as of November 2020, compared to the U.S. overall percentage of 6.7.

Chattanooga at night

The social benefits don’t stop here. A study by South Australia’s premier, Jay Weatherill, correlated gigabit networks with improved support for police and fire communications, wastewater management, traffic control and medical diagnostics. These are all features of SiFi Networks’ FiberCity and if Chattanooga has demonstrated anything, it is that fiber networks improve residents’ quality of living above all else.

FiberCity — the next step?

Chattanooga has demonstrated the importance of staying connected. To this end, becoming a SiFi Networks FiberCity could be the next step for cities across the US.

Privately financed networks, like SiFi Networks’, are often the best option to guarantee necessary funding for construction, maintenance and expansion of fiber infrastructure. Municipalities wouldn’t have to rely on taxpayer’s dollars, which can instead be diverted to healthcare, education and other social entities. During a period of continuous technological evolution, FiberCities have one simple mission: to combine advantages of Chattanooga’s gigabit speeds with futureproofed smart city services across the U.S.

Mike Harris is a successful entrepreneur and technologist, having previously founded Total Network Solutions Ltd in 1989, which he later sold to UK telecoms giant British Telecom in 2005. He subsequently co-founded SiFi Networks and is a current investor in the company. He is also the chairman and owner of the New Saints Football Club in Wales, UK. This piece is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views expressed in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending