Leader in Public Safety Communications™

Public Safety and Homeland Security Bureau Seeks Comment on Wireless Carriers’ Privacy and Security Plan for the National Emergency Address Database (NEAD)

DA 17-203

 

Released:  February 28, 2017

 

PUBLIC SAFETY AND HOMELAND SECURITY BUREAU SEEKS COMMENT ON WIRELESS CARRIERS’ PRIVACY AND SECURITY PLAN FOR THE NATIONAL EMERGENCY ADDRESS DATABASE (NEAD)

PS Docket No. 07-114

 

Comment Date:  March 20, 2017

Reply Comment Date:  March 30, 2017

By this Public Notice, the Public Safety and Homeland Security Bureau seeks comment on the Privacy and Security Plan (Plan) for the National Emergency Address Database (NEAD) submitted on February 3, 2017, by NEAD, LLC and national wireless carriers AT&T, T-Mobile USA, Sprint Corporation, and Verizon (collectively, Parties).[1]  The NEAD, which is being developed for the purpose of identifying the dispatchable location of wireless 911 callers when the caller is indoors,[2] is a database that will use media access control (MAC) address information of fixed indoor access points to locate nearby wireless devices.[3]  NEAD, LLC is a non-profit entity established by CTIA that will oversee development and operation of the NEAD platform and serve as the NEAD Administrator.[4]  In the Indoor Location Fourth Report and Order, the Commission required the nationwide CMRS providers to develop a detailed privacy and security plan for the NEAD and to submit it for Commission approval.[5]

The Plan states that information in the NEAD on wireless access points will generally come from three sources:  (i) service provider records of wireless access points, including MAC address, Bluetooth Public Device Address (BT-PDA) and location information; (ii) records from large enterprise systems (e.g., hotels, restaurants, and retail stores) of wireless access points, including MAC address, BT-PDA and location information; and (iii) “eventually, individual consumers, who will be able voluntarily to input information about their wireless access points not otherwise provided to the NEAD along with information necessary for verification.”[6]  The Plan describes the consumer privacy protections that will be incorporated into the operation of the NEAD platform.[7]  It also describes “comprehensive controls” to support the security and resiliency of the NEAD platform.[8]  We seek comment on the adequacy of these proposed privacy and security measures.  In addition, the Plan addresses personnel management and training, and provides that the NEAD platform will undergo privacy and cybersecurity risk assessments on at least an annual basis.[9]  We seek comment on these and all other aspects of the Plan.  Is there any additional information that the Parties should submit for the Commission’s consideration in evaluating the Plan?  Should the Plan specify procedures for informing the Commission or other interested parties in the event of a privacy or security breach of the NEAD platform?  Should it contain provisions for submission of updates, amendments, or risk assessment reports to the Commission?  We seek comment on these questions, as well as any other subjects that interested parties believe should be addressed in the Plan.

Pursuant to sections 1.415 and 1.419 of the Commission’s rules, 47 CFR §§ 1.415, 1.419, interested parties may file comments and reply comments on or before the dates indicated above.  Comments may be filed using the Commission’s Electronic Comment Filing System (ECFS).  All comments must reference PS Docket No. 07-114.  See Electronic Filing of Documents in Rulemaking Proceedings, 63 Fed. Reg. 24121 (1998).

  • Electronic Filers: Comments may be filed electronically using the Internet by accessing the

ECFS: https://www.fcc.gov/ecfs/.

  • Paper Filers:  Parties who choose to file by paper must file an original and one copy of each filing.  Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail.  All filings must be addressed to the Commission’s Secretary, Office of the Secretary, Federal Communications Commission.
    • All hand-delivered or messenger-delivered paper filings for the Commission’s Secretary must be delivered to FCC Headquarters at 445 12th St., SW, Room TW-A325, Washington, DC 20554.  The filing hours are 8:00 a.m. to 7:00 p.m.  All hand deliveries must be held together with rubber bands or fasteners.  Any envelopes and boxes must be disposed of before entering the building.
    • Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9300 East Hampton Drive, Capitol Heights, MD  20743.
    • U.S. Postal Service first-class, Express, and Priority mail must be addressed to 445 12th Street, SW, Washington DC  20554.

People with Disabilities:  To request materials in accessible formats for people with disabilities (Braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY).

This proceeding shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission’s ex parte rules.[10]  Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies).  Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation.  If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter’s written comments, memoranda or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum.  Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with rule 1.1206(b).  In proceedings governed by rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc, .xml, .ppt, searchable .pdf).  Participants in this proceeding should familiarize themselves with the Commission’s ex parte rules.

For further information, please contact Timothy May, Policy and Licensing Division, Public Safety and Homeland Security Bureau, at (202) 418-1463 or via email at Timothy.May@fcc.gov.

– FCC –

[1] See NEAD, LLC, AT&T, T-Mobile USA, Sprint Corporation, and Verizon, NEAD Privacy and Security Plan, PS Docket No. 07-114 (Feb. 3, 2017) at https://ecfsapi.fcc.gov/file/1020387572432/170203%20NEAD%20Privacy%20and%20Security%20Plan.pdf (Plan); see also NEAD, LLC, AT&T, T-Mobile USA, Sprint Corporation, and Verizon, Letter to Marlene H. Dortch, Secretary, Federal Communications Commission, PS Docket No. 07-114 (Feb. 3, 2017) at https://ecfsapi.fcc.gov/file/1020387572432/170203%20Cover%20Letter%20to%20NEAD%20Privacy%20and%20Security%20Plan.pdf (Cover Letter).

[2] See Wireless E911 Location Accuracy Requirements, Fourth Report and Order, 30 FCC Rcd 1259 (2015) (Indoor Location Fourth Report and Order) and rules at 47 CFR § 20.18(i) et seq.

[3] See 47 CFR § 20.18(i)(1)(iii); Indoor Location Fourth Report and Order, 30 FCC Rcd at 1279, para. 55.  “Dispatchable location” is “a location delivered to the PSAP by the CMRS provider with a 911 call that consists of the street address of the calling party, plus additional information such as suite, apartment or similar information necessary to adequately identify the location of the calling party.  The street address of the calling party must be validated and, to the extent possible, corroborated against other location information prior to delivery of dispatchable location information by the CMRS provider to the PSAP.”  47 CFR § 20.18(i)(1)(i); see also Indoor Location Fourth Report and Order, 30 FCC Rcd at 1273-74, paras. 43-44.

[4] See Cover Letter at 1; see also 47 CFR § 20.18(i)(4)(iii) (NEAD Administrator “will serve as a point of contact for the Commission and shall be accountable for the effectiveness of the security, privacy, and resiliency measures” of the plan).

[5] See Indoor Location Fourth Report and Order, 30 FCC Rcd at 1284-85, para. 69.  Nationwide CMRS providers were required to submit the privacy and security plan for the NEAD 18 months from the effective date of the rules adopted in the Indoor Location Fourth Report and Order.  The effective date of the applicable rule was August 3, 2015, when the Commission published notice of OMB approval of the information collection.  See 80 Fed. Reg. 45897 (Aug. 3, 2015).

[6] See Plan at 3.

[7] See Plan at 4-5.

[8] See Plan at 5-7.

[9] See Plan at 7-8.

[10] 47 CFR §§ 1.1200 et seq.

 

Read the Notice Here: DA-17-203A1

Contact Us