FCC Revisits Net Neutrality, Extending Reach and Targeting National Security and Cybersecurity

Charles Mathias, Katy J. Milner
Hogan Lovells
Contact
LinkedIn
Facebook
X
Send
Embed

Hogan Lovells[co-author: Khaosara Akapolawal, Thomas Veitch]

Last week the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking proposing to reclassify broadband internet access service (BIAS) as a Title II common carrier service and reinstate net neutrality rules. If adopted, this proposal would subject BIAS providers to significantly increased federal regulation. In addition, this rulemaking reflects the FCC’s continuing focus on cybersecurity and national security issues impacting the telecom industry. Interested parties may wish to submit written comments on the NPRM to the FCC – comments are due December 14, 2023 and reply comments are due January 17, 2024.

The Federal Communications Commission (FCC or Commission) released a Notice of Proposed Rulemaking (NPRM) regarding reinstating net neutrality rules that would prohibit providers of Broadband Internet Access Service (BIAS) from blocking or throttling Internet traffic or from engaging in paid prioritization of traffic. As part of this proceeding, the FCC proposes to reclassify broadband providers as common carriers, subjecting them to greater regulation. In justifying these changes, the Commission states that the new rules will strengthen its ability to secure communications infrastructure against national security threats and support its efforts to enhance cybersecurity in the communications sector. This NPRM is likely to affect numerous stakeholders inside and outside the communications sector, and may open the door to new regulations and obligations.

Background

The fundamental principle behind net neutrality is that Internet Service Providers (ISPs) must treat all data and content equally. To that end, the FCC is proposing to regulate how ISPs handle traffic on their networks. NPRM ¶¶ 151-68. Critically, the FCC would classify BIAS as a telecommunications service under Title II of the Telecommunications Act of 1996, thus treating BIAS providers as common carriers, which are subject to more onerous regulatory requirements. NPRM ¶ 59. The FCC adopted a similar scheme under President Obama but rolled it back under President Trump. With a new 3-2 Democratic majority of FCC Commissioners, the Commission is now revisiting the issue.

The FCC’s Proposed Rules

The proposed rules would define BIAS as “a mass-market retail service by wire or radio that provides the capability to transmit data to and receive data from all or substantially all internet endpoints, including any capabilities that are incidental to and enable the operation of the communications service, but excluding dial-up internet access service.” NPRM ¶ 59. BIAS also “encompasses any services that the Commission finds to be providing a functional equivalent of the service [in the definition] or that is used to evade the protections set forth in this part.” NPRM ¶ 59 The proposed rules would bar ISPs from blocking content, slowing access, or offering fast lanes for some services for a fee. NPRM ¶¶ 151-58. The proposal also includes a “general conduct” rule giving the Commission leeway to “prohibit practices that unreasonably interfere with or disadvantage consumers or edge providers.” NPRM ¶ 164.

The NPRM suggests “that to the extent coffee shops, bookstores, airlines, private end-user networks such as libraries and universities, and other businesses acquire broadband Internet access service from an ISP to enable patrons to access the Internet from their respective establishments, provision of such service by the premise operator would not itself be considered BIAS unless it was offered to patrons as a retail mass-market service.” NPRM ¶ 62. However, the FCC seeks comment “on any changed circumstances that would justify” a different approach. NPRM ¶ 62.

Who is Subject to the Proposed Rules – and Why It Matters

To assess the impact of the NPRM, businesses should consider whether any of their services might qualify as BIAS. The carveout for businesses that acquire BIAS to provide patrons with access is not written into the proposed BIAS definition and is subject to change. Moreover, the proposed definition gives the FCC wide latitude by allowing it to find that services are functionally equivalent to BIAS. These are key issues to be addressed during the rulemaking.

Businesses should note the risk of new regulations applying to their operations even if they do not offer BIAS. The NPRM asks about creating “cybersecurity requirements for other components that facilitate communications between end points,” NPRM ¶ 32, and “seek[s] comment on the development of third-party services and devices that utilize BIAS,” observing the “substantial market proliferation of third-party services and devices” and noting “that consumers’ use of these offerings significantly outweigh their use of ISPs’ affiliated offerings,” NPRM ¶ 20. Similarly, the NPRM explains that “the current classification of BIAS limits” the FCC’s ability “to address cyber incidents impacting the communications sector, as well as other critical infrastructure sectors,” which suggests that the FCC is looking beyond the communications industry. NPRM ¶ 30.

Additionally, businesses should consider how new rules for ISPs may affect their own business. For example, the FCC might require ISPs to block access to IP addresses associated with malware. NPRM ¶ 32.

Expanding Regulations for National Security and Cybersecurity

Businesses should keep in mind that the FCC may use any final rule as a springboard for future regulation. As FCC Chairwoman Jessica Rosenworcel noted in a statement, net neutrality “is not the end of the story.” By classifying broadband providers as common carriers, she said, the Commission will position itself to pursue regulations supporting national security and cybersecurity, among other initiatives.

The NPRM asks broadly for ideas about regulations that reclassification would make possible to promote national security and cybersecurity. NPRM ¶ 28, ¶ 32. For example, the FCC might pursue rules that increase law enforcement’s ability to seek assistance from service providers, NPRM ¶ 28, ban certain equipment, NPRM ¶ 29, or “mandat[e] that service providers implement cybersecurity practices and risk management plans,” NPRM ¶ 30.

Who Needs to Engage

Companies across all sectors providing some form of BIAS should consider weighing in. Among others, this includes hospitals with private networks, hotel chains, universities, stadiums, factories, airlines, satellite companies, and operators of corporate campuses.

Stakeholders should further consider whether they are developing a service that would not currently qualify as BIAS under the proposal but might in the future. And stakeholders involved in activities that present heightened national security or cybersecurity risks—such as risks arising from a large international presence—should especially consider weighing in.

Even if stakeholders do not provide BIAS, they should consider whether their business relies on activities likely to be impacted by the rules.

Next Steps

Initial comments are due December 14, 2023, and reply comments are due January 17, 2024.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hogan Lovells | Attorney Advertising

Written by:

Hogan Lovells
Hogan Lovells
Contact
more
less

Hogan Lovells on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide