Improving Video Relay Service and Direct Video Calling
| Published date | 06 June 2019 |
| Citation | 84 FR 26379 |
| Record Number | 2019-11210 |
| Section | Proposed rules |
| Court | Federal Communications Commission |
Federal Register, Volume 84 Issue 109 (Thursday, June 6, 2019)
[Federal Register Volume 84, Number 109 (Thursday, June 6, 2019)]
[Proposed Rules]
[Pages 26379-26387]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-11210]
=======================================================================
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Part 64
[CG Docket Nos. 10-51 and 03-123; FCC 19-39]
Improving Video Relay Service and Direct Video Calling
AGENCY: Federal Communications Commission.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: In this document, the Federal Communications Commission (FCC
or Commission) proposes to: permit communications assistants (CAs) to
handle video relay service (VRS) calls at home on a permanent basis;
allow VRS providers to provide service to new and porting VRS users for
up to two weeks while the telecommunications relay service (TRS) user
registration database (User Database or Database) administrator is
verifying the user's registration information, with compensation paid
only after the user's identity is verified; and implement log-in
procedures to authenticate users prior to their use of enterprise and
public videophones for VRS calls. By these proposals, the Commission
seeks to improve VRS while safeguarding the program against waste,
fraud, and abuse.
DATES: Comments are due August 5, 2019. Reply comments are due
September 4, 2019.
ADDRESSES: You may submit comments, identified by CG Docket Nos. 10-51
and 03-123, by either of the following methods:
Federal Communications Commission's website: https://www.fcc.gov/ecfs/filings. Follow the instructions for submitting
comments.
Paper Filers: Parties who choose to file by paper must
file an original and one copy of each filing. If more than one docket
or rulemaking number appears in the caption of this proceeding, filers
must submit two additional copies for each additional docket or
rulemaking number. Filings can be sent by hand or messenger delivery,
by commercial overnight courier, or by first-class or overnight U.S.
Postal Service mail. All filings must be addressed to the Commission's
Secretary, Office of the Secretary, Federal Communications Commission.
People with Disabilities: Contact the FCC to request
reasonable accommodations (accessible format documents, sign language
interpreters, CART, etc.) by email: [email protected] or phone: (202) 418-
0530 or TTY: (888) 835-5322.
For detailed instructions for submitting comments and additional
information on the rulemaking process, see document FCC 19-39 at:
https://docs.fcc.gov/public/attachments/FCC-19-39A1.pdf.
FOR FURTHER INFORMATION CONTACT: Michael Scott, Consumer and
Governmental Affairs Bureau, at (202) 418-1264, or email
[email protected].
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's
Further Notice of Proposed Rulemaking
[[Page 26380]]
(FNPRM), document FCC 19-39, adopted on May 9, 2019, released on May
15, 2019, in CG Docket Nos. 10-51 and 03-123. The Report and Order in
document FCC 19-39 is published elsewhere in this issue of the Federal
Register. The full text of document FCC 19-39 is available for public
inspection and copying via the Commission's Electronic Comment Filing
System (ECFS), and during regular business hours at the FCC Reference
Information Center, Portals II, 445 12th Street SW, Room CY-A257,
Washington, DC 20554. To request materials in accessible formats for
people with disabilities (Braille, large print, electronic files, audio
format), send an email to [email protected] or call the Consumer and
Governmental Affairs Bureau at (202) 418-0530 (voice) or (202) 418-0432
(TTY).
This proceeding shall be treated as a ``permit-but-disclose''
proceeding in accordance with the Commission's ex parte rules. 47 CFR
1.1200 et seq. Persons making ex parte presentations must file a copy
of any written presentation or a memorandum summarizing any oral
presentation within two business days after the presentation (unless a
different deadline applicable to the Sunshine period applies). Persons
making oral ex parte presentations are reminded that memoranda
summarizing the presentation must (1) list all persons attending or
otherwise participating in the meeting at which the ex parte
presentation was made, and (2) summarize all data presented and
arguments made during the presentation. If the presentation consisted
in whole or in part of the presentation of data or arguments already
reflected in the presenter's written comments, memoranda, or other
filings in the proceeding, the presenter may provide citations to such
data or arguments in his or her prior comments, memoranda, or other
filings (specifying the relevant page and/or paragraph numbers where
such data or arguments can be found) in lieu of summarizing them in the
memorandum. Documents shown or given to Commission staff during ex
parte meetings are deemed to be written ex parte presentations and must
be filed consistent with rule 1.1206(b). In proceedings governed by
rule 1.49(f) or for which the Commission has made available a method of
electronic filing, written ex parte presentations and memoranda
summarizing oral ex parte presentations, and all attachments thereto,
must be filed through the electronic comment filing system available
for that proceeding, and must be filed in their native format (e.g.,
.doc, .xml, .ppt, searchable .pdf). Participants in this proceeding
should familiarize themselves with the Commission's ex parte rules.
Initial Paperwork Reduction Act of 1995 Analysis
The FNPRM in document FCC 19-39 seeks comment on proposed rule
amendments that may result in modified information collection
requirements. If the Commission adopts any modified information
collection requirements, the Commission will publish another notice in
the Federal Register inviting the public to comment on the
requirements, as required by the Paperwork Reduction Act. Public Law
104-13; 44 U.S.C. 3501-3520. In addition, pursuant to the Small
Business Paperwork Relief Act of 2002, the Commission seeks comment on
how it might further reduce the information collection burden for small
business concerns with fewer than 25 employees. Public Law 107-198; 44
U.S.C. 3506(c)(4).
Synopsis
1. VRS is a form of TRS that enables people with hearing or speech
disabilities who use sign language to make telephone calls over
broadband with a videophone. In addition to enabling communication
between American Sign Language (ASL) users and voice users, the VRS
system also enables ASL users to communicate directly with other ASL
users via video.
Permitting At-Home Interpreting on a Permanent Basis
2. The Commission proposes to convert the Commission's pilot VRS
at-home call-handling program, which allows VRS providers to have their
CAs handle some VRS calls from at-home workstations, to a permanent
program that will be subject to safeguards designed to maintain service
quality, protect call confidentiality, and prevent waste, fraud, and
abuse. The Commission believes that taking this action is likely to
expand the available pool of qualified sign-language interpreters who
can work as VRS interpreters (i.e., CAs) and improve VRS reliability,
which will advance the Commission's goal of ensuring a high quality,
functionally equivalent VRS program in furtherance of the objectives of
section 225 of the Communications Act.
3. The Commission believes that the benefits anticipated in the
pilot at-home call-handling program are being realized. Specifically,
the VRS provider reports required under the pilot program indicate that
allowing CAs to work at home: has enabled providers to attract and
retain qualified CAs for whom working at the companies' call centers is
not a practical option; has improved working conditions and
productivity of CAs working at home; can improve network reliability
and redundancy; and has the potential to help providers better respond
to calls in accordance with the Commission's speed-of-answer rules when
unforeseen circumstances occur. The Commission seeks comment on whether
this depiction of these benefits is accurate, and whether other
benefits have been realized during the pilot program or are likely to
be realized if the program is authorized on a permanent basis. Are
there any disadvantages to making this program permanent?
4. The Commission also seeks comment on whether, and to what
extent, a rule change permitting at-home interpreting is likely to
reduce or increase the total costs of the VRS program. Current program
participants anticipate a significant net savings in VRS costs if
permanent authorization allows the scale of the program to be expanded.
The Commission seeks comment on how this would be achieved, and any
additional information about costs incurred by participating providers.
For example, costs could include training and supervising CAs,
installing facilities and software to serve home workstations,
troubleshooting and maintaining security at home workstations, ensuring
compliance, and preparing required reports.
5. The Commission believes that the various safeguards established
as conditions for participation in the pilot program generally have
been effective in preventing waste, fraud, and abuse, meeting the TRS
mandatory minimum standards, and ensuring the confidentiality,
reliability, and quality of at-home interpreting. The Commission seeks
comment on the extent to which the pilot program's safeguards generally
have been effective. The Commission lists below each of the safeguards
and seeks comment on the extent to which each should be retained,
modified, eliminated, or supplemented if the Commission makes this
program permanent. When responding, the Commission urges commenters,
especially participating providers, to provide detailed information,
including quantitative data to the extent available, in support of
their views on whether and how these governing rules should be
modified, as well as the costs and benefits of incorporating each into
the
[[Page 26381]]
permanent program. Further, the Commission seeks comment on any
differences in call quality between traditional call centers and CAs
working from home.
6. Personnel Safeguards. The pilot program requires CAs working
from their homes to have a minimum of three years of VRS experience. In
addition, before allowing a CA to work at home, a VRS provider must:
Ensure that the CA has sufficient experience, skills, and
knowledge to effectively interpret from at-home workstations, including
a thorough understanding of the Commission's mandatory minimum
standards;
Provide additional training to CAs to ensure that they
understand and follow the provider's protocols for at-home call
handling;
Establish, and provide to the CA in writing, the grounds
and process for dismissal from the at-home program if the CA fails to
adhere to the Commission's TRS rules, including the specific
requirements for at-home call handling; and
Obtain a written certification from each CA as to their
understanding of and commitment to complying with the Commission's TRS
rules, and their understanding of the grounds and process for dismissal
from the at-home program.
While CAs are working from home, the VRS provider must:
Provide support equivalent to that provided CAs in call
centers, including, where appropriate, the opportunity to team
interpret; and
Ensure that supervisors are readily available to resolve
problems that may arise during a relay call.
Are these requirements effective in ensuring that CAs working at
home can effectively handle VRS calls or should they be modified in any
way? What, if any, screening, training, and disciplinary issues have
been encountered in the pilot program and how have these been
addressed? How should any such issues be dealt with in the Commission's
rules?
7. Technical and Environmental Safeguards. Under the pilot program,
VRS providers are required to ensure that at-home workstations enable
the provision of confidential and uninterrupted service to the same
extent as the provider's call center, and that calls handled by at-home
CAs are seamlessly integrated into the provider's call routing,
distribution, tracking, and support systems. Specifically, the provider
must:
Require that home workstations be placed in a separate
location within the home, with restricted access and effective means to
minimize the impact of outside noise and prevent eavesdropping;
Configure at-home workstations to enable the CA to use all
call-handling technology to the same extent as other CAs, including the
ability to transition a non-emergency call to an emergency call, engage
in virtual teaming with another CA, and allow supervisors to
communicate with and oversee calls;
Ensure that each at-home workstation is capable of
supporting VRS in compliance with the Commission's mandatory minimum
standards, including the provision of system redundancy and other
safeguards to the same degree as at call centers, and including the
ability to route VRS calls around individual CA workstations in the
event they experience a network outage or other service interruption;
and
Connect workstations to the provider's network over a
secure connection to ensure caller privacy.
8. Are these safeguards sufficient to ensure that CAs working from
at-home workstations can provide high-quality, confidential, and
uninterrupted service, and if not, what modifications to these
requirements are necessary? What technical and environmental issues
have been encountered in the pilot program, how have they affected the
integration of calls handled by at-home CAs into the call routing,
distribution, tracking and support systems, and how have any such
technical challenges been addressed? How should any such issues be
dealt with in the Commission's rules? Are some of the current
safeguards--e.g., the requirement for system redundancy at each
workstation, disproportionately burdensome in relation to their value
for the stated purpose(s)?
9. Monitoring and Oversight Requirements. To ensure that providers
appropriately monitor and oversee the at-home call handling pilot
program, they have been required to:
Inspect and approve each at-home workstation before
activating a CA's workstation for use;
Equip each at-home workstation with monitoring technology
sufficient to ensure that off-site supervision approximates the level
of supervision at the provider's call center, including the ability to
monitor both ends of a call, i.e., video and audio, to the same extent
as is possible in a call center, and regularly analyze any data
collected to proactively address possible waste, fraud, and abuse;
Conduct random, unannounced inspections of at least five
percent (5%) of all at-home workstations per year; and
Keep all records pertaining to at-home workstations,
including the data produced by any at-home workstation monitoring
technology, except for any data that records the content of an
interpreted conversation, for a minimum of three years.
10. Do these monitoring and oversight requirements enable VRS
providers to appropriately supervise the CAs working at home? What
monitoring and oversight issues have been encountered in the pilot
program and how have they been addressed? Which requirements were found
to be most useful to ensure effective supervision of CAs? Under a
permanent program, the number of at-home workstations is likely to
increase. To what extent is this likely to increase the risk that
individual CA workstations may fall short of full compliance with
technical, environmental, and privacy safeguards? To ensure that
providers detect and promptly address any such compliance issues,
should the Commission increase the required annual percentage of at-
home workstations that must be subject to random, unannounced provider
inspections--for example to 10 or 15% of a provider's at-home
workstations each year? What are the costs and benefits of adopting
this requirement?
11. In addition to compliance with the above safeguards, during the
pilot program, at-home workstations and workstation records must be
available for review, audit, and unannounced inspections by the
Commission and the TRS Fund administrator to the same extent as VRS
call centers. The Commission proposes that, if made permanent, at-home
workstations and records continue to be subject to such inspections to
the same extent as regular call centers. The Commission seeks comment
on this proposal.
12. Authorization to Participate in the At-Home Call Handling
Program. To participate in the pilot program, each VRS provider was
required to submit a detailed plan to demonstrate its ability to
achieve full compliance with the above safeguards and the Commission's
mandatory minimum TRS standards, including:
A description of the provider's at-home CA screening and
training process, the protocols and expectations established for CAs
working at home, and the grounds and process for dismissing a CA from
the at-home program;
All steps that the provider would take to install a
workstation in a CA's home, including an evaluation to ensure the
workstation was sufficiently secure
[[Page 26382]]
and equipped to prevent eavesdropping and outside interruptions;
A description of the monitoring technology to be used to
ensure that off-site supervision approximated the level of supervision
at the provider's call center;
An explanation of how the provider's workstations would
connect to the provider's network, including how these would be
integrated into the call center routing, distribution, tracking, and
support systems, and how the provider would ensure system redundancy in
the event of service disruptions in at-home workstations;
A signed certification by an officer of the provider
affirming that the provider would conduct random and unannounced
inspections of at least five percent (5%) of all at-home workstations
during the year; and
A commitment to comply with all other at-home call-
handling safeguards and TRS rules.
13. To what extent should providers be required to provide the same
level of detailed information, certification, and commitment, if at-
home call handling is permitted on a permanent basis? Is any of the
required information no longer necessary or disproportionately
burdensome to its value in ensuring high-quality call handling and
preventing fraud, waste, and abuse? What, if any, additional
information should be collected to help the Commission maintain call
quality and prevent fraud, waste, and abuse?
14. Under the pilot program, Commission approval for participation
can be canceled at any time if the provider fails to maintain
compliance. The Commission proposes that the Commission retain such
option and seeks comment on this approach.
15. Data Collection Requirements. For calls handled at home
workstations, the pilot program rules have required VRS providers to
submit the following data in their monthly requests for compensation,
in addition to the data otherwise required to receive payment for
handling calls:
A unique call center identification number (ID), street
address, and CA ID for each CA working at home; and
The location and call center IDs of call centers providing
supervision for at-home workstations, and the names of persons at such
call centers responsible for oversight of these workstations.
16. In addition, providers had to submit a six-month implementation
report that includes:
A description of the screening process used to select CAs
who may work from home;
Copies of training materials and written protocols for at-
home CAs;
The total number of CAs who have worked at home during the
reporting period;
The total number of 911 calls handled during the reporting
period;
A description and copies of any survey results or self-
evaluations concerning CAs' experience handling calls at home;
The total number of CAs terminated from the program;
The total number of complaints, if any, submitted to the
provider regarding its at-home call-handling program or calls handled
by at-home CAs; and
The total number of on-site inspections of at-home
workstations conducted, along with the dates and locations of such
inspections.
17. To what extent is the information required in monthly reports
sufficient to support compensation requests and protect against waste,
fraud, and abuse? Should the Commission continue to require VRS
providers to submit such information as well as implementation reports
at six-month intervals? If so, should these information reporting
requirements be retained, modified, eliminated, or supplemented in any
manner? Should any reported information be made available to the
public? For example, if a VRS provider takes a survey of its CAs
concerning their participation in the at-home VRS call handling
program, could the aggregated responses be made public, as long as
identifying information for CAs and respondents is redacted?
18. Limitation on Service. The Commission proposes to increase or
remove the pilot program's 30 percent limit on a provider's at-home
call-handling minutes. Increasing the limit would allow each provider
greater scope to make its own determination on the extent to which it
can efficiently make use of at-home call handling while remaining in
compliance with our minimum TRS standards. The Commission seeks comment
on the costs and benefits of this proposal and on whether the limit
should be retained at a higher level, e.g., 50 percent, or removed
entirely. For example, could the limit be completely removed without
significantly increasing the risk of fraud or abuse, in reliance on the
safeguards described above?
Providing Service to New and Porting Users Pending Database
Verification
19. To eliminate unnecessary inconvenience to VRS registrants,
without a significant increase in the risk of waste, fraud, and abuse,
and in response to a petition by the five currently certified VRS
providers, the Commission proposes to allow VRS providers to provide
service to new and porting users for up to two weeks pending the
completion of identity verification. The Commission believes this
change would be helpful to ensure that service to new and porting VRS
users can be commenced efficiently and without undue delay or
disruption of service, in order to facilitate competition and ensure
the functional equivalence of this service. Compensation for calls
placed or received by the user during this period would be paid only if
the user's identity is ultimately verified.
20. For most users, identity verification is completed within hours
of data submission to the User Database, but for some users,
verification can take longer, e.g., due to technical problems or
because the user's identity cannot be verified without the submission
of additional information. Under the proposed rule change, a consumer
would not be subjected to a delay in commencement of service as a
result of verification issues that are often beyond the consumer's
control.
21. Under this proposal, VRS providers could assign a telephone
number and begin service to a new or porting user immediately after
registration. This telephone number would be entered in the TRS
Numbering Directory on a temporary basis so that VRS calls (as well as
point-to-point calls) may be placed to and from the number, either
through the default provider or on a dial-around basis. In the event
that the user's identity is not verified within the two-week period,
the number would be removed from the Numbering Directory. The
Commission believes that any resulting risk of waste, fraud, or abuse
is minimal because, under the Commission's proposal, no compensation
may be requested or paid until the user's identity has been verified.
The Commission seeks comment on the costs and benefits of this
proposal.
Requiring Enterprise and Public Videophone Log-In Procedures
22. The Commission seeks further comment on the Commission's
proposal in the 2017 VRS Improvements FNPRM, 82 FR 17613, to require
default VRS providers to implement log-in procedures for individuals
using enterprise and public videophones for VRS calls. The Commission
believes that a log-in procedure is needed to safeguard the TRS program
from waste, fraud, and abuse because there is no record identifying the
actual user of an enterprise or public videophone. As the
[[Page 26383]]
success of fraudulent activity often depends on the perpetrators
remaining anonymous, we believe user log-in is needed to ensure that
enterprise and public videophones are actually used only by registered
VRS users.
23. The Commission clarifies that, under the proposed log-in rule,
VRS calls made to or from an enterprise or public videophone will be
compensable only if: (1) The individual using the videophone is a
registered VRS user; (2) before placing or receiving the call, the user
provides a log-in code, consisting of the user's North American
Numbering Plan (NANP) telephone number and a personal identification
number (PIN) or password, which the VRS provider then validates through
a prescribed procedure; and (3) the VRS provider includes the user's
telephone number, as well as other information reasonably requested by
the TRS Fund administrator, in the call detail records (CDRs) submitted
to the TRS Fund administrator with the provider's request for
compensation. The user can request a PIN or password from his or her
default VRS provider at the time of registration or any time
thereafter. The necessary log-in information and format will be
determined by the TRS Numbering Administrator, in consultation with the
User Database administrator and the Commission. Individuals who have
not previously registered for VRS must do so before they can make VRS
calls at enterprise or public videophones. The Commission seeks further
comment on this proposal, including the proposed log-in procedure
detailed below.
24. Because the proposed log-in procedure will limit access to
enterprise and public videophones to registered VRS users, the
Commission seeks comment on whether to revise the certification
requirement for enterprise videophones adopted in the Report and Order
of document FCC 19-39, so as to be consistent with the restriction to
registered users. Should the Commission require VRS providers to submit
to the User Database a certification by the responsible individual for
an enterprise videophone that the organization, business, or agency
will make reasonable efforts to ensure that only registered VRS users
are permitted to use the phone for VRS?
25. Because total usage of enterprise and public videophones
averages more than one million minutes per month, the Commission
believes this degree of usage is sufficient to justify imposing a log-
in requirement to help prevent the recurrence of significant VRS fraud.
The Commission seeks comment on its assumptions and its estimate of
enterprise and public videophone usage. The Commission also does not
believe that the log-in procedure is a ``solution to a problem that
does not exist,'' as claimed by Sorenson Communications, LLC
(Sorenson). Nonetheless, the Commission seeks comment on the
assumptions underlying its proposals in this regard.
26. Some commenters argue that a log-in requirement would conflict
with functional equivalency, burden consumers, and hinder effective
communication, noting that some public videophone users are not
registered, while others may have difficulty remembering a PIN.
However, the Commission believes that any burden imposed on users by
the log-in requirement would be minor compared to its substantial
benefit in preventing the misuse of enterprise and public videophones.
Individuals use log-ins regularly to access smartphones, voicemail, and
email, as well as work, school, and personal computers, and commercial,
retail, and financial accounts. To use such devices and services,
consumers routinely need to remember (or store in a retrievable
location) usernames, passwords, and PINs. Further, consumers would not
need to remember separate telephone numbers and PINs for each VRS
provider, as once a user obtains a telephone number and PIN from one
provider, that log-in information may be used to place a VRS call from
any enterprise or public videophone. The Commission seeks comment on
these assumptions. The Commission also seek comment on the cost to the
VRS providers of having to provide a PIN reset service if this proposal
is adopted.
27. Neustar's Log-In Procedure Proposal. Neustar, the TRS Numbering
Administrator, explains that online log-in systems are common and
suggests that providers could use the widely relied-upon OAuth standard
to implement log-in functionality. OAuth allows one party (in this case
the default VRS provider for an enterprise or public videophone) to
request another party (in this case the default VRS provider for the
individual using the videophone) to authenticate a person's
authorization for them, without the first party learning the identity
or credentials of that person. Providers could develop a standard using
the OAuth 2.0 protocol or utilize an existing standard, such as OpenID
Connect, which is an interoperable authentication protocol based on the
OAuth family of specifications. OAuth might be applied as follows: when
a VRS user enters a telephone number and PIN at an enterprise or public
videophone, the default VRS provider serving the videophone checks the
TRS Numbering Directory to determine the user's default VRS provider
for that number, and sends the telephone number and PIN to that
provider; if authentication is positive, the user's default VRS
provider transmits a token that allows the user to place or receive a
VRS call at the videophone.
28. Neustar asserts that the cost and effort to develop an OAuth-
based log-in feature would be reasonable and that development could be
completed within six months. Neustar explains that many providers
already utilize a username/password capability that could be extended
to OAuth, and that even for providers who currently lack such a
capability, the availability of open source code means that the cost of
implementing OAuth servers and username/password capability will be
modest. The Commission therefore tentatively concludes that the
benefits of adopting a login requirement would far exceed the minimal
costs of implementing it.
29. If the VRS industry implements OAuth, the Commission believes
that would enable enterprise OAuth integrations which would allow for
an enterprise user to provide the VRS telephone number and log in with
the user's enterprise credentials, and the enterprise would attest to
the VRS provider that an authorized user has logged in. The Commission
seeks comment on the costs and feasibility of Neustar's proposal and on
the Commission's tentative conclusion that these costs will be minimal.
What are the estimated costs of implementing an OAuth based log-in
solution, including the streamlined version proposed by Neustar, and
how would those costs vary by provider? While Sorenson estimates a cost
of ``over $1 million'' for ``creating, testing, and deploying an OAuth
authorization server and modifying and testing videophone software,''
it fails to support this claim. The Commission therefore seeks cost
information regarding this estimate and any updated estimate. How much
of the estimated cost is attributable to an OAuth server and how much
is attributable to necessary videophone software modification? What
kinds of videophone software would need to be modified, and why? What
costs would be incurred by other providers? Are there significant
differences in software modification costs for public and enterprise
videophones, respectively?
30. It appears that total implementation costs could be reduced if
the Commission exempted certain kinds of videophones from the log-in
[[Page 26384]]
requirement. For example, Sorenson claims that that its ntouch
videophones were not designed to have an internet browser and therefore
cannot be modified to support a log-in mechanism. How many unmodifiable
ntouch public and enterprise videophones are currently in use, and how
much usage is there for such videophones? How much of the total
estimated implementation cost would be saved by exempting them? Are
there other videophones currently used in public and enterprise
locations that do not have, and cannot be modified to support, an
internet browser? How many such videophones are there and how much of
the total estimated implementation cost would be saved by exempting
them? How much usage is there of unmodifiable public and enterprise
videophones, and would the implementation costs saved justify the
increased risk of fraud from continuing to allow unidentified use of
such phones? Would it be more cost effective to implement a log-in
solution through VRS software used on third-party equipment, such as a
personal computer or wireless device? To what extent is such third-
party equipment with VRS software deployed or deployable for use as
enterprise and public videophones? If the Commission exempts existing
videophones that cannot support browser functionality, should it
require that, before registering new enterprise and public videophones,
the default VRS provider must confirm that such phones have browser
functionality and support OAuth log-in capability? The Commission also
seeks comment from manufacturers, vendors, and owners of enterprise
telephone systems and other non-provider equipment and software used
for enterprise and public videophones, regarding the ability of such
systems to support log-in capability.
31. OAuth 2.0 enables devices without browsers or an ability to
securely enter passcodes, such as legacy devices in public areas, where
people can see what characters a user is typing on a screen, to still
have secure authentication. However, the OAuth 2.0 solution to this
problem requires the user to have access to the internet with a
browser. Is it likely that a user who wants to use a public or semi-
public legacy device will have access to the internet, perhaps on a
personal mobile phone; personal or communal tablet; or personal or
public workstation or laptop? If the users who have smartphones,
tablets, or laptops can use them to communicate via VRS, are these
users making use of public and enterprise videophones? If not, who is
making use of public and enterprise videophones? In the case of public
phones, are the users generally individuals without smartphones,
tablets, or laptops? In the case of enterprise phones, are the users
generally using the enterprise phones to ensure that their videocalls
are made over the communications facilities managed by the enterprise?
32. Sorenson also claims that there are ``significant security
vulnerabilities'' in OAuth and other third-party authentication
applications. According to the studies cited by Sorenson, however, such
vulnerabilities are not caused by OAuth 2.0 itself but by ``home-brewed
adaptations'' in which ``the implicit security assumptions and
operational requirements . . . are often not clearly documented or
well-understood by the 3rd-party mobile app developers.'' What specific
security issues would providers face in implementing an OAuth-based
log-in solution, and what safeguards are available to address such
concerns? Are there alternative log-in solutions that would not raise
similar security vulnerability concerns?
33. To date only Neustar has proposed a log-in solution. Are there
other log-in solutions the Commission should consider? The OAuth
specification is designed for use with HTTP. Would a session initiation
protocol (SIP)-based standard, such as RADIUS or Diameter provide a
more cost-effective or secure standard for implementing a log-in
solution? The Commission also proposes to establish a common protocol
for the log-in procedure to ensure that user log-ins can be quickly
authenticated regardless of the user's default provider. Neustar
indicates that in its role as the TRS Numbering administrator it could
act as a proxy and direct the OAuth authentication process to the
correct VRS provider without revealing the provider's identity to the
provider of the enterprise or public videophone. The Commission seeks
comment on this approach. Alternatively, should the Commission allow
each provider to develop its own log-in protocol rather than require
providers to implement a common protocol? What are the costs and
benefits of each alternative approach? To what extent do providers
already use log-in procedures for users to access VRS? Could such
existing log-in procedures be incorporated into a log-in procedure for
enterprise and public videophones?
34. Exemptions. The Commission proposes to exempt point-to-point
calls from the log-in requirement, because such calls are not billed to
the TRS Fund. How would exempting point-to-point calls affect the
implementation of a log-in procedure? At what point in the call process
should a user be prompted to log-in to complete a VRS call on an
enterprise or public videophone?
35. Where an enterprise videophone is located within a private
workspace or a private room within a long-term health care facility,
the Commission proposes to allow the VRS provider to permit one
registered VRS user to log in a single time and thereafter to continue
using the videophone without repeated log-ins, so long as that user
continues to be eligible and registered for VRS. In addition, the
Commission proposes to broaden this proposed log-in exemption to allow
relatively convenient access to shared enterprise devices, while
limiting usage of the device to registered VRS users. For enterprise
videophones at reception desks or other work areas in places of
employment, the Commission proposes to allow up to five registered
users to be simultaneously logged in to a videophone, provided that the
phone is configured so that each user must select his or her user
profile before placing or answering a VRS call. To limit misuse of this
exemption, the Commission proposes to require VRS providers to keep
records of users that are pre-authorized under each of these exceptions
and to discontinue permission for such automatic use by any individual
that the provider knows or has reason to believe no longer needs access
to the device. What are the associated costs, benefits, and technical
concerns?
36. The Commission also proposes to exempt 911 calls from the log-
in requirement, so that providers may complete emergency calls from
enterprise and public videophones at any time and without delay. The
Commission seek comments on this proposal. Are there technical concerns
with implementing a log-in exemption for calls to 911?
37. Finally, the Commission proposes to exempt from the log-in
requirement otherwise eligible VRS calls made from public videophones
located in emergency shelters and domestic abuse shelters, so long as
the registration data provided to the User Database in advance of such
use identifies the phone as an emergency or domestic shelter
videophone. The Commission believes there may be situations where
individuals fleeing their homes may not have made log-in arrangements
in advance of an emergency or domestic abuse incident, or may forget to
retrieve such information when rushing to a
[[Page 26385]]
shelter. Providing individuals the ability to establish telephone
communications could be vital to their health and safety in crisis
situations. The Commission seeks comment on this proposal. Are there
other locations where the Commission should adopt an emergency
situation exemption to the log-in requirement for enterprise and public
phones? How should the Commission define the scope of exempt locations
for this purpose?
38. Alternatives to a Log-In Requirement. The Commission also asks
for comment on alternatives to a log-in requirement. For example,
Sorenson argues that, once enterprise and public videophones are
registered in the User Database, it should be sufficient for a VRS user
to enter the user's VRS telephone number (without a PIN) before
completing a call, noting that the TRS Fund administrator would have
the ability to monitor usage trends at these phones to identify
anomalous call patterns that may require further investigation.
Sorenson also states that it requires all users who place a VRS call
from a public phone to digitally sign to indicate that they have a
hearing or speech disability and need VRS to communicate. Sorenson's
certification states:
By clicking the ``Accept,'' you certify that you have a hearing or
speech disability and that you need VRS to be able to communicate with
other people. You further certify that you understand that the cost of
VRS calls is paid for by contributions from other telecommunications
users to the interstate Telecommunications Relay Service Fund.
39. Sorenson also proposes that the person responsible for
compliant use of the enterprise or public videophone self-certify their
status as the responsible person on a quarterly basis. The Commission
seeks comment on Sorenson's proposals and invites commenters to propose
other alternatives. The Commission asks commenters to address the costs
and benefits of each alternative, including the extent to which such
alternatives will protect the TRS Fund from waste, fraud, and abuse.
Technical Correction of the Data Collection Rule
40. The Commission proposes a technical correction of 47 CFR
64.604(c)(5)(iii)(D), which addresses requirements imposed on TRS
providers generally regarding data collection and audits. When the
Commission amended this provision (then designated as Sec.
64.604(c)(5)(iii)(C)) in 2011, it appears that a portion of the text of
paragraph (1) was inadvertently deleted. Accordingly, the Commission
proposes to amend paragraph (1) to restore the missing text, to read as
follows (with the restored text in bold, underlined type):
TRS providers seeking compensation from the TRS Fund shall
provide the administrator with true and adequate data, and other
historical, projected and state rate related information reasonably
requested to determine the TRS Fund revenue requirements and
payments. TRS providers shall provide the administrator with the
following: Total TRS minutes of use, total interstate TRS minutes of
use, total operating expenses and total TRS investment in general in
accordance with part 32 of this chapter, and other historical or
projected information reasonably requested by the administrator for
purposes of computing payments and revenue requirements.
41. The Commissions seeks comment on this proposed amendment, which
the Commission does not anticipate will have any effect on the current
practices of the TRS Fund administrator or TRS providers.
Initial Regulatory Flexibility Analysis
42. As required by the Regulatory Flexibility Act of 1980, as
amended, the Commission has prepared this Initial Regulatory
Flexibility Analysis (IRFA) of the possible significant economic impact
on a substantial number of small entities by the policies and rules
proposed in document FCC 19-39. Written public comments are requested
on this IRFA. Comments must be identified as responses to the IRFA and
must be filed by the deadline for comments specified in the DATES
section. The Commission will send a copy of document FCC 19-39 to the
Chief Counsel for Advocacy of the Small Business Administration.
Need for, and Objectives of, the Proposed Rules
43. In document FCC 19-39, the Commission proposes to (1) permit
communications assistants (CAs) to handle video relay service (VRS)
calls at home on a permanent basis; (2) allow VRS providers to provide
service to new and ported users at their own risk for up to two weeks
while the telecommunications relay service (TRS) user registration
database (Database) administrator is verifying the user's registration
information; and (3) implement log-in procedures to authenticate users
prior to their use of enterprise and public videophones. If adopted,
these proposals would improve video communications for people with
disabilities, while safeguarding the VRS program against waste, fraud,
and abuse by ensuring that only eligible individuals use enterprise and
public videophones to place VRS calls.
Legal Basis
44. The authority for this proposed rulemaking is contained in 47
U.S.C. 151, 225.
Small Entities Impacted
45. The rules proposed in document FCC 19-39 will affect
obligations of VRS providers. These services can be included within the
broad economic category of All Other Telecommunications.
Description of Projected Reporting, Recordkeeping, and Other Compliance
Requirements
46. The proposals to permit CAs to handle VRS calls at home on a
permanent basis and to allow VRS providers to provide service to new
and ported users for up to two weeks while the Database administrator
is verifying the user's registration information do not create any new
reporting, recordkeeping, or other compliance requirements on VRS
providers beyond what is already required. The rules requiring users to
log in when using enterprise and public videophones will require VRS
providers to collect and retain log-in information from users.
Steps Taken To Minimize Significant Impact on Small Entities, and
Significant Alternatives Considered
47. The proposal to permit CAs to handle VRS calls at home would
make the current pilot program permanent, and participation in the
program would continue to be optional for VRS providers. The Commission
is not proposing any new requirements that would increase regulatory
requirements beyond those that are already required as part of the
pilot program. The existing and proposed requirements would apply
equally to all VRS providers and are necessary to prevent waste, fraud,
and abuse of the TRS Fund by ensuring that CAs are subject to proper
supervision and accountability. To the extent there are differences in
operating costs resulting from economies of scale, those costs are
reflected in the different rate structures applicable to large and
small VRS providers.
48. The proposal to allow VRS providers to provide service to new
and ported users for up to two weeks while the Database administrator
is verifying the user's registration information would simply provide a
new option for VRS providers. The Commission is not proposing any new
requirements that would increase regulatory requirements
[[Page 26386]]
beyond those that are already required. The existing and proposed
requirements would apply equally to all VRS providers and are necessary
to prevent waste, fraud, and abuse of the TRS Fund by ensuring that
providers are not compensated for service provided to users who do not
satisfy the verification requirements. To the extent there are
differences in operating costs resulting from economies of scale, those
costs are reflected in the different rate structures applicable to
large and small VRS providers.
49. The provision of VRS to enterprise and public videophones is
optional for VRS providers. The proposed user log-in requirements for
such videophones would apply equally to all VRS providers and users,
and are necessary to prevent waste, fraud, and abuse of the TRS Fund by
ensuring that only registered users can use such phones for VRS calls.
The log-in requirements for enterprise and public videophones would be
no more burdensome than user authentication procedures for pay phones
and for any type of commercial activity such as on-line banking and
bill paying and use of various other internet services. To the extent
there are differences in operating costs resulting from economies of
scale, those costs are reflected in the different rate structures
applicable to large and small VRS providers.
50. The Commission seeks comment from all interested parties. Small
entities are encouraged to bring to the Commission's attention any
specific concerns they may have with the proposals outlined in document
FCC 19-39. The Commission expects to consider the economic impact on
small entities, as identified in comments filed in response to document
FCC 19-39, in reaching its final conclusions and taking action in this
proceeding.
Federal Rules Which Duplicate, Overlap, or Conflict With, the
Commission's Proposals
51. None.
List of Subjects in 47 CFR Part 64
Individuals with disabilities, Telecommunications, Telephones.
Federal Communications Commission.
Marlene Dortch,
Secretary.
Proposed Rules
For the reasons discussed in the preamble, the Federal
Communications Commission proposes to amend 47 part 64 as follows:
PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS
0
1. The authority citation for part 64 continues to read as follows:
Authority: 47 U.S.C. 154, 201, 202, 217 218, 220, 222, 225,
226, 227, 228, 251(a), 251(e), 254(k), 262, 403(b)(2)(B), (c), 616,
620, and 1401-1473, unless otherwise noted.
0
2. Amend Sec. 64.604 by revising paragraph (c)(5)(iii)(D)(1) to read
as follows:
Sec. 64.604 Mandatory minimum standards.
* * * * *
(c) * * *
(5) * * *
(iii) * * *
(D) * * *
(1) TRS providers seeking compensation from the TRS Fund shall
provide the administrator with true and adequate data, and other
historical, projected and state rate related information reasonably
requested to determine the TRS Fund revenue requirements and payments.
TRS providers shall provide the administrator with the following: total
TRS minutes of use, total interstate TRS minutes of use, total
operating expenses and total TRS investment in general in accordance
with part 32 of this chapter, and other historical or projected
information reasonably requested by the administrator for purposes of
computing payments and revenue requirements.
* * * * *
0
3. Amend Sec. 64.611 by revising paragraphs (a)(4) and (a)(6)(ii)(A)
and by adding paragraphs (a)(6)(vi) through (viii) to read as follows:
Sec. 64.611 internet-based TRS registration.
(a) * * *
(4) TRS User Registration Database information for VRS.
(i) Registration information. Prior to requesting compensation from
the TRS Fund for service provided to a consumer, a VRS provider shall
obtain the consumer's:
(A) Full name;
(B) Date of birth;
(C) Full residential address;
(D) Telephone number; and
(E) Last four digits of the consumer's Social Security number or
Tribal identification number.
(ii) Registration submission. Each VRS provider shall collect and
transmit to the TRS User Registration Database, in a format prescribed
by the administrator of the TRS User Registration Database, the
following information for each of its new and existing registered
internet-based TRS users: Full name; full residential address; ten-
digit telephone number assigned in the TRS numbering directory; last
four digits of the social security number or Tribal Identification
number, if the registered internet-based TRS user is a member of a
Tribal nation and does not have a social security number; date of
birth; Registered Location; VRS provider name and dates of service
initiation and termination; a digital copy of the user's self-
certification of eligibility for VRS and the date obtained by the
provider; the date on which the user's identification was verified; and
(for existing users only) the date on which the registered internet-
based TRS user last placed a point-to-point or relay call.
(iii) Each VRS provider must obtain, from each new and existing
registered internet-based TRS user, consent to transmit the registered
internet-based TRS user's information to the TRS User Registration
Database. Prior to obtaining consent, the VRS provider must describe to
the registered internet-based TRS user, using clear, easily understood
language, the specific information being transmitted, that the
information is being transmitted to the TRS User Registration Database
to ensure proper administration of the TRS program, and that failure to
provide consent will result in the registered internet-based TRS user
being denied service. VRS providers must obtain and keep a record of
affirmative acknowledgment by every registered internet-based TRS user
of such consent.
(iv) VRS providers must, for existing registered internet-based TRS
users, submit the information in paragraph (a)(3) of this section to
the TRS User Registration Database within 60 days of notice from the
Commission that the TRS User Registration Database is ready to accept
such information. Calls from or to existing registered internet-based
TRS users that have not had their information populated in the TRS User
Registration Database within 60 days of notice from the Commission that
the TRS User Registration Database is ready to accept such information
shall not be compensable.
(v) VRS providers must submit the information in paragraph (a)(4)
of this section upon initiation of service for users registered after
60 days of notice from the Commission that the TRS User Registration
Database is ready to accept such information.
* * * * *
(6) * * *
(ii) * * *
(A) A default VRS provider for an enterprise or public videophone
shall obtain a written certification from the individual responsible
for the videophone, attesting that the
[[Page 26387]]
individual understands the functions of the videophone and that the
cost of VRS calls made on the videophone is financed by the federally
regulated Interstate TRS Fund, and for enterprise videophones, that the
organization, business, or agency will make reasonable efforts to
ensure that registered VRS users are permitted to use the phone for
VRS.
* * * * *
(vi) Beginning 180 days after notice from the Commission that the
TRS User Registration Database and TRS Numbering Directory are ready to
process log-in information from enterprise and public videophones, VRS
calls at such videophones shall not be compensable from the TRS Fund
unless the videophone has been registered in accordance with this
section, the videophone user is a registered VRS user, and the
videophone user has logged into the videophone.
(vii) Only one user may be logged into an enterprise or public
videophone at any time, except that, for an enterprise videophone
located at a reception desk or other work area, up to five users may be
logged in simultaneously, provided that the phone is configured so that
each user must select his or her individual user profile before
answering or placing a call. Providers shall keep records of users that
are pre-authorized under this paragraph and shall discontinue
permission for such automatic use by any individual that the provider
knows or has reason to believe no longer needs access to the device.
(viii) Emergency 911 calls from enterprise and public videophones
and calls from public videophones installed in emergency shelters shall
be exempt from the videophone user log in requirements of paragraph
(a)(6)(vi) of this section.
* * * * *
0
4. Amend Sec. 64.615 by revising paragraphs (a)(2)(i) through (v) to
read as follows:
Sec. 64.615 TRS User Registration Database and administrator.
(a) * * *
(2) * * *
(i) VRS providers shall validate the eligibility of a party using
an enterprise or public videophone by querying the designated database
in accordance with paragraph (a)(1) of this section.
(ii) VRS providers shall transmit with such queries any log-in
information specified in the database administrator's instructions for
validating such calls.
(iii) VRS providers shall require their CAs to terminate any call
which does not include an individual eligible to use VRS or, pursuant
to the provider's policies, the call does not appear to be a legitimate
VRS call, and VRS providers may not seek compensation for such calls
from the TRS Fund.
(iv) Emergency 911 calls from enterprise and public videophones
shall be exempt from the videophone validation requirements of
paragraph (a)(2)(i) of this section.
(v) Emergency 911 calls from enterprise and public videophones and
calls from public videophones installed in emergency shelters shall be
exempt from the videophone user log-in requirements of paragraph (a)(2)
of this section.
* * * * *
[FR Doc. 2019-11210 Filed 6-5-19; 8:45 am]
BILLING CODE 6712-01-P
