Improving Video Relay Service and Direct Video Calling
Published date | 06 June 2019 |
Citation | 84 FR 26379 |
Record Number | 2019-11210 |
Section | Proposed rules |
Court | Federal Communications Commission |
Federal Register, Volume 84 Issue 109 (Thursday, June 6, 2019)
[Federal Register Volume 84, Number 109 (Thursday, June 6, 2019)] [Proposed Rules] [Pages 26379-26387] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2019-11210] ======================================================================= ----------------------------------------------------------------------- FEDERAL COMMUNICATIONS COMMISSION 47 CFR Part 64 [CG Docket Nos. 10-51 and 03-123; FCC 19-39] Improving Video Relay Service and Direct Video Calling AGENCY: Federal Communications Commission. ACTION: Proposed rule. ----------------------------------------------------------------------- SUMMARY: In this document, the Federal Communications Commission (FCC or Commission) proposes to: permit communications assistants (CAs) to handle video relay service (VRS) calls at home on a permanent basis; allow VRS providers to provide service to new and porting VRS users for up to two weeks while the telecommunications relay service (TRS) user registration database (User Database or Database) administrator is verifying the user's registration information, with compensation paid only after the user's identity is verified; and implement log-in procedures to authenticate users prior to their use of enterprise and public videophones for VRS calls. By these proposals, the Commission seeks to improve VRS while safeguarding the program against waste, fraud, and abuse. DATES: Comments are due August 5, 2019. Reply comments are due September 4, 2019. ADDRESSES: You may submit comments, identified by CG Docket Nos. 10-51 and 03-123, by either of the following methods: Federal Communications Commission's website: https://www.fcc.gov/ecfs/filings. Follow the instructions for submitting comments. Paper Filers: Parties who choose to file by paper must file an original and one copy of each filing. If more than one docket or rulemaking number appears in the caption of this proceeding, filers must submit two additional copies for each additional docket or rulemaking number. Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission. People with Disabilities: Contact the FCC to request reasonable accommodations (accessible format documents, sign language interpreters, CART, etc.) by email: [email protected] or phone: (202) 418- 0530 or TTY: (888) 835-5322. For detailed instructions for submitting comments and additional information on the rulemaking process, see document FCC 19-39 at: https://docs.fcc.gov/public/attachments/FCC-19-39A1.pdf. FOR FURTHER INFORMATION CONTACT: Michael Scott, Consumer and Governmental Affairs Bureau, at (202) 418-1264, or email [email protected]. SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Further Notice of Proposed Rulemaking [[Page 26380]] (FNPRM), document FCC 19-39, adopted on May 9, 2019, released on May 15, 2019, in CG Docket Nos. 10-51 and 03-123. The Report and Order in document FCC 19-39 is published elsewhere in this issue of the Federal Register. The full text of document FCC 19-39 is available for public inspection and copying via the Commission's Electronic Comment Filing System (ECFS), and during regular business hours at the FCC Reference Information Center, Portals II, 445 12th Street SW, Room CY-A257, Washington, DC 20554. To request materials in accessible formats for people with disabilities (Braille, large print, electronic files, audio format), send an email to [email protected] or call the Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice) or (202) 418-0432 (TTY). This proceeding shall be treated as a ``permit-but-disclose'' proceeding in accordance with the Commission's ex parte rules. 47 CFR 1.1200 et seq. Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter's written comments, memoranda, or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with rule 1.1206(b). In proceedings governed by rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc, .xml, .ppt, searchable .pdf). Participants in this proceeding should familiarize themselves with the Commission's ex parte rules. Initial Paperwork Reduction Act of 1995 Analysis The FNPRM in document FCC 19-39 seeks comment on proposed rule amendments that may result in modified information collection requirements. If the Commission adopts any modified information collection requirements, the Commission will publish another notice in the Federal Register inviting the public to comment on the requirements, as required by the Paperwork Reduction Act. Public Law 104-13; 44 U.S.C. 3501-3520. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, the Commission seeks comment on how it might further reduce the information collection burden for small business concerns with fewer than 25 employees. Public Law 107-198; 44 U.S.C. 3506(c)(4). Synopsis 1. VRS is a form of TRS that enables people with hearing or speech disabilities who use sign language to make telephone calls over broadband with a videophone. In addition to enabling communication between American Sign Language (ASL) users and voice users, the VRS system also enables ASL users to communicate directly with other ASL users via video. Permitting At-Home Interpreting on a Permanent Basis 2. The Commission proposes to convert the Commission's pilot VRS at-home call-handling program, which allows VRS providers to have their CAs handle some VRS calls from at-home workstations, to a permanent program that will be subject to safeguards designed to maintain service quality, protect call confidentiality, and prevent waste, fraud, and abuse. The Commission believes that taking this action is likely to expand the available pool of qualified sign-language interpreters who can work as VRS interpreters (i.e., CAs) and improve VRS reliability, which will advance the Commission's goal of ensuring a high quality, functionally equivalent VRS program in furtherance of the objectives of section 225 of the Communications Act. 3. The Commission believes that the benefits anticipated in the pilot at-home call-handling program are being realized. Specifically, the VRS provider reports required under the pilot program indicate that allowing CAs to work at home: has enabled providers to attract and retain qualified CAs for whom working at the companies' call centers is not a practical option; has improved working conditions and productivity of CAs working at home; can improve network reliability and redundancy; and has the potential to help providers better respond to calls in accordance with the Commission's speed-of-answer rules when unforeseen circumstances occur. The Commission seeks comment on whether this depiction of these benefits is accurate, and whether other benefits have been realized during the pilot program or are likely to be realized if the program is authorized on a permanent basis. Are there any disadvantages to making this program permanent? 4. The Commission also seeks comment on whether, and to what extent, a rule change permitting at-home interpreting is likely to reduce or increase the total costs of the VRS program. Current program participants anticipate a significant net savings in VRS costs if permanent authorization allows the scale of the program to be expanded. The Commission seeks comment on how this would be achieved, and any additional information about costs incurred by participating providers. For example, costs could include training and supervising CAs, installing facilities and software to serve home workstations, troubleshooting and maintaining security at home workstations, ensuring compliance, and preparing required reports. 5. The Commission believes that the various safeguards established as conditions for participation in the pilot program generally have been effective in preventing waste, fraud, and abuse, meeting the TRS mandatory minimum standards, and ensuring the confidentiality, reliability, and quality of at-home interpreting. The Commission seeks comment on the extent to which the pilot program's safeguards generally have been effective. The Commission lists below each of the safeguards and seeks comment on the extent to which each should be retained, modified, eliminated, or supplemented if the Commission makes this program permanent. When responding, the Commission urges commenters, especially participating providers, to provide detailed information, including quantitative data to the extent available, in support of their views on whether and how these governing rules should be modified, as well as the costs and benefits of incorporating each into the [[Page 26381]] permanent program. Further, the Commission seeks comment on any differences in call quality between traditional call centers and CAs working from home. 6. Personnel Safeguards. The pilot program requires CAs working from their homes to have a minimum of three years of VRS experience. In addition, before allowing a CA to work at home, a VRS provider must: Ensure that the CA has sufficient experience, skills, and knowledge to effectively interpret from at-home workstations, including a thorough understanding of the Commission's mandatory minimum standards; Provide additional training to CAs to ensure that they understand and follow the provider's protocols for at-home call handling; Establish, and provide to the CA in writing, the grounds and process for dismissal from the at-home program if the CA fails to adhere to the Commission's TRS rules, including the specific requirements for at-home call handling; and Obtain a written certification from each CA as to their understanding of and commitment to complying with the Commission's TRS rules, and their understanding of the grounds and process for dismissal from the at-home program. While CAs are working from home, the VRS provider must: Provide support equivalent to that provided CAs in call centers, including, where appropriate, the opportunity to team interpret; and Ensure that supervisors are readily available to resolve problems that may arise during a relay call. Are these requirements effective in ensuring that CAs working at home can effectively handle VRS calls or should they be modified in any way? What, if any, screening, training, and disciplinary issues have been encountered in the pilot program and how have these been addressed? How should any such issues be dealt with in the Commission's rules? 7. Technical and Environmental Safeguards. Under the pilot program, VRS providers are required to ensure that at-home workstations enable the provision of confidential and uninterrupted service to the same extent as the provider's call center, and that calls handled by at-home CAs are seamlessly integrated into the provider's call routing, distribution, tracking, and support systems. Specifically, the provider must: Require that home workstations be placed in a separate location within the home, with restricted access and effective means to minimize the impact of outside noise and prevent eavesdropping; Configure at-home workstations to enable the CA to use all call-handling technology to the same extent as other CAs, including the ability to transition a non-emergency call to an emergency call, engage in virtual teaming with another CA, and allow supervisors to communicate with and oversee calls; Ensure that each at-home workstation is capable of supporting VRS in compliance with the Commission's mandatory minimum standards, including the provision of system redundancy and other safeguards to the same degree as at call centers, and including the ability to route VRS calls around individual CA workstations in the event they experience a network outage or other service interruption; and Connect workstations to the provider's network over a secure connection to ensure caller privacy. 8. Are these safeguards sufficient to ensure that CAs working from at-home workstations can provide high-quality, confidential, and uninterrupted service, and if not, what modifications to these requirements are necessary? What technical and environmental issues have been encountered in the pilot program, how have they affected the integration of calls handled by at-home CAs into the call routing, distribution, tracking and support systems, and how have any such technical challenges been addressed? How should any such issues be dealt with in the Commission's rules? Are some of the current safeguards--e.g., the requirement for system redundancy at each workstation, disproportionately burdensome in relation to their value for the stated purpose(s)? 9. Monitoring and Oversight Requirements. To ensure that providers appropriately monitor and oversee the at-home call handling pilot program, they have been required to: Inspect and approve each at-home workstation before activating a CA's workstation for use; Equip each at-home workstation with monitoring technology sufficient to ensure that off-site supervision approximates the level of supervision at the provider's call center, including the ability to monitor both ends of a call, i.e., video and audio, to the same extent as is possible in a call center, and regularly analyze any data collected to proactively address possible waste, fraud, and abuse; Conduct random, unannounced inspections of at least five percent (5%) of all at-home workstations per year; and Keep all records pertaining to at-home workstations, including the data produced by any at-home workstation monitoring technology, except for any data that records the content of an interpreted conversation, for a minimum of three years. 10. Do these monitoring and oversight requirements enable VRS providers to appropriately supervise the CAs working at home? What monitoring and oversight issues have been encountered in the pilot program and how have they been addressed? Which requirements were found to be most useful to ensure effective supervision of CAs? Under a permanent program, the number of at-home workstations is likely to increase. To what extent is this likely to increase the risk that individual CA workstations may fall short of full compliance with technical, environmental, and privacy safeguards? To ensure that providers detect and promptly address any such compliance issues, should the Commission increase the required annual percentage of at- home workstations that must be subject to random, unannounced provider inspections--for example to 10 or 15% of a provider's at-home workstations each year? What are the costs and benefits of adopting this requirement? 11. In addition to compliance with the above safeguards, during the pilot program, at-home workstations and workstation records must be available for review, audit, and unannounced inspections by the Commission and the TRS Fund administrator to the same extent as VRS call centers. The Commission proposes that, if made permanent, at-home workstations and records continue to be subject to such inspections to the same extent as regular call centers. The Commission seeks comment on this proposal. 12. Authorization to Participate in the At-Home Call Handling Program. To participate in the pilot program, each VRS provider was required to submit a detailed plan to demonstrate its ability to achieve full compliance with the above safeguards and the Commission's mandatory minimum TRS standards, including: A description of the provider's at-home CA screening and training process, the protocols and expectations established for CAs working at home, and the grounds and process for dismissing a CA from the at-home program; All steps that the provider would take to install a workstation in a CA's home, including an evaluation to ensure the workstation was sufficiently secure [[Page 26382]] and equipped to prevent eavesdropping and outside interruptions; A description of the monitoring technology to be used to ensure that off-site supervision approximated the level of supervision at the provider's call center; An explanation of how the provider's workstations would connect to the provider's network, including how these would be integrated into the call center routing, distribution, tracking, and support systems, and how the provider would ensure system redundancy in the event of service disruptions in at-home workstations; A signed certification by an officer of the provider affirming that the provider would conduct random and unannounced inspections of at least five percent (5%) of all at-home workstations during the year; and A commitment to comply with all other at-home call- handling safeguards and TRS rules. 13. To what extent should providers be required to provide the same level of detailed information, certification, and commitment, if at- home call handling is permitted on a permanent basis? Is any of the required information no longer necessary or disproportionately burdensome to its value in ensuring high-quality call handling and preventing fraud, waste, and abuse? What, if any, additional information should be collected to help the Commission maintain call quality and prevent fraud, waste, and abuse? 14. Under the pilot program, Commission approval for participation can be canceled at any time if the provider fails to maintain compliance. The Commission proposes that the Commission retain such option and seeks comment on this approach. 15. Data Collection Requirements. For calls handled at home workstations, the pilot program rules have required VRS providers to submit the following data in their monthly requests for compensation, in addition to the data otherwise required to receive payment for handling calls: A unique call center identification number (ID), street address, and CA ID for each CA working at home; and The location and call center IDs of call centers providing supervision for at-home workstations, and the names of persons at such call centers responsible for oversight of these workstations. 16. In addition, providers had to submit a six-month implementation report that includes: A description of the screening process used to select CAs who may work from home; Copies of training materials and written protocols for at- home CAs; The total number of CAs who have worked at home during the reporting period; The total number of 911 calls handled during the reporting period; A description and copies of any survey results or self- evaluations concerning CAs' experience handling calls at home; The total number of CAs terminated from the program; The total number of complaints, if any, submitted to the provider regarding its at-home call-handling program or calls handled by at-home CAs; and The total number of on-site inspections of at-home workstations conducted, along with the dates and locations of such inspections. 17. To what extent is the information required in monthly reports sufficient to support compensation requests and protect against waste, fraud, and abuse? Should the Commission continue to require VRS providers to submit such information as well as implementation reports at six-month intervals? If so, should these information reporting requirements be retained, modified, eliminated, or supplemented in any manner? Should any reported information be made available to the public? For example, if a VRS provider takes a survey of its CAs concerning their participation in the at-home VRS call handling program, could the aggregated responses be made public, as long as identifying information for CAs and respondents is redacted? 18. Limitation on Service. The Commission proposes to increase or remove the pilot program's 30 percent limit on a provider's at-home call-handling minutes. Increasing the limit would allow each provider greater scope to make its own determination on the extent to which it can efficiently make use of at-home call handling while remaining in compliance with our minimum TRS standards. The Commission seeks comment on the costs and benefits of this proposal and on whether the limit should be retained at a higher level, e.g., 50 percent, or removed entirely. For example, could the limit be completely removed without significantly increasing the risk of fraud or abuse, in reliance on the safeguards described above? Providing Service to New and Porting Users Pending Database Verification 19. To eliminate unnecessary inconvenience to VRS registrants, without a significant increase in the risk of waste, fraud, and abuse, and in response to a petition by the five currently certified VRS providers, the Commission proposes to allow VRS providers to provide service to new and porting users for up to two weeks pending the completion of identity verification. The Commission believes this change would be helpful to ensure that service to new and porting VRS users can be commenced efficiently and without undue delay or disruption of service, in order to facilitate competition and ensure the functional equivalence of this service. Compensation for calls placed or received by the user during this period would be paid only if the user's identity is ultimately verified. 20. For most users, identity verification is completed within hours of data submission to the User Database, but for some users, verification can take longer, e.g., due to technical problems or because the user's identity cannot be verified without the submission of additional information. Under the proposed rule change, a consumer would not be subjected to a delay in commencement of service as a result of verification issues that are often beyond the consumer's control. 21. Under this proposal, VRS providers could assign a telephone number and begin service to a new or porting user immediately after registration. This telephone number would be entered in the TRS Numbering Directory on a temporary basis so that VRS calls (as well as point-to-point calls) may be placed to and from the number, either through the default provider or on a dial-around basis. In the event that the user's identity is not verified within the two-week period, the number would be removed from the Numbering Directory. The Commission believes that any resulting risk of waste, fraud, or abuse is minimal because, under the Commission's proposal, no compensation may be requested or paid until the user's identity has been verified. The Commission seeks comment on the costs and benefits of this proposal. Requiring Enterprise and Public Videophone Log-In Procedures 22. The Commission seeks further comment on the Commission's proposal in the 2017 VRS Improvements FNPRM, 82 FR 17613, to require default VRS providers to implement log-in procedures for individuals using enterprise and public videophones for VRS calls. The Commission believes that a log-in procedure is needed to safeguard the TRS program from waste, fraud, and abuse because there is no record identifying the actual user of an enterprise or public videophone. As the [[Page 26383]] success of fraudulent activity often depends on the perpetrators remaining anonymous, we believe user log-in is needed to ensure that enterprise and public videophones are actually used only by registered VRS users. 23. The Commission clarifies that, under the proposed log-in rule, VRS calls made to or from an enterprise or public videophone will be compensable only if: (1) The individual using the videophone is a registered VRS user; (2) before placing or receiving the call, the user provides a log-in code, consisting of the user's North American Numbering Plan (NANP) telephone number and a personal identification number (PIN) or password, which the VRS provider then validates through a prescribed procedure; and (3) the VRS provider includes the user's telephone number, as well as other information reasonably requested by the TRS Fund administrator, in the call detail records (CDRs) submitted to the TRS Fund administrator with the provider's request for compensation. The user can request a PIN or password from his or her default VRS provider at the time of registration or any time thereafter. The necessary log-in information and format will be determined by the TRS Numbering Administrator, in consultation with the User Database administrator and the Commission. Individuals who have not previously registered for VRS must do so before they can make VRS calls at enterprise or public videophones. The Commission seeks further comment on this proposal, including the proposed log-in procedure detailed below. 24. Because the proposed log-in procedure will limit access to enterprise and public videophones to registered VRS users, the Commission seeks comment on whether to revise the certification requirement for enterprise videophones adopted in the Report and Order of document FCC 19-39, so as to be consistent with the restriction to registered users. Should the Commission require VRS providers to submit to the User Database a certification by the responsible individual for an enterprise videophone that the organization, business, or agency will make reasonable efforts to ensure that only registered VRS users are permitted to use the phone for VRS? 25. Because total usage of enterprise and public videophones averages more than one million minutes per month, the Commission believes this degree of usage is sufficient to justify imposing a log- in requirement to help prevent the recurrence of significant VRS fraud. The Commission seeks comment on its assumptions and its estimate of enterprise and public videophone usage. The Commission also does not believe that the log-in procedure is a ``solution to a problem that does not exist,'' as claimed by Sorenson Communications, LLC (Sorenson). Nonetheless, the Commission seeks comment on the assumptions underlying its proposals in this regard. 26. Some commenters argue that a log-in requirement would conflict with functional equivalency, burden consumers, and hinder effective communication, noting that some public videophone users are not registered, while others may have difficulty remembering a PIN. However, the Commission believes that any burden imposed on users by the log-in requirement would be minor compared to its substantial benefit in preventing the misuse of enterprise and public videophones. Individuals use log-ins regularly to access smartphones, voicemail, and email, as well as work, school, and personal computers, and commercial, retail, and financial accounts. To use such devices and services, consumers routinely need to remember (or store in a retrievable location) usernames, passwords, and PINs. Further, consumers would not need to remember separate telephone numbers and PINs for each VRS provider, as once a user obtains a telephone number and PIN from one provider, that log-in information may be used to place a VRS call from any enterprise or public videophone. The Commission seeks comment on these assumptions. The Commission also seek comment on the cost to the VRS providers of having to provide a PIN reset service if this proposal is adopted. 27. Neustar's Log-In Procedure Proposal. Neustar, the TRS Numbering Administrator, explains that online log-in systems are common and suggests that providers could use the widely relied-upon OAuth standard to implement log-in functionality. OAuth allows one party (in this case the default VRS provider for an enterprise or public videophone) to request another party (in this case the default VRS provider for the individual using the videophone) to authenticate a person's authorization for them, without the first party learning the identity or credentials of that person. Providers could develop a standard using the OAuth 2.0 protocol or utilize an existing standard, such as OpenID Connect, which is an interoperable authentication protocol based on the OAuth family of specifications. OAuth might be applied as follows: when a VRS user enters a telephone number and PIN at an enterprise or public videophone, the default VRS provider serving the videophone checks the TRS Numbering Directory to determine the user's default VRS provider for that number, and sends the telephone number and PIN to that provider; if authentication is positive, the user's default VRS provider transmits a token that allows the user to place or receive a VRS call at the videophone. 28. Neustar asserts that the cost and effort to develop an OAuth- based log-in feature would be reasonable and that development could be completed within six months. Neustar explains that many providers already utilize a username/password capability that could be extended to OAuth, and that even for providers who currently lack such a capability, the availability of open source code means that the cost of implementing OAuth servers and username/password capability will be modest. The Commission therefore tentatively concludes that the benefits of adopting a login requirement would far exceed the minimal costs of implementing it. 29. If the VRS industry implements OAuth, the Commission believes that would enable enterprise OAuth integrations which would allow for an enterprise user to provide the VRS telephone number and log in with the user's enterprise credentials, and the enterprise would attest to the VRS provider that an authorized user has logged in. The Commission seeks comment on the costs and feasibility of Neustar's proposal and on the Commission's tentative conclusion that these costs will be minimal. What are the estimated costs of implementing an OAuth based log-in solution, including the streamlined version proposed by Neustar, and how would those costs vary by provider? While Sorenson estimates a cost of ``over $1 million'' for ``creating, testing, and deploying an OAuth authorization server and modifying and testing videophone software,'' it fails to support this claim. The Commission therefore seeks cost information regarding this estimate and any updated estimate. How much of the estimated cost is attributable to an OAuth server and how much is attributable to necessary videophone software modification? What kinds of videophone software would need to be modified, and why? What costs would be incurred by other providers? Are there significant differences in software modification costs for public and enterprise videophones, respectively? 30. It appears that total implementation costs could be reduced if the Commission exempted certain kinds of videophones from the log-in [[Page 26384]] requirement. For example, Sorenson claims that that its ntouch videophones were not designed to have an internet browser and therefore cannot be modified to support a log-in mechanism. How many unmodifiable ntouch public and enterprise videophones are currently in use, and how much usage is there for such videophones? How much of the total estimated implementation cost would be saved by exempting them? Are there other videophones currently used in public and enterprise locations that do not have, and cannot be modified to support, an internet browser? How many such videophones are there and how much of the total estimated implementation cost would be saved by exempting them? How much usage is there of unmodifiable public and enterprise videophones, and would the implementation costs saved justify the increased risk of fraud from continuing to allow unidentified use of such phones? Would it be more cost effective to implement a log-in solution through VRS software used on third-party equipment, such as a personal computer or wireless device? To what extent is such third- party equipment with VRS software deployed or deployable for use as enterprise and public videophones? If the Commission exempts existing videophones that cannot support browser functionality, should it require that, before registering new enterprise and public videophones, the default VRS provider must confirm that such phones have browser functionality and support OAuth log-in capability? The Commission also seeks comment from manufacturers, vendors, and owners of enterprise telephone systems and other non-provider equipment and software used for enterprise and public videophones, regarding the ability of such systems to support log-in capability. 31. OAuth 2.0 enables devices without browsers or an ability to securely enter passcodes, such as legacy devices in public areas, where people can see what characters a user is typing on a screen, to still have secure authentication. However, the OAuth 2.0 solution to this problem requires the user to have access to the internet with a browser. Is it likely that a user who wants to use a public or semi- public legacy device will have access to the internet, perhaps on a personal mobile phone; personal or communal tablet; or personal or public workstation or laptop? If the users who have smartphones, tablets, or laptops can use them to communicate via VRS, are these users making use of public and enterprise videophones? If not, who is making use of public and enterprise videophones? In the case of public phones, are the users generally individuals without smartphones, tablets, or laptops? In the case of enterprise phones, are the users generally using the enterprise phones to ensure that their videocalls are made over the communications facilities managed by the enterprise? 32. Sorenson also claims that there are ``significant security vulnerabilities'' in OAuth and other third-party authentication applications. According to the studies cited by Sorenson, however, such vulnerabilities are not caused by OAuth 2.0 itself but by ``home-brewed adaptations'' in which ``the implicit security assumptions and operational requirements . . . are often not clearly documented or well-understood by the 3rd-party mobile app developers.'' What specific security issues would providers face in implementing an OAuth-based log-in solution, and what safeguards are available to address such concerns? Are there alternative log-in solutions that would not raise similar security vulnerability concerns? 33. To date only Neustar has proposed a log-in solution. Are there other log-in solutions the Commission should consider? The OAuth specification is designed for use with HTTP. Would a session initiation protocol (SIP)-based standard, such as RADIUS or Diameter provide a more cost-effective or secure standard for implementing a log-in solution? The Commission also proposes to establish a common protocol for the log-in procedure to ensure that user log-ins can be quickly authenticated regardless of the user's default provider. Neustar indicates that in its role as the TRS Numbering administrator it could act as a proxy and direct the OAuth authentication process to the correct VRS provider without revealing the provider's identity to the provider of the enterprise or public videophone. The Commission seeks comment on this approach. Alternatively, should the Commission allow each provider to develop its own log-in protocol rather than require providers to implement a common protocol? What are the costs and benefits of each alternative approach? To what extent do providers already use log-in procedures for users to access VRS? Could such existing log-in procedures be incorporated into a log-in procedure for enterprise and public videophones? 34. Exemptions. The Commission proposes to exempt point-to-point calls from the log-in requirement, because such calls are not billed to the TRS Fund. How would exempting point-to-point calls affect the implementation of a log-in procedure? At what point in the call process should a user be prompted to log-in to complete a VRS call on an enterprise or public videophone? 35. Where an enterprise videophone is located within a private workspace or a private room within a long-term health care facility, the Commission proposes to allow the VRS provider to permit one registered VRS user to log in a single time and thereafter to continue using the videophone without repeated log-ins, so long as that user continues to be eligible and registered for VRS. In addition, the Commission proposes to broaden this proposed log-in exemption to allow relatively convenient access to shared enterprise devices, while limiting usage of the device to registered VRS users. For enterprise videophones at reception desks or other work areas in places of employment, the Commission proposes to allow up to five registered users to be simultaneously logged in to a videophone, provided that the phone is configured so that each user must select his or her user profile before placing or answering a VRS call. To limit misuse of this exemption, the Commission proposes to require VRS providers to keep records of users that are pre-authorized under each of these exceptions and to discontinue permission for such automatic use by any individual that the provider knows or has reason to believe no longer needs access to the device. What are the associated costs, benefits, and technical concerns? 36. The Commission also proposes to exempt 911 calls from the log- in requirement, so that providers may complete emergency calls from enterprise and public videophones at any time and without delay. The Commission seek comments on this proposal. Are there technical concerns with implementing a log-in exemption for calls to 911? 37. Finally, the Commission proposes to exempt from the log-in requirement otherwise eligible VRS calls made from public videophones located in emergency shelters and domestic abuse shelters, so long as the registration data provided to the User Database in advance of such use identifies the phone as an emergency or domestic shelter videophone. The Commission believes there may be situations where individuals fleeing their homes may not have made log-in arrangements in advance of an emergency or domestic abuse incident, or may forget to retrieve such information when rushing to a [[Page 26385]] shelter. Providing individuals the ability to establish telephone communications could be vital to their health and safety in crisis situations. The Commission seeks comment on this proposal. Are there other locations where the Commission should adopt an emergency situation exemption to the log-in requirement for enterprise and public phones? How should the Commission define the scope of exempt locations for this purpose? 38. Alternatives to a Log-In Requirement. The Commission also asks for comment on alternatives to a log-in requirement. For example, Sorenson argues that, once enterprise and public videophones are registered in the User Database, it should be sufficient for a VRS user to enter the user's VRS telephone number (without a PIN) before completing a call, noting that the TRS Fund administrator would have the ability to monitor usage trends at these phones to identify anomalous call patterns that may require further investigation. Sorenson also states that it requires all users who place a VRS call from a public phone to digitally sign to indicate that they have a hearing or speech disability and need VRS to communicate. Sorenson's certification states: By clicking the ``Accept,'' you certify that you have a hearing or speech disability and that you need VRS to be able to communicate with other people. You further certify that you understand that the cost of VRS calls is paid for by contributions from other telecommunications users to the interstate Telecommunications Relay Service Fund. 39. Sorenson also proposes that the person responsible for compliant use of the enterprise or public videophone self-certify their status as the responsible person on a quarterly basis. The Commission seeks comment on Sorenson's proposals and invites commenters to propose other alternatives. The Commission asks commenters to address the costs and benefits of each alternative, including the extent to which such alternatives will protect the TRS Fund from waste, fraud, and abuse. Technical Correction of the Data Collection Rule 40. The Commission proposes a technical correction of 47 CFR 64.604(c)(5)(iii)(D), which addresses requirements imposed on TRS providers generally regarding data collection and audits. When the Commission amended this provision (then designated as Sec. 64.604(c)(5)(iii)(C)) in 2011, it appears that a portion of the text of paragraph (1) was inadvertently deleted. Accordingly, the Commission proposes to amend paragraph (1) to restore the missing text, to read as follows (with the restored text in bold, underlined type): TRS providers seeking compensation from the TRS Fund shall provide the administrator with true and adequate data, and other historical, projected and state rate related information reasonably requested to determine the TRS Fund revenue requirements and payments. TRS providers shall provide the administrator with the following: Total TRS minutes of use, total interstate TRS minutes of use, total operating expenses and total TRS investment in general in accordance with part 32 of this chapter, and other historical or projected information reasonably requested by the administrator for purposes of computing payments and revenue requirements. 41. The Commissions seeks comment on this proposed amendment, which the Commission does not anticipate will have any effect on the current practices of the TRS Fund administrator or TRS providers. Initial Regulatory Flexibility Analysis 42. As required by the Regulatory Flexibility Act of 1980, as amended, the Commission has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the possible significant economic impact on a substantial number of small entities by the policies and rules proposed in document FCC 19-39. Written public comments are requested on this IRFA. Comments must be identified as responses to the IRFA and must be filed by the deadline for comments specified in the DATES section. The Commission will send a copy of document FCC 19-39 to the Chief Counsel for Advocacy of the Small Business Administration. Need for, and Objectives of, the Proposed Rules 43. In document FCC 19-39, the Commission proposes to (1) permit communications assistants (CAs) to handle video relay service (VRS) calls at home on a permanent basis; (2) allow VRS providers to provide service to new and ported users at their own risk for up to two weeks while the telecommunications relay service (TRS) user registration database (Database) administrator is verifying the user's registration information; and (3) implement log-in procedures to authenticate users prior to their use of enterprise and public videophones. If adopted, these proposals would improve video communications for people with disabilities, while safeguarding the VRS program against waste, fraud, and abuse by ensuring that only eligible individuals use enterprise and public videophones to place VRS calls. Legal Basis 44. The authority for this proposed rulemaking is contained in 47 U.S.C. 151, 225. Small Entities Impacted 45. The rules proposed in document FCC 19-39 will affect obligations of VRS providers. These services can be included within the broad economic category of All Other Telecommunications. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements 46. The proposals to permit CAs to handle VRS calls at home on a permanent basis and to allow VRS providers to provide service to new and ported users for up to two weeks while the Database administrator is verifying the user's registration information do not create any new reporting, recordkeeping, or other compliance requirements on VRS providers beyond what is already required. The rules requiring users to log in when using enterprise and public videophones will require VRS providers to collect and retain log-in information from users. Steps Taken To Minimize Significant Impact on Small Entities, and Significant Alternatives Considered 47. The proposal to permit CAs to handle VRS calls at home would make the current pilot program permanent, and participation in the program would continue to be optional for VRS providers. The Commission is not proposing any new requirements that would increase regulatory requirements beyond those that are already required as part of the pilot program. The existing and proposed requirements would apply equally to all VRS providers and are necessary to prevent waste, fraud, and abuse of the TRS Fund by ensuring that CAs are subject to proper supervision and accountability. To the extent there are differences in operating costs resulting from economies of scale, those costs are reflected in the different rate structures applicable to large and small VRS providers. 48. The proposal to allow VRS providers to provide service to new and ported users for up to two weeks while the Database administrator is verifying the user's registration information would simply provide a new option for VRS providers. The Commission is not proposing any new requirements that would increase regulatory requirements [[Page 26386]] beyond those that are already required. The existing and proposed requirements would apply equally to all VRS providers and are necessary to prevent waste, fraud, and abuse of the TRS Fund by ensuring that providers are not compensated for service provided to users who do not satisfy the verification requirements. To the extent there are differences in operating costs resulting from economies of scale, those costs are reflected in the different rate structures applicable to large and small VRS providers. 49. The provision of VRS to enterprise and public videophones is optional for VRS providers. The proposed user log-in requirements for such videophones would apply equally to all VRS providers and users, and are necessary to prevent waste, fraud, and abuse of the TRS Fund by ensuring that only registered users can use such phones for VRS calls. The log-in requirements for enterprise and public videophones would be no more burdensome than user authentication procedures for pay phones and for any type of commercial activity such as on-line banking and bill paying and use of various other internet services. To the extent there are differences in operating costs resulting from economies of scale, those costs are reflected in the different rate structures applicable to large and small VRS providers. 50. The Commission seeks comment from all interested parties. Small entities are encouraged to bring to the Commission's attention any specific concerns they may have with the proposals outlined in document FCC 19-39. The Commission expects to consider the economic impact on small entities, as identified in comments filed in response to document FCC 19-39, in reaching its final conclusions and taking action in this proceeding. Federal Rules Which Duplicate, Overlap, or Conflict With, the Commission's Proposals 51. None. List of Subjects in 47 CFR Part 64 Individuals with disabilities, Telecommunications, Telephones. Federal Communications Commission. Marlene Dortch, Secretary. Proposed Rules For the reasons discussed in the preamble, the Federal Communications Commission proposes to amend 47 part 64 as follows: PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS 0 1. The authority citation for part 64 continues to read as follows: Authority: 47 U.S.C. 154, 201, 202, 217 218, 220, 222, 225, 226, 227, 228, 251(a), 251(e), 254(k), 262, 403(b)(2)(B), (c), 616, 620, and 1401-1473, unless otherwise noted. 0 2. Amend Sec. 64.604 by revising paragraph (c)(5)(iii)(D)(1) to read as follows: Sec. 64.604 Mandatory minimum standards. * * * * * (c) * * * (5) * * * (iii) * * * (D) * * * (1) TRS providers seeking compensation from the TRS Fund shall provide the administrator with true and adequate data, and other historical, projected and state rate related information reasonably requested to determine the TRS Fund revenue requirements and payments. TRS providers shall provide the administrator with the following: total TRS minutes of use, total interstate TRS minutes of use, total operating expenses and total TRS investment in general in accordance with part 32 of this chapter, and other historical or projected information reasonably requested by the administrator for purposes of computing payments and revenue requirements. * * * * * 0 3. Amend Sec. 64.611 by revising paragraphs (a)(4) and (a)(6)(ii)(A) and by adding paragraphs (a)(6)(vi) through (viii) to read as follows: Sec. 64.611 internet-based TRS registration. (a) * * * (4) TRS User Registration Database information for VRS. (i) Registration information. Prior to requesting compensation from the TRS Fund for service provided to a consumer, a VRS provider shall obtain the consumer's: (A) Full name; (B) Date of birth; (C) Full residential address; (D) Telephone number; and (E) Last four digits of the consumer's Social Security number or Tribal identification number. (ii) Registration submission. Each VRS provider shall collect and transmit to the TRS User Registration Database, in a format prescribed by the administrator of the TRS User Registration Database, the following information for each of its new and existing registered internet-based TRS users: Full name; full residential address; ten- digit telephone number assigned in the TRS numbering directory; last four digits of the social security number or Tribal Identification number, if the registered internet-based TRS user is a member of a Tribal nation and does not have a social security number; date of birth; Registered Location; VRS provider name and dates of service initiation and termination; a digital copy of the user's self- certification of eligibility for VRS and the date obtained by the provider; the date on which the user's identification was verified; and (for existing users only) the date on which the registered internet- based TRS user last placed a point-to-point or relay call. (iii) Each VRS provider must obtain, from each new and existing registered internet-based TRS user, consent to transmit the registered internet-based TRS user's information to the TRS User Registration Database. Prior to obtaining consent, the VRS provider must describe to the registered internet-based TRS user, using clear, easily understood language, the specific information being transmitted, that the information is being transmitted to the TRS User Registration Database to ensure proper administration of the TRS program, and that failure to provide consent will result in the registered internet-based TRS user being denied service. VRS providers must obtain and keep a record of affirmative acknowledgment by every registered internet-based TRS user of such consent. (iv) VRS providers must, for existing registered internet-based TRS users, submit the information in paragraph (a)(3) of this section to the TRS User Registration Database within 60 days of notice from the Commission that the TRS User Registration Database is ready to accept such information. Calls from or to existing registered internet-based TRS users that have not had their information populated in the TRS User Registration Database within 60 days of notice from the Commission that the TRS User Registration Database is ready to accept such information shall not be compensable. (v) VRS providers must submit the information in paragraph (a)(4) of this section upon initiation of service for users registered after 60 days of notice from the Commission that the TRS User Registration Database is ready to accept such information. * * * * * (6) * * * (ii) * * * (A) A default VRS provider for an enterprise or public videophone shall obtain a written certification from the individual responsible for the videophone, attesting that the [[Page 26387]] individual understands the functions of the videophone and that the cost of VRS calls made on the videophone is financed by the federally regulated Interstate TRS Fund, and for enterprise videophones, that the organization, business, or agency will make reasonable efforts to ensure that registered VRS users are permitted to use the phone for VRS. * * * * * (vi) Beginning 180 days after notice from the Commission that the TRS User Registration Database and TRS Numbering Directory are ready to process log-in information from enterprise and public videophones, VRS calls at such videophones shall not be compensable from the TRS Fund unless the videophone has been registered in accordance with this section, the videophone user is a registered VRS user, and the videophone user has logged into the videophone. (vii) Only one user may be logged into an enterprise or public videophone at any time, except that, for an enterprise videophone located at a reception desk or other work area, up to five users may be logged in simultaneously, provided that the phone is configured so that each user must select his or her individual user profile before answering or placing a call. Providers shall keep records of users that are pre-authorized under this paragraph and shall discontinue permission for such automatic use by any individual that the provider knows or has reason to believe no longer needs access to the device. (viii) Emergency 911 calls from enterprise and public videophones and calls from public videophones installed in emergency shelters shall be exempt from the videophone user log in requirements of paragraph (a)(6)(vi) of this section. * * * * * 0 4. Amend Sec. 64.615 by revising paragraphs (a)(2)(i) through (v) to read as follows: Sec. 64.615 TRS User Registration Database and administrator. (a) * * * (2) * * * (i) VRS providers shall validate the eligibility of a party using an enterprise or public videophone by querying the designated database in accordance with paragraph (a)(1) of this section. (ii) VRS providers shall transmit with such queries any log-in information specified in the database administrator's instructions for validating such calls. (iii) VRS providers shall require their CAs to terminate any call which does not include an individual eligible to use VRS or, pursuant to the provider's policies, the call does not appear to be a legitimate VRS call, and VRS providers may not seek compensation for such calls from the TRS Fund. (iv) Emergency 911 calls from enterprise and public videophones shall be exempt from the videophone validation requirements of paragraph (a)(2)(i) of this section. (v) Emergency 911 calls from enterprise and public videophones and calls from public videophones installed in emergency shelters shall be exempt from the videophone user log-in requirements of paragraph (a)(2) of this section. * * * * * [FR Doc. 2019-11210 Filed 6-5-19; 8:45 am] BILLING CODE 6712-01-P