FCC Approves NEAD Privacy and Security Plan

The FCC released a memorandum opinion and order today approving the privacy and security plan that the wireless industry submitted to the FCC in February for the National Emergency Address Database (NEAD) (TR Daily, Feb. 6), which was created pursuant to indoor 911 location-accuracy rules adopted by the Commission in 2015 (TR Daily, Jan. 29, 2015).

The nation’s four national wireless carriers — Verizon Wireless, AT&T, Inc., Sprint Corp., and T-Mobile US, Inc., — along with NEAD LLC, a non-profit entity established by CTIA to administer the NEAD, submitted the required NEAD privacy and security plan in PS docket 07-114.

“Based on our review of the Plan and the comment record, we find that the Plan meets the requirements of the Indoor Location Fourth Report and Order and includes sufficient provisions to safeguard the privacy, security, and resiliency of the NEAD when it is launched,” the FCC said in the order released today. “Moreover, we agree with CDT’s [the Center for Democracy & Technology] prediction that prohibiting the use of the NEAD and associated data for non-E911 purposes will help maintain public trust in the NEAD and will, in turn, help the NEAD succeed as a means of deriving dispatchable location. We therefore approve the Plan and find that it fulfills the precondition established by the Commission in the Indoor Location Fourth Report and Order for activation of the NEAD. We will continue to monitor the implementation of the Plan by the National Carriers and the NEAD, LLC, and reserve the right to take ‘additional measures to protect the privacy, security, and resiliency of the NEAD and any associated data’ should the Plan not be adhered to by the parties.”

The FCC also declined “to require revision of the Plan as requested by the National States Geographic Information Council (NSGIC) and several state and local entities. NSGIC’s request, which seeks access to the database to conduct pre-validation of addresses, is inapposite to the issue of the sufficiency of the privacy and security of the Plan. NSGIC asserts that PSAPs and state, regional, and local governments should have access to the database to be able to pre-validate the data being entered in the NEAD database against their own GIS [geographic information system] data both to ensure the NEAD data is accurate and to identify and add missing addresses and sub-address information to their own GIS databases.

“NENA and NEAD, LLC oppose NSGIC’s request,” the FCC noted. “NENA states that ‘NSGIC seeks access to data beyond that which was contemplated at the time E9-1-1 and/or NG9-1-1 standards were developed, beyond that which was negotiated between NENA, APCO, and the four largest wireless carriers and included in the Commission’s rules, and beyond that which was designed-in to the NEAD architecture.’ NEAD, LLC agrees with NENA’s comments and states that the issues raised by NSGIC ‘are outside the scope of the Plan and should not be addressed as part of the FCC’s approval of the Plan.’ We agree with parties that NSGIC’s request is beyond the scope of determining the sufficiency of the privacy and security of the Plan. We find that NSGIC seeks access to the NEAD in a manner that is inconsistent with the relevant standards, which support alternative data validation procedures that do not require access to NEAD data. Further, as discussed above, the Indoor Location Fourth Report and Order and the Commission’s rules prohibit the use of the NEAD and all associated data for any purpose other than responding to 911 calls, except as required by law. There is no provision in the Indoor Location Fourth Report and Order or the rules that authorizes the NEAD to share data with state or local entities seeking to compare address databases.” —Paul Kirby, paul.kirby@wolterskluwer.com

Courtesy TRDaily