Neustar Says Telcordia LNPA Contract Could Have National Security Concerns
In the final days before the end of the reply period for the selection of the Local Number Portability Administrator Friday night, Neustar is trying to hold on to the contract by arguing there could be national security risks should the FCC award it to rival Telcordia. The FCC should pause and issue another NPRM to examine how well equipped the companies are in protecting the security of the network from infiltration and in working with law enforcement, Steve Edwards, Neustar senior vice president-data solutions, told us. He noted that Telcordia’s parent company, Ericsson, is a Swedish company. “Foreign ownership increases the risks,” said Edwards, who added that it “raises the potential that software codes could be written by employees and consultants overseas.” In the interim, Neustar should continue as the LNPA, he said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Whether the argument was gaining enough traction at the FCC to potentially delay awarding the contract was unclear. Commissioners are delving through the comments and replies filed thus far, an FCC official said. Without discussing the merits of Neustar’s argument, the official noted issues regarding national security and public safety will have to be taken seriously, particularly because they have attracted the attention of Congress.
Rep. Mike Pompeo, R-Kan., a member of the Intelligence Committee and Communications Subcommittee, sent a letter to FCC Chairman Tom Wheeler last week saying the “security requirements were barely mentioned” in the request for proposal (RFP) process for the LNPA selection, and that the FCC “shouldn’t make a decision until security considerations receive full attention.” Commission staff has not yet delved deeply enough into the issue to zero in on any of an array of options, the official said, which includes accepting the North American Numbering Council’s (NANC) recommendation to contract with Telcordia, rejecting it or putting out a new NPRM to examine issues like the bidders’ ability to work with law enforcement. A number of law enforcement organizations including the FBI and, on Wednesday, The International Association of Chiefs of Police and the National Sheriffs’ Association, urged more consideration of the next LNPA’s ability to work with law enforcement. The organizations were not recommending a re-bid, an NPRM or any particular solution, said Harlin McEwen, chairman of the IACP communications and technology committee. “We have purposely left that to the FCC,” he said.
Telcordia, on Thursday, stopped short of saying as it did last week (CD Aug.14 p1) that Neustar’s arguments were “desperate,” saying in a statement that the NANC recommendation had been unanimous. “Telcordia has demonstrated that it meets or exceeds the technical, management and other criteria set out by the industry and that it offers a compelling price, which ultimately benefits consumers and carriers,” the statement said. “Telcordia is a US-based company that has been providing critical telecommunications routing databases since the Bell system and has helped carriers process and manage number porting since porting began 17 years ago."
The details of the national security argument became public after Neustar released a corrected version (http://bit.ly/1nfN41Z) of its opening comments that removed redactions from a portion that dealt with national security. The section, which Telcordia had complained could not be viewed by company attorneys without security clearance, said “serious national security issues” were not addressed in the RFP process. “Without proper vetting, these issues raise significant questions as to the vulnerability of critical U.S. telecommunications infrastructure under a new LNPA and represent a serious deficiency in the process and substance of the selection competition,” said the unredacted portion posted Tuesday as an addendum in docket 09-109. Ericsson does business in a number of countries, including selling number portability software and services to “many countries, including India, Pakistan, the UAE, and Saudi Arabia,” Neustar said. Neustar noted it primarily serves North America, and its software and systems are developed and maintained in the United States. “These are important differences from the standpoint of national security,” Neustar said. The comments were unredacted by Neustar in consultation with the FCC.
CTIA and USTelecom, which urged (http://bit.ly/1mqPOcV) quick FCC approval of Telcordia’s selection, had no comment Thursday on Neustar’s arguments. The IACP’s and sheriff’s association’s comments mirrored the joint comment (http://bit.ly/1p0Kc8Y) filed by the FBI, Drug Enforcement Administration, Secret Service and Immigration and Customs Enforcement earlier this month. The federal law enforcement agencies took no stance on which company should be selected, and spokespeople had no comment Thursday when asked if they are seeking a new NPRM. They said in their comments that “getting reliable and accurate” information from the LNPA is vital. “Otherwise, records of individuals who have committed no wrongdoing -- and whose communications are of no interest to the government -- could conceivably be inadvertently requested and lawfully produced by the communications provider based on erroneous information supplied by the LNPA,” the agencies said.
Law enforcement agencies need to know that their queries are confidential so suspects do not find out they are under investigation and that they can quickly get the information. “The Federal Law Enforcement Agencies want to ensure that the Commission require[s] that the LNPA vendor continues to provide, at a minimum, the same information that is currently provided by the existing LNPA vendor through a confidential query conducted over a secure web-based service in real time or near real time,” the agencies said.