On May 18, 2017, at the Federal Communication Commission’s (“FCC” or “Commission”) May Open Meeting, the Public Safety and Homeland Security Bureau (“Bureau”) presented its final report on its investigation into the VoLTE 911 outage experienced by AT&T Mobility (“AT&T”) on March 8, 2017 (“the Report”). The Bureau offered a strong critique of AT&T, concluding that the outage could have been avoided had AT&T adopted network reliability best practices previously recommended by an FCC advisory committee. Despite the criticism, however, neither the Bureau nor the Commissioners made any mention of possible enforcement action against AT&T for the outage — at least not at this time.
The Bureau reported that the AT&T 911 outage, which affected mobile wireless customers nationwide and lasted approximately five hours, was one of the largest outages ever reported to the FCC. The Report explained that the communications path between AT&T and its 911 call routing subcontractors, Comtech and West, which each provide call routing information for separate geographic regions of the United States, became corrupted, resulting in a “mismatch” in IP addresses. The connections with these subcontractors are essential to 911 service, and AT&T’s 911 network requires a trusted IP address be associated with the incoming communications from these vendors. However, on March 8, AT&T initiated a network change that caused a mismatch between the trusted IP addresses recognized by AT&T’s network and the ones Comtech uses to send 911 call routing information. This caused a loss of connectivity between AT&T and Comtech resulting in AT&T being unable to receive 911 call routing information. This problem was exacerbated by a network reset attempting to fix the problem that prevented AT&T from receiving 911 call routing information from West as well.
The Report concluded “the outage was caused by an error that likely could have been avoided had AT&T implemented checks (e.g., followed certain network reliability best practices) with respect to their critical 911 network assets.” The Bureau noted actions AT&T took after the outage to prevent a recurrence but pointed out that most of the actions could have been implemented beforehand to reduce the likelihood of such an event. Additionally, the FCC’s Communications Security, Reliability, and Interoperability Council (“CSRIC”) — an advisory committee charged with 911 service issues — has recommended certain network reliability best practices that could have prevented the outage or at least, mitigated its impact, had AT&T implemented them. According to FCC Chairman Pai,
[T]his outage could have been prevented. It was the result of mistakes made by AT&T. The Bureau’s report shows that there were shortfalls in operational redundancies, risk assessment, and stakeholder and consumer outreach. Had AT&T followed certain best practices as outlined by the FCC’s Communications Security, Reliability and Interoperability Council, this outage would have had much less impact. Indeed, the cause of the outage could and should have been identified and addressed with periodic audits of the network.
The Report concludes by recommending the Bureau conduct outreach to the telecommunications industry to promote better awareness and understanding of network reliability best practices. The Bureau intends to release a Public Notice to this point that reminds companies about the importance of implementing the CSRIC best practices. Additionally, the Bureau’s investigation highlighted some challenges in the communication and notification process between industry and public safety answering points (“PSAP”) and the need for better coordination between these entities. As result, the Bureau will host a workshop to discuss best practices and develop recommendations for improving situational awareness during 911 outages, including strengthening PSAP outage notifications and how to best communicate with consumers about alternative methods of accessing emergency services
Despite the Report’s findings and the strong criticism of AT&T by the Chairman, the FCC did not take any enforcement action, at least at this time. Although the FCC has one year from the March 8 incident to propose enforcement action (and therefore, it still remains a possibility), the fact that no mention of enforcement may be significant. Under prior FCC leadership, large fines were levied against carriers that had issues resulting in a 911 outage. As we discussed in 2014, the FCC took an aggressive posture and proposed a $100,000 forfeiture against a small rural carrier in what appeared to be the first Notice of Apparent Liability issued to a telecommunications carrier for failing to provide 911 service. Shortly after that, the FCC took action against three carriers involved in an April 2014 outage, resulting in over $20 million in penalties being paid in the aggregate. A year after that, the FCC reached a $17.5 million consent decree with T-Mobile regarding two separate but related 911 service outages.
Against this backdrop, the Commission’s silence regarding enforcement stands out. Time will tell whether an action is still under consideration or whether today’s report signals a shift away from such fines and toward encouraging compliance with best practices instead.