An Alternate to the FCC Maps

I’ve written a lot of blogs about FCC broadband mapping. It’s been easy to criticize the maps since they are still full of errors and fantasy. I don’t foresee the maps getting any better as long as ISPs can continue to decide what they want to report in terms of broadband coverage and speeds. Too many ISPs have reasons for reporting maps they know are inaccurate, and it’s hard to think that’s going to change.

Perhaps having accurate maps doesn’t matter all that much. If BEAD comes somewhat close to solving the rural broadband gap, the FCC maps will quickly lose relevance. The FCC is always going to need some version of the maps to report to Congress each year on the state of broadband. But when the maps stop being a tool for deciding who gets grant funding, most local and state governments will stop caring about the maps – and nobody is going to much care what ISPs report to the FCC. Truth or fantasy won’t really matter, just like nobody cared about the maps just five years ago.

But I still think the FCC owes it to the public to provide a way to judge and compare the local ISPs. I’ve thought of a simple FCC tool that can accomplish that.

I think the FCC should buy the entire Ookla speed test database every month and make it available to the public in a portal where folks can see the speed tests actually reported for the ISPs working in their neighborhood. If a speed test comparison portal is made easy to use, it would be one of the best gifts the FCC can give the public. The FCC spent a huge amount of money developing the new broadband mapping system, and after all of that money, the maps are largely useless for the general public.

I will be the first to say that speed tests aren’t perfect. There are slow speed tests recorded for every ISP for reasons out of the control of the ISP. The biggest reason is WiFi routers that don’t deliver the speed to a computer that is delivered to the home. But the generic flaws of speed tests apply across the board to every broadband technology, meaning that speed tests are a great tool for comparing specific ISPs or technology.

Consider the following chart that represents Ookla speed tests taken in a suburban county over the last year. These results reflect over a million speed tests. The speeds shown for each technology are the overall average of all speed tests for each technology.












FWA Wireless



Fixed Wireless






These results are similar to what I see in a lot of counties. There are some counties where DSL isn’t as fast as in this county. There are counties where fixed wireless ISPs perform much better than in this particular county. This is the only county where I’ve seen fiber have an identical average upload and download speed. But the overall performance of the various technologies is pretty typical.

These speed test results tests tell a great story about the local differences between technologies. This is information that is not readily available to the public. The FCC has ordered ISPs to create broadband labels – but those labels allow ISPs to report marketing speeds and will be no more useful to the public than the broadband maps. An FCC-sponsored speed test portal would allow the public to see how various ISPs perform in and around their neighborhood.

Detailed speed test results also can tell us a lot about any given ISP. It’s interesting to look at the fastest speed tests delivered for a given ISP. When I look at fiber based ISPs there are invariably some speed tests that are near the gigabit speed claimed by the ISPs in the FCC map. But the same is not always true for cable companies. I find some cable companies that are also delivering the top speed claimed in the FCC mapping. But it’s not unusual to find markets where a cable company claims gigabit speeds but doesn’t have any speed tests faster than 600 – 700 Mbps. That is still blazingly fast, but that is not a gigabit network.

Making the Ookla data available to everybody would be a huge public service. Local politicians always tell me that they have no way to judge the ISPs in their community, and this would give them a tool to do so. When used on a smaller scale, speed tests can also be used to show that some neighborhoods get faster broadband than others from the same ISP. As I wrote in a recent blog, folks can use speed tests to see that broadband speed on FWA cellular broadband die quickly as the distance between a cell tower and customers increases. This information would let the public understand broadband in a way that has never been understood before. Speed test data, when used in mass, will expose ISPs that exaggerate their speeds – and highlight ISPs that are honest.

So, FCC keep your maps for reporting to Congress, but please give the public this readily available tool so that everybody can get usable facts about broadband. ISPs that exaggerate their speeds will hate this idea – but honest ISPs will welcome it.

Finally, Broadband Labels

At the end of August, the FCC gave final approval to the requirement that ISPs must provide broadband labels. The FCC had originally approved the broadband labels in November 2022 but then received three petitions to further modify the rules. The recent order makes a few minor changes to the original order but largely leaves the original broadband label rules intact.

The labels were required as a provision of the Infrastructure Investment and Jobs Act. ISPs with more than 100,000 customers will have to start using the new labels within six months. All other ISPs have a year to implement. I think ISPs with fiber networks ought to issue the new labels quickly – it’s a chance to brag and compare your symmetrical capabilities against other technologies.

The new labels look a lot like the nutrition labels that are on all processed foods. The label requires basic information like the monthly price for standalone broadband, any special pricing that is in place currently and when that special pricing expires, a description of other monthly and one-time fees associated with the broadband, and the typical broadband speeds and latency.

I can’t wait to see how the big ISPs are going to implement the labels. Marketing folks at the big ISPs must be dreading the requirement to disclose the list price of standalone broadband and the requirement to list extra fees like big charges for a WiFi router. It’s been standard practice for years for customers to buy broadband without getting even basic facts such as the price for the broadband after an introductory offer.

The labels are going to be a big challenge for the cable companies that still sell a huge number of product bundles. The cable companies have never told consumers the portion of the bundled price associated with any given product. But my interpretation of the label rules is that they will somehow have to identify the broadband price.

As usual, the FCC let the big ISPs off the hook on one of the major requirements. ISPs are only required to disclose the typical broadband speed and latency. I am willing to bet that the labels are going to look a lot like the marketing speeds that are reported to the FCC maps – and that can be very different than what is delivered. In the many surveys that my consulting firm has done over the years, consumers regularly tell us that they have no idea what speed they are supposed to be getting. From the many bills we’ve collected over the years, many ISPs also don’t disclose the speeds on the monthly bill.

I’m really curious about what ISPs are going to report for upload speeds. We’ve been seeing huge numbers of speed tests for ISPs that don’t deliver 20 Mbps, which has become the new practical standard to be considered as broadband – and which the new 5-Commissioner FCC is likely to soon make official. How many ISPs are going to honestly disclose upload speeds under 20 Mbps, which would be an admission that their product is not broadband?

There are ISPs using a few technologies that are going to really struggle with the label requirement. For example, there are a dozen factors that can influence the speed of DSL, and two adjacent homes can have a significantly different DSL experience. The speeds on all wireless technologies vary to some degree with differing environmental conditions. Speeds on the new FWA cellular broadband are highly dependent on the distance between a customer and the serving tower. Any ISP that has network bottlenecks will deliver different speeds at different times of the day, depending on how busy the network is.

ISPs also face the challenge of somehow balancing what they declare on the broadband label and what they report to the FCC mapping. ISPs know that most of the public likely never sees what they report to the FCC maps, but a lot of people are going to see broadband labels that must be prominently displayed on ISP websites. My guess is that most ISPs will claim the same speeds in both places. I think the whole intent of the labels was to invite public pushback against ISPs that are exaggerating performance.

My Broadband Regulatory Wishlist

Chairwoman Jessica Rosenworcel wasted no time in declaring that the FCC is going to tackle reinstituting Title II regulation for broadband. She made the announcement only a few days after the Senate approved Anna Gomez to fill the open fifth Commissioner slot. Since her announcement, I’ve been thinking about the things I’d like to see the FCC tackle with five Commissioners.

Net Neutrality. This is not at the top of my list, but I put this first to get it out of the way. Most big ISPs have not been engaging in big violations of the net neutrality principles. This is partially because ISPs didn’t want to see net neutrality to be the excuse for reintroducing broadband regulation. But it’s also because California has been successful in implementing net neutrality. There is no practical way for a nationwide ISP to violate net neutrality rules everywhere except California, so they hesitate to do so. The bottom line is that discriminating against some classes of customers or types of traffic is bad business and most big ISPs just don’t go there to the extent that was always feared by net neutrality proponents. But it seems likely that the net neutrality rules will be reinstated.

Carrier Disputes. Industry insiders miss the ability to take broadband disputes between carriers to the FCC for resolution. This is a quiet part of the industry that has always been effective yet under the radar. Just the threat of taking another carrier to the FCC was often an effective negotiating tactic when ISPs violated contracts or industry practices. But killing Title II regulation for broadband meant that the FCC no longer claimed jurisdiction over many broadband disputes – leaving carriers with a much tougher path of taking disputes to court.

Consumer Protection. Probably the biggest change when Title II regulation was killed was that the FCC stopped taking an active role in protecting consumers against bad behavior by ISPs. When people got so fed up that they finally complained to the FCC about bad ISP behavior, the ISPs generally tried to resolve issues to stay on the good side of the FCC. In the cases where a lot of consumers were harmed by an ISP practice, the FCC ordered ISPs to fix bad behavior and often required refunds of overcharges. That all went away with the end of Title II regulation. The FCC still has a complaint process, but the agency just forwards consumer complaints to ISPs which have been free to ignore them. The FCC further passed the responsibility for consumer protection to the FTC to police ISP’s bad behavior – which is totally ineffective since the FTC doesn’t have the authority to set industry-wide rules and only prosecutes the worst of the worst behavior, one ISP at a time.

Merger Conditions. The FCC often used its Title II authority to make ISPs accept conditions for broadband mergers. Charter customers can all thank the FCC for blocking the company from instituting data caps as a result of an agreement made when the company wanted to merge with Time Warner Cable. The FCC has not always stuck to its guns in enforcing merger conditions, but this is one that has saved millions for Charter customers. This prohibition will end soon, so be on the lookout for Charter data caps.

Collecting Real Pricing Data. The FCC periodically does urban rates studies, but in doing so, it doesn’t collect real prices – just the prices that ISPs claim. A study in Los Angeles last year showed that Charter had different prices by neighborhood throughout the City, with the best deal being offered to areas with higher household incomes. Title II regulation theoretically would allow the FCC to somehow regulate prices – but it’s hard to imagine it would ever do so. It doesn’t regulate prices for telephone, cable, or cellular service, and it’s hard to imagine an FCC wading into this issue. But having Title II authority could give the FCC leverage to encourage lower rates when ISPs ask for other concessions from the agency.

Privacy. Like with net neutrality, California is far ahead of the FCC in terms of trying to protect customer privacy. It would be great to see the FCC change privacy policies to protect consumer data in today’s complicated online world.

Giving the States Cover for Regulating. When the FCC gave up on regulating broadband, most states did so as well. It’s difficult and expensive for states to take on the big ISPs without the cover of the FCC regulating and taking most of the industry flak. ISPs use the tactic of suing states that try to regulate them in any way.

A Broadband Map that Works. This issue probably means I am completely fantasizing. I don’t think there will ever be a broadband map that can work. When the BEAD grants are behind us, I suspect we’ll move back to not carrying how lousy the maps are. But if we are somehow forced to care about maps, it would be good if the process worked.

The Fifth FCC Commissioner

Nearly three years after the 2020 election, the FCC finally approved a fifth Commissioner for the FCC. The Senate voted 55-43 to confirm Anna Gomez as the newest FCC Commissioner. This will be the first time since Ajit Pai resigned in January 2021 that the Commission will be at full strength.

For those that might wonder why this matters, the five seats on the FCC are generally split 3-2 in favor of whatever party holds the White House. Without the third Commissioner for the party in current power, the FCC is easily gridlocked on numerous issues.

The industry is already speculating about what a fifth Democratic Commissioner might mean. President Biden made his feelings clear early in his administration that he hoped the FCC would tackle the monopoly powers of the big ISPs. However, the FCC is an independent agency that is not under the direct control of the White House, and past FCCs have not always been in lock-step with the White House.

Following are some of the issues the FCC might tackle:

Restoring Title II Regulation. We just found out yesterday that Chairwoman Jessica Rosenworcel isn’t going to waste any time after seating the fifth Commissioner, and she intends to quickly tackle the restoration of Title II regulation. The FCC under Ajit Pai eliminated Title II regulation, which was the mechanism chosen to regulate broadband since there is no specific mandate to do so from Congress. Congress could mandate that broadband be regulated by passing a law, but there have never been enough votes to do so. Until the day when Congress acts, the FCC can only regulate broadband by trying to make broadband fit into existing regulations. Title II does just that by declaring broadband to be a telecommunications service, meaning it can be regulated using the same authority used to regulate telephone and cellular services.

The press is already labeling this as an effort to reinstate net neutrality, but net neutrality is a minor portion of what it means to regulate broadband. Using the power of Title II regulation to regulate broadband means that the FCC can tackle things like mediating disputes between broadband companies, establishing some limits on broadband rates, and even doing simple things like intervening when ISPs abuse customers. Unfortunately, if the FCC pulls off the reinstatement of Title II regulation, it will begin another cycle of what I call the regulatory yoyo, where rules come and go with the change of administrations.

Tackling Broadband Discrimination. ISPs have long been accused of redlining – of only building broadband infrastructure to selected neighborhoods. If anything, it looks like many fiber builders are discriminating even more than in the past and building infrastructure only in neighborhoods with the highest returns on investment. Earlier this year, the FCC opened a docket to investigate digital discrimination, and it seems likely that this topic will take on more importance with a fifth Commissioner.

Regulating Web Companies. In the last few years, the biggest web companies have seemingly gone off the deep end and instituted policies that invite regulation. Big web platforms like Facebook and X (Twitter) are suddenly blocking news and content and allowing the proliferation of mass misinformation. It’s probably within the FCC’s power to impose some regulations on the big platforms – or to at least try.

Media Cross-ownership.  The FCC under Ajit Pai largely eliminated rules against the cross-ownership of print media and broadcast outlets – bringing in an unprecedented consolidation of the way that Americans get local news. The Ajit Pai FCC also made it easier to allow foreign investment in media companies and to relax the reporting of foreign investors. Current Chairwoman Jessica Rosenworcel has shown a desire to clamp down on the worst of these practices.

Of course, a fully staffed FCC might not tackle all of these issues or might tackle them in unexpected ways. In the past, the Chairperson of many FCCs has tried to put a personal stamp on FCC actions to make a name in history. Now that there is finally a fifth Commissioner we’re going to see what Chairwoman Jessica Rosenworcel has in mind.

Universal Service Fund Under Fire

There have been several lawsuits over the last few years that challenge the legitimacy of the FCC’s Universal Service Fund (USF). A suit from a non-profit group called Consumers’ Research argues that USF fees are actually taxes and that the original creation of the USF was unconstitutional since it gave the FCC the power to levy taxes.

Several lawsuits have already been decided in favor of the FCC in the 5th and 6th U.S. Circuit Courts of Appeals. But in June, the 5th Circuit, based in New Orleans, agreed to rehear the case before the full court. That hearing was held last week and press reports say that the questions at the hearing seemed to be in favor of the petitioners who want to shut down the USF.

There is also an appeal of the other rulings that are pending before the U.S. Supreme Court. There is also a case from Consumers’ Research that is pending at the 11th Circuit and the D.C. Circuit Courts.

The Universal Service Fund has been popular with the public and many politicians because the FCC has been using the USF to tackle issues that are broadly referred to these days as the digital divide. The E-Rate program provides subsidized broadband to make sure there is connectivity in the poorest schools in the country. The Rural Health Care program subsidizes broadband connections for rural healthcare clinics.

A few of the USF programs have been more controversial. The Lifeline Program was originally used to provide a discount for telephone bills for low-income homes but has been repurposed to provide broadband discounts. Critics have charged for years that the program was rife with fraud, but the FCC finally instituted a portal that does a better job of verifying eligibility. The High Cost program has provided subsidies and grants to extend rural broadband. Among the programs have been a few that are controversial such as the CAF II program that gave subsidies to the biggest rural telcos to increase DSL speeds to 10/1 Mbps, and the more recent RDOF program that allocated subsidies to unserved parts of the country through a reverse auction. The FCC is considering using this fund to expand rural cellular towers.

The biggest issue facing the USF is that the funding mechanism is inadequate. The fees that fund the USF are assessed on Interstate telephone services and traditional Interstate regulated data circuits – revenue streams that continue to shrink. The USF fee on these items has continued to creep upward to make up for the shrinking and has grown to become a 30% fee on the services.

One of the obvious fixes to the funding would be to spread the USF fee over the huge number of broadband subscriptions in the country. This makes a lot of sense since the Universal Fund is used almost entirely these days to tackle broadband gaps. But the big ISPs have lobbied heavily against the idea and have instead been pushing for the fee to be assessed to big tech companies like Amazon, Google, Meta, and Apple. The big ISPs say it would be unfair for them to subsidize the web giants, It’s an argument I’ve never fully understood since the ISPs wouldn’t be paying the fees and would pass the fees on to consumers. The big web companies have an equally powerful lobby these days and have fought against this idea. This is an argument that has been going on for several decades but has been heating up over the last year as it’s becoming obvious that the Universal Service Fund cannot remain viable with the existing funding mechanism.

The USF seems to be popular with federal legislators, but there has been no noticeable movement in Congress to fix the USF funding mechanism. The original funding mechanism was established by the FCC from authority granted by the Telecommunications Act of 1996, which is badly out of date with the modern broadband industry. Congress could fix the funding mechanism at any time, but it doesn’t seem like legislators want to choose between the big ISPs and tech companies.

All of this could be made mute if a Court rules that the way that the FCC funds the USF is unconstitutional. The USF could theoretically be shut down quickly if the funding mechanism is turned off. That would mean the end of Lifeline discounts, of broadband payments to schools, libraries, and health care clinics, and a cessation of funding for RDOF and ACAM. Congress could fix the issue by creating an actual tax instead of a fee set by the FCC – and perhaps it will take a drastic court action to get Congress to act.

FCC Considering New Rules for Data Breaches

Back in January of this year, the FCC issued a Notice of Proposed Rulemaking in WC Docket No. 22-21 that proposes to change the way that ISPs and carriers report data breach to the FCC and to customers. The proposed new rules would modify some of the requirements of the customer proprietary network information (CPNI) rules that were originally put into place in 2007.

Since the 2007 CPNI order, all fifty states have adopted a version of the CPNI rules as well as rules from federal agencies like the Federal Trade Commission, the Cybersecurity and Infrastructure Agency, and the Securities Exchange Commission. The FCC is hoping to strengthen the rules on reporting data breaches since it recognizes that data breaches are increasingly important and can be damaging to customers.

The FCC completed a round of initial and reply comments by the end of March 2023, but is not expected to make a final order before the end of this year.

The current FCC rules for data breaches require carriers to notify law enforcement within seven days of a breach using an FCC portal that forwards a report to the Secret Service and the FBI. After a carrier has notified law enforcement, it can opt to notify customers, although that is not mandatory. One of the reasons this docket was initiated is that carriers have kept quiet about some major data breaches. The new rules would require carriers to provide additional information to the FCC and law enforcement. The new requirements also eliminate any waiting period, and carriers would be required to notify law enforcement and customers “without unreasonable delay”. The only exception to rapid customer notification would be if law enforcement asks for a delay.

The FCC is proposing new reporting rules that it says will better protect consumers, increase security, and reduce the impact of future breaches. There was a lot of pushback from carriers in comments to the docket that centered on two primary topics – the definition of what constitutes a data breach, and the requirement of what must be told to customers.

The FCC wants to expand the definition of data breach to include the inadvertent disclosure of customer information. The FCC believes that requiring the disclosure of accidental breaches will incentivize carriers to adopt more strenuous data security practices. Carriers oppose the expanded definition since disclosure would be required even when there is no apparent harm to customers.

Carriers also oppose the quick notification requirements. Carriers argue that it takes time to  understand the breadth and depth of a data breach and to determine if any customers were harmed. Carriers also need to be working immediately after discovering breach to contain and stop the problem.

Carriers are opposed to the FCC suggestions of what must be disclosed to customers. The FCC wants to make sure that customer notices include everything needed for customers to react to the breach. Carriers say that assembling the details by customer will take too long and could leave customers open to further problems. Carriers would rather make a quick blanket announcement instead of a detailed notice to specific customers.

One of the interesting nuances of the proposed rules is that there would be two types of notifications required – one for inadvertent leaks and another for what the FCC calls a harms-based notification. This would require a carrier to notify customers based on the specific harm that was caused.  Carriers were generally in favor of the harms-based approach but didn’t want to confuse customers by notifying them of every inadvertent breach that doesn’t cause any harm.

Consumer advocates opposed allowing only the harm-based trigger, because it allows a carrier to decide when a breach causes harm. They fear that carriers will under-report harm-based breaches.

These rules would apply to all ISPs and carriers, regardless of size. While it might still be some months before any new rules become effective, small ISPs ought to use this impending change as a reason to review data security practices and the ability to notify customers.

Increasing the ACP Subsidy

I’m puzzled by the recent change to the Affordable Connectivity Program (ACP). The FCC recently implemented an increase in the monthly ACP subsidy in qualifying high-cost areas from $30 to $75. The reason for the change is easy to understand – this was codified in the Infrastructure Investment and Jobs Act legislation. The legislation required higher ACP payments be higher in  areas of the country designated as high-cost.

The NTIA has been working with State Broadband Offices to designate the high-cost areas in each state – because such areas are also eligible for special treatment and consideration in the upcoming BEAD grants. Now that high-cost areas are being defined, the FCC can implement the legislatively mandated ACP change.

What puzzles me is why this was in the legislation. The concept seems to be that areas with higher costs need additional support. To quote the recent FCC order on the increase, “the $75 monthly benefit would support providers that can demonstrate that the standard $30 monthly benefit would cause them to experience “particularized economic hardship” such that they would be unable to maintain part or all of their broadband network in a high-cost area”.

I agree with the concept that areas with particularly high costs might need some kind of broadband subsidy. For example, this is a big piece of the rationale for subsidy programs like ACAM.

But the extra ACP subsidy doesn’t help ISPs. ISPs use the ACP program to discount customer rates and then get reimbursed for the customer discount from the ACP funding provided by Congress. Whether the discount is $30 or $75, this is a net wash for the ISP. None of this support goes to the ISP and all of the benefit flows directly to the customer. It appears to me that the folks who wrote the legislation thought the ACP benefits ISPs and not low-income households.

I have a hard time rationalizing why this extra discount is only given in high-cost areas. Isn’t a low-income household located elsewhere just as worthy of extra help?

I guess you can make the argument that having a larger discount will make it easier to add more low-income customers to the network – and that would improve revenues for a rural ISP.

But realistically, having a higher customer discount also puts an ISP at greater risk if the ACP subsidy ever stops. The ACP discount only applies to customers who can demonstrate they are low-income or that they take part in one of several social programs. If a customer is getting free broadband because of a $75 ACP subsidy, is that customer going to be able to suddenly start paying for broadband if the ACP subsidy ends? That’s a valid question to ask since it looks like the ACP fund will run out of money some time in the second quarter of next year.

This extra subsidy would a little make more sense if ACP was a permanently funded program. But it seems like a rural ISP can be badly harmed if it relies on ACP and suddenly loses a lot of customers if the ACP fund runs dry.

I’m sure that the folks who drafted this requirement had good intentions, and some of the envisioned benefit might materialize if ACP is permanently funded. With a permanent ACP, ISPs in high-cost areas could justify making the effort to connect low-income households to broadband. But I have to advise ISPs not to aggressively pursue getting folks connected to the $75 ACP subsidy because the ISP stands to lose most such customers if the ACP program ends. There is a fixed cost to add a new customer to the network, and an ISP adding a new customer today won’t even recover that initial cost if the ACP subsidy ends early next year.

Perhaps the folks who inserted this language into the IIJA assumed that ACP would be so beneficial that Congress would permanently fund it past the end of the IIJA funding. But unless that commitment is made soon by Congress, I find it impossible to advise small ISPs to enroll new ACP customers.

Protecting Broadband Customer Data

At the end of July, the FCC proposed a $20 million penalty against Q Link and Hello Mobile for not complying with the Customer Propriety Network Information (CPNI). The FCC concluded that the two companies violated the CPNI rules when they failed to protect confidential user data. The companies both had security flaws in their apps that allowed outside access to customer account information.

Today’s blog is not talking about these two carriers, but their security measures must be terrible to invite fines of that magnitude. Today’s blog will use these fines to highlight that there are still stringent privacy rules in place for voice providers, but nothing similar for broadband. Other than perhaps invoking an investigation from the Federal Trade Commission for allowing leaks of broadband customer information, there are no specific prohibitions in place to stop ISPs from misusing customer data.

There is an interesting history of regulations for the protection of broadband customer information. The FCC, under Chairman Tom Wheeler, had implemented CPNI rules for broadband in 2016 along with other broadband regulations like net neutrality. These regulations went into effect near the end of 2016 and included a provision to allow customers to opt in or out of allowing an ISP to use and share their personal data.

In 2017, Congress eliminated the CPNI protections for broadband in response to a request by FCC Chairman Ajit Pai. Pai argued that it wasn’t fair to enforce privacy rules on big ISPs that weren’t also required for web companies like Google and Facebook. He also argued that CPNI rules made no sense after the Pai FCC had eliminated Title II regulation, which had declared that broadband is considered to be an information service and not a telecommunications service. Congress passed the Congressional Rule Act that eliminated the CPNI requirement along with other broadband regulations, and the FCC implemented the change in September 2017.

This has resulted in an unusual regulatory environment where two cellular carriers can be heavily penalized for not protecting customer data while ISPs cannot.

Telephone companies routinely capture details of customer calling – who you call and who calls you. This is familiar to anybody who’s seen a TV crime show since one of the first things detectives routinely do is to ask to see telephone calling records for a suspect. Telephone companies can’t release this information without a warrant. CPNI rules also require phone companies to keep other customer data secure, such as billing records, credit card numbers, etc. Telephone companies are even prohibited from marketing their own products to customers if a customer opts out of such marketing.

The 2016 privacy rules that were in place for only a short time implemented the same sort of privacy rules as voice, but customers were also given the choice to allow or deny access to their records. ISPs gather a lot more data about customers than telephone companies. For example, an ISP knows every web page you have visited since they control the DNS routing that connects you to websites. There are numerous other things an ISP can know about a customer if they choose to look deeper into the packets between users and websites.

ISPs I know aren’t worried about these issues because they don’t share customer information. They don’t record details of customer broadband transactions, and they try hard to keep information like credit card numbers safe from hackers. But I don’t think anybody believes the largest ISPs when they say that they don’t monetize information from customer data, particularly since, with current rules, there is no restriction against them doing so. The big ISPs don’t want any restrictions on what they do with customer data and any revenue streams that might come from selling data, and in today’s regulatory world, they are largely getting what they want.

The Future of Broadband Maps

I read that an AI expert at a workshop hosted by the FCC and the U.S. National Science Foundation suggested that AI could be used to produce better broadband maps. I had to chuckle at that idea.

The primary reason for my amusement is that FCC maps are created from self-reported broadband coverage and speeds by the many ISPs in the country. ISPs have a variety of motivations for how and why they report data to the FCC. Some ISPs try to report accurate speeds and coverage. People may be surprised by this, but some of the biggest telcos, like CenturyLink and Frontier, seem to have gotten better at reporting DSL speeds – in some markets, you can find DSL capability being reported at a dozen different speeds to reflect that DSL speeds vary by the distance from the central office.

Other ISPs take the exact opposite approach and report marketing speeds that are far in excess of the capability of the technology being deployed. It’s not hard to find WISPs claiming 100 Mbps to 300 Mbps download capability when they are delivering speeds in the 10 Mbps to 30 Mbps range. My guess is that some of these ISPs are using the FCC maps as an advertisement to get customers to call them after looking at the FCC map. Some ISPs have already been accused of over-reporting speeds to try to block grant money from overbuilding them.

There are also endless examples of ISPs reporting coverage that doesn’t exist. The FCC mapping rules say that only locations that can be served within ten business days should be included in broadband coverage areas, and many ISPs are claiming much larger areas than they can serve quickly. Even worse, some ISPs claim coverage in areas that they can’t serve, such as when WISPs claim coverage of homes that are blocked from line-of-sight by hills or other impediments.

The only way that AI could be used to improve the maps is if the FCC gets serious about mapping and changes some rules, and enforces others. The FCC would have to eliminate the ability of ISPs to claim marketing speeds, which provides easy cover for overstating capabilities. The FCC would also have to get serious about enforcing coverage to meet the 10-day installation rule. If those two changes were made and enforced, the FCC might be able to use AI to improve the maps. AI could match claimed ISP coverage to speed test data and also reference and compare coverage to complaints and challenges from consumers. I don’t see the FCC ever being willing to get that aggressive with ISPs – because this process would be extremely contentious.

I don’t believe any of this will ever happen because after the wave of BEAD funding is finally spent, the FCC and everybody else is going to lose interest in the broadband maps. Nobody will care if some ISP overstates capabilities in an area as long as the BEAD winner is going to bring faster broadband.

There are already a number of State Broadband offices that are saying that the BEAD allocations are not going to be enough to fix broadband everywhere. My prediction is that states that care about fixing the remaining places will create their own broadband maps and will go back to ignoring the FCC maps.

The FCC won’t care. At the point where they can say with a straight face that 95% of homes will be be able to buy broadband that meets the FCC’s definition of broadband, the FCC is going to declare job done. For the last decade, the FCC has issued annual broadband reports to Congress that have said that the state of broadband is good and improving – all based upon maps that everybody knew were grossly overstated in both broadband speeds and coverage. I can’t see the FCC putting extra effort into proving that there are still homes left without good broadband.

New FCC Role – Device Security

Depending upon the survey you believe, U.S. homes have an average of thirteen to twenty-two connected devices in their home. That can range from computers, TVs, security cameras, game boxes, baby monitors – it’s a huge list these days.  A concern for anybody with connected devices is that somebody will hack them and cause problems in the home. I’ve seen many articles that describe how people have hacked home cameras to watch families or hijacked computers for various nefarious reasons.

The White House announced a new initiative in July that would create a certification for connected devices that meet cyber safety standards. The authority to handle this program was given to the FCC. Being labeled as the U.S. Cyber Trust Mark, device makers can send devices to the FCC to be certified as meeting basic security standards. This is similar to the Energy Star efficiency sticker that comes with home appliances.

This is a voluntary program for device makers, but the hope is that companies will seek the approval label to be able to more easily market their products.

The next step for the FCC will be to open a rulemaking to determine the devices that are eligible for the certification and the standards that must be met. During the announcement of the initiative, FCC Chairwoman Jessica Rosenworcel mentioned devices that might apply, like smart refrigerators, microwaves, thermostats, fitness trackers, and baby monitors. It’s likely that many other kinds of devices will be added to the list. The FCC says it will work closely with the National Institute of Standards and Technology (NIST) to create the cyber standards.

NIST has developed a Profile of the IoT Core Baseline for Consumer IoT Products. That NIST document says that connected devices should have features like the following:

  • A clear way to identify the specific device, such as a device serial number.
  • The ability to change the configuration of a device and to be able to reset it to the default security settings.
  • Devices should protect stored data and encrypt or otherwise secure transmitted data.
  • A device should give access to settings only to authorized users.
  • A device should have the ability to receive, verify, and apply software updates.
  • A device should be cybersecurity aware and have the ability to detect and capture evidence of any changes to software or security settings.
  • Manufacturers of connected devices should have full documentation of the security measures present.
  • The product developer should be able to receive and respond to queries about cybersecurity from device users.

Security experts have been making similar recommendations for many years and have requested that the government create and enforce standards. Since Congress has never passed a law about device security, a voluntary process sounds like a good first step to get this started.

Chairman Rosenworcel said she hoped the agency could develop standards by the end of 2024. The proceeding to determine how this should work ought to be interesting reading.

Like with everything at the FCC, I have to wonder how this gets funded. I would expect that the fees charged to those seeking the certification would cover the cost.