Attachment Attachment A - 2019.

Attachment A - 2019.

PETITION submitted by U.S. Department of Justice

LOA

2019-02-14

This document pretains to ISP-PDR-20180824-00003 for Petition for Declaratory Ruling on a International Special Project filing.

IBFS_ISPPDR2018082400003_1626626

                                        February 13, 2019


Assistant Attorney General for National Security
United States Department of Justice
National Security Division
950 Pennsylvania Avenue NW
Washington, DC 20530


Subject:       FCC No. ITC-T/C-20180824-00165, WC Docket No. 18-255
               Application by Colombo Topco Limited and Brent Infrastructure Group I.B.V. for
               authority pursuant to Section 214 of the Communications Act of 1934, as
               amended, to transfer control of an international Section 214 authorization.

Dear Sir/Madam:

        This Letter of Agreement (“LOA” or “Agreement”) sets forth the commitments made by
Colombo Topco Limited (“Colombo”), Tampnet AS, and Tampnet Inc. (“Tampnet”)
(collectively, “the Parties”) to the U.S. Department of Justice (“USDOJ”) to address national
security, law enforcement, and public safety concerns arising from the joint application filed by
Colombo and Brent Infrastructure Group I.B.V. (“Brent Infrastructure”) with the Federal
Communications Commission (“FCC”) requesting the transfer of Tampnet’s authorization from
Brent Infrastructure to Colombo pursuant to Section 214 of the Communications Act, as
amended (the “Act”), and the implementing regulations at 47 C.F.R. § 63.

        The Parties adopt as true and correct any and all representations made by each party to
USDOJ through the Team Telecom review process, whether such representations were made
directly by Tampnet, Tampnet AS, Colombo, or through each party’s counsel.

       1.      For purposes of this LOA, the following definitions apply:

                a.      “Access” means the ability to physically or logically undertake any of the
       following actions: (i) to read, copy, divert, or otherwise obtain non-public information or
       technology from or about software, hardware, a database or other system, or a network;
       (ii) to add, edit, delete, reconfigure, provision, or alter information or technology stored
       on or by software, hardware, a system or network; or (iii) to alter the physical or logical
       state of software, hardware, a system or network.

               b.      “Call Detail Record” (“CDR”) means the data records or call log records
       that contain information about each call made by a user and processed by switch, call
       manager, or call server.

                                 Ph:866.621.5290 • Fx:337.205.8761
                               326 Apollo Road • Scott, Louisiana 70583
                                         www.tampnet.com


Page 2 of 9

              c.      “Customer Proprietary Network Information” (“CPNI”) means as defined
       in 47 U.S.C. § 222(h)(1).

            d.        “Date of this LOA” means the date on which the LOA is executed by
       Tampnet.

                e.     “Domestic Communications” or “DC” means: (i) Wire Communications,
       as defined in 18 U.S.C. § 2510(1), or Electronic Communications (whether stored or not),
       as defined in 18 U.S.C. § 2510(12), from one U.S. location to another U.S. location; or
       (ii) the U.S. portion of a Wire Communication or Electronic Communication (whether
       stored or not) that originates or terminates in the United States.

                f.     “Domestic Communications Infrastructure” or “DCI” means: (i) the
       transmission and switching equipment physically located in the United States (including
       hardware, software, and upgrades), routers, servers, security appliances, and fiber and
       copper cable and associated facilities physically located in the United States owned (to
       include leased) and controlled by or on behalf of Tampnet to provide, process, direct,
       control, supervise or manage DC; (ii) facilities and equipment leased or owned by or on
       behalf of Tampnet that are physically located in the United States; or (iii) the property,
       facilities and equipment leased or owned by or on behalf of Tampnet to control the
       equipment or facilities described in (i) and (ii) above. The phrase “on behalf of,” as used
       in this paragraph, does not include entities with which Tampnet has contracted for
       peering, interconnection, roaming, long distance, wholesale network access, or other
       similar arrangements.

               g.     “Electronic Surveillance” means: (i) the interception of wire, oral, or
       electronic communications as defined in 18 U.S.C. § 2510(1), (2), (4) and (12),
       respectively, and electronic surveillance as defined in 50 U.S.C. § 1801(f); (ii) access to
       stored wire or electronic communications, as referred to in 18 U.S.C. § 2701 et seq.;

       (iii) acquisition of dialing, routing, addressing, or signaling information through pen
       register or trap and trace devices or other devices or features capable of acquiring such
       information pursuant to law as defined in 18 U.S.C. § 3121 et seq. and 50 U.S.C. § 1841
       et seq.; (iv) acquisition of location-related information concerning a subscriber or facility;
       (v) preservation of any of the above information pursuant to 18 U.S.C. § 2703(f); and (vi)
       access to or acquisition, interception, or preservation of, wire, oral, or electronic
       communications or information as described in (i) through (v) above and comparable
       state laws.

              h.      “Foreign” means non-United States.

               i.      “Government” means any government, or governmental, administrative,
       or regulatory entity, authority, commission, board, agency, instrumentality, bureau or
       political subdivision, and any court, tribunal, judicial or arbitral body.



                                 Ph:866.621.5290 • Fx:337.205.8761
                               309 Apollo Road • Scott, Louisiana 70583
                                         www.tampnet.com


Page 3 of 9

               j.      “Lawful U.S. Process” means U.S. federal, state, or local court orders,
       subpoenas, warrants, processes, directives, certificates or authorizations, and other orders,
       legal process, statutory authorizations and certifications for Electronic Surveillance,
       physical search and seizure, production of tangible things or Access to or disclosure of
       Domestic Communications, call-associated data, transactional data, subscriber
       information, or associated records.

               k.      “Managed Network Service Provider” or (“MNSP”) means any third
       party that has Access to Principal Equipment for the purpose of (a) network operation;
       provisioning of Internet and telecommunications services; routine, corrective, and
       preventative maintenance, including switching, routing, and testing; network and service
       monitoring; network performance, optimization, and reporting; network audits,
       provisioning, creation and implementation of changes and upgrades; or (b) provision of
       DC or operation of DCI, including: customer support; OSS; BSS; Network Operations
       Centers (“NOCs”); information technology; cloud operations/services; next generation,
       including 5G (SDN, NFV, Applications); and datacenter services/operations.

                l.      “Network Operations Center” or “NOC” means any locations and
       facilities performing network management, monitoring, accumulation of accounting and
       usage data, maintenance, user support, or other operational functions for DC.

               m.      “Non-U.S. Government” means any government, including an identified
       representative, agent, component or subdivision thereof, that is not a local, state, or
       federal government in the United States.

               n.      “Offshore” means performing obligations of this Agreement through the
       use of entities and personnel outside of the territorial limits of the United States, whether
       those entities or personnel are employees of Tampnet, Tampnet AS, or its subsidiaries.
       The Parties agree that all current and future network facilities, equipment or operations
       that Tampnet is, or will be, utilizing to provide service in the Gulf of Mexico are
       domestic operations and are not considered “Offshore” within the scope of this definition.

                o.    “Outsource” means, with respect to DC, supporting the services and
       operational needs of Tampnet at issue in this LOA through the use of contractors or third
       parties.

               p.     “Principal Equipment” means all primary telecommunications and
       information network (e.g., wireline, wireless , subsea, satellite, LAN, WAN, WLAN,
       SAN, MAN, IP, MPLS, FR, Wi-Fi, 3G/4G/LTE, 5G, etc.) equipment (e.g., hardware,
       software, platforms, OS, applications, protocols) that supports core
       telecommunication/information services (e.g., voice, data, text, MMS, FAX, video,
       Internet, OTT, Apps), functions (e.g., network/element management, maintenance,
       provisioning, NOC, etc.), or operations (e.g., OSS/BSS, customer support, billing,
       backups, cloud services, etc.), including but not limited to routers, servers, circuit
       switches/softswitches, PBXs, call processors, databases, storage devices, load balancers,
       radios, smart antennas, transmission equipment (RF/Microwave/Wi-Fi/Fiber Optic),
                                 Ph:866.621.5290 • Fx:337.205.8761
                               309 Apollo Road • Scott, Louisiana 70583
                                         www.tampnet.com


Page 4 of 9

       RAN, SDR, equalizers/amplifiers, MDF, digital/optical cross-connects, PFE,
       multiplexers, HLR/VLR, gateway routers, signaling, Network Function Virtualizations,
       hypervisors, EPC, BSC, BT, or eNodeB.

              q.      “Subscriber Information” means any information of the type referred to
       and accessible subject to the procedures specified in 18 U.S.C. § 2703(c)(2) or 18 U.S.C.
       § 2709, as amended or superseded.

               r.      “U.S. Records” means Tampnet’s customer billing records, Subscriber
       Information, CPNI, and any other related information used, processed, or maintained in
       the ordinary course of business relating to the services offered by Tampnet in the United
       States, including information subject to disclosure to a U.S. federal or state governmental
       entity under the procedures specified in 18 U.S.C. § 2703(c) and (d) and 18 U.S.C. §
       2709.

       Lawful U.S. Process

        2.      Tampnet confirms that it will comply with all applicable lawful interception
statutes, regulations, and requirements, including the Communications Assistance for Law
Enforcement Act (“CALEA”), 47 U.S.C. § 1001 et seq., and its implementing regulations, as
well as comply with all court orders and other Lawful U.S. Process for authorized Electronic
Surveillance. Tampnet will provide notice of any material change in its lawful intercept
capabilities to USDOJ within thirty (30) calendar days of such change, and will certify its
compliance with CALEA no more than sixty (60) calendar days following its notice to USDOJ
of any material new facilities, services, or capabilities.

         3.     Upon receipt of any Lawful U.S. Process, Tampnet shall place within the
territorial boundaries of the United States any and all information requested by the Lawful U.S.
Process within the period of time for response specified in the Lawful U.S. Process, or as
required by law, and shall thereafter comply with the Lawful U.S. Process.

        4.      Tampnet agrees that it will not, directly or indirectly, disclose or permit disclosure
of or Access to U.S. Records or DCs or any information (including call content and call data)
pertaining to a wiretap order, pen/trap and trace order, subpoena, or any other Lawful U.S.
Process demand if the purpose of such disclosure or access is to respond to the legal process or
request on behalf of a non-U.S. Government entity without first satisfying all pertinent
requirements of U.S. law and obtaining the express written consent of USDOJ, or the
authorization of a court of competent jurisdiction in the United States. Any such requests for
legal process submitted by a non-U.S. Government entity to Tampnet shall be referred to USDOJ
as soon as possible, but in no event later than five (5) business days after such request or legal
process is received by or made known to Tampnet, unless disclosure of the request or legal
process would be in violation of U.S. law or an order of a court of competent jurisdiction in the
United States.

      5.      Tampnet shall take all practicable measures to prevent unauthorized Access to the
equipment or facilities supporting those portions of Tampnet’s DCI necessary for conducting
                                  Ph:866.621.5290 • Fx:337.205.8761
                                309 Apollo Road • Scott, Louisiana 70583
                                          www.tampnet.com


Page 5 of 9

Electronic Surveillance. Such measures shall include technical, organizational, personnel-related
policies and written procedures, as well as necessary implementation plans and physical security
measures.

       Network Operations and Equipment

       6.      Tampnet agrees to provide USDOJ within thirty (30) days from the date Tampnet
receives the FCC’s approval of transfer a Principal Equipment List, to include the following:

              a.      A complete and current list of all Principal Equipment, including: (i) a
                      description of each item and the functions supported, (ii) each item’s
                      manufacturer, and (iii) the model and/or version number of any hardware
                      or software; and

              b.      Any vendors, contractors, or subcontractors involved in providing,
                      installing, operating, managing, or maintaining the Principal Equipment.

        7.     Tampnet further agrees to provide USDOJ notice sixty (60) calendar days prior to
any intention to deploy or install any Principal Equipment not previously identified on the
Principal Equipment List. Such deployment or installation shall be subject to USDOJ review
and non-objection.

        8.     Tampnet agrees to take all reasonable measures to prevent unauthorized Access to
the DCI and to prevent any unlawful use or disclosure of information carried on the same. Such
measures shall include the development and adoption of a NIST-compliant cyber-security plan
which complies with the principles articulated in the NIST Cybersecurity Framework (Vers. 1.1,
April, 2018), and includes security procedures for any remote virtual private network Access to
the DCI, contractual safeguards and screening procedures for personnel with administrative
Access to the DCI, and procedures for applying security patches to systems and applications.
Tampnet will submit this cybersecurity policy to USDOJ within sixty (60) days from the Date of
this LOA. Tampnet agrees to meet and confer with USDOJ regarding such policy upon request.

         9.     With respect to DCI and DC, Tampnet agrees to provide USDOJ with at least
sixty (60) calendar days’ prior notice of any intention to Outsource and/or Offshore any network-
related services, including but not limited to MNSP services, NOC operations and/or services,
customer support services, network maintenance, remote Access to the DCI (e.g., CDRs, CPNI,
etc.), and any Access to DCs. Such intention shall be subject to USDOJ review and non-
objection. USDOJ shall object or non-object to Outsourced or Offshore service providers within
thirty (30) days of receipt of notice.

       Personnel

       10.     Tampnet agrees to designate a Security Officer within thirty (30) days from the
Date of this LOA. The Security Officer will have appropriate senior-level corporate authority
within Tampnet, and the necessary resources and skills, to maintain Tampnet’s security policies
and procedures and oversee Tampnet’s compliance with this LOA. The Security Officer will be

                                 Ph:866.621.5290 • Fx:337.205.8761
                               309 Apollo Road • Scott, Louisiana 70583
                                         www.tampnet.com


Page 6 of 9

a resident U.S. citizen, and, if not already in possession of a U.S. security clearance, shall be
eligible to hold such security clearance immediately upon appointment. The Security Officer
will be subject to USDOJ’s review and non-objection and may be subject to a background check
at the sole discretion of USDOJ. If USDOJ objects to the Security Officer nominee, such
objection must be made within thirty (30) days of receiving notice of the nominee. The Security
Officer will serve as the primary point of contact for USDOJ regarding any national security, law
enforcement, or public safety concerns that USDOJ may raise. The Security Officer shall be
responsible for receiving and promptly effectuating any requests for information pursuant to this
LOA and for otherwise ensuring compliance with obligations set forth in this LOA. Tampnet
shall notify USDOJ of any proposed change to the Security Officer at least ten (10) days in
advance of such change, where possible. Any subsequently proposed Security Officer shall be
subject to USDOJ’s review and non-objection and may be subject to a background check at the
sole discretion of USDOJ. As applicable, the Security Officer will instruct and train Tampnet’s
officers, employees, contractors and agents on the requirements of this LOA.

        11.     Tampnet agrees to maintain a U.S. law enforcement point of contact (“LEPOC”)
in the United States. The LEPOC shall be a U.S. citizen residing in the United States. The
LEPOC must be able to, directly or through an existing Trusted Third Party vendor, receive
Lawful U.S. Process for U.S. Records and, where possible, to assist and support lawful requests
for surveillance or production of U.S. Records by U.S. federal, state, and local law enforcement
agencies. For purposes of this LOA, a Trusted Third Party shall mean a third-party vendor with
a system that has access to a carrier's network and remotely manages the intercept process for
Tampnet. This LEPOC and his/her contact information will be provided to USDOJ within
fifteen (15) days from the date Tampnet receives the FCC’s approval of the transfer. Tampnet
will give USDOJ at least thirty (30) days’ prior written notice of any change to its LEPOC, and
the nominated replacement shall be subject to USDOJ review and non-objection. Tampnet also
agrees that the LEPOC will have access to all U.S. Records, and, in response to Lawful U.S.
Process, will make such records available no later than five (5) business days after receiving such
Lawful U.S. Process unless granted an extension by USDOJ.

       Remote Access Policy

        12.    Tampnet agrees to implement a Remote Access Policy that will describe the
current and anticipated terms of Access available to non-U.S. citizen personnel employed by
Tampnet AS at the Norway NOC. Tampnet will provide this policy to the USDOJ within sixty
(60) days from the Date of this LOA. Such Remote Access Policy shall be subject to USDOJ
review and non-objection.

       Changes in Ownership and Services

        13.    Tampnet agrees to provide USDOJ with notice of any material changes to its
business operations, including but not limited to ownership changes (involving a change in
equity or voting interests of ten percent or greater), corporate name changes, corporate
headquarters location changes, or network operations center location changes within thirty (30)
days of such change.

                                 Ph:866.621.5290 • Fx:337.205.8761
                               309 Apollo Road • Scott, Louisiana 70583
                                         www.tampnet.com


Page 7 of 9

         14.    Tampnet agrees to notify USDOJ, at least thirty (30) days in advance, of any
material changes to its current services portfolio. Tampnet also agrees to notify USDOJ, at least
thirty (30) days in advance, of any formal proposal to offer services to the U.S. federal, state, or
local Government.

       Annual Report

       15.    Tampnet agrees to provide an annual report to USDOJ regarding Tampnet’s
compliance with this Agreement, to include:

           a. Certification that Tampnet remains in CALEA compliance;

           b. A list of individuals with access to U.S. CDRs;

           c. Recertification of the services that Tampnet provides or confirmation that no
              additional services are being offered;

           d. Notification(s) of any relationships with foreign-owned telecommunications
              partners, including any network peering (traffic exchange) relationships;

           e. Confirmation that no changes were made to the updated Principal Equipment List;

           f. Report(s) of any occurrences of U.S.-based material cyber-security incidents,
              network and/or enterprise breaches, and any unauthorized Access to U.S.-based
              customer data and/or information;

           g. A re-identification of the name of and contact information of the Security Officer
              and the LEPOC; and

           h. Notifications regarding any other matter of interest to this LOA.

       The annual report will be due every 31st day of January of each calendar year, beginning
on January 31, 2020, and will be addressed to:

                       Assistant Attorney General for National Security
                       U.S. Department of Justice
                       National Security Division
                       Three Constitution Square, 175 N Street NE,
                       Washington, DC 20530

                       Attention: FIRS/Team Telecom Staff

Courtesy electronic copies of all notices and communications will also be sent to the following
or individuals identified in the future to Tampnet by USDOJ: Hunter Deeley, USDOJ (at
Hunter.Deeley@usdoj.gov); Loyaan Egal, USDOJ (at Loyaan.Egal@usdoj.gov) and FIRS Team
(at FIRS-TT@usdoj.gov).

                                  Ph:866.621.5290 • Fx:337.205.8761
                                309 Apollo Road • Scott, Louisiana 70583
                                          www.tampnet.com


Page 8 of 9

       16.      Upon reasonable written notice and during reasonable business hours, the USDOJ
may visit and inspect any part of Tampnet’s DCI, secure facilities, corporate offices in the
United States, and such other facilities that the Parties and USDOJ may agree upon in writing are
relevant to this Agreement for the purpose of verifying compliance with the terms of this
Agreement. Tampnet may have appropriate Tampnet employees accompany USDOJ
representatives throughout any such inspection.

        17.     Tampnet agrees to promptly notify USDOJ, including the points of contact listed
herein, of any breaches of this Agreement, as well as any other security incidents such as, but not
limited to cyber-security incidents, intrusions or breaches of the DCI. The notification shall take
place no later than five (5) days after Tampnet or any third party providing Outsource or
Offshore services to Tampnet discovers the incident, intrusion or breach takes place, or sooner
when required by statute or regulations.

       Miscellaneous

        18.      Tampnet agree to negotiate in good faith and promptly with USDOJ if USDOJ
finds that the terms of this Agreement are inadequate to resolve any national security, law
enforcement, or public safety concerns. The Parties agree that in the event that the commitments
set forth in this letter are breached, USDOJ may request that the FCC modify, condition, revoke,
cancel, or render null and void any relevant license, permit, or other authorization granted by the
FCC to Tampnet or its successors-in-interest, in addition to any other remedy available by law or
equity. Nothing herein shall be construed to be a waiver by Tampnet of, or limitation on, its
right to oppose or comment on any such request.

         19.    This Agreement shall inure to the benefit of, and shall be binding upon, the
Parties and the USDOJ, and their respective successors and assigns. This Agreement shall apply
in full force and effect to any entity or asset, whether acquired before or after this LOA’s
execution, over which Tampnet, including their successors or assigns, have the power or
authority to exercise de facto or de jure control.

        20.    Tampnet understands that, upon execution of this LOA by an authorized
representative or attorney, or shortly thereafter, USDOJ shall notify the FCC that it has no
objection to the FCC’s approval of Tampnet’s application.

      21.     Upon execution of this LOA, this Agreement shall supersede the letter of
agreement between Tampnet and USDOJ received and acknowledged on June 10, 2016 (“2016
LOA”) and the 2016 LOA shall terminate.




                                 Ph:866.621.5290 • Fx:337.205.8761
                               309 Apollo Road • Scott, Louisiana 70583
                                         www.tampnet.com


[Signature Page for Letter of Agreement]

               Sincerely,


               ______________________________
               TAMPNET INC.
                       Per Helge Svensson
               Name: ________________________
                      CEO
               Title: _________________________

                      February 13, 2019
               Date: _________________________


               ______________________________
               TAMPNET AS
                       Per Helge Svensson
               Name: ________________________
                       CEO
               Title: _________________________

                      February 13, 2019
               Date: _________________________


               ______________________________
               COLOMBO TOPCO LIMITED

               Name: ________________________

               Title: _________________________

               Date: _________________________


February 13, 2019



Document Created: 2019-02-14 14:02:48
Document Modified: 2019-02-14 14:02:48

© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC