Five9 Letter of Assu

COMMENT submitted by U.S. Department of Justice

Five9, Inc. Letter of Assurances

2015-06-09

This document pretains to ITC-214-20130119-00017 for International Global Resale Authority on a International Telecommunications filing.

IBFS_ITC2142013011900017_1091374

Software June 8, 2015 Mr. John Carlin Assistant Attorney General National Security Division US Department of Justice 950 Pennsylvania Avenue, NW Washington, DC 20530 ttelecom@usdoj.gov Re: Pending application by Five9, Inc. for authorization under Section 214 of the Communications Act of 1934, as amended (FCC ITC—214—20130119—00017). Dear Mr. Carlin: This Letter of Assurances ("LOA") outlines the commitments made by Five9, Inc. ("Five9") to the U.S. Department of Justice ("DOJ") in order to address national security, law enforcement, and public safety potentially relevant to the Five9 application to the Federal Communications Commission ("FCC") requesting authority to provide global or limited global resale services (47 C.F.R. §§ 63.18(e)(2) to all international points under Section 214 of the Communications Act of 1934, as amended. Upon grant of the license, Five9 undertakes to comply with the following commitments to DOJ: Five9 agrees that it is covered by and will comply with all applicable lawful interception statutes, regulations, and requirements, including the Communications Assistance for Law Enforcement Act (CALEA) and its implementing regulations, and will comply with all court orders and other legal process for lawfully authorized electronic surveillance. Five9 will provide DOJ with a report on the status of its implementation of lawful interception capabilities, including the status of its compliance with CALEA, within sixty (60) days after the grant of its authority, and every thirty (30) days thereafter up until the time when Five9 has fully implemented lawful interception capabilities. Five9 understands that its failure to fulfill its obligations under this paragraph could constitute a breach ofits commitments to DOJ. Five9, Inc. 4000 Executive Parkway, Suite 400 San Ramon, CA 94583 www.five9.com

Software Five$ also agrees to maintain a U.S. citizen point of contact ("POC") in the U.S., to receive service of process of U.S. Records,‘ to assist and support lawful requests for surveillance by U.S. federal, state and local law enforcement agencies, to receive and promptly effectuate any requests for information from DOJ pursuant to this LOA, and to address any questions or concerns DOJ may have regarding Five9‘s compliance with the terms of this LOA. The name and contact information for this POC will be provided to DOJ no later than thirty (30) days ofthe filing of this LOA. In the event of a change in a POC, Five9 will notify DOJ within ten (10) business days of such change. Five9 agrees that it will not directly or indirectly disclose or permit disclosure of or access to U.S. Records or domestic communications or any information (including call content and call data) pertaining to a wiretap order, pen/trap and trace order, subpoena, or any other lawful request by a U.S. law enforcement agency for U.S. Records to any person if the identified purpose of such disclosure or access is to respond to the legal process or request on behalf of a non—U.S. government withoutfirst satisfying all pertinent requirements of U.S. law and obtaining the express written consent of DOJ, or the authorization of a court of competent jurisdiction in the U.S. The term "non—U.S. government" means any government, including an identified representative, agent, component or subdivision thereof, thatis not a local, state, or federal government in the U.S. Any such requests for legal process submitted by a non—U.S. government to Five9 shall be referred to DOJ as soon as possible, but in no event later than five (5) business days after such request or legal process is received by or made known to Five9, unless disclosure of the request or legal process would be in violation of U.S. law or an order of a court of the U.S. Five9 agrees that it is required to keep and maintain information concerning access to U.S. Records and that it has the capability to audit and maintain logs of all such access to U.S. records. Five9 further agrees to establish and maintain a compliance plan concerning access to U.S. Records and train all its employees, contractors, and others with access to Five)‘s system or network on the compliance plan. Five9 will provide DOJ with its compliance plan, ninety (90) days after the time the FCC grants FiveY‘s application. ‘ U.S. Records, as used herein, means Five9‘s customer billing records, subscriber information, and any other related information used, processed, or maintained in the ordinary course of business relating to the services offered by Five9 in the U.S. For these purposes, U.S. Records also shall include information subject to disclosure to a U.S. federal or state governmental entity under the procedures specified in Sections 2703(c) and (d) and Section 2709 of Title 18 of the U.S. Code. Five9, Inc. 4000 Executive Parkway, Suite 400 San Ramon, CA 94583 www.five9.com

Five9 also agrees to ensure that U.S. Records are not made subject to mandatory destruction under any foreign laws. The location of the U.S. Records® storage facility will be provided to DOJ no later than five (5) business days of the filing of this LOA. Five9 agrees to provide annual reports to DOJ on status of all lawful surveillance request cases for call content and call data including but not limited to (a) case dates, (b) completion status, (¢) compliance status, (d) any and all unresolved issues surrounding the lawful surveillance process (i.e., provisioning, delivery, interface, transport, completion, etc.); and (e) any occurrence of cyber security incidents*, network and enterprise breaches, and unauthorized access to customer data and information together with a summary ofall the information Five9 has gathered, reviewed, or analyzed concerning any of the items specified in (e). Five9 agrees to provide DOJ within sixty (60) days of the granting of its application a complete list ofall third party suppliers, including but not limited to foreign contractors, off—shored service providers, equipment manufacturers, and foreign nationals, authorized to access Five9‘s domestic communications infrastructure ("DCI") and customer information. For purposes of this LOA, DCI means: (a) transmission, switching, and routing equipment used by or on behalf of Five9 to provide telecommunications services within the United States; or (b) equipment located within facilities outside the United States used by or on behalf of Five9 to control the equipment described in (a) above. DCI does not include equipment or facilities owned or used by service providers other than Five9 that are: (a) interconnecting communications providers; or (b) providers of services or content that are: (i) accessible using the telecommunications services of Five9, and (ii) available in substantially similar form and on commercially reasonable terms through communications services of companies other than Five9. The phrase "on behalf of" as used in this definition does not include entities with which Five9 has contracted for resale, peering, interconnection, roaming, long distance, or other similar arrangements. 2 "Cyber Security Incident" means (i) any unauthorized access, insertion or execution of malicious code; insertion or transmittal of viruses, trojans, or worms; denial of service attacks; use of botnets; spyware, phishing; identity theft (for the purposes of the foregoing list, an incident that is within the reporting guidelines of the United States Computer Emergency Response Team (US—CERT) shall be considered a Cyber Security Incident); (ii) establishment of unauthorized communications channels to any foreign government or unauthorized recipient; (iii) any other unauthorized addition, alteration, deletion, acquisition, theft, transfer, diversion of, or access to, information or technology as identified in collaboration with DOJ or related security policies. Five9, Inc. 4000 Executive Parkway, Suite 400 San Ramon, CA 94583 www.five9.com

Software Five9 agrees that within sixty (60) days of the filing of this LOA with the FCC, and thereafter within thirty (30) days upon request from DOJ, Five9 shall provide an updated list of Principal Equipment. For purposes of this LOA, "Principal Equipment" means the primary components of the DCI, including, but not limited to, routers, switches, Home Location Registers, Home Subscriber Servers, voicemail servers, multimedia messaging service systems, short message service systems, firewall systems, load balancers, base stations controllers and radio network controllers, as applicable, and any non—embedded software necessary for the proper monitoring, administration and provisioning thereof. This list should include available information on each item‘s manufacturer and the model and/or version number of any hardware or software. In addition, the list should identify vendors or contractors for the Principal Equipment, including those who have physical and remote access to the Principal Equipment and those performing functions that would otherwise be performed by Five9‘s personnel to install, operate, manage, or maintain the Principal Equipment. Where a new vendor or contractor for Principal Equipment does not appear on any list of Principal Equipment previously disclosed by Five9 pursuant to this LOA, Five9 shall provide to DOJ an annual report that includes an updated list of Principal Equipment and the vendors or contractors for the new Principal Equipment that has been added since its prior disclosure of Principal Equipment. Five9, and any owner of Five9, shall permit DOJ, and such other U.S. Government agency representatives designated by DOJ, to inspect books and records, equipment, servers, and facilities and premises owned or leased by Five9 to the extent business relating to Five9‘s FCC—licensed activity takes place at such location(s). Where Five9 possesses the authority to permit such access, FiveQalso agrees to make available to DOJ, and such other U.S. Government agency representatives designated by DOJ, any third—party books and records, equipment, servers, facilities (including third—party offshore or outsourced facilities), and premises to the extent business relating to Five9‘s FCC—licensed activity takes place at such location(s). Ordinarily, DOJ will provide Five9 with fourteen (14) days advance notice, but Five9 shall afford DOJ such access during normal business hours without advance notice in extraordinary cireumstances. Five9, and any owner of Five9, shall permit DOJ, and such other U.S. Government agency representatives designated by DOJ, to conduct confidential interviews, of owners, ownership groups, employees, or contractors of Five9 concerning compliance with this LOA and any other law enforcement concerns. Five9, Inc. 4000 Executive Parkway, Suite 400 San Ramon, CA 94583 www.five9.com

gpatgmitente FI’vfe\@ Five9 shall provide to DOJ a copy of the annual audit of Five$ that is performed each year by a neutral third party. As of the date of this letter, the neutral third party auditor for Five9 is KPMG LLP. DOJ shall be granted the right to exclusively meet with Five9‘s auditors at any time, upon DOJ‘s request. Five9 agrees to provide Annual Reports to DOJ regarding the company‘s compliance with the specific terms of this LOA, to include a summary of the content of any notices sent to DOJ during the prior year pursuant to this LOA and any changes made to its compliance plan relating to access and disclosure of U.S. Records. The Annual Report also shall include reports of network and enterprise breaches and unauthorized access to customer data and information; the name of and contact information for the current LE POC and Company POC; and confirming Five9‘s compliance with CALEA. These annual reports will be due on the anniversary date of this LOA‘s execution and should be addressed to the following: Assistant Attorney General for National Security U.S. Department of Justice National Security Division Attention: Team Telecom, Foreign Investment Review Staff 950 Pennsylvania Avenue, N.W. Washington, DC 20530 Electronic mail: ttelecom@usdoj.gov Unit Chief, Science and Technology Policy and Law Unit Federal Bureau of Investigation 935 Pennsylvania Ave, NW Room 7350 Washington, DC 20535 Courtesy electronic copies ofall notices and communications also should be sent to the following, or to such other persons identified to Five9 by DOJ in the future: ttelecom@usdoj.gov: Tyrone Brown of DOJ (at tyrone.brown@usdoj.gov); Richard Sofield of DOJ (richard.sofield2@usdoj.gov;); and Ryan Breitenbach of the FBI (at ryan.breitenbach@ic.fbi.gov). The LOA may be terminated at any time by a written agreement signed by Five9 and DOJ. DOJ shall notify the FCC of the LOA‘s termination within sixty (60) days of such termination. Five9, Inc. 4000 Executive Parkway, Suite 400 San Ramon, CA 94583 www.five9.com

Software » Five9 shall negotiate in good faith to resolve any national security, law enforcement or public safety concerns DOJ may raise with respect to the Principal Equipment List, new vendors or contractors for Principal Equipment, or any other matters set forth in this LOA. Five9 agrees that in the event the commitments set forth in this letter are breached, in addition to any other remedy available at law or equity, DOJ may request that the FCC modify, condition, revoke, cancel, terminate, or render null and void anyrelevant license, permit, or other authorization granted by the FCC to Five9 or any successors—in—interest. Nothing herein shall be construed to be a waiver by Five9 of, or limitation on, its right to oppose or comment on any such request. Nothing in this letter is intended to excuse Five9 from its obligations to comply with any and all applicable legal requirements and obligations, including any and all applicable statutes, regulations, requirements, or orders. Five9 understands that, upon execution ofthis letter by an authorized representative or attorney for Five9, DOJ shall notify the FCC that it has no objection to the FCC‘s grant of Five9‘s application. Sincerely, » ye_A Zwarenstein hief Financial Officer Five9, Inc. Five9, Inc. 4000 Executive Parkway, Suite 400 San Ramon, CA 94583 www.five9.com


Document Created: 2015-06-09 13:59:03
Document Modified: 2015-06-09 13:59:03
© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC