Attachment BT condition

This document pretains to ITC-T/C-20041119-00460 for Transfer of Control on a International Telecommunications filing.

IBFS_ITCTC2004111900460_416863

                                                                                BT

                                                                            January12,2005

BY HAND DELIVERY
Ms. LauraH. Parsky
DeputyAssistantAttorney General
United StatesDepartmentof Justice
950 Pcrmsylvania A venue, N. W .
Washington.D.C. 20530

Ms. Tina W. Gabbrielli
Director of IntelligenceCoordinationand
       SpcciallnfrastructureProtectionPrograms
United StatesDepartmentof HomelandSecurity
Washington,D.C. 20528

Mr. Patrick W. Kelley
DeputyGeneralCoW1se1
FederalBureauof Investigation
935 PennsylvaniaAvenue,N.W.
Washin~ D.C. 20535

Dear Ms. PBrsky, Ms. Gabbrielli and Mr. Kelley:

             As you know, British Telecommunicationspic (44BT'), a United Kingdom
companyengagedin the provision of global communicationsservicesand solutions, plans to
acquireInfonet ServicesCorporation(44Infonet"),a Delawarecorporationoffering value-added
networkcommunicationsservices.

               BT and Infonet have met with representatives of the U.S. Departmentof Justice
("OOfj, including the FederalBureau of Investigation("FOr'), and the U.S. Departmentof
HomelandSecurity("DHS") to discussBT's security arrangements       with respectto the planned
transaction.Furtherto thosediscussions,this letter now setsforth certainsecurityassurances of
BT to the DOJ, FBI and DHS in connectionwith BT's acquisitionof Infonet. Thesesecurity
assurances relateto the combinednetwork facilities of BT and Infonet physically locatedin the
United States("BT U.S. Facilities") and will be effective immediatelyupon conswnmationof
the acquisitionof Infonet by BT.

               Specifically, following consummationof the transaction, B1 will maintain
security policies designedto protect BT U.S. Facilities, safeguardU.S. Customer Data, as
hereinafter defined, respond to security incidents, and comply with U.S. law enforcement
requests.In furtheranceof the foregoingsecurityobjectives,BT undertakesthe following:



oc: 1Me7»-3                                                                   ~            ~':::J..I...~   ,II:
                                                                              ~0Mce
                                                                              81                  ~    L   EC1A7AJ
                                                                              "-"-'~.~
                                                                              IT
                                                                                   ~
                                                                                       M
                                                                                            ISO
                                                                                                  at
                                                                                                            c
                                                                              www.bt.~


                                                                                    Page2     ..

   Maintenance of U.S. Securitv PoUcvaDd OoeratioDal PlD. BT will maintain a
   securitypolicy andoperationalplan for the BT U.S. Facilities (the "Security Policy"),
   including all of the elementsset forth below. The SecurityPolicy will addressBT's
   broad security objectives with respect to its U.S. Facilities as well as specific
   standardsandpracticesto be appliedin the BT organizationincluding,but not limited
   to, facility access,securitymanagement,en1pJoyee   screening,cooperationwith U.S.
   law enforcementandrelatedmatters.

   DesleDadoDof U.S. Security Committee. BT will designateat leasttwo (2) persons
   to serve as membersof a security committee (the "Security Committee"). BT
   contemplatesthat the SecurityCommitteeinitially will be comprisedof four persons:
   (i) the BT AmericasGeneralCounsel~(ii) the Headof U.S. Network Operations;(iii)
   the U.S. Security Officer; and (iv) the U.S. Law EnforcementPrimary Contact
   Person. BT expectsthat the compositionand numberof membersof the Security
   Committeemay changefrom time to time. but in any eventwill have a minimum of
   two members.one of which will be the BT Americas GeneralCounseland one of
   which will be the Headof U.S. Network Operations. The Security Committeewill
   meet periodically (no lessthan quarterly) to review the SecurityPolicy and confinJ1
   that BT is in operational compliance with the Security Policy. The Security
   Committeewill be responsiblefor ensuringthat the SecurityPolicy is followed in the
   eventof a high level threator nationalemergencyin the United States. The Security
   Committeewill also be responsiblefor making appropriaterevisionsto the Security
   Policy asneededin light of changesandmodificationsto the BT global network. The
   membersof the SecurityCommitteewill be residentU.S. citizensandwill be subject
   to the third-party, pre-employmentscreeningprocessat the higher level described
   below.

3. Deslnation of U.S. Security Officer. BT will designatea Security Officer for the
   8T U.S. Facilities. The SecurityOfficer will overseethe day-to-dayimplementation
   and maintenance of the Security Policy for the BT U.S. Facilities. The Security
   Officer will reportto the SecurityCommittee. The SecurityOfficer will be a resident
   u.S. citizen andwill be subjectto the pre-employmentscreeningprocessat the higher
   level describedbelow.

   Desi2DatioD of U.S. Network S~uritv ResDoDseTeam. BT will designate a U.S.
   Network Security ResponseTeam to support and manage BT's U.S. Facilities. The
   U.S. Network Security ResponseTeam will consist of key personnel from across BT
   Americas and will have the primary responsibility of assuming ultimate control ofBT
   U.S. Facilities in the event of a high level threat or U.S. national emergency,
   including (i) temtinating control of U.S. Facilities by persons outside the United
   States; (ii) perrOrDlingnetwork changesas required, and (iii) maintaining functions to
   minimize the impact of such threat or emergency to BT's customers. For purposes of
   the foregoing, to "assume control" in this context means to take necessary action to
   prohibit personnel physically located outside the United States from performing
   activities directly related to the physical operation of BT's U.S. Facilities, including
   but not limited to surveillance, maintenance, integration, commissioning and network
   Inanagen1ent functions.


                                                                                    Page3

 s. ComDUaDcewith u.s.        Law EDforcemeat Rea.au. BT will maintainpolicies and
      proceduresfor the provision of, or for providing accessto, within the United States,
      electronic or wire communications (whether stored or real-time), subscriber
      infonnation,billing andtransactionalrecordsof U.S. subscriben(the "U.S. Customer
      Data") requestedby U.S. law enforcementagencies,either pursuantto lawful U.S.
     processor as otherwisepennitted by law. BT will designateone or more points of
      contactat an office within the United Statesto receiveand process,in a secureand
      efficient manner, requests for assistancefrom U.S. law enforcement agencies,
      includingrequestsfor interceptionor surveillanceof communicationsandcompliance
     with subpoenasor other lawful demandsfor disclosureof, or accessto, BT's records.
     Such assistancewill include, but not be limited to, disclosure, if necessary,of
     technical and engineering information relating to the design. maintenanceor
     operation of BT's systems. BT and the law enforcementagency seeking the
     assistancewill work togetherto determinewhat assistanceis reasonable,taking into
     accountthe investigativeneedsof the agencyandBT's commercialinterests.BT will
     designatea screenedtechnical official to assist,where applicable,in executionof
     suchrequestsfor assistancefrom law enforcementagencies.BT also will provide for
     the confidentialtreatment,andprohibition of unauthorizeddisclosure,of the recordof
     such requestsand all information suppliedto law enforcementin responseto such
     rcquests. Upon designation,BT wi)} notify the FBI, DO} and DHS in writing of the
     points of contact,and thereafterwi)} promptly notify the FBI, DO] and DHS of any
     changein suchdesignation. The points of contactwill be residentU.S. citizens and
     will be subjectto the pre-employmentscreeningprocessat the higher level described
     below.

6. MaiDtenaDceof AccessControl PoI!£!. BT will maintain an accesscontrol policy
   (the "AccessControl Policy"), which policy will includeaccesscontrol requirements
   for BT's U.S. Facilities. The AccessControl Policy will requirein particularthat all
   BT U.S. Facilitiesbe securedandthat,while on the premisesofBT U.S. Facilities,all
   employeesand visitors must display appropriateidentification. The AccessControl
   Policy will alsoprovidethat approvedvisitors areescortedby a BT employeeat such
   times that said visitor has accessto U.S. communicationsor network inftastructure.
   The minimum requirementsfor accessby any personto any BT U.S. Facility will be
   that the person(i) is an employeeand is basedin that particular facility; or (ii) is an
   expectedvisitor andhasmadearrangements      for entrywith a BT employeehost.

7. Reautrement of V.loDe User IdeatificatioD. BT's Access Control Policy will
   fe<luirethat each user of computersystemsassociatedwith 8T's U.S. Facilities be
   assigneda unique user ID and passwordfor purposesof accessingsuch systems.
   Further, accesswill be granted solely on an ''as needed" basis, with individuals
   obtaining accessexclusively to the systemsneededto perform their specific job
   obligations.
I.   Network Monitorm2. BT will monitor its V.S. Facilities in order to detect and
     preventmaliciousaccessattempts,aswell as to resolvetechnicalfaults and potential
     securityvulnerabilities. V.S. residentpersolUlelwill control the U.S. portionsof BT's
     network with respectto integration,commissioning,and implementationof network


                                                                                  Page4

     and customerequipment,bandwidthactivations,nodesite managementand technical
     assistance.U.S.-resident personnelwill also maintainthe ability to assumecontrol
     over the U.S. portions of the network. including the ability to ternlinate control by
     p~nnellocated outsideof the U.S. in the event of a high level threat or national
     emergency.
9.   Maintenance of Screenin2 and Non-Disclosure Reouirements. BT will require
     pre-employmentscreening and non-discJosurecommitments prior to hiring new
     employeeswith accessto the BT U.S. FaciJities. Higher-leveJscreeningwill be
     mandatoryfor officers of BT and thoseindividuals who alreadyhold, or will hold,
     particularly sensitivenetwork positions ("Sensitive Network Personnel'"),including
     the membersof the Security Committee,the Security Officer, the U.S. Network
     SecurityResponseTeamand the teclmical official referencedin Paragraph5 above.
     The list of positions designatedas SensitiveNetwork Personnelwill be reviewed
     periodically by the Security Officer and approvedby the Security Committee to
     ensurethat the appropriatepersonsareso designatedandhavebeenproperly screened
     accordingto the SecurityPolicy. Prior to suchapproval,BT will provide DO], FBI,
     and DHS a two week commentperiod to review the initial list of SensitiveNetwork
     Personnelpositions and to provide input into the required level of screeningfor
     certain sensitivepositions. BT will promptly notify DO], FBI and DHS of any
     materialchangesmadein the list thereafter.

10.ProteetioD of u.s. Customer Data. BT's Security Policy will include appropriate
   policies andprocedures,consistentwith BT's compliancewith U.S. and foreign laws,
   to protect U.S. Customer Data from unauthorizedaccessand from mandatory
   destructionunderany foreign laws, and to requireprior consentof the DOJ, FBI and
   DHS before disclosing U.S. Customer Data to non-U.S. persons who are not
   screened,consistentwith BT's Security Policy, to a level commensuratewith the
   sensitivity of the datato which they have access. Suchprior consentis not required
   for compulsorydisclosurepursuantto valid legal processenforceableby a non-U.S.
   government,in which caseBT will give prompt notice to DOJ, FBI and DHS, of the
   serviceupon BT of any suchprocessso long assuchnotice to DOl, FBI and DHS js
   not in violation of foreign law. Should any non-U.S. person have accessto the
   contentof communications,they would be screenedto a substantivelyidentical level
   as would SensitiveNetwork Personnel,consistentwith the law of the jurisdiction
  governing such screening. Unauthorizeddisclosureof U.S. CustomerData will be
  required to be reportedpromptly to the Security Committee,which will investigate
  the matter and make referrals to U.S. law enforcementwhen it reasonablyappears
  that U.S. law may havebeenviolated,with a copy of any such referral to OOJ, FBI
  and DHS. BT's policies regulatingthe disclosureof U.S. CustomerData will also
  apply to agents and contractors of BT through non-disclosure agreements,as
  appropriate.

aL ReDOrtin2or Network ChaD2es. BT's SecurityPolicy will require that any major
   acquisitions, modifications, upgradesor changesmade to BT's U.S. Facilities,
   including network operating systems.software and accesssecurity be promptly
   reportedto the SecurityOfficer andthe Headof U.S. Network Operations.


                                                                                           Page5

        12.ReoortiD2 of Secaritv Breaches. BT.s SecurityPolicy will requirethat all breaches
           and suspectedbreachesof network securitythat directly and significantly impact the
           operationsor overall management  ofBT's U.S. Facilitieswill be promptly reportedto
           the SecurityCommittee. The SecurityPolicy will further requirethat suchmattersbe
           investigatedby the BT AmericasGeneralCounseland the SecurityOfficer. and that
           referralsbe madeto U.S. law enforcementwhen it reasonablyappearsthat U.S. law
           may have been violated, with a copy of any such referral to DOJ, FBI and DHS.
           BT's SecurityPolicy also will require that the Security Officer maintain a record of
           such actual or suspectedbreaches. DOJ, FBI and DHS will have a right, with two
           weeksnoticeto BT AmericasGeneralCounselandthe SecurityOfficer. to insp~t the
          record of reportsof all breachesand suspectedbreachesto the Security Committee.
          andto obtainon requesta brief reportof investigationin any matterof concern.
                                            *       .      *

                 The assurancesprovided in this letter reflect BT's commitmentto maintaining
securefacilities in the United States,as well as BT's desire to continue its strong working
relationshipwith the United Statesgovernment. Should there be any material changeswith
respectto BT's securityarrangements,    or in the factsandcircumstancesset forth in this letter, or
in the letter of November18,2004,to 001, FBI, DHS, andotherU.S. Governmentagencies,BT
will promptly notify DOl, FBI, and DHS. Shouldyou have any questionsregardingany aspect
of this letter,pleasedo not hesitateto contactthe undersigned.

                                                            Very trul Y ~urs,

                                                            British Telecommunicationspic

                                                            Da~-:7Z\ ~lO\\~

                                                           BY:~        ---
                                                           PrintedName:'T \ ~       CD\..,)~
                                                           Title: c ~ ~             c.~"N~
                                                                   C-..L..O&~       ~ Ea." l c.Q.



Document Created: 2005-02-09 15:28:24
Document Modified: 2005-02-09 15:28:24

© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC