Attachment BT condition

This document pretains to ITC-T/C-20041119-00460 for Transfer of Control on a International Telecommunications filing.

IBFS_ITCTC2004111900460_416863

BT January12,2005 BY HAND DELIVERY Ms. LauraH. Parsky DeputyAssistantAttorney General United StatesDepartmentof Justice 950 Pcrmsylvania A venue, N. W . Washington.D.C. 20530 Ms. Tina W. Gabbrielli Director of IntelligenceCoordinationand SpcciallnfrastructureProtectionPrograms United StatesDepartmentof HomelandSecurity Washington,D.C. 20528 Mr. Patrick W. Kelley DeputyGeneralCoW1se1 FederalBureauof Investigation 935 PennsylvaniaAvenue,N.W. Washin~ D.C. 20535 Dear Ms. PBrsky, Ms. Gabbrielli and Mr. Kelley: As you know, British Telecommunicationspic (44BT'), a United Kingdom companyengagedin the provision of global communicationsservicesand solutions, plans to acquireInfonet ServicesCorporation(44Infonet"),a Delawarecorporationoffering value-added networkcommunicationsservices. BT and Infonet have met with representatives of the U.S. Departmentof Justice ("OOfj, including the FederalBureau of Investigation("FOr'), and the U.S. Departmentof HomelandSecurity("DHS") to discussBT's security arrangements with respectto the planned transaction.Furtherto thosediscussions,this letter now setsforth certainsecurityassurances of BT to the DOJ, FBI and DHS in connectionwith BT's acquisitionof Infonet. Thesesecurity assurances relateto the combinednetwork facilities of BT and Infonet physically locatedin the United States("BT U.S. Facilities") and will be effective immediatelyupon conswnmationof the acquisitionof Infonet by BT. Specifically, following consummationof the transaction, B1 will maintain security policies designedto protect BT U.S. Facilities, safeguardU.S. Customer Data, as hereinafter defined, respond to security incidents, and comply with U.S. law enforcement requests.In furtheranceof the foregoingsecurityobjectives,BT undertakesthe following: oc: 1Me7»-3 ~ ~':::J..I...~ ,II: ~0Mce 81 ~ L EC1A7AJ "-"-'~.~ IT ~ M ISO at c www.bt.~

Page2 .. Maintenance of U.S. Securitv PoUcvaDd OoeratioDal PlD. BT will maintain a securitypolicy andoperationalplan for the BT U.S. Facilities (the "Security Policy"), including all of the elementsset forth below. The SecurityPolicy will addressBT's broad security objectives with respect to its U.S. Facilities as well as specific standardsandpracticesto be appliedin the BT organizationincluding,but not limited to, facility access,securitymanagement,en1pJoyee screening,cooperationwith U.S. law enforcementandrelatedmatters. DesleDadoDof U.S. Security Committee. BT will designateat leasttwo (2) persons to serve as membersof a security committee (the "Security Committee"). BT contemplatesthat the SecurityCommitteeinitially will be comprisedof four persons: (i) the BT AmericasGeneralCounsel~(ii) the Headof U.S. Network Operations;(iii) the U.S. Security Officer; and (iv) the U.S. Law EnforcementPrimary Contact Person. BT expectsthat the compositionand numberof membersof the Security Committeemay changefrom time to time. but in any eventwill have a minimum of two members.one of which will be the BT Americas GeneralCounseland one of which will be the Headof U.S. Network Operations. The Security Committeewill meet periodically (no lessthan quarterly) to review the SecurityPolicy and confinJ1 that BT is in operational compliance with the Security Policy. The Security Committeewill be responsiblefor ensuringthat the SecurityPolicy is followed in the eventof a high level threator nationalemergencyin the United States. The Security Committeewill also be responsiblefor making appropriaterevisionsto the Security Policy asneededin light of changesandmodificationsto the BT global network. The membersof the SecurityCommitteewill be residentU.S. citizensandwill be subject to the third-party, pre-employmentscreeningprocessat the higher level described below. 3. Deslnation of U.S. Security Officer. BT will designatea Security Officer for the 8T U.S. Facilities. The SecurityOfficer will overseethe day-to-dayimplementation and maintenance of the Security Policy for the BT U.S. Facilities. The Security Officer will reportto the SecurityCommittee. The SecurityOfficer will be a resident u.S. citizen andwill be subjectto the pre-employmentscreeningprocessat the higher level describedbelow. Desi2DatioD of U.S. Network S~uritv ResDoDseTeam. BT will designate a U.S. Network Security ResponseTeam to support and manage BT's U.S. Facilities. The U.S. Network Security ResponseTeam will consist of key personnel from across BT Americas and will have the primary responsibility of assuming ultimate control ofBT U.S. Facilities in the event of a high level threat or U.S. national emergency, including (i) temtinating control of U.S. Facilities by persons outside the United States; (ii) perrOrDlingnetwork changesas required, and (iii) maintaining functions to minimize the impact of such threat or emergency to BT's customers. For purposes of the foregoing, to "assume control" in this context means to take necessary action to prohibit personnel physically located outside the United States from performing activities directly related to the physical operation of BT's U.S. Facilities, including but not limited to surveillance, maintenance, integration, commissioning and network Inanagen1ent functions.

Page3 s. ComDUaDcewith u.s. Law EDforcemeat Rea.au. BT will maintainpolicies and proceduresfor the provision of, or for providing accessto, within the United States, electronic or wire communications (whether stored or real-time), subscriber infonnation,billing andtransactionalrecordsof U.S. subscriben(the "U.S. Customer Data") requestedby U.S. law enforcementagencies,either pursuantto lawful U.S. processor as otherwisepennitted by law. BT will designateone or more points of contactat an office within the United Statesto receiveand process,in a secureand efficient manner, requests for assistancefrom U.S. law enforcement agencies, includingrequestsfor interceptionor surveillanceof communicationsandcompliance with subpoenasor other lawful demandsfor disclosureof, or accessto, BT's records. Such assistancewill include, but not be limited to, disclosure, if necessary,of technical and engineering information relating to the design. maintenanceor operation of BT's systems. BT and the law enforcementagency seeking the assistancewill work togetherto determinewhat assistanceis reasonable,taking into accountthe investigativeneedsof the agencyandBT's commercialinterests.BT will designatea screenedtechnical official to assist,where applicable,in executionof suchrequestsfor assistancefrom law enforcementagencies.BT also will provide for the confidentialtreatment,andprohibition of unauthorizeddisclosure,of the recordof such requestsand all information suppliedto law enforcementin responseto such rcquests. Upon designation,BT wi)} notify the FBI, DO} and DHS in writing of the points of contact,and thereafterwi)} promptly notify the FBI, DO] and DHS of any changein suchdesignation. The points of contactwill be residentU.S. citizens and will be subjectto the pre-employmentscreeningprocessat the higher level described below. 6. MaiDtenaDceof AccessControl PoI!£!. BT will maintain an accesscontrol policy (the "AccessControl Policy"), which policy will includeaccesscontrol requirements for BT's U.S. Facilities. The AccessControl Policy will requirein particularthat all BT U.S. Facilitiesbe securedandthat,while on the premisesofBT U.S. Facilities,all employeesand visitors must display appropriateidentification. The AccessControl Policy will alsoprovidethat approvedvisitors areescortedby a BT employeeat such times that said visitor has accessto U.S. communicationsor network inftastructure. The minimum requirementsfor accessby any personto any BT U.S. Facility will be that the person(i) is an employeeand is basedin that particular facility; or (ii) is an expectedvisitor andhasmadearrangements for entrywith a BT employeehost. 7. Reautrement of V.loDe User IdeatificatioD. BT's Access Control Policy will fe<luirethat each user of computersystemsassociatedwith 8T's U.S. Facilities be assigneda unique user ID and passwordfor purposesof accessingsuch systems. Further, accesswill be granted solely on an ''as needed" basis, with individuals obtaining accessexclusively to the systemsneededto perform their specific job obligations. I. Network Monitorm2. BT will monitor its V.S. Facilities in order to detect and preventmaliciousaccessattempts,aswell as to resolvetechnicalfaults and potential securityvulnerabilities. V.S. residentpersolUlelwill control the U.S. portionsof BT's network with respectto integration,commissioning,and implementationof network

Page4 and customerequipment,bandwidthactivations,nodesite managementand technical assistance.U.S.-resident personnelwill also maintainthe ability to assumecontrol over the U.S. portions of the network. including the ability to ternlinate control by p~nnellocated outsideof the U.S. in the event of a high level threat or national emergency. 9. Maintenance of Screenin2 and Non-Disclosure Reouirements. BT will require pre-employmentscreening and non-discJosurecommitments prior to hiring new employeeswith accessto the BT U.S. FaciJities. Higher-leveJscreeningwill be mandatoryfor officers of BT and thoseindividuals who alreadyhold, or will hold, particularly sensitivenetwork positions ("Sensitive Network Personnel'"),including the membersof the Security Committee,the Security Officer, the U.S. Network SecurityResponseTeamand the teclmical official referencedin Paragraph5 above. The list of positions designatedas SensitiveNetwork Personnelwill be reviewed periodically by the Security Officer and approvedby the Security Committee to ensurethat the appropriatepersonsareso designatedandhavebeenproperly screened accordingto the SecurityPolicy. Prior to suchapproval,BT will provide DO], FBI, and DHS a two week commentperiod to review the initial list of SensitiveNetwork Personnelpositions and to provide input into the required level of screeningfor certain sensitivepositions. BT will promptly notify DO], FBI and DHS of any materialchangesmadein the list thereafter. 10.ProteetioD of u.s. Customer Data. BT's Security Policy will include appropriate policies andprocedures,consistentwith BT's compliancewith U.S. and foreign laws, to protect U.S. Customer Data from unauthorizedaccessand from mandatory destructionunderany foreign laws, and to requireprior consentof the DOJ, FBI and DHS before disclosing U.S. Customer Data to non-U.S. persons who are not screened,consistentwith BT's Security Policy, to a level commensuratewith the sensitivity of the datato which they have access. Suchprior consentis not required for compulsorydisclosurepursuantto valid legal processenforceableby a non-U.S. government,in which caseBT will give prompt notice to DOJ, FBI and DHS, of the serviceupon BT of any suchprocessso long assuchnotice to DOl, FBI and DHS js not in violation of foreign law. Should any non-U.S. person have accessto the contentof communications,they would be screenedto a substantivelyidentical level as would SensitiveNetwork Personnel,consistentwith the law of the jurisdiction governing such screening. Unauthorizeddisclosureof U.S. CustomerData will be required to be reportedpromptly to the Security Committee,which will investigate the matter and make referrals to U.S. law enforcementwhen it reasonablyappears that U.S. law may havebeenviolated,with a copy of any such referral to OOJ, FBI and DHS. BT's policies regulatingthe disclosureof U.S. CustomerData will also apply to agents and contractors of BT through non-disclosure agreements,as appropriate. aL ReDOrtin2or Network ChaD2es. BT's SecurityPolicy will require that any major acquisitions, modifications, upgradesor changesmade to BT's U.S. Facilities, including network operating systems.software and accesssecurity be promptly reportedto the SecurityOfficer andthe Headof U.S. Network Operations.

Page5 12.ReoortiD2 of Secaritv Breaches. BT.s SecurityPolicy will requirethat all breaches and suspectedbreachesof network securitythat directly and significantly impact the operationsor overall management ofBT's U.S. Facilitieswill be promptly reportedto the SecurityCommittee. The SecurityPolicy will further requirethat suchmattersbe investigatedby the BT AmericasGeneralCounseland the SecurityOfficer. and that referralsbe madeto U.S. law enforcementwhen it reasonablyappearsthat U.S. law may have been violated, with a copy of any such referral to DOJ, FBI and DHS. BT's SecurityPolicy also will require that the Security Officer maintain a record of such actual or suspectedbreaches. DOJ, FBI and DHS will have a right, with two weeksnoticeto BT AmericasGeneralCounselandthe SecurityOfficer. to insp~t the record of reportsof all breachesand suspectedbreachesto the Security Committee. andto obtainon requesta brief reportof investigationin any matterof concern. * . * The assurancesprovided in this letter reflect BT's commitmentto maintaining securefacilities in the United States,as well as BT's desire to continue its strong working relationshipwith the United Statesgovernment. Should there be any material changeswith respectto BT's securityarrangements, or in the factsandcircumstancesset forth in this letter, or in the letter of November18,2004,to 001, FBI, DHS, andotherU.S. Governmentagencies,BT will promptly notify DOl, FBI, and DHS. Shouldyou have any questionsregardingany aspect of this letter,pleasedo not hesitateto contactthe undersigned. Very trul Y ~urs, British Telecommunicationspic Da~-:7Z\ ~lO\\~ BY:~ --- PrintedName:'T \ ~ CD\..,)~ Title: c ~ ~ c.~"N~ C-..L..O&~ ~ Ea." l c.Q.


Document Created: 2005-02-09 15:28:24
Document Modified: 2005-02-09 15:28:24
© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC