Petition to Adopt at

PETITION submitted by US Department of Justice

Petition to Adopt Conditions

2018-11-23

This document pretains to ITC-T/C-20180517-00094 for Transfer of Control on a International Telecommunications filing.

IBFS_ITCTC2018051700094_1578780

                                      Before the
                        FEDERAL COMMUNICATIONS COMMISSION
                                 Washington, D.C. 20554

In the Matter of                                )
                                                )
Mitel Networks Corporation, Mitel Cloud         )
Services, Inc., and MLN TopCo Ltd.              )           ITC-T/C-20180517-00094
Joint Applications for Transfer and Control     )           WC Docket No. 18-162
Of Mitel Cloud Services, Inc. to MLN            )
TopCo Ltd. pursuant to Section 214 of the       )
Communications Act of 1934, as amended          )

                            PETITION TO ADOPT CONDITIONS TO
                             AUTHORIZATIONS AND LICENSES


           The U.S. Department of Justice (“USDOJ”), to include its components, the National

Security Division (“NSD”) and the Federal Bureau of Investigation (“FBI”), submits this

Petition to Adopt Conditions to Authorizations and Licenses (“Petition”), pursuant to Section

1.41 of the Federal Communications Commission (“Commission”) rules.1 Through this

Petition, the USDOJ advises the Commission that it has no objection to the Commission

approving the authority sought in the above-referenced proceeding, provided that the

Commission conditions its approval on the assurance of MLN Topco Ltd. (“TopCo”), and to

abide by the commitments and undertakings set forth in the November 23, 2018 Letter of

Agreement (“LOA”), a copy of which is attached hereto.


           The Commission has long recognized that law enforcement, national security, and public

safety concerns are part of its public interest analysis, and has accorded deference to the views of

other U.S. government agencies with expertise in those areas. See In the Matter of Comsat

Corporation d/b/a Comsat Mobile Communications, etc., 16 FCC Rcd. 21,661, 21707 ¶ 94

(2001).


1
    47 C.F.R. § 1.41.


       After discussions with representatives of TopCo in connection with the above-referenced

proceeding, the USDOJ, NSD and FBI have concluded that the additional commitments set forth

in the LOA will help ensure that the FBI, which has the responsibility of enforcing the law,

protecting the national security, and preserving public safety, can proceed appropriately to satisfy

those responsibilities. Accordingly, the USDOJ advises the Commission that it has no objection to

the Commission granting the application in the above-referenced proceeding, provided that the

Commission conditions its consent on compliance with the LOA.


                                                     Respectfully submitted,


                                                     SANCHITHA JAYARAM
                                                     Chief, Foreign Investment Review Staff
                                                     National Security Division
                                                     United States Department of Justice




                                                      BERMEL R. PAZ
                                                      National Security Division
                                                      United States Department of Justice
                                                      3 Constitution Square
                                                      175 N St NE, Suite 12-1805
                                                      Washington, D.C. 20002

                                                      November 23, 2018


MLN TopCo Ltd.
c/o Searchlight Capital Partners, L.P.
745 Fifth Avenue, 27th Floor
New York, NY 10151



                                                                              November 23, 2018

Assistant Attorney General for National Security
United States Department of Justice
National Security Division
950 Pennsylvania Avenue NW,
Washington, DC 20530

Subject:         FCC# ITC-T/C-20180517-00094/WC Docket No. 18-162
                 Joint Application by Mitel Networks Corporation (“Mitel”), Mitel Cloud
                 Services, Inc. (“MCSI”), and MLN TopCo Ltd. (“Topco”) to transfer domestic
                 and international section 214 authorizations from MCSI to Topco pursuant to
                 section 214 of the Communications Act of 1934, as amended.

Dear Sir/Madam:

        This Letter of Agreement (“LOA” or “Agreement”) outlines the commitments being
made by Topco to the U.S. Department of Justice (“USDOJ”) in order to address national
security, law enforcement, and public safety concerns arising from Mitel’s, MCSI’s, and Topco’s
joint application to the Federal Communications Commission (“FCC”) to transfer domestic and
international section 214 authorizations from MCSI to Topco.

        Topco adopts as true and correct all statements Topco, Mitel, and MCSI or their
representatives have made to USDOJ or other Team Telecom member agencies and the FCC in
the course of the review of the above-referenced application, and hereby adopts those statements
as the basis for this LOA.

        1.       For purposes of this LOA, the following definitions apply:

                 a.      “Topco” means MLN TopCo Ltd. or its successors-in-interest.

                b.     “Access” or “Accessible” means the ability to physically or logically
        undertake any of the following actions: (i) to read, copy, divert, or otherwise obtain non-
        public information or technology from or about software, hardware, a database or other
        system, or a network; (ii) to add, edit, delete, reconfigure, provision, or alter information
        or technology stored on or by software, hardware, a system or network; or (iii) to alter the
        physical or logical state of software, hardware, a system or network.

               c.      “Customer Proprietary Network Information” (CPNI) shall mean as
        defined in 47 U.S.C. § 222(h)(1).

                 d.      “Date of this LOA” shall mean the date on which the LOA is executed by
        Topco.


        e.     “Domestic Communications,” as used herein, means: (i) Wire
Communications or Electronic Communications (whether stored or not) from one U.S.
location to another U.S. location; and (ii) the U.S. portion of a Wire Communication or
Electronic Communication (whether stored or not) that originates or terminates in the
United States.

       f.      “Electronic Communication” has the meaning provided in 18 U.S.C.
§ 2510(12).

         g.      “Electronic Surveillance” means: (i) the interception of wire, oral, or
electronic communications as defined in 18 U.S.C. § 2510(1), (2), (4) and (12),
respectively, and electronic surveillance as defined in 50 U.S.C. § 1801(f); (ii) Access to
stored wire or electronic communications, as referred to in 18 U.S.C. § 2701 et seq.; (iii)
acquisition of dialing, routing, addressing, or signaling information through pen register
or trap and trace devices or other devices or features capable of acquiring such
information pursuant to law as defined in 18 U.S.C. § 3121 et seq. and 50 U.S.C. § 1841
et seq.; (iv) acquisition of location-related information concerning a subscriber or facility;
(v) preservation of any of the above information pursuant to 18 U.S.C. § 2703(f); and (vi)
Access to or acquisition, interception, or preservation of, wire, oral, or Electronic
Communication or information as described in (i) through (v) above and comparable state
laws.

       h.      “Foreign” means non-United States.

      i.      “Geolocation Data” means any information collected by Topco from its
customers regarding a customer or the customer’s device location.

        j.      “Government” means any government, or governmental, administrative,
or regulatory entity, authority, commission, board, agency, instrumentality, bureau or
political subdivision, and any court, tribunal, judicial or arbitral body.

        k.       “Internet Protocol Detail Record” means a streaming data protocol used by
operations support systems and business support systems to collect and record a user’s
data traffic statistics on a network.

        l.      “Internet Search Information” includes any data collected by Topco about
its customer’s internet browsing or online purchasing activities through any mechanism
permitted by the services offered by Topco.

        m.      “Lawful U.S. Process” means U.S. federal, state, or local court orders,
subpoenas, warrants, processes, directives, certificates or authorizations, and other orders,
legal process, statutory authorizations and certifications for electronic surveillance,
physical search and seizure, production of tangible things or Access to or disclosure of
Domestic Communications, call-associated data, transactional data, subscriber
information, or associated records.



                                          2


        n.      “Managed Network Service Provider” (“MNSP”) means any third party
that provides services to Topco and its subsidiaries in support of its telecom and/or
Internet infrastructure/business/operation including, but not limited to, network operation;
provisioning of Internet and telecom services; routine, corrective, and preventative
maintenance, including intrusive testing; network and service monitoring; network
performance, optimization, and reporting; network audits, provisioning, and
development, and the implementation of changes and upgrades; Domestic
Communications (DC); Domestic Communications Infrastructure (DCI); customer
support; Operations Support Systems (OSS); Business Support Systems (BSS); Network
Operations Center (NOC); network optimization; information technology; cloud
operations/services; 5G (SDN, NFV, Applications); and datacenter services/operations.

         o.      “Network Elements” means a facility, equipment, software, hardware or
applications used in the provision of telecommunications services, including features,
functions and capabilities that are provided by means of such facility or equipment,
including subscriber numbers, databases, signaling systems, and information sufficient
for billing, receiving and/or aggregating customer data, and collection or used in the
transmission, routing, or other provision of telecommunications services.

       p.     “Network Operations Center” means any locations and facilities
performing network management, monitoring, accumulation of accounting and usage
data, maintenance, user support, or other operational functions for Domestic
Communications.

        q.      “Non-US Government” means any government, including an identified
representative, agent, component or subdivision thereof, that is not a local, state, or
federal government in the United States.

        r.      “Offshoring” means performing obligations of this Agreement through the
use of entities and personnel outside of the territorial limits of the United States, whether
those entities or personnel are employees of Topco or its subsidiaries, or third parties.

      s.     “Outsource” or “Outsourcing” means, with respect to Domestic
Communications, supporting the services and operational needs of Topco at issue in this
LOA through the use of contractors or third parties.

        t.      “Principal Equipment” means any equipment, hardware, software, or
applications capable of controlling Domestic Communications, as well as device
controllers, signal routing and transfer routers, devices that perform network or element
management, fiber optic line termination and multiplexing, core and edge routing,
network protection, radio network control, mobility management, or lawful intercept
functions, and non-embedded software necessary for the proper monitoring,
administration and provisioning of any such equipment. This definition may be modified
from time to time by USDOJ as may be necessary due to changes in technology, business
model, management, structure of services offered, or governance of the Domestic
Communications.


                                          3


               u.      “Security Incident” means (i) any known or suspected breach of this
       agreement, including a violation of any approved policy or procedure under this
       Agreement; (ii) any unauthorized access to, or disclosure of, Personally Identifiable
       Information; (iii) any unauthorized access to, or disclosure of, information obtained from
       or relating to Government Entities; (iv) any one or more of the following which affect the
       company’s computer network(s) or associated information systems: (A) unplanned
       disruptions to a service or denial of a service; (B) unauthorized processing or storage of
       data; (C) unauthorized changes to system hardware, firmware, or software; or (D)
       attempts from unauthorized sources to Access systems or data if these attempts to Access
       systems or data may materially affect company’s ability to comply with the terms of this
       Agreement.

              v.      “U.S. Records” means Topco’s customer billing records, subscriber
       information, text, Internet Protocol Detail Record, Internet Search Information,
       Geolocation Data, CPNI, and any other related information used, processed, or
       maintained in the ordinary course of business relating to the services offered by Topco in
       the United States, including information subject to disclosure to a U.S. federal or state
       governmental entity under the procedures specified in 18 U.S.C. § 2703(c) and (d) and 18
       U.S.C. § 2709.

               w.      “Wire Communication” has the meaning provided in 18 U.S.C. § 2510(1).

        2.      Topco confirms that it will comply with all applicable lawful interception statutes,
regulations, and requirements, including the Communications Assistance for Law Enforcement
Act (“CALEA”), 47 U.S.C. 1001 et seq., and its implementing regulations, as well as comply
with all court orders and other Lawful U.S. Process for lawfully authorized Electronic
Surveillance.

        3.      Upon receipt of any Lawful U.S. Process, Topco shall place within the territorial
boundaries of the United States any and all information requested by the Lawful U.S. Process
within the period of time for response specified in the Lawful U.S. Process, or as required by
law, and shall thereafter comply with the Lawful U.S. Process.

        4.      Topco agrees to notify USDOJ, at least 30 days in advance, of any change to its
current services portfolio or any peering relationships or joint ventures with foreign companies
providing data aggregation or reselling services. Topco also agrees to notify USDOJ, at least 30
days in advance, of plans or activities to offer any 5G-based equipment or services in the U.S. for
its objection or non-objection.

        5.     Topco agrees that it will not, directly or indirectly, disclose or permit disclosure
of or Access to U.S. Records or Domestic Communications or any information (including call
content and call data) pertaining to a wiretap order, pen/trap and trace order, subpoena, or any
other Lawful U.S. Process demand if the purpose of such disclosure or access is to respond to
the legal process or request on behalf of a non-U.S. Government entity without first satisfying all
pertinent requirements of U.S. law and obtaining the express written consent of USDOJ, or the


                                                 4


authorization of a court of competent jurisdiction in the United States. Any such requests for
legal process submitted by a non-U.S. Government entity to Topco shall be referred to USDOJ
as soon as possible, but in no event later than five (5) business days after such request or legal
process is received by or made known to Topco, unless disclosure of the request or legal process
would be in violation of U.S. law or an order of a court of competent jurisdiction in the United
States.

        6.      Topco agrees to draft: (a) a NIST-Compliant Cyber Security Plan; and (b)
Network Systems Security Plan (“NSSP”), which will be forwarded to USDOJ within 60 days of
the Date of this LOA for objection or non-objection. The NSSP shall address, but not be limited
to, information security, remote Access, physical security, cyber-security, third-party contractors,
Outsourcing and Offshoring, maintenance and retention of system logs, protection of Lawful
U.S. Process, protection of U.S. Records obtained by Topco from their customers or through the
provision of services, and Topco’s specific plan regarding new contracts or any amendments to
existing contracts with third-party providers of services to require those third parties to notify
Topco in the event of a breach or loss of U.S. Records within a specified time period after
discovery, not to exceed five (5) business days from the date of discovery.

        7.     Topco agrees to require any third-party provider of services, including MNSPs, to
disclose any data breach of any U.S. Records, or any loss of U.S. Records, whether from a data
breach or other cause, within 48 hours of the third party discovering the breach or loss. To the
extent that Topco has current agreements with any third-party providers of services with Access
to U.S. Records, Topco agrees to amend those agreements to require those third parties to make
disclosure of breaches or loss of U.S. Records consistent with this paragraph, and shall forward
copies of those amended agreements to USDOJ points of contacts listed in paragraph 16 within
five (5) business days of executing those amendments.

        8.      Topco agrees to report to USDOJ and the Federal Bureau of Investigation (“FBI”)
within five (5) days upon discovery of any Security Incident. It also agrees to notify the FBI and
the U.S. Secret Service within seven (7) business days upon learning that a person or entity
without authorization, or in exceeding their or its authorization, has intentionally gained access
to, used, or disclosed any of its customer’s CPNI or that of a third party used by Topco, and shall
report the matter to the central reporting facility through the following portal:

         https://www.cpnireporting.gov/cpni/content/disclaimer.seam

        9.     Topco agrees to maintain a U.S. law enforcement point of contact (“LEPOC”) in
the United States. The LEPOC shall be a U.S. citizen residing in the United States unless
USDOJ agrees in writing otherwise, and the LEPOC must be approved by the FBI to receive
service Lawful U.S. Process for U.S. Records and, where possible, to assist and support lawful
requests for surveillance or production of U.S. Records by U.S. federal, state, and local law
enforcement agencies. This LEPOC and his/her contact information will be provided to USDOJ
within 15 days from the date Topco receives the FCC’s approval of the transfer. Topco also
agrees to provide USDOJ at least 30 days’ prior written notice of any change in its LEPOC, with
all such changes subject to the approval of USDOJ, including the FBI. In addition, Topco will
give USDOJ, including the FBI, at least 30 days’ prior written notice of any change to its


                                                 5


LEPOC, and Topco’s nominated replacement shall be subject to USDOJ, including the FBI,
review and approval. Topco also agrees that the LEPOC will have access to all U.S. Records,
and, in response to Lawful U.S. Process, will make such records available promptly and, in any
event, no later than five (5) business days after receiving such Lawful U.S. Process unless
granted an extension by USDOJ.

        10.    Topco agrees to provide USDOJ within 60 days from the date Topco receives the
approval of transfer with a list of all Principal Equipment. Topco further agrees to notify
USDOJ, including the FBI, at least 30 days in advance, of any introduction of new Principal
Equipment or changes/modification to any of its Principal Equipment, including the names of
providers, suppliers, and entities that will perform any maintenance, repair, or replacement that
may result in any material modification to its Principal Equipment or systems or software used
with or supporting the Principal Equipment. USDOJ shall object or non-object to such new
Principal Equipment or change/modification to the Principal Equipment within 30 days of receipt
of notice.

        11.    Topco agrees to notify USDOJ of any plans to operate a Network Operation
Center outside of the United States for objection or non-objection by USDOJ. Topco further
agrees to obtain pre-approval from USDOJ prior to using its remote Access capabilities.

      12.      Topco agrees to permit USDOJ requests for site visits and approve all requests to
conduct on-site interviews of Topco employees.

        13.   Topco agrees that it will provide USDOJ notice at least 30 days in advance of all
Outsourced or Offshore service providers, including but not limited to services provided in
relation to:
              Network Operation Center(s);
              Network maintenance services;
              Customer support services;
              Any operation/service that could potentially expose Domestic Communications
              Infrastructure, U.S. Records to include CPNI such as call detail records
              (“CDRs”); and
              Deployment of any Network Elements, hardware, software, core network
              equipment, and Network Management Capabilities that are owned, managed,
              manufactured or controlled by a foreign government or non-public entities.

USDOJ shall object or non-object to Outsourced or Offshore service providers, within 30 days of
receipt of notice.

        14.     Topco agrees to provide USDOJ with 30 days’ advance notice of any changes to
its business, including but not limited to corporate structure changes, ownership changes,
corporate name changes, business model changes, corporate headquarter location changes, or
business operation location.

                                                6


         15.    Topco agrees not to allow any person, entity, or subsidiary to sell or collect
information such as web activities, contact list, location, etc. ofits subscriber or customer for
third party‘s use or purpose without the consent ofthe customer.

        16.   Topco agrees to provide an annual report to USDOJ regarding its compliance with
this Agreement, to include:
               Certifications that there were no changes (where no changes were reported to
               USDOT,including the FBI), during the preceding year;
               Certification that Topco has been in CALEA compliance;
               Notice(s) regarding the company‘s handling ofU.S. Records, Domestic
               Communications, and Lawful U.S. Process(.e., whether handled properly and in
               accordance with the assurances contained herein) including list of individuals
               with access to U.S. CDRs;

               Recertification on any changes in theservices that Topco provides or
               confirmation that no additional services are being offered;
               Notification(s) of any relationships with foreign—owned telecommunications
               partners, including any peerrelationships;
               Updated list of Topco‘s Principal Equipment, vendors and suppliers;

               Updated NSSP;
               Updated NIST—Compliant Cyber Security Plan:
               Summary of eyber security and cloud incidents reported to USDOT as well as the
               actions and resolutions undertaken by Topco;
               Notification(s) of theinstallation and/or purchase orlease of any foreign—
               manufactured telecommunication equipment(including, but not limited to,
               switches, routers, software, hardware);
               Report(s) of any occurrences of Security Incidents including eyber—security
               incidences, network and enterprise breaches, and unauthorized Access to
               customer data and information;
               A re—identification of the name of and contact information of the LEPOC; and
               Notifications regarding any other matter of interest to this LOA.


       The annual report will be due on the 31" day of January of each calendar year,
beginning on January 31, 2020, and will be addressed to:


                       Assistant Attorney General for National Security
                       U.S. Department of Justice

                                                  7


                       National Security Division
                       Three Constitution Square, 175 N Street NE,
                       Washington, DC 20002

                       Attention: FIRS/Team Telecom Staff

       Courtesy electronic copies of all notices and communications will also be sent to the
       following or individuals identified in the future to Topco by USDOJ: Bermel Paz,
       USDOJ (at Bermel.Paz@usdoj.gov); Loyaan Egal, USDOJ (at Loyaan.Egal@usdoj.gov)
       and FIRS Team (at FIRS-TT@usdoj.gov).

        17.     Topco agrees that in the event that the commitments set forth in this letter are
breached, USDOJ may request the FCC to modify, condition, revoke, cancel, terminate or render
null and void any relevant license, permit, or other authorization granted by the FCC to Topco or
its successors-in-interest, in addition to any other remedy available at law or equity.


        18.     Topco understands that, upon execution of this LOA by an authorized
representative or attorney, or shortly thereafter, USDOJ shall notify the FCC that it has no
objection to the FCC’s consent to Topco’s petition.




                                              Sincerely,


                                              ________________________________
                                              Andrew Frey: Authorized Person
                                              ___________________________________
                                              MLN TopCo Ltd.




                                                 8



Document Created: 2018-11-23 09:41:16
Document Modified: 2018-11-23 09:41:16

© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC