Attachment A - 2019

PETITION submitted by U.S. Department of Justice

Attachment A - 2019 Letter of Agreement

2019-02-14

This document pretains to ITC-T/C-20180824-00165 for Transfer of Control on a International Telecommunications filing.

IBFS_ITCTC2018082400165_1626511

February 13, 2019 Assistant Attorney General for National Security United States Department of Justice National Security Division 950 Pennsylvania Avenue NW Washington, DC 20530 Subject: FCC No. ITC-T/C-20180824-00165, WC Docket No. 18-255 Application by Colombo Topco Limited and Brent Infrastructure Group I.B.V. for authority pursuant to Section 214 of the Communications Act of 1934, as amended, to transfer control of an international Section 214 authorization. Dear Sir/Madam: This Letter of Agreement (“LOA” or “Agreement”) sets forth the commitments made by Colombo Topco Limited (“Colombo”), Tampnet AS, and Tampnet Inc. (“Tampnet”) (collectively, “the Parties”) to the U.S. Department of Justice (“USDOJ”) to address national security, law enforcement, and public safety concerns arising from the joint application filed by Colombo and Brent Infrastructure Group I.B.V. (“Brent Infrastructure”) with the Federal Communications Commission (“FCC”) requesting the transfer of Tampnet’s authorization from Brent Infrastructure to Colombo pursuant to Section 214 of the Communications Act, as amended (the “Act”), and the implementing regulations at 47 C.F.R. § 63. The Parties adopt as true and correct any and all representations made by each party to USDOJ through the Team Telecom review process, whether such representations were made directly by Tampnet, Tampnet AS, Colombo, or through each party’s counsel. 1. For purposes of this LOA, the following definitions apply: a. “Access” means the ability to physically or logically undertake any of the following actions: (i) to read, copy, divert, or otherwise obtain non-public information or technology from or about software, hardware, a database or other system, or a network; (ii) to add, edit, delete, reconfigure, provision, or alter information or technology stored on or by software, hardware, a system or network; or (iii) to alter the physical or logical state of software, hardware, a system or network. b. “Call Detail Record” (“CDR”) means the data records or call log records that contain information about each call made by a user and processed by switch, call manager, or call server. Ph:866.621.5290 • Fx:337.205.8761 326 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

Page 2 of 9 c. “Customer Proprietary Network Information” (“CPNI”) means as defined in 47 U.S.C. § 222(h)(1). d. “Date of this LOA” means the date on which the LOA is executed by Tampnet. e. “Domestic Communications” or “DC” means: (i) Wire Communications, as defined in 18 U.S.C. § 2510(1), or Electronic Communications (whether stored or not), as defined in 18 U.S.C. § 2510(12), from one U.S. location to another U.S. location; or (ii) the U.S. portion of a Wire Communication or Electronic Communication (whether stored or not) that originates or terminates in the United States. f. “Domestic Communications Infrastructure” or “DCI” means: (i) the transmission and switching equipment physically located in the United States (including hardware, software, and upgrades), routers, servers, security appliances, and fiber and copper cable and associated facilities physically located in the United States owned (to include leased) and controlled by or on behalf of Tampnet to provide, process, direct, control, supervise or manage DC; (ii) facilities and equipment leased or owned by or on behalf of Tampnet that are physically located in the United States; or (iii) the property, facilities and equipment leased or owned by or on behalf of Tampnet to control the equipment or facilities described in (i) and (ii) above. The phrase “on behalf of,” as used in this paragraph, does not include entities with which Tampnet has contracted for peering, interconnection, roaming, long distance, wholesale network access, or other similar arrangements. g. “Electronic Surveillance” means: (i) the interception of wire, oral, or electronic communications as defined in 18 U.S.C. § 2510(1), (2), (4) and (12), respectively, and electronic surveillance as defined in 50 U.S.C. § 1801(f); (ii) access to stored wire or electronic communications, as referred to in 18 U.S.C. § 2701 et seq.; (iii) acquisition of dialing, routing, addressing, or signaling information through pen register or trap and trace devices or other devices or features capable of acquiring such information pursuant to law as defined in 18 U.S.C. § 3121 et seq. and 50 U.S.C. § 1841 et seq.; (iv) acquisition of location-related information concerning a subscriber or facility; (v) preservation of any of the above information pursuant to 18 U.S.C. § 2703(f); and (vi) access to or acquisition, interception, or preservation of, wire, oral, or electronic communications or information as described in (i) through (v) above and comparable state laws. h. “Foreign” means non-United States. i. “Government” means any government, or governmental, administrative, or regulatory entity, authority, commission, board, agency, instrumentality, bureau or political subdivision, and any court, tribunal, judicial or arbitral body. Ph:866.621.5290 • Fx:337.205.8761 309 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

Page 3 of 9 j. “Lawful U.S. Process” means U.S. federal, state, or local court orders, subpoenas, warrants, processes, directives, certificates or authorizations, and other orders, legal process, statutory authorizations and certifications for Electronic Surveillance, physical search and seizure, production of tangible things or Access to or disclosure of Domestic Communications, call-associated data, transactional data, subscriber information, or associated records. k. “Managed Network Service Provider” or (“MNSP”) means any third party that has Access to Principal Equipment for the purpose of (a) network operation; provisioning of Internet and telecommunications services; routine, corrective, and preventative maintenance, including switching, routing, and testing; network and service monitoring; network performance, optimization, and reporting; network audits, provisioning, creation and implementation of changes and upgrades; or (b) provision of DC or operation of DCI, including: customer support; OSS; BSS; Network Operations Centers (“NOCs”); information technology; cloud operations/services; next generation, including 5G (SDN, NFV, Applications); and datacenter services/operations. l. “Network Operations Center” or “NOC” means any locations and facilities performing network management, monitoring, accumulation of accounting and usage data, maintenance, user support, or other operational functions for DC. m. “Non-U.S. Government” means any government, including an identified representative, agent, component or subdivision thereof, that is not a local, state, or federal government in the United States. n. “Offshore” means performing obligations of this Agreement through the use of entities and personnel outside of the territorial limits of the United States, whether those entities or personnel are employees of Tampnet, Tampnet AS, or its subsidiaries. The Parties agree that all current and future network facilities, equipment or operations that Tampnet is, or will be, utilizing to provide service in the Gulf of Mexico are domestic operations and are not considered “Offshore” within the scope of this definition. o. “Outsource” means, with respect to DC, supporting the services and operational needs of Tampnet at issue in this LOA through the use of contractors or third parties. p. “Principal Equipment” means all primary telecommunications and information network (e.g., wireline, wireless , subsea, satellite, LAN, WAN, WLAN, SAN, MAN, IP, MPLS, FR, Wi-Fi, 3G/4G/LTE, 5G, etc.) equipment (e.g., hardware, software, platforms, OS, applications, protocols) that supports core telecommunication/information services (e.g., voice, data, text, MMS, FAX, video, Internet, OTT, Apps), functions (e.g., network/element management, maintenance, provisioning, NOC, etc.), or operations (e.g., OSS/BSS, customer support, billing, backups, cloud services, etc.), including but not limited to routers, servers, circuit switches/softswitches, PBXs, call processors, databases, storage devices, load balancers, radios, smart antennas, transmission equipment (RF/Microwave/Wi-Fi/Fiber Optic), Ph:866.621.5290 • Fx:337.205.8761 309 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

Page 4 of 9 RAN, SDR, equalizers/amplifiers, MDF, digital/optical cross-connects, PFE, multiplexers, HLR/VLR, gateway routers, signaling, Network Function Virtualizations, hypervisors, EPC, BSC, BT, or eNodeB. q. “Subscriber Information” means any information of the type referred to and accessible subject to the procedures specified in 18 U.S.C. § 2703(c)(2) or 18 U.S.C. § 2709, as amended or superseded. r. “U.S. Records” means Tampnet’s customer billing records, Subscriber Information, CPNI, and any other related information used, processed, or maintained in the ordinary course of business relating to the services offered by Tampnet in the United States, including information subject to disclosure to a U.S. federal or state governmental entity under the procedures specified in 18 U.S.C. § 2703(c) and (d) and 18 U.S.C. § 2709. Lawful U.S. Process 2. Tampnet confirms that it will comply with all applicable lawful interception statutes, regulations, and requirements, including the Communications Assistance for Law Enforcement Act (“CALEA”), 47 U.S.C. § 1001 et seq., and its implementing regulations, as well as comply with all court orders and other Lawful U.S. Process for authorized Electronic Surveillance. Tampnet will provide notice of any material change in its lawful intercept capabilities to USDOJ within thirty (30) calendar days of such change, and will certify its compliance with CALEA no more than sixty (60) calendar days following its notice to USDOJ of any material new facilities, services, or capabilities. 3. Upon receipt of any Lawful U.S. Process, Tampnet shall place within the territorial boundaries of the United States any and all information requested by the Lawful U.S. Process within the period of time for response specified in the Lawful U.S. Process, or as required by law, and shall thereafter comply with the Lawful U.S. Process. 4. Tampnet agrees that it will not, directly or indirectly, disclose or permit disclosure of or Access to U.S. Records or DCs or any information (including call content and call data) pertaining to a wiretap order, pen/trap and trace order, subpoena, or any other Lawful U.S. Process demand if the purpose of such disclosure or access is to respond to the legal process or request on behalf of a non-U.S. Government entity without first satisfying all pertinent requirements of U.S. law and obtaining the express written consent of USDOJ, or the authorization of a court of competent jurisdiction in the United States. Any such requests for legal process submitted by a non-U.S. Government entity to Tampnet shall be referred to USDOJ as soon as possible, but in no event later than five (5) business days after such request or legal process is received by or made known to Tampnet, unless disclosure of the request or legal process would be in violation of U.S. law or an order of a court of competent jurisdiction in the United States. 5. Tampnet shall take all practicable measures to prevent unauthorized Access to the equipment or facilities supporting those portions of Tampnet’s DCI necessary for conducting Ph:866.621.5290 • Fx:337.205.8761 309 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

Page 5 of 9 Electronic Surveillance. Such measures shall include technical, organizational, personnel-related policies and written procedures, as well as necessary implementation plans and physical security measures. Network Operations and Equipment 6. Tampnet agrees to provide USDOJ within thirty (30) days from the date Tampnet receives the FCC’s approval of transfer a Principal Equipment List, to include the following: a. A complete and current list of all Principal Equipment, including: (i) a description of each item and the functions supported, (ii) each item’s manufacturer, and (iii) the model and/or version number of any hardware or software; and b. Any vendors, contractors, or subcontractors involved in providing, installing, operating, managing, or maintaining the Principal Equipment. 7. Tampnet further agrees to provide USDOJ notice sixty (60) calendar days prior to any intention to deploy or install any Principal Equipment not previously identified on the Principal Equipment List. Such deployment or installation shall be subject to USDOJ review and non-objection. 8. Tampnet agrees to take all reasonable measures to prevent unauthorized Access to the DCI and to prevent any unlawful use or disclosure of information carried on the same. Such measures shall include the development and adoption of a NIST-compliant cyber-security plan which complies with the principles articulated in the NIST Cybersecurity Framework (Vers. 1.1, April, 2018), and includes security procedures for any remote virtual private network Access to the DCI, contractual safeguards and screening procedures for personnel with administrative Access to the DCI, and procedures for applying security patches to systems and applications. Tampnet will submit this cybersecurity policy to USDOJ within sixty (60) days from the Date of this LOA. Tampnet agrees to meet and confer with USDOJ regarding such policy upon request. 9. With respect to DCI and DC, Tampnet agrees to provide USDOJ with at least sixty (60) calendar days’ prior notice of any intention to Outsource and/or Offshore any network- related services, including but not limited to MNSP services, NOC operations and/or services, customer support services, network maintenance, remote Access to the DCI (e.g., CDRs, CPNI, etc.), and any Access to DCs. Such intention shall be subject to USDOJ review and non- objection. USDOJ shall object or non-object to Outsourced or Offshore service providers within thirty (30) days of receipt of notice. Personnel 10. Tampnet agrees to designate a Security Officer within thirty (30) days from the Date of this LOA. The Security Officer will have appropriate senior-level corporate authority within Tampnet, and the necessary resources and skills, to maintain Tampnet’s security policies and procedures and oversee Tampnet’s compliance with this LOA. The Security Officer will be Ph:866.621.5290 • Fx:337.205.8761 309 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

Page 6 of 9 a resident U.S. citizen, and, if not already in possession of a U.S. security clearance, shall be eligible to hold such security clearance immediately upon appointment. The Security Officer will be subject to USDOJ’s review and non-objection and may be subject to a background check at the sole discretion of USDOJ. If USDOJ objects to the Security Officer nominee, such objection must be made within thirty (30) days of receiving notice of the nominee. The Security Officer will serve as the primary point of contact for USDOJ regarding any national security, law enforcement, or public safety concerns that USDOJ may raise. The Security Officer shall be responsible for receiving and promptly effectuating any requests for information pursuant to this LOA and for otherwise ensuring compliance with obligations set forth in this LOA. Tampnet shall notify USDOJ of any proposed change to the Security Officer at least ten (10) days in advance of such change, where possible. Any subsequently proposed Security Officer shall be subject to USDOJ’s review and non-objection and may be subject to a background check at the sole discretion of USDOJ. As applicable, the Security Officer will instruct and train Tampnet’s officers, employees, contractors and agents on the requirements of this LOA. 11. Tampnet agrees to maintain a U.S. law enforcement point of contact (“LEPOC”) in the United States. The LEPOC shall be a U.S. citizen residing in the United States. The LEPOC must be able to, directly or through an existing Trusted Third Party vendor, receive Lawful U.S. Process for U.S. Records and, where possible, to assist and support lawful requests for surveillance or production of U.S. Records by U.S. federal, state, and local law enforcement agencies. For purposes of this LOA, a Trusted Third Party shall mean a third-party vendor with a system that has access to a carrier's network and remotely manages the intercept process for Tampnet. This LEPOC and his/her contact information will be provided to USDOJ within fifteen (15) days from the date Tampnet receives the FCC’s approval of the transfer. Tampnet will give USDOJ at least thirty (30) days’ prior written notice of any change to its LEPOC, and the nominated replacement shall be subject to USDOJ review and non-objection. Tampnet also agrees that the LEPOC will have access to all U.S. Records, and, in response to Lawful U.S. Process, will make such records available no later than five (5) business days after receiving such Lawful U.S. Process unless granted an extension by USDOJ. Remote Access Policy 12. Tampnet agrees to implement a Remote Access Policy that will describe the current and anticipated terms of Access available to non-U.S. citizen personnel employed by Tampnet AS at the Norway NOC. Tampnet will provide this policy to the USDOJ within sixty (60) days from the Date of this LOA. Such Remote Access Policy shall be subject to USDOJ review and non-objection. Changes in Ownership and Services 13. Tampnet agrees to provide USDOJ with notice of any material changes to its business operations, including but not limited to ownership changes (involving a change in equity or voting interests of ten percent or greater), corporate name changes, corporate headquarters location changes, or network operations center location changes within thirty (30) days of such change. Ph:866.621.5290 • Fx:337.205.8761 309 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

Page 7 of 9 14. Tampnet agrees to notify USDOJ, at least thirty (30) days in advance, of any material changes to its current services portfolio. Tampnet also agrees to notify USDOJ, at least thirty (30) days in advance, of any formal proposal to offer services to the U.S. federal, state, or local Government. Annual Report 15. Tampnet agrees to provide an annual report to USDOJ regarding Tampnet’s compliance with this Agreement, to include: a. Certification that Tampnet remains in CALEA compliance; b. A list of individuals with access to U.S. CDRs; c. Recertification of the services that Tampnet provides or confirmation that no additional services are being offered; d. Notification(s) of any relationships with foreign-owned telecommunications partners, including any network peering (traffic exchange) relationships; e. Confirmation that no changes were made to the updated Principal Equipment List; f. Report(s) of any occurrences of U.S.-based material cyber-security incidents, network and/or enterprise breaches, and any unauthorized Access to U.S.-based customer data and/or information; g. A re-identification of the name of and contact information of the Security Officer and the LEPOC; and h. Notifications regarding any other matter of interest to this LOA. The annual report will be due every 31st day of January of each calendar year, beginning on January 31, 2020, and will be addressed to: Assistant Attorney General for National Security U.S. Department of Justice National Security Division Three Constitution Square, 175 N Street NE, Washington, DC 20530 Attention: FIRS/Team Telecom Staff Courtesy electronic copies of all notices and communications will also be sent to the following or individuals identified in the future to Tampnet by USDOJ: Hunter Deeley, USDOJ (at Hunter.Deeley@usdoj.gov); Loyaan Egal, USDOJ (at Loyaan.Egal@usdoj.gov) and FIRS Team (at FIRS-TT@usdoj.gov). Ph:866.621.5290 • Fx:337.205.8761 309 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

Page 8 of 9 16. Upon reasonable written notice and during reasonable business hours, the USDOJ may visit and inspect any part of Tampnet’s DCI, secure facilities, corporate offices in the United States, and such other facilities that the Parties and USDOJ may agree upon in writing are relevant to this Agreement for the purpose of verifying compliance with the terms of this Agreement. Tampnet may have appropriate Tampnet employees accompany USDOJ representatives throughout any such inspection. 17. Tampnet agrees to promptly notify USDOJ, including the points of contact listed herein, of any breaches of this Agreement, as well as any other security incidents such as, but not limited to cyber-security incidents, intrusions or breaches of the DCI. The notification shall take place no later than five (5) days after Tampnet or any third party providing Outsource or Offshore services to Tampnet discovers the incident, intrusion or breach takes place, or sooner when required by statute or regulations. Miscellaneous 18. Tampnet agree to negotiate in good faith and promptly with USDOJ if USDOJ finds that the terms of this Agreement are inadequate to resolve any national security, law enforcement, or public safety concerns. The Parties agree that in the event that the commitments set forth in this letter are breached, USDOJ may request that the FCC modify, condition, revoke, cancel, or render null and void any relevant license, permit, or other authorization granted by the FCC to Tampnet or its successors-in-interest, in addition to any other remedy available by law or equity. Nothing herein shall be construed to be a waiver by Tampnet of, or limitation on, its right to oppose or comment on any such request. 19. This Agreement shall inure to the benefit of, and shall be binding upon, the Parties and the USDOJ, and their respective successors and assigns. This Agreement shall apply in full force and effect to any entity or asset, whether acquired before or after this LOA’s execution, over which Tampnet, including their successors or assigns, have the power or authority to exercise de facto or de jure control. 20. Tampnet understands that, upon execution of this LOA by an authorized representative or attorney, or shortly thereafter, USDOJ shall notify the FCC that it has no objection to the FCC’s approval of Tampnet’s application. 21. Upon execution of this LOA, this Agreement shall supersede the letter of agreement between Tampnet and USDOJ received and acknowledged on June 10, 2016 (“2016 LOA”) and the 2016 LOA shall terminate. Ph:866.621.5290 • Fx:337.205.8761 309 Apollo Road • Scott, Louisiana 70583 www.tampnet.com

[Signature Page for Letter of Agreement] Sincerely, ______________________________ TAMPNET INC. Per Helge Svensson Name: ________________________ CEO Title: _________________________ February 13, 2019 Date: _________________________ ______________________________ TAMPNET AS Per Helge Svensson Name: ________________________ CEO Title: _________________________ February 13, 2019 Date: _________________________ ______________________________ COLOMBO TOPCO LIMITED Name: ________________________ Title: _________________________ Date: _________________________

February 13, 2019


Document Created: 2019-02-13 16:31:11
Document Modified: 2019-02-13 16:31:11
© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC