Neustar's lobbying effort to stop a key federal number-portability contract from slipping away to Ericsson's (NASDAQ: ERIC) Telcordia unit took another turn via a report sent to the FCC from Michael Chertoff, a former secretary of homeland security. The report, from Chertoff's security consulting firm, the Chertoff Group, concluded that the bidding terms for the contract related to national security were "insufficient in both scope and specificity when compared with widely accepted national and international standards."
At issue is which vendor is going to be the U.S. government's neutral and tested local-number-portability administrator (LNPA), which helps phone subscribers keep their numbers when switching carriers.
In April, the North American Numbering Council (NANC), a federal advisory committee, recommended that Telcordia's Iconectiv unit win the contract. Neustar has been protesting ever since, arguing that Ericsson is not a neutral party, since it has contracts with many U.S. telcos, including the major wireless carriers. The LNPA contract accounted for 60 percent, 50 percent and 49 percent of Neustar's revenue in 2011, 2012 and 2013, respectively, according to an annual filing at the Securities and Exchange Commission. Neustar has held the contract since 1997.
Part of the job of the LNPA is to handle the Number Portability Administration Center (NPAC), which manages the routing of all calls and texts for more than 650 million U.S. and Canadian phone numbers for more than 2,000 carriers, according to a recent report from the Washington Post. Security of the NPAC is crucial, since law-enforcement agencies need to make sure numbers in the database are not erased or tampered with. According to the Post, the FBI and other law-enforcement agencies query the database every day, and about 4 million times a year in total, as part of criminal and intelligence probes, as they seek to determine which carrier provides the service for a particular number.
The security of the NPAC is critical, because foreign governments could potentially try to hack into it to find out whether the U.S. government has their agents under phone surveillance.
In the report, Chertoff and his associates write that the contract had "no requirement for a complete risk assessment and risk management program to discover and monitor risk to the NPACs, while tracking and prioritizing its mitigation."
"This kind of analysis is critical to maintaining a secure system," they wrote. "Without it, security would become obsolete in the face of constantly morphing threats."
The Chertoff report also notes that the "FCC's decision on how to proceed to incorporate better security requirements will have a substantial impact on the level of security it actually achieves. The defects cited in this report cannot be remedied simply by post-award contract negotiation." The report says there could be a new competition for the contract or a reopening of negotiations related to additional security requirements.
Although the report does not take a stand on what the FCC should do, it concludes that "the current deficiencies and resulting impact on the local number portability system are serious, that failure to include requirements widely recognized as crucial to security likely had a significant impact on offerors' proposals, and that the NAPM would also likely lose significant leverage to obtain a best value proposal if the FCC permitted it to simply address these deficiencies in a post-award negotiation."
Neustar did not say how much it paid Chertoff to write the report, indicating only that it was a "modest sum," according to the New York Times.
The FBI, the Drug Enforcement Administration, the Secret Service and the Immigration and Customs Enforcement agency have expressed concerns about the law-enforcement and intelligence implications of the contract, as have several lawmakers.
FCC spokesman Mark Wigfield told the Times that the agency did not have a timeline for deciding whether Telcordia would get the contract and that the FCC would look at all aspects of the contract--including the national security implications--before making a final decision.
The FBI and other law-enforcement agencies said that although they had "no position" on which firm should get the contract, they wanted to air their concerns, especially that there would be no disruption in access to call-routing data "in real time or near real time."
"Law enforcement cannot afford to have a lapse in this vital service," the agencies told the FCC in a letter.
Steve Edwards, senior vice president for data solutions at Neustar, told the Wall Street Journal that changing the database would be an intricate process and could take two to three years and lead to a database with less functionality. "I haven't really met anybody who thought this was a good idea," he said.
A Telcordia spokeswoman did not immediately respond to a request for comment. However, John Nakahata, a lawyer at Harris, Wiltshire & Grannis LLP who is working for Telcordia, told the Journal that Telcordia thinks it can build a new database and offer far cheaper service without disrupting critical law-enforcement functions. He also said U.S. carriers would ensure that it works before making the switch.
Telcordia has said the software code used for the system will be entirely domestic. "We are not using any of the code used and deployed in foreign installations at all, zero," Iconectiv CTO Chris Drake told the Post last month. He said that the system includes "state of the art" cybersecurity protections and that Telcordia is willing to meet any requirements imposed by the FCC or law-enforcement agencies.
For more:
- see this Chertoff Group report (PDF)
- see this NYT article
- see this WSJ article (sub. req.)
Related Articles:
Report: Neustar ponders selling itself to private equity firms amid contract dispute
Lawmakers urge FCC to consider national security in Neustar fight with Ericsson's Telcordia
Neustar fights to keep number portability contract away from Ericsson's Telcordia
Neustar taps telecom veteran John Devolites to head up data services