News of the Week

E-Rate for FY 2022:

Wave 35 for FY 2022 was issued on Thursday, December 15th, for $28.4 million.  Cumulative commitments to date are $2.78 billion.  Nationwide, USAC has funded 98.0% of the FY 2022 applications representing 92.8% of the requested funding.

ECF for 2021-2023:

Total commitments for all three ECF windows are $6.40 billion.  Nationwide, USAC has funded 79.4% of the ECF applications representing 65.4% of the requested funding.  Window 3 applications are now being funded down to the 75% rural band.  Total disbursements as of last Friday were $2.46 billion.

The FCC released two documents on product and service eligibility last week.  One was the final version of the Eligible Services List (“ESL”) for FY 2023 (DA 22-1313) that, as expected, was virtually unchanged from the FY 2022 ESL and last summer’s initial draft.  The only minor change was a parenthetical reference to the eligibility of Category 1 fixed wireless.  The ESL Order specifically declined to address:

• The eligibility of advanced or next-generation firewalls and other network security devices.
• Wi-Fi services for school buses (noting that a Declaratory Ruling on that subject is still in circulation).

More importantly, while not including network security devices in the FY 2023 ESL, the FCC did issue a Public Notice (DA 22‑1315) formally requesting public comment on the use of E-rate funds for advanced or next-generation firewalls and other network security devices.  This is the first time that the FCC has addressed — and in a seemingly positive manner — the eligibility of cybersecurity products and services.

Specifically, the FCC is seeking comments on:

• A petition for waiver filed by Cisco Systems;
• A petition for declaratory ruling by a coalition led by the Consortium for School Networking (“CoSN”);
• A pilot program proposed by Funds For Learning; and
• A letter from 20 national education groups led by The School Superintendents Association (“AASA”).

It is clear from the Public Notice that the FCC recognizes the importance of network security to schools and libraries acknowledging the K-12 Cybersecurity Act of 2021 and the recent General Accounting Office ("GAO”) report on the need to enhance K-12 cybersecurity.  While agreeing that “unauthorized access is a legitimate concern,” the FCC’s primary concern is that “the funds to support the E-Rate program are constrained” (see also the article below on the USF contribution factor).  To address the FCC’s funding concerns, many of the parties supporting cybersecurity eligibility suggest targeting initial funding to advanced firewalls only within the constraints of existing Category 2 budgets.

With this in mind, the Public Notice seeks comments in the following areas:

• The definition of advanced or next-generation firewalls and services;
• Eligible equipment and services and their costs;
• Categorization of firewall services and components;
• Cost-effective purchases; and
• Legal issues.

Initial comments on these issues are due February 13th.  Reply comments are due March 30th — after the expected close of the application window.  Our guess — and hope — is that the request for comments is the FCC’s first step towards making advanced firewalls or other network security devices eligible for E-rate funding.  Although the comments are being sought on the above referenced petitions “as well as the related funding year 2023 ESL proceeding filings,” it is not at all clear that the FCC is prepared to act that quickly.

To account for the last-minute possibility of advanced firewall eligibility in FY 2023, we suggest that applicants seeking FY 2023 firewall funding file using two funding requests, i.e., one FRN for the currently eligible “basic” firewall and a second FRN for the allocated cost of the advanced features.  Under current FCC rules, USAC can at least approve funding for the basic firewall thus establishing the applicant’s right to appeal, ultimately to the FCC, any denial of funding for the advanced features.

Selected ECF applicants have begun receiving emails (see example below) from the FCC’s Office of Inspector General (“OIG”) notifying them of upcoming on-site “visits” — reasonably considered to be audits — regarding their ECF filings and requesting documentation in advance.  Related emails may follow from the FCC’s subcontractor, Censeo Consulting Group.

In some cases, the requested documentation includes information that was already provided to USAC, or will be needed, for ECF invoicing purposes.  The other documentation requests, on the other hand, indicate the FCC’s intention to fully explore the “unmet need” criteria for ECF funding.

Of the six documentation requests, we note the following:

• The ECF rules clearly noted that asset inventories would be required.  As services were initiated (and perhaps subsequently terminated) and as devices were distributed (and perhaps returned or lost) records should show recipients, service or device types, device serial numbers, and disposition (if applicable).  If inventories include non-ECF equipment, the ECF equipment should be clearly identified.
• Records of payment are also required for BEAR invoicing purposes.
• Documentation of unmet needs would be bolstered if recipient records show signed self-certifications of need.
• Determinations of equipment inadequacies may prove challenging to any applicants who viewed ECF as an opportunity to refresh all existing one-to-one devices.  The FCC’s key FAQ on this point reads:

  6.13 Q: If students have devices at home, but they are inadequate for the students to participate in remote learning (e.g., due to age or not meeting minimum technical requirements), can schools still buy a device for them?

  A: Applicants may only request support for eligible equipment and/or services for students that lack access to connected devices and broadband connections sufficient to engage in remote learning during the relevant funding period. We leave it up to schools to determine whether a student’s existing device is sufficient to engage in remote learning. Applicants must also certify on their funding application that they are only seeking support “for eligible equipment and/or services provided to students and school staff who would otherwise lack connected devices and/or broadband services sufficient to engage in remote learning.” Schools should document how they determined that the existing devices were inadequate.

  As a possible benchmark for determining the adequacy of existing equipment, we note that ¶ 135 of the ECF Order (FCC 21-58) concludes, on a forward-looking basis, “that eligible equipment purchased with Emergency Connectivity Fund Program support that has been in use for at least three years will be considered obsolete.”  More broadly, in a related footnote (364), the FCC cites a comment by the Los Angeles Unified SD “estimating that the lifespans of Chromebooks and tablets typically range from three to five years.”  Devices that have been lost or damaged are clearly inadequate.
• Unlike E-rate, ECF rules themselves do not require competitive bidding, but applicants do need to adhere to state and local requirements.
• Invoices of ECF services and equipment are also required for invoicing purposes.

Additional information from Censeo includes:

• Requested documents should be uploaded via Box.com, never by email.
• Personally identifiable information (“PII”) related to students or staff should be “anonymized” or “deidentified.”  To the extent required, the auditors will work to ensure that such information is provided in compliance with ECF rules, requirements, and applicable privacy laws.
• Additional documentation, if available, could include: “Questionnaires/Surveys related to Unmet Need Calculations, Device/Service Usage Reports from Service Providers, Written Internal Controls Related to Equipment/Connection Distribution, Bids from Service Providers or other documents related to the procurement of the audited equipment/service.”
• A request to complete a “brief survey” to respond to the following questions:
  • Please describe how you determined the unmet need for your school, library, or consortium (i.e., the number of students, school staff, and/or library patrons who would otherwise lack access to connected devices and broadband connections sufficient to engage in remote learning).
  • Please explain what measures and actions you took to track and monitor the usage of the audited equipment/services.
  • Please explain the process you went through to procure these devices/services and other equipment being audited, including information related to how you determined the pricing of the audited devices/services were reasonable and that the devices/services met the remote learning requirements of your students, school staff, or library patrons with unmet needs.
  • Please describe the methods or internal controls that your organization employed to restrict the use of connected devices for educational purposes by eligible users (students, school staff, or library patrons).

Upcoming Dates:

National Security Risks: E-Rate and Beyond:

Late in November, the FCC issued a new Report and Order, Order, and Further Notice of Proposed Rulemaking (FCC 22-84) dealing with the identification and treatment of Chinese “covered companies” and their equipment deemed to present a national security threat to the national communications supply chain (see our newsletter of November 28th).  As of last September, ten Chinese firms were on the FCC’s list of covered companies.  Of these, only two — Huawei and ZTE — had E-rate SPINs.  To date, neither of these SPINs have ever been associated directly with any E‑rate application but we have identified a little over $2 million in Huawei-branded equipment that has been sourced through other E-rate suppliers in FY 2016-2018.

From an E-rate perspective, E-rate applicants need to take care to avoid requesting funding, either directly or indirectly, for any services, equipment, and/or components provided by a banned covered company.  When soliciting bids, we recommend adding language requiring bidders to certify their equipment and services are compliant with the FCC Order (FCC 19-121) prohibiting the sale, provision, maintenance, modification, or other support of equipment or services provided or manufactured by Huawei, ZTE, or any other “covered company” deemed a national security threat.

Beyond E-rate, however, schools and libraries need to recognize the broader dangers inherent in the procurement of equipment and/or components from companies deemed national security risks.  An October 2022 report from the Center for Security and Emerging Technology (“CSET”) indicated that its analysis of government procurement records found that at least 1,681 state and local entities purchased equipment and services prohibited at the federal level under Section 889 of the 2019 National Defense Authorization Act in the period between 2015 and 2021.  Collectively, these entities registered nearly 5,700 transactions involving a wide range of covered equipment including, but not limited to, smartphones, surveillance cameras, temperature scanners, handheld radios, and networking equipment.  The report found that the banned technologies appeared to be especially popular with public education systems.  Roughly three-quarters of the transactions had been made by public school districts, colleges, and universities.  For affected schools, E-rate may be the least of their problems.

USF Quarterly Contribution Factor Back Over 30%:

The FCC announced that the Proposed First Quarter 2023 Universal Service Contribution Factor will be 32.6% (see DA 22-1286) — back above 30% for the fifth time in the last nine quarters.

As we have discussed in the past, and as shown in the graph below, the underlying problem is not so much that USF expenses (i.e., the revenue requirements) are rising but that interstate telecommunications revenues (i.e., the contribution base) are rapidly falling.

The decline in the contribution base is a problem that the FCC has neglected for too long.  At some point, the Universal Service Fund (“USF”) must be restructured to expand the contribution base to all broadband providers or users.  In the meantime, any increase in demand from E-rate or other USF programs is problematic.

For E-rate applicants, this is a particularly bad time to be seeing any increase in the contribution factor because it gives the FCC another reason to postpone addressing the crying need to make cybersecurity products and services eligible (see our newsletter of November 28th).*

USAC’s E-Rate News Brief Dated December 15, 2022, discusses the following topics:

• FCC releases the Eligible Services List for FY 2023 and requests comments on E-rate support for advanced firewall services (see article above).
• Requesting updates on Category 2 budgets.
• Customer Service Center will be closed on December 26, 2022, and January 2, 2023.
• The annual winter deferral period began last Friday, December 16, 2022, and will end Friday, January 6, 2023.

USAC’s Emergency Connectivity Fund Program Newsletter for December 16, 2022, reports last week’s deployment of new ECF portal functionality to handle Commitment Adjustments (“COMADs”), Recoveries of Improperly Disbursed Funds (“RIDFs”), and Demand Payment Letters (“DPLs”).  None of these would come as welcome news to ECF applicants now subject to audits (see article above).  The ECF Newsletter notes that applicants and/or service providers receiving COMADs or RIDFs will have 30 days — not the traditional 60 days as with E-rate — to appeal these actions.

The ECF Newsletter also provides two invoicing reminders and tips to check out:

• The Request for Reimbursement ECF FCC Form 472 (BEAR) Checklist and Request for Reimbursement ECF FCC Form 474 (SPI) Checklist for step by step guidance on what to do after receiving a Funding Commitment Decision Letter.
• SAM.gov registrations that must be renewed annually.