Federal Communications Commission FCC 23-59
12. The Companies provide online access to CPNI through their respective websites and the
My Mobile Account app (App). Through the Q Link website (Website), Q Link customers can log in to
their account to “complete an order, upload documents, view order status, check usage, refill account or
recertify.”
26
Q Link describes the App as a user’s “on-the-go hub to monitor and enjoy every aspect of
your account with Q Link,” including the ability to “view a detailed report of your monthly usage” and
“add more minutes and data at any time with just the click of a button.”
27
As explained in more detail
below in the Discussion section, some of the information that customers can access through both the
Website and the App constitutes CPNI. As such, those platforms are subject to the Commission’s rules
governing customers’ online access to their CPNI and proper customer authentication methods.
13. On April 9, 2021, the Ars Technica website published an article claiming that a security
flaw in the App potentially exposed the private information of an unknown number of Q Link
subscribers.
28
Consequently, the Telecommunications Consumers Division (TCD) of the Commission’s
Enforcement Bureau’s (Bureau) opened an investigation (App Investigation). On December 3, 2021,
TCD issued an initial Letter of Inquiry (App LOI)
to Quadrant, directing Quadrant and the Companies to
provide information and documents regarding the Companies’ duty to protect CPNI and other proprietary
information under section 222 of the Act and section 64.2010 of the Commission’s rules.
29
TCD then
issued a supplemental LOI (App SLOI) on June 10, 2022, that directed Quadrant and the Companies to
provide detailed information regarding the App login, authentication, and account access features.
30
The
responses to these inquiries
31
were not complete or, with regard to the response to the supplemental LOI,
timely. As a result, the Bureau issued a Notice of Apparent Liability (NAL) proposing a $100,000
forfeiture against Quadrant, Q Link, and Hello Mobile for apparently violating section 503(b)(1)(B) of the
Act by failing to respond to a Commission order.
32
14. TCD’s review of Quadrant and the Companies’ joint responses in the App Investigation
indicated that some of the Companies’ customer authentication practices may violate the CPNI Rules. As
described in more detail below, the Companies apparently made impermissible use of readily available
26
Q Link Wireless, My Q Link Login, https://qlinkwireless.com/members/Login.aspx (last visited June 8, 2023).
27
Q Link Wireless, What is My Mobile Account?, https://support.qlinkwireless.com/what-is-my-mobile-account/
(last visited June 8, 2023).
28
See Dan Goodin, No password required: Mobile carrier exposes data for millions of accounts (Apr. 9, 2021),
https://arstechnica.com/information-technology/2021/04/no-password-required-mobile-carrier-exposes-data-for-
millions-of-accounts/.
29
Letter of Inquiry from Kristi Thompson, Chief, Telecommunications Consumers Division, FCC Enforcement
Bureau, to Issa Asad, CEO, Quadrant Holdings Group LLC (Dec. 3, 2021) (on file in EB-TCD-21-00032935
(erroneously captioned EB-TCD-00032200)) (App LOI). This LOI was addressed to Quadrant, but directed
Quadrant, Q Link, and Hello Mobile to answer the inquiries. Quadrant and the Companies provided a single, joint
response to this LOI, as well as to the supplemental LOI issued in the App Investigation.
30
Letter of Inquiry from Kristi Thompson, Chief, Telecommunications Consumers Division, FCC Enforcement
Bureau, to John T. Nakahata, Counsel to Q Link Wireless LLC (June 10, 2022) (on file in EB-TCD-00032935
(erroneously captioned EB-TCD-21-00032200)) (App SLOI). Similar to the App LOI, this SLOI directed Quadrant,
Q Link, and Hello Mobile to answer the inquiries; they did so in a single, joint response.
31
App LOI Response; Supplemental Response to Letter of Inquiry, from John T. Nakahata, et al., HWG LLP,
Counsel to Q Link Wireless LLC, to Kristi Thompson, Chief, Telecommunications Consumer Division, FCC
Enforcement Bureau et al. (Mar. 31, 2022) (on file in EB-TCD-21-00032935) (App LOI Supplemental Response);
Response to Supplemental Letter of Inquiry, from John T. Nakahata, et al., HWG LLP, Counsel to Q Link Wireless
LLC, to Kristi Thompson, Chief, Telecommunications Consumer Division, FCC Enforcement Bureau et al. (Aug. 8,
2022) (on file in EB-TCD-21-00032935) (App SLOI Response).
32
Quadrant Holdings LLC; Q Link Wireless LLC; Hello Mobile LLC, Notice of Apparent Liability for Forfeiture,
DA 22-825, 2022 WL 3339390 (EB Aug. 5, 2022).