The FCC Will Consider a Caller ID Authentication Mandate at Upcoming Open Meeting, Continuing Ongoing Efforts to Stop Illegal Robocalls
On March 31, 2020, the Federal Communications Commission (FCC or Commission) will hold an Open Meeting to vote on: (1) a draft Report and Order that would mandate voice service providers to implement the industry-developed Caller ID authentication framework known as STIR/SHAKEN and (2) a draft Further Notice of Proposed Rulemaking (FNPRM) that proposes additional efforts and rules related to implementing Caller ID authentication frameworks and seeks comment on the Commission’s policies related to numbering resources. This item—the proposed Report and Order and FNPRM—was released in draft form on March 10, 2020 and is part of the Commission’s ongoing efforts to combat illegal spoofing and stop illegal and unwanted robocalls.
As background, late last year, the President signed into law the Pallone-Thune TRACED Act (TRACED Act or TRACED)—a bill focusing on fighting illegal and unwanted robocalls. The TRACED Act, among other things, requires a raft of regulatory proceedings and actions from the FCC in a relatively short amount of time, meaning that stakeholders can expect to see a steady stream of robocall-mitigation efforts coming from the Commission throughout (and beyond) this year. The recently released Caller ID authentication mandate draft is the Commission’s latest step in implementing TRACED, although it is not the first step and it certainly will not be the last. Prior to taking this action to implement the prominent Caller ID authentication requirements, the Commission (1) launched a proceeding that will allow it to recognize a “single consortium that conducts private-led [traceback] efforts” and (2) has taken steps towards the creation of “best practices . . . [for] the implementation of effective Caller ID authentication frameworks,” both under TRACED.
Stakeholders in the voice service and robocall mitigation ecosystem—including voice service providers, analytics engines, and call originators, among others—have until March 24, 2020 to weigh in on the Commission’s draft Caller ID authentication mandate and FNPRM. If the draft FNPRM is adopted, stakeholders may submit comments by May 15, 2020 and reply comments by May 29, 2020.
Below is a brief summary of the key elements of the draft Report and Order and FNPRM. For a full summary or to engage on any of these issues, do not hesitate to reach out to a member of our team.
The Draft Report and Order Would Mandate STIR/SHAKEN in IP Networks by June 30, 2021.
The Report and Order, if adopted, would “require all originating and terminating voice service providers to implement the STIR/SHAKEN framework in the IP portions of their networks by June 30, 2021.” ¶ 24. The draft lists four reasons to adopt this mandate:
- “First, ubiquitous STIR/SHAKEN implementation will yield substantial benefits for American consumers.” ¶ 25 (emphasis added). The Commission lists various examples of benefits, including “increas[ing] consumer trust in Caller ID information and encourag[ing] consumers to answer the phone.” The Commission notes that when “paired with call analytics,” STIR/SHAKEN will “serve as a tool to effectively protect American consumers from fraudulent robocall schemes.” Id.
- “Second, the record overwhelmingly reflects support from a broad array of stakeholders for rapid STIR/SHAKEN deployment, and many commenters support a STIR/SHAKEN mandate.” ¶ 26 (emphasis added). The draft lists support from, among others, 51 state Attorneys General and providers including AT&T and Verizon.
- “Third, although some major voice service providers have taken significant steps towards STIR/SHAKEN implementation, the level of implementation by the Commission’s end of 2019 deadline shows that, absent further governmental action, we will not have timely ubiquitous implementation.” ¶ 27 (emphasis added).
- Fourth, “Congress’s clear direction [in the TRACED Act] to require timely STIR/SHAKEN implementation further encourages [the Commission] to adopt the mandate in this Report and Order.” ¶ 28 (emphasis added).
Specifically, the mandate would apply to “all originating and terminating voice service providers,” requiring them to “fully implement STIR/SHAKEN on the portions of their voice networks that support the transmission of SIP calls and exchange calls with authenticated caller ID information with the providers with which they interconnect.” Id. (emphasis added). The Report and Order would impose three related requirements:
- “[A] voice service provider that originates a call that exclusively transits its own network must authenticate and verify the caller ID information in accordance with the STIR/SHAKEN authentication framework.” ¶ 33.
- “[A] voice service provider originating a call that it will exchange with another voice service provider or intermediate provider must authenticate the caller ID information in accordance with the STIR/SHAKEN authentication framework and, to the extent technically feasible, transmit that caller ID information with authentication to the next provider in the call path.” ¶ 33.
- “[A] voice service provider terminating a call with authenticated caller ID information it receives from another provider must verify that caller ID information in accordance with the STIR/SHAKEN authentication framework.” ¶ 33.
The draft also explains important aspects of the scope of the mandate. First, the mandate would exclude intermediate providers given that the definition of “voice service” is “limited . . . to service ‘that is interconnected with the [PSTN] and that furnishes voice communications to an end user.’” ¶ 37 (emphasis in original). Second, the mandate would be “limit[ed] . . . to only the IP portions of voice service providers’ networks—those portions that are able to initiate, maintain, and terminate SIP calls.” Id. (emphasis added). Third, the mandate would “apply to all types of voice service providers—wireline, wireless, and Voice over Internet Protocol (VoIP) providers.” ¶ 39 (emphasis added & internal quotes deleted). Fourth, the mandate would “not apply to providers that lack control of the network infrastructure necessary to implement STIR/SHAKEN.” ¶ 40.
The Draft FNPRM Would Propose Further Efforts to Implement the TRACED Act’s Caller ID Authentication Provisions.
The FNPRM, if adopted, would offer proposals and seek comment on further efforts to promote Caller ID authentication and implement section 4 of the TRACED Act, as detailed below.
- TRACED Act Definitions and Scope. The FNPRM would seek comment on the definition of “STIR/SHAKEN authentication framework” and “voice service,” both of which would be defined in the Report and Order, as well. ¶¶ 58-59.
- Extending the STIR/SHAKEN Implementation Mandate to Intermediate Providers. The FNPRM, if adopted, would propose to extend the STIR/SHAKEN mandate to intermediate providers and to apply the obligations established for IP calls both to calls that an intermediate provider passes to a terminating voice service provider and to calls that it passes to a subsequent intermediate provider. ¶ 61. The FNPRM would also propose to define “intermediate provider” consistent with Commission rules. ¶ 67.
- Assessment of Burdens and Barriers to Implementation. Consistent with the requirements of the TRACED Act, the FNRPM would seek comment on the burdens and barriers to implementation for certain classes of providers (g., voice providers using TDM networks, rural providers, small voice service providers), particularly the burdens presented by equipment availability and cost. ¶¶ 72–75.
- Extension of Implementation Deadline. The draft explains that the TRACED Act contemplates two general categories of extensions from the June 30, 2021 deadline: (1) “in connection with an assessment of burdens or barriers to implementation, the Commission may, upon a public finding of undue hardship, delay required compliance” and (2) the Commission “shall grant a delay of required compliance . . . to the extent that a provider or class of providers of voice services, or type of voice calls, materially relies on a non-IP network for the provision of such service or calls.” ¶ 75 (internal quotes deleted). Among other things, the draft proposes and seeks comments on various types of extensions; discusses the process for annually reevaluating granted extensions; and discusses the robocall mitigation programs and alternative methodologies contemplated under TRACED during the extension period. ¶¶ 75, 90-92.
- Caller ID Authentication in Non-IP Networks. The FNPRM, if adopted, would “propose to interpret the TRACED Act’s requirement that a voice service provider take ‘reasonable measures’ to implement an effective caller ID authentication framework in the non-IP portions of its network as being satisfied only if the voice service provider is actively working to implement a caller ID authentication framework on those portions of its network, either by upgrading its non-IP networks to IP so that the STIR/SHAKEN authentication framework may be implemented, or by working to develop a non-IP authentication solution.” ¶ 95.
- Voluntary STIR/SHAKEN Implementation Exemption. The draft explains that the TRACED Act “frees a voice service provider from [the STIR/SHAKEN mandate] if [the Commission] determine[s], by December 30, 2020, that “such provider of voice service”: (A) “in internet protocol networks”—(i) “has adopted the STIR/SHAKEN authentication framework for calls on the internet protocol networks of the provider of voice service; (ii) has agreed voluntarily to participate with other providers of voice service in the STIR/SHAKEN authentication framework; (iii) has begun to implement the STIR/SHAKEN authentication framework; and (iv) will be capable of fully implementing the STIR/SHAKEN authentication framework” not later than June 30, 2021; and (B) “in non-internet protocol networks”—(i) “has taken reasonable measures to implement an effective Caller ID authentication framework; and (ii) will be capable of fully implementing an effective Caller ID authentication framework” not later than June 30, 2021.” ¶ 101. The draft asks about “the substantive standards and appropriate processes by which to implement this forward-looking exemption.” The draft also proposes that the voluntary implementation exemption operate via a certification process, with the ability for the Commission to perform retrospective review. ¶¶ 111-115.
- Prohibiting Line Item Charges for Caller ID Authentication. The FNPRM, if adopted, would propose to prohibit voice service providers from imposing additional line item charges on consumer or small business subscribers for Caller ID authentication, which it refers to as a “straightforward implementation of Congress’s clear direction.” ¶ 118. Of note, the draft FNRPM asks if the FCC should address whether voice service providers may recover caller ID authentication costs from consumers and small businesses through rate increases, and if so how and on what legal basis. ¶ 119.
The Draft FNPRM Also Seeks Comment on Access to Numbering Resources, as Directed in the TRACED ACT.
The FNPRM, if adopted, also would seek comment on implementing section 6(a) of the TRACED Act, which “directs [the Commission] to examine whether and how [its] policies regarding access to both toll free and non-toll free numbering resources can be modified to help reduce access to numbers by potential perpetrators of illegal robocalls, and . . . directs [the Commission] to prescribe regulations to implement any such policy modifications.” ¶ 121.
The FNPRM would seek comment on “whether and how [the Commission] should modify [its] policies regarding access to toll free and non-toll free numbering resources to help reduce illegal robocallers’ access to numbering resources.” ¶ 125.
For a detailed summary and analysis of this draft Caller ID authentication and Numbering Resources item, or more information about the various proceedings and deadlines launched under the Pallone-Thune TRACED Act, please reach out to a member of our team. We have a deep and experienced robocalling and robotexting bench. Our experts handle federal and state policy issues; compliance with federal and state requirements; complex TCPA issues, including political and charitable outreach; and TCPA enforcement actions and investigations.