Robocall Blocking: The FCC Moves Forward and Seeks Further Comment
Privacy in Focus®
On June 6, 2019, the Federal Communications Commission (FCC or Commission) unanimously1 voted to adopt a Declaratory Ruling and Further Notice of Proposed Rulemaking on robocalls.
- The Declaratory Ruling, which became effective upon its release on June 7, expands the ability of voice providers to block certain categories of robocalls, specifically, authorizing – but not requiring – voice service providers to offer to consumers programs that (1) block unwanted calls using reasonable analytics (referred to by the FCC as “call-blocking programs”) and (2) block calls from numbers not in a consumer’s contact list (referred to by the FCC as “white-list programs”). The Declaratory Ruling authorizes the first category – call-blocking programs – on an opt-out basis, and the second category—white-list programs – on an opt-in basis.
- The Further Notice of Proposed Rulemaking (FNPRM) considers (1) establishing safe harbors for voice providers engaged in certain types of call blocking; (2) adopting safeguards to ensure public safety calls are unimpeded by such blocking; (3) mandating SHAKEN/STIR for certain voice service providers if those providers do not voluntarily implement SHAKEN/STIR by the end of the year; and (4) creating a mechanism to measure the effectiveness of robocall solutions.
- Additionally, the item calls for two new robocall reports from FCC staff.
Comments in response to the FNPRM will be due 30 days after publication of the item in the Federal Register.
The Declaratory Ruling Expands Voice Service Provider Authority to Offer Call-Blocking Programs on an Opt-Out Basis, but Does Not Create a Corresponding Safe Harbor.
The FCC’s Declaratory Ruling permits – but does not require – voice service providers to offer call-blocking programs to customers on an opt-out basis. While this action expands authority for call blocking, it does not establish a safe harbor for such blocking, and at the same time, it imposes various parameters on call-blocking programs. In addition to the four parameters outlined in the Draft Declaratory Ruling, the FCC added a fifth parameter to address instances of inappropriate blocking of legitimate calls. This parameter requires providing a point of contact to call originators to resolve such instances (as well as a mechanism to do so), and encourages voice service providers to provide a mechanism to notify call originators that their calls have been blocked (discussed below). This parameter did not appear in the Draft Declaratory Ruling.
The FCC notes that while blocking tools are currently available to consumers, they are often provided on an opt-in basis, which it concludes “limit[s] the impact of such programs on consumers.” ¶ 27. The FCC also reiterates the absence of any “legal dispute in the record that the Communications Act or Commission rules do not limit consumers’ right to block calls, as long as the consumer makes the choice to do so.” ¶ 31. It further concludes that “opt-out call-blocking programs are generally just and reasonable practices (not unjust and unreasonable practices) and enhancements of service (not impairments of service).” ¶ 31.
The adopted item outlines five parameters of its ruling regarding opt-out call-blocking programs. The first four parameters were previewed in the draft item (although changes were made in the version that was adopted); the fifth parameter – dealing with concerns of erroneous blocking – was not in the Draft Declaratory Ruling.
- The Commission clarifies that “voice service providers offering opt-out call-blocking programs must offer sufficient information so that consumers can make an informed choice as to whether they wish to remain in the program or opt out.” ¶ 33. Examples include messages on a provider’s website, bill inserts, e-mails, and texts. At a minimum, the FCC expects voice service providers “to describe in plain language how the call blocking-program makes the determination to block certain calls, the risks that it may block calls the consumer may want, and how a consumer may opt out of the service.” ¶ 33 It also states its expectation that any opt-out process be “simple and straightforward.” ¶ 33.
- The Commission clarifies that voice service providers may base the opt-out call-blocking programs “on any reasonable analytics designed to identify unwanted calls.” ¶ 34. It declines to adopt “rigid blocking rules,” as such an approach would be easy for illegal actors to evade, and would impede the development of diverse blocking services. ¶ 34. Examples of reasonable analytics include blocking calls based on large bursts of calls in a short timeframe; low average call duration; low call completion ratios; and other criteria. The adopted item adds that “[t]o be reasonable, however, such analytics must be applied in a non-discriminatory, competitively neutral manner.” ¶ 35.
- The FCC reaffirms its commitment to safeguard calls from emergency numbers. In the adopted item, the FCC cautions voice service providers not to use blocking tools by default to avoid blocking calls from “public safety entities, including [Public Safety Answering Points (PSAPs)], emergency operations centers, or law enforcement agencies.” ¶ 36. It also urges providers to “make all feasible efforts for those tools to avoid blocking emergency calls.” ¶ 36
- The FCC also reaffirms its commitment to safeguard calls to rural areas. The agency does not anticipate that its determination will negatively impact rural call completion rates, since call-blocking programs would be offered by the terminating providers. However, the item reminds voice service providers that call-blocking programs “may not be used to avoid the effect of our rural call completion rules.” ¶ 37.
- Finally, the Commission addresses “concern about blocking of calls required for compliance with other laws, rules, or policy considerations” by including a final parameter that holds that “a reasonable call-blocking program instituted by default would include a point of contact for legitimate callers to report what they believe to be erroneous blocking as well as a mechanism for such complaints to be resolved.” ¶ 38. The Commission further indicates that “callers who believe their calls have been unfairly blocked may seek review of a call-blocking program they believe to be unreasonable by filing a petition for declaratory ruling with the Commission.” ¶ 38. Noting that “industry has been active in developing solutions that allow callers to communicate with voice service providers and analytics companies to identify themselves and share their call patterns that might otherwise seem to indicate illegal call activity,” the Commission further encourages voice service providers to develop a mechanism for notifying callers that their calls have been blocked. ¶ 38.
The Declaratory Ruling Also Permits an Opt-In White List Approach for Call Blocking.
In addition to permitting robocall blocking programs to consumers on an opt-out basis, the Declaratory Ruling makes clear that nothing in the Act or the FCC’s rules “prohibits a voice service provider from offering an opt-in white list program using the consumer’s contact list.” ¶ 46. This approach would block all calls to the consumer, except for those contained on the customer-defined white list. Such offerings could only be offered on an opt-in basis, and the FCC notes that voice service providers “should clearly disclose to consumers the risks of blocking wanted calls and the scope of information disclosed in a manner that is clear and easy for a consumer to understand.” ¶ 46.
The FNPRM Seeks Comment on Proposals for Narrow Call Blocking Safe Harbors.
In the FNPRM, the Commission proposes a “narrow safe harbor for blocking in specific instances based on SHAKEN/STIR.” ¶ 49. Specifically:
- The FCC proposes a “safe harbor for voice service providers that choose to block calls (or a subset of calls) that fail Caller ID authentication under the SHAKEN/STIR framework,” noting that “call-blocking programs that consider the degree of attestation (whether full, partial, or gateway attestation) for successfully authenticated calls would not fit within the scope of this safe harbor” and that “only calls for which attestation information is available – the originating provider has implemented SHAKEN/STIR and each intermediate provider in the call path accurately passes authentication information to the terminating provider – and that fail authentication would be blocked.” ¶¶ 51-53.
- The FCC seeks comment on whether it should establish a “safe harbor for blocking unsigned calls from “particular categories of voice service providers.” ¶ 54. Such categories include voice providers participating in the SHAKEN/STIR framework that fail to sign certain calls, as well as certain “larger voice service providers.” ¶ 54. The FNPRM asks whether the safe harbor should apply to calls from a large service provider that fails to implement the SHAKEN/STIR standards by a certain timeframe. It also seeks comment on how to define “large voice service provider.” Alternatively, the FNPRM asks whether a safe harbor should target voice service providers that are most likely to facilitate unlawful robocallers. For example, pointing to the USTelecom Industry Traceback Group, it asks whether a safe harbor should target those voice service providers that do not appropriately sign calls and do not participate in the Industry Traceback Group. With respect to smaller providers, the FCC also seeks comment on how it can ensure that any safe harbor does not impose undue costs on eligible telecommunications carriers participating in the agency’s high-cost program.
Additionally, the FNPRM seeks comment on whether particular protections should be established for a safe harbor “to ensure that wanted calls are not blocked.” ¶ 58. It asks whether it should require voice service providers seeking a safe harbor to provide a mechanism for identifying and remedying the blocking of wanted calls or to send an intercept message or other indication that a call has been blocked. The FCC also seeks comment on how its proposal intersects with the agency’s recently adopted rural call completion rules.
Finally, in the section related to safe harbors, the adopted item adds a discussion of the use of SHAKEN/STIR analytics. Specifically, the Commission notes that “SHAKEN/STIR’s ability to determine the source of robocalls will be a significant contribution to the quality of  analytics,” and asks (1) how it can “best promote the use of SHAKEN/STIR-based analytics;” and (2) “[w]hat steps should [the FCC] take to encourage or require the use of SHAKEN/STIR-based analytics.” ¶ 62.
The FNPRM Also Seeks Comment on Proposals for a Critical Calls List
The FCC considers “requiring any voice service provider that offers call-blocking to maintain a ‘Critical Calls List’ of numbers it may not block.” ¶ 63. It seeks comment on which numbers should be required on a Critical Calls List (such as PSAPs and government emergency outbound numbers) and whether the list should be expanded to include calls from other organizations such as schools, doctors, local governments, or alarm companies, or certain other types of calls, such as fraud and weather alerts. The FCC also seeks comment on:
- whether such a list should be centrally maintained (and if so, by whom), or whether each voice provider should maintain its own list;
- whether the Critical Calls List protections should be limited to authenticated calls;
- whether the list should be made public, and if not, which entities should be authorized to access the list;
- whether voice providers should ever be permitted to block numbers contained on the list;
- the costs and benefits associated with implementing the list; and
- whether mechanisms exist that would enable blocking of illegal spoofed calls to PSAPs without blocking legitimate 911 calls.
The FNPRM Proposes a SHAKEN/STIR Mandate If Major Voice Service Providers Have Not Implemented the Caller ID Authentication Framework by the end of 2019.
The FNPRM seeks comment on the proposal to mandate SHAKEN/STIR if “major voice service providers fail to meet an end of 2019 deadline for voluntary implementation.” ¶ 71. This proposal was not in the draft item. Noting the progress of many providers towards implementation, the FCC discusses the importance of implementing the framework across voice networks. Under this proposal, the FCC asks, among other things:
- How to define “major voice service provider;”
- How to evaluate whether major voice service providers have met the end-of-year implementation deadline; and
- Whether to require certifications of compliance.
Additionally, the FCC asks a series of questions about the SHAKEN/STIR mandate, if the Commission needs to issue a mandate. Among other questions, the Commission asks:
- Whether to require implementation by all voice service providers – wireline, wireless, and Voice over Internet Protocol (VoIP) providers;
- What it should require providers to accomplish to satisfy the mandate, including questions about adopting displays;
- How much implementation time is needed for voice service providers;
- What role the Commission should have in SHAKEN/STIR governance; and
- “[H]ow to encourage Caller ID authentication for carriers that maintain some portion of their network on legacy technology.” ¶ 80.
Finally, the Commission asks how it can leverage SHAKEN/STIR to address illegal calls that are originated outside of the United States.
The FNPRM Asks About Measuring the Effectiveness of Robocall Solutions.
In this new section added since the draft version of the item was circulated, the Commission asks both whether and how it could “create a mechanism to provide information to consumers about the effectiveness of various voice service providers’ robocall solutions.” ¶ 83.
The Commission Calls for Two New Robocall Reports.
Additionally, with this item, the Commission calls for FCC staff “to prepare two reports on the state of deployment of advanced methods and tools to eliminate such calls, including the impact of call blocking on 911 and public safety.” ¶ 87. The FCC’s adopted framework for the reports follows a 2017 recommendation from the Consumer Advisory Committee, and the first and second report are due to the agency 12 months and 24 months, respectively, from the date of publication of the Declaratory Ruling and FNPRM in the Federal Register. The FCC also delegates authority to the Consumer and Governmental Affairs Bureau, in consultation with the Wireline Competition Bureau and Public Safety and Homeland Security Bureau, to collect “any and all relevant information and data from voice service providers necessary to complete these reports.” ¶ 90.
1Commissioners O’Rielly and Rosenworcel voted to adopt both items, but dissented on discrete aspects of each.
© 2019 Wiley Rein LLP