FCC Releases Request for Comment on Proposed Rule on Unlawful Robocalls and Call Blocking
Comments are due by Aug. 31, 2020.
The Federal Communications Commission is proceeding with a proposed rule on revisions to its rules implementing the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) in a request for comment announced Friday .
It states: “The commission proposes to require voice service providers to respond to certain traceback requests, mitigate bad traffic when notified of such traffic by the commission, and implement effective measures to prevent new and renewing customers from using its network to originate illegal calls; to extend the safe harbor for blocking based on reasonable analytics including Caller ID authentication information to network-based blocking without consumer consent so long as the blocking is specifically designed to block calls that are highly likely to be illegal and is managed with sufficient human oversight and network monitoring to ensure that blocking is working as intended; and to require terminating voice service providers to provide a list of individually blocked calls that were placed to a particular number at the request of the subscriber to that number. These proposals, taken together, implement the TRACED Act and continue the commission’s fight against illegal and unwanted robocalls while taking further steps to ensure that wanted calls are protected.”
Comments are due on or before Aug. 31, 2020, and reply comments are due on or before Sept. 29, 2020.
In advance of Friday’s proposed rule, the FCC on July 16 voted to adopt an order on call blocking and labeling that includes two safe harbors for voice service providers and some protections for legitimate calls, ACA International previously reported.
During the meeting, the FCC also issued a Further Notice of Proposed Rulemaking (FNPRM) seeking comment on additional steps to protect consumers from robocalls and better inform them about provider blocking efforts. The notice specifically seeks comment on whether to obligate phone companies to better police their networks against illegal calls, and whether to require them to provide information about blocked calls to consumers for free. In addition, the notice seeks comment on notification and effective redress mechanisms for callers when their calls are blocked, and on whether measures are necessary to address the mislabeling of calls.
The July 31 proposed rule is a summary of the commission’s fourth FNPRM, in CG Docket No. 17-59, FCC 20-96, adopted on July 16, 2020, and released on July 17, 2020.
The contents of it were discussed in the open hearing and an FCC press release , providing insight into changes that were made from the draft.
Comments, identified by CG Docket No. 17-59, may be submitted online at http://apps.fcc.gov/ecfs/ .
FCC GRANTS SAFE HARBOR FOR ROBO CALL BLOCKING
July 2020
The Federal Communications Commission (FCC) has now approved “two safe harbors from liability for the unintended or inadvertent blocking of wanted calls, thus eliminating a concern that kept some companies from implementing robust robocall blocking efforts.”(https://docs.fcc.gov/public/attachments/DOC-365564A1.pdf).
The two safe harbors “are meant to provide further assurance to phone companies and allow them to strengthen their efforts in the battle against illegal and unwanted robocalls.” The FCC’s decision further implements provisions of the Pallone-Thune TRACED Act which became law last December.
The first safe harbor will protect phone companies that “use reasonable analytics, including caller ID authentication information, to identify and block illegal or unwanted calls from liability.”
The second safe harbor “protects providers that block call traffic from bad actor upstream voice service providers that pass illegal or unwanted calls along to other providers, when those upstream providers have been notified but fail to take action to stop these calls.”
The five FCC commissioners – also seeks comment on further rule changes to “protect consumers from robocalls and better inform them about provider blocking efforts.” A Fourth Further Notice of Proposed Rulemaking included in the decision seeks comment on (a) “whether to obligate phone companies to better police their networks against illegal calls, and … require them to provide information about blocked calls to consumers for free” and (b) “notification and effective redress mechanisms for callers when their calls are blocked, and on whether measures are necessary to address the mislabeling of calls.”
"American consumers are sick and tired of unwanted robocalls,
this consumer among them. Caller ID authentication
will be a significant step towards ending the scourge of spoofed robocalls.
It's time for carriers to implement robust caller ID authentication." – FCC Chairman Ajit Pai
How Will Caller ID Authentication Help Consumers?
Caller ID authentication is a new system aimed at combating illegal caller ID spoofing. Such a system is critical to protecting Americans from scam spoofed robocalls and would erode the ability of callers to illegally spoof a caller ID, which scammers use to trick Americans into answering their phones when they shouldn't. Additionally, consumers and law enforcement alike could more readily identify the source of illegal robocalls and reduce their frequency and impact. Industry stakeholders are working to implement caller ID authentication, which is sometimes called STIR-SHAKEN. Once implemented, it should greatly help the accuracy of caller ID information and should allow voice service providers to provide helpful information to their consumers about which calls to answer.
What Does STIR-SHAKEN Mean?
STIR-SHAKEN is a framework of interconnected standards. STIR-SHAKEN are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information
Using toKENs (SHAKEN) standards. This means that calls traveling through interconnected phone networks would have their caller ID "signed" as legitimate by originating carriers and validated by other carriers before reaching consumers. STIR-SHAKEN digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is in fact from the number displayed on Caller ID.
What Is the FCC Doing?
The FCC is leading the push for industry adoption of these standards to help consumers as quickly as possible. The Commission prompted real progress in call authentication by starting a formal inquiry in July 2017, seeking public input on the best way to establish a reliable system to verify the caller ID information that appears on the recipient's phone. This resulted in a North American Numbering Council-recommended framework for implementing an industry-developed standard to help prevent illegal attempts to trick consumers through caller ID spoofing. STIR-SHAKEN should establish a reliable authentication system that will help strengthen call-blocking services and unmask spoofed calls.
In November 2018, Chairman Pai demanded that the phone industry adopt a robust call authentication system to combat illegal caller ID spoofing and implement that system within a year. Chairman Pai sent letters to the major voice providers asking them to outline their plans to protect their customers and implement the STIR-SHAKEN standards—and do so without delay. In February 2019, Chairman Pai welcomed many carriers' commitments to meeting his timeline for implementation, called on others to "catch up," and made clear that the FCC would consider regulatory intervention if necessary. In June 2019, the Commission adopted a Notice of Proposed Rulemaking, that proposed and sought comment on mandating implementation of STIR-SHAKEN if the end-of-2019 deadline wasn't met.
Chairman Pai also scheduled a STIR-SHAKEN Robocall Summit for July 11 to examine the industry's progress toward meeting his deadline and to identify any challenges to the deployment of the STIR-SHAKEN framework and discuss how best to overcome them. In March 2020, the Commission adopted new rules requiring all originating and terminating voice service providers to implement caller ID authentication using STIR-SHAKEN technological standards in the Internet
Protocol (IP) portions of their networks by June 30, 2021. The Commission also adopted a Further Notice of Proposed Rulemaking to take public comment on additional caller ID authentication rules.
June 09, 2020
Continuing its campaign against illegal robocalls, particularly the spoofed variety, the Federal Communications Commission (FCC) on June 9, 2020, proposed a $225 million fine – the “largest in the FCC’s 86-year history” – against “Texas-based health insurance telemarketers for apparently making approximately 1 billion illegally spoofed robocalls.”(https://docs.fcc.gov/public/attachments/DOC-364824A1.pdf).
The FCC accuses “John C. Spiller and Jakob A. Mears, who used business names including Rising Eagle and JSquared Telecom” in connection with Rising Eagle making “approximately 1 billion spoofed robocalls across the country during the first four-and-a-half months of 2019 on behalf of clients that sell short-term, limited-duration health insurance plans.”
In its lengthy and detailed Notice of Proposed Liability For Forfeiture (NALF) the agency outlines how the “The robocalls falsely claimed to offer health insurance plans from well-known health insurance companies such as Aetna, Blue Cross Blue Shield, Cigna, and UnitedHealth Group“ (https://docs.fcc.gov/public/attachments/FCC-20-74A1.pdf). According to the FCC’s investigation, which was assisted by the USTelecom Industry Traceback Group, a consumer who indicated an interest in speaking with a representative of one of those companies was “transferred to a call center with no affiliation to the named companies, where call center representatives then would attempt to convince the consumer to purchase an insurance product sold by one of Rising Eagle’s clients.”
Further, as a result of the spoofing, which the NALF asserts violated the Truth In Caller ID Act component of the Telephone Consumer Protection Act (TCPA), the FCC found that the calls “targeted millions of Do Not Call list participants, and were received on many wireless phones without prior consumer consent.” Moreover, “the scam also caused the companies whose caller IDs were spoofed to become overwhelmed with angry call-backs from aggrieved consumers. At least one company was hit with several lawsuits because its number was spoofed, and another was so overwhelmed with calls that its telephone network became unusable.”
The accused parties have 30 days to respond to the NALF with the FCC.
As a double down on the alleged violators, the State Attorneys General (AG) of seven states (Arkansas, Indiana, Michigan, Missouri, North Carolina, Ohio and Texas), on the same day, brought a parallel lawsuit under the Telephone Consumer Protection Act and relevant state consumer protection statutes in Federal District Court in Houston, Texas (https://www.mlive.com/public-interest/2020/06/michigan-attorney-general-joins-lawsuit-over-billions-of-illegal-robocalls.html). That lawsuit raises various TCPA violations, including caller ID spoofing, along with counts for violating state consumer protection statutes addressing, among other conduct, “false and deceptive acts.” The State AGs seek injunctive relief and $1500 per call for TCPA violations and costs. The plaintiffs also seek damages under their individual state statutes.
The collective actions further demonstrate the focus of both the FCC and state authorities on combatting illegal robocallers, particularly when caller ID spoofing is involved.
As the Federal Communications Committee (FCC) works to cut down on robocalls, a new mandate has been issued that will impact the Toll-Free Number (TFN) status in the SMS/800 TFN Registry.
Per the new rule, all disconnected numbers – including disconnected Toll-Free Numbers – may not go into SPARE status until forty-five (45) days after their date of disconnection. Please Note: The 4-month (120 days) maximum time before automatically returning to spare has not changed. The updated FCC rule is below.
The FCC will enforce this new rule change in the second quarter of 2020.
Voice service providers would be required to implement the called ID authentication under the proposal set for a vote March 31.
3/10/2020 FCCNEWS
The Federal Communications Commission issued its Report and Order and Further Notice of Proposed Rulemaking on mandating adoption of STIR-SHAKEN by voice service providers and additional measures to combat spoofed calls on Tuesday.
“This Report and Order and Further Notice of Proposed Rulemaking would take a critical step in the commission’s multi-pronged approach to ending illegal caller ID spoofing by requiring voice service providers to implement caller ID authentication technology,” it states.
Comments to the FCC are due May 15, 2020 and reply comments are due May 29, 2020.
FCC Proposed Requirements for Voice Service Providers
According to the FCC the order would: “require originating and terminating voice service providers to implement the STIR-SHAKEN caller ID authentication framework in the Internet Protocol (IP) portions of their networks by June 30, 2021, a deadline that is consistent with the TRACED Act, which was recently passed by Congress.”
Additional Caller ID Authentication Proposals in the Further Notice Include:
• Propose to implement caller ID authentication and other provisions of the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, including through proposals to: Grant an extension for compliance with the STIR-SHAKEN implementation mandate for small voice service providers so long as those providers implement a robocall mitigation program.
• Propose to implement caller ID authentication and other provisions of the TRACED Act, including through proposals to:
- Grant an extension for compliance with the STIR-SHAKEN implementation mandate for small voice service providers so long as those providers implement a robocall mitigation program.
- Require voice service providers using non-IP technology to either (i) upgrade their networks to IP to enable STIR-SHAKEN implementation, or (ii) work to develop non-IP caller ID authentication technology and implement a robocall mitigation program in the interim.
- Establish a process by which a voice service provider may be exempt from the STIR-SHAKEN implementation mandate if the provider has achieved certain implementation benchmarks.
- Prohibit voice service providers from imposing additional line item charges on consumers and small businesses for caller ID authentication.
The proposed rules build on FCC Chairman Ajit Pai’s request last year for phone companies to voluntarily implement STIR-SHAKEN and the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act signed into law in 2019.
The TRACED Act directs the FCC to require voice service providers to implement STIR-SHAKEN in their networks within 18 months of the law’s enactment, according to a news release from the FCC . The FCC will vote on these new rules during its March 31 meeting .
United States of America
Federal Comnunications Commission
February 4, 2020
VIA CERTIFIED MAIL - RETURN RECEIPT REQUESTED
To:
Official Correspondence from the Federal Communications Commission
Re:
Dear Mr.
We are writing to encourage _____________ to assist the Federal Communications Commission
in stopping the flow of malicious robocalls originating from sources outside the United States.
Combatting harmful and abusive robocallers is the Commission's top consumer protection priority.
Unfortunately, many of the worst offenders originate overseas. Using "spoofed" and falsified numbers, foreign robocallers often pose as American companies, and even the U.S. government, in order to deceive and defraud American consumers.
Over the last year, one of the most prominent phone scams has involved individuals
impersonating agents from the Social Security Administration to trick people into divulging personal information or transferring money .1 In addition to falsely claiming to be government representatives, these callers often use spoofing technology to make the caller ID look like a government number. This scam cost consumers more than $19 million in the last year.2 There is good reason to believe that most of these "Social Security" calls came from foreign call centers.
Tracebacks by the USTelecom Industry Traceback Group and the Commission have found that
_____________ is being used as a gateway into the United States for many apparently illegal
robocalls that originate overseas. As the point of entry for this traffic into the U.S. telephone network, _____________ is uniquely situated to assist government and industry efforts to combat
illegal robocalls. Congress recently addressed the importance of industry efforts to trace back such calls to their origin in the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement Deterrence Act (TRACED Act) by directing the Commission to register a consortium to conduct private-led efforts to trace back suspected unlawful robocalls. Congress also encouraged the Commission to take appropriate enforcement actions for voice service providers that do not participate in private-led efforts to trace back the origin of suspected unlawful robocalls or that originate or terminate substantial amounts of unlawful robocalls. We encourage _______ to take measures to prevent the flow of apparently illegal traffic originating outside the United States.
In furtherance of this objective, the Commission requests information about business practices
regarding the foreign traffic that your company carries. Pursuant to our authority under Sections 227 and 403 of the Communications Act (47 U.S.C. §§ 227,403), we request that you provide responses to the following questions:
1. What technical and procedural processes does _________have in place to detect or identify
call traffic that is likely to be illegal, particularly for calls with foreign origination (e.g.,
detecting unusual call patterns or large call volumes)?
2. What procedures does __________ employ to ensure that the Caller ID information
associated with foreign call traffic ha not been unlawfully spoofed?
3. What percentage of your company's traffic comes from foreign sources?
4. What percentage of your clients are located in a country other than the United States?
5. Does ________ advertise its services in foreign countries?
6. Have you taken any actions in the last six months to either terminate or restrict foreign traffic
that you suspected to be illegal?
We request your detailed response by February 17, 2020. That response should be sent
electronically to S__ Y__ at __________@fcc.gov.
If we hope to stop the spread of robocalls, providers and government agencies must work
together. We encourage _____________to remain vigilant, and we will continue to monitor your
cooperation with public and private efforts to identify the actors behind foreign robocalls and take lawful actions to thwart unwanted and unlawful traffic.
Sincerely,
Enforcement Bureau
UNITED STATES OF AMERICA
FEDERAL TRADE COMMISSION
WASHINGTON, DC 20580
Bureau of Consumer Protection
Division of Marketing Practices Associate Director
January 29, 2020
Warning Regarding Assisting and Facilitating Illegal Robocalls
Dear [____________]:
This letter is to provide you with information about laws and regulations enforced by the
Federal Trade Commission (“FTC”) that may bear upon your business activities as a Voice over
Internet Protocol (“VoIP”) service provider.
The FTC, the nation’s consumer protection agency, enforces the Federal Trade
Commission Act (“FTC Act”), 15 U.S.C. § 45, which prohibits unfair or deceptive acts or
practices in or affecting commerce. The FTC also enforces the Telemarketing Sales Rule
(“TSR”), 16 C.F.R. Part 310, which prohibits deceptive and abusive telemarketing practices.
Section 310.3(b) of the TSR prohibits “assisting and facilitating” certain specified conduct.1
Under that provision, “it is unlawful for any person or entity to provide substantial assistance or
support to a seller or telemarketer when that person or entity knows or consciously avoids
knowing that the seller or telemarketer is engaged in any act or practice that violates Sections
310.3(a), (c), or (d), or Section 310.4 of the TSR,” which prohibit, among other conduct, the
following:
• Making a false or misleading statement to induce any person to pay for goods or
services or to induce a charitable contribution (16 C.F.R. § 310.3(a)(4));
• Misrepresenting a seller or telemarketer’s affiliation with any government agency (16
C.F.R. § 310.3(a)(2)(vii));
• Transmitting false or deceptive caller ID numbers (16 C.F.R. § 310.4(a)(8));
• Initiating or causing the initiation of calls that deliver prerecorded messages, unless
the person called provided the seller express written permission to call (16 C.F.R. §
310.4(b)(v)); and
• Initiating or causing the initiation of telemarketing calls to numbers listed on the
National Do Not Call Registry, unless the person called provided express written permission.
We also want to bring to your attention that the FTC recently sued a VoIP service
provider for allegedly violating the TSR, 16 C.F.R. Part 310. In that case, FTC v. Educare, the
FTC alleged that defendant Globex Telecom, Inc. assisted and facilitated telemarketers it knew,
or consciously avoided knowing, were violating the TSR’s prohibitions on calls delivering
prerecorded messages.
In addition to FTC regulations and the FTC’s December 2019 action against a provider of
VoIP services, you should also be aware that the United States Department of Justice (“DOJ”)
recently brought civil actions against two VoIP companies and their owners. In those cases, DOJ
alleged that the defendants were committing and conspiring to commit wire fraud by knowingly
transmitting robocalls that impersonated federal government agencies.
We hope you will review this letter and the attached materials in detail. Please direct any
inquiries regarding this letter to ________@ftc.gov or (202) 326-3120.
A copy of the FTC’s Amended Complaint is attached as Appendix B.
Sincerely,
Associate Director
Appendix A (TSR)
Appendix B (Educare Amended Complaint)
January 30, 2020
Federal Trade Commission staff sent letters to 19 Voice over Internet Protocol (VoIP) service providers warning them that “assisting and facilitating” illegal telemarketing or robocalling is against the law.
“VoIP service providers play a unique role in the robocall ecosystem, allowing fraudsters and abusive telemarketers to call consumers at a fraction of a penny per minute,” said FTC Bureau of Consumer Protection Director Andrew Smith. “These warning letters put VoIP providers on notice that we will take action when they knowingly facilitate illegal robocalls.”
The letters warn the VoIP service providers that the FTC may take legal action against them if they assist a seller or telemarketer who they know, or consciously avoid knowing, is violating the agency’s Telemarketing Sales Rule (TSR). The FTC is not disclosing the names of the companies and/or individuals to whom it sent the warnings.
The letters note several types of conduct that may violate the TSR, including:
· making a false or misleading statement to induce a consumer to buy something or contribute to a charity;
· misrepresenting a seller or telemarketer’s affiliation with any government agency;
· transmitting false or deceptive caller ID numbers;
· initiating pre-recorded telemarketing robocalls, unless the seller has express written permission to call; and
· initiating telemarketing calls to consumers whose phone numbers are on the National Do Not Call Registry, with certain exceptions.
The letters stress that combatting illegal telemarketing is a top priority of the Commission, with a special emphasis on stopping illegal robocalls. They cite two cases the FTC has brought in this area, one against a defendant named James B. Christiano and another against a VoIP service provider called Globex Telecom.
The FTC can seek civil penalties and court injunctions to stop TSR violations. It also can seek money to refund to consumers who were defrauded via illegal telemarketing calls.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.
FCC to require anti-robocall tech after “voluntary” plan didn’t work out
Pai follows Congress' orders, requires carriers to verify Caller ID accuracy.
JON BRODKIN - 3/6/2020, 2:16 PM
Phone companies would be required to deploy technology that prevents spoofing of Caller ID under a plan announced today by Federal Communications Commission Chairman Ajit Pai.
Pai framed it as his own decision, with his announcement saying the chairman "proposed a major step forward... to protect consumers against spoofed robocalls." But in reality the FCC was ordered by Congress and President Trump to implement this new rule. The requirement on the FCC was part of the TRACED Act that was signed into law in December 2019. Pai previously hoped that all carriers would deploy the technology voluntarily.
"I'm excited about the proposal I'm advancing today: requiring phone companies to adopt a caller ID authentication framework called STIR-SHAKEN," Pai said in his announcement. "Widespread implementation will give American consumers a lot more peace of mind when they pick up the phone." The FCC will vote on the measure at its March 31 meeting.
The STIR and SHAKEN protocols use digital certificates, based on public-key cryptography, to verify the accuracy of Caller ID. STIR-SHAKEN would work best if all phone companies adopt it because it can only verify Caller ID when both the sending carrier and receiving carrier have deployed the technology. Robocallers who spoof real numbers to hide their identities would get flagged by STIR-SHAKEN. Depending on how each carrier implements it, flagged calls could be passed on to consumers with a warning or be blocked entirely.
FURTHER READING
Ajit Pai orders phone companies to adopt new anti-robocall tech in 2019
Carriers have already been adopting STIR-SHAKEN, but Pai said not all companies have done so. "Last year, I demanded that major phone companies voluntarily deploy STIR-SHAKEN, and a number of them did," Pai said. "But it's clear that FCC action is needed to spur across-the-board deployment of this important technology."
STIR-SHAKEN can be used by mobile phone providers and home VoIP services, but landline providers have said they can't deploy it on the older TDM services that run on traditional copper phone lines. That won't change with the FCC action, as the underlying US law and Pai's proposal only "require originating and terminating voice service providers to implement STIR-SHAKEN in the Internet Protocol (IP) portions of their networks."
The requirement would apply to big carriers by June 30, 2021 and to small and rural providers one year later. In addition to mobile providers, companies that offer IP-based phone service over cable or fiber lines would have to comply.
Robocalls from outside US a major problem
While STIR-SHAKEN might help reduce robocalls or slow their growth, it's not enough on its own to solve the large and complicated robocall problem. For one thing, a lot of robocalls originate from overseas. The FCC recently sent letters to seven US-based voice providers "that accept foreign call traffic and terminate it to US consumers," saying these companies' services are "being used as a gateway into the United States for many apparently illegal robocalls that originate overseas." In a related action, the Department of Justice sued two small companies that allegedly connected hundreds of millions of fraudulent robocalls from Indian call centers to US residents.
FURTHER READING
FCC accuses carriers of being “gateways” for foreign robocallers
The new US law that ordered the FCC to require SHAKEN/STIR gave the FCC discretion on how to regulate calls from overseas. Congress told the FCC to "consider" how the commission can "establish obligations on international gateway providers that are the first point of entry for these calls into the United States, including potential requirements that such providers verify with the foreign originator the nature or purpose of calls before initiating service." But it's up to the FCC on whether to take further action on that point.
We asked Pai's office if his plan will have any impact on spoofed calls that originate from overseas and will update this article if we get an answer. The full text of Pai's plan hasn't been released yet.
Dec 31 2019
Trump signs the TRACED Act, the first federal anti-robocall law
The law implements new consumer protections, gives more teeth to law enforcement efforts and takes other steps to combat unwanted robocalls.
President Trump this week signed the TRACED Act, the first federal law designed to curb unwanted robocalls. With the problem of robocalls running rampant, the legislation passed with strong support in both the Democratic-led House and the Republican-led Senate.
The legislation takes on the problem from multiple fronts. First, it gives the Federal Communications Commission (FCC) more authority to go after the scammers responsible for unwanted robocalls. It allows the FCC to go after scammers the first time they break the law and extends the statute of limitations by up to four years in some cases. It also ups the financial penalties against robocallers.
Additionally, it encourages stronger Justice Department criminal prosecution of unlawful robocalls by requiring the FCC to provide the DOJ with evidence of criminal robocall violations.
Next, the law requires all carriers to eventually implement new technologies to authenticate caller-ID information, preventing call spoofing -- at no additional line-item cost to consumers. As Congress notes in its summary of the law, many illegal robocalls use call spoofing so the call appears to be coming from a trusted number.
The FCC is already planning to mandate that carriers implement its SHAKEN/STIR authentication system to help combat robocalls. In March, AT&T and Comcast announced that they successfully tested the first SHAKEN/STIR-authenticated call between two different telecom networks.
Meanwhile, the law additionally says consumers should also get access to robocall blocking at no additional line item charge on their bill.
The law also requires the FCC to put new limits on robocalls that are legal, even without consumer consent -- such as calls from financial institutions regarding potentially fraudulent transactions. Specifically, the law calls for new limits on the kinds of organizations that may make such calls, who can receive such calls and the number of calls allowed under the exemption.
The TRACE Act also clarifies that when a person gets a new phone number, robocallers cannot keep calling to look for the person previously had that number.
It also requires the FCC to work to stop one-ring scams and helps the FCC and carriers trace back the origin of unlawful robocalls.
The law passed in the House earlier this month by a vote of 417 to 3, and it passed in the Senate by voice vote.
During the legislative debate, Congress put out a white paper with data on the extent of the robocall problem: In 2018, there were an estimated 48 billion robocalls, up over 64 percent since 2016, according to YouMail. Meanwhile, First Orion predicts that this year 44.6 percent of all calls to mobile phones will be scam calls.
In a statement, the cloud communications company Twilio said the legislation should have a notable impact: "The law will aid efforts among law enforcement authorities, government agencies and the communications industry to stop the bad calls and restore consumers' faith that they will receive the calls they want. With its strong emphasis on the implementation of the SHAKEN/STIR protocol and consumer protection efforts, we expect to see a dramatic change in the robocall landscape in the next 12 to 18 months."
December 2019
Section-by-Section Summary
Pallone-Thune TRACED Act
The Pallone-Thune TRACED Act is bipartisan, bicameral legislation that is supported by Chairman Frank Pallone, Jr. (D-NJ), Sen. John Thune (R-SD), Ranking Member Greg Walden (R-OR), Sen. Ed Markey (D-MA), Communications and Technology Subcommittee Chairman Mike Doyle (D-PA) and Ranking Member Latta (R-OH). The legislation will turn back the tide of illegal robocalls.
Americans are receiving more illegal robocalls than ever before. In 2018, there were an estimated 48 billion robocalls, up over 64 percent since 2016, according to YouMail. First Orion predicts that this year 44.6 percent of all calls to mobile phones will be scam calls. In 2018, the Federal Communications Commission (FCC or Commission) received 232,000 consumer complaints of unwanted calls, a nearly 35 percent increase since 2015.
Section 1
This section names the bill the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (Pallone-Thune TRACED Act).
Section 2
The section defines the term “Commission” to mean the Federal Communications Commission.
Section 3
Consistent, sustained enforcement is key for making sure illegal robocallers stop their practices.
Under the law today, the FCC has a short statute of limitations to bring robocall violations, and the Commission is barred by process requirements from going after first time offenders. A longer statute of limitations, a streamlined process for going after illegal robocallers, and authority to impose greater fines, will help deter bad actors.
This section allows the FCC to go after scammers the first time they break the law and extends the statute of limitations by up to four years in some cases, in order to give the FCC and law enforcement agencies enough time to prosecute illegal robocallers. It adds an additional penalty for intentional violations of up to $10,000. It further requires the FCC to issue an annual report to Congress on illegal robocallers detailing its enforcement activities so Congress can make sure the robocalling problem is being addressed. The report also requires the FCC to provide Congress with proposals for decreasing the number of robocalls through additional legislation.
Section 4
Many of the illegal robocalls that are made today are done using disguised caller-ID, so the call looks like it is coming from a trusted source.
Prepared by the Committee on Energy and Commerce
This section requires all carriers, over time, to implement a new technology to make sure that caller-ID information is appropriately authenticated with no additional line item charge for consumers on their bill. It also helps ensure rural parts of the country with older technology are not left behind. Specifically, this section requires the FCC to recognize the burdens and barriers to adopting this technology across the country and to address those barriers. To the extent some carriers need additional time to implement this technology, the FCC will find alternative methodologies for authenticating calls, and those carriers will need to implement separate robocall mitigation strategies. This provision also includes a safe harbor to help incentivize carriers to authenticate calls and block unlawful robocalls, where appropriate.
Section 5
Robocalls are on the rise, and the government must be better coordinated in enforcing the important laws that protect consumers from unlawful calls.
This section requires the Attorney General, in consultation with the FCC, to convene an interagency task force to study the government prosecution of robocall violations. Among other things, the task force will: (1) determine how federal law and budgetary constraints inhibit enforcement of the robocall violations; (2) identify existing and additional policies and programs to increase coordination between federal departments and agencies and the states for enforcing and preventing violations of the robocall violations; and (3) identify existing and potential international policies and programs to improve coordination between countries in enforcing robocall violations and similar laws.
Section 6
Robocallers sometimes get access to numbers from the FCC.
This section requires the FCC to determine how its policies regarding access to number resources could be modified to reduce the number of illegal robocallers.
Section 7
To ensure that new technologies are used to best protect consumers, the FCC needs to put consumers first.
This section requires the FCC to complete a rulemaking within one year to help protect consumers from receiving unwanted calls or text messages, using in part, new methods for authenticating calls, while also protecting those that do not have access to call authentication.
Section 8
Under current law, some robocalls can be made without consent, but consumers need to be protected from receiving too many calls from too many people.
Section 8 requires the FCC to implement consumer protections on the FCC’s exempted classes of robocalls. These consumer protections must specifically include limits on:
(1) the classes of parties that may make such calls,
(2) the classes of parties that may be called, and
(3) the number of calls allowed under the exemption.
Prepared by the Committee on Energy and Commerce
Section 9
Too often consumers receive a torrent of robocalls that are intended for the person that previously had their phone number.
This section requires the FCC to issue a report to Congress to ensure the FCC is quickly making available the reassigned number database it agreed to implement in December of 2018. This section also clarifies that when a consumer gets a new phone number, robocallers cannot keep calling to look for the person that had that phone number before.
Section 10
Consumers should to have access to robocall blocking at no additional line item charge on their bill, and there needs to be transparency and redress for consumers and callers when a call is blocked.
This section makes sure those services are offered with no additional line item charge on their bill and that consumer and callers have transparency as to when a number has been blocked and effective redress. This section also ensures important calls like those from public safety are not wrongly blocked.
Section 11
Many robocallers have not been deterred by civil penalties against unlawful robocalls. There are criminal penalties against certain types of robocalling, and the Department of Justice (DOJ) should take a more active role in prosecuting scammers and fraudsters.
This section requires the FCC to submit evidence of certain criminal robocall violations to the DOJ for criminal prosecution and would require the FCC to publish a report annually disclosing how frequently the FCC submitted such evidence in an effort to increase criminal prosecutions by the DOJ.
Section 12
One-ring scams are when an overseas scammer makes a call to a consumer’s number attempting to induce the consumer to call the scammer’s number back, potentially resulting in hefty charges.
This section requires the FCC to initiate a proceeding to protect consumers from one-ring scams, including by working with foreign governments to address one-ring scams and by incentivizing carriers to stop calls made to perpetrate one-ring scams, among other things.
Section 13
In recent years, carriers have banded together to coordinate and trace back the origin of unlawful robocalls. However, many carriers still do not participate and the process could be better used to enforce laws that protect us from unlawful calls.
This section requires the FCC to register a consortium of companies engaged in private-led efforts to trace back the origin of suspected unlawful robocalls. It creates a certification process for when carriers have or
Prepared by the Committee on Energy and Commerce
have not participated in a private-led effort to traceback the origin of a suspected unlawful robocall. This section also requires the FCC to publish a report on the participation by carriers in private-led efforts to trace back the origin of suspected unlawful robocalls and take appropriate enforcement action.
Section 14
Robocalls have particularly plagued hospitals recently, including by robocalling doctors while they are on-call and calling patients disguised as hospital officials to solicit sensitive information about the patient or family.
This section requires the FCC to establish a Hospital Robocall Working Group to, among other things, issue best practices to help voice service providers combat unlawful robocalls made to hospitals and to help hospitals protect themselves from robocalls. It also requires the FCC to initiate a proceeding to determine whether the voluntary adoption of the practices can be facilitated.
Section 15
This section specifies that if any provision of this act, or the amendments made by this act, are found to be invalid, the remainder of the bill shall not be affected.
NTCA discusses barriers to SHAKEN faced by rural carriers
JANUARY 20, 2020
In a meeting with the FCC on January 14, 2020, the NTCA explained that 93% of its members have IP-enabled switches, yet most are unable to participate in STIR-SHAKEN. The problem is not a lack of IP-enabled equipment. The problem, says the NTCA, is that upstream carriers are unwilling to exchange voice traffic with rural carriers over IP.
The NTCA also observed statements in filings by large nationwide carriers indicating that they intend that “IP interconnection will take place on a nationwide basis, and at a relatively small number of places.” The result of this approach, says the NTCA, is that rural providers would be “required to deliver calls to distant points of interconnection that may be several states and hundreds or even thousands of miles away from the rural area where such calls originate.”
That’s why rural carriers are forced to use TDM, and that’s why they can’t participate in STIR-SHAKEN. The rules of the road need to change, says the NTCA.
The NTCA also raised issues with intercarrier compensation. In an all-IP world, rural providers would be forced to bear the full cost of transport for voice traffic without any universal service support. The economics threaten universal service, which has long been a policy goal in telecommunications.
Finally, the NTCA noted that there are no alternatives in place for authenticating calls that originate and/or terminate on TDM networks. This raises significant risk that legitimate calls from rural customers will go unanswered. It also raises risks that spoofers will use rural telephone numbers.
NTCA proposals
To address these problems, the NTCA urged the FCC should do two things:
Further details are available in the NTCA’s ex parte filing.
California enacts law to mandate STIR-SHAKEN
OCTOBER 7, 2019
The governor of California, Gavin Newsom, signed the Consumer Call Protection Act of 2019 on October 2, 2019. This law requires telecommunications service providers to implement STIR-SHAKEN on or before January 1, 2021.
The legislation was brought forward by California Senator Ben Hueso (D-San Diego).
“Fraud by robocallers is the number one consumer complaint in the country, and the volume of these calls has increased dramatically in recent years,” said Sen. Hueso, Chair of the Senate Energy, Utilities and Communications Committee. “The surge in illegal robocalls disproportionately impacts Californians, who receive the second highest number of robocalls in the nation. The State must take steps to ensure that its consumers can reliably answer their telephones without the fear of fraud.”
The new law states that “nothing in this act requires a telecommunications service provider to employ call blocking.”
The legislation updates the California Public Utilities Code.
FCC chief says
Proposed new rules would extend robocall blocking to international calls and text messages.
JULY 8, 2019 11:16 AM PDT
Robocalls could be blocked from international callers and text messages.
Josh Miller/CNET
Federal Communications Commission Chairman Ajit Pai has proposed another set of robocall rules, this time to ban malicious calls that spoof caller IDs in text messages and international calls. The FCC will vote on the anti-spoofing rules on Aug. 1, and they already have the support of more than 40 state attorneys general, Pai said Monday.
These new rules would close the loopholes in targeting international callers, including one-way interconnected VoIP calls, and scammers using text messaging. They are part of the FCC's "multi-pronged approach to battle the noxious intrusion of illegal robocalls, as well as malicious caller ID spoofing," Pai said. Last month, the FCC voted unanimously on a proposal to give mobile phone companies greater power to "aggressively block" unwanted robocalls.
According to Pai, robocalls often come from overseas, with scammers spoofing their numbers to trick people into answering. "Call center fraudsters often pretend to be calling from trusted organizations and use pressure tactics to steal from Americans," he said.
The rules aim to extend the Truth in Caller ID Act to text messages or international calls as intended under the passage of the Ray Baum's Act last year.
According to the FCC, the Ray Baum's Act gave the agency the authority to broaden bans on illegal spoofing to text messages, calls originating outside the US, and calls using voice over IP. The Truth in Caller ID Act passed in 2009 already prohibits misleading or inaccurate caller ID "spoofing" with the intent to defraud for domestic callers, the agency said. But it doesn't apply to text messages or international calls.
A senior FCC official said on a call with press that Congress needed to give explicit authority to federal agencies to allow them to police bad actors overseas. That's what the Ray Baum's Act did. The FCC's proposed regulation takes advantage of that authority.
The Federal Trade Commission has already had some success targeting domestic offenders under other statutes. In March, the FTC shut down four companies for illegally spoofing numbers to pitch debt-relief services, home security systems, fake charities, auto warranties and Google search results services.
July 2019
The Federal Communications Commission (FCC) is warning consumers about a recent wave of robocall scams in which a user's phone rings once before the caller hangs up.
The agency issued a warning last week about the "One Ring" or "Wangiri" calls, urging those targeted by the scam not to call the numbers back.
"These calls are likely trying to prompt consumers to call the number back, often resulting in per minute toll charges similar to a 900 number," the FCC said. "Consumers should not call these numbers back."
The robocaller may dial a consumer's number repeatedly and hope the target calls back, the FCC said.
The FCC said the recent wave of calls appeared to be using the "222" country code of Mauritania in West Africa. Recent calls have been targeted at consumers in New York state and Arizona, the agency said.
The FCC in February issued a report that found U.S. phones were hit by 48 billion robocalls last year. The report predicted that almost 50 percent of all calls made to U.S. cellphones this year will be spam.
Lawmakers have attempted to combat the surge in robocalls.
Sens. John Thune (R-S.D.) and Sen. Ed Markey (D-Mass.) reintroduced legislation earlier this year called the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which would give the federal government the authority to slap offenders with fines of up to $10,000 per call.
TAGS JOHN THUNE ED MARKEY ROBOCALLS SCAMS FCC
by Michaela Chesin
Arizona Republic
August 4, 2020
The settlement of a Department of Justice lawsuit against two companies owned by a Paradise Valley couple is awaiting court approval.
A Phoenix couple accused of facilitating hundreds of millions of fraudulent robocalls would be prohibited from ever operating a telecom business under a proposed settlement with the U.S. Department of Justice.
It is a first-of-its-kind effort by the Justice Department to hold a telecom carrier responsible as a facilitator of fraud schemes.
The DOJ alleged that Nicholas and Natasha Palumbo, operating as VoIP carriers, transmitted calls from entities to other carriers within the United States, and ultimately individual phones. The DOJ alleged foreign-based call centers, which fraudulently claimed to be affiliated with government and business entities, used the service to place robocalls to U.S. victims.
“The defendants also sold U.S. phone numbers to foreign entities, which were used as victim call-back numbers as part of massive robocalling fraud schemes,” the Department of Justice wrote in a March news release.
The defendants allegedly were warned numerous times that they were facilitating fraudulent robocalls and yet continued to enable the fraud schemes targeting individuals in the United States, according to the news release.
Settlement of the DOJ's lawsuit against Nicholas and Natasha Palumbo'stelecommunications companies is awaiting court approval.
Under the proposed settlement, the Palumbos’ admit no wrongdoing. Nor are they required to pay a fine or provide restitution to victims. But the settlement prohibits them from operating a VoIP business or providing toll-free services.
VoIP, or Voice over Internet Protocol, allows phone calls to be made over the internet.
“Everybody should be really happy to see the Palumbo case because it’s the Justice Department treating carriers that don’t actively try to stop fraud as being part of the fraud,” said Alex Quilici, founder of YouMail, a California-based developer of voicemail and robocall blocking software. The company's database of robocalls helped the government collect evidence against the Palumbos'.
“It should stop the worst of these calls from getting through over time,” he said.
The proposed settlement follows a U.S. Supreme Court decision reinforcing the ban on robocalls in July. In December 2019, President Trump also signed a bill into law giving authorities more enforcement powers intended to speed up measures the industry has taken to identify robocalls.
United States v. Palumbo
Nicholas Palumbo and Natasha Palumbo own Ecommerce National, which does business as TollFreeDeals.com and SipRetail.com.
The DOJ claims the Palumbos used the companies, operated out of their Paradise Valley home, as intermediaries between foreign fraudsters and American consumers.
The feds received a preliminary injunction in March, forcing the Palubmos’ to cease operation.
In their lawsuit, authorities allege the Palumbos’ companies were “gateway carriers,” providing access to fraudsters whose schemes resulted in massive financial losses to elderly and vulnerable victims. Gateway carriers are typically paid for each call they connect to U.S. phone systems, according to court filings.
The fraudsters are often located at call centers abroad, mostly operating out of India, according to court filings. Many impersonate U.S. government officials, foreign government officials or well-known American businesses.
The DOJ claims the Palumbos knowingly facilitated millions of these robocalls.
Court filings detail the experience of several victims.
One was an 84-year-old retired Marine who lost more than $9,000 after fraudsters told him they were with the Social Security Administration and that a car in Houston had been rented using his Social Security number. The fraudsters told him the vehicle had been found by local police with evidence of drugs and money laundering. He was told there was a warrant for his arrest.
Another victim, according to the filings, was a 36-year-old man who had recently received U.S. citizenship. The scammers told the man, who was living in Brooklyn, that there was a warrant for his arrest. He emptied his bank account in an attempt to rectify the situation.
Affidavits by Special Agent Marcy Ralston of the Social Security Administration’s Office of the Inspector General and Postal Inspector Samuel Bracken noted suspicious payments to the Palubmos’ company, TollFreeDeals. They said the Palumobos' were aware that fraudulent robocalls were being placed using their system, and continued despite many notices, inquiries, warnings and subpoenas concerning the fraudulent robocalls.
The Palumbos declined to comment to The Arizona Republic.
Their attorney, Theodor Bruening, said he believes the Palumbos were singled out by the DOJ because their business is the smallest among nearly 200 VoIP carriers and the government wants to make an example of them.
Nicholas Palumbo has been in the VoIP business for 17 years and had never been accused of wrongdoing, Bruening said, noting that his clients admit no wrongdoing in this case.
“They cannot determine whether it’s a robocall or not, any more than the post office can open your mail,” he said of the Palumbos. When the Palumbos received warnings about patterns of fraud, they took those claims seriously, Bruening said.
But Quilici, the YouMail founder, said that even if the Palumbos’ didn’t know fraudulent calls were being made using their system, other companies were collecting evidence of it and informing them of the suspicious activity. After receiving evidence that fraudulent calls were placed on their network by one of their customers, the Palumbos should have cut off that customer, he said.
“They had so much evidence from USTelecom and others who wrote them and told them, ‘You guys are carrying illegal traffic. Here's the scale of that traffic. Here's the evidence of that traffic. What are you gonna do?’
“And if their answer was, ‘Oh I don't know, I don’t believe you,’ then that's not a very good answer,” Quilici said.
According to Nicholas Palumbo’s LinkedIn, he is currently the CEO of BuyEnergyTaxCredits.com and Director of Business Development at Charles Kirkland Companies. Both Palumbos are listed as the executive team for Management Consulting Pro, where they are called “experts at reducing expenses and increasing the bottom-line for medium to large companies.”
Civil forfeiture complaint
In a separate civil forfeiture case in the Northern District of Georgia, the government seeks to seize more than $389,000 of the Palumbos funds earned through their telecom business.
The action seeks "to forfeit funds derived from robocall-based scams and other techno scams, including government impersonation scams, that were seized from bank accounts controlled by Nicholas Palumbo," according to court filings.
Court filings note the Palumbos ignored numerous complaints from USTelecom, AT&T, Department of Homeland Security and other United States Government agencies regarding fraudulent robocalls entering the United States through their company's network. The complaint also alleges the Palumbos' company received money from individuals who directly received money from victims, and transferring money between bank accounts.
New York man pursues lawsuit against Palumbos
A day after the DOJ filed its lawsuit against the Palumbos, a caterer in New York filed a civil complaint against them alleging they had violated the Telephone Consumer Protection Act.
The TCPA restricts telemarketing calls and the use of automatic telephone dialing systems and artificial prerecorded voice messages.
Dov Zeitlin, who filed the lawsuit, “got a lot of robocalls" and was fed up with it, according to his attorney, Robert J. Tolchin. "You never know who the hell is responsible for these robocalls.”
Tolchin said Zeitlin moved forward with his case after the government released affidavits from the federal civil case.
Using the affidavits, Zeitlin accuses the Palumbos of being responsible for certain robocalls in the Eastern District of New York “to defraud through facilitating the delivery of vast numbers of fraudulent telephone calls to victims, among other fraudulent conduct,” according to court filings.
“We’re not talking about a few calls, we’re talking about hundreds of millions of calls," he said. “These people are hiding in the shadows. And these people making the technology, they are putting the technology out there that lets these people hide in the shadows.”
In a July 13 court findings, the defendants moved to dismiss the case arguing that Zeitlin does not know that the robocalls he received were transmitted by the Palumbos, but rather guesses that they were.
“That lawsuit is completely baseless because it seeks to hold the Palumbos responsible for unwanted robocalls,” wrote Bruening. “Since the Palumbos operated a VoIP carrier – i.e. they only transmitted other people’s calls, they never placed any – they are not responsible for people receiving unwanted robocalls any more than the US Postal Service is responsible for transmitting unwanted mail.”
A rise in robocalls
In June, Phoenix was the seventh-most spammed city in the nation, receiving more than 70 million robocalls, according to the most recent data compiled by YouMail. In 2019, Phoenix saw over a billion robocalls.
Quilici, the YouMail CEO, said he has seen a significant rise of robocalls in the last five years because it has become easier and cheaper to make the mass calls.
“At the peak in the October of 2018, it was up to almost 6 billion a year,” he said. “It was absolutely nuts how fast it grew.”
Telecommunication companies play a role, because many people use telecommunication companies as a way to get on the U.S. network from overseas. “Wholesale VoIP carriers can be kind of a gateway for the bad guys to get on and make calls,” Quilici said.
Quilici’s database traced evidence in the DOJ’s case against the Palumbos.
“Now you can find the bad guys, easily collect evidence and then use that to shut down the carriers carrying the bad-guy traffic, if the carrier’s not actively trying to stop it,” he said.
The TRACED act, signed by President Trump in 2019, intends to make it easier for consumers to identify robocalls and avoid answering them. The legislation also requires telecom carriers to implement, at no charge, a number-authentication system to help consumers identify who’s calling. It also increases penalties for robocallers who disregard the law.
Quilici expects with these developments robocalls won’t again reach the highs seen in 2018. But he expects they will continue to be an annoyance.
“It will just take a grinded-out effort from a lot of people, carriers and everybody else, to get that number down,” he said. “It’s just simply too easy to make these calls.”
Protect yourself from robocalls
The FTC recommends hanging up on illegal calls, especially if the caller is trying to sell something or persuade you to pay for an alleged activity.
You can then file the call as a complaint with the FTC and the National Do Not Call Registry.
Quilici recommends consumers protect themselves from these calls by purchasing a robocall blocking app, he said.
Reach reporter Michaela Chesin by email at mchesin@gannett.com or by phone at 702-834-2494, or find her on Twitter @caeli_chesin.
August 5, 2020
We've had inquires recently about Ringless Voicemail. Here's an article that addresses it.
Sales folks are so creative.
Always looking to obtain the upper hand in a COVID-ravaged market, sales teams will often dream up highly novel ways to generate consumer engagement. Compliance folks need to be ever-wary of TCPA risk created by fanciful new engagement practices.
Here’s an example.
A moving company decides to use ringless voicemail drops to communicate with consumers who enter a phone number into a website field but that who never actually click a button to create an account or submit their contact information to the business. The thinking is—presumably—that the consumer is in the market for moving services (why else would he/she be on the website?) so reaching out to them as soon as a phone number is entered is a good way to identify leads. Sure the consumer never completed the form or formally submitted the number (i.e. provided consent) to be called, but—the thinking goes—that risk can be ameliorated by using ringless voicemail since, you know, that doesn’t trip the TCPA.
Creative. But ever so wrong.
As we’ve reported previously, users of ringless voicemail solutions continue to get hammered with TCPA rulings determining that RVM technology does indeed constitute a “call” subject to the TCPA. While the original line of cases on the issue looked at the rather odd (read: bad) argument that RVM is not a “call” because voicemail constitutes an “information service,” the most recent line of cases has rejected the more robust (read: good) argument that RVM does not trigger the TCPA because RVM drops are not made using a number assigned to a wireless carrier.
Well in a new case out of Nevada the creative moving-company Defendant managed to lose both arguments at once—and at the pleadings stage, no less. That’s actually really tough to accomplish. But not in a good way.
In Caplan v. Budget Van Lines, Case No. 20-CV-130 JCM, 2020 U.S. Dist. Lexis 136865 (D. Nv. July 31, 2020) the Court held that Defendant’s use of RVM to solicit consumers that entered a phone number in a website field but did not actually submit their data to the company by clicking a submit button triggered the TCPA. The Defendant had moved to dismiss the complaint arguing both that RVM is not a “call” because voicemails are an “information service”—again, stop making this argument folks it does not hold water— and because RVM do not interact with the cellular network—a fact which is technically true but almost certainly not alleged on the face of the complaint.
The Caplan court had little trouble rejecting both arguments. The “information service” argument is essentially gibberish and the Court waved it away by noting that text messages are also “information services”—a highly dubious categorization, BTW—but have always been subject to the TCPA. As to the “cellular network” argument the court found that Defendant was trying to elevate “form over substance.” Notably, a properly supported motion raising the “cellular network” angle should be a winner in some cases—the text of the statute simply does not apply to informational RVM’s deployed to business class landlines—but the fact that the messages at issue likely qualified as marketing completely guts this argument (pre-recorded marketing calls to landlines are covered by the TCPA.) So the Defendant lost its critical substantive defense at the pleadings stage and ceded a huge merits win to the class pre-certification, while highlighting a critical common issue. Where have we seen that before?
But while TCPA defendants continues to struggle with the ins and outs of class action defense, the larger issue here is that Caplan is now the FIFTH case to hold ringless voicemails are subject to the TCPA—with zero cases holding otherwise. So for those involved with TCPA compliance—be highly cautious anytime your sales team suggests deploying RVM to contact unconsented, screenscraped, skip traced, or “fielded-but-not-submitted” phone numbers. Trouble.
They can also open the door to scams.
By Ryan Tracy and Sarah Krouse
Aug. 15, 2020 The Wall Street Journal
When you receive a robocall, chances are someone like Nick Palumbo collects roughly $0.0024 a minute. Those fractions of a cent can add up to millions of dollars. Mr. Palumbo accumulated more than $3.2 million on the hundreds of millions of calls routed through a telecom operation based in his Paradise Valley, Ariz., home last year.
Two phone companies run by Mr. Palumbo are among dozens of little-known carriers that serve as key conduits in America’s telecom system. But the rise and fall of those companies also illustrates a flaw in that system: The business model of these carriers can support fraud on a massive scale.
In the span of a few years, one of Mr. Palumbo’s carriers became the largest conduit for Social Security impostor calls coming into the U.S. from overseas, according to authorities. It connected swindlers posing as officials from the Social Security Administration with victims who relinquished their money or personal information. Such scams in total bilked U.S. consumers out of at least $38 million in 2019, according to Federal Trade Commission data and government officials.
More government impostor robocalls were traced to Mr. Palumbo’s carriers than any other phone company for much of 2019 and the early months of 2020, according to USTelecom, a trade group that runs a call-tracing system. He says he didn’t know the calls were scams when his companies passed them along. On March 24 a federal judge temporarily barred Mr. Palumbo’s phone operations from carrying any more calls in the U.S. following a civil lawsuit from the Justice Department. He shut down Ecommerce National LLC, which did business as TollFreeDeals.com, and SIP Retail LLC, his lawyer said.
Nick Palumbo accumulated more than $3.2 million on the hundreds of millions of calls routed through a telecom operation based in his Paradise Valley, Ariz., home last year. Authorities said one of Mr. Palumbo’s carriers became the largest conduit for Social Security impostor calls coming into the U.S. from overseas. Mr. Palumbo said he didn’t know the calls were scams.
Mr. Palumbo and dozens of other little-known telecom carriers work in the shadows of giants such as AT&T Inc., routing phone calls in bulk from one part of the telephone network to another and charging customers a fraction of a cent each time. These small carriers took hold in the decades following the 1984 breakup of AT&T’s phone system monopoly, which was designed to lower the costs of long-distance calls. They mushroomed during the introduction of internet-based calling services in the 2000s.
The emergence of these small phone companies was in many ways a positive development for consumers who now pay less for long-distance calls. The downside is that the system wasn’t designed to discern between legitimate and illegitimate calls, which are sometimes mixed together as they are passed along. U.S. regulators generally didn’t require these carriers to block calls and in some cases forbade them from doing so as a way of limiting anticompetitive behavior. Some telecommunications experts say that opened the door for smaller carriers to hustle business from robocallers, or simply turn a blind eye to suspect traffic.
Big carriers thus far have largely been able to avoid government penalties by demonstrating their efforts to verify legitimate traffic, in some cases hiring third-party companies to spot bad calls and flash a “Scam Likely” message to your phone.
Here is how the scams typically work: First robocallers blast out a large number of calls embedded with a prerecorded message claiming to be a representative of the Social Security Administration or another government agency. If the calls originate overseas, as many do, foreign carriers forward them to U.S. carriers that contract with each other to send and receive the traffic over the internet, using routers to find the cheapest path. A major U.S. carrier then typically makes the final connection to your phone.
When you answer, the prerecorded voice on the other end of the line claims you’re the victim of a stolen identity or a participant in criminal activity and that you need to call a number to fix the issue. If you fall for that premise, a swindler will use a mix of threats and reassurances during a live conversation to extract as much of your personal information or money as possible in exchange for supposedly clearing your good name.
Smaller carriers say the U.S. government should be going after scammers who are originating these robocalls. Law-enforcement officials say it is difficult to punish scammers directly, in part because many are based overseas. Instead authorities are targeting the small domestic telecom carriers that carry the calls into the U.S. and testing a relatively new legal argument in the telecom world: that carriers should be held responsible for policing any bad behavior that passes through their networks. Federal agencies have over the last year won injunctions curtailing the business of two other carriers, and have written warning letters to dozens of others.
One of the earliest targets of the government’s crackdown was the 39-year-old Mr. Palumbo, a well-known figure within this community of tiny phone carriers that swap tips and cut deals in online forums or annual telecom conferences in Las Vegas. There are varying views within that community about his level of responsibility. Some said he should have vetted his customers more carefully or cut them off when he saw red flags; others said he followed standard industry practices.
Mr. Palumbo said there are many legitimate uses of robocalls, such as telemarketing, and because he relayed calls rather than placing them, he had no way of knowing which calls were scams. “We can’t listen to the calls,” he said in an interview. “The system doesn’t allow us to, nor do we have the authority to.”
Mr. Palumbo’s lawyer said his client acted appropriately after receiving warnings about problematic calls, including notifying the customer who sent the calls. Even if his companies did more vetting, Mr. Palumbo says he wouldn’t know the source of calls because his clients were telecom carriers, not call originators. “It is really difficult to know who the customer’s customers are,” he said.
In Search of $250 Million
Long before he got into the telecom industry Mr. Palumbo knew he wanted to make an impact in the business world.
He started at eight years old, while growing up outside Buffalo, N.Y., “selling suckers, hawking pencils, clipping lawns [and] snowplowing,” he wrote in an autobiographical essay published in the 2014 book “Rainbows In Cobwebs.” “Anything that would earn some money.”
In college, he worked as a nightclub bouncer and started a business selling paintball supplies online, staying up late drinking Red Bull and working on the product catalog. He recalled telling a friend he would be worth $50 million someday, but secretly set a goal of $250 million.
His introduction to the telecom industry came in 2003, when he began selling access to toll-free numbers. In 2009, he moved to Arizona and began working as an agent arranging call-routing contracts between telecom carriers. He met his future wife, Natasha, in 2013 on a friend’s boat on Lake Pleasant near Phoenix. The following year he hired her.
Robo Relay
One Arizona couple relayed overseas robocalls that prosecutors say bilked U.S. consumers. Nick Palumbo, who led the operation, said he didn’t know the calls were illegal and took action when he learned they had been used in scams. Natasha Palumbo declined comment.
How it allegedly worked
1. The Palumbos’ phone companies, which operated from the couple’s U.S. home, received call traffic and directed calls to U.S. carriers.
2. Overseas scammers, many of whom were in India in this case, blasted out calls themselves, used a call center or both.
3. Overseas carriers forwarded the calls to the U.S.
4. The U.S. carriers passed calls on to big carriers
5. The big U.S. carriers passed calls through to U.S. customers.
6. Customers received recordings or live calls from the money-seeking scammers who often pretended to be with a U.S. government agency.
Business was good, but unsteady, Mr. Palumbo said in the interview. In 2016, several deals he arranged fell apart, robbing him of expected paydays. He decided to become a carrier himself.
He was able to do so from his home. He created an account with SipNav LLC, a company that leases access to call-switching equipment and software. SipNav accounts start at a minimum of 2,000 simultaneous calls for $1 a month, according to its website. Starting a phone company that operates over the internet—known as a voice over internet protocol or VOIP provider—takes at least $10,000 because of the need to prepay vendors before ramping up call volumes, he said. He declined to provide his exact costs.
“SipNav has no tolerance for Illegal robocalls” and is “doing everything in its control to help mitigate these illegal actions,” the company said in a statement.
Outfits like SipNav provide another important link in the robocall supply chain. They provide online portals for small telecom carriers to configure pricing, track call traffic and onboard clients. Mr. Palumbo had to find customers – or set up a website and let them find him.
Mr. Palumbo said his business took off, thanks to contacts in the telecom industry, trade shows, and customers who found him through online searches or LinkedIn. His clients included phone companies in India, which authorities say is a hot spot for robocalls. Gaurav Soni, the owner of one of those clients, ICore VOIP, found Mr. Palumbo via a Google search for U.S. telecom companies in early 2019, Mr. Soni said in an interview. “There are so many companies who are working like Nick,” Mr. Soni said.
Mr. Soni said he signed up with Mr. Palumbo online. Mr. Palumbo didn’t ask about the origin of the calls ICore would be sending, Mr. Soni said. Mr. Soni said he ran a phone company, not a call center, and wasn’t aware of the content of calls sent to the U.S. He said he understood his customers to be legitimate call centers that offer services such as information-technology help.
Mr. Palumbo eventually attracted enough clients to become the connection point for billions of calls to the U.S. telephone network. At their peak, Mr. Palumbo’s businesses had 38,000 phone lines, paying 80 cents per line a month. Clients paid about $0.0024 per minute for internet-based calling, according to business invoices included in court documents.
His businesses pulled in $3.2 million of revenue in 2019, or $266,000 a month.
A Morning Raid in Arizona
That good fortune ended on the morning of January 28, 2020 not long after Mr. Palumbo and his wife completed an ordinary morning of watching TV, having breakfast and preparing their daughter for preschool. As Mr. Palumbo carried his 3-year-old to the car, federal agents stood at the gates of his property with their guns pointed at him, he said in an interview and court documents.
“Put your daughter down,” one said, as Mr. Palumbo recalled it. He says he spent the next 90 minutes in handcuffs while officers searched the $2.3 million home, hauling out computers and paperwork.
Mr. Palumbo’s wife was also named as a defendant in the government’s case and was CEO of one of the companies involved. She declined to comment through a lawyer.
One alleged victim of a scam that started with a call transmitted by one of Mr. Palumbo’s companies was John Knox, a retired fire marshal who died in March. He sent $9,800 to a scammer who called him on May 23, 2019, according to court filings and a February interview with Mr. Knox. The swindler, whose call was passed along by the company, left a voice mail saying Mr. Knox’s Social Security number had been compromised.
“I’m usually sharp as a tack. That day they caught me,” Mr. Knox said in an interview, adding that he had been dealing with family turmoil at the time.
After the raid on Mr. Palumbo, the Federal Communications Commission in February began sending public warning letters to other small carriers. One was Karl Douthit, CEO of Los Alamitos, Calif.-based provider Piratel LLC, who says the FCC singled him out unfairly. Piratel hasn’t been associated with nearly as many robocall traces as Mr. Palumbo’s companies, and has long been vetting customers to avoid getting stiffed on bills, he said: “We have turned away more customers than we have kept.”
Mr. Douthit said the business of connecting calls over the internet is rife with opportunities to make a “quick buck” routing a high volume of calls without asking questions. He said he didn’t work with Mr. Palumbo.
Others defended Mr. Palumbo. Dean Hansen, a telecom consultant who filed a court brief in support of Mr. Palumbo as part of the government’s case, described him as a friendly, savvy businessman who followed standard industry practices.
Tracking the Fraud
Prosecutors said they uncovered the participation of Mr. Palumbo’s companies using a process called “traceback,” a system developed by trade group USTelecom that follows a call backward to identify the phone companies that connected it. USTelecom had traced many such calls to the companies and notified Mr. Palumbo each time, according to court filings.
Mr. Palumbo didn’t dispute receiving notifications from USTelecom, but said USTelecom never told him he was an outsize conduit of suspect calls until after the government brought its case.
Sometimes the traffic had obvious red flags, such as calls coming from overseas posing as 911, the Justice Department said. Mr. Palumbo’s lawyer said he blocked the 911 number after receiving a complaint and acted appropriately after receiving the USTelecom warnings. Each time, he warned the carrier who sent the problematic call and blocked the phone number in question.
But prosecutors said the scam calls continued for months over Mr. Palumbo’s network, even after the warnings. And they pointed out during the case that scammers can easily switch numbers once one is blocked.
In one June 2019 episode, USTelecom notified Mr. Palumbo of a Social Security scam call that had been relayed by his company, and he identified the source of the call as a customer from India. A USTelecom representative emailed back with a warning: The calls were “a massive illegal calling campaign.” Mr. Palumbo replied that he reamed out the client, according to court documents. In an interview this week, he identified the client as Mr. Soni, the ICore owner who found him on Google.
Mr. Soni said he shut down the account of the customer who sent the call Mr. Palumbo identified. The pair continued doing business through 2019, they both said.
Mr. Palumbo could’ve blocked ICore’s account if he was worried about the calls, Mr. Soni said. “How would I force him to open my account?” he said. “They never used to ask, ‘Who are you?’ They want the money and the calls, that’s it.”
Mr. Palumbo’s lawyer says his client acted appropriately by notifying ICore, and he understood that problem accounts had been shut down.
Mr. Palumbo’s companies didn’t have a compliance program, his lawyer told the federal judge, though it did have a template for onboarding new clients. Mr. Palumbo said in an interview that he checked customers’ references but it was possible for clients, including international ones, to sign up by filling out an online form.
Industry standards on how much vetting is required are vague or nonexistent, Mr. Palumbo’s lawyer said. Government rules encourage carriers to connect calls regardless of their origin rather than ask questions, executives at other telephone companies said.
“We connect calls. We do not block calls. That goes against our complete DNA,” said Lamar Carter, CEO of All Access Telecom Inc., a VOIP provider based in Forney, Texas.
The FCC in July asked for public input on the idea of requiring phone companies to conduct due diligence on high-volume customers. Those regulations, which the FCC hasn’t formally proposed, could require phone companies to ask questions about whether a customer is running a legitimate business before they allow someone to make high volumes of calls.
The shutdowns of Mr. Palumbo’s companies haven’t ended the flow of robocalls in the U.S. Volumes are on the rise again following a significant slowdown during the beginning of the coronavirus pandemic. From March to May, government agencies moved to quickly tamp down on Covid 19-related scams, and global shutdowns stymied some fraudsters’ ability to access call centers.
“The worry for us is of course that the volume just shifts to another player. That very well may be what’s happening,” said Gail Ennis, inspector general at the Social Security Administration, which assisted the Justice Department with the Palumbo case. “It’s going to be a marathon, not a sprint.”
The Federal Trade Commission today sent joint letters with the Federal Communications Commission (FCC) to three companies providing Voice over Internet Protocol (VoIP) services, warning them that routing and transmitting illegal coronavirus-related scam robocalls is itself illegal and may lead to federal law enforcement against them.
The agencies allege that two of the providers are routing coronavirus-related fraud robocalls originating overseas. The letters follow three joint FTC/FCC warning letters sent to VoIP service providers in early April. Today’s letters, like the ones sent last month, alert the recipients that they have been identified as routing and transmitting coronavirus-related scam robocalls, and tell them to stop such conduct immediately or face potential law enforcement actions.
“We never tolerate illegal robocallers, but it’s especially abhorrent when scammers exploit pandemic-related anxiety,” said FTC Chairman Joe Simons. “These VoIP providers must stop allowing illegal scam calls to reach consumers.”
“We expect nothing less from these providers than shutting down this scam robocall traffic,” said FCC Chairman Ajit Pai. “These companies can access our nation’s phone networks to provide legitimate services to consumers and businesses, not to facilitate floods of scam robocalls. They need to stop this traffic and not let it back on their networks—or face losing their access to the American phone system.”
The agencies sent a separate letter to USTelecom – The Broadband Association (USTelecom), a trade association that represents U.S.-based telecommunications-related businesses. The letter thanks USTelecom for identifying and mitigating fraudulent robocalls that are taking advantage of the coronavirus national health crisis, and notes that the USTelecom Industry Traceback Group (Traceback Group) has helped identify various entities that appear responsible for originating or transmitting coronavirus-related scam robocalls.
The letter further notifies USTelecom that if, after 48 hours of the release of the letter, any of the specified originating or gateway providers continue to route or transmit the specified originators’ robocalls on American networks, the FCC will: 1) authorize other U.S. providers to block all calls coming from that gateway or originating provider; and 2) authorize other U.S. providers to take any other steps as needed to prevent further transmission of unlawful calls from the originator.
The agencies sent the three letters to the following providers: 1) Intelepeer Cloud Communications, LLC of San Mateo, California; 2) PTGi International Carrier Services, Inc. of Washington, DC and; 3) RSCom Ltd. of Aurora, Ontario, Canada.
The letters notify the recipients that the FTC and FCC obtained information about their conduct working in conjunction with the Traceback Group. The letters to Intelepeer and PTGi also state that the companies refused to disclose to the Traceback Group the names of those responsible for initiating the calls, making it difficult for U.S. providers to protect consumers from illegal robocall traffic.
Refusing to cooperate with the Traceback Group is “particularly problematic,” the letters state, in that hampering U.S. authorities’ ability to identify and stop malicious robocalls capitalizes on public anxiety about the ongoing global health crisis.
Investigations conducted with help from the Traceback Group revealed that PTGi appears to be a gateway provider for fraudulent COVID-19 robocalls originating from a Germany-based wholesale provider. They also revealed that RSCom, also a gateway provider, appears to be transmitting calls from Voice Are Us, Ltd., a telecom company based in the United Kingdom.
In January, the FTC sent letters to 19 VoIP service providers warning them that “assisting and facilitating” illegal telemarketing or robocalling is against the law. In late March and early April, the FTC sent 12 additional letters (three of which were sent jointly with the FCC) to VoIP service providers and other companies, warning them that they may be assisting illegal telemarketing relating to coronavirus. All of the FTC's recent warning letters to VoIP service providers cite the FTC's case against Globex Telecom, a VoIP provider that the FTC charged in 2019 with assisting and facilitating illegal telemarketing.
As noted in previous warning letters, the FTC may take legal action independently if it finds VoIP service providers or others are assisting a seller or telemarketer who they know, or consciously avoid knowing, is violating the agency’s Telemarketing Sales Rule (TSR). The FTC can seek civil penalties and court injunctions to stop TSR violations. It also can seek money to refund to consumers who were defrauded via illegal telemarketing calls.
Updated statistics about the number of Do Not Call complaints show a drop in complaint volume. View the latest statistics here.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.
Aug 21, 2020
by Eric J. Troutman
This is really remarkable.
A cell phone carrier was allegedly spamming its own customers with illegal robotexts, while its CEO ignored requests from a consumer that the texts stop.
Those are the allegations in a putative nationwide TCPA class action brought by a consumer in Georgia aganst T-Mobile and a court held this week that the case can move forward.
The case involves allegedly unwanted marketing texts from T-Mobile. Goofy stuff like: “Tap into T-Mobile Tuesdays! Score free stuff and great deals every week – just for being a customer.”
The Plaintiff in the TCPA suit contends he didn’t want the messages so he (allegedly) e-mailed T-Mobile’s CEO John Legere twice, asking him to turn off T-Mobile’s text messages to him. When Legere (allegedly) ignored his requests, Plaintiff filed a putative TCPA class action against T-Mobile seeking to recover $500.00 for each and every text that the company sent to consumers without maintaining an internal DNC policy.
This could add up to billions of dollars if the allegations of the complaint are true. Uh oh.
T-Mobile first responded to the class action in odd fashion by arguing that Plaintiff wasn’t really hurt by the texts so the case should be dismissed. This argument, predictably, went nowhere as I wrote about a few minutes ago.
But the second part of the decision in Persichetti v. T-Mobile United States, CIVIL ACTION NO. 1:19-CV-02424-JPB, 2020 U.S. Dist. LEXIS 150814 (N.D. Ga. Aug. 17, 2020) might be even more important (and damaging.)
First some background. The TCPA’s regulations prevent a telemarketer from sending marketing messages without an internal DNC list. Notably this requirement may (or may not) apply regardless of whether an ATDS is used. So while T-Mobile might have had a good ATDS defense in the Eleventh Circuit, the Internal DNC claim is problematic. If it exists. We’ll get to that.
In Persichetti the Plaintiff’s internal DNC claim was based upon allegations that T-Mobile’s CEO ignored his requests to be placed on the company’s internal DNC list. From there, the Plaintiff infers that there T Mobile has no internal DNC list. Hence every single marketing text message T Mobile sent to consumers was illegal under the TCPA’s regulations.
And at $500.00 a text, well… billions are at stake. All because T-Mobile’s CEO ignored an email from a consumer. That’s TCPAWorld for you.
T-Mobile argued to the Court in Persichetti that it can’t be that easy. The regulations—T-Mobile argued—do not allow for a private right of action to enforce this section. Only the FCC can come down on marketers for failing to maintain proper internal policies.
Frankly, T-Mobile is probably right about the law here, but the optics were just too much to overcome. The Court disagreed holding directly that the suit can go forward noting T-Mobile’s CEO was notified of the problem but the texts continued:
Here, Plaintiff alleges that after he received the unwanted messages, he called Defendant’s customer service department to ask Defendant to stop sending the messages. When that failed, Defendant twice emailed Defendant’s CEO to stop the unwanted messages. Plaintiff even alleges that Defendant communicated to him that it was “unable to stop” sending him the unwanted text messages.
In light of these facts the Court finds that T-Mobile is stuck in the case.
Remarkable stuff. It remains to be seen whether the underlying facts are true but T-Mobile is certainly facing an uphill battle on the legal arguments at the moment. We’ll keep an eye on this one.
Meeting via conference call yesterday, the Federal Communications Commission has formally adopted a rule that will require phone carriers to deploy STIR-SHAKEN call authentication technology by June 30, 2021.
STIR-SHAKEN is technology that allows a carrier to verify the caller ID information matches the caller’s actual phone number. It is intended to stop individuals who spoof phone numbers by using different caller ID information to make it look like someone else is calling.
The FCC had originally mandated that carriers deploy the technology by the end of last December, but that deadline came and went without any of the major carriers fully deploying it.
“Widespread implementation of STIR-SHAKEN will reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help phone companies identify — and even block — calls with illegal spoofed caller ID information before those calls reach their subscribers,” said Ajit Pai, commissioner of the FCC, during the meeting. “Most importantly, it will give consumers more peace of mind when they answer the phone.”
The FCC also announced during its meeting yesterday that it is moving forward with Further Notices of Proposed Rulemaking that will seek comment on:
Expanding the STIR-SHAKEN implementation mandate to cover intermediate voice service providers
Extending the implementation deadline by one year for small voice service providers pursuant to the TRACED Act
Adopting requirements to promote caller ID authentication on voice networks that do not rely on IP technology
Implementing other aspects of the TRACED Act.
The FCC’s hand in mandating the adoption of STIR-SHAKEN was forced by the enactment of the TRACED Act, which made compliance with STIR-SHAKEN mandatory for all voice service providers.
The FCC estimates that the deployment of STIR-SHAKEN could save individuals as much as $3 billion annually by no longer wasting time and the nuisance of receiving scam calls.
Carriers have been announcing deployments of STIR-SHAKEN implementations, but have yet to roll out the technology across all of their calls. Carriers are quick to point out that STIR-SHAKEN does nothing to verify the content of a call, just the number the call is being made from.
Wednesday, August 26, 2020
As alleged in a civil complaint filed earlier this year, in United States v. Nicholas Palumbo, et al., spouses Nicholas and Natasha Palumbo of Scottsdale, Arizona, and their companies, Ecommerce National LLC d/b/a TollFreeDeals.com and SIP Retail d/b/a sipretail.com, received millions of internet based calls every day from other entities, often located abroad. The defendants transmitted those calls first to other carriers within the United States, and ultimately to the phones of individuals, knowing that the calls were fraudulent government and business-imposter robocalls.
Many of the robocalls were made by individuals impersonating government investigators conveying false and alarming messages, such as the victim recipient’s social security number or other personal information had been compromised or otherwise connected to criminal activity, the recipient faced imminent arrest, the recipient’s assets were being frozen, the recipient’s bank and credit accounts had suspect activity, the recipient’s benefits were being stopped, and the recipient faced imminent deportation – each designed to frighten the recipient into paying large sums of money. Often the numbers that appeared as the originating or caller-ID numbers were “spoofed” to make it appear that they originated from legitimate government or business offices in the United States when in fact they were made by overseas scammers, often located in India. The defendants also sold to foreign call centers toll-free and other U.S. numbers that were left in fraudulent robocall messages on victims’ phones to deceive them into believing that the calls were legitimate and originated in the United States. These calls led to significant financial losses to victims throughout the United States and the Eastern District of New York, many of whom were elderly and vulnerable.
“The consent decree is a milestone in protecting the public, especially elderly and other vulnerable persons, from predatory robocall schemes that can cause catastrophic losses to victims in this district and throughout the country,” stated Acting United States Attorney Seth D. DuCharme.
“The Department is committed to protecting vulnerable Americans, particularly America’s seniors, from those who seek to steal their hard earned savings,” stated Acting Assistant Attorney General Ethan Davis of the Department of Justice’s Civil Division. “The Department will prosecute both those who place fraudulent robocalls, and those who knowingly facilitate such calls for profit. The Department recognizes the exceptional work of the Social Security Administration and Postal Inspection Service in investigating this case.”
“The Court's decision sends a clear message to gateway carriers who knowingly do business with scammers targeting Americans from overseas,” stated Gail S. Ennis, Inspector General for the Social Security Administration. “We will continue to pursue those who facilitate these scam calls by allowing them into the U.S. telephone network. I want to thank the Department of Justice for its support throughout this investigation and its commitment to protecting Americans from this insidious form of fraud and theft.”
Under the terms of the consent decree entered yesterday, the defendants agreed to be permanently barred from using the U.S. telephone system to deliver prerecorded messages through automatic means, carrying VoIP calls destined for phones in the United States, and providing any U.S. phone numbers to other individuals or entities. In addition, the defendants are permanently barred from serving as employees, agents or consultants to any person or entity engaged in these activities.
This case was handled by Assistant U.S. Attorneys Bonni Perlin and Dara Olds of the United States Attorney’s Office for the Eastern District of New York and Trial Attorneys Ann F. Entwistle and Charles B. Dunn of the Civil Division’s Consumer Protection Branch, in coordination with the Social Security Administration Office of the Inspector General and the U.S. Postal Inspection Service. Investigative support was also provided by the U.S. Treasury Inspector General for Tax Administration, U.S. Immigration and Customs Enforcement’s Homeland Security Investigation’s El Dorado Task Force and U.S. Secret Service. The Federal Trade Commission and the Federal Communications Commission also provided pertinent data.
Additional information about the Consumer Protection Branch and its enforcement efforts may be found at http://www.justice.gov/civil/consumer-protection-branch. For more information about the U.S. Attorney’s Office for the Eastern District of New York, visit its website at https://www.justice.gov/usao-edny.
Well folks the Governor of Louisiana declared a state of emergency today ahead of the expected landfall of Tropical Storm/Hurricane Laura and Tropical Depression 14/Tropical Storm/Hurricane Marco.
Obviously all of us here at TCPAworld.com are rooting for everyone in the path of those storms to come out of this safe and sound.
For callers–particularly marketers–making calls to consumers within the state of Louisiana it is important to take note of the impact of this declaration of emergency on your ability to call.
Take a look at Louisiana Laws Revised Statutes Section 45:844.31.
Per that section, “[d]uring a state of emergency as declared by the governor, no telephonic solicitor shall engage in telephonic solicitation except [as specified below.]”
The statute broadly defines telephonic solicitation to include “any voice or data communication made by a telephonic solicitor to a residential telephonic subscriber for the purpose of encouraging a sale or rental of or investment in property, consumer goods, or services; or for the purpose of encouraging an extension of credit for property, consumer goods, or services; or for the purpose of obtaining information that will or may be used for the direct solicitation of a sale or rental of or investment in property, consumer goods, or services or an extension of credit for such purposes; or for the solicitation of a contribution to a charitable organization, except for the American Red Cross.”
So if you’re calling residential numbers in Louisiana and you aren’t the Red Cross, look out.
Some key exemptions, however:
So although unsolicited marketing calls must cease, the great residents of the State of Louisiana can still expect to receive unsolicited political robocalls. Fun.
SEPTEMBER 1, 2020
Comments were filed on the FCC’s fourth further notice of proposed rulemaking on robocall blocking issued on July 17, 2020. Comments were received from 32 organizations. We’ve summarized these comments for you.
Here are some recurring themes found in the comments filed:
These comments were filed in response to the FCC’s Third Report and Order, Order on Reconsideration, and Fourth Further Notice of Proposed Rulemaking regarding proceeding 17-59, In the Matter of Advanced Methods to Target and Eliminate Unlawful Calls.
You can click links to jump to the commenters listed below. The heading over each comment summary provides a link to their comment filed with the FCC.
Ten financial services companies filed joint comments.
I guess I should have seen this coming but I didn’t.
After forcefully battling to keep the TCPA on the books just last term, the U.S. Government has weighed in on the new Supreme Court TCPA ATDS debate–but instead of arguing for an expansive reading of the statute the Government is asking the Supreme Court to narrowly interpret the statute to only apply to dialers that randomly or sequentially generate numbers to be called.
This really does change everything.
And no I’m not just talking about the compelling legal points raised in the brief, although I must say the brief is outstanding. The brief reads-to me at least- with much more persuasive force than the Opening briefs in Barr. The grammatical analysis of the TCPA’s ATDS definition is elegant and compelling– far better than most of the tortuous I’m-trying-to-explain-something-I-don’t-really-understand arguments you tend to see in these briefs. And the cut-to-the-chase policy analysis is outstanding as well.
Yes, as with most Supreme Court briefs, the Government’s position is confidently and directly conveyed and seemingly leaves little room for doubt.
But the potent advocacy in the brief is not the key here– The Government has now (finally) spoken authoritatively on the scope of the TCPA’s current ATDS definition.
After all of the battling, all of the wrangling, all of the advocacy to the FCC–there it is. A quiet filing the afternoon before Labor Day that nearly everyone missed. The Government has now had its say– the TCPA only applies to random fire dialers. Great. Now we know.
Pack it up folks. We win. Right?
It is not the arguments of the Government that are so critical, it is the fact that the Government’s position is that the TCPA is to be narrowly read and applied. I mean, that’s everything right there. This isn’t like Barr where the government was arguing whether the TCPA is constitutional; this is the government weighing in on what the TCPA was intended to cover. That feels pretty authoritative; just like an FCC ruling interpreting the Act but from a different wing of the federal government.
And sure, technically, a position statement taken by the US Government made in a advocacy piece to the Supreme Court is probably not binding (probably) but do we really expect the Supreme Court to disagree?
I mean sure its technically too early to call this one for the good guys, but read this brief folks– Facebook– Government Brief. I’m convinced. And I have a very hard time believing that SCOTUS will ignore the Government’s position on the intended narrow reach of a federal statute.
So now the real question: with the U.S. Government wading into this fight and directly advocating that Congress intended no more than to regulate random-fire dialers how can anyone really debate the issue further?
I wonder whether Mr. Duguid himself–and his counsel-might start to think about simply laying down their weapons at this point. You’re on the wrong side of this thing guys. The U.S. Government has literally spoken on the issue– the TCPA was not designed to do what you thought it was. Accept it and move on.
Let’s discuss policy to the policy makers– not SCOTUS. That’s not where you want to be with this Court and you know it. (Big picture guys.) It’s in everyone’s best interest to get this statute cleaned up but that has to start on the Hill.
Just concede your points and lobby Congress to give you a new law. The Government has now given us clarity as to the scope of the existing law. That’s all anyone wanted to begin with. Leave it alone and let SCOTUS focus on stuff that is actually debatable. This just isn’t anymore.
So sayeth the Czar.
SEPTEMBER 9, 2020
The FCC today published the next round of rules for robocalls and STIR-SHAKEN deployment. There’s quite a lot in this 93-page document. We’ve summarized it for you here.
The TRACED Act was signed into law on December 30, 2019. This law directed the FCC to issue orders to require industry to deploy STIR-SHAKEN.
The TRACED Act included related provisions to support the call authentication rollout and give the Commission some leeway to develop specific details in support of this rollout.
The FCC issued their First Report and Order and Further Notice of Proposed Rulemaking to implement the TRACED Act on March 31, 2020.
In the first order, the Commission issued a mandate for all originating and terminating voice service providers to implement STIR-SHAKEN in the IP portions of their networks by June 30, 2021. The order explains that they were issuing the mandate at that time because the state of industry-wide implementation as of the end of 2019 demonstrated that further government action was necessary for timely, ubiquitous implementation.
The mandate covered three call scenarios:
Note that the mandate did not apply to the following:
The second report and order includes provisions described in the following sections.
The order extends the definition of a voice service provider to include over-the-top (OTT) services that possess technical control over the origination of calls on their platform.
We’re not sure how this will square with the STI-GA’s current requirement that service providers must have access to numbering resources to qualify as an authorized service provider. Many OTT providers do not satisfy the current requirements.
Note that this second order includes related discussion of this topic in the discussion of deadline extensions described below.
In the order, the Commission explained that they would require two things before mandating out-of-band SHAKEN:
The Out-of-Band standards, which describe the option to transmit tokens out-of-band, are well on their way. The existing STIR-SHAKEN standards are still applicable when using the out-of-band option.
Extension of deadline for SHAKEN mandate
The order granted extensions of the STIR-SHAKEN mandate for the following:
The first extension is to avoid hardship and undue burden for this class of providers.
The second extension is necessary because the current STI-GA policy has three requirements that service providers must satisfy in order to receive a Service Provider Code, which is necessary to obtain SHAKEN certificates:
That third requirement excludes many interconnected VoIP carriers, including over-the-top (OTT) carriers, who are now included in the mandate. But how could OTT carriers be subject to the mandate if they can’t get SHAKEN certificates? The Commission granted this extension until either such providers can meet the STI-GA’s policies or the STI-GA changes this policy. Stay tuned.
The third extension gives providers time to shut down service that was already planned to be discontinued.
The fourth extension is required by the TRACED Act.
The FCC is required to reevaluate extensions it has granted annually.
All voice service providers who receive an extension to the mandate are required to deploy a robocall mitigation program. This requirement is satisfied by documenting and publicly certify how they are complying with these requirements.
The Commission provides only one prescriptive component of the robocall mitigation program: cooperation with the Commission, law enforcement, and the Industry Traceback Group in investigating and stopping illegal robocallers.
All voice service providers must certify that their traffic is either signed with STIR-SHAKEN or subject to a robocall mitigation program as described above.
The Commission will establish a portal on the fcc.gov website to accept these certification filings. These filings will be stored in a database and be made publicly available.
Intermediate and terminating voice service providers will be prohibited from accepting voice traffic from any voice service provider that does not appear in this database.
Foreign voice service providers that use NANP numbers that pertain to the U.S. to send calls to the U.S. must participate in the compliance filing described above.
Voice service providers are prohibited from imposing additional line item charges for caller ID authentication on consumer or small business subscribers. Consumers are residential mass market subscribers. Small business subscribers are those that meet the Small Business Administration definition of small business.
The Commission declined to prohibit voice service providers from recovering the costs of call authentication through alternate means. They explained that such prohibition would go beyond the requirements of the TRACED Act. Furthermore, they pointed out that some providers may not have the resources to absorb the cost of implementing caller ID authentication.
Intermediate providers are required to pass unaltered any Identity header that they receive. However, the Commission granted two exceptions:
Intermediate providers are required to authenticate caller ID information of a call that it receives with unauthenticated caller ID information that it will exchange with another service provider as a SIP call. However, an intermediate provider is relieved of this obligation if it has registered with the industry traceback consortium and responds to traceback requests it receives from the Commission, law enforcement, and the industry traceback consortium.
The Commission did not create special rules for gateway providers. They will be required either to authenticate foreign-originated calls that they put on the network or participate in traceback.
Here are the deadlines for the implementation of 2019’s critical anti-robocall statute:
Via Public Notice, annually on July 27, the FCC must obtain information from the private registered consortium and voice service providers on the private-led efforts to trace suspected unlawful robocalls origins and recommendations in its enforcement efforts.
OCTOBER 27, 2020
The FCC fined Affordable Enterprises of Arizona $37.5 million for making more than 2.3 million illegal robocalls over a 14 month period in 2016-17. The calls spoofed caller ID with calls intended to obtain something of value, a violation of the Truth in Caller ID Act.
The telemarketer manipulated caller ID to hide their identity, using telephone numbers of prepaid phones not registered to its business. They continued using these numbers even after the accounts lapsed and the numbers became unassigned. Some of these numbers were then reassigned to consumers, who received angry callbacks from people who were being inundated with robocalls.
The robocalls were selling home improvement and remodeling services.
The FCC was tipped off by a former employee of the telemarketer.
href="https://tcpaworld.com/2020/11/21/fcc-hits-california-telemarketer-with-almost-10-million-fine-over-spoofed-political-ad-in-california-primary/" >21 NOV 2020
The election is over. The fallout from the last one isn’t.
The FCC recently issued a nearly $10,000,000 fine against San Diego telemarketer Kenneth Moser, dba Marketing Support Systems.
In late May 2018, on the eve of a contentious primary, Mr. Moser made 47,610 prerecorded voice message calls to residents of the California 76th State Assembly District in San Diego. Mr. Moser defamed Philip Graham, one of eight candidates for the open State Assembly seat. To do so, he repeated already disproven allegations against Mr. Graham about a sexual assault that never occurred. The message implored primary voters: “We do not need any more creeps in Sacramento.”
Mr. Moser spoofed the number, using the phone number of a competitor that, according to the FCC, Mr. Moser “has a long and contentious relationship with.” The FCC emphasized that it based its fine Mr. Moser’s decision to spoof its competitor’s number.
The FCC rejected Mr. Moser’s arguments against the fine, clarifying that the steep fine “does not hinge on the truthfulness or factual accuracy of the prerecorded message or Moser’s knowledge thereof.” The FCC also rejected Mr. Moser’s argument that the fine violated his constitutional due process rights. According to the FCC, Mr. Moser received sufficient notice and an opportunity to respond.
Mr. Moser must pay the fine thirty days from the FCC’s November 18 Order.
The United States Federal Communications Commission – better known as the FCC (News - Alert) – has a lot on its plate, to say the least. When the nuisance that is robocalls earned public enemy status, STIR-SHAKEN was put in place, but initial policy implementation didn’t quite cover all the bases.
Today, the FCC announced that based on recommendations from the Cloud Communications Alliance (CCA) the Secure Telephone Identity Governance Authority (STI-GA) will abridge requirements in robocall prevention policy.
“Under the previous policy, many VoIP providers – including CCA members – were disqualified from participating in the call authentication framework even though the FCC would require participation," said Mark Iannuzzi, Chairman of CCA Government Affairs Committee and CEO of TelNet (News - Alert).
Specifically speaking, the new FCC policy allows CCA members to leverage STIR-SHAKEN via FCC Robocall Mitigation Database. The initial policy put forth by STI-GA required service providers have direct access to telephone numbers, disqualifying a number of CCA members from implementing STIR-SHAKEN and creating an environment for competitive disadvantage.
"This is great news not just for providers, but for their customers and consumers who will be better assured of the identity of callers. In turn, providers will be able to more quickly and accurately trace back to the source of a call and identify bad actors easily,” Iannuzzi continued.
OCTOBER 21, 2020 You probably know about the benefits STIR-SHAKEN call authentication will provide to consumers: by identifying caller ID spoofing, it will help bring unwanted and illegal robocalls under control. But what about enterprise callers? How will SHAKEN help you? Let’s look.
Telecommunications has been getting more difficult for enterprise callers:
If you run an enterprise outbound call center, you should be planning for STIR-SHAKEN. It will become table stakes for several reasons:
When planning for STIR-SHAKEN, an enterprise call center manager should be thinking about a few important considerations:
Acting in response to yet another requirement of the TRACED Act, the Federal Communications Commission (FCC) has taken steps to protect consumers from “one-ring scams.” As the Commission explained in its November 30, 2020 Report and Order (https://docs.fcc.gov/public/attachments/FCC-20-171A1.pdf), “in the one-ring scam, the scammer typically places a call and causes it to disconnect after one ring, in order to induce the called party to call back and incur toll charges, of which the scammer gets a share.”
Section 12 of the TRACED Act directed the FCC “to consider measures to encourage voice service providers to prevent one-ring scam calls from reaching consumers, including rules that providers may block calls likely associated with one-ring scams.” Additionally, the Act called for the Commission to consider how it could “require international gateway providers, which are the point of entry for calls into the United States, to verify with the foreign originator the nature or purpose of calls before transmitting them for completion to U.S. consumers….” The Congress also directed the FCC to consider how it could work with law enforcement agencies, foreign governments and entities providing call blocking services to address these scam calls. Finally, the FCC is to consider, in consultation with the Federal Trade Commission, how to on better educating consumers on how to avoid such calls.
Founded on its previous initiatives to allow call blocking or illegal robocalls, the FCC expressly enable[s] voice service providers to block calls that are highly likely to be associated with one-ring scams.” In doing so the agency “extend[s] to one-ring scam blocking our recently adopted safe harbor for inadvertent blocking of wanted robocalls using reasonable analytics.”
Some argued that a new rule focused on one-ring scam calls was unnecessary in light of prior FCC actions on call blocking. However, the Commission acted to “remove any doubt that voice service providers may lawfully use reasonable analytics to identify and block calls that appear to be one-ring scam calls, even if such identification proves to be erroneous in any particular instance; that they may do so without fear of liability for inadvertently blocking wanted calls; and that they may do so on a network-wide basis.”
The Report and Order further general describes the FCC’s commitment to expanded collaborative efforts, including working with the interagency group, led by the Attorney General, on the subject of one-ring scams, collaborating with the FTC on consumer education, and “enhancing enforcement coordination and cooperation with foreign governments aimed at combatting unlawful cross-border schemes such as one-ring scams.”
Another TRACED Act mandate now on the books.
FCC Released: November 18, 2020
Secure Telephone Identity Governance Authority Revises Token Access Policy to Eliminate Direct Access to Telephone Numbers Requirement
WC Docket No. 17-97
This Public Notice serves as an informational announcement that, on November 18, 2020, the Secure Telephone Identity Governance Authority (Governance Authority) issued an update to its Service Provider Code (SPC) Token Access Policy.[1] Under the revised policy, an entity will no longer need direct access to telephone numbers to participate in the STIR-SHAKEN caller ID authentication framework.
The Governance Authority, managed by a board consisting of representatives from across the voice service industry, defines the policies and procedures for which entities can acquire a digital certificate necessary to participate in STIR-SHAKEN.[2] One such policy is the SPC Token Access Policy, which establishes three requirements an entity must meet to in order to receive a certificate. In its current iteration, the SPC Token Access Policy requires an entity seeking a certificate, among other things, to “[h]ave direct access to telephone numbers from the North American Numbering Plan Administrator . . . and National Pooling Administrator.”[3]
The newly revised SPC Token Access Policy removes and replaces the requirement that an entity have direct access to telephone numbers to receive a certificate. In place of that requirement, the revised policy requires that an entity must be listed in the Federal Communications Commission’s (Commission) forthcoming Robocall Mitigation Database.[4] The Governance Authority announced that the new policy will be effective upon the Commission’s Robocall Mitigation Certification filing deadline and that, until then, “the current SPC token access policy remains in effect.”[5]
The Commission has recognized concerns raised by some stakeholders that the current SPC Token Access Policy prevents certain categories of voice service providers from participating in STIR-SHAKEN.[6] In recognition of these concerns, the Commission granted an extension to voice service providers that cannot obtain a certificate due to the SPC Token Access Policy “until it is feasible for a provider to participate in STIR-SHAKEN due either to the possibility of compliance with the Governance Authority policy or a change in the Governance Authority policy.”[7] The Commission further “recognize[d] that a voice service provider may not be able to immediately come into compliance with its caller ID authentication obligations after it becomes eligible to receive a certificate,” and found that it “will not consider a voice service provider that diligently pursues a certificate once it is able to receive one in violation of our rules.”[8]
[1] Press Release, ATIS, New Secure Telephone Identity Governance Authority Policies Advance Industry Illegal Robocall Mitigation Goals (Nov. 18, 2020), https://www.atis.org/press-releases/new-secure-telephone-identity-governance-authority-policies-advance-industry-illegal-robocall-mitigation-goals/ (Governance Authority Press Release).
[2] See Call Authentication Trust Anchor, Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97 and 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241, 3246, para. 9 (2020) (First Caller ID Authentication Report and Order and Further Notice).
[3] See STI Governance Authority, STI-GA Policy Decisions Document (2020), https://sti-ga.atis.org/wp-content/uploads/sites/14/2020/11/201118-STIGA-Board-Policy.pdf.
[4] Governance Authority Press Release. In September, the Commission adopted rules requiring voice service providers to file certifications, maintained in a publicly accessible database, that their traffic is either “signed with STIR-SHAKEN or . . . subject to a robocall mitigation program.” Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, FCC 20-136, at 44, para. 82 (2020) (Second Caller ID Authentication Report and Order).
[5] Governance Authority Press Release. The Commission directed the Wireline Competition Bureau (Bureau) to issue a Public Notice announcing both when voice service providers may begin filing certifications in the Robocall Mitigation Database and establishing the deadline for filed certifications. Second Caller ID Authentication Report and Order at 44-45, para. 83. The Commission further directed the Bureau to set the filing deadline no earlier than June 30, 2021. Id.
[6] Second Caller ID Authentication Report and Order at 24, para. 49; First Caller ID Authentication Report and Order and Further Notice, 35 FCC Rcd at 3259, para. 39 n.145.
[7] Second Caller ID Authentication Report and Order at 24, para. 50.
[8] Id.
September 22, 2020 FTC news release
Globex Telecom, Inc. and an affiliated company will pay a total of $1.9 million to settle Federal Trade Commission and State of Ohio charges that they facilitated a scheme that peddled bogus credit card interest rate relief, illegally charging consumers millions of dollars. The settlement marks the end of the FTC’s first consumer protection case against a Voice over Internet Protocol (VoIP) service provider.
The FTC and Ohio alleged that Globex provided a company called Educare Centre Services with the means to make calls to U.S. consumers, including illegal robocalls, to market Educare’s phony credit card interest rate reduction services.
“Bombarding people with unwanted robocalls is illegal – and so is selling bogus credit card interest rate reduction services with an upfront fee,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “We will continue to go after companies like Educare that target people using these unlawful practices, and VoIP service providers like Globex who knowingly help them violate the law.”
The FTC and Ohio charged that both Globex and Educare were controlled by Mohammed Souheil, Globex’s former CEO and president, who was named in the lawsuit along with a number of other corporations and individuals. All the individuals named in this action are Canadian nationals and reside outside of the U.S.
Mohammad Souheil, Prolink Vision, S.R.L., and 9896988 Canada, Inc.
Souheil, along with two corporations under his control, will be prohibited from participating in any telemarketing in the U.S. and from violating the Telemarketing Sales Rule (TSR). These defendants will also be prohibited from marketing debt relief products or services of any kind, and from using misrepresentations in the sale or marketing of any product or service. They, collectively, are subject to a monetary judgment of $7.5 million, which is largely suspended due to an inability to pay. They will be required to pay $150,000.
Globex Telecom, Inc. and 9506276 Canada, Inc.
In addition to paying $1.95 million, Globex and its U.S.-based subsidiaries will be prohibited from hiring Souheil, any of Souheil’s immediate family members, and defendants Charles Kharouf and Sam Madi, to work for Globex or any U.S.-based subsidiary.
These defendants will also be required to abide by client screening and monitoring provisions. For example, Globex and its subsidiaries will not provide VoIP and related services to clients who pay with stored value cards or cryptocurrency, or to clients who do not have a public-facing website or social media presence. They will be required to conduct a screening and review process for all potential clients, and to re-screen any existing client who is subject to a subpoena from the government or similar investigative request.
In addition, Globex and its subsidiaries will be required block any calls made by their clients that appear to come from certain suspicious phone numbers, including emergency numbers like 911, unassigned or invalid numbers, or international numbers that would charge consumers a large amount should they attempt to dial it. They will also be required to block calls using spoofing technology, and to terminate their relationship with any telemarketer or other high-risk client that receives three or more USTelcom Traceback Requests (an official industry complaint about unlawful calls) or line carrier complaints in a 60-day period.
Educare Centre Services, Inc.; Tripletel, Inc.; Sam Madi; Wissam Jalil; and Charles Kharouf
These defendants were sued by the FTC and Ohio for their roles in managing the overseas call centers and other components of the credit card interest rate reduction scheme. Under the terms of their settlements, they will be prohibited from participating in any telemarketing in the United States, from marketing debt relief products or services of any kind, and from using misrepresentations in the sale or marketing of any product or service.
Educare, Madi, and Kharouf will be subject to a judgment of $7.5 million that is largely suspended based on inability to pay. Educare and Madi will be required to forfeit all funds frozen in Educare’s bank accounts. Jalil and Tripletel will be subject to a $2.8 million judgment that is largely suspended based on inability to pay. They will be required to forfeit all funds frozen in Tripletel’s bank account
If any of the defendants are found to have misrepresented their ability to pay, the full amounts of their judgments will be immediately due.
The Commission vote approving the stipulated final orders was 3-0-2, with Commissioners Rebecca Kelly Slaughter and Christine S. Wilson recorded as not participating. The FTC filed the proposed orders in the U.S. District Court for the Western District of Texas.
NOTE: Stipulated final orders have the force of law when approved and signed by the District Court judge.
Dec 3, 2020 FTC news release
Voice over Internet Protocol (VoIP) service provider Alcazar Networks Inc. and its owner settled Federal Trade Commission charges that they facilitated tens of millions of illegal telemarketing phone calls, including some calls from overseas and some that displayed spoofed caller ID numbers.
The proposed settlement bars the defendants from similar misconduct in the future, imposes a monetary penalty, and requires them to screen and monitor their customers. This is the FTC’s second case against a VoIP service provider.
“These defendants acted as a gatekeeper, introducing tens of millions of illegal calls into the U.S.—including robocalls and other calls that impersonated 911 emergency numbers or the government,” said Andrew Smith, Director of the Bureau of Consumer Protection. “The FTC and our law enforcement partners will not tolerate VoIP providers and other companies that assist and facilitate illegal robocallers and scammers.”
According to the FTC’s complaint, Alcazar and its owner Gavin Grabias have assisted and facilitated illegal robocalls, in violation of the FTC’s Telemarketing Sales Rule (TSR). They allegedly continued to do so even after they learned that customers were using their service to initiate calls to numbers on the FTC’s Do Not Call (DNC) Registry and calls displaying spoofed caller ID numbers, including displaying “911.”
The FTC contends the defendants provided VoIP services to an Indian company named E. Sampark, which fraudulently displayed “911” as the caller ID number and dialed calls impersonating the Social Security Administration.
Another Alcazar customer, Derek Bartoli (who was the subject of an FTC action for allegedly violating the TSR), allegedly made more than 50 million illegal telemarketing calls using Alcazar’s services after Alcazar learned Bartoli was calling consumers on the DNC Registry without permission to do so. In addition, many if not all of Bartoli’s calls were robocalls that displayed spoofed caller ID numbers, also in violation of the TSR. These calls used Alcazar’s VoIP services during 2018 and pitched “medical alarms.”
The proposed order settling the FTC’s complaint prohibits the defendants from violating the TSR, or assisting anyone else in doing so. The order also permanently bans the defendants from assisting telemarketers or overseas customers with dialing robocalls or calls to phone numbers on the DNC Registry—regardless of whether those customers purportedly have permission to do so.
In addition, the order requires the defendants to:
Finally, the order imposes a $105,562 monetary judgment against the defendants, payable to the FTC no later than seven days after its entry by the court.
The Commission vote approving the complaint and proposed stipulated order was 5-0, with Commissioner Christine S. Wilson issuing a separate concurring statement. The FTC filed the complaint and proposed order in the U.S. District Court for the Middle District of Florida.
Dec 01, 2020
The United States Federal Communications Commission – better known as the FCC (News - Alert) – has a lot on its plate, to say the least. When the nuisance that is robocalls earned public enemy status, STIR-SHAKEN was put in place, but initial policy implementation didn’t quite cover all the bases.
Today, the FCC announced that based on recommendations from the Cloud Communications Alliance (CCA) the Secure Telephone Identity Governance Authority (STI-GA) will abridge requirements in robocall prevention policy.
“Under the previous policy, many VoIP providers – including CCA members – were disqualified from participating in the call authentication framework even though the FCC would require participation," said Mark Iannuzzi, Chairman of CCA Government Affairs Committee and CEO of TelNet (News - Alert).
Specifically speaking, the new FCC policy allows CCA members to leverage STIR-SHAKEN via FCC Robocall Mitigation Database. The initial policy put forth by STI-GA required service providers have direct access to telephone numbers, disqualifying a number of CCA members from implementing STIR-SHAKEN and creating an environment for competitive disadvantage.
"This is great news not just for providers, but for their customers and consumers who will be better assured of the identity of callers. In turn, providers will be able to more quickly and accurately trace back to the source of a call and identify bad actors easily,” Iannuzzi continued.
DEC 10, 2020
Oral arguments were heard on December 8 in a case before the U.S. Supreme Court (SCOTUS) that could decide the fate of the Telephone Consumer Protection Act of 1991 (TCPA). The Court’s ruling in this case, Facebook v Duguid, could have huge implications for laws and regulations against unwanted robocalls. Here’s an overview.
The TCPA was enacted to restrict telemarketing calls made with an Automatic Telephone Dialing System (ATDS). To do this, the legislation had to define what an ATDS is. Here’s the definition used in the law:
(1) The term ‘automatic telephone dialing system’ means equipment which has the capacity —
(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and
(B) to dial such numbers.
Although this definition seems simple enough, it’s been ground zero for landmark court cases that have revealed weaknesses and vagueness in the definition.
First, the phrase “store or produce telephone numbers to be called, using a random or sequential number generator” has given judges fits. Does the number generator provision apply to both verbs, “store” and “produce,” or does it only apply to “produce”? What does it mean to store a telephone number using a number generator?
A narrow interpretation has been found in some court cases, where both “store” and “produce” are linked with the number generator requirement. This narrow definition would make it easy for robocall perpetrators to escape the TCPA. They could simply claim that their dialing system doesn’t do all those things.
A broad interpretation has been made in other court findings, where only the number generator provision only applies to “produce.” This makes TCPA effective against more robocall perpetrators, but it also could ensnare callers in other scenarios.
The word “capacity” has proven difficult. It would include any device that’s capable of doing something, regardless of whether it’s actually used that way.
For example, today’s smart phones are capable of being used as an ATDS, with the right software. Does that mean smartphone users are now subject to the TCPA? Can they be prosecuted and fined for making calls to people without express consent, even if they don’t use their phone to blast out robocalls?
If the Court sides with the Plaintiff, Duguid, and his quest for a broad definition of ATDS, then the TCPA would remain effective against a wider class of robocall activity. However, it could potentially be used against callers using smart phones, which are capable of being used as an ATDS, even in situations where the caller was not using that capability.
Facebook seeks a narrow definition of ATDS. If the SCOTUS agrees, then the TCPA would be in jeopardy. High-volume callers could easily avoid the TCPA by using an ATDS that doesn’t fit the narrow definition. This could unleash a tidal wave of robocalls.
Eric Troutman, an attorney who specializes in TCPA cases, has commented that, before oral arguments, he would have given Facebook an 85% chance of success in their quest for a narrow ruling on the ATDS definition. After hearing oral arguments, however, he thinks the odds are more like 60-40 in favor of Facebook.
Attorneys from K&L Gates wrote a review of the oral arguments. They believe that the conservative members of the Court (Thomas, Alito, Gorsuch, Kavanaugh, Barrett) seem to favor the narrow interpretation argued by Facebook. Justice Sotomayor seemed to favor the broad interpretation. It was unclear what position Roberts, Breyer, and Kagain seemed to prefer from their questions.
The SCOTUS is expected to issue its decision by mid-2021.
* Verizon has helped customers avoid nearly nine billion robocalls to date; with a year of industry-wide declines in pesky, unwanted calls for the first time in history
BASKING RIDGE, NJ — Dec. 03, 2020 — Earlier this week, Verizon Wireless confirmed at the Federal Communications Commission (FCC) that the company was more than two years ahead of an FCC requirement that all service providers implement the call authentication technology STIR-SHAKEN, which helps address Caller ID spoofing, by June 2021. Verizon has been driving adoption of STIR-SHAKEN, an industry-wide effort that helps verify that a call is in fact from the number displayed on the Caller ID and not spoofed.
As an industry leader that’s taken action early and often, including urging Congress and the FCC to require all service providers to implement this technology, Verizon completed its wireless network upgrade to STIR-SHAKEN in March of 2019. As noted in the certification filing, not only is the company more than two years ahead of the FCC deadline, but it has also begun to exchange substantial volumes of STIR-SHAKEN-enabled calls with other early adopters.
Nearly nine billion calls and counting
To date, Verizon has protected over 75 million customers from nearly nine billion unwanted calls – and counting.
As a result of continued efforts on behalf of customers within the network and application levels, Verizon has seen a year of declines in the volume and frequency of robocalls industry-wide for the first time in history, according to Verizon’s robocall analytics partner Transaction Network Services.
Nov 30, 2020
AT&T, Lumen and US Cellular filed requests with the FCC for deadline extensions to implement STIR-SHAKEN. Verizon asked for a ruling to confirm that they don’t have to deploy STIR-SHAKEN in part of their network. Here’s an overview.
In their petition for deadline extension, AT&T explained the following:
AT&T requested a one-year extension of the June 30, 2021 STIR-SHAKEN implementation deadline.
Lumen
In their request for extension, Lumen explained the following:
In their motion for extension of time, US Cellular explained the following:
In their petition for declaratory ruling or limited extension, Verizon asked for the following:
Nov 20 2020
The FCC Second Report and Order was published in the Federal Register today, which sets its effective date, at which point it will be written into the rules, at December 17, 2020. These rules contain several deadline dates. Here’s a quick overview.
The Commission adopted their Second Report and Order for the Call Authentication Trust Anchor on September 29, 2020. Here are the key points in the Second Report and Order:
1. Service providers originating calls with NANP calling numbers must do either STIR-SHAKEN or robocall mitigation (if they qualify for an extension) on every call they originate with a NANP calling number.
2. Every service provider that originates or transports calls with NANP calling numbers must file a certification with the FCC explaining how they use SHAKEN and/or robocall mitigation. This certification filing will be publicly accessible in a Robocall Mitigation Database.
3. Every service provider must refuse to transit or terminate calls from upstream providers that do not have a certification on file.
Since the Second Report and Order was published in the Federal Register on November 17, 2020, it will take effect on December 17, 2020. However, this effective date does not change the deadlines in the order itself; December 17 is when the new requirements are written into the rules.
Here are the deadline dates that appear within the rules:
Dec 1 2020 - The United States Federal Communications Commission – better known as the FCC (News - Alert) – has a lot on its plate, to say the least. When the nuisance that is robocalls earned public enemy status, STIR-SHAKEN was put in place, but initial policy implementation didn’t quite cover all the bases.
Today, the FCC announced that based on recommendations from the Cloud Communications Alliance (CCA) the Secure Telephone Identity Governance Authority (STI-GA) will abridge requirements in robocall prevention policy.
“Under the previous policy, many VoIP providers – including CCA members – were disqualified from participating in the call authentication framework even though the FCC would require participation," said Mark Iannuzzi, Chairman of CCA Government Affairs Committee and CEO of TelNet (News - Alert).
Specifically speaking, the new FCC policy allows CCA members to leverage STIR-SHAKEN via FCC Robocall Mitigation Database. The initial policy put forth by STI-GA required service providers have direct access to telephone numbers, disqualifying a number of CCA members from implementing STIR-SHAKEN and creating an environment for competitive disadvantage.
"This is great news not just for providers, but for their customers and consumers who will be better assured of the identity of callers. In turn, providers will be able to more quickly and accurately trace back to the source of a call and identify bad actors easily,” Iannuzzi continued.
Here's the answer.
Calls without digital tokens attached will show 'spam likely' or other negative terms in the caller ID screen. That's why your ASRs are dropping!
Feb 2, 2021
Washington, DC - ATIS and the Secure Telephone Identity Governance Authority (STI-GA) today announced release of the STI-GA 2020 Year-End Report, providing an overview of the technical and policy accomplishments of the STI-GA. The STI-GA is an industry-founded and industry-driven body that, through diverse industry leadership, is working to mitigate illegal caller ID spoofing.
In terms of technical accomplishments, the STI-GA's work is ensuring the SHAKEN framework is fully implemented, stable and ready for expansion. Developed by the ATIS-SIP Forum IP-NNI Task Force, STIR-SHAKEN is the solution to authenticate caller ID that was first selected by the industry and later mandated by the FCC. Implementing SHAKEN required continued development of the technical framework, the Secure Telephone Identity Policy Administrator (STI-PA) system, as well as approval of STI Certification Authorities (STI-CAs) that are required to assign certificates to authorized service providers (SPs).
Using the STI-PA system to verify SP authorization and test SP implementation capabilities, a total of 74 SPs had been cleared to join the STIR-SHAKEN ecosystem by the end of 2020. The FCC STIR-SHAKEN implementation mandate is set for June 30, 2021. Having so many providers register so early is evidence of the tremendous industry confidence in the viability and effectiveness of the SHAKEN solution and Governance Authority.
SHAKEN implementation was also advanced by the STI-GA's approval of STI Certification Authorities (STI-CAs) that are required to assign certificates to authorized service providers (SPs). Eight STI-CA's were fully approved in 2020.
In terms of policy contributions, the STI-GA issued an updated Service Provider Code (SPC) token Access Policy. The SPC token is granted to service providers who qualify under the policy to participate in the STIR-SHAKEN ecosystem. The STI-GA also issued its Revocation and Reinstatement processes designed to remove any bad actor service providers from the ecosystem.
Thus, in terms of both technical viability and policy, the robust SHAKEN framework is now ready for broader industry use and anticipated expansion in 2021, boosting the industry's ability to mitigate illegal caller ID spoofing. Learn about the accomplishments of the STI-GA in the report.
About the STI-GA
The Secure Telephone Identity Governance Authority (STI-GA) is the industry-led effort to support the timely deployment of the STIR-SHAKEN protocol and framework. The STI-GA Board consists of representatives from the following stakeholders:
Learn more about the industry-led STI-GA and its critical contributions toward combatting illegal robocalling.
About ATIS
As a leading technology and solutions development organization, the Alliance for Telecommunications Industry Solutions (ATIS) brings together the top global ICT companies to advance the industry's business priorities. ATIS' 150 member companies are currently working to address 6G, 5G, illegal robocall mitigation, Smart Cities, wireless emergency alerts, artificial intelligence-enabled networks, distributed ledger technology, cybersecurity, IoT, emergency services, quality of service, billing support, operations, and much more. These priorities follow a fast-track development lifecycle - from design and innovation through standards, specifications, requirements, business use cases, software toolkits, open source solutions, and interoperability testing.
ATIS is accredited by the American National Standards Institute (ANSI). ATIS is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a founding Partner of the oneM2M global initiative, a member of the International Telecommunication Union (ITU), as well as a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit www.atis.org. Follow ATIS on Twitter and LinkedIn.
FCC Requires All Voice Providers to Implement STIR-SHAKEN or Adopt Robocall Mitigation Plans by Mid-2021
By Paul B. Hudson and John C. Nelson Jr.
The Federal Communications Commission (FCC) extended its June 2021 deadline for certain small, non-IP, and other voice service providers to implement STIR-SHAKEN call authentication to reduce illegal and unwanted robocalls but required all providers relying on such extensions to prepare written robocall mitigation plans.
All U.S. voice providers and foreign providers delivering calls to the United States for termination must submit a certification of their implementation of STIR-SHAKEN or a robocall mitigation plan, and all voice service providers will have a new duty not to accept calls directly from service providers that have not submitted such certifications. These new rules set forth in the FCC's Second Report and Order (Second R&O) will significantly impact the operations and reporting obligations of nearly every voice service provider.
Background
As explained in our advisories and posts tracking the TRACED Act's implementation, in March 2020, the Commission began adopting and implementing certain robocall enforcement rules and mechanisms. Those included the establishment of a "traceback" consortium dedicated to identifying and tracing illegal robocalls, the adoption of a new rule requiring all originating and terminating voice service providers to implement the STIR-SHAKEN caller ID authentication framework in all IP portions of their networks by June 30, 2021, and safe harbor protections for providers that unintentionally or inadvertently block lawful calls.
Extensions of STIR-SHAKEN Implementation Deadline
The Second R&O grants the following extensions of the June 30, 2021, STIR-SHAKEN implementation deadline.
Two-Year Extension for Small Providers
Providers with 100,000 or fewer voice subscriber lines are granted until June 30, 2023, to implement STIR-SHAKEN on the IP portions of their networks. Subscriber line counts include all business and residential fixed subscriber lines and mobile phones and aggregated over all of the provider's affiliates.
Extension for Non-IP Portions of Provider Networks
Providers are granted a continuing extension of the STIR-SHAKEN implementation deadline for the non-IP (i.e., TDM) portions of their networks. However, such providers must either:
One-Year Extension for Providers With Services Scheduled for Section 214 Discontinuance
Any provider that has or will file a Section 214 discontinuance application on or before June 30, 2021, is granted a one-year compliance extension to June 30, 2022.
Extension for Providers That Cannot Obtain STIR-SHAKEN Certificates
Participation in STIR-SHAKEN requires a certificate from the program's Governance Authority, which is only issued to providers that file an FCC Form 499-A, have an Operating Company Number (OCN), and can obtain direct access to telephone numbers. The FCC granted these providers an extension until they can obtain a certificate.
The FCC left the door open for provider-specific extensions, "expecting" (but not mandating) providers to file extension requests by November 20, 2020, that specifically address the undue hardships they believe the June 30, 2021, implementation deadline will place upon their resources and technical abilities. The FCC expects to resolve timely requests no later than March 30, 2021.
Robocall Mitigation Program Requirements for Providers Granted Extension
All voice service providers that rely on an extension and do not completely implement STIR-SHAKEN by June 30, 2021, must implement and document a robocall mitigation program designed to reduce unlawful robocalls originating on their networks. The FCC requires all programs to include:
The Enforcement Bureau is empowered to prescribe more specific robocall mitigation obligations for any voice service provider it finds has implemented a deficient robocall mitigation program.
All Voice Service Providers Must Submit Certifications and Reject Traffic From Uncertified Providers
The FCC requires every voice service provider to file a certification that its traffic is either signed with STIR-SHAKEN call authentication or subject to a robocall mitigation program. Robocall mitigation certifications must detail the specific "reasonable steps" they have taken to avoid originating illegal robocall traffic.
Additional details such as company contact information will be required, and the FCC plans to announce additional details and a certification deadline during the second quarter of 2021. Providers will have an ongoing obligation to submit updated certifications within 10 days of any change.
The certifications will be used to support a public database. Beginning 90 days after the certification deadline, intermediate and terminating providers will be prohibited from accepting traffic directly from providers not shown in the database as having provided a compliant certification. This rule effectively places an additional duty on all terminating and intermediate providers to monitor the certification database to verify the listing of voice service providers with which they interconnect and to block traffic from non-certified providers.
Intermediate Provider Obligations
The Second R&O requires intermediate carriers to pass unaltered any authenticated Identity header for SIP (IP) calls that they receive from a STIR-SHAKEN participant to the subsequent provider in the call path unless removal is necessary for technical reasons to complete the call or for security reasons where the header presents a threat to its network security.
With respect to unauthenticated calls received in TDM or SIP format, intermediate providers have three options before passing a call to a subsequent provider in SIP:
Prohibition on Line Item Charges for Caller ID Authentication
The Commission prohibits providers from imposing additional line item charges on consumer or small business subscribers for caller ID authentication. This prohibition extends to the cost of upgrading network elements that are necessary to implement caller ID authentication, any recurring costs associated with the authentication and verification of calls, and any costs associated with technology needed to display caller ID authentication information on subscribers' phones.
FEBRUARY 24, 2021
The Industry Traceback Group (ITG) just published a new report, Combatting Illegal Robocalls, with interesting statistics on scam robocalls in the U.S. and progress on eradicating them through traceback. Here are highlights of this report.
About the ITG
USTelecom — The Broadband Association created the ITG in 2015 to foster cooperation in combatting illegal robocalls. In 2020, the FCC designated the ITG as the Robocall Traceback Consortium, an official role established by the TRACED Act.
We described the traceback process in a blog post on robocall traceback in the U.S. The process starts from the robocall recipient and uses an online portal to organize a process where each voice service provider identifies the next upstream provider from which they received the robocalls.
Report highlights
The report provides some interesting statistics.
Illegal robocalls continue to evolve
Traceback highlights in 2020
This traceback relies on timely compliance and participation from providers. Over time, the process has become more efficient and effective, as demonstrated by these ITG statistics from 2020:
See the full report Combatting Illegal Robocalls for further details.
Regulatory compliance with traceback
In the Fourth Report and Order on Advanced Methods to Target and Eliminate Unlawful Robocalls (CG Docket No. 17-59) released December 30, 2020, the FCC required voice service providers to participate in traceback. Here are important quotes from the order:
We adopt our proposal to require all voice service providers to respond to traceback requests from the Commission, civil and criminal law enforcement, and the Consortium...
Some commenters express concern that traceback requests may not go to the correct contact within the organization. We encourage voice service providers to publicly designate a point of contact for such requests...
We generally expect responses within a few hours, and certainly in less than 24 hours absent extenuating circumstances. Patterns of delayed response may lead to Commission enforcement.
Legislation has been reintroduced in the U.S. Senate to require the FCC to issue rulemaking that establishes a Critical Call List of calling numbers that are not eligible to be blocked by voice service providers. Here’s an overview.
The Data Analytics Robocall Technology (DART) Act, S.357, was introduced February 24, 2021 by U.S. Senators Mike Crapo (R-Idaho) and Amy Klobuchar (D-Minnesota). The Senate passed this bill unanimously in December 2020, but it did not pass out of the House of Representatives before the end of the 116th Congress.
The DART Act would require the FCC to do the following:
The Critical Call List may include numbers used:
Deadlines for these measures are:
Written by Tim Starks
MAR 1, 2021 | CYBERSCOOP
After a surprising lull at the onset of the COVID-19 pandemic, phone scammers are back, and showing signs of overlapping more and more with text messages and cyber elements.
Scammers are combining phone calls with tricks to circumvent two-factor authentication, using information they obtain online to make more targeted calls and, in some cases, mimicking the attack methods of hackers, government and industry officials say.
Phone scams that merge with other methods are growing more frequent and difficult to contend with, said Connecticut Attorney General William Tong. “I think it’s common and it’s dangerous, particularly the way that they’re able to cloak themselves or convince you that you need to respond to a particular call or email,” he said.
Internet technology has helped fuel a record number of robocalls thanks to the advent of voice-over IP, a tool that made mass calling convenient and more affordable. Estimates vary, but most studies conclude that U.S. consumers lose billions of dollars annually to phone scams.
Since early in the pandemic, the number of robocalls has hovered at between 3 and 4 billion robocalls per month, and somewhere in the vicinity of 2 billion scam calls within that number, said Alex Quilici, CEO of YouMail, a robocall blocking company. The figure is up from an estimated 2.9 billion in April 2020, some 1.2 billion of which were scam calls. In October 2019, though, YouMail estimated the robocall number at closer to 5.7 billion, roughly 2.4 billion of which were scam calls — a label the company applies to “clearly illegal” calls.
Several factors have pushed the overall numbers down after reaching that record high in late 2019, one of which is improving consumer savvy. That, in turn, has forced scammers to get creative.
“We’re doing way better on robocalls than we were,” said Quilici. “What happened, though, is with the pandemic, people got spoiled and said, ‘Hey, the robocalls went away,’ and now they’re starting to come back and it’s really noticeable.”
The numbers dropped at the pandemic’s outset, according to several experts, because physical call centers still play a role in the number of calls that go out. Those centers, like everyone else, were shutting down offices and adapting to working from other locations. A scam-busting activist featured in the New York Times recently boasted of turning on webcams at those call centers in places like India, where footage shows employees working in cubicles.
While phone scams might be showing more creativity, there is a history of them overlapping with other mediums.
Tech support scam calls usually have had a cybersecurity dimension. In that variety, fraudsters call up pretending to be from Microsoft or another vendor, then say they need access to a victim’s computer to remedy an apparent virus or other fictional technical issue. Finally, the swindlers install malware or try to sell worthless security products.
Tech support scams can also be conducted without phone calls, such as via email.
Quilici said that the real danger, however, is the increasing sophistication of scammers as opposed to just the volume. He said he can see those tech support scammers move toward, say, obtaining a targeted list online of people using a specific version of Windows.
“That’s my worry is that’s where this tech support stuff is going to head,” he said. “They’re going to find lists, they’re going to have information that’s about the person they’re calling that convinces a person they really know it’s them.”
In one kind of scam Proofpoint is seeing more often, the grifters send a text message pretending to be from a bank and ask if a made-up transaction was fraudulent. When the victim replies that they didn’t make that purchase, the scammers call, then swindle the victim into helping circumvent two-factor authentication to gain access to real bank accounts.
Increasingly, consumers have learned to not answer calls from unknown numbers or calls labeled spam by their carriers, said Jacinta Tobin, vice president of cloudmark operations for Proofpoint. But mobile phone users open almost all their text messages, she said.
“So there’s a kind of multimodal cumulative trust that builds, meaning if you get a text and a call from the same person, you’re more likely to trust that source,” she said.
USTelecom, a phone industry organization, established the Industry Traceback Group, which many observers have credited with helping crack down on scam callers. The group is a collaborative industry effort to trace the origins of illegal calls, and it also works closely with law enforcement and regulatory agencies. Josh Bercu, vice president of policy and advocacy, said the traceback program has increasingly been tracing back two kinds of cybersecurity-related calls.
In one variety, scammers make phishing calls in a bid to obtain credentials from call center workers, other employees or customers so they can “do the same thing any cybersecurity hacker can do,” Bercu said.
The other kind the group is increasingly tracing back is “telephonic denial of service (TDoS)” attacks that mimic the tactics of internet distributed denial of service attacks, with the TDoS offenders sometimes flooding a victim’s phone lines beyond their capacity and then demanding a ransom to stop.
One of the most infamous hacks of 2020, where hackers took over high-profile Twitter accounts including those of then-presidential candidate Joe Biden, came after a “phone spear phishing attack” on Twitter employees — although the social media company didn’t offer many more details.
Besides the pandemic and the rise of voice-over IP, other factors affect the rise and fall of robocalls and scam calls, for good or ill.
Asked what’s challenging about battling phone scammers, an attorney in the Federal Trade Commission’s Bureau of Consumer Protection said the nature of telephonic infrastructure itself makes it difficult.
“The issue is that you’ve got a phone network that’s designed to be open source, and with a diffuse network that is designed to avoid outages in certain areas there can be almost an infinite number of pathways that travel from point A to point B, so that there’s redundancy in the system,” said the attorney, Will Maxson.
Designed more than 100 years ago, the copper line that transmits calls can’t carry very much data about a call source, either, Maxson said. That makes it relatively easy for scammers to spoof other numbers.
One thing that might help with that problem is the Federal Communications Commission mandate, under a 2019 law, for carriers to implement a set of caller ID authentication protocols known as STIR-SHAKEN.
Under STIR-SHAKEN, “calls traveling through interconnected phone networks would have their caller ID ‘signed’ as legitimate by originating carriers and validated by other carriers before reaching consumers,” the FCC touted. “Once implemented, it should greatly help the accuracy of caller ID information and should allow voice service providers to provide helpful information to their consumers about which calls to answer.”
The seasons can also drive scam calls numbers, with Proofpoint’s Tobin predicting a rise in Internal Revenue Service-themed fraud efforts as the tax filing deadline approaches.
Law enforcement and other regulatory agencies taking action against illegal callers can demonstrate an immediate impact. Quilici said that an operation in India in December, for instance, drove down overall numbers in January.
Tong and other attorneys general fear that a pending court case could hamper their joint effort to battle robocallers. In 2015, Congress enacted an amendment to a 1991 law, the Telephone Consumer Protection Act that placed restrictions on robocalls. That amendment allowed an exception to robocalls for collecting government debt. The Supreme Court last year struck down that exception.
Because of that Supreme Court ruling, a lower court ruled that the 1991 law’s robocall ban was unenforceable between 2015 and 2020. Last month, a group of attorneys general filed a friend of the court brief arguing against that lower court ruling.
One thing that probably won’t affect the battle against robocalls and scam calls is the shift to a new presidential administration, though, Maxson said.
“From my experience, it hasn’t changed at all really on this issue,” he said. “It’s been an enforcement priority for essentially every commissioner, for every chairman and chairwoman that I’ve worked under.”
Two ransomware groups that CrowdStrike dubs Sprite Spider and Carbon Spider are trying to boost revenue
Ransomware gangs that target big corporations for extortion have long designed their code to execute on Microsoft Windows systems because of the popularity of the operating software.
Now, though, crooks are increasingly applying that tactic to the “hypervisor” computer servers that organizations use to manage virtual machines as a way of maximizing their extortion schemes, security firm CrowdStrike said Friday.
Ransomware hackers have targeted hospitals and schools throughout the pandemic, a security challenge that the Biden administration has vowed to address. Alejandro Mayorkas, the newly installed Homeland Security secretary, on Thursday called ransomware attacks on U.S. public and private organizations an “epidemic” while pledging more government resources to fight the problem.
Breaching a hypervisor is an efficient way for the scammers to encrypt all of the virtual machines running on that software system without having to individually infect each machine. The goal is to up the pressure on big organizations to pay out hefty ransoms.
In the second half of 2020, two Eastern European criminal groups that CrowdStrike calls Sprite Spider and Carbon Spider began deploying malicious code written for the Linux operating system and designed to affect ESXi, a type of hypervisor.
CrowdStrike did not name the organizations targeted by the malware, but the firm warned that other groups could emulate the activity. The company published details on the emerging technique in a blog post.
The emergence of the Linux-focused ransomware strains comes as organizations are increasingly using virtual machines to consolidate their IT networks. But that concentration of resources on a few servers also risks creating a “virtual jackpot” for ransomware gangs, as CrowdStrike researchers Eric Loui and Sergei Frankoff put it.
The evolution of the two cybercriminal groups mirrors the broader ransomware ecosystem that now thrives on a “ransomware-as-a-service” model that leases hacking tools to maximize profit. Shortly after the coronavirus pandemic took hold and the hospitality sector suffered, Carbon Spider shifted from targeting point-of-sale devices to large organizations as a business tactic, according to CrowdStrike.
“This development shows that the ransomware actors are continuing to find new targets, when we see more than one adversary evolve in this way, it likely signifies others will follow suit,” said Adam Meyers, CrowdStrike’s vice president of intelligence.
Four U.S. Senators – two from each side of the aisle – have introduced S. 594, the Anti-Spoofing Penalties Modernization Act of 2021. The lead sponsor – Senator Susan Collins (R-ME) – is joined by Senators Gary Peters (D-MI), Josh Hawley (R- MO) and Kyrsten Sinema (D-AZ) (https://www.collins.senate.gov/newsroom/bill-crack-down-deceptive-tactic-used-robocallers-introduced-senators-collins-sinema-0).
The proposal would double the penalties currently permitted under Section 227(e)(5) of the Telephone Consumer Protection Act (TCPA), as amended by the Truth In Caller ID Act, for illegal robocalls that spoof the telephone number for caller identification purposes.
The current civil forfeiture penalty for each violation would increase from $10,000 to $20,000, or three times that amount for each day of a continuing violation. The current $1,000,000 maximum penalty for any continuing violation would increase to $2,000,000.
The bill has been referred to the Senate Committee on Commerce, Science and Transportation, of which Senators Peters and Sinema are members.
MARCH 2, 2021
Robocall activity plummeted during the first pandemic wave of March–April 2020. Since then, robocalls have been gradually increasing each month and have returned to pre-pandemic levels, despite increased use of robocall prevention measures. Let’s take a closer look.
Monthly robocalls peaked during 2020 at 4.8 billion in February. During March and April, monthly robocall volume dropped 41%, to just under 3 billion per month. CNN reported that the decline included both scam and legitimate robocalls:
The decline coincides with the shuttering of call centers in countries such as India, Pakistan and the Philippines, where workers who are placing unwanted robocalls don’t own laptops to support working from home and some have lost their jobs or been furloughed.
Since April 2020, monthly robocalls have been increasing an average of about 5% per month. Anecdotally we’ve heard about, and experienced for ourselves, an increase in spam robocalls, especially during February 2021.
Robocall prevention actions in 2020
How did this happen? It seems like there was considerable effort to prevent illegal robocalls during this time:
1. The FCC and FTC asked international gateway providers in February 2020, April 2020, and again in May 2020 to block scam robocalls from reaching U.S. consumers. This signaled a heightened level of scrutiny and enforcement from government regulators.
2. In May 2020, the FCC announced that it will no longer warn illegal robocallers before issuing penalties.
3. In June 2020 the FCC announced a $225 million fine against two Texas-based robocallers
4. In June 2020, the FCC issued a staff report on robocall blocking that touted widespread availability of robocall blocking services from voice service providers. Some providers initiated opt-out blocking by default. Many providers reported blocking millions of calls.
5. In July 2020, the FCC approved robocall blocking rules that provide safe harbor to protect voice service providers from liability if they inadvertently block wanted calls. These rules were published in the Federal Register in September 2020 and became effective in October 2020.
6. In July 2020, The FCC designated the Industry Traceback Group as the Registered Traceback Consortium.
7. In September 2020, the FTC and State of Ohio invoked a $2.1 million settlement against a VoIP service provider for bringing illegal robocalls into the U.S.
8. In October 2020, The FCC fined an Arizona-based telemarketer $37.5 million for illegal robocalls.
9. In October 2020, The FCC issued a report and order on one-ring (Wangiri) scam calls. The order explicitly enables voice service providers to block calls from telephone numbers that are highly likely to be associated with one-ring scams. The order also extended safe harbor for blocking such calls.
10. In February 2021, the Industry Traceback Group, which is the designated Robocall Traceback Consortium, reported on the progress made in 2020 in tracing illegal robocalls.
11. On December 30, 2020, the FCC issued a report and order that requires voice service providers to participate in traceback.
Why are robocalls still increasing?
Money. Illegal robocalls are typically trying to sell something or swindle their victims using some sort of scam. The combination of financial motive and lack of effective mitigation, despite increased efforts, means that illegal robocalls are still with us, and growing.
Our STIR-SHAKEN products:
· Most affordable commercial solutions
· Work with any TDM and/or SIP network
· Include support with all aspects of deployment.
Robocall prevention in 2021
There are more robocall prevention initiatives coming in 2021:
Will new measures be sufficient?
The legislators who drafted the TRACED Act, and regulators that enforce it, certainly believe that call authentication and robocall blocking safe harbor will be sufficient to curb illegal robocalls.
However, there is a widely held belief in the industry that call authentication is necessary but not sufficient to reduce illegal robocalls. We agree with this view, for the following reasons:
The TRACED Act and regulations that enforce it require call authentication. Robocall mitigation is only required for use on origination of calls that are not authenticated with STIR-SHAKEN.
Several commentators have urged the FCC to require both call authentication and robocall mitigation, but the Commission has not done so, because the TRACED Act does not instruct them to issue such a rule.
Perhaps customer complaints will pressure voice service providers to perform call authentication and robocall mitigation at origination, and robocall prevention at termination on all calls. The regulations allow this, but do not require it.
MARCH 2, 2021
Robocall activity plummeted during the first pandemic wave of March–April 2020. Since then, robocalls have been gradually increasing each month and have returned to pre-pandemic levels, despite increased use of robocall prevention measures. Let’s take a closer look.
Monthly robocalls peaked during 2020 at 4.8 billion in February. During March and April, monthly robocall volume dropped 41%, to just under 3 billion per month. CNN reported that the decline included both scam and legitimate robocalls:
The decline coincides with the shuttering of call centers in countries such as India, Pakistan and the Philippines, where workers who are placing unwanted robocalls don’t own laptops to support working from home and some have lost their jobs or been furloughed.
Since April 2020, monthly robocalls have been increasing an average of about 5% per month. Anecdotally we’ve heard about, and experienced for ourselves, an increase in spam robocalls, especially during February 2021.
Robocalls are back.
Robocall prevention actions in 2020
How did this happen? It seems like there was considerable effort to prevent illegal robocalls during this time:
11. On December 30, 2020, the FCC issued a report and order that requires voice service providers to participate in traceback.
Why are robocalls still increasing?
Money. Illegal robocalls are typically trying to sell something or swindle their victims using some sort of scam. The combination of financial motive and lack of effective mitigation, despite increased efforts, means that illegal robocalls are still with us, and growing.
Robocall prevention in 2021
There are more robocall prevention initiatives coming in 2021:
Will new measures be sufficient?
The legislators who drafted the TRACED Act, and regulators that enforce it, certainly believe that call authentication and robocall blocking safe harbor will be sufficient to curb illegal robocalls.
However, there is a widely held belief in the industry that call authentication is necessary but not sufficient to reduce illegal robocalls. We agree with this view, for the following reasons:
The TRACED Act and regulations that enforce it require call authentication. Robocall mitigation is only required for use on origination of calls that are not authenticated with STIR/SHAKEN.
Several commentators have urged the FCC to require both call authentication and robocall mitigation, but the Commission has not done so, because the TRACED Act does not instruct them to issue such a rule.
Perhaps customer complaints will pressure voice service providers to perform call authentication and robocall mitigation at origination, and robocall prevention at termination on all calls. The regulations allow this, but do not require it.
.
1,700,600
Toll Free
Toll Free
Synchrony Bank
Financial Customer Call
91.
1,689,800
Toll Free
Toll Free
Health IQ
Medicare Insurance Spam
92.
1,666,500
Toll Free
Toll Free
Wells Fargo
Bank/Credit Card Payment Reminder
93.
1,666,500
Toll Free
Toll Free
Citibank
Bank/Credit Card Payment Reminder
94.
1,659,800
Toll Free
Toll Free
Ally Financial
Debt Collector
95.
1,642,400
Toll Free
Toll Free
Sequium
Debt Collector
96.
1,633,600
Toll Free
Toll Free
Chinese Language Scam
Debt Collector
97.
1,630,700
Seattle, WA
Global Crossing Local Services, Inc.
Amazon
Customer Call
98.
1,622,000
Toll Free
Toll Free
Ally Financial
Bank/Credit Card Payment Reminder
99.
1,621,600
Toll Free
Zipwhip
Comcast
Customer Call
100.
1,613,700
Toll Free
Toll Free
Debt Collection Scam
Flu Shot Reminder
1. Protecting Americans from the dangers of unwanted and illegal robocalls is our top
consumer protection priority.1 More than just an annoyance, these calls are a tool for scammers to take advantage of unsuspecting Americans. Bad actors often “spoof” or falsify caller ID information and deceive call recipients into believing they are trustworthy.2 Even in the midst of the COVID-19 pandemic, bad actors have continued their attempts to use illegal spoofing to target American consumers, once again illustrating the pervasiveness of this problem.3
2. As part of our multi-pronged approach to combat this vexing issue, 4 we have made it a priority to stop the practice of illegal caller ID spoofing.5 For instance, we have issued hundreds of millions of dollars in fines for violations of our Truth in Caller ID rules.6 We recently proposed a forfeiture of $225 million—the largest in the Commission’s history—for a company that made approximately one billion spoofed robocalls,7 and we proposed two forfeiture actions of almost $13 million and $10 million apiece against other entities for apparent spoofing violations.8 We have expanded our Truth in Caller ID rules to reach foreign calls and text messages.9 Pursuant to the TRACED Act, we have selected a consortium to conduct private-led traceback efforts of suspected illegal robocalls, which is particularly useful in instances where the caller ID information transmitted with a call has been
maliciously spoofed.
One key part of our broad efforts to thwart illegal caller ID spoofing has been our work to promote implementation of the STIR/SHAKEN caller ID authentication framework. The STIR/SHAKEN framework allows voice service providers to verify that the caller ID information transmitted with a particular call matches the caller’s number, while protecting consumer privacy and promoting the ability to complete lawful calls. Widespread implementation of STIR/SHAKEN will reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help voice service providers identify calls with illegally spoofed caller ID information before those calls reach their subscribers. We have worked over the course of multiple years to promote caller ID authentication,12 and in 2019 Congress amplified our efforts by passing the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which directs the Commission to take numerous steps to promote and require STIR/SHAKEN implementation.13 In March of this year, building on the foundation laid by our prior work and by Congress, we adopted rules requiring voice service providers to implement the STIR/SHAKEN call authentication technology in the internet protocol (IP) portions of their phone networks by June 30, 2021.14
3. Today, we continue our work to promote the deployment of caller ID authentication technology and to implement the TRACED Act. After consideration of the record, we adopt rules implementing many of the proposals we made in the First Caller ID Authentication Report and Order and Further Notice. Among other things, we adopt rules governing intermediate providers and caller ID
authentication in non-IP networks, we implement the exceptions and extensions established by the TRACED Act, and we prohibit line-item charges for caller ID authentication.
5. As the telecommunications industry has advanced and expanded into IP-based telephony, costs have decreased as competition increased, benefitting consumers greatly. These benefits, however, have eroded the chains of trust that previously bound voice service providers together. Partly due to the rise of the Voice over Internet Protocol (VoIP) software, the telephony industry no longer consists only of a limited number of carriers that all trusted each other to provide accurate caller ID information. Because there are now a multitude of voice service providers and entities originating and transiting calls, bad actors can more easily take advantage of these weakened chains of trust to target consumers with illegally spoofed calls.15
6. Recognizing this vulnerability, technologists from the Internet Engineering Task Force (IETF) and the Alliance for Telecommunications Industry Solutions (ATIS) developed standards to allow the authentication and verification of caller ID information for calls carried over IP networks using the Session Initiation Protocol (SIP).16 Since voice service providers could no longer count on the multitude of entities in each call path to accurately pass the caller ID information, the goal was to create a system that allowed the identification information to safely and securely travel with the call itself. The result is the STIR/SHAKEN call authentication framework.
7. The framework is comprised of several different standards and protocols. The Secure Telephony Identity Revisited (STIR) working group, formed by the IETF, has produced several protocols for authenticating caller ID information.17 ATIS, together with the SIP Forum,18 produced the Signature- based Handling of Asserted information using toKENs (SHAKEN) specification, which standardizes how the protocols produced by STIR are implemented across the industry using digital “certificates.”19 At a high-level, the STIR/SHAKEN framework consists of two components: (1) the technical process of authenticating and verifying caller ID information; and (2) the certificate governance process that
maintains trust in the caller ID authentication information transmitted along with a call.
8. Technology. The STIR/SHAKEN technical authentication and verification processes rely on public key cryptography to securely transmit the information that the originating voice service provider knows about the identity of the caller and its relationship to the phone number it is using throughout the entire length of the call path, allowing the terminating voice service provider to verify the information on the other end.20 The encrypted caller ID information is contained within a unique header to the message used to initiate a SIP call (the SIP INVITE message), called an “Identity” header.21 While there is no technical mechanism within the STIR/SHAKEN framework that ensures this Identity header travels the entire length of the call path unaltered, the unbroken transmission of an unaltered Identity header from the originating voice service provider, through each intermediate provider, to the terminating voice service provider is critical to creating the end-to-end chain of trust that allows a terminating provider to know it has received accurate caller ID information.22
9. Because providers transmit the Identity header in a SIP INVITE and because SIP is IP- based, STIR/SHAKEN only operates in the IP portions of a provider’s network.23 If a call originates on a non-IP network, that voice service provider cannot authenticate the caller ID information; if it terminates on a non-IP network, that voice service provider cannot verify the caller ID authentication information. And if a call is routed at any point over an interconnection point or intermediate provider network that does not support the transmission of SIP calls, the Identity header will be lost.24 While standards bodies are currently working on non-IP call authentication solutions,25 and some vendors are developing potential non-IP solutions,26 there is yet to be an industry consensus on the path forward.27
10. In the STIR/SHAKEN framework, the provider adding the Identity header to the SIP INVITE can use three different levels of attestation to signify what it knows about the identity of the calling party. The highest level of attestation is called full or A-level attestation. A provider assigns an A-level attestation when it is the entry point of the call onto the IP network, it can confirm the identity of the subscriber making the call, and the subscriber is using its associated telephone number.28 The method
or process a provider uses to determine the legitimacy of the caller’s use of a telephone number is specific to each provider.29 As a result, a provider’s reputation is tied to the rigor of its evaluation process.30 The middle level of attestation is called partial or B-level attestation. A provider uses a B-level attestation to
indicate that it is the entry point of the call onto the IP network and can confirm the identity of the subscriber but not the telephone number.31 The lowest level of attestation is called gateway or C-level attestation. A provider uses a C-level attestation when it is the point of entry to the IP network for a call that originated elsewhere but has no relationship with the initiator of a call, such as when a provider is acting as an international gateway.32 A downstream provider can make use of a C-level attestation to trace a call back to an interconnecting service provider or the call’s entry point into the IP network.33 The STIR/SHAKEN standards envision these various attestation levels as information that can facilitate traceback and to enhance the spam identification solutions that terminating voice service providers enable for their customers.34
11. Governance. The STIR/SHAKEN framework relies on digital “certificates” to ensure trust. The voice service provider adding the Identity header includes its assigned certificate which says, in essence, that the voice service provider is the entity it claims to be and that it has the right to authenticate the caller ID information.35 To maintain trust and accountability in the voice service providers that vouch for the caller ID information, a neutral governance system issues the certificates.36 The STIR/SHAKEN governance model requires several roles in order to operate: (1) a Governance Authority, which defines the policies and procedures for which entities can issue or acquire certificates;37 (2) a Policy Administrator, which applies the rules set by the Governance Authority, confirms that certification authorities are authorized to issue certificates, and confirms that voice service providers are authorized to request and receive certificates;38 (3) Certification Authorities, which issue the certificates used to authenticate and verify calls;39 and (4) the voice service providers themselves, which, as call initiators, select an approved certification authority from which to request a certificate, and which, as call recipients, check with certification authorities to ensure that the certificates they receive were issued by the correct certification authority.40 Voice service providers use the digital certificates to indicate that they are trusted members of the ecosystem and their assertions to a calling party’s identity should be accepted.41
12. Under the current Governance Authority rules, a voice service provider must meet certain requirements to receive a certificate.42 Specifically, a voice service provider must have a current FCC Form 499A on file with the Commission, have been assigned an Operating Company Number (OCN), and have direct access to telephone numbers from the North American Numbering Plan Administrator (NANPA) and the National Pooling Administrator.43 The Governance Authority reviews this policy “at least on a quarterly basis,” or as needed.44
13. Commission Action to Promote STIR/SHAKEN. In 2017, the Commission released a Notice of Inquiry into STIR/SHAKEN, launching a broad examination of how to expedite its development and implementation.45 The Commission directed its expert advisory committee on numbering, the North American Numbering Council (NANC), to recommend “criteria by which a [Governance Authority] should be selected” and “a reasonable timeline or set of milestones for adoption and deployment” of STIR/SHAKEN.46 In its May 2018 report,47 the NANC made a number of recommendations regarding establishing and organizing a governance system and promoting STIR/SHAKEN implementation, which Chairman Pai then accepted.48 In November 2018, Chairman Pai sent letters to 14 major voice service providers urging them to implement a robust caller ID authentication framework by the end of 2019, asking providers for specific details on their progress and plans.49 In June 2019, the Commission adopted a Declaratory Ruling and Third Further Notice of Proposed Rulemaking that proposed and sought comment on mandating implementation of STIR/SHAKEN in the event that major voice service providers did not voluntarily implement the framework by the end of 2019.50 Commission staff closely tracked the implementation progress of major voice service providers.51 In December 2019, Congress enacted the TRACED Act, which contains numerous provisions directed at addressing robocalls, including through implementation of STIR/SHAKEN.52 Among other provisions
regarding caller ID authentication, the TRACED Act directed the Commission to require, no later than 18 months from enactment, all voice service providers to implement STIR/SHAKEN in the IP portions of their networks and implement an effective caller ID authentication framework in the non-IP portions of their networks.53
14. In March of this year, we released the First Caller ID Authentication Report and Order and Further Notice in which we adopted rules requiring voice service providers to implement the STIR/SHAKEN caller ID authentication framework in the IP portions of their networks by June 30, 2021.54 We also proposed and sought comment on requirements to strengthen STIR/SHAKEN to implement the TRACED Act. First, we proposed to extend the STIR/SHAKEN implementation mandate to intermediate providers and require them to both pass authenticated caller ID information unaltered and to authenticate unauthenticated calls they receive.55 Second, turning to TRACED Act implementation, we proposed to grant an extension for compliance with the implementation mandate for certain categories of voice service providers, specifically small voice service providers and voice service providers that materially rely on non-IP networks.56 Third, we proposed to require voice service providers using non-IP technology, which cannot support STIR/SHAKEN, to either (i) upgrade their networks to IP to enable STIR/SHAKEN implementation or (ii) work to develop non-IP caller ID authentication technology.57 Fourth, we proposed to implement a process, as directed by the TRACED Act, pursuant to which voice service providers may become exempt from the STIR/SHAKEN implementation mandate if we determine that they have achieved certain implementation benchmarks.58 Fifth, we proposed to prohibit voice service providers from imposing additional line item charges on consumer and small business subscribers for caller ID authentication.59 Sixth, we sought comment on how to address consumer confusion or competition issues related to call labeling.60 Finally, we sought comment, as directed by the TRACED Act, on whether and how to modify our policies regarding access to numbering resources to help reduce illegal robocallers’ access.61
15. Implementation Progress. As reported previously, major voice service providers fell into one of three categories regarding their implementation progress by the end of 2019: (1) voice service providers that upgraded their networks to support STIR/SHAKEN and began exchanging authenticated traffic with other voice service providers; (2) voice service providers that upgraded their networks to support STIR/SHAKEN but had not yet begun exchanging authenticated traffic with other voice service providers; and (3) voice service providers that had achieved limited, if any, progress towards upgrading their networks to support STIR/SHAKEN.62 Since the end of 2019, several major voice service providers have announced further progress in STIR/SHAKEN implementation. In February 2020, T-Mobile announced that it began exchanging authenticated traffic with Sprint,63 and in March 2020, Bandwidth announced that it has begun exchanging authenticated traffic with T-Mobile.64 In addition to the 14 major voice service providers discussed in detail in the First Caller ID Authentication Report and Order and Further Notice, other voice service providers and intermediate providers have made progress toward STIR/SHAKEN implementation as well.65 The Governance Authority reports that 34 voice service providers have been approved to participate in the STIR/SHAKEN framework through the governance system; 9 providers have completed the testing process and are finalizing their approval; and 52 providers have begun registration and are in some stage of the testing process.66
16. Today, we take the next steps to promote the widespread deployment of caller ID authentication technology and implement the TRACED Act. In the Report and Order, we first address the definitions and scope of several terms used in the TRACED Act. Next, we adopt rules on caller ID authentication in non-IP networks. We assess the burdens and barriers to implementation faced by various categories of voice service providers and adopt extensions to the STIR/SHAKEN mandate based on our assessment. We also establish the required robocall mitigation program that voice service providers with an extension must implement and elaborate on the annual reevaluation process for extensions required by the TRACED Act. We then adopt rules implementing the exemption mechanism established by the TRACED Act for voice service providers that meet certain criteria regarding early STIR/SHAKEN implementation. We prohibit voice service providers from imposing additional line item charges for call authentication technology. Finally, to avoid gaps in a call path that could lead to the loss of caller ID authentication information, we expand our STIR/SHAKEN implementation mandate to encompass intermediate providers.
17. In the First Caller ID Authentication Report and Order and Further Notice, we adopted definitions of several terms used in the TRACED Act. Specifically, we adopted definitions of “STIR/SHAKEN authentication framework” and “voice service” that closely align with the statutory language enacted by Congress.67 To provide an opportunity for further refinement of the definitions we adopted, we sought comment in the Further Notice on whether to alter or add to them.68 We also proposed in the Further Notice to interpret “providers of voice service” on a call-by-call basis rather than
a provider-by-provider basis in order to best effectuate Congressional direction.69 In other words, we proposed evaluating whether a specific entity is a voice service provider (i.e., “provider of voice service”) within the meaning of the TRACED Act on the basis of the entity’s role with respect to a particular call, rather than based on the entity’s characteristics as a whole. Today, we reaffirm our definitions of “STIR/SHAKEN authentication framework” and “voice service,” and adopt a rule codifying our proposed interpretation of “providers of voice service.”
18. Definition of “STIR/SHAKEN Authentication Framework.” The definition of “STIR/SHAKEN authentication framework” that we adopted in the First Caller ID Authentication Report and Order and Further Notice closely tracks the language Congress used in the TRACED Act.70 In the Report and Order, we defined “STIR/SHAKEN authentication framework” as “the secure telephone identity revisited and signature-based handling of asserted information using tokens standards.”71 We did not receive any comments in the record seeking clarification, so we reaffirm the definition we adopted previously.
19. Definition of “Voice Service.” We next reaffirm the definition of “voice service” that we adopted in the First Caller ID Authentication Report and Order and Further Notice.72 Specifically, we defined “voice service” as a service “that is interconnected with the public switched telephone network and that furnishes voice communications to an end user,” and which includes “without limitation, any service that enables real-time, two-way voice communications, including any service that requires [IP]- compatible customer premises equipment . . . and permits out-bound calling, whether or not the service is one-way or two-way voice over [IP].”73 The definition we adopted is identical to the language Congress included in the TRACED Act.74 We explained in the First Caller ID Authentication Report and Order and Further Notice that, based on the definition of “voice service” we adopted, our STIR/SHAKEN rules apply to “all types of voice service providers—wireline, wireless, and Voice over Internet Protocol (VoIP) providers,” including both two-way and one-way interconnected VoIP providers.75 And we clarified that voice service providers which lack control over the network infrastructure necessary to implement STIR/SHAKEN are not subject to our implementation requirements.76 Commenters that
address the issues nearly unanimously support our definition and interpretation of “voice service,”77 though several commenters seek further clarification.
20. First, NCTA and CenturyLink advocate for us to interpret our rules to apply to “over-the- top (OTT) service that possess technical control over the origination of calls on their platforms.”78 No commenter opposed these requests. We reiterate our belief that for STIR/SHAKEN to be successful, every service provider capable of implementing the framework must participate.79 We therefore conclude that to the extent a provider of OTT service provides “voice service,”80 and has control of the relevant network infrastructure to implement STIR/SHAKEN,81 it is subject to our rules.
21. NCTA further encourages us to revise the current definition of “interconnected VoIP” found in section 9.3 of our rules in order to “harmonize” it with our caller ID authentication regulations.82 Section 9.3 generally limits “interconnected VoIP service” to two-way interconnected VoIP and only includes one-way VoIP as “interconnected VoIP” in the context of the Commission’s 911 obligations.83 We understand the definition of “voice service” that Congress adopted in the TRACED Act to encompass both two-way and one-way interconnected VoIP.84 Because we rely on the statutory term “voice service” and because the meaning of that term is not limited by the definition of “interconnected VoIP” in section
9.3 of our rules, we see no reason to revisit of the definition of interconnected VoIP in section 9.3 in this proceeding.
22. Second, Microsoft argues that the definition of “voice service” should be read to exclude inbound-only VoIP service.85 Microsoft argues that this service is outside the scope of the STIR/SHAKEN standards,86 and that the reference to service that “permits out-bound calling” in the
TRACED Act definition precludes application of our requirement to inbound-only VoIP service. We disagree. We understand the TRACED Act—which defines “voice service” to mean “any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user” and includes, “without limitation, any service that enables real-time, two-way voice communications, including any service that . . . permits out-bound calling”—to establish a broad concept of voice service.87 We read the phrase “without limitation” as indicating that the subsequent phrase “permits out-bound calling” is not a limitation on the initial, general definition of “voice service,” which encompasses in-bound VoIP. Similarly, in the context of our Truth in Caller ID rules, we interpreted the term “interconnected” as used in a substantially similar definition of “voice service” in the RAY BAUM’s Act to include any service that allows voice communications either to or from the public switched telephone network (PSTN), regardless of whether inbound and outbound communications are both enabled within the same service.88 Because our STIR/SHAKEN rules impose obligations on both the originating and terminating side of a call, we believe that this broad reading of “interconnected” is also appropriate here. Further, reaching in-bound VoIP advances the purposes of the TRACED Act and widespread caller ID authentication. Our rules, consistent with the ATIS standards, require a voice service provider terminating a call with authenticated caller ID information to verify that information according to the STIR/SHAKEN framework.89 We thus reject Microsoft’s argument that reaching in- bound VoIP is unnecessary because the standards comprising STIR/SHAKEN do not assign actions to be taken when terminating a call.90
23. Definition of “Providers of Voice Service”—Call-by-Call Basis. Congress directed many of the TRACED Act caller ID authentication requirements to “providers of voice service.” We proposed in the First Caller ID Authentication Report and Order and Further Notice to interpret “providers of voice service” on a call-by-call—rather than entity-by-entity—basis.91 Under this interpretation, a provider of voice service is not subject to TRACED Act requirements for all services simply because some of its services fall under the definition of “voice service.”92 Instead, only those services that meet the TRACED Act definition of “voice service” are subject to TRACED Act obligations.93 We adopt our proposal. Both commenters that addressed the issue support our proposal.94 We find that the call-by-call approach best fits the TRACED Act’s structure because it gives meaning to Congress’s inclusion of a definition for “voice service” and because it best comports with the TRACED Act’s allocation of duties on the basis of call technology, e.g., differentiating duties between calls over IP and non-IP networks.
24. The TRACED Act directs us, not later than June 30, 2021, to require voice service providers to take “reasonable measures” to implement an effective caller ID authentication framework in the non-IP portions of their networks.95 Given the large proportion of TDM-based networks still in use, we expect a significant number of calls to be outside the STIR/SHAKEN authentication framework in the near term. In light of this, it is critically important that we take strong action to address the issue of caller ID authentication in non-IP networks. To that end, we interpret the TRACED Act’s requirement that a voice service provider take “reasonable measures” to implement an effective caller ID authentication framework in the non-IP portions of its network as being satisfied only if the voice service provider is actively working to implement a caller ID authentication framework on those portions of its network. A voice service provider satisfies this obligation by either (1) completely upgrading its non-IP networks to IP and implementing the STIR/SHAKEN authentication framework on its entire network, or (2) working to develop a non-IP authentication solution. We adopt rules accordingly, and find that this approach best balances our goal of promoting the IP transition while simultaneously encouraging the development of a non-IP authentication solution for the benefit of those networks that cannot be speedily or easily transitioned.96 By adopting rules that are not overly burdensome, we leave voice service providers free to prioritize transitioning to IP, and we strongly encourage voice service providers to take advantage of this opportunity to do so.97
25. In the First Caller ID Authentication Report and Order and Further Notice, we proposed that a voice service provider satisfies the “reasonable measures” requirement under section 4(b)(1)(B) of the TRACED Act if it is able to provide us, upon request, with documented proof that it is participating, either on its own or through a representative, as a member of a working group, industry standards group, or consortium that is working to develop a non-IP solution, or actively testing such a solution.98 We explained that this proposal was consistent with our proposed approach to assessing whether a voice service provider is making “reasonable efforts” to develop a caller ID authentication protocol in the context of determining whether to limit or terminate an extension of compliance granted under section 4(b)(5)(B) for non-IP networks. We adopt a new rule reflecting this proposal and clarify its specific requirements.
26. Under our rule, a voice service provider satisfies its obligations if it participates through a third-party representative, such as a trade association of which it is a member or vendor. While our proposal did not include mention of trade associations or vendors, we agree with CCA that it would be best to broaden the scope of this requirement by including such representatives within the bounds of our requirement.99 Some industry groups have already established working groups dedicated to examining potential non-IP call authentication technologies.100 Allowing for such representatives will reduce the burden of this obligation on individual voice service providers and minimize the potential negative impact of broad and inexpert participation identified in the record,101 while ensuring that all voice service
providers remain invested in developing a solution for non-IP caller ID authentication. A wider range of efforts will encourage a greater number of industry partnerships, increasing resource and information sharing and speeding the development of a non-IP solution.
27. We expect the benefits of this approach to be numerous, and the costs to voice service providers comparatively small. While some commenters provided estimates of the cost of replacing their non-IP networks,102 none provided estimates of the cost of working to develop a caller ID authentication solution for non-IP networks. Given that our firm but flexible approach permits voice service providers to satisfy this obligation by participating either on their own or through a representative, as members of a working group or consortium that is working to develop or actively testing a non-IP solution, we expect that any related compliance costs will be quite limited. By comparison, the benefits of voice service providers either upgrading their non-IP networks to IP to support STIR/SHAKEN or working to develop a caller ID authentication solution for non-IP networks will be considerable, not only in the less tangible benefits they will have for consumers by reducing the waste and frustration resulting from illegal robocalls, but in terms of actual monetary savings. Indeed, as we found in the First Caller ID Authentication Report and Order and Further Notice, the monetary benefits of STIR/SHAKEN are likely to be in the billions of dollars.103 The greater the number of voice service providers that implement an effective caller ID authentication framework—either by upgrading their non-IP networks to IP and implementing STIR/SHAKEN, or by developing and implementing an effective non-IP solution—the more effective these frameworks will be in combatting illegal robocalls, and the more of the expected benefits will be realized. Thus, the rules we adopt today will help achieve these savings while simultaneously minimizing the cost of compliance.
28. We disagree with ATIS’s contention that we should not adopt rules governing non-IP caller ID authentication until the joint ATIS/SIP Forum IP-NNI Task Force concludes its work investigating the viability of non-IP caller ID authentication frameworks.104 Given that this task force is precisely the kind expressly contemplated, and indeed, mandated, by our order today, we see no reason to delay these rules. Indeed, the Task Force’s existence is confirmation that we have construed the “reasonable measures” standard in a manner that appropriately dovetails with current industry efforts to develop a non-IP solution.105 Further, the rules we adopt today are required by Congressional direction to mandate voice service providers to take “reasonable measures” to implement a non-Internet Protocol no later than June 30, 2021; we have no discretion to wait until a given task force has concluded its work to adopt rules.
29. Although CTIA argues that requiring voice service providers to participate in industry standards groups committed to developing or actively testing a non-IP solution “may not improve the development” of such solutions, and would in fact “divert resources from STIR/SHAKEN deployment and other robocalls mitigation efforts,” it offers no alternative interpretation of the “reasonable measures”
standard mandated by Congress in the TRACED Act.106 We must impose a meaningful mandate to fulfill Congress’s direction to require “reasonable measures to implement” a non-IP caller ID authentication solution.107 Requiring voice service providers that choose not to upgrade their non-IP networks to IP to contribute to groups and organizations that are working to test or develop a non-IP solution strikes a balance between promoting caller ID authentication solutions for TDM networks, as required by the TRACED Act, and leaving resources free to invest in IP networks. By allowing participation through a working group, consortium, or trade association, we allow voice service providers to efficiently pool their expertise and resources with the goal of not replicating one another’s efforts and more efficiently developing a non-IP solution. We therefore are not convinced by CTIA’s arguments that the requirement we adopt will unduly stunt STIR/SHAKEN deployment or that voice service providers will have “few resources left to dedicate to industry standards groups.”108
30. We are likewise unconvinced by TransNexus’s conclusory claim that participating in a working group would not constitute a “reasonable effort” to implement an effective caller ID authentication framework on non-IP networks.109 Contributing to an industry-led body dedicated to pooling expertise and resources in the hopes of developing and/or testing non-IP solutions is a reasonable and efficient strategy for encouraging the creation and deployment of such solutions.
31. Out-of-Band STIR. We decline to mandate out-of-band STIR for non-IP networks. Out- of-band STIR is a proposed non-IP solution whereby caller ID authentication information is sent across the Internet, out-of-band from the call path.110 Commenters have widely divergent views as to the viability of out-of-band STIR as a method of effective caller ID authentication in non-IP networks. While a handful advocate for the implementation of out-of-band STIR as the best method of ensuring effective call authentication in non-IP networks,111 with Neustar even claiming that this solution should be widely available in advance of the June 30, 2021 implementation deadline,112 many others contend that out-of-
band STIR is not yet a viable solution.113 Comcast claims that out-of-band STIR is an untested, time- consuming, and costly solution that would require the re-creation of multiple network functions in parallel to IP networks.114 Given the undeniably sharp divide between commenters and the absence of sufficient testing and implementation to demonstrate the viability of out-of-band STIR as an industrywide solution, we find that it is not possible to conclude, based on the record before us, that out-of-band STIR is an effective non-IP solution. We find that significant industry consensus is an important predicate to deeming a non-IP solution “effective,” given that cross-network exchange of authenticated caller ID information is a central component to caller ID authentication. Thus, we cannot at this time mandate adoption of out-of-band STIR by voice service providers in the non-IP portions of their networks.115 At the same time, we observe that opponents of this technology have offered no meaningful alternative solutions. To those that would oppose this possible solution without mention of an alternative, we take this opportunity to note that standards work requires both constructive input and compromise on the part of all parties and stakeholders.
32. Effective Non-IP Caller ID Authentication Framework. As we explain in the context of the extension of the implementation deadline for certain non-IP networks, we will continue to evaluate whether an effective non-IP caller ID authentication framework emerges from the ongoing work that we require. Consistent with that section, we will consider a non-IP caller ID authentication framework to be effective only if it is: (1) fully developed and finalized by industry standards; and (2) reasonably available such that the underlying equipment and software necessary to implement such protocol is available on the commercial market.116 If and when we identify an effective framework, we expect to revisit our “reasonable measures” requirement and shift it from focusing on development to focusing on implementation. We encourage voice service providers and others to put forward a framework they view as effective for our consideration. We also will continue to monitor progress in developing a non-IP authentication solution and may revisit our approach to the TRACED Act’s “reasonable measures” requirement if we find that industry has failed to make sufficient progress in either transitioning to IP or developing a consensus non-IP authentication solution. We stand ready to pursue additional steps toensure more fulsome caller ID authentication in non-IP networks, including by revisiting our non- prescriptive development-based approach if needed.
33. Legal Authority. We find authority for these rules under section 4(b)(1)(B) of the TRACED Act. That section expressly directs us to obligate voice service providers to take “reasonable measures” to implement an effective caller ID authentication framework in the non-IP portions of their networks and is a clear source of authority for these non-IP obligations.117
34. We also conclude that section 251(e) of the Communications Act of 1934, as amended (the Act), provides additional independent authority to adopt these rules. Section 251(e) provides us “exclusive jurisdiction over those portions of the North American Numbering Plan (NANP) that pertain to the United States.”118 Pursuant to this provision, we retain “authority to set policy with respect to all facets of numbering administration in the United States.”119 Our exclusive jurisdiction over numbering policy enables us to act flexibly and expeditiously with regard to important numbering matters.120 When bad actors unlawfully falsify or spoof the caller ID that appears on a subscriber’s phone, they are using numbering resources to advance an illegal scheme. Mandating that voice service providers take “reasonable measures” to deploy an effective caller ID authentication framework in the non-IP portions of their networks will help to prevent the fraudulent exploitation of NANP resources by permitting those providers and their subscribers to identify when caller ID information has been spoofed. Section 251(e) thus grants us authority to mandate that voice service providers take “reasonable measures” to implement an effective caller ID authentication framework in the non-IP portions of their networks in order to prevent the fraudulent exploitation of numbering resources. Moreover, as the Commission has previously found, section 251(e) extends to “the use of . . . unallocated and unused numbers”; it thus gives us authority to mandate that voice service providers implement an effective caller ID authentication framework to address the spoofing of unallocated and unused numbers.121
35. Finally, we find authority under the Truth in Caller ID Act. Congress charged us with prescribing regulations to implement that Act, which made unlawful the spoofing of caller ID information “in connection with any voice service or text messaging service . . . with the intent to defraud, cause harm, or wrongfully obtain anything of value.”122 Given the constantly evolving tactics by malicious callers to use spoofed caller ID information to commit fraud, we find that the rules we adopt today are necessary to enable voice service providers to help prevent these unlawful acts and to protect voice service subscribers from scammers and bad actors. Thus, section 227(e) provides additional independent
authority for these rules.123
36. The TRACED Act includes two provisions for extension of the June 30, 2021 implementation date for caller ID authentication frameworks. First, the TRACED Act states that we “may, upon a public finding of undue hardship, delay required compliance” with the June 30, 2021 date for caller ID authentication framework implementation for a “reasonable period of time.”124 Second, we “shall grant a delay of required compliance” with the June 30, 2021 implementation date “to the extent that . . . a provider or class of providers of voice services, or type of voice calls, materially relies on a non-[IP] network for the provision of such service or calls” “until a call authentication protocol has been developed for calls developed over non-[IP] networks and is reasonably available.”125
37. Under either extension provision, an extension may be provider-specific or apply to a “class of providers of voice service, or type of voice calls.”126 We must annually reevaluate any granted extension for compliance.127 When granting an extension of the implementation deadline under either provision, we must require impacted voice service providers to “implement an appropriate robocall mitigation program to prevent unlawful robocalls from originating on the network of the provider.”128
38. Based on these directives and for the reasons discussed below, we grant the following extensions from implementation of caller ID authentication: (1) a two-year extension to small, including small rural, voice service providers; (2) an extension to voice service providers that cannot obtain a certificate due to the Governance Authority’s token access policy until such provider is able to obtain a certificate; (3) a one-year extension to services scheduled for section 214 discontinuance; and (4) as required by the TRACED Act, an extension for the parts of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls until a solution for such calls is reasonably available.129 We further direct the Wireline Competition Bureau (Bureau) to reevaluate extensions annually, and we require any voice service provider that receives an extension to implement and certify that it has implemented a robocall mitigation program by June 30, 2021.
39. The TRACED Act grants us the discretion to extend a voice service provider’s obligation to comply with the June 30, 2021 caller ID authentication implementation mandate upon a public finding of undue hardship.130 It states that the extension may be “for a reasonable period of time . . . as necessary
. . . to address the identified burdens and barriers.”131 In connection with our determination of whether to grant an extension, the TRACED Act specifically directs us, not later than December 30, 2020 “and as
appropriate thereafter,” to assess any burdens and barriers to implementation of caller ID authentication technology by (1) voice service providers that use time-division multiplexing network technology (TDM), a non-IP network technology; (2) small voice service providers; and (3) rural voice service providers.132 It further directs us to assess burdens and barriers created by the “inability to purchase or upgrade equipment to support the call authentication frameworks . . . or lack of availability of such equipment.”133 The TRACED Act does not require us to grant undue hardship extensions to the categories of entities for which we must evaluate burdens and barriers to implementation, nor does it limit us to granting undue hardship extensions to entities within the categories for evaluation that it identifies. Based upon our review of the record, including our evaluation of burdens and barriers to implementation by certain categories of entities as directed by the TRACED Act, we grant extensions to: (1) small, including small rural, voice service providers; (2) voice service providers that cannot obtain the certificate necessary for STIR/SHAKEN; and (3) services subject to a discontinuance application. We decline to grant requested extensions for non-IP services, for larger rural voice service providers, due to equipment unavailability, for enterprise calls, for intra-network calls, or due to compatibility issues.
40. Extension for Small Voice Service Providers. The TRACED Act specifically directs us to evaluate whether to grant an extension based on undue hardship for small voice service providers. In the First Caller ID Authentication Report and Order and Further Notice, we proposed granting a one-year implementation extension due to undue hardship for small, including small rural, voice service providers.134 After reviewing the record, we grant a two-year extension for small voice service providers, which we define as those with 100,000 or fewer voice subscriber lines.
41. The record reflects that a barrier to STIR/SHAKEN implementation for small voice service providers is the substantial cost, despite resource constraints, to implement STIR/SHAKEN.135 For instance, according to CTIA, “many small providers face financial and resource constraints that other providers do not” as “[s]mall providers are driving toward the mandate deadline, but with fewer employees and smaller budgets, they may require more time to transition to STIR/SHAKEN.”136 Small voice service providers must also balance limited resources and expenses with other required technology transitions.137 Most recently, commenters explain that the COVID-19 pandemic has monopolized substantial available resources, increasing the burden on small voice service providers.138
42. Relatedly, the record demonstrates that equipment availability issues specifically impact small voice service providers. Such providers rely on third-party vendor solutions, particularly software solutions, to implement STIR/SHAKEN, and these solutions may be prohibitively expensive for some
small voice service providers.139 For instance, WISPA asserts that “[s]ome vendor’s minimum fees could exceed a small provider’s entire voice revenues.”140 WTA agrees that the upfront expenses “could cause a budget shortage for small providers that have a limited, set multi-year budget that is already dedicated to new deployments, staff, etc.”141 Further, ACA Connects expresses concern over a lack of transparency regarding the costs and relative advantages of available vendor solutions as its smaller voice service provider members, with limited budgets, must carefully apportion funds for STIR/SHAKEN deployment.142 Indeed, small voice service providers report they have “been quoted annual rates from different vendors that range from the low five figures to the low six figures, not including any upfront costs to install the solution,” with no explanation for the rate disparity.143 The record reflects that as medium and large voice service providers start to widely deploy STIR/SHAKEN, new and improved solutions will emerge, increasing competition among vendors and decreasing costs.144 In addition, multiple commenters contend that small voice service providers are unable “to procure ready-to-install solutions” from a variety of vendors “on the same timeframe as the nation’s largest voice service providers.”145 According to NTCA, its members “are typically ‘at the mercy’ of vendors that respond to the larger operator community muc[h] faster, likely based on the latter’s market share and buying power.”146 As a result, timing and availability of these vendor solutions may be out of the control and reach of small voice service providers.147 Further, commenters contend that these vendor solutions remain at an early stage of development and “far from ‘ready to install’ solutions.”148
43. We are convinced by this record that an extension is appropriate for small voice service providers. The record largely supports our proposal for an implementation extension for small voice
service providers,149 and we agree with these commenters that an extension is warranted to allow small providers sufficient time to address challenges such as equipment cost and availability. For instance, according to ACA Connects, NTCA, WISPA, and WTA, vendor costs may be prohibitively expensive for small voice service providers and could result in budget shortages.150 Additional time will allow voice service providers confronted with budget shortages to spread costs over a longer time horizon.151 Further, small voice service providers claim vendor solutions are still in nascent stages of development,152 and an extension will allow vendors that work with small voice service providers more time to develop solutions and offer those solutions at a lower cost as the market matures.153
44. Transaction Network Services and AT&T contend that we should not grant a blanket extension for small voice service providers. 154 These commenters claim that such an extension would be overinclusive because not all small voice service providers face identical hardships,155 and allege that illegal robocalls may originate from these providers.156 We disagree. The overwhelming record support persuades us that small voice service providers, as a class, face undue hardship, and supports the need for a blanket implementation extension for such providers to give them the necessary time to implement STIR/SHAKEN.157 Further, as ACA Connects contends, granting extensions on a case-by-case basis for small voice service providers would “inundate the Commission with extension requests from a multitude of small providers, many of them presenting evidence of the same or similar implementation burdens” and “consume funds that would be better spent working towards implementation of STIR/SHAKEN.”158 We do not find that this extension will unduly undermine the effectiveness of STIR/SHAKEN. As small voice service providers account for only a small percentage of voice subscribers, an extension covering these providers will account for the unique burdens they face while ensuring that many subscribers benefit from STIR/SHAKEN.159 Further, the prevalence of STIR/SHAKEN will encourage small voice service providers that can afford to do so to implement the framework as soon as possible to provide the protections it offers to their subscribers. And small voice service providers—like all providers subject to an extension—are obligated to implement a robocall mitigation program to combat the origination of illegal robocalls during the course of the extension.160
45. We conclude that the extension we grant should run for two years, subject to possible extension pursuant to the evaluation discussed below. Multiple commenters advocated for an extension longer than one year.161 For instance, WISPA and Atheral contend that small voice service providers require an extension of at least two years beyond the implementation deadline to “budget for and absorb the cost of needed upgrades”162 and to “allow for the development of vendor solutions and reduction in cost to more affordable levels as volume scales.”163 We expect this extension for small voice service providers will drive down implementation costs by allowing these providers to benefit from a more mature market for equipment and software solutions necessary to implement STIR/SHAKEN.164 Small
voice service providers have also filed estimates of the cost of implementing STIR/SHAKEN on their networks.165 The additional implementation time will allow these providers to spread the cost of implementation across a longer time horizon. We find that an implementation deadline of two-years allows for sufficient time—but no more than necessary—for small voice service providers to meet the challenges of implementing STIR/SHAKEN on their networks. Our guiding principle in setting this deadline is to achieve ubiquitous STIR/SHAKEN implementation to combat the scourge of illegal caller ID spoofing as quickly as possible. This extension should also ease the additional burdens placed on small voice service providers by the COVID-19 pandemic, which has consumed significant resources.166
46. We decline at this time NTCA’s requests to tie an implementation extension until June 30, 2023 to “the vendor community delivering solutions in 2020,” and to grant additional implementation time for small voice service providers “unable to obtain vendor solutions by the end of 2020.”167 In the interest of promoting ubiquitous STIR/SHAKEN implementation, we decline at this time to grant a longer extension for small voice service providers that may face continued implementation challenges in the future. We find that a longer extension would discourage the swift development of effective vendor solutions and slow the deployment of STIR/SHAKEN to the detriment of consumers. We also find that a longer extension would unnecessarily rely on speculation about marketplace realities several years from now. The Bureau may grant a further extension if it determines such an extension is appropriate in its annual reevaluation.
47. Finally, we establish that, as proposed in the First Caller ID Authentication Report and Order and Further Notice,168 a provider is a “small provider[] of voice service”169 for purposes of this extension if it has 100,000 or fewer voice subscriber lines (counting the total of all business and residential fixed subscriber lines and mobile phones and aggregated over all of a provider’s affiliates). In the First Rural Call Completion Order, the Commission determined that the 100,000-subscriber-line threshold ensured that many subscribers would continue to benefit from our rules while also limiting the burden on smaller voice service providers.170 Similarly, we find that, in the caller ID authentication context, limiting the implementation extension for small voice service providers to those that have 100,000 or fewer voice subscriber lines balances the needs of these providers and the importance of widespread and effective STIR/SHAKEN implementation. We received support in the record for this definition of “small providers of voice service.”171
48. We decline at this time USTelecom’s post-circulation request to exclude voice service providers within the 100,000-subscriber-line threshold that “originate a disproportionate amount of traffic relative to their subscriber base, namely voice service providers that serve enterprises and other heavy
callers through their IP networks.”172 While we see value in the policy goals that underlie USTelecom’s request, implementing its suggestion would require a difficult line-drawing exercise. USTelecom did not offer any support for its proposed criteria to identify parties that originate a disproportionate amount of traffic,173 nor are we able to identify criteria in the limited time available in which we have confidence.174 We are open to revisiting this issue should we determine that the extension creates an unreasonable risk of unsigned calls from a specific subset of small voice service providers.
49. Extension for Voice Service Providers That Cannot Obtain a Certificate. In the First Caller ID Authentication Report and Order, we acknowledged the concerns raised by Cloud Communications Alliance regarding whether all voice service providers are able to obtain the certificates used for the intercarrier exchange of authenticated caller ID information under the Governance Authority’s current policies.175 And in the Further Notice, we asked whether we should grant an implementation extension for any other voice service providers or classes of voice service providers, or types of calls.176 In response, commenters advocated for an extension for voice service providers that cannot obtain a certificate because they are ineligible to file FCC Form 499A, obtain an Operating Company Number, or obtain direct access to telephone numbers—each of which is a prerequisite to obtaining a certificate under current Governance Authority policy.177
50. Because it is impossible for a service provider to participate in STIR/SHAKEN without access to the required certificate and because some voice service providers are unable to obtain a certificate at this time, we determine that a limited extension is necessary. Multiple commenters contend that the Governance Authority’s policy excludes voice service providers that lease numbers rather than obtain them directly from NANPA.178 In particular, one-way VoIP voice service providers have no
means to obtain direct access to numbers, so they cannot obtain the certificate necessary to comply with their duty to implement STIR/SHAKEN.179 Therefore, we grant an extension to voice service providers that cannot obtain a certificate due to the token access policy. We grant this extension until it is feasible for a provider to participate in STIR/SHAKEN due either to the possibility of compliance with the Governance Authority policy or a change in the Governance Authority policy. We recognize that a voice service provider may not be able to immediately come into compliance with its caller ID authentication obligations after it becomes eligible to receive a certificate, and we will not consider a voice service provider that diligently pursues a certificate once it is able to receive one in violation of our rules.180 We expect the extension we establish will decrease costs by relieving such providers from the obligation to upgrade their networks until they can meaningfully participate in STIR/SHAKEN. We recognize that industry has made progress on resolving the gap between Governance Authority certificate access policies and the scope of duties we have established pursuant to the TRACED Act, and we continue to urge speedy resolution of these issues.181
51. Extension for Services Scheduled for Section 214 Discontinuance. In the First Caller ID Authentication Report and Order and Further Notice, we also sought comment on whether to consider any additional categories of extensions.182 In response to AT&T’s request,183 we grant a one-year extension based on undue hardship to cover services for which a provider has filed a pending section 214 discontinuance application on or before the June 30, 2021, STIR/SHAKEN implementation deadline.184 This extension will allow voice service providers time to either complete the discontinuance process and “avoid incurring unnecessary expense and burden to implement STIR/SHAKEN” for services “that are scheduled to sunset,” or to implement STIR/SHAKEN for any such services that are not discontinued.185 We agree with AT&T that voice service provider resources “are better spent upgrading networks that will
have the potential to reap the full benefits of the IP transition and STIR/SHAKEN.”186 We expect that this extension will decrease costs by obviating the need to upgrade components of a voice service provider’s network that will be sunset. We underscore that a one-year extension means that voice service providers have until June 30, 2022, to either discontinue the legacy service or implement STIR/SHAKEN if the service has not actually been discontinued, unless the provider obtains a waiver of this requirement for good cause shown. If we determine that a voice service provider filed a discontinuance application in bad faith to receive this extension, we will terminate the extension and take appropriate action.
52. Voice Service Providers That Use TDM—An Extension Would Be Superfluous. The TRACED Act specifically directs us to evaluate whether to grant an extension to voice service providers that use TDM network technology. The record reflects that a major barrier to implementation of a caller ID authentication framework for voice service providers that use TDM technology is the lack of a standardized caller ID authentication framework for non-IP networks.187 Because the STIR/SHAKEN framework is an IP-only solution, these voice service providers must expend substantial resources upgrading network software and hardware to be IP compatible in order to implement the only currently available standardized caller ID authentication solution.188 According to commenters, voice service providers that use TDM networks also face availability and cost issues regarding necessary equipment to upgrade the software and hardware to convert their networks to IP.189 Further, small or rural voice service providers that use TDM technology may have fewer resources and require additional time for transitioning their networks to IP technology.190 Multiple commenters agree that “[e]ven if a [voice service provider] has upgraded its own network to all-IP technology, if that [voice service provider] exchanges substantial traffic through legacy TDM tandems, such tandems will similarly present obstacles to STIR/SHAKEN deployment.”191
53. Although we proposed in the First Caller ID Authentication Report and Order and Further Notice to grant the same extension to voice service providers that use TDM technology under the undue hardship standard that we grant to providers that materially rely on non-IP technology,192 we conclude that a separate and identical extension is redundant and creates administrative duplication. We want to avoid granting two separate extensions, with associated filing and review requirements, that serve identical purposes. Because the TRACED Act includes a required extension for voice service providers that “materially rel[y]” on non-IP technology,193 we decline to grant a separate extension to voice service providers that use TDM technology under the undue hardship standard.194 Although AT&T contends that
“an extension for TDM networks is independently warranted,” it does not explain its position.195 In fact, AT&T concedes that “the extension outcomes are the same.”196 We find the non-IP extension sufficiently addresses AT&T’s concern that there is not yet a STIR/SHAKEN-equivalent solution for TDM networks. To the extent there is any lack of clarity, we confirm that TDM networks are included in the non-IP extension established below, and subject to its terms.197
54. Rural Voice Service Providers—A Separate Extension Is Unnecessary. The TRACED Act specifically directs us to evaluate whether to grant an extension based on undue hardship to rural voice service providers. The record reflects that the burdens and barriers to STIR/SHAKEN implementation for rural voice service providers are often encompassed by those for small voice service providers or voice service providers that use non-IP network technology because these voice service providers also tend to be rural.198 To the extent rural voice service providers rely on non-IP technology, which is incompatible with STIR/SHAKEN, they encounter the burdens already described for such providers.199 Similarly, the rural voice service providers that describe specific burdens to implementation—such as availability of vendor solutions that may be prohibitively expensive with few reasonable alternatives—are small voice service providers.200 Although CTIA generally states that there are potential financial and resource constraints for larger rural voice service providers, it does not identify any specific implementation challenges faced by these providers.201 Indeed, at least one larger rural voice service provider, TDS Communications, a Wisconsin-based voice service provider that serves nearly 900 rural, suburban, and metropolitan communities throughout the United States, has begun to invest in STIR/SHAKEN deployment.202
55. In the First Caller ID Authentication Report and Order and Further Notice, we sought comment on our proposed view that it would be unnecessary to grant a separate implementation extension for rural voice service providers as the challenges faced by these providers are already addressed by the small voice service provider extension and the extension for voice service providers that materially rely on a non-IP network.203 After review of the record, we adopt our proposal and decline to adopt a separate extension for rural providers.204 The majority of commenters in the record did not differentiate rural voice.
204 While we decline to grant an extension to this class of voice service providers, a voice service provider that believes that it faces an undue hardship may submit a filing that details its specific circumstances.
service providers from those that are small and referred to them interchangeably.205 As noted above, the rural voice service providers that called for an extension are themselves small voice service providers.206 NCTA contends that a dedicated extension for rural providers is “unnecessary” because “the vast majority of rural providers will qualify for the small provider extension” or the extension for voice service providers that rely on non-IP networks.207 We agree with NCTA that “there does not seem to be a strong basis for granting any form of relief” to rural voice service providers that do not qualify as small voice service providers.208 Further, TDS reports that it had completed work in 2019 to evaluate, select, and lab test a vendor solution to allow it to integrate STIR/SHAKEN into the IP portions of its network.209 Because one large rural voice service provider has already invested in STIR/SHAKEN deployment to best serve its customers,210 we expect that other similarly situated rural voice service providers have also begun or would be capable of having begun the implementation process. We conclude that it would be improper to reach a blanket finding of undue hardship for rural voice service providers because (1) the record does not show that larger rural providers face undue hardship; and (2) our separate finding of undue hardship for small voice service providers relieves small rural voice service providers of the obligation to implement, such that they will no longer face undue hardship for the duration of the extension. Further, an extension for rural voice service providers would not only be unnecessary, but also harmful to the goal of widespread implementation.
56. We also decline the request by CTIA and USTelecom for an extension for vaguely- defined “regional” voice service providers that do not fall within our 100,000 or fewer voice subscriber line threshold.211 CTIA only generally describes potential financial and resource constraints for these voice service providers,212 and neither commenter sufficiently defines this class of providers or explains why we should grant an extension on the basis of undue hardship to providers with the resources that are necessary for serving a large number of subscribers. We similarly decline the request by Madison Telephone Networks for an extension until 2024 or 2025 for rural providers in high cost areas to “relieve financial pressure.”213 We decline to grant this extension as Madison Telephone Networks does not demonstrate why this is a unique class of providers requiring an extension of this length. Further, we expect the majority of these voice service providers are also small or materially rely on non-IP technology and therefore will be covered by either or both of those extensions.214
57. Equipment Availability—A Separate Extension Is Unnecessary. In the First Caller ID
Authentication Report and Order and Further Notice, we sought comment on Congress’s direction to consider whether to grant a separate extension on the basis of “the inability to purchase or upgrade equipment to support the call authentication frameworks under this section, or lack of availability of such equipment.”215 We conclude that our extension for small voice service providers adequately addresses challenges with regard to obtaining necessary equipment and that a separate or additional extension is unnecessary. As discussed above, the record reflects that equipment availability specifically impacts small voice service providers.216 This is not a surprise, as it is likely that larger voice service providers have the resources and negotiating leverage to obtain the equipment they need much more quickly than small providers. Granting an extension solely for equipment unavailability may discourage larger voice service providers from putting forward sufficient effort to obtain necessary equipment. Further, no commenter has identified any specific equipment availability issue for large voice service providers— commenters merely speak in general terms.217 Granting an ex ante extension on this basis would introduce difficult line-drawing questions as to when equipment is “unavailable” for which the record does not suggest a solution and that are not necessary to resolve in light of the extension for small voice service providers.218
58. Enterprise Calls—An Extension Would Be Counterproductive. In the First Caller ID Authentication Report and Order and Further Notice, we sought comment on whether we should grant an extension for undue hardship for enterprise calls.219 We described the concerns of some commenters that the standards for attestation do not fully account for the situation where an enterprise subscriber places outbound calls through a voice service provider other than the voice service provider that assigned the telephone number.220 In such enterprise calling scenarios, commenters claimed, it would be difficult for an outbound call to receive A-level attestation 221 because the outbound call “will not pass through the
authentication service of the [voice] service provider that controls th[e] numbering resource.”222 The record developed in response to our Further Notice reflects challenges for voice service providers to attest to enterprise calls with A-attestation in this and other circumstances, meaning that such calls would be authenticated with B- or C-level attestation.223 Based on these challenges, some commenters argue that we should grant an extension in compliance with the STIR/SHAKEN implementation mandate for enterprise calls so that these calls will not receive caller ID authentication until industry standards groups resolve the enterprise issue, rather than receiving a lower level of attestation in the interim.224 We agree with the record opposition,225 and we decline to grant an implementation extension to enterprise calling cases.
59. First, we agree with those commenters that argue that an implementation extension may discourage the swift development of technical solutions for enterprise calls.226 Although commenters offer different perspectives on the timing of a solution that would allow enterprise calls to receive A-level attestation,227 the record reflects that industry is “working hard to achieve authentication with A-level attestation this year.”228 It is our goal to encourage this work, rather than remove the beneficial incentive created by the STIR/SHAKEN mandate. We decline, however, to go so far as some commenters suggest and “[r]equir[e] the prompt finalization of standards that will enable voice providers that originate
enterprise calls to provide an A-level attestation.”229 As industry stakeholders, standards bodies, and the Governance Authority are actively working to finalize standards and solutions to complex enterprise calling cases,230 we do not wish to intervene in the process.231 At the same time, we continue to encourage—and expect—industry to promptly resolve the outstanding challenges for complex enterprise use cases and business models, and we will closely monitor progress on this issue.
60. We are also not persuaded by claims that authenticating enterprise calls with B- or C- level attestation poses a major problem.232 These commenters contend that enterprise calls without an A- level attestation may be blocked, mislabeled as potentially fraudulent, or lead to illegal robocallers authenticating their own calls.233 However, they fail to explain how the alternative—an enterprise call without authenticated caller ID information—is preferable to one that receives B- or C-level attestation.234 Notably, NCTA reports that “[i]n [its] members’ experiences, partial (‘B’) attestation can be achieved more quickly than complete (‘A’) attestation for enterprise calls,” and accordingly, partial attestation is “a reasonable implementation approach in this context.”235 Similarly, Hiya, an analytics company, commits that it “currently has no plans—nor is it aware of any plans by other parties in the industry—to either block calls or label them as potentially fraudulent solely due to lack of ‘full’ or ‘A’ level attestation.”236 It also asserts “that voice service providers and analytics engines will not use attestation level as the sole determinant for reputation scoring of a caller,” and instead, “attestation information is one of the many data points that inform analytics-driven call labeling and call blocking.”237 Transaction Network Services also explains that “STIR/SHAKEN attestations—‘good’ or ‘bad’—will not have the effects that some commenters suggest” as it “endeavors to incorporate STIR/SHAKEN attestations as one factor in its analysis” and “does not recommended making call-blocking decisions based on the failure of STIR/SHAKEN authentication.”238 Indeed, we have previously stated that “a call-blocking program might block calls based on a combination of factors.”239 Even assuming that calls with B- or C-level attestation will be treated meaningfully worse than calls without authenticated caller ID information—a conclusion that, again, is not substantiated by the record—concerns over the treatment of calls authenticated consistent with current STIR/SHAKEN standards does not amount to an undue hardship in the implementation of STIR/SHAKEN technology, which is the standard by which Congress directed us to evaluate undue hardship extension requests.240 In light of these conclusions and our and Congress’s goal of ubiquitous STIR/SHAKEN implementation in IP networks, we will not grant an extension for enterprise calls.
61. Intra-Network Calls—An Extension Would Be Counterproductive. In the First Caller ID Authentication Report and Order and Further Notice, we established distinct authentication requirements for inter-network calls and for intra-network calls. In the case of inter-network calls, an originating voice service provider must “authenticate caller [ID] information for all SIP calls it originates and that [it] will exchange with another voice service provider or intermediate provider.”241 Because establishing trust between providers is not necessary for calls that transit a single network, we adopted a different obligation for intra-network calls that solely transit the network of the originating voice service provider. Specifically, in recognition of the fact that “certain components of the STIR/SHAKEN framework . . . are not necessary for calls that a voice service provider originates and terminates on its own network,” we concluded a voice service provider satisfies its intra-network authentication obligation so long as it authenticates and verifies “in a manner consistent with the STIR/SHAKEN framework, such as by including origination and attestation information in the SIP INVITE used to establish the call.” 242
62. A number of commenters that exchange all traffic with other providers through non-IP interconnection points—and thus have no obligation under our rules to implement STIR/SHAKEN with respect to inter-network calls—seek an extension from the intra-network authentication requirement. These voice service providers seek such relief because compliance requires network upgrades, and they
would prefer to delay investing in these necessary upgrades until they are able to participate in STIR/SHAKEN both within their own network and with regard to calls exchanged with other voice service providers, which require many of the same upgrades.243
63. We decline to grant the requested extension because we do not find that it rises to the level of undue hardship. Commenters favoring an extension contend that requiring them to invest in compliance solely as to intra-network calls would require unreasonably burdensome network upgrades that, in their view, produce limited benefits.244 But these commenters fail to explain why implementation would be more burdensome for them than for other voice service providers. In fact, implementation maybe less costly because our standard for intra-network IP calls is only that they are authenticated “in a manner consistent with the STIR/SHAKEN framework” which does not require those upgrades necessary to enable cross-provider authentication and verification. The TRACED Act requires an assessment of burdens and barriers, not a cost-benefit analysis, and parties seeking an extension have failed to show that they face atypical burdens and barriers on the basis of the intra-network authentication requirement. We nonetheless note that the benefits of our intra-network requirement are greater than parties favoring an extension contend. As we have explained, STIR/SHAKEN implementation provides benefits to consumers even at the intra-network level.245 Specifically, implementing STIR/SHAKEN within a voice service provider’s own network directly benefits consumers as it enables a voice service provider to authenticate all calls among its customers.246 To that end, we agree with commenters that while voice service providers work toward IP interconnection, “[t]here is no reason to deny consumers” the “immediate benefits” of authenticated caller ID information for calls on their voice service provider’s own network.247 Further, the record reflects that many providers that face challenges regarding IP interconnection are small providers, to which we have granted a two-year extension in compliance with the STIR/SHAKEN mandate.248 Providers so situated will therefore have additional time to negotiate IP interconnection agreements before being subject to the intra-network mandates.249
Further, granting such an extension would impede the progress of the IP transition and further delay STIR/SHAKEN implementation—contrary to our goal of ubiquitous deployment of caller ID authentication technology.250 We agree with Comcast that it is essential to “encourage the IP transition by, among other things, adopting policies in this proceeding that induce providers to prioritize the implementation of IP-enabled call authentication through STIR/SHAKEN.”251 As AT&T observes, an extension for intra-network calls of providers that do not interconnect in IP would “discourag[e] voice service providers from coming to a negotiated resolution and transitioning to IP” at the interconnection point.252 By denying this extension, we “increase the[] incentive to negotiate creative and commercially reasonable interconnection agreements” to ensure that customers receive STIR/SHAKEN benefits.253
64. Provider-Specific Extensions. We decline at this time to grant any extensions to individual voice service providers. We recognize, as INCOMPAS and CenturyLink suggest, that some providers may face specific circumstances in all or part of their IP networks that constitute undue hardship.254 The Commission will be in a better position to evaluate those requests, however, in response to specific petitions that establish in detail the basis for the requested extension, rather than through establishing a general principle in response to the vague and general concerns about technology or compatibility issues that INCOMPAS and CenturyLink set forth. A voice service provider that believes that it faces an undue hardship within the meaning of the TRACED Act may file in this docket an individual petition requesting an extension. We direct the Bureau to seek comment on any such petitions and to issue an order determining whether to grant the voice service provider an extension. We expect any voice service provider seeking an extension to file its request by November 20, 2020, and we direct the Bureau to issue a decision no later than March 30, 2021.255 Given the importance of widespread
STIR/SHAKEN implementation, to be granted an extension a voice service provider must demonstrate in detail the specific undue hardships, including financial and resource constraints, that it has experienced and explain why any challenges it faces meet the high standard of undue hardship to STIR/SHAKEN implementation within the timeline required by Congress.
65. Section 4(b)(5)(B) of the TRACED Act directs that “the Commission shall grant a delay of required compliance . . . for any provider or class of providers of voice service, or type of voice calls, only to the extent that such a provider or class of providers of voice service, or type of voice calls, materially relies on a non-[IP] network for the provision of such service or calls . . . until a call authentication protocol has been developed for calls delivered over non-[IP] networks and is reasonably available.”256 In implementing this provision, we impose the same obligations on voice service providers that receive the extension as we impose in the mandate requiring voice service providers to implement an effective caller ID authentication framework in the non-IP portions of their networks.257 We find that doing so ensures that all voice service providers with non-IP network technology are subject to the same burdens and are working together to develop a non-IP solution as envisioned by the TRACED Act. We also find that such action most efficiently carries out the goals of protecting consumers from illegal robocalls on non-IP networks, and encourages a general transition to IP and the wider implementation of STIR/SHAKEN.
66. Eligibility for this Extension. Under the TRACED Act, we must grant an extension for voice service providers or types of voice calls that “materially rel[y] on a non-[IP] network.”258 We interpret this provision to mean that those portions of a voice service provider’s network that do not use SIP technology are eligible for an extension of the implementation deadline of June 30, 2021.259 In the First Caller ID Authentication Report and Order and Further Notice, we proposed defining “non-[IP] network[s]” as those portions of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls.260 We adopt our proposal because we believe this to be a straightforward implementation of Congress’s direction in the TRACED Act, which also provides that extensions may be voice service provider-specific or apply to a class of voice service providers or type of voice calls.261 In determining whether a voice service provider or type of voice calls “materially relies” on such a non-SIP capable network, we proposed to interpret “material[]” to mean “important or having
an important effect”262 and, consistent with our call-by-call interpretation of the TRACED Act, we proposed to read “reli[ance]” with reference to the particular portion of the network in question.263 We adopt these proposed interpretations, which received no opposition in the record, and we therefore consider reliance on a non-IP network as material if that portion of the network is incapable of using SIP.264 Put another way, if a SIP-incompatible portion of a voice service provider’s network is used for the provision of voice service, that portion of the network is eligible for an extension of the implementation deadline. The record reflects support for this interpretation.265 We acknowledge the concerns raised by AT&T and others regarding the prevalence of non-IP networks,266 and find that their prevalence only increases the importance of taking action to encourage widespread caller ID authentication across all networks while the IP transition is ongoing.
67. Duration of Extension. The TRACED Act directs that the non-IP extension shall end once “a call authentication protocol has been developed for calls delivered over non-[IP] networks and is reasonably available.”267 In determining whether a caller ID authentication protocol meets this standard, we adopt the test proposed by Alaska Communications, with some modifications. Consistent with Alaska Communications’ proposal, we conclude that a caller ID authentication protocol “has been developed” if we determine that the protocol is fully developed and finalized by industry standards.268 We agree with commenters that such a protocol must be standards-based and ready for implementation.269 We also find that a caller ID authentication protocol is “reasonably available” if the underlying equipment and software necessary to implement such protocol is available on the commercial market.270 We believe this approach is a workable and clear standard, and has support from the record.271 And as we have explained, we adopt the same standard for determining whether a caller ID authentication protocol is “effective” for purposes of our mandate on non-IP networks, ensuring a harmonious approach to our rules regarding non-IP caller ID authentication technology. Alaska Communications suggests that we adopt an additional requirement for determining whether a caller ID authentication protocol is “reasonably available.”272 Specifically, Alaska Communications suggests that the “knowledge, training, and expertise necessary to operate the equipment and implement the standard [must be] sufficiently widespread among the small, rural, and other non-IP service providers” in receipt of an extension in order for the standard to be “reasonably available.”273 We decline to adopt this requirement because doing so could create a perverse incentive for voice service providers to be willfully ignorant of newly developed protocols so as to prolong an extension. It also would require an unreasonably complicated inquiry into the knowledge and practices of numerous small voice service providers. We further find such a requirement to be unnecessary ex ante without a specific protocol and associated requirements in front of us.
68. As we explained in the context of the mandate on non-IP networks, we will continue to monitor industry progress towards the development of a non-IP caller ID authentication solution. If we find after providing notice and an opportunity for comment that a non-IP solution meets these criteria, we will both modify the non-IP implementation mandate and phase out the non-IP implementation extension to account for this new solution. Cooperative Telephone Company suggests that we grant a limited five- year extension of the June 30, 2021, deadline for implementing a caller ID authentication framework “for those service providers currently using a TDM network that have less than 1,000 subscriber lines.”274 Cooperative Telephone Company argues that such small and rural telephone companies have “scarce resources” which would not cover both the demands of their customers and new regulations for non-IP technology.275 We decline to do so given that such an extension would not be consistent with the timeframe that Congress established in the TRACED Act for the non-IP extension—which is to last until a non-IP solution becomes reasonably available—not for a fixed period of years.276 Alaska Communications suggests that we “grant a permanent exemption for the few non-SS7-connected switches remaining” because such switches are unique.277 We find adopting this proposal unnecessary at this time. In the absence of a developed solution, we are not yet in a position to determine whether any technical exceptions could be necessary and appropriate.
69. Obligations of Voice Service Providers Receiving an Extension. The TRACED Act provides that we should limit or terminate an extension of compliance if we determine in a future assessment that a voice service provider “is not making reasonable efforts to develop the call authentication protocol” for non-IP networks.278 To be consistent with our approach in mandating that voice service providers take “reasonable measures” to implement an effective caller ID authentication framework in the non-IP portions of their networks, we find that a voice service provider satisfies the “reasonable efforts” requirement under section 4(b)(5)(D) if it is able to provide the Commission, upon request, with documented proof that it is participating, either on its own, in concert with a vendor, or through a representative, as a member of a working group, industry standards group, consortium, or trade association that is working to develop a non-IP solution, or actively testing such a solution.279 We also conclude this requirement both promotes the IP transition and encourages the development of a non-IP authentication solution for the benefit of those networks that cannot be speedily or easily transitioned.280
70. Section 4(b)(5)(F) of the TRACED Act requires us annually to reevaluate and revise as necessary any granted extension, and “to issue a public notice with regard to whether such [extension] remains necessary, including why such [extension] remains necessary; and when the Commission expects to achieve the goal of full participation.”281 As we proposed in our First Caller ID Authentication Report and Order and Further Notice,282 we direct the Bureau to reevaluate the extensions we have established annually, and to revise or extend them as necessary.283 We adopt this proposal because the Bureau is in the best position to undertake this fact-intensive and case-by-case evaluation, particularly in the context of evaluating extensions for undue hardship. Pursuant to the TRACED Act, we direct the Bureau to issue a Public Notice seeking comment to inform its annual review and consider the comments it receives before issuing a Public Notice of its decision as to whether to revise or extend an extension.284 The record
reflects support, and no opposition, for this reevaluation process.285
71. Scope of Bureau’s Authority. We permit the Bureau to decrease, but not to expand, the scope of entities that are entitled to a class-based extension based on its assessment of burdens and barriers to implementation. Specifically, if the Bureau concludes in its review that a class-based extension should be extended beyond the original end date set by the Commission, it may choose to do so for all or some recipients of the extension, as it deems appropriate, based on its assessment and after providing notice and an opportunity for comment. As suggested by ACA Connects, we clarify that the Bureau may not, however, terminate an extension for some or all recipients prior to the extension’s originally set or newly extended end date.286
72. Assessment of Burdens and Barriers. The TRACED Act directs the Commission to assess burdens and barriers to implementation by December 30, 2020, and “as appropriate thereafter.”287 We find it appropriate to reassess burdens and barriers to implementation by voice service providers that we granted an extension in conjunction with evaluating whether to maintain, modify, or terminate the extension.288 Accordingly, we direct the Bureau to assess burdens and barriers to implementation faced by those categories of voice service providers subject to an extension when it reviews those extensions on an annual basis or on petition. Coordinating an assessment of burdens and barriers to implementation with our extension reevaluations will inform the Bureau’s decision to extend or revise any granted extensions. It will also provide a basis for the Bureau to revise the scope of entities that are entitled to an extension. We find that aligning the periodic reassessment of burdens and barriers to implementation with any review of extensions is the best reading of the relevant statutory language. We read “appropriate” in this section to tie the timing of our future assessments to our annual extension reevaluations.289 We received no comments in the record to our proposal in this regard.290
73. Section 4(b)(5)(C)(i) of the TRACED Act directs us to require any voice service provider that has been granted an extension to implement, during the time of the extension, “an appropriate robocall mitigation program to prevent unlawful robocalls from originating on the network of the provider.”291 In the First Caller ID Authentication Report and Order and Further Notice, we sought comment on USTelecom’s proposal to obligate voice service providers to file certifications describing
their robocall mitigation programs in lieu of a prescriptive approach.292 In today’s Report and Order, we adopt this proposal and give voice service providers the flexibility to decide the specific contours of an effective robocall mitigation program that best suits the needs of their networks and customers. We additionally create a certification process and database to aid in enforcement efforts and prohibit intermediate providers and terminating voice service providers from accepting voice traffic from voice service providers not listed in the database. These steps will ensure that the only voice traffic to traverse voice networks in the U.S. is from those voice service providers that have either fully implemented STIR/SHAKEN on their entire networks or that have implemented a robocall mitigation program on those portions of their networks that are not STIR/SHAKEN-enabled.
74. Providers Subject to the TRACED Act’s Robocall Mitigation Program Requirement. Based on the statutory text, we read the requirement to implement a robocall mitigation program to apply to all voice service providers that receive an extension on the basis of undue hardship or material reliance on a non-IP network.293 The record reflects support for this approach.294 Securus argues that we should not impose a robocall mitigation program requirement on voice service providers—even voice service providers granted an extension—whose networks uniquely pose “nearly zero” risk of originating high volumes of illegal robocalls.295 We decline to adopt this suggestion because the TRACED Act obligates us to require “any provider subject to such [extension to] implement an appropriate robocall mitigation program.”296 Neustar recommends that we require “all voice service providers [to] utilize robocall mitigation solutions, regardless of whether they implement STIR/SHAKEN in their networks,”297 and ZipDX argues that providers which have implemented STIR/SHAKEN should institute robocall mitigation programs for any calls they authenticate with C-level attestation.298 We decline to adopt these suggestions. We agree with commenters that under the TRACED Act robocall mitigation “is intended to be an interim approach for addressing potential unlawful robocalls until the provider has implemented
STIR/SHAKEN.”299 While USTelecom argues we can find authority under other provisions of the Act,300 we need not reach that issue. First, regardless of whether we could rely on an alternative source of authority, we find it appropriate to defer to Congress’s recent, specific guidance on the subject.301 Moreover, while USTelecom argues that such a requirement “will provide benefits independent of call authentication solutions, including before and after full deployment of such solutions,”302 we find such a requirement to be inappropriate at this juncture. We cannot yet know whether requiring voice service providers to expend additional resources on robocall mitigation even after STIR/SHAKEN implementation would be an efficient use of their resources, and we do not wish to place additional burdens on voice service providers already working to comply with the June 30, 2021, STIR/SHAKEN implementation deadline. We will revisit this conclusion if we determine that additional robocall mitigation efforts are necessary in addition to STIR/SHAKEN after the caller ID authentication technology is more widespread.
75. Robocall Mitigation Program Requirements. The TRACED Act directs us to require all voice service providers granted an extension—whether on the basis of undue hardship or material reliance on a non-IP network—to “implement an appropriate robocall mitigation program to prevent unlawful robocalls from originating on the[ir] network[s].”303 As suggested by USTelecom, we require voice service providers subject to an extension to “take[] reasonable steps to avoid originating illegal robocall traffic.”304 With one exception noted below, we find that a non-prescriptive approach to robocall mitigation requirements gives voice service providers “the flexibility to react to traffic trends they view on their own networks and react accordingly.”305 This approach also allows voice service providers to innovate and “draw from the growing diversity and sophistication of anti-robocall tools and approaches available.”306
76. We require voice service providers subject to an extension to document and publicly certify how they are complying with these requirements. We find that such a requirement will encourage voice service providers to ensure that they are taking “reasonable steps.” We have previously found that requiring self-evaluation is an effective means of promoting compliance with our rules.307 Such a requirement also enables us to evaluate a voice service provider’s “reasonable steps” to determine whether they are sufficient. This public certification requirement will facilitate our ability to enforce a
prohibition on intermediate providers and terminating voice service providers from accepting voice traffic from voice service providers with insufficient or ineffective robocall mitigation programs.
77. While we adopt a non-prescriptive approach to voice service providers’ robocall mitigation programs, we find it necessary to articulate general standards, both to guide voice service providers in preparing their programs and to ensure that the statutory obligation to implement a robocall mitigation program is enforceable. We clarify that a robocall mitigation program is sufficient if it includes detailed practices that can reasonably be expected to significantly reduce the origination of illegal robocalls.308 In addition, for its mitigation program to be sufficient, the voice service provider must comply with the practices it describes. We will also consider a mitigation program insufficient if a provider knowingly or through negligence serves as the originator for unlawful robocall campaigns.309 At the same time, we agree with Verizon that “different types of network providers should have different types of robocall mitigation programs,”310 and we welcome voice service providers adopting approaches that are innovative, varied, and adapted to their networks.
78. The record also convinces us that participation in industry traceback efforts is of utmost importance in the absence of STIR/SHAKEN implementation.311 To that end, we require voice service providers, as part of their robocall mitigation programs, to commit to cooperating with the Commission, law enforcement, and the industry traceback consortium in investigating and stopping any illegal robocallers that it learns are using its service to originate calls.312 We find that this baseline requirement to participate in traceback efforts is a necessary aspect of any attempt to mitigate illegal robocalls, as it permits voice service providers and enforcement agencies to identify illegal robocallers and prevent them from further abusing the voice network.313 Without a means to identify and bring enforcement actions against the sources of illegal robocalls, such bad actors will continue their operations unchecked and emboldened. We underscore that this is a necessary, but not sufficient, component of a voice service provider’s robocall mitigation program which, as we have explained, must include other steps to ensure that a provider is not the source of illegal robocalls.
79. We decline at this time to impose other more prescriptive requirements for robocall mitigation programs, such as mandating an analytics-based robocall mitigation program, as proposed by
Transaction Network Services,314 or know-your-customer policies, as suggested by Consumer Groups.315 While we acknowledge that such practices and policies may be effective aspects of a robocall mitigation program316—and we encourage voice service providers to incorporate them into their own robocall mitigation programs—we decline specifically to mandate them, as we agree with commenters that argue that there is no one-size-fits-all robocall mitigation solution that accounts for the variety and scope of voice service provider networks.317 For example, a small voice service provider with few subscribers may not have a need to implement comprehensive analytics given its small size. Similarly, a voice service provider with limited means may choose a solution suited to its budget and business model.318 We also decline Neustar’s suggestion that we “ensure that providers implement robocall mitigation solutions for both originating and terminating calls.”319 The TRACED Act’s mandate plainly requires only robocall mitigation programs that “prevent unlawful robocalls from originating on the network of the provider.”320
80. Deficient Robocall Mitigation Programs. If we find that our non-prescriptive approach to robocall mitigation is not satisfactorily stemming the origination of illegal robocalls, we agree with NTCA and Verizon that we should be ready to impose more prescriptive obligations on any voice service provider whose robocall mitigation program has failed to prevent high volumes of illegal robocalls.321 We thus direct the Enforcement Bureau to prescribe more specific robocall mitigation obligations for any voice service provider it finds has implemented a deficient robocall mitigation program. Such robocall mitigation obligations would be chosen as appropriate to resolve the specific voice service provider’s prior shortcomings. In such instances, the Enforcement Bureau will release an order explaining why a particular mitigation program is deficient and, among other things, prescribe the new obligations needed to rectify those deficiencies, including any milestones or deadlines. We find that action by the Enforcement Bureau is appropriate in responding to issues on a case-by-case basis.322 If we find that our non-prescriptive approach to robocall mitigation programs is falling short on a widespread basis, we will not hesitate to revisit the obligations we impose through rulemaking at the Commission level.
81. Voice Service Provider Certification and Database. To promote transparency and effective robocall mitigation, we require all voice service providers—not only those granted an extension—to file certifications with the Commission regarding their efforts to stem the origination of
illegal robocalls on their networks. Specifically, as proposed by USTelecom,323 and with the support of all parties that commented on the issue in the record,324 we require all voice service providers to certify that their traffic is either “signed with STIR/SHAKEN or . . . subject to a robocall mitigation program” that includes “tak[ing] reasonable steps to avoid originating illegal robocall traffic,” and committing to cooperating with the Commission, law enforcement, and the industry traceback consortium in investigating and stopping any illegal robocallers that it learns are using its service to originate calls.325 For those voice service providers that certify that some or all of their traffic is “subject to a robocall mitigation program,” we require such voice service providers to detail in their certifications the specific “reasonable steps” that they have taken “to avoid originating illegal robocall traffic.”326 This requirement will promote transparency and accountability in light of our non-prescriptive approach to the robocall mitigation program requirements. While only voice service providers with an extension will be obligated to implement a robocall mitigation program, we impose the certification requirement on all voice service providers because doing so will help us and others to hold all voice service providers accountable for the voice traffic they originate, and give us and others a snapshot of the progress of STIR/SHAKEN implementation and the variety of robocall mitigation practices adopted by voice service providers.327
82. Voice service providers must file certifications via a portal on the Commission’s website that we will establish for this purpose. We will also establish a publicly accessible database in which we will list such certifications. Establishing a database will aid in monitoring compliance with our robocall mitigation requirement and facilitate enforcement action should such action be necessary.328 We direct the Bureau to establish this portal and database, provide appropriate filing instructions and training materials, and release a Public Notice when voice service providers may begin filing certifications. We direct the Bureau to release this Public Notice no earlier than March 30, 2021, and to establish a deadline for the filing of certifications no earlier than June 30, 2021.329 We also direct the Bureau to issue guidance and a protective order regarding the treatment of any confidential and highly confidential information included in certifications. We do so to protect voice service providers that are worried that public disclosure of their robocall mitigation programs may give bad actors the information they need to undermine their programs, or necessitate disclosure of competitively sensitive information. If we find that a certification is deficient in some way, such as if the certification describes a robocall mitigation
program that is ineffective,330 or if we find that a provider nonetheless knowingly or negligently originates illegal robocall campaigns, we may take enforcement action as appropriate. Enforcement actions may include, among others, removing a defective certification from the database after providing notice to the voice service provider and an opportunity to cure the filing, or requiring the voice service provider to submit to more specific robocall mitigation requirements, and/or imposition of a forfeiture.331
83. We also require voice service providers filing certifications to provide the following identification information in the portal on the Commission’s website:
(1) the voice service provider’s business name(s) and primary address;
(2) other business names in use by the voice service provider;
(3) all business names previously used by the voice service provider;
(4) whether a voice service provider is a foreign voice service provider; and
(5) the name, title, department, business address, telephone number, and email address of a central point of contact within the company responsible for addressing robocall-mitigation-related issues.
84. This information will be made publicly available in the database, and reporting such information presents a minimal burden on voice service providers.332 We find that requiring a voice service provider to report contact information for the person responsible for addressing robocall- mitigation-related issues will facilitate inter-provider cooperation and enforcement actions should issues arise.333 We also require voice service providers to submit to the Commission via the appropriate portal any necessary updates to the information they filed in the certification process within 10 business days.334 This requirement will ensure that we and all voice service providers have up-to-date data without overburdening voice service providers with unnecessary filings.
85. Obligations on Intermediate Providers and Terminating Voice Service Providers. As suggested by multiple commenters,335 we prohibit intermediate providers and terminating voice service providers from accepting voice traffic directly from any voice service provider that does not appear in the database, including a foreign voice service provider that uses NANP resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States.336 Effective 90 days after the deadline for robocall mitigation program certifications set forth in the Bureau Public Notice establishing the robocall mitigation database and portal, intermediate providers and terminating voice
service providers are subject to this prohibition.337 The record reflects support for this requirement.338
86. We agree with Verizon that, “by prohibiting downstream service providers from accepting traffic from providers that are not in [the database], the Commission can deny a service provider access to the regulated U.S. voice network if it determines that the service provider’s STIR/SHAKEN or robocall mitigation practices are inadequate.”339 In this way, we can police the voice traffic that voice service providers originate by removing or restoring a voice service provider’s listing on the database, after providing notice of any certification defects and providing an opportunity to cure. Furthermore, as voice service providers monitor the database to ensure they remain compliant with our rules, they must necessarily review the listings of voice service providers with which they interconnect to ensure that such certifications are sufficient. In so doing, industry continually reviews itself to ensure compliance with our rules, amplifying the effectiveness of our own review. This rule will further encourage all voice service providers to implement meaningful and effective robocall mitigation programs on their networks during the period of extension from the STIR/SHAKEN mandate. In turn, this rule will help prevent illegal robocall traffic from reaching terminating voice service providers and their subscribers.340
87. NTCA and ACA argue that we should require intermediate providers and terminating voice service providers to give notice to an originating voice service provider whose traffic they will block because it is not listed in the robocall mitigation database.341 NTCA argues that this will “enable legitimate providers to cure honest mistakes on their part or ‘glitches’ in the database.”342 We decline to adopt this suggestion as we find that the framework we adopt provides adequate notice to voice service providers of the need to file sufficient certifications, including a 90-day period between the deadline for certifications and the prohibition on intermediate and terminating voice service providers accepting traffic from originating voice service providers not in the database. Second, adopting this suggestion would place potentially costly obligations on compliant intermediate providers and terminating voice service providers to provide adequate notice to noncompliant originating voice service providers. Such compliant providers may be unable to provide notice for lack of having or being able to obtain a noncompliant provider’s contact information—opening themselves up to potential enforcement action for lack of compliance. Lastly, we will give notice and an opportunity to cure to voice service providers whose certifications are deficient before we take enforcement action such as de-listing the provider from the database.
We decline to adopt to USTelecom’s proposal that we require intermediate providers to file a certification to their compliance with this rule.343 We see no clear need to impose a burdensome belt-and-suspenders paperwork requirement on providers that are already subject to this obligation by rule. We similarly decline ZipDX’s proposal that intermediate providers must “[i]mplement[] a Robocall Mitigation Program applicable to calls [they do] not authenticate.”344 Pursuant to the TRACED Act, robocall mitigation is meant to stem the origination of illegal robocalls, and ZipDX does not explain
specifically how an intermediate provider could itself prevent the origination of illegal robocalls. We find the rule we establish—whereby intermediate providers are prohibited from accepting traffic from an originating voice service provider that has not certified to a robocall mitigation program—best leverages the role of intermediate providers to combat illegal robocalls within our greater robocall mitigation scheme.
88. Foreign Voice Service Providers. In the First Caller ID Authentication Report and Order and Further Notice, we sought comment on mechanisms to combat robocalls originating abroad.345 The record contains several comments expressing support for combating robocalls originating abroad by requiring foreign voice service providers that wish to appear in the database to follow the same requirements as domestic voice service providers,346 and we do so today. Thus, foreign voice service providers that use NANP numbers that pertain to the United States to send voice traffic to residential and business subscribers in the United States must follow the same certification requirements as domestic voice service providers in order to be listed in the database. Because we prohibit domestic intermediate providers and terminating voice service providers from accepting traffic from foreign voice service providers that use NANP numbers that pertain to the United States and are not listed in the database, we create a strong incentive for such foreign voice service providers to file certifications.347
89. We find that this result will encourage foreign service providers to choose to institute robocall mitigation programs and file certifications to be listed in the database and thus have their traffic be accepted by domestic intermediate and terminating voice service providers. The measures we adopt today will also enable foreign voice service providers to continue using U.S. telephone numbers to send voice traffic to U.S. subscribers under the same certification procedures that will apply to U.S. voice service providers and thereby help prevent the fraudulent exploitation of NANP resources and reduce the volume of illegal voice traffic entering the United States. Ensuring that foreign voice service providers using U.S. telephone numbers comply with the certification requirements prior to being listed in the database is especially important in light of the prevalence of foreign-originated illegal robocalls aimed at
U.S. consumers and the difficulty in eliminating such calls.348
90. We find persuasive the argument by ZipDX that the definition in the initially circulated and publicly released draft Order, which defined “foreign voice service provider” as “any entity that is authorized within a foreign country to provide international voice service,” was unduly narrow and excluded non-U.S. providers that do not possess any authorization to provide service from being able to
file certifications and be listed in the database.349 In response, we revise our rules to establish that an entity is a “foreign voice service provider” if such entity has the ability to originate voice service that terminates in a point outside a foreign country or terminate voice service that originates from points outside that foreign country. Specifically, we define “foreign voice service provider” to mean “any entity providing voice service outside the United States that has the ability to originate voice service that terminates in a point outside that foreign country or terminate voice service that originates from points outside that foreign country.” We find that this approach captures voice traffic originating from a broader range of foreign voice service providers than the one that initially appeared in the draft.
91. Under the rules we adopt, foreign voice service providers that use U.S. telephone numbers to send voice traffic to U.S. subscribers must file the same certification as U.S. voice service providers in order to be listed in the database. Specifically, to be listed in the database, these providers must certify either that they have implemented STIR/SHAKEN or comply with the robocall mitigation program requirements outlined above by “tak[ing] reasonable steps to avoid originating illegal robocall traffic” and committing to cooperating with the Commission, U.S. law enforcement, and the industry traceback consortium in investigating and stopping any illegal robocallers that it learns are using its service to originate calls.350 If we find that a voice service provider’s certification is deficient or the provider fails to meet the standards of its certification, we will pursue enforcement including de-listing the provider from the database.351 We further note that, as discussed above, we require voice service providers—including foreign voice service providers that wish to be listed in the database—to submit to the Commission any necessary updates regarding any of the information they filed in the certification process within 10 business days.
92. Although USTelecom, following circulation and public release of a draft of this Order, has changed its position and now suggests seeking further comment on this approach, we nevertheless take action today given the crucial and urgent importance of protecting Americans from illegal and fraudulent foreign-originated robocalls.352 USTelecom, along with CTIA, suggest that our action today could result in unforeseen technical issues, or the blocking of legitimate calls.353 ZipDX disagrees with this suggestion, arguing that any impact that could arise would be minimal and could be promptly resolved.354 As our rules related to foreign-originated voice traffic that we take today will not begin to affect such voice traffic until June 2021, we are optimistic that voice service providers will have time to resolve any identified issues before the deadline.355 Should voice service providers identify concrete evidence of technical problems or likely blocking of legitimate calls, we encourage them to provide us such information so that we can consider whether to make any modifications to this rule.
93. The TRACED Act directs us to “identify, in consultation with small providers of voice service, and those in rural areas, alternative effective methodologies to protect consumers from unauthenticated calls during any” extension from compliance with our STIR/SHAKEN implementation
mandate.356 Given that caller ID authentication frameworks are not yet ubiquitous—and thus most calls that transit U.S. voice networks are unauthenticated—we understand Congress’s concern in this provision to be about protecting consumers from unauthenticated, illegally spoofed robocalls.357 We therefore interpret a methodology to be “effective” if it is likely to substantially reduce the volume of illegal robocalls reaching subscribers.358 We find that this definition tracks the overall purpose of the TRACED Act which is “to reduce illegal and unwanted robocalls” through various mechanisms.359 We sought comment in the First Caller ID Authentication Report and Order and Further Notice from small and rural voice service providers on such alternative effective methodologies.360 The record we received in response demonstrates that such alternative methodologies either already exist or are in development.361 To fulfill this obligation, we identify the following alternative effective methodologies recommended by small and rural voice service providers, as well as other commenters:
· Innovative Systems reports that its landline call blocking service is “fully developed and currently installed at 207 landline providers” and, in the last nine years, “has challenged over 19 million suspected spam calls and blocked another 12 million calls that were from phone numbers off the FCC’s weekly robocall and telemarketing consumer complaint data reports.”362 It states that “greater consumer protection can be achieved by having this alternative methodology installed on all landlines using an opt-out strategy at no cost, versus a purchase to opt-in by the customer.”363
· Neustar reports that its robocall mitigation service “helps voice service providers block calls from illegal robocallers and helps end users identify robocalls.......................................................................................... [b]y combining authoritative
data . . . with behavior insights.”364
· Transaction Network Services reports that “[c]all analytics have proven successful in identifying a large number of the problematic calls being transmitted today.......................................................................... Reasonable call analytics are
widely available from multiple vendors, many of which offer low-investment services that can be deployed in smaller networks at a reasonable cost.”365
Additionally, the recent call blocking report released by the Consumer and Governmental Affairs Bureau identified various available effective methodologies for protecting subscribers from illegal calls, a sample of which is reproduced below:366
Business name
Blocking/labeling services offered
Estimate on number of calls blocked or labeled
Default, opt-in, or opt- out
AT&T—Wireless
Network-level blocking
Call Protect or Call Protect Basic, free
Call Protect Plus
Call Protect and Call Protect Plus, since 2016, blocked fraudulent calls or labeled suspicious calls; nearly 1.3 billion suspected fraud and over 3 billion other calls blocked or labeled.
Network-level blocking is default
Call Protect is opt-out, since 2019
Call Protect Plus is opt-in
AT&T—VoIP
Network-level blocking
Digital Phone Call Protect, free
Blocked over 46 million and spam warnings for 36 million.
Network-level blocking is default
Digital Phone Call Protect is opt-in
Call Control (third- party analytics company)
Software-based call blocking
Blocked over one billion calls.
N/A
Comcast—Wireline
Network-level blocking
Anonymous Call Rejection, Selective Call Rejection, free
Customers can sign up for Nomorobo blocking service, free
Over 158 million calls blocked in Dec. 2019. Anonymous Call Rejection blocked nearly 37 million calls in Dec. 2019.
Selective Call Rejection blocked over five million calls in Dec. 2019.
Network-level blocking is default
Anonymous Call Rejection is opt-in, but will be offered opt-out; Selective Call Rejection is opt-in
Nomorobo is opt-in
Cox
Edge Blocking, free
Anonymous Call Rejection, Selective Call Rejection, free
Customers can sign up for Nomorobo blocking service, free.
14.6% of calls are blocked through one of these tools; Edge Blocking is 65% of the blocked calls and Anonymous Call Rejection is 29%t.
Edge Blocking is opt-out
Anonymous Call Rejection and Selective Call Rejection are opt-in
First Orion (third- party analytics company)
Scam ID and Scam Block
Since 2017, identified over 22 billion scam calls.
N/A
Hiya (third-party
Call blocking
Since 2016, blocked or
N/A
analytics company)
labeled nearly 1.3 billion suspected fraud calls and over 3 billion other suspect calls.
Nomorobo (third- party analytics company)
Call blocking
As of April 30, 2020, blocked over 1.6 billion robocalls.
N/A
T-Mobile
Scam ID, free
Scam Block, free
Name ID, free for some plans
Since 2017, identified over 21 billion scam calls and blocked over 5 billion of those calls.
Scam ID is opt-out for post-paid customers
Scam Block is opt-in
Verizon—Wireless
Network-level blocking
Call Filter, free
Since 2017, blocked hundreds of millions of calls.
Network-level blocking is default
Call Filter is opt-out
Verizon—Wireline
Network-level blocking
Spam Alert, free
VoIP customers can sign up for Nomorobo blocking service, free
Since 2017, blocked hundreds of millions of calls.
Network-level blocking is default
Spam Alert is default Nomorobo is opt-in
94. The TRACED Act expressly directs us to grant extensions for compliance with the STIR/SHAKEN implementation mandate, require any voice service provider subject to such an extension to implement a robocall mitigation program to prevent unlawful robocalls from originating on its network,367 and place unique obligations on providers that receive an extension due to material reliance on non-IP network technology.368 The TRACED Act thus provides a clear source of authority for the rules we adopt today.
95. We conclude that section 251(e) of the Act provides additional, independent authority to adopt the extensions and associated requirements. That section gives us exclusive jurisdiction over numbering policy and enables us to act flexibly and expeditiously with regard to important numbering matters.369 When bad actors unlawfully falsify or spoof the caller ID that appears on a subscriber’s phone, they are using numbering resources to advance an illegal scheme. The extensions and associated requirements will help to prevent the fraudulent exploitation of NANP resources by permitting those providers and their subscribers to identify when caller ID information has been spoofed.
96. We conclude that section 251(e) gives us authority to prohibit intermediate providers and voice service providers from accepting traffic from both domestic and foreign voice service providers that
do not appear in our newly established database.370 As we concluded in the First Caller ID Authentication Report and Order, our exclusive jurisdiction over numbering policy provides authority to take action to prevent the fraudulent abuse of NANP resources.371 Illegally spoofed calls exploit numbering resources whenever they transit any portion of the voice network—including the networks of intermediate providers. Our action preventing such calls from entering an intermediate provider’s or terminating voice service provider’s network is designed to protect consumers from illegally spoofed calls, even while STIR/SHAKEN is not yet ubiquitous. Verizon agrees that section 251(e) gives us ample authority to ensure foreign VoIP providers “submit to the proposed registration and certification regime by prohibiting regulated U.S. carriers from accepting their traffic if they do not.”372
97. We additionally find authority in the Truth in Caller ID Act.373 We find that the rules we adopt today are necessary to enable voice service providers to help prevent these unlawful acts and to protect voice service subscribers from scammers and bad actors, and that section 227(e) provides additional independent authority for the rules we adopt today.374
98. While the TRACED Act directs us to require each voice service provider to implement STIR/SHAKEN in its IP network,375 section 4(b)(2) of the TRACED Act frees a voice service provider from this requirement if we determine, by December 30, 2020, that “such provider of voice service”: (A) “in [IP] networks”—(i) “has adopted the STIR/SHAKEN authentication framework for calls on the [IP] networks of the provider of voice service; (ii) has agreed voluntarily to participate with other providers of voice service in the STIR/SHAKEN authentication framework; (iii) has begun to implement the STIR/SHAKEN authentication framework; and (iv) will be capable of fully implementing the STIR/SHAKEN authentication framework” not later than June 30, 2021; and (B) “in non-[IP] networks”—(i) “has taken reasonable measures to implement an effective call authentication framework; and (ii) will be capable of fully implementing an effective call authentication framework” not later than June 30, 2021.376
99. Below, we read section 4(b)(2) of the TRACED Act as creating two exemptions: one for IP calls and one for non-IP calls. To ensure that the exemption only applies where warranted and to provide parties with adequate guidance, we expand on each of the prongs that a voice service provider
must meet to obtain an exemption, and adopt rules accordingly. We find that the best way to implement the TRACED Act’s exemption provision in a timely manner is via a certification process and thus adopt rules requiring that a voice service provider that wishes to receive an exemption submit a certification that it meets the criteria for the exemptions that we have established pursuant to section 4(b)(2)(A), section 4(b)(2)(B), or both. To guard against the risk of gaps and improper claims of the exemption, we require voice service providers that receive an exemption to file a second certification after June 30, 2021, stating whether they, in fact, achieved the implementation goal to which they previously committed in their initial certification. Last, we find that the TRACED Act’s exemption provision does not extend to intermediate providers. We adopt these rules pursuant to the authority expressly granted us by section 4(b)(2) of the TRACED Act.377
100. As proposed in the Further Notice of Proposed Rulemaking,378 we read section 4(b)(2) of the TRACED Act as creating two exemptions: one for IP calls and one for non-IP calls. Thus, a voice service provider may seek the exemption for its “IP networks” if it meets all four criteria for all calls it originates or terminates in SIP, and a voice service provider may seek the exemption for its “non-IP networks” if it meets both the criteria for all non-SIP calls it originates or terminates. This approach is consistent with the views of the commenters that touched upon this issue in the record.379
101. We find that this reading best implements Congress’s policy and is consistent with principles of statutory construction when considering the statute as a whole. As AT&T observes, the structure of the TRACED Act “recognizes that implementation of a caller ID authentication framework will differ for IP networks and non-IP networks.”380 Given the presence of the word “and” between the IP and non-IP networks criteria, we recognize that the exemption could potentially be read as applying only if the voice service provider meets both the IP and non-IP networks criteria. Yet such a reading would render the exemption an empty set or nearly so because of the absence of an effective solution for non-IP caller ID authentication at present, such that few, if any, voice service providers will be able to claim that they will be capable of “fully implementing” an effective non-IP caller ID authentication framework by June 30, 2021.381 Our reading cabins the nullity risk more narrowly, thus better effectuating Congress’s goal of creating a meaningful exemption.382
102. Our approach also further encourages prompt deployment of STIR/SHAKEN. We understand the statutory exemption to both encourage and reward early progress in deployment. Therefore, by giving voice service providers a path to exemption solely for their IP networks—the only types of networks on which STIR/SHAKEN can effectively operate—our approach will effectuate Congress’s intent to encourage faster progress in STIR/SHAKEN deployment. And by separating IP and
non-IP calls in this way, we align our exemption process with the call-by-call vision of a caller ID authentication implementation mandate that subjects different parts of a voice service provider’s network to different requirements.
103. To ensure that the exemption only applies where warranted and to provide parties with adequate guidance, we expand on each of the four substantive prongs laid out in the TRACED Act that a voice service provider must meet to obtain an exemption.
104. Prong (i)—Adoption of STIR/SHAKEN. In the Further Notice of Proposed Rulemaking, we proposed to interpret the phrase “has adopted the STIR/SHAKEN authentication framework for calls on the [IP] networks of the provider of voice service”383 in prong (A)(i) to mean that the voice service provider has publicly committed, via a certification, to complete implementation of STIR/SHAKEN by June 30, 2021.384 In light of the comments in the record, we modify this proposal to require that the voice service provider has completed the network preparations necessary to deploy the STIR/SHAKEN protocols on its network, including, but not limited to, by participating in test beds and lab testing, or completing commensurate network adjustments to enable the authentication and validation of calls on its network consistent with the STIR/SHAKEN framework.
105. We agree with commenters that focusing on network preparations will provide significant concrete evidence that a voice service provider is taking the necessary steps in its STIR/SHAKEN implementation, and will thus offer confirmation that a provider has adopted the STIR/SHAKEN authentication framework.385 We further agree with AT&T that our original certification-based proposal would not provide specific measurable criteria by which to assess a provider’s progress.386 Simply issuing a commitment will not do as much to ensure that voice service providers are actually doing so as will an obligation to undertake the network preparations necessary to operationalize the STIR/SHAKEN protocols on their networks. Taking the necessary first steps to participate in STIR/SHAKEN more affirmatively demonstrates a voice service provider’s commitment and preparedness to implement an effective caller ID authentication framework than a general declaration of intent that may or may not be accompanied by concrete steps. We disagree with T-Mobile’s unsupported contention that our previous proposal would be preferable.387 While a public commitment to complete implementation of STIR/SHAKEN by June 30, 2021 would be a welcome initial step, we conclude that the better approach is to require voice service providers to undertake the preparations necessary to implement this framework, rather than merely issuing a pledge to do so.
106. Prong (ii)—Participation with Other Providers. In the Further Notice of Proposed Rulemaking, we proposed to read the phrase “has agreed voluntarily to participate with other providers of voice service in the STIR/SHAKEN authentication framework” in prong (A)(ii)388 to require that the voice service provider has written, signed agreements with at least two other voice service providers to exchange calls with authenticated caller ID information.389 After reviewing the record, we revise this
proposal to require that the voice service provider has demonstrated its voluntary agreement to participate with other voice service providers in the STIR/SHAKEN framework by completing formal registration (including payment) and testing with the Policy Administrator.390
107. We agree with commenters that such an action would signal both a public and financial commitment to working with other voice service providers sufficient to confirm a provider’s coordination efforts.391 Registering with the Policy Administrator is a necessary predicate to participation with other voice service providers in the STIR/SHAKEN framework, and was formulated by the industry to allow the exchange of authenticated traffic without requiring dedicated agreements between voice service providers. Completing formal registration and testing with the Policy Administrator thus signals both a voice service provider’s technical readiness and willingness to participate with other providers in the STIR/SHAKEN framework. We further agree with AT&T, CTIA, and CCA that our initial proposal ignores certain market realities by assuming that every provider of voice services will require multiple agreements to exchange traffic destined to every point on the PSTN.392 Given that some voice service providers may not require two or more interconnection arrangements, let alone multiple agreements with other providers, to exchange their IP-based traffic, imposing a two-agreement requirement to demonstrate voluntary participation in the STIR/SHAKEN framework would be arbitrary and might even inject artificial inefficiencies into such arrangements.393 Our revised interpretation of prong (A)(ii) more closely aligns with the language and intended purpose of the statute, and better encourages STIR/SHAKEN implementation without introducing potential inefficiencies. Exchanging traffic using certificates assigned through the governance system is exactly the way STIR/SHAKEN is designed to work.394 Encouraging voice service providers to complete formal registration and testing with the Policy Administrator is thus the most appropriate and reasonable interpretation of the requirement in prong (A)(ii).
108. Prong (iii)—Begun to Implement. As proposed in the Further Notice of Proposed Rulemaking,395 we implement the phrase “has begun to implement the STIR/SHAKEN authentication framework” in prong (A)(iii) by requiring that the voice service provider has completed the necessary network upgrades to at least one network element (e.g., a single switch or session border controller) to enable the authentication and verification of caller ID information consistent with the STIR/SHAKEN standards.396 This interpretation requires a voice service provider to make meaningful progress on implementation by the time of certification, while taking into account that voice service providers will have limited time between adoption of this Order and the December 30, 2020 deadline for exemption determinations.397 While CCA argues that our approach is unachievable and overly prescriptive, we
disagree.398 To the contrary, our approach accounts for the abbreviated timeframe by giving voice service providers the flexibility to choose to complete upgrades on the network element which they can upgrade most efficiently.399
109. In this case, we find USTelecom’s suggestion that we require voice service providers to establish the capability to authenticate originated traffic and/or validate such traffic terminating on their networks to be excessively vague, and it is unclear how little or how much voice service providers would be required to do under such a rule.400 Depending on the voice service provider, simply “establishing” the capability to authenticate originated traffic and/or validate such traffic terminating on their networks could consist of fully implementing this capability or merely attaining this capability without actually deploying it in one’s network. To the extent that USTelecom—which does not provide a rationale for its proposal—is concerned that the standard we adopt will be too easily met, we are confident that the opportunity to verify implementation of an effective authentication framework will help identify any voice service providers that fail to meet their STIR/SHAKEN implementation commitments.
110. Prong (iv)—Capable of Fully Implementing. Last, and as proposed in the Further Notice of Proposed Rulemaking,401 we implement the obligation to “be capable of fully implementing the STIR/SHAKEN authentication framework” not later than June 30, 2021, in prong (A)(iv) so as to require that the voice service provider reasonably foresees that it will have completed all necessary network upgrades to its network infrastructure to be able to authenticate and verify caller ID information for all SIP calls exchanged with STIR/SHAKEN-enabled partners by June 30, 2021.402 After considering the arguments in the record, we agree with T-Mobile that our proposal is preferable to USTelecom’s narrower alternative of requiring a certification that all consumer VoIP and VoLTE traffic originating or terminating on a voice service provider’s network either is or will be capable of authentication and validation by June 30, 2021.403 This requirement falls short of our implementation mandate, which requires that all calls be subject to caller ID authentication and verification—not just consumer VoIP and VoLTE traffic—except for those subject to the narrow and time-limited extensions we adopt today. To grant an exemption for voice service providers that will be capable of anything short of full compliance would indefinitely leave out calls the TRACED Act and our rules thereunder require to be subject to caller ID authentication. Such an approach also is inconsistent with the statute, which requires “full[] implementation[]” by June 30, 2021, so it is appropriate for us to demand that a provider reasonably foresee that it will meet that standard, rather than set a bar that is more easily cleared at the twelve-month mark but that heightens the risk of a voice service provider ultimately falling short just six months later. While we understand AT&T’s point that voice service providers with more complex, diverse networks will necessarily have more complicated and costly STIR/SHAKEN implementation requirements, we do not think that our proposal is “overly rigid” or “ambiguous.”404 Nor do we agree with CCA that it is “overly prescriptive.”405 Rather, we institute a clear requirement that voice service providers “reasonably foresee” that they will be able to meet the standard Congress established by the deadline that Congress established. This interpretation gives as much latitude to voice service providers as possible to achieve the desired benchmarks while still requiring some basis for the claim that a provider is “capable of fully
implementing the STIR/SHAKEN authentication framework.”406
111. Under the TRACED Act, a voice service provider is excused from the requirement to take reasonable measures to implement an effective caller ID authentication framework in the non-IP portions of its network if the Commission finds that it: (1) has taken reasonable measures to implement an effective caller ID authentication framework in the non-IP portions of its network; and (2) will be capable of fully implementing an effective caller ID authentication framework in the non-IP portions of its network not later than June 30, 2021.407 While we anticipate that in the non-IP context few if any voice service providers will seek to take advantage of this exemption because of the difficulties in “fully implementing an effective caller ID authentication framework” by June 30, 2021, we nevertheless adopt standards for determining whether a voice service provider has met both requirements necessary to receive an exemption under section 4(b)(2)(B) of the TRACED Act for the non-IP portions of its network, as required by the TRACED Act.
112. In the Further Notice of Proposed Rulemaking, we sought comment on section 4(b)(2)(B) and whether there was an “acceptable interpretation of the ‘fully implementing’ prong that would make it more achievable for voice service providers to qualify for the exemption.”408 We further sought comment on what constitutes an “effective” call authentication framework and “reasonable measures” for purposes of this section.409 We now find that a voice service provider satisfies the first prong—requiring reasonable measures to implement an effective caller ID authentication framework—if it can certify that it is working to develop a non-IP authentication solution. Because the statutory language is similar to that used to establish the non-IP mandate,410 we find it appropriate to harmonize our interpretation of these two provisions.411 AT&T supports a proposal to require providers to participate in either standards development for a TDM call authentication framework or implement a robust robocall mitigation program as two options for satisfying the “reasonable measures” prong of this section.412 We agree as to the former suggestion, but we find the latter suggestion unduly overlaps with the distinct robocall mitigation program requirement under the statute.
113. We implement the provision in section 4(b)(2)(B)(ii) of the TRACED Act that voice service providers be “capable of fully implementing an effective caller ID authentication framework in
the non-IP portions of their networks not later than [June 30, 2021]” by requiring that the voice service provider reasonably foresees that it will have completed all necessary network upgrades to its infrastructure to be able to authenticate and verify caller ID information for all non-IP calls originating or terminating on its network as provided by a standardized caller ID authentication framework for non-IP networks.413 This approach is consistent with our approach to the fourth prong of the IP network exemption, in which we construe “fully implementing” to mean that caller ID information is able to be authenticated and verified for all calls exchanged with technically-able partners. Further, it is consistent with our evaluation of when a non-IP caller ID authentication framework is “reasonably available,” and we consistently consider such a framework to be “effective” only when it is standardized. We find that this approach gives as much latitude to voice service providers as possible to achieve the desired result within the prescribed timeframe while again requiring some basis for the claim—here, that the provider be “capable of fully implementing an effective caller ID authentication framework.”414
114. As proposed in the Further Notice of Proposed Rulemaking,415 we find that the best way to implement the TRACED Act’s exemption provision is via a certification process. Specifically, we require a voice service provider that seeks to receive an exemption to submit a certification that it meets the criteria for the IP networks exemption that we have established pursuant to section 4(b)(2)(A), the criteria for the non-IP networks exemption that we have established pursuant to section 4(b)(2)(B), or both, as appropriate for its network(s). Given the inherent and obvious difficulty of making individualized determinations of whether providers qualify for the IP networks exemption on such a truncated timeframe, we find that a certification process is necessary to allow us to meet Congress’s deadline for completion of exemption determinations by December 30, 2020. This approach is unopposed, and both T-Mobile and AT&T support the use of a certification process “as the appropriate vehicle for a voice service provider to assert its qualification for either or both of the statutory exemptions.”416
115. Each voice service provider that seeks to qualify for either the section 4(b)(2)(A) or the section 4(b)(2)(B) exemption, or both, must have an officer of the voice service provider sign a compliance certificate stating under penalty of perjury that the officer has personal knowledge that the company meets each of the stated criteria. Such an attestation is necessary to ensure the accuracy of the underlying certification.417 We also require the voice service provider to submit an accompanying statement explaining, in detail, how the company meets each of the prongs of each applicable exemption so that the Commission can verify the accuracy of the certification.418
116. As proposed in the Further Notice of Proposed Rulemaking,419 all certifications submitted pursuant to this requirement must be filed no later than December 1, 2020. All certifications and
supporting statements must be filed electronically in WC Docket No. 20-68, Exemption from Caller ID Authentication Requirements, in the Commission’s Electronic Comment Filing System (ECFS).420 We direct the Bureau to provide additional directions and filing information regarding the certifications— including issuing protective orders governing the submission and review of confidential and highly confidential information, where necessary421—by November 9, 2020, or in the Public Notice announcing Office of Management and Budget approval of this process, whichever comes sooner. And we direct the Bureau to review the certifications and accompanying documents for completeness and to determine whether the certifying party has met the requirements we have established. We further direct the Bureau to issue a list of parties that have filed complete, valid compliance certifications and that will thus receive the exemption(s) on or before December 30, 2020.
117. Because of the limited time for review of certifications, we proposed in the Further Notice of Proposed Rulemaking that any voice service providers that file inadequate certifications would not receive an opportunity to cure and instead would be subject to the general duty we established to implement STIR/SHAKEN by June 30, 2021.422 We adopt this proposal here. We find this consequence to be reasonable and appropriate because the purpose of the certification is merely to determine which voice service providers would, in the absence of the STIR/SHAKEN obligation, nonetheless be able to implement STIR/SHAKEN in a timely manner. While we are sympathetic to AT&T’s suggestion that we permit voice service providers a chance to cure and revise their certifications should they be found deficient, the extremely truncated timeline for review of certifications prevents us from allowing such options.423 Simply put, there is insufficient time to permit voice service providers to revise and resubmit certifications that the Bureau has deemed deficient and for the Bureau to review such resubmitted certifications prior to the statutory December 30, 2020 deadline for completion of exemption determinations. Voice service providers must do their best to demonstrate in their initial certifications that they have met all the statutory requirements necessary to qualify for an exemption. Moreover, as stated above, we find the inability of voice service providers to “cure” deficient certifications to be insignificant given the purpose of the certification.
118. Implementation Verification. The section 4(b)(2)(A) and (B) exemptions are, by their nature, based on a voice service provider’s prediction of its future ability to implement STIR/SHAKEN by June 30, 2021. As we explained in the Further Notice of Proposed Rulemaking, we believe that Congress intended for us to verify, after the fact, that voice service providers claiming the exemption completed full implementation in accordance with their commitments.424 Such a review is consistent with the TRACED Act both because the broad structure of section 4 aims toward full implementation of caller ID authentication and because sections 4(b)(2)(A)(iv) and 4(b)(2)(B)(ii) each state that a voice service provider may receive the exemption only if it “will” be capable of “fully” implementing a caller ID authentication framework (STIR/SHAKEN or “an effective call authentication framework,” respectively).425 This approach is unopposed in the record, and T-Mobile correctly notes that without such verification, the voluntary exemption could be misused as a loophole by voice service providers, thereby diminishing the ultimate effectiveness of STIR/SHAKEN implementation, the success of which depends on the participation of a critical mass of voice service providers.426 To guard against the risk of gaps and abusive claims of the exemption, and as proposed in the Further Notice of Proposed
Rulemaking,427 we therefore require voice service providers that receive an exemption to file a second certification after June 30, 2021, stating whether they, in fact, achieved the implementation goal to which they previously committed.
119. As proposed in the Further Notice of Proposed Rulemaking, the certification must be filed electronically in WC Docket No. 20-68, Exemption from Caller ID Authentication Requirements, in ECFS subject to the same allowance for confidentiality and requirements for sworn signatures and detailed support as the initial certifications.428 This process will not only help the Bureau to verify the accuracy of the certification, but will assist it in conducting its review while at the same time ensuring that any confidential or proprietary information included by filers remains safe from disclosure. We direct the Bureau to issue a Public Notice no later than three months after June 30, 2021, setting a specific deadline for the certifications and providing detailed filing requirements. We direct the Bureau to seek public comment on these certifications. Following review of the certifications, supporting materials, and responsive comments, we direct the Bureau to issue a Public Notice, no later than four months after the date of filing of the certifications, identifying which voice service providers achieved the implementation goal to which they previously committed. As suggested in the record,429 we clarify that voice service providers that certified in December of 2020 that they have already fully implemented the necessary STIR/SHAKEN requirements, and for which the Bureau accepted the certification, need not file a second certification. This second filing is required only from those voice service providers that have not yet “fully implemented” STIR/SHAKEN by the time of their initial December 2020 certification, but have committed to doing so by June 30, 2021.
120. We disagree with T-Mobile’s assertion that there is little value is seeking public comment on voice service providers’ certifications.430 While T-Mobile is correct that a review of whether a voice service provider has conformed to the terms of its exemption declarations and implemented STIR/SHAKEN will require a technical analysis, we anticipate that the considered comments of market participants, technical and trade associations, and industry professionals can inform and enrich the Bureau’s analysis of any such technical issues.431 Further, allowing comments is critical to maintaining a clear and transparent process. Moreover, to the extent that parties must submit confidential information, the Bureau will issue protective orders governing submission and review akin to those we have employed in numerous other contexts.432 There is thus no risk that any voice service provider will be obligated to publicly disclose “sensitive network information” as part of this certification and comment process.433
121. As proposed in the Further Notice of Proposed Rulemaking, if a voice service provider cannot certify to full implementation upon the filing of the second certification but demonstrates to the Bureau that (1) it filed its initial certification in good faith—i.e., with a reasonable expectation that it would be able to achieve full implementation as certified—and (2) made similarly good faith efforts to complete implementation, the consequence for such a shortcoming is the loss of the exemption and
application of the general rule requiring full STIR/SHAKEN implementation, effective immediately upon release of the Bureau Public Notice identifying which voice service providers achieved the implementation goal to which they previously committed. We find that an immediate effective date is required to ensure that certain voice service providers do not receive an extension not granted to similarly situated voice service providers simply because they filed a certification they later failed to meet. If the Bureau finds that a voice service provider filed its initial certification in bad faith or failed to take good faith steps toward implementation, we will not only require that voice service provider to fully implement STIR/SHAKEN immediately, but will further direct the Bureau to refer the voice service provider to the Enforcement Bureau for possible enforcement action based on filing a false initial certification.434
122. We proposed in the Further Notice of Proposed Rulemaking to interpret the TRACED Act’s exemption process to apply only to voice service providers and to exclude intermediate providers.435 We adopt that approach here. No commenters addressed this issue in the record. In the TRACED Act, Congress directs the Commission to require “provider[s] of voice service” to implement STIR/SHAKEN in the IP portions of their networks.436 The exemption provisions in section 4(b)(2) of the TRACED Act similarly refer to “provider[s] of voice service.”437 Because the obligation on intermediate providers to implement the STIR/SHAKEN authentication framework is being adopted pursuant to our authority in the Truth in Caller ID Act and section 251(e),438 we do not believe that the exemption process, which is mandated under and governed by the TRACED Act, needs to apply to such intermediate providers.439 We do not find that there is a compelling policy argument in favor of extending the TRACED Act’s exemption process to intermediate providers. The exemption process as laid out in the TRACED Act will not have long-term benefits to providers, since even those that qualify for the exemption must be capable of fully implementing either the STIR/SHAKEN authentication framework or an effective call authentication framework not later than June 30, 2021.440 Given this, we are disinclined to add further administrative and regulatory complication where not required by the TRACED Act.
123. We adopt our proposal in the First Caller ID Authentication Report and Order and Further Notice to prohibit voice service providers from imposing additional line item charges on consumer or small business subscribers for caller ID authentication.441 The record reflects support for this
proposal,442 and we believe adopting it is a straightforward implementation of Congress’s direction and authority in the TRACED Act to “prohibit providers of voice service from adding any additional line item charges to consumer or small business customer subscribers for the effective call authentication technology.”443
124. We are unconvinced by arguments opposed to the rule we adopt today. MT Networks argues that we should instead affirmatively permit voice service providers to list caller ID authentication “as a billable feature on their line.”444 Because MT Networks fails to explain how such an alternative course of action would be consistent with the text of the TRACED Act, we decline to adopt such a suggestion. Securus argues that the prohibition on line item charges should not apply to inmate calling service providers.445 We similarly decline to adopt such an exemption for these providers, as the TRACED Act’s prohibition on line item charges extends to all “providers of voice service,” which includes inmate calling service providers.446
125. Other commenters argue that we should go even further than the TRACED Act and prohibit voice service providers from recouping costs of caller ID authentication and other robocall mitigation solutions entirely.447 We decline to take such action because doing so would go beyond the directive in the TRACED Act, and because we recognize that implementation of caller ID authentication imposes cost on voice service providers.448 Additionally, the record shows that some voice service providers may not have enough resources simply to absorb the cost of implementing caller ID authentication.449 By not prohibiting cost recovery through alternate means, we promote the investment by all voice service providers in caller ID authentication solutions for their networks.450
126. As proposed, we interpret “consumer” in this context to mean residential mass market
subscribers, and adopt a rule consistent with this interpretation.451 We interpret “consumer” to refer to individual subscribers because we believe this interpretation will protect individuals from receiving line item charges on their bills. We received no opposition in the record to our proposal. We also adopt our proposal to interpret “small business” to refer to business entities that meet the Small Business Administration definition of “small business.”452 We adopt this definition of “small business” because it reflects the judgment of the Small Business Administration, which has expertise in this area. We received no opposition in the record for this interpretation. We decline to adopt RadNet’s proposal that we prohibit voice service providers “from charging healthcare facilities and providers, regardless of size, for call authentication technology,”453 because the TRACED Act establishes the classes of entities that Congress intended to protect from additional line item charges for caller ID authentication: consumers and small business subscribers.454 Additionally, healthcare facilities that meet the standard for “small business” that we establish are covered by our rule, and so separate protection for such healthcare facilities would be redundant. Healthcare facilities that exceed the definition of “small business” are in a better position to negotiate billing arrangements with voice service providers than small businesses and residential mass market subscribers. Thus, providing them with the same protections would be unnecessary.
127. We also adopt our proposal to implement this section of the TRACED Act by prohibiting voice service providers from imposing a line item charge for the cost of upgrading network elements that are necessary to implement caller ID authentication, for any recurring costs associated with the authentication and verification of calls, or for any display of caller ID authentication information on their subscribers’ phones.455 Caller ID authentication solutions work by allowing the originating voice service provider to authenticate the caller ID information transmitted with a call it originates, and the terminating provider to verify that the caller ID information transmitted with a call it receives is authentic and act on the information provided after verification. The record reflects that voice service providers must upgrade their existing network elements to enable caller ID authentication,456 and pay recurring maintenance and other operating fees in order to actively authenticate caller ID information.457 And, for caller ID authentication technology to be meaningful for subscribers, voice service providers may choose to display caller ID authentication information to their end users. We find that the prohibition as adopted covers the full scope of costs “for” providing caller ID authentication to consumer and small business subscribers.458
128. CenturyLink argues that this is too expansive a reading of the TRACED Act’s
language.459 Instead, CenturyLink suggests that, to be more aligned with the language of the TRACED Act, we only prohibit line items for costs “related to the basic signing of calls and verifying of Identity headers.”460 We fail to see how costs associated with, for example, network upgrades that are necessary to implement caller ID authentication are not “for” such technology, and CenturyLink does not explain why we should read “for” in this context so narrowly. We also note that we do not prohibit cost recovery for such costs by alternative means.
129. To further promote effective, network-wide caller ID authentication, we adopt the proposal from our First Caller ID Authentication Report and Order and Further Notice to extend our STIR/SHAKEN implementation mandate to intermediate providers.461 The STIR/SHAKEN framework enables an end-to-end system for authenticating the identity of the caller.462 For this system to work, the Identity header must travel the entire length of the call path—even when a call transits the networks of intermediate providers.463 Thus, intermediate providers play a crucial role in this system. In the First Caller ID Authentication Report and Order and Further Notice, we proposed imposing obligations on intermediate providers for calls they receive with authenticated and unauthenticated caller ID information.464 For calls with authenticated caller ID information that an intermediate provider receives and will exchange in SIP, we proposed requiring an intermediate provider to pass any Identity header associated with that call, unaltered, to the subsequent provider in the call path.465 And for calls an intermediate provider receives without authenticated caller ID information that it will exchange in SIP, we proposed requiring the intermediate provider to authenticate that call with “gateway” or “C”-level attestation before passing it to the subsequent intermediate or voice service provider in the call path.466 With modifications, we adopt both of these proposals.
130. We adopt our proposal to require intermediate providers to pass any Identity header that they receive to the terminating voice service provider or subsequent intermediate provider in the call path. This means, technically, that the intermediate provider must forward the Identity header downstream in the SIP INVITE.467 By placing this requirement on intermediate providers, we ensure that SIP calls can benefit from STIR/SHAKEN regardless of what provider transits the call. This proposal received wide support, and no opposition, in the record.468 INCOMPAS, which notes that it represents a number of entities that act as intermediate providers, agrees that “[t]he success of STIR/SHAKEN ultimately depends on the broad participation of voice service providers, including, wherever technically feasible, intermediate providers.”469 AT&T, Comcast, and Verizon also all confirm the importance of adopting this rule. AT&T notes that “requiring intermediate providers to pass through Identity header information is necessary to ensure that calls retain authentication information across the entire call path.”470 Comcast writes that “[a]chieving truly nationwide call authentication requires the participation of all providers involved in transmitting voice calls, including intermediate providers.”471 And Verizon emphasizes that regulatory action is necessary to ensure intermediate provider involvement in the system.472 We agree with these assertions.
131. Additionally, we further adopt our proposal to require intermediate providers to pass the Identity header unaltered.473 We find that this requirement is necessary to prevent a downstream provider from tampering with the Identity header and thus undermining the end-to-end chain of trust between the originating and terminating voice service providers. Commenters support this approach,474 with NCTA stating that it is necessary to “maintain the integrity of the authentication information and reduce the potential for inadvertent error or intentional manipulation,”475 and Hiya noting that “having access to untampered identity headers will significantly aid analytics and, as a result, the detection of illegal robocalls.”476 This requirement ensures that all SIP calls benefit from STIR/SHAKEN, increasing the effectiveness of STIR/SHAKEN in combating illegally spoofed robocalls and fraudulent robocall schemes.477 And although entities acting as intermediate providers will face implementation costs in order to forward unaltered Identity headers, they will not face the recurring costs necessary to authenticate
and verify caller ID information.478 Moreover, we expect these one-time implementation costs to be far less than the benefits of this intermediate provider requirement because the inclusion of intermediate providers is important to achieving the benefits discussed in the First Caller ID Authentication Report and Order.479 Requiring intermediate providers to pass the Identity headers that they receive to the subsequent intermediate provider in the call path or the terminating voice service provider is crucial to ensuring end- to-end caller ID authentication and unlocking these benefits for consumers and providers alike.
132. The record convinces us, however, to modify our proposal to allow an intermediate provider to strip the Identity header in two narrow circumstances: (1) for technical reasons where necessary to complete the call, and (2) for security reasons where an intermediate provider reasonably believes the Identity header presents a threat to its network security. Several commenters explain that these are legitimate reasons why an intermediate provider might need to strip the Identity header.
133. In identifying the limited technical reasons an intermediate provider may need to strip the Identity header, the industry standards group ATIS explains that it may be necessary to strip an Identity header for call completion in cases such as Government Emergency Telecommunications Service (GETS) call processing;480 INCOMPAS identifies instances where the Identity header may be too large to successfully transit the network;481 and we recognize it may be necessary to strip the Identity header before exchanging a call with a non-IP provider or at a non-IP interconnection point. We emphasize that the technical necessity exception is narrow and limited to circumstances that are necessary to complete the call. The technical necessity exception does not extend to failures or inadequacies in an intermediate provider’s network. As the technology supporting STIR/SHAKEN advances and improves, it may be possible to transmit headers in circumstances where it previously was not. As such, we will continue to monitor the use of this exception and adjust its outer limits as needed. Commission staff will not hesitate to refer reports of intermediate providers abuse of this exception to the Enforcement Bureau.
134. Regarding the security exception, Verizon advocates that we allow intermediate providers to act should Identity headers become “an attack vector used by bad actors.”482 We agree and so do not prohibit an intermediate provider from stripping the Identity header when it reasonably believes the header presents an imminent threat to its network security. We do not, however, permit an intermediate provider to strip the header if it believes the Identity header has been tampered with or is fraudulent short of presenting an imminent security threat.483 This narrow exception does not empower the intermediate provider to make determinations on behalf of other providers in the call path or to
interfere with the verification process defined in the SHAKEN standards.484 Instead, our goal is to permit an intermediate provider to act in the face of an imminent security threat to its network. We emphasize that intermediate providers must employ this exception sparingly, and the exception will not apply where an intermediate provider strips Identity headers routinely instead of maintaining reasonable network security. Furthermore, since no commenter identified a circumstance where an intermediate provider would need to alter the Identity header, we specify that intermediate providers may not alter Identity headers under any circumstance.
135. Relatedly, we prohibit an originating voice service provider from sending excessively large headers with the goal of evading STIR/SHAKEN compliance by forcing an intermediate provider to strip the header before exchanging the call with a subsequent downstream provider. We would consider such conduct a violation of our rule requiring an originating voice service provider to authenticate caller ID information for calls it originates and exchanges with another voice service provider or intermediate provider.485
136. ACA Connects proposes that we prohibit intermediate providers from passing a call they have received in SIP to a downstream provider in TDM when there is a downstream IP option available.486 We decline to adopt this proposal because, at this early stage, we do not wish to interfere with call routing decisions for the sake of promoting STIR/SHAKEN. Providers must consider a variety of factors when routing calls, including cost and reliability, and we do not believe at this stage that preserving STIR/SHAKEN headers should swamp all other considerations. For the same reason, we decline to adopt USTelecom’s suggestion to require gateway providers to pass international traffic only to downstream providers that have implemented STIR/SHAKEN.487 Finally, while we do not require intermediate providers to append duplicative Identity headers to calls that they transit,488 we decline to prohibit this practice at this stage of STIR/SHAKEN deployment across the voice network.489 AT&T contends that, if intermediate providers append duplicative Identity headers, it would add additional complexity and consume bandwidth for other providers.490 However, this issue received little attention in the record and, at this time, we have no reason to think it is a practice industry will adopt widely. We decline to be overly prescriptive at this early stage of deployment, and we will monitor this issue for any problems that develop.
137. We also adopt a modified version of the proposed authentication requirement on intermediate providers for unauthenticated calls. Specifically, we require that an intermediate provider authenticate the caller ID information of a call that it receives with unauthenticated caller ID information that it will exchange with another intermediate provider or terminating voice service provider as a SIP call. However, a provider is relieved of this obligation if it (i) cooperatively participates with the industry traceback consortium and (ii) responds to all traceback requests it receives from the Commission, law enforcement, or the industry traceback consortium regarding calls for which it acts as an intermediate
provider.491 Our final requirement differs from our proposed requirement in two ways. First, we do not require an intermediate provider to authenticate with a C-level or gateway attestation. Instead, if a provider chooses to authenticate the caller ID information of an unauthenticated call that it receives, we require only that a provider authenticate the caller ID information consistent with industry standards. And second, our modified requirement allows participation with the industry traceback consortium as an alternative option for compliance.
138. In the First Caller ID Authentication Report and Order and Further Notice, we proposed requiring intermediate providers to authenticate caller ID information for unauthenticated traffic that they receive with a C-level attestation, and tentatively concluded this requirement would improve traceback efforts and analytics. Some commenters—including major voice service providers that have reported substantial progress in STIR/SHAKEN implementation—endorse our reasoning that such a rule is in compliance with the industry standards,492 would enhance traceback capabilities,493 and would benefit call analytics.494 Neustar argues that intermediate providers should authenticate caller ID information for calls that they transmit that lack such information because “it allows the terminating voice service provider to more easily traceback otherwise unauthenticated calls, and provides additional information that can be used to facilitate innovation in the robocall analytics space.”495 And T-Mobile explains that intermediate provider authentication would be useful to terminating voice service providers because “[h]aving some information regarding this large subset of calls to enable traceback and strengthen analytics is preferable to having no information on which to make blocking and labeling decisions.”496
139. We modify our proposal to require attestation consistent with industry standards rather than specifically requiring C-level attestation because this approach better aligns with our goal of promoting implementation of the industry-defined caller ID authentication standards rather than interfering with their technical application. This modification brings our intermediate provider rules in line with the STIR/SHAKEN obligations we imposed on originating and terminating voice service providers. In the First Caller ID Authentication Report and Order and Further Notice, we explained that for compliance with our rules it would be sufficient to adhere to the three standards that comprise the foundation of the STIR/SHAKEN framework—ATIS-1000074, ATIS-1000080, and ATIS-1000084—and all documents referenced therein.497 Recognizing that industry standards are not static, we framed the most recent versions of these standards as the baseline requirements for compliance.498 We follow that approach here and establish that compliance with the most current version of these three standards as of September
30, 2020, including any errata as of that date or earlier, represents the minimum requirement for intermediate providers to satisfy our rules. We encourage innovation and improvement to the STIR/SHAKEN framework, so long as any changes or additions do not compromise the baseline call authentication functionality envisioned by ATIS-1000074, ATIS-1000080, and ATIS-1000084.499
140. Beyond harmonizing our requirements on intermediate providers and originating and terminating voice service providers, this modification responds to record interest in allowing, where possible, intermediate providers to authenticate caller ID information with a higher level of attestation than a C-level attestation.500 It is not our intent to preclude or interfere with efforts to accommodate this interest; only to ensure the caller ID information for such calls be authenticated. To that end, we agree with commenters that argue we should not require intermediate providers to authenticate calls with a specific level of attestation,501 and require instead that intermediate providers authenticate the caller ID information for unauthenticated calls consistent with industry standards as described above. This clarification allows for and encourages industry progress, and we look forward to seeing progress on the numerous proposals in the record to allow for more robust authentication of such calls.502
141. Although we establish this requirement, in response to arguments that our proposal was unduly burdensome in some cases,503 we allow for an intermediate provider to register and participate with the industry traceback consortium as an alternative means of complying with our rules. Several commenters claim that a requirement for intermediate providers to authenticate the caller ID information of all unauthenticated calls that they receive would cause bandwidth problems within provider networks.504 Several commenters also express concern that an attestation requirement would undermine the efficacy of STIR/SHAKEN by “pollut[ing] the ecosystem” with “billions of useless attestations,”
causing customer harm and confusion.505 Further, some commenters contend that such a requirement would not lead to the benefits that we proposed would accrue.506 Other commenters in the record push back on these concerns,507 and because of the potential value of more ubiquitous authentication, we do not find that these concerns justify the elimination of this requirement entirely. We find that attestation of previously unauthenticated calls will provide significant benefits in facilitating analytics, blocking, and traceback by offering all parties in the call ecosystem more information, and we thus allow attestation of unauthenticated calls as one method for compliance. This conclusion is consistent with our analysis in the First Caller ID Authentication Report and Order, where we found that the benefits of requiring providers to authenticate calls will substantially outweigh the costs.508
142. While we make this conclusion, we acknowledge record concerns about the cost of requiring intermediate provider authentication and thus offer an alternative method of compliance that we anticipate will be less burdensome and will nonetheless facilitate traceback of calls. Specifically, establish that an entity acting as an intermediate provider is relieved of the requirement to authenticate the caller ID information of unauthenticated calls it receives if it (i) cooperatively participates with the industry traceback consortium, and (ii) responds to all traceback requests it receives from the Commission, law enforcement, or the industry traceback consortium for calls for which it acts as an intermediate provider.509
143. Providing this option addresses intermediate provider concerns over the burden that an authentication requirement would place on their networks. It further allows for continued evaluation of the role intermediate providers play in authenticating the caller ID information of the unauthenticated calls that they receive amid the continued deployment of the STIR/SHAKEN framework. By ensuring that all calls which transit the voice network either receive some form of attestation or are carried by an intermediate provider that is registered with the industry traceback consortium, terminating voice service providers will have more data about a call that can be used to support traceback efforts and call analytics, and prevent future illegal robocalls—further increasing the net benefits offered by STIR/SHAKEN. Additionally, providing this option for intermediate providers aligns with the robocall mitigation requirements we adopt today. By requiring intermediate providers and many originating voice service providers to engage in practices that promote traceback, we will ensure broad participation through the entire call path to determine the source of illegal robocalls. Although the obligation to either authenticate or participate in the industry traceback consortium with respect to unauthenticated calls will place costs on intermediate providers, we have no reason to believe that our additional mandate will fundamentally
disturb our cost-benefit calculus for STIR/SHAKEN implementation.510
144. We find it unnecessary to adopt CTIA’s suggestion to require intermediate providers serving as international gateways to register with the Commission.511 Under the rules we adopt, such providers are required either to authenticate the caller ID information of the foreign-originated calls that they receive and will transit on their networks or to register with the industry traceback consortium and participate in traceback efforts. Both options we adopt address call tracing more directly than a mere registration requirement, and we are reluctant to create multiple overlapping registration requirements for providers that choose the latter option. We can revisit CTIA’s suggestion should the measures we adopt prove insufficient.
145. In the First Caller ID Authentication Report and Order and Further Notice, we proposed limiting our caller ID authentication obligations on intermediate providers to IP calls.512 We adopt our proposal with modifications. First, we adopt this proposal for calls with authenticated caller ID information that an intermediate provider receives. In so doing, we limit the requirement that intermediate providers pass any received Identity header unaltered to IP calls, that is, calls that the intermediate provider receives in SIP and exchanges with a terminating provider or another intermediate provider in SIP. Commenters support limiting our rule to IP calls,513 and doing so harmonizes our rules for intermediate providers with our rules applying to originating and terminating voice service providers.514
146. Second, we modify this proposal for calls with unauthenticated caller ID information that an intermediate provider receives. To the extent that an intermediate provider chooses to comply with the rules we adopt today by authenticating the caller ID information of the unauthenticated calls that it receives, as Comcast suggests,515 we clarify that this requirement applies to all unauthenticated calls an intermediate provider receives that it will exchange with a subsequent provider in SIP, regardless of whether the intermediate provider receives the call in SIP. In other words, if the intermediate provider chooses to authenticate the caller ID information of unauthenticated calls, the obligation applies if the intermediate provider transmits the call downstream in SIP. We make this modification in recognition of the fact that calls without authenticated caller ID information may have originated on non-IP networks or have been exchanged at non-IP interconnection points and thus do not have an existing Identity header. In those instances, the obligation to authenticate the caller ID information according to industry standards applies whether or not the call was received by the intermediate provider in SIP.
147. We decline to adopt Comcast’s proposal that intermediate providers exchanging traffic in TDM install TDM-to-VoIP gateways.516 At this time, we believe that such a requirement would be
unduly burdensome.517 Furthermore, it would go beyond both Congress’s and our approach to addressing the issues around non-IP technology and caller ID authentication, which aim to strike a balance between encouraging the IP transition and the development of non-IP solutions for the benefit of those networks that cannot be speedily or easily transitioned. We will continue to monitor the development of technical solutions to the issue of TDM exchange and are prepared to return to this proposal if circumstances warrant.
148. We adopt our proposal from the First Caller ID Authentication Report and Order and Further Notice to use the definition of “intermediate provider” found in section 64.1600(i) of our rules.518 This section provides that an “intermediate provider” is “any entity that carries or processes traffic that traverses or will traverse the [PSTN] at any point insofar as that entity neither originates nor terminates that traffic.”519 We further determine that as with our interpretation of “providers of voice service,” we assess the definition of “intermediate provider” on a call-by-call basis for the purpose of our call authentication rules. A single entity therefore may act as a voice service provider for some calls on its network and an intermediate provider for others. Intermediate providers play a critical role in ensuring end-to-end call authentication. We believe that this broad definition will best promote the widespread deployment of the STIR/SHAKEN framework that is necessary to benefit consumers.
149. We sought comment in the First Caller ID Authentication Report and Order and Further Notice on whether we should use a narrower definition of intermediate provider, such as the one we use in the context of rural call completion.520 One commenter advocates for a narrower definition that would “not include in its scope an ISP that is only incidentally transmitting voice traffic,” because this “could place a substantial burden on small, rural ISPs transmitting Non-Interconnected VoIP or Interconnected VoIP via a third-party service provider they have no relationship with.”521 As we explained in the First Caller ID Authentication Report and Order and Further Notice, the STIR/SHAKEN framework relies on the transmission of information in the Identity header of a SIP INVITE.522 We understand that there are circumstances where a call set up using SIP signaling will then use other paths to exchange the media packets containing voice data.523 Because we have limited our rules to the exchanging of SIP calls, to the extent that an ISP is only transmitting voice traffic of a call that does not involve the exchange of a SIP INVITE, we believe it is already excluded from our rules.
150. We find that we have the authority to place caller ID authentication obligations on intermediate providers and alternatively to require that they register and participate with the industry traceback consortium under section 251(e) of the Act. In the First Caller ID Authentication Report and Order, we concluded that our exclusive jurisdiction over numbering policy provides authority to require voice service providers to implement STIR/SHAKEN in order to prevent the fraudulent abuse of NANP resources.524 In the Further Notice, we proposed that this same analysis provides the Commission
authority to impose STIR/SHAKEN implementation requirements on intermediate providers.525 Several commenters support this view.526 Calls that transit the networks of intermediate providers with illegally spoofed caller ID are exploiting numbering resources in the same manner as spoofed calls on the networks of originating and terminating providers, and so we find authority under section 251(e).
Consistent with the First Caller ID Authentication Report and Order and Further Notice,527 we adopt our proposal concluding that the section 251(e)(2) requirements do not apply in the context of our establishing STIR/SHAKEN requirements.528
151. We find additional, independent authority under the Truth in Caller ID Act. The Truth in Caller ID Act charged the Commission with prescribing rules to make unlawful the spoofing of caller ID information “in connection with any voice service or text messaging service . . . with the intent to defraud, cause harm, or wrongfully obtain anything of value.”529 We agree with T-Mobile that this provides us with authority to mandate that intermediate providers adopt “a framework that will minimize the frequency with which illegally spoofed scam calls will reach consumers.”530 We found authority in the First Caller ID Authentication Report and Order for our STIR/SHAKEN implementation mandate on originating and terminating voice service providers under the Truth in Caller ID Act.531 We explained that “the rules we adopt today are necessary to enable voice service providers to help prevent these unlawful acts and to protect voice service subscribers from scammers and bad actors.”532 That same analysis applies to intermediate providers that, as noted, play an integral role in the success of STIR/SHAKEN across the voice network.
152. Verizon, the only commenter to challenge our legal authority, argues that we lack authority under either section 251(e) or the Truth in Caller ID Act to require an intermediate provider to authenticate with a C-level attestation the caller ID information for unauthenticated calls it receives.533 It asserts that “‘C’ attestations do not attest to the accuracy of numbers and indeed have nothing to do with numbering resources,” and consequently that section 251(e) does not provide us with authority; it further argues that “‘C’ attestations have nothing to do with the spoofing problem” and so could not be required under the Truth in Caller ID Act.534 As an initial matter, Verizon’s objections are less pressing because of the modifications we made to our final rule—requiring only authentication consistent with industry standards or registration and participation with the industry traceback consortium. Furthermore, we do not agree that C-level attestations “have nothing to do with” numbering resources or spoofing. The STIR/SHAKEN standards expressly include the option of C-level attestation, and we think it apparent
that this component of “a technology specifically designed to counteract misuse of numbering resources” through spoofing relates both to our authority under section 251(e) 535 and the Truth in Caller ID Act.
When bad actors unlawfully falsify or spoof the caller ID that appears on a subscriber’s phone, they are using numbering resources to advance an illegal scheme. Mandating that intermediate providers authenticate unauthenticated calls or participate in traceback efforts will help to prevent and remediate the fraudulent exploitation of NANP resources and illegal spoofing of caller ID information.
153. No Additional Exceptions from Originating Voice Service Provider Caller ID Authentication Mandate. We reject the record requests to grant limited exceptions from our caller ID authentication rules.536 Verizon argues that we should free a voice service provider from our caller ID authentication rules in certain circumstances where, in its view, it would be “inadvisable or inappropriate for the originating carrier to place a signature on a call.”537 Verizon, USTelecom, and CTIA argue that these circumstances include “periods of substantial network congestion,” such as national emergencies or natural disasters, or during periods of network maintenance.538 Verizon further argues that a voice service provider should not be required to authenticate caller ID information in certain complicated calling cases.539 We decline to grant these categorical exceptions from our mandate. Our goal is ubiquitous deployment of caller ID authentication technology, and no commenter explains with specificity why its concerns outweigh that goal. To the contrary, national emergencies and natural disasters are among the times when caller ID authentication is most important.540 In those instances, affected individuals must be able to rely on the caller ID information they receive and avoid bad actors taking advantage of an ongoing emergency or its aftermath. And while we do not grant an exception for complicated calling cases, we underscore that, to the extent a certain calling case is not accounted for by industry standards, application of caller ID authentication is not called for by our rules. We explained in the First Caller ID Authentication Report and Order that “[c]ompliance with the most current versions of . . . three standards as of March 31, 2020, including any errata as of that date or earlier, represents the minimum requirement to satisfy our rules.”541
154. Non-Substantive Rule Revision. We revise section 64.6301(a)(2) of our rules542 to make two non-substantive changes. First, the adopted rule inadvertently omitted the word “it.” Second, the
adopted rule referred to “caller ID authentication information,” inconsistent with other terms in the rules. The rule as revised provides that a voice service provider shall “authenticate caller identification information for all SIP calls it originates and that it will exchange with another voice service provider or intermediate provider and, to the extent technically feasible, transmit that call with authenticated caller identification information to the next voice service provider or intermediate provider in the call path.”543 We make these revisions without seeking notice and comment pursuant to section 553(b)(3)(B) of the Administrative Procedure Act, which states that an agency for good cause may dispense with rulemaking if it finds that notice and comment are “impracticable, unnecessary, or contrary to the public interest.”544 Here, notice and comment are unnecessary because correcting the rule does not have a detrimental effect on the parties regulated by rule and does not alter the regulatory framework established by the First Caller ID Authentication Report and Order.
155. Final Regulatory Flexibility Analysis. As required by the Regulatory Flexibility Act of 1980 (RFA),545 an Initial Regulatory Flexibility Analysis (IRFA) was incorporated into the First Caller ID Authentication Report and Order and Further Notice.546 The Commission sought written public comment on the possible significant economic impact on small entities regarding the proposals addressed in the First Caller ID Authentication Report and Order and Further Notice, including comments on the IRFA.547 Pursuant to the RFA, a Final Regulatory Flexibility Analysis is set forth in Appendix B. The Commission’s Consumer and Governmental Affairs Bureau, Reference Information Center, will send a copy of this Second Report and Order, including the FRFA, to the Chief Counsel for Advocacy of the Small Business Administration (SBA).548
156. Paperwork Reduction Act. This document contains new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. It will be submitted to the Office of Management and Budget (OMB) for review under Section 3507(d) of the PRA. OMB, the general public, and other Federal agencies are invited to comment on the new or modified information collection requirements contained in this proceeding. In addition, we note that pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, we previously sought comment on how the Commission might further reduce the information collection burden for small business concerns with fewer than 25 employees.549
157. Congressional Review Act. The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs that this rule is “non-major” under the Congressional Review Act, 5 U.S.C. § 804(2). The Commission will send a copy of this Second Report and Order to Congress and the Government Accountability Office pursuant to 5 U.S.C. § 801(a)(1)(A).
158. Contact person. For further information about this proceeding, please contact
Mason Shefa, FCC Wireline Competition Bureau, Competition Policy Division, 445 12th Street, S.W., Washington, D.C., 20554, at (202) 418-2962, or mason.shefa@fcc.gov.
159. Accordingly, IT IS ORDERED, pursuant to sections 4(i), 4(j), 227(e), 227b, 251(e), and 303(r), of the Communications Act of 1934, as amended (the Act), 47 U.S.C. §§ 154(i), 154(j), 227(e), 227b, 251(e), and 303(r), that this Second Report and Order IS ADOPTED.
160. IT IS FURTHER ORDERED that Part 64 of the Commission’s rules IS AMENDED as set forth in Appendix A, and that any such rule amendments that contain new or modified information collection requirements that require approval by the Office of Management and Budget under the Paperwork Reduction Act SHALL BE EFFECTIVE after announcement in the Federal Register of Office of Management and Budget approval of the rules, and on the effective date announced therein.
161. IT IS FURTHER ORDERED that, pursuant to sections 1.4(b)(1) and 1.103(a) of the Commission’s rules, 47 CFR §§ 1.4(b)(1), 1.103(a), this Second Report and Order SHALL BE EFFECTIVE 30 days after publication in the Federal Register, except for the addition of sections 64.6303(b), 64.6305(b), and 64.6306 to the Commission’s rules that have not been approved by OMB. The Federal Communications Commission will publish documents in the Federal Register announcing the effective dates of these provisions.
162. IT IS FURTHER ORDERED that the Commission SHALL SEND a copy of this Report and Order to Congress and to the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. § 801(a)(1)(A).
163. IT IS FURTHER ORDERED that the Commission’s Consumer and Governmental Affairs Bureau, Reference Information Center, SHALL SEND a copy of this Second Report and Order, including the Final Regulatory Flexibility Analysis (FRFA), to the Chief Counsel for Advocacy of the Small Business Administration.
FEDERAL COMMUNICATIONS COMMISSION
Marlene H. Dortch Secretary
Final Rules
The Federal Communications Commission amends part 64 of Title 47 of the Code of Federal Regulations as follows:
* * * * *
1. Amend section 64.6300 by redesignating paragraphs (e) through (g) as paragraphs (j) through
(l) and paragraphs (c) and (d) as paragraphs (f) and (h), respectively, and adding new paragraphs (c) through (e), (g), and (i) to read as follows:”
* * * * *
(c) Foreign voice service provider. The term “foreign voice service provider” refers to any entity providing voice service outside the United States that has the ability to originate voice service that terminates in a point outside that foreign country or terminate voice service that originates from points outside that foreign country.
(d) Governance Authority. The term “Governance Authority” refers to the Secure Telephone Identity Governance Authority, the entity that establishes and governs the policies regarding the issuance, management, and revocation of Service Provider Code (SPC) tokens to intermediate providers and voice service providers.
(e) Industry traceback consortium. The term “industry traceback consortium” refers to the consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls as selected by the Commission pursuant to 47 CFR 64.1203.
* * * * *
(g) Robocall Mitigation Database. The term “Robocall Mitigation Database” refers to a database accessible via the Commission’s website that lists all entities that make filings pursuant to 47 CFR 64.6305(b).
* * * * *
(i) SPC token. The term “SPC token” refers to the Service Provider Code token, an authority token validly issued to an intermediate provider or voice service provider that allows the provider to authenticate and verify caller identification information consistent with the STIR/SHAKEN authentication framework in the United States.
* * * * *
2. Amend section 64.6301 by revising paragraph (a) to read as follows:
(a) STIR/SHAKEN implementation by voice service providers. Except as provided in 47 CFR 64.6304 and 64.6306, not later than June 30, 2021, a voice service provider shall fully implement the STIR/SHAKEN authentication framework in its Internet Protocol networks. To fulfill this obligation, a voice service provider shall:
* * * * *
(2) authenticate caller identification information for all SIP calls it originates and that it will exchange with another voice service provider or intermediate provider and, to the extent technically feasible, transmit that call with authenticated caller identification information to the next voice service provider or intermediate provider in the call path; and
* * * * *
3. Amend Subpart HH by adding sections 64.6302 to 64.6307 to read as follows:
Not later than June 30, 2021, each intermediate provider shall fully implement the STIR/SHAKEN authentication framework in its Internet Protocol networks. To fulfill this obligation, an intermediate provider shall:
(a) pass unaltered to the subsequent intermediate provider or voice service provider in the call path any authenticated caller identification information it receives with a SIP call, subject to the following exceptions under which it may remove the authenticated caller identification information:
(1) where necessary for technical reasons to complete the call; or
(2) where the intermediate provider reasonably believes the caller identification authentication information presents an imminent threat to its network security; and
(b) authenticate caller identification information for all calls it receives for which the caller identification information has not been authenticated and which it will exchange with another provider as a SIP call, except that the intermediate provider is excused from such duty to authenticate if it:
(1) cooperatively participates with the industry traceback consortium; and
(2) responds fully and in a timely manner to all traceback requests it receives from the Commission, law enforcement, and the industry traceback consortium regarding calls for which it acts as an intermediate provider.
Except as provided in 47 CFR 64.6304 and 64.6306, not later than June 30, 2021, a voice service provider shall either:
(a) upgrade its entire network to allow for the initiation, maintenance, and termination of SIP calls and fully implement the STIR/SHAKEN framework as required in 47 CFR 64.6301 throughout its network; or
(b) maintain and be ready to provide the Commission on request with documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non- Internet Protocol caller identification authentication solution, or actively testing such a solution.
(a) Small voice service providers.
(1) Small voice service providers are exempt from the requirements of 47 CFR 64.6301 through June 30, 2023.
(2) For purposes of this paragraph (a), “small voice service provider” means a provider that has 100,000 or fewer voice service subscriber lines (counting the total of all business and residential fixed subscriber lines and mobile phones and aggregated over all of the provider’s affiliates).
(b) Voice service providers that cannot obtain a SPC token. Voice service providers that are incapable of obtaining a SPC token due to Governance Authority policy are exempt from the requirements of 47
CFR 64.6301 until they are capable of obtaining a SPC token.
(c) Services scheduled for section 214 discontinuance. Services which are subject to a pending application for permanent discontinuance of service filed as of June 30, 2021, pursuant to the processes established in 47 CFR 63.60 through 63.100, as applicable, are exempt from the requirements of 47 CFR 64.6301 through June 30, 2022.
(d) Non-IP networks. Those portions of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls are deemed subject to a continuing extension. A voice service provider subject to the foregoing extension shall comply with the requirements of 47 CFR 64.6303 as to the portion of its network subject to the extension.
(e) Provider-specific extensions. The Wireline Competition Bureau may extend the deadline for compliance with 47 CFR 64.6301 for voice service providers that file individual petitions for extensions by November 20, 2020. The Bureau shall seek comment on any such petitions and issue an order determining whether to grant the voice service provider an extension no later than March 30, 2021.
(f) Annual reevaluation of granted extensions. The Wireline Competition Bureau shall, in conjunction with an assessment of burdens and barriers to implementation of caller identification authentication technology, annually review the scope of all previously granted extensions and, after issuing a Public Notice seeking comment, may extend or decline to extend each such extension, and may decrease the scope of entities subject to a further extension.
(a) Robocall mitigation program requirements.
(1) Any voice service provider subject to an extension granted under 47 CFR 64.6304 that has not fully implemented the STIR/SHAKEN authentication framework on its entire network shall implement an appropriate robocall mitigation program as to those portions of its network on which it has not implemented the STIR/SHAKEN authentication framework.
(2) Any robocall mitigation program implemented pursuant to paragraph (a)(1) of this section shall include reasonable steps to avoid originating illegal robocall traffic and shall include a commitment to respond fully and in a timely manner to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to originate calls.
(b) Certification and database.
(1) Not later than the date established in a document released by the Wireline Competition Bureau establishing the Robocall Mitigation Database and portal (amending this paragraph (b)), a voice service provider, regardless of whether it is subject to an extension granted under 47 CFR 64.6304, shall certify to one of the following:
(i) it has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it originates are compliant with 47 CFR 64.6301(a)(1)-(2);
(ii) it has implemented the STIR/SHAKEN authentication framework on a portion of its network and calls it originates on that portion of its network are compliant with paragraphs 47 CFR 64.6301 (a)(1)-(2), and the remainder of the calls that originate on its network are subject to a robocall mitigation program consistent with paragraph (a); or
(iii) it has not implemented the STIR/SHAKEN authentication framework on any portion of its network, and all of the calls that originate on its network are subject to a robocall mitigation program consistent with paragraph (a).
(2) A voice service provider that certifies that some or all of the calls that originate on its network are subject to a robocall mitigation program consistent with paragraph (a) shall include the following information in its certification:
(i) identification of the type of extension or extensions the voice service provider received under 47 CFR 64.6304, if the voice service provider is not a foreign voice service provider;
(ii) the specific reasonable steps the voice service provider has taken to avoid originating illegal robocall traffic as part of its robocall mitigation program; and
(iii) a statement of the voice service provider’s commitment to respond fully and in a timely manner to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to originate calls.
(3) All certifications made pursuant to paragraph (b)(1)-(2) shall:
(i) be filed in the appropriate portal on the Commission’s website; and
(ii) be signed by an officer in conformity with 47 CFR 1.16.
(4) A voice service provider filing a certification shall submit the following information in the appropriate portal on the Commission’s website.
(i) the voice service provider’s business name(s) and primary address;
(ii) other business names in use by the voice service provider;
(iii) all business names previously used by the voice service provider;
(iv) whether the voice service provider is a foreign voice service provider; and
(v) the name, title, department, business address, telephone number, and email address of one person within the company responsible for addressing robocall mitigation-related issues.
(5) A voice service provider shall update its filings within 10 business days of any change to the information it must provide pursuant to paragraphs (b)(2)-(4) of this section.
(c) Intermediate provider and voice service provider obligations. Beginning ninety days after the deadline for certifications filed pursuant to paragraph (b) of this section, intermediate providers and voice service providers shall only accept calls directly from a voice service provider, including a foreign voice service provider that uses North American Numbering Plan resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States, if that voice service provider’s filing appears in the Robocall Mitigation Database in accordance with paragraph (b) of this section.
(a) Exemption for IP networks. A voice service provider may seek an exemption from the requirements of 47 CFR 64.6301 by certifying on or before December 1, 2020, that, for those portions of its network served by technology that allows for the transmission of SIP calls, it:
(1) has adopted the STIR/SHAKEN authentication framework for calls on the Internet Protocol networks of the voice service provider, by completing the network preparations necessary to deploy the STIR/SHAKEN protocols on its network including but not limited to participation in test beds and lab testing, or completion of commensurate network adjustments to enable the authentication and validation of calls on its network consistent with the STIR/SHAKEN framework;
(2) has agreed voluntarily to participate with other voice service providers in the STIR/SHAKEN authentication framework, as demonstrated by completing formal registration (including payment) and testing with the STI Policy Administrator;
(3) has begun to implement the STIR/SHAKEN authentication framework by completing the necessary network upgrades to at least one network element—e.g., a single switch or session border controller—to enable the authentication and verification of caller identification information consistent with the STIR/SHAKEN standards; and
(4) will be capable of fully implementing the STIR/SHAKEN authentication framework not later than June 30, 2021, which it may only determine if it reasonably foresees that it will have completed all necessary network upgrades to its network infrastructure to enable the authentication and verification of caller identification information for all SIP calls exchanged with STIR/SHAKEN-enabled partners by June 30, 2021.
(b) Exemption for non-IP networks. A voice service provider may seek an exemption from the requirement to upgrade its network to allow for the initiation, maintenance, and termination of SIP calls and fully implement the STIR/SHAKEN framework as required by 47 CFR 64.6301 throughout its network by June 30, 2021, and from associated recordkeeping and reporting requirements, by certifying on or before December 1, 2020, that, for those portions of its network that do not allow for the transmission of SIP calls, it:
(1) has taken reasonable measures to implement an effective call authentication framework by either:
(i) upgrading its entire network to allow for the initiation, maintenance, and termination of SIP calls, and fully implementing the STIR/SHAKEN framework as required in 47 CFR 64.6301 throughout its network; or
(ii) maintaining and being ready to provide the Commission on request with documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non- Internet Protocol caller identification authentication solution, or actively testing such a solution; and
(2) will be capable of fully implementing an effective call authentication framework not later than June 30, 2021, because it reasonably foresees that it will have completed all necessary network upgrades to its network infrastructure to enable the authentication and verification of caller identification information for all non-Internet Protocol calls originating or terminating on its network as provided by a standardized caller identification authentication framework for non-Internet Protocol networks by June 30, 2021.
(c) Certification submission procedures. All certifications that a voice service provider is eligible for exemption shall be:
(1) filed in the Commission’s Electronic Comment Filing System (ECFS) in WC Docket No. 20-68, Exemption from Caller ID Authentication Requirements, no later than December 1, 2020;
(2) signed by an officer in conformity with 47 CFR 1.16; and
(3) accompanied by detailed support as to the assertions in the certification.
(d) Determination timing. The Wireline Competition Bureau shall determine whether to grant or deny timely requests for exemption on or before December 30, 2020.
(e) Implementation verification. All voice service providers granted an exemption under paragraphs (a) and (b) of this section shall file an additional certification consistent with the requirements of paragraph
(c) of this section above on or before a date specified in a document issued by the Wireline Competition Bureau (amending this paragraph (e)) that attests to whether the voice service provider fully implemented the STIR/SHAKEN authentication framework because it completed all necessary network upgrades to its network infrastructure to enable the authentication and verification of caller identification information for all SIP calls exchanged with STIR/SHAKEN-enabled partners by June 30, 2021. The Wireline Competition Bureau, after issuing a Public Notice seeking comment on the certifications, will, not later than four months after the deadline for filing of the certifications, issue a Public Notice identifying which voice service providers achieved complete implementation of the STIR/SHAKEN authentication framework.
(1) If a voice service provider cannot certify to full implementation upon the filing of this second certification, but demonstrates to the Wireline Competition Bureau that (1) it filed its initial certification in good faith—i.e., with a reasonable expectation that it would be able to achieve full implementation as initially certified—and (2) it made a good faith effort to complete implementation, the consequence for such a shortcoming is the loss of the exemption and the application of the implementation requirements of 47 CFR 64.6301 and 64.6303, effective immediately upon release by the Wireline Competition Bureau of the Public Notice identifying which voice service providers achieved full implementation of the STIR/SHAKEN authentication framework.
(2) If a voice service provider cannot certify to full implementation upon the filing of this second certification, and the Wireline Competition Bureau finds that the voice service provider filed its initial certification in bad faith or failed to make a good faith effort to
complete implementation, then (A) the voice service provider is required to fully implement the STIR/SHAKEN authentication framework immediately upon release by the Wireline Competition Bureau of the Public Notice identifying which voice service providers achieved full implementation of the STIR/SHAKEN authentication framework and (B) the Wireline Competition Bureau shall refer the voice service provider to the Enforcement Bureau for possible enforcement action based on filing a false initial certification.
Providers of voice service are prohibited from adding any additional line item charges to consumer or small business customer subscribers for the effective call authentication technology required by 47 CFR 64.6301 and 64.6303.
(a) For purposes of this section, “consumer subscribers” means residential mass-market subscribers.
(b) For purposes of this section, “small business customer subscribers” means subscribers that are business entities that meet the size standards established in 13 CFR Part 121, subpart A.
Issues Largest Robocall Fine in FCC History, Demands Providers Cease-and-Desist
From Illegal Robocalls, Launches Robocall Response Team, Renews Federal-State
Collaboration
WASHINGTON, March 17, 2021—Today, FCC Acting Chairwoman Jessica Rosenworcel
announced her first set of anti-robocall actions during the March Open Meeting to kick off
efforts to combat unwanted robocalls.
These actions include issuing the largest robocall fine in FCC history, demanding certain voice
providers cease-and-desist from facilitating illegal robocalls, launching a Robocall Response
Team, and delivering letters to the Federal Trade Commission, Department of Justice, and the
National Association of State Attorneys General to renew state-federal partnerships to combat
the proliferation of illegal robocalls.
“Unwanted robocalls are not only a nuisance, but they also pose a serious risk to consumers
who can inadvertently share sensitive, personal information in response to bad actors’
malicious schemes. I’m proud to unveil my first set of actions to put a renewed focus on what
the FCC can do to combat the issue that we receive the most complaints about. I believe closer
coordination within the agency and between federal and state partners can help in addressing
this consumer epidemic. Also, today’s cease and desist letters should serve as a warning sign to
other entities that believe the FCC has turned a blind eye to this issue. We certainly haven’t and
we’re coming for you,” said Rosenworcel.
Specifically, Rosenworcel’s anti-robocall initiatives include:
The issuance of a $225 million fine to Texas telemarketers—the largest fine in FCC
history—for illegally spoofing approximately 1 billion robocalls to sell short-term, limitedduration
health insurance plans. The robocalls falsely claimed to offer health insurance plans
from well-known health insurance companies such as Aetna, Blue Cross Blue Shield, Cigna,
and UnitedHealth Group.
The delivery of cease-and-desist letters to six voice providers that have consistently violated
FCC guidelines on the use of autodialed and prerecorded voice message calls and in one case
had received prior agency warnings to stop carrying out suspected illegal robocall traffic
operations.
The recipients of the cease-and-desist letters include:
RSCom, a Canada based company, continues to transmit robocalls despite having
received a warning on May 20, 2020 to cease carrying suspected illegal robocall traffic
immediately. Since the May 20, 2020 warning letter, RSCom has appeared in 112
tracebacks conducted by the Traceback Consortium. These traceback operations
involved COVID-19 scam calls, Social Security Administration and Internal Revenue
Service imposter scam calls, Apple imposter scam calls, electric utility disconnection
scam calls, and fraudulent sweepstakes winner calls.
Stratics Networks, a Canada based company that transmits and originates robocall
traffic, has been found to help facilitate fraudulent calls related to COVID hardship
programs, student loan offers, political campaign calls, and discounts and upgrades for
services through AT&T and DirecTV.
Yodel Technologies, a Florida based provider that transmits and originates robocalls,
claimed to obtain call recipients’ consent based on general consumer disclaimers on
websites advertising sweepstakes offers or insurance. Yodel has been found to
facilitate fraudulent calls related to Social Security Administration imposters, health
insurance calls, and debt reduction services for mortgages and credit cards.
Icon Global, a U.K. based company that transmits and originates robocall traffic, has
been found to facilitate fraudulent calls inundating the D.C. metropolitan police
department with robocalls, Apple imposter calls, and Social Security Administration
imposter calls.
IDT Corporation, a New Jersey based multinational provider, is believed to transmit
illegal robocall traffic on behalf of one or more of its clients. Those robocalls include:
COVID-19 fraudulent incentives and health insurance related calls; various Social
Security Administration Scams; fraudulent calls threatening to disconnect utilities
requesting payment; fictional refunds from Amazon and computer services providers
calls; and credit card fraud related calls. IDT failed to respond to several Industry
Traceback Group inquiries, including a recent September 2020 notice.
Third Rock Telecom, a Canada based provider, is suspected to transmit illegal
robocall traffic on behalf of one or more of its clients. Those robocalls include fictional
Apple/iCloud account breach related calls; various Social Security Administration
Scams; credit card fraud; fraudulent business listing allegedly approved by Google;
and debt reduction offers under suspected fictional COVID-19 hardship programs.
The robocall cease-and-desist letters instruct the six identified voice providers to investigate
and, if necessary, cease transmitting the identified traffic immediately and take steps to prevent
their network from continuing to be a source of apparent illegal robocalls. Downstream voice
service providers will be authorized to block all voice provider traffic if the warned providers
do not take steps to effectively mitigate illegal traffic within 48 hours or if they fail to inform
the FCC and the Traceback Consortium within 14 days of these letters the steps they’ve taken
to implement effective measures to prevent customers from using your network to make illegal
calls. Failure to act within the deadline may result in the FCC issuing a notice to all U.S.-based
voice service providers that they may permanently block all call traffic transmitting from their
networks.
The launch of a Robocall Response Team, a group of 51 FCC staff members across six
bureaus and offices tasked with coordinating and implementing the agency’s anti-robocall
efforts. The Robocall Response Team will bring together Commission efforts to enforce the
law against providers of illegal robocalls, develop new policies to authenticate calls and trace
back illegal robocalls, and educate providers and other stakeholders about what they can do to
help.
The delivery of letters to the Federal Trade Commission, Department of Justice, and the
National Association of State Attorneys General seeking to renew partnerships to combat
robocalls. The letters highlight a renewed interest in coordination between the FCC and other
federal and state entities could ultimately benefit consumers and expresses Rosenworcel’s
commitment to fight robocall scams by leveraging the knowledge, skills, and jurisdictional
reach of cooperating organizations to share critical investigative information and collaborate on
cases.
###
The Federal Communications Commission’s (FCC) Acting Chairwoman Jessica Rosenworcel laid out a series of concrete agency actions to further combat robocalls as the last item on the Commission’s March 17, 2021 Open Meeting. https://docs.fcc.gov/public/attachments/DOC-370865A1.pdf
In doing so she noted that “unwanted robocalls are not only a nuisance, but they also pose a serious risk to consumers who can inadvertently share sensitive, personal information in response to bad actors’ malicious schemes. I’m proud to unveil my first set of actions to put a renewed focus on what the FCC can do to combat the issue that we receive the most complaints about.” (emphasis supplied). More to come?
The anti-robocall initiatives announced by Acting Chairwoman Rosenworcel include:
First, the Commission approved a $225 million forfeiture against Texas telemarketers for “illegally spoofing approximately 1 billion robocalls to sell short-term, limited duration health insurance plans. The robocalls falsely claimed to offer health insurance plans from well-known health insurance companies such as Aetna, Blue Cross Blue Shield, Cigna, and UnitedHealth Group.” The FCC had proposed such a fine last year.
Second, the Acting Chairwoman announced that the agency had delivered “cease-and-desist letters to six voice providers that have consistently violated FCC guidelines on the use of autodialed and prerecorded voice message calls…. [D]ownstream voice service providers will be authorized to block all voice provider traffic if the warned providers do not take steps to effectively mitigate illegal traffic within 48 hours or if they fail to inform the FCC and the Traceback Consortium within 14 days of these letters the steps they’ve taken to implement effective measures to prevent customers from using your network to make illegal calls.”
Third, the Acting Chairwoman announced launch of “a Robocall Response Team, [which is] a group of 51 FCC staff members across six bureaus and offices tasked with coordinating and implementing the agency’s anti-robocall efforts. The Robocall Response Team will bring together Commission efforts to enforce the law against providers of illegal robocalls, develop new policies to authenticate calls and trace back illegal robocalls, and educate providers and other stakeholders about what they can do to help.”
Finally, the Commission has sent letters to the Federal Trade Commission, Department of Justice and National Association of Attorneys General “seeking to renew partnerships to combat robocalls.” According to the announcement, “the letters highlight a renewed interest in coordination between the FCC and other federal and state entities could ultimately benefit consumers and expresses [the Acting Chairwoman’s] commitment to fight robocall scams by leveraging the knowledge, skills, and jurisdictional reach of cooperating organizations to share critical investigative information and collaborate on cases.”
Verizon says that it is exchanging more than 24 million calls daily with U.S. wireless carriers using STIR-SHAKEN, a standard designed to ensure that customers are not “spoofed.” So far, Verizon says that it has “protected” more than 75 million customers from more than 10 billion spam calls.
The goal of STIR-SHAKEN is to ensure that the ID shown on the receiver device’s Caller ID is the actual caller. Verizon said last December that it certified STIR-SHAKEN with the FCC and had implemented the technology.
A press release said that it now is using STIR-SHAKEN with about 80% of the U.S. wireless industry, including with “the no. 2 and no. 3 wireless carriers” – no doubt T-Mobile and AT&T. It also says it is working with “a major wireline provider.”
Verizon STIR-SHAKEN
“This latest STIR-SHAKEN milestone is a key part of our overall efforts to combat these unwanted calls,” Verizon Consumer Group EVP and CEO Ronan Dunne said in a press release about the Verizon STIR-SHAKEN implementation. “There is always more to be done, but this is yet another important step for the industry and customers should rest assured that we remain vigilant in our efforts to take down the bad guys and protect them.”
Verizon said that robocall traffic significantly increased since the COVID-19 pandemic lockdowns started. The carrier said it took steps that have reduced robocalls to Verizon by between 250 million and 500 million per month during 2021.
It did this by using USTelecom’s Industry Traceback Group to identify where robocalls originate and insisting that its wholesale customers do the same. The carrier also created and expanded honeypots, which are lines that identify and surveil robocall campaigns. The goal is to identify the source and alert law enforcement. Verizon now has more than 200,000 honeypots across its wireless and toll free numbers.
The FCC adopted rules requiring the use of STIR-SHAKEN on March 31, 2020. The deadline for implementation in the IP portions of carrier networks is June 30. However, several carriers—including Verizon—said that they planned to implement the rules early.
MARCH 31, 2021 -- Four voice service providers had requested deadline extensions for STIR-SHAKEN deployment. Two have been denied, and two have been withdrawn.
These deadline extension requests were filed in November 2020:
The Commission issued an order that denied the remaining petitions from US Cellular and Verizon.
In response to US Cellular, the Commission ruled that:
In response to Verizon, the Commission ruled that:
APRIL 1, 2021 -- The U.S. Supreme Court today issued a decision in the Facebook v. Duguid case. This decision resolves a longstanding legal dispute over whether courts should use either a narrow or a broad definition of “Automatic Telephone Dialing System” (ATDS) when interpreting the Telephone Consumer Protection Act of 1991 (TCPA).
The Supreme Court issued a unanimous decision in favor of Facebook, which argued that the narrow definition should be used.
This decision could open a flood of robocalls from high-volume callers. With this decision, they can easily evade the TCPA by using an ATDS that falls outside of the narrow definition.
We’ll summarize the background and decision here.
The TCPA includes a definition of an Automatic Telephone Dialing System (ATDS), or “autodialer:”
(1) The term ‘automatic telephone dialing system’ means equipment which has the capacity —
(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and
(B) to dial such numbers.
In court cases brought against high-volume callers using autodialers, defense attorneys have used a narrow definition of ATDS to argue that the TCPA does not apply to their clients because they were using an autodialer that falls outside of the TCPA definition.
From these cases, two different interpretations of this the ATDS definition have emerged from court decisions:
Some court decisions have been handed down using the broad definition, while others have been decided using the narrow definition. Today’s decision in favor of Facebook settles the question in favor of the narrow definition.
Eric Troutman, an attorney with deep experience in TCPA law, has written that, if the Supreme Court finds in favor of the narrow definition of ATDS, which they now have done, then that will leave American cell phones open to a blitz of calls from so-called predictive dialers that do not meet the narrow ATDS definition.
Senator Ed Markey (D-Mass), one of the original authors of the TCPA, joined with Congresswoman Anna Eshoo (CA-18) to issue the following statement in response to the Supreme Court decision:
“Today, the Supreme Court tossed aside years of precedent, clear legislative history, and essential consumer protection to issue a ruling that is disastrous for everyone who has a mobile phone in the United States. It was clear when the TCPA was introduced that Congress wanted to ban dialing from a database. By narrowing the scope of the TCPA, the Court is allowing companies the ability to assault the public with a non-stop wave of unwanted calls and texts, around the clock.”
“Fortunately, we can and will act to make right what the Supreme Court got wrong. We plan to soon introduce legislation to amend the TCPA, fix the Court’s error, and protect consumers. If the Justices find their private mobile phones ringing non-stop from now until our legislation becomes law, they’ll only have themselves to blame.”
APRIL 7, 2021 - The CRTC has postponed the STIR-SHAKEN deadline in Canada. They issued a decision on 6 April 2021 in response to interventions filed by Canadian Telephone Service Providers (TSPs) and industry associations. Here’s an overview of their decision.
The CRTC has previously mandated that Canadian TSPs must use STIR-SHAKEN with IP-based calls:
In this decision, CRTC 2021-123, the CRTC addressed the following issues raised in the intervention filings:
Should the implementation of STIR-SHAKEN be imposed as a condition of offering and providing telecommunications services?The CRTC said yes, TSPs must implement STIR-SHAKEN in their IP-based networks as a condition of providing service. The benefits of providing call authentication to reduce the harm caused by nuisance calls outweighs the implementation burden.If STIR-SHAKEN implementation is required, when should the requirement become effective?The CRTC said some technical and policy issues have yet to be resolved. Therefore, they pushed back the following deadlines:
TSPs must have access to numbering resources to receive a certificate to sign SHAKEN calls. Other TSPs, such as resellers, would be at a commercial disadvantage because their calls would be signed at a lower level of attestation. The CRTC was asked to address this issue.The CRTC said that a Part 1 application was filed on 21 Dec 2020 requesting the CRTC to instruct the CSTGA to allow all TSPs to receive certificates. The CRTC will address the certificate access issue in response to this application.
In an appendix to their decision, the CRTC provided additional information about the Implementation Readiness Assessment Report, which is due 31 Aug 2021. A list of requirements is included in this expandable view:
TSPs must also provide a status report every six months on their continuing efforts to deploy STIR-SHAKEN.
Last month Federal Communications Commission (FCC) Acting Chairwoman Jessica Rosenworcel announced a multi-faceted agenda to combat unwanted robocalls
On April 13, 2021, the Acting Chairwoman fired a second salvo in the ongoing battle, announcing the agency’s “latest efforts to protect consumers from unwanted and scam robocalls and spoofed calls” https://docs.fcc.gov/public/attachments/DOC-371553A1.pdf. The latest efforts include the following three components:
APRIL 14, 2021 - The FCC issued cease-and-desist letters to two voice service providers. These letters instruct the providers to effectively mitigate illegal robocall traffic within 48 hours. If they do not, downstream voice service providers will be authorized to block all their traffic.
These letters were sent to the following carriers:
In the letters, the FCC also required these providers to inform the FCC and the Traceback Consortium within 14 days of the steps taken to implement effective measures to prevent customers from using the network to make illegal calls.
The FCC sent similar letters to six providers last month. Each provider responded by stating that they had stopped carrying the offending traffic. Each provider also explained how it will prevent customers from making illegal calls in the future.
APRIL 19, 2021 - USTelecom and several carrier representatives met with FCC officials to alert them to a potential loophole in the Commission’s Robocall Mitigation Database scheme. The loophole could enable foreign-originated illegal traffic to reach U.S. consumers without any meaningful constraints.
Paragraphs 82-86 of the FCC’s Second Report and Order In the Matter of Call Authentication Trust Anchor requires all voice service providers to file a robocall mitigation certification with the Commission. This will be filed in a new portal and database, called the Robocall Mitigation Database (RMD), which the FCC will provide.
Intermediate and terminating providers will be prohibited from accepting traffic directly from any voice service provider that does not appear in the database.
In a recent ex parte filing, USTelecom described confusion over what they called the “Intermediate Provider Loophole.”
“In our experience, much of the industry has read section 64.6305(c) as requiring that every upstream provider—originating or intermediate—in the call path needs to be in the database for the next intermediate or terminating provider to accept traffic from it. The text of the rule and text in the order, however, may best be read to suggest otherwise, namely that only the originating provider needs to be in the database for the next provider to take the traffic.”
How did USTelecom arrive at this interpretation? They cited three sources in their filing:
The definition of “voice service” in paragraph 19 of the Second Order is “any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user.”
Paragraph 89 of the Second Order says that “We find the rule we establish—whereby intermediate providers are prohibited from accepting traffic from an originating voice service provider that has not certified to a robocall mitigation program—best leverages the role of intermediate providers to combat illegal robocalls within our greater robocall mitigation scheme.”
Paragraph 87 of the Second Order says that “By affirmatively adding such providers we give intermediate and terminating voice service providers confidence that any provider not listed in the Robocall Mitigation Database is out of compliance with our rules, rather than leaving the potential for uncertainty about whether a provider is noncompliant or simply was not required to be included in the database because it does not originate traffic.”
Given those citations, USTelecom believes the Second Order requires that only the originating provider must have a certification on file in the RMD.
That would leave a huge loophole in the scheme. Intermediate providers could take traffic from any other intermediate provider regardless of their database status.
USTelecom asked the Commission to provide additional comment to clarify the rules.
USTelecom presents a persuasive list of citations to support their interpretation. However, there are other citations that seem to go the other way:
In paragraph 87, the Second Order states that voice service providers “must necessarily review the listings of voice service providers with which they interconnect to ensure that such certifications are sufficient.”
Footnote 340 of the Second Order says that the FCC “will import all listings from the Intermediate Provider Registry into the RMD on a rolling basis so that all registered intermediate providers are represented therein.”
These citations seem to indicate that the FCC intends to require RMD certification filings from the next upstream provider.
As a practical matter, this would also be easier in terms of compliance. Providers know who their upstream providers are. They can periodically check the RMD to confirm that their upstream providers have a certification on file. How would they check every possible foreign originating provider?
At any rate, we wholeheartedly agree with USTelecom that the Commission should clarify this rule.
APRIL 26, 2021 - The FCC has opened the portal to accept robocall mitigation certification filings from voice service providers. All providers that transmit calls with U.S. NANP calling numbers must have a registration on file by June 30, 2021.
This filing requirement was included in the FCC’s Second Report and Order on call authentication, STIR/SHAKEN (WC 17-97), paragraphs 82–83.
We require all voice service providers to certify that their traffic is either “signed with STIR/SHAKEN or… subject to a robocall mitigation program” that includes “tak[ing] reasonable steps to avoid originating illegal robocall traffic,” and committing to cooperating with the Commission, law enforcement, and the industry traceback consortium in investigating and stopping any illegal robocallers that it learns are using its service to originate calls.
For those voice service providers that certify that some or all of their traffic is “subject to a robocall mitigation program,” we require such voice service providers to detail in their certifications the specific “reasonable steps” that they have taken “to avoid originating illegal robocall traffic…
Voice service providers must file certifications via a portal on the Commission’s website that we will establish for this purpose.
The Robocall Mitigation Database (RMD) is available for public viewing. To submit a certification, you need an FCC Registration Number and must use it to log in.
All filers are required to provide the following information:
-Identification information for the voice service provider and point of contact
-The certification option that you are using. These options include:
- Check the declaration and provide an officer’s e-signature.
Only one of these three certification options can be selected.
After answering these questions, providers that certify a complete STIR/SHAKEN implementation are done.
Providers that certify either a partial STIR/SHAKEN implementation or no STIR/SHAKEN implementation are also required to upload a document that explains the following:
-The specific reasonable steps the voice service provider has taken to avoid originating illegal robocall traffic as part of its robocall mitigation program
-The type(s) of extensions received under 47 CFR § 64.6304.
Filers may request that some information in their certification be withheld from public inspection. To do so, the filer must submit a confidentiality request in the FCC Electronic Comment Filing System (EFCS) and submit two versions of their certification, a redacted version for public viewing and a full version for the Commission.
https://fccprod.servicenowservices.com/rmd?id=rmd_welcome
Don't become the FCC's Poster Child for filing an inadequate, incomplete, non-substantive Robocall Mitigation Plan (RMP") and avoid making the mistakes many Companies appear to be making with their RMP submissions; RMPs are NOT "Superficial" or "Certification" style documents; RMPs must contain "Substance" and "Details" regarding the specific steps your Company has taken to implement robocall mitigation measures, including Know Your Customer, data analytics, and other critical elements necessary to demonstrate the seriousness of your mitigation efforts.
If your Company needs help, contact The CommLaw Group's Robocall Mitigation Response Team now!
June 30, 2021 is rapidly approaching. Virtually all voice service providers (“VSPs”) are required to make applicable STIR/SHAKEN filings with the Federal Communications Commission (“FCC”). Smaller SVPs (100,000 or less subscriber lines), while not required to make full STIR/SHAKEN filings, still must file robocall mitigation plans (“RMPs”) by that date. Moreover, SVPs must have their RMPs in place and operational by May 6, 2021.
The FCC has cast a wide net this time; even one-way SVPs and those who may have previously been exempt from certain regulatory requirements are required to file.
The FCC’s RMP database is open, and SVPs are already beginning to file. It is extremely important that SVPs prepare and timely file complete and thorough RMPs; failure to do so will likely result in fines and other sanctions by the FCC, not to mention the fact that, because terminating carriers are required to check the RMP database, non-compliant SVPs risk having their calls blocked by the terminators.
The FCC requires that a VSP develop a RMP that:
While this may appear simple, the devil is in the details. The FCC is not shy about rejecting incomplete RMPs, which will effectively void them and subject the non-compliant SVP to the consequences listed above. Some of the RMPs that have been already filed appear incomplete and will likely be rejected by the FCC.
A good RMP will contain detailed (but not necessarily lengthy) descriptions of an SVP’s:
In order to make sure that your company is compliant with the myriad of RMP requirements, SVPs are well-advised to work with counsel who understands the nature of their businesses and can prepare RMPs tailored to their needs while meeting the FCC’s requirements. The CommLaw Group is actively working with dozens of clients to develop their RMPs and other arrangements to ensure compliance. We have a template that we will send to any SVP which lays out the expectations and provides your company with the necessary regulatory guidance. We will also prepare and file your RMP.
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer (effective May 6, 2021) and the private sector ecosystem), and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities. The potential blocking of your company’s voice (and other) traffic due to non-compliance is very real, and very scary. Your company must be certain it achieves sufficient comfort knowing that it is doing everything it can, as efficiently and intelligently as it can, to achieve the level of compliance needed to avoid sleepless nights as the June 30, 2021 deadline approaches.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ron Quirk – Tel: (703) 714-1305 / E-mail: req@CommLawGroup.com
May 6, 2021 - The Federal deadlines to install and operate Stir-Shaken tokens on your network are almost here. The first is June 1st, the second is June 30th, and unless you are exempt as a very small call producer, you are affected.
We are concerned that if you wait too long, we will not be able to accommodate your needs to meet the June deadlines.
To help you along a little bit, this offer: Connect with us now, but don’t turn- up until you need to in June, or whenever you are ready.
Connect to Prescott-Martini stir-shaken service prior to June 15th, and receive…
· 1,000,000 tokens, free,
· No obligation to turn up your production service prior to June 30th or until you are ready,
· Our initial install fee will be charged, but will not be due until one week after the connection and initial testing period,
· Start your production token generation at any time you wish.
Call us right now to get your connection appointment set, in time to meet the deadlines that are coming quickly!
Canadian Radio-television and Telecommunications Commission
Ottawa, 6 April 2021
STIR/SHAKEN implementation for Internet Protocol-based voice calls
The Commission directs telecommunications service providers (TSPs) to implement STIR/SHAKEN to authenticate and verify caller identification (ID) information for Internet Protocol (IP)-based voice calls as a condition of offering and providing telecommunications services, effective 30 November 2021. In addition, the Commission directs TSPs to file STIR/SHAKEN implementation readiness assessment reports by 31 August 2021 and to add certain details to those reports.
1. In Compliance and Enforcement and Telecom Notice of Consultation 2019-404 (the Notice), the Commission issued a call for comments on its proposal to require Canadian carriers and other telecommunications service providers that provide voice telecommunications services in Canada (collectively, TSPs) to implement STIR/SHAKENFootnote1 to authenticate and verify caller identification (ID) information for Internet Protocol (IP)-based voice calls as a condition of offering and providing telecommunications services pursuant to sections 24 and 24.1 of the Telecommunications Act (the Act), effective 30 September 2020.
2. The Commission had previously determined in Compliance and Enforcement and Telecom Decision 2018-32 that TSPs should implement measures to authenticate and verify caller ID information for IP-based voice calls. The deadline, which the Commission has extended twice, is now 30 June 2021, as set out in Compliance and Enforcement and Telecom Decision 2019-402-2.
3. In Compliance and Enforcement and Telecom Decision 2019-403, the Commission approved the Canadian telecommunications industry’s proposal to establish the Canadian Secure Token Governance Authority (CSTGA) as the Governance Authority as part of the deployment of STIR/SHAKEN. The CSTGA is tasked, among other things, with the selection of the Policy Administrator (PA) and Certificate Authority (CA), which are necessary for the implementation of STIR/SHAKEN.
4. The Commission received interventions in response to the Notice from Mr. Marc Nanni; Bell Canada; Bragg Communications Incorporated, carrying on business as Eastlink (Eastlink); the Canadian Communication Systems Alliance (CCSA); Competitive Network Operators of Canada (CNOC); the Canadian Voice Peering Project; Cogeco Communications inc. (Cogeco); the Independent Telecommunications Providers Association (ITPA); the Internet Society Canada Chapter (ISCC); Quebecor Media Inc., on behalf of Videotron Ltd. (Videotron); Rogers Communications Canada Inc. (RCCI); Saskatchewan Telecommunications (SaskTel); Shaw Communications Inc. (Shaw); TELUS Communications Inc. (TCI); and Xplornet Communications Inc.Footnote2
3. CNOC and the ISCC suggested that the Commission should refrain at this point in time from imposing a firm date for the deployment of STIR/SHAKEN. Eastlink proposed a staged implementation, beginning with only the largest telephone companies in the country. As stated above, the ITPA adopted a similar position, indicating that smaller TSPs should only be required to implement STIR/SHAKEN when the majority of their traffic is IP-based and interconnected with bigger TSPs through IP-based interconnections.
-The testing of equipment and software by some TSPs.
-The use by some TSPs of STIR/SHAKEN to authenticate calls within their IP voice networks.
-Progress in negotiations regarding the development of standards and best practices, and the imminent filing of an interim report from the CISC Network Working Group.
-Increased availability of vendor equipment, software, and compatible phones.
2. However, some technical and policy issues have yet to be resolved, which will likely preclude a complete deployment of the STIR/SHAKEN framework by 30 June 2021.
3. Further, pursuant to Compliance and Enforcement and Telecom Decisions 2019-402 and 2019-402-1, TSPs are required to submit a report providing a short overview of STIR/SHAKEN implementation (referred to hereafter as the implementation readiness assessment report), within two months of the implementation date. Given the approved extension of the implementation date to 30 June 2021, this report is now due by 31 August 2021.
4. The Commission considers that TSPs should have a reasonable amount of time following the filing of the implementation readiness assessment report before the requirement imposed under sections 24 and 24.1 of the Act becomes effective, to allow for the resolution of technical and policy-related issues, including those that may be identified in the report, and to finalize the integration of STIR/SHAKEN capability. To that end, the Commission considers that a 90-day period following the deadline for submitting the implementation readiness assessment report would be appropriate.
5. In light of all of the above, pursuant to sections 24 and 24.1 of the Act, the Commission directs that, as a condition of offering and providing telecommunications services, TSPs must implement STIR/SHAKEN in order to authenticate and validate IP-based voice calls, effective 30 November 2021
6. In addition, the Commission directs TSPs to submit an implementation readiness assessment report, including the information set out in Appendix 1 of this decision, by 31 August 2021. The Commission also directs TSPs to provide to the Commission, every six months, starting 31 May 2022 and continuing until the Commission decides otherwise, a status report containing the information set out in Appendix 2 to this decision.
Secretary General
-Call for comments – Authentication/verification measures for caller identification for IP-based voice calls – Implementation of STIR/SHAKEN framework, Compliance and Enforcement and Telecom Notice of Consultation CRTC 2019-404, 9 December 2019
Establishment of the Canadian Secure Token Governance Authority, Compliance and Enforcement and Telecom Decision CRTC 2019-403, 9 December 2019
-CISC Network Working Group – Status of implementation by telecommunications service providers of authentication/verification measures for caller identification, Compliance and Enforcement and Telecom Decision CRTC 2019-402, 9 December 2019; as amended by Compliance and Enforcement and Telecom Decisions CRTC 2019-402-1, 13 December 2019; and 2019-402-2, 15 September 2020
Measures to reduce caller identification spoofing and to determine the origins of nuisance calls, Compliance and Enforcement and Telecom Decision CRTC 2018-32, 25 January 2018; as amended by Compliance and Enforcement and Telecom Decisions CRTC 2018-32-1, 24 October 2018; and 2018-32-2, 18 December 2018
TSPs must submit an implementation readiness assessment report to the Commission no later than 31 August 2021, describing the state of implementation of STIR/SHAKEN as of 30 June 2021.
The implementation readiness assessment report must include the following information:
-statistics identifying
-the status and result of TSPs’ STIR/SHAKEN implementation readiness, specifically
1. whether the STIR/SHAKEN authentication uses an analytic engine or whether the Verstat parameter is sent to the end-user;
2. a brief description of the TSP’s IP voice network capacity to
3. a brief description of the status of the TSP’s IP interconnection with other TSPs, including network-to-network interface and user-to-network interface interconnections;
4.a brief description of the solution adopted to handle enterprise clients; an
5. the status and results of equipment testing and participation in those tests
-information regarding the state of the standards, specifically:
1. the status of authentication/verification standards and their subordinate standards, as well as any other related standards; and
2. identification of Canadian-specific requirements and the efforts that are being made to incorporate these requirements into the appropriate standards.
TSPs must also provide to the Commission, every six months, starting 31 May 2022 and continuing until the Commission decides otherwise, a status report on their continuing efforts to deploy STIR/SHAKEN. These reports are due to the Commission on the last days of May and November, covering the period from the first day of September to the last day of February (for the May report) and from the first day of March to the last day of August (for the November report).
Those status reports must provide details on any changes in network capability in relation to the information that was provided in the implementation readiness assessment report and described in Appendix 1.
Footnote 1
STIR stands for Secure Telephone Identity Revisited. SHAKEN stands for Signature-based Handling of Asserted Information using toKENs. It is a suite of protocols and procedures intended to combat caller identification (ID) spoofing by providing authentication and verification of caller ID information.
Return to footnote1referrer
Footnote 2
Two additional individuals also filed submissions on the record of this proceeding, but they did not comment on the issue raised in Compliance and Enforcement and Telecom Notice of Consultation 2019-404.
Return to footnote2referrer
Footnote 3
Order Issuing a Direction to the CRTC on Implementing the Canadian Telecommunications Policy Objectives, SOR/2006-355, 14 December 2006
Return to footnote3referrer
Footnote 4
Order Issuing a Direction to the CRTC on Implementing the Canadian Telecommunications Policy Objectives to Promote Competition, Affordability, Consumer Interests and Innovation, SOR/2019-227, 17 June 2019
Company acts to protect customers and its brand in seeking an end to abusive and illegal practice
Marriott International, Inc. (NASDAQ: MAR) today filed a lawsuit in federal court in Virginia against the unknown perpetrators (“John Does”) responsible for illegal and fraudulent “robocalls” misusing Marriott’s name.
The suit claims these bad actors are using Marriott’s brand for their own commercial gain in violation of state and federal laws. Marriott will aggressively pursue the identities of the robocallers to halt these illegal acts affecting Marriott customers and others.
Illegal robocalls are an abusive and deceptive form of telemarketing, with over 18 billion pre-recorded telephone calls in the U.S. in 2020. Four months into 2021, that figure has already reached 7.2 billion.* Marriott, its customers and the American public at large have been aggressively targeted by these robocallers.
To induce consumers to purchase the promotion, the robocallers falsely represent that they are agents or employees of Marriott. Illegal robocalls in the U.S. fraudulently claiming to be from Marriott increased dramatically in 2020 – to a peak of seven million per month.
“Marriott has undertaken this federal lawsuit against illegal robocalls primarily to protect our customers, but also to protect our brand name and intellectual property,” said Stephanie Linnartz, President, Marriott International. “Marriott’s fight will not stop with the filing of today’s complaint– we will continue to consider and leverage all tools at our disposal to identify and bring to justice the bad actors behind these illegal and fraudulent robocalls.”
Marriott leveraged the capabilities of two industry leaders in the fight against illegal robocalls: the Industry Traceback Group (ITG) and YouMail, Inc. The ITG, which is designated by the Federal Communications Commission as the official robocall traceback consortium, rapidly identifies the origination point of illegal robocalls. YouMail, a company that protects consumers with app-based call protection services, identifies problematic numbers and robocalls using a combination of its recently patented audio fingerprinting technology, call patterns, and consumer feedback. Marriott is working together with both the ITG and YouMail to identify the perpetrators and track their activity.
On December 3, 2020, Marriott updated and re-issued a public statement to confirm that Marriott is not responsible for the fraudulent robocalls, nor has it authorized them. Marriott has received many consumer complaints about fraudulent robocalls mentioning Marriott, leading the company to file this lawsuit to halt the deceptive and abusive telemarketing acts, practices and trademark violations. In addition to the lawsuit, Marriott has provided information about the ongoing scam to the Federal Trade Commission and made clear that the Company will work with regulators in their efforts to stop these illegal robocalls.
How Consumers Can Protect Themselves
There are a number of steps consumers can take to help protect themselves from these illegal and fraudulent robocalls:
For more information on phone scams, visit the Federal Trade Commission’s consumer information page.
https://fccprod.servicenowservices.com/rmd?id=rmd_welcome
Welcome to the Robocall Mitigation Database. Pursuant to 47 CFR § 64.6305(b), all voice service providers must file certifications to this Database providing detailed information regarding their implementation of the STIR/SHAKEN caller ID authentication framework and/or a robocall mitigation program.
Through this webpage, members of the public may download voice service providers' certifications. In addition, through the portal found on this webpage, voice service providers may submit their certifications.
You may find an active listing of all voice service providers that have submitted sufficient certifications by clicking View Database below or by downloading the CSV file below. Please note that you may need additional software to view the CSV file.
A voice service provider must possess an FCC Registration Number (FRN) to submit a certification. If you are a voice service provider and would like to submit a certification, and you have an FRN, please click the "Log in" button below. If you wish to submit a certification but do not have an FRN, please click "Create Account" below. After creating an FRN, please return to this page to log in. Full Database submission instructions are available here.
When viewing the Robocall Mitigation Database, if you believe there are errors with the content or function of the database, or if you require special assistance with submitting a filing, please email FCC staff at RobocallMitigationDatabase@FCC.gov.
OMB Control Number: 3060-1285
By John Eggerton - May 21 2021
Targets smaller operators with larger volume of illegal robocalls
The FCC has voted unanimously to shorten the deadline for some smaller voice providers to use the STIR/SHAKEN caller ID regime, meant to weed out unwanted robocalls, but smaller cable operator voice providers want to make sure the FCC isn't casting a too wide net.
The FCC said that some new evidence suggests that a "small subset" of smaller voice service providers were responsible for an "increasing quantity" of illegal robocalls.
The FCC set a June 30, 2021 deadline for most voice service providers, including larger cable operators, to implement STIR/SHAKEN, but gave smaller providers—fewer than 100,000 subs—more time.
But in a vote at its Thursday (May 20) public meeting, the commission said it would shorten that by a year (June 2022) for smaller providers "which originate an especially larger amount of traffic."
"We recently discovered that some smaller companies are pumping large volumes of traffic onto our networks and a lot of it looks suspiciously like robocalls," said FCC acting chair Jessica Rosenworcel. "It’s time to change course. So here we propose to cut back on the extension for smaller providers that are sending these junk calls. Implementing STIR/SHAKEN—and doing it faster as we propose here—will help reduce robocalls over time."
The FCC sought comment on how to best define that subset that poses "a heightened risk of originating an especially large amount of illegal robocall traffic," as well as whether it should do more to improve oversight of the smaller providers it identifies as requiring the shortened deadline.
ACA Connects, which represents smaller providers, said it will keep an eye on the proceeding going forward to make sure the FCC is aiming at the right target.
“ACA Connects represents small voice providers that have an established presence in their communities and take their obligations seriously," said Brian Hurley, ACA Connects VP of regulatory affairs. "We intend to participate in this proceeding to ensure it remains squarely focused on the correct target – the 'subset' of providers responsible for originating large volumes of illegal robocalls – and that it avoids sweeping in ACA Connects members and other legitimate providers that are not the source of this problem.”
These Are the Third Tranche of Enforcement Bureau Cease and Desist Letters
--
WASHINGTON, May 18, 2021—FCC Acting Chairwoman Jessica Rosenworcel today announced the latest FCC action to combat illegal robocalls and spoofing campaigns that target and defraud consumers. The FCC’s Enforcement Bureau sent cease and desist letters to VaultTel Solutions and Prestige DR VoIP demanding that they immediately cease carrying illegal robocall campaigns on their networks and report to the Commission the concrete steps they implemented to prevent a recurrence of these operations.
“We need to use every tool we have to get these junk calls off of our networks,” said Rosenworcel. “From these new cease-and-desist letters to STIR/SHAKEN implementation to large fines and our robocall mitigation database, we are going to do everything we can to protect consumers from these nuisance calls. We’re not going to stop until we get robocallers, spoofers, and scammers off the line.”
Investigations by the Enforcement Bureau, in conjunction with the industry-led Traceback Consortium, indicate that these companies each transmitted multiple illegal robocall campaigns on their networks. The FCC has made clear that, should this practice not end immediately, other network operators will be authorized to block traffic from these companies altogether. The Bureau issued similar letters to other companies in March and April. In response to the previous letters, most of those companies appear to have stopped facilitating robocall campaigns and taken steps to prevent reoccurrences. The FCC will continue to monitor all these companies’ activities and, should a reoccurrence take place, stands ready to authorize the blocking of traffic from any of these duly warned companies.
Today’s letters make clear that VaultTel Solutions and Prestige DR VoIP must take steps to “effectively mitigate illegal traffic” within 48 hours. If they fail to inform the Commission and the Traceback Consortium within fourteen days of the steps taken to implement effective measures to prevent their clients from using their network to make illegal calls. If they do not take such steps, other networks will be authorized to block traffic from these companies.
Phone Companies Must Block Calls From Non-Filers
--
WASHINGTON, April 20, 2021—The Federal Communications Commission today launched the Robocall Mitigation Database through which voice service providers are required to inform the agency of their robocall mitigation efforts. As of September 28, 2021, phone companies must refuse to accept traffic from voice service providers not listed in the Robocall Mitigation Database.
The new Robocall Mitigation Database includes a portal through which voice providers must file certifications regarding their efforts to stem the origination of illegal robocalls on their networks. Companies that were granted an extension for compliance with the call authentication mandate contained in the TRACED Act and FCC rules – generally small companies and/or providers of non-IP-based services – must file detailed reports on the steps they are taking to ensure they are not the source of illegal calls.
“Protecting consumers from scammers that use robocall and spoofing tools is a top priority,” said FCC Acting Chairwoman Jessica Rosenworcel. “To succeed, we not only need an all-hands-on-deck response from government, but we need industry commitment and focus. Our message to providers is clear: certify under penalty of perjury the steps you are taking to stop illegal robocalls, or we will block your calls.”
Call authentication, based on STIR/SHAKEN technological standards, enables voice service providers to verify that the caller ID information transmitted with a call matches the caller’s phone number. Use of these standards will help combat scammers’ use of caller ID spoofing to mask their true identity and trick consumers by appearing to call from local or other trusted numbers. It will also allow law enforcement, the FCC, and industry to more quickly and effectively trace back scam calls to their source.
The FCC, acting under authority granted by the TRACED Act, previously required providers with IP-based phone networks to implement the STIR/SHAKEN framework by June 30, 2021. The FCC also required voice service providers with non-IP network technology either to upgrade their non-IP networks to IP and implement these standards, or work to develop a non-IP caller ID authentication solution. Providers that received an extension of time to come into compliance with these STIR/SHAKEN obligations must adopt robocall mitigation programs. The database launched today will be the portal through which originating providers report on their compliance with these obligations. The FCC’s Wireline Competition Bureau formally launched the database and provided filing details in a Public Notice released today.
May 23, 2021
Everyone hates robocalls. If you are a voice service provider, a white label provider, or reseller of these services whether via TDM or SIP, then you need to know what the FCC has directed providers to implement.
If you support more than 100,000 lines you must implement SHAKEN for SIP connections or Robocall Mitigation for TDM lines. If you support fewer than 100,000 lines, you have the options to select SHAKEN for SIP or Robocall Mitigation for TDM. This is the most common path forward for small providers by Implementing Robocall Mitigation to meet June 30th deadline.
Every service provider who serves end users must certify they have implemented either a Robocall Mitigation Program or SHAKEN in their network. The filing of certifications needs to be submitted after June 30, 2021. Will you be ready?
Service providers must block all calls from any service provider that is not in the FCC database. This must become effective 90 days after the deadline for robocall mitigation program certifications. This affects all the main carriers, VoIP resellers, UCaaS providers, some MSPs, and all OTT providers. There will be penalties for non-compliance. Any provider located outside of the US that wants their calls to be verified when calling clients in USA/Canada, need to work with a North American Partner in order to satisfy these requirements. All the enterprises the providers support will want their calls marked as ‘verified’.
These solutions are new to most providers. In a recent survey, 51% of the providers have not started implementation, only 22% have started, a few (5%) have finished while 22% didn’t know what to do. This means that 73% need to learn more about the technologies, responsibilities, and legal issues for dealing with robocalls. The June 30, 2021 date for compliance is approaching fast.
JUNE 14, 2021 USTelecom filed reply comments with the FCC that were sharply critical of recent filings in the Robocall Mitigation Database (RMD) seeking blanket confidentiality for providers’ robocall mitigation plans. Here’s what’s happening.
USTelecom complaint
In their reply comments, USTelecom responded to the FCC Wireline Competition Bureau’s request for comments on a protective order for RMD collection. Here’s is the crux of their complaint:
Recent filings in the RMD seeking blanket confidentiality for providers’ robocall mitigation plans are of deep concern and threaten the transparency and accountability that the RMD is intended to create.
The Bureau should ensure that robocall mitigation plans are public by default, and only truly confidential and sensitive information is withheld from full public view.
USTelecom cites the FCC’s Second Report and Order, which states that the intent of the confidentiality provision is to avoid giving bad actors the information they need to undermine the provider’s programs, or disclose sensitive competitive information.
Confidential
RMD confidential filings
On June 14, 2021, we reviewed robocall mitigation plans in the RMD for providers that filed a request for confidentiality. Here’s what we found:
There were 552 robocall mitigation plans filed in the RMD.
There are 50 redacted plans in the RMD, which is 9% of the plans filed.
Of the redacted plans, 46 are fully or almost fully redacted, which is 92% of the redacted plans. USTelecom seems to have a point here.
Of the four partially redacted plans, we found the following redactions:
One redacted the their robocall mitigation contact name.
Another redacted the name of an underlying service provider.
The last two redacted some details of their robocall mitigation methods.
41 of the 46 fully redacted plans (89%) were nearly identical in the following respects:
They had a cover page with the company name
They had the same table of contents
After the table of contents, there were 10 pages of fully redacted content.
The PDF file properties indicate that the source document was written by Doug Eidahl. Searching LinkedIn, we found a Doug Eidahl who works for Vantage Point Solutions, in Mitchell, South Dakota.
Federal lawmakers are continuing to push for an end to robocalls by increasing penalties for automated, illegal calls through the Deter Obnoxious, Nefarious, and Outrageous Telephone (DO NOT) Call Act.
U.S. Majority Leader Charles Schumer and Sen. Kirsten Gillibrand joined others in the Senate calling for an end to scam calls that often target and victimize the elderly.
“This vital piece of legislation will give the FCC the tools needed to combat scammers who grossly violate the Telephone Consumer Protection Act and, all too often, target and defraud senior Americans,” said Gillibrand. “I am a fierce advocate of the DO NOT Call Act, and will do everything I can to put sensible protections in place and put an end to unsolicited robocalls.”
Nearly 4.5 billion robocalls were made across the country in April alone, according to YouMail, with more than 229 million in New York State.
The DO NOT Call Act would do the following:
July 18, 2021 On Thursday, the Federal Communications Commission unanimously approved a report and order under Section 10a of the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act to implement a streamlined process for private entities to report calls that may be unlawful and callers who are using legitimate businesses’ caller IDs.
“The new online portal will allow such entities to alert agency investigators of concerning incidents, including floods of robocalls like those that have been known to clog up hospital phone lines,” according to a news release from the FCC .
When a private entity submits a report through the online portal, it will collect their contact information and details about the robocall campaign they are concerned about, according to the FCC. The Consumer and Governmental Affairs Bureau may then initiate an investigation to stop the robocalls and may work with federal and/or state partners to address the issue.
The report and order also requires private entities using the portal to submit certain minimum information including, but not necessarily limited to, the name of the reporting private entity; contact information, including at least one individual name and means of contacting the entity (e.g., a phone number); the caller ID information displayed; the phone number(s) called; the date(s) and time(s) of the relevant calls or texts; the name of the reporting private entity’s service provider and a description of the problematic calls or texts.
The new process will not affect the current informal complaint process that the Consumer and Governmental Affairs Bureau manages, according to the FCC.
The bureau will implement the portal once it receives the requisite approvals from the Office of Management and Budget. The report and order will take effect 30 days after it is published in the Federal Register.
On May 10, 2021, the FCC issued a Public Notice stating that the Secure
Telephone Identity Governance Authority (“STI-GA”) has issued a change in its
Service Provider Code (“SPC”) Token Access Policy.
Under the new policy, effective immediately, a voice service provider (“VSP”) that lacks the certificate necessary for participation in STIR/SHAKEN caller ID authentication program
does not need direct access to telephone numbers to obtain that certificate and
instead must, among other things, be listed in the Commission’s Robocall
Mitigation Database.
Under the previous policy, an entity seeking a certificate
must “have direct access to telephone numbers from the North American
Numbering Plan Administrator . . . and National Pooling Administrator.”
The revised SPC Token Access Policy requires that VSPs seeking to register
with the STI-Policy Administrator (“STI-PA”) for certification meet three criteria:
1. Have a current form 499A on file with the FCC;
2. Have been assigned an Operating Company Number (“OCN”); and
3. Have certified with the FCC that they have implemented STIR/SHAKEN or comply
with the Robocall Mitigation Program requirements and are listed in the FCC’s
Robocall Mitigation Database.
The STI-GA has further determined that the initial SPC token Access Policy,
which required “direct access to telephone numbers from the North American
Number Plan Administrator (“NANPA”) and National Pooling Administrator
(“NPA”), will also remain in effect until June 30, 2021. What this means is that
VSPs that have already obtained SPC tokens under the initial SPC Token
Access Policy must meet the revised criteria within 30 days of the FCC
certification filing deadline. Any such previously authorized service provider that
has not certified with the FCC by June 30, 2021, risks having its SPC token
revoked.
As a result of the STI-GA’s policy change, VSPs that previously were unable to
obtain a certificate due to a lack of direct access to numbers must now
“diligently pursue” a certificate by registering in the Robocall Mitigation
Database and then seeking a certificate from a Secure Telephone Identity
Certification Authority (“STI-CA”).
JUNE 14, 2021
USTelecom filed reply comments with the FCC that were sharply critical of recent filings in the Robocall Mitigation Database (RMD) seeking blanket confidentiality for providers’ robocall mitigation plans. Here’s what’s happening.
In their reply comments, USTelecom responded to the FCC Wireline Competition Bureau’s request for comments on a protective order for RMD collection. Here’s is the crux of their complaint:
Recent filings in the RMD seeking blanket confidentiality for providers’ robocall mitigation plans are of deep concern and threaten the transparency and accountability that the RMD is intended to create.
The Bureau should ensure that robocall mitigation plans are public by default, and only truly confidential and sensitive information is withheld from full public view.
USTelecom cites the FCC’s Second Report and Order, which states that the intent of the confidentiality provision is to avoid giving bad actors the information they need to undermine the provider’s programs, or disclose sensitive competitive information.
RMD confidential filings
On June 14, 2021, we reviewed robocall mitigation plans in the RMD for providers that filed a request for confidentiality. Here’s what we found:
There were 552 robocall mitigation plans filed in the RMD.
There are 50 redacted plans in the RMD, which is 9% of the plans filed.
Of the redacted plans, 46 are fully or almost fully redacted, which is 92% of the redacted plans. USTelecom seems to have a point here.
Of the four partially redacted plans, we found the following redactions:
One redacted the their robocall mitigation contact name.
Another redacted the name of an underlying service provider.
The last two redacted some details of their robocall mitigation methods.
41 of the 46 fully redacted plans (89%) were nearly identical in the following respects:
They had a cover page with the company name
They had the same table of contents
After the table of contents, there were 10 pages of fully redacted content.
The PDF file properties indicate that the source document was written by Doug Eidahl. Searching LinkedIn, we found a Doug Eidahl who works for Vantage Point Solutions, in Mitchell, South Dakota.
The United States has implemented a program to reduce robocalls, scam calls, and other annoyances through a Federal Law called Stir-Shaken. If you are sending calls to the United States, you may see a reduction in your ASRs starting in July.
Stir-Shaken is a series of protocols and framework that ensure the caller ID has not been spoofed. Stir-Shaken works by authenticating and verifying encrypted information used to attest to the accuracy of the caller ID information. The key to the program is validating the sending DIDs.
By law, on June 30th, any call terminating in the United States must have a Stir-Shaken token attached to its data stream. Initially this applies to calls using VoIP anywhere along the call path and will apply to TDM calls later. If your calls do not have the correct token attached, or have no token, your calls may be blocked by the terminating carrier or routed to the end user’s voice mail.
By law, any service provider originating calls that terminate in the USA must register with the Federal government by September 28th of this year. Carriers who terminate calls to end users must check the Federal data base to validate the sending service provider – if you aren’t listed in the Federal data base, your calls will be blocked.
WE CAN HELP!
As a USA registered service provider, we can generate stir-shaken tokens for you and we can register you with the USA Federal government database.
Here are the methods we use to can generate tokens for you:
· SIP pass-through. Send your calls directly to Prescott-Martini. We will generate a digital token and the call will be returned to you for processing with your existing carriers or we can send your calls to our Tier 1 carrier for termination at very low rates (average USA termination rate is US$.0021, plus the cost of the token).
· HTTPS – API. We can install an API on your platform that will generate tokens internally. This is the most efficient and secure approach to generating tokens but it does require a bit of volume to be economically feasible.
· MYSQL. Most users can send a Stir-Shaken request to Prescott-Martini via MYSQL. We will return a digital token to you via a 302 redirect code for insertion into your SIP header.
· SIP. If you are unable to send a call using MYSQL, send a request via SIP. Prescott- Martini will return a digital token via 302 redirect code for insertion into your SIP header.
Stir-Shaken costs are volume sensitive, and are typically in the US$ .0001-.0003 per token, range. Flat rate programs are also available, as are flat-rate API services. Talk to your representative for an exact quote.
Registering with the U.S. government as an authorized service provider is a complicated process and will require some time. Here are the steps:
· Step 1: Obtain a US based EIN. An Employer Identification Number (EIN) is also known as a Federal Tax Identification Number, and is used to identify a business entity, normally supplied by the IRS - Internal Revenue Service. This EIN does not create any tax or reporting obligation. Foreign companies and individuals are eligible to receive an EIN.
· Step 2: Obtain an FRN (Federal Registration Number). An FRN is assigned to a business or individual registering with the FCC. The FRN is used to identify the registrant's business dealings with the FCC.
· Step 3: Hire a registered agent in Washington D.C. area for Service of Process. The FCC requires all 499 carriers to have an individual or entity which has been designated to receive Service of Process notices, government correspondence and compliance-related documents on behalf of the carrier. Here is one: https://www.northwestregisteredagent.com/registered-agent/fcc-license
· Step 4: Obtain a 499 Filer ID from USAC. The FCC 499 Filer Database is an identification system for all interstate telecommunications carriers, all interconnected VoIP providers, and certain other providers of telecommunications. The 499 is provided by the Universal Services Administrative Company (USAC), with whom you must register before you apply for the 499.
· Step 5 – FINAL STEP: Register with the FCC’s Robocall Mitigation & Compliance database. This will include your Robocall Mitigation plan, and unless exempt, your integration of Stir-Shaken components into that plan. We will provide standard samples of acceptable mitigation plans.
COSTS
Prescott-Martini registration services: $399.00 includes steps 1, 2, 4 and 5
Your responsibility is to acquire a registered agent. Additional cost to you: Typically up to $125.00 for step 3 only
Once you have filed your FCC form 499-a, you will have to re-file each April. As an international carrier, you will not have any annual filing costs. If you are a domestic U.S interstate carrier, you may have charges due to the Universal Service Fund.
JUNE 21, 2021
The FCC adopted rules last week to establish a streamlined process for private entities to report suspected robocall and spoofing violations. Here’s an overview.
Existing robocall reporting
The FCC already has arrangements to receive complaints about suspected robocall violations:
Individuals can file a complaint in the FCC’s Consumer Complaint Center. The form only has four fields and a way to add file attachments. It’s very streamlined. Complaints go to the FCC Consumer and Governmental Affairs Bureau.
Law enforcement and government agencies can report robocall and spoofing violations to the FCC. They are encouraged to report them to the Robocall Traceback Consortium.
The Robocall Traceback Consortium can report suspected violations to the FCC.
What’s new
This new order for a streamlined process was required by Section 10 of the TRACED Act. Here’s what this order adds to the existing robocall reporting mechanisms listed above:
It provides a way for private entities to report suspected robocall violations.
An “entity” is an organization, not an individual.
A “private” entity excludes government organizations.
It is not intended for use by individuals. They already have the Consumer Complaint Center. (However, if an individual uses the new portal for private entities, their complaint will be forwarded to the Consumer Complaint Center.)
Like the Consumer Complaint Center, the new robocall complaint portal for private entities will prompt for minimal information, such as:
Name of the private entity
Contact information
Caller ID information displayed
Phone numbers called
Dates and times of the calls
Entity’s service provider
Description
So, it isn’t as streamlined as the Consumer Complaint Center, but it’s minimal.
Simplify
What’s next
The rules in this order will take effect 30 days after publication in the Federal Register.
The Office of Management and Budget (OMB) will review new information collection requirements.
The Enforcement Bureau will announce the effective date for information collection after the OMB review.
The FCC Enforcement Bureau will respond to complaints received from private entities
The FCC order establishing the robocall reporting portal for private entities is available online.
Industry impact
We expect that this new complaint portal will have the following effects on the telephone services industry:
Accelerate the investigation of unlawful robocall and spoofing activity.
Put further pressure on voice service providers to mitigate the origination of robocalls on their network.
Provide additional incentives to deploy SHAKEN call authentication sooner rather than later, despite any extensions that may be available, to help mitigate unlawful spoofing.
The wireless industry is working to combat robocalls and Wednesday, June 30, marks the FCC deadline for carriers and other voice providers to implement STIR/SHAKEN caller ID authentication technology.
STIR/SHAKEN is a protocol that helps digitally authenticate phone numbers to verify that a call is indeed coming from the number shown on a caller ID. It’s a technology used against illegal spoofing, a technique robocallers sometimes use in order to appear like a call is coming from a legitimate number, before the call reaches consumers.
STIR is the technical protocol and SHAKEN is the U.S.-Canada governance management framework on top.
The Federal Communications Commission (FCC) already authorized operators to automatically block illegal robocalls and in March of 2020 mandated voice service providers and intermediate service providers deploy STIR/SHAKEN framework in their IP networks and certify by the June 30 deadline.
Some groups, such as smaller service providers (less than 100,000 subscribers), get extensions and they have a couple more years, with a mid-2023 deadline. However, Bill Versen, president, communications market and CMO for TNS noted that even if they have an extension, all providers must show efforts to ensure robocalls don’t originate on their networks and they need to file documentation showing that with the FCC’s Robocall Mitigation Database.
Those that don’t “may be subject to appropriate enforcement action,” the FCC notes.
RELATED: FCC requires carriers to deploy STIR/SHAKEN caller ID authentication
Ahead of the deadline, industry participants cited progress and general preparedness.
AT&T recently said it’s now blocking or labeling more than 1 billion robocalls per month, with fraud calls blocked before reaching subscribers’ phones, and suspected spam labeled as such so users can choose whether or not to answer.
“We intend to meet all the components of the June 30 deadline, including STIR/SHAKEN benchmarks, continued support for the Industry Traceback Group, and a strong program to keep illegal robocalls from originating on our network,” an AT&T spokesperson said.
In March T-Mobile said it was the first to implement STIR/SHAKEN with all major U.S. network providers, while Verizon started exchanging STIR/SHAKEN-enabled calls with AT&T, T-Mobile, and Comcast. Verizon on Wednesday confirmed it has met the FCC's mandate to sign calls with STIR/SHAKEN. It said more than 135 million calls a day are currently exchanged between Verizon and other participating carriers. Also on Wednesday, T-Mobile announced filings to certify that it has completed the implementation, with all calls originating on the T-Mobile network 100% STIR/SHAKEN-compliant.
Iconectiv has the role of industry and policy administrator for SHAKEN, acting as the authority to ensure that different parts of the authentication process itself is trustworthy (more from iconectiv’s here).
At the end of March, more than 100 carriers had been processed to be approved to obtain SHAKEN certificates. There are currently 278 providers registered, according to Bob Grant, director of Product Management at iconectiv, who called participation by telephone companies “exceptionally important in stopping illegal robocalling at the source.”
“Companies that choose not to participate in STIR/SHAKEN could potentially run the risk of becoming a conduit for fraudsters to put illegal traffic onto the network,” Grant said via email. He anticipates voice service providers will continue to join the STIR/SHAKEN ecosystem even after the deadline has passed as they work to comply with the caller ID authentication rules.
RELATED: Wireless industry readies as STIR/SHAKEN deadline approaches
TNS’ Versen said that for larger providers working towards the June 30 deadline, the company is “already seeing tangible results.”
TNS provides call analytics solutions for robocall protection.
“TNS data shows more than one-third of the total calls going across carrier networks in December 2020 were self-signed by a voice service provider ensuring the caller was verified, up from 21% in January 2020,” Versen said.
While smaller providers have until June 2023 to implement STIR/SHAKEN, they still need to document efforts to reduce robocalls that originate on their networks. That includes progress within the newly created FCC Robocall Mitigation Database.
“This is significant because TNS data showed nearly 95% of high-risk calls originated form non-Tier 1 carriers last year, and that is why there is particular focus from the FCC on how to identify and address the subset of smaller providers at the greatest risk for generating high volumes of unwanted robocall traffic and having them comply by June 2022,” Versen said.
That combined with enforcement and industry innovation in branded calling (imagine a company’s logo accompanying a call) and advanced call analytics “should result in further gains in robocall mitigation,” he added.
RELATED: FCC questions carriers on status of free robocall blocking tools
Jamie Gibson, VP of Technology for Ribbon Communications, which provides platforms and services including IP and optical networking for communications companies, said they’ve had several conversations over the last few weeks with partners and potential clients.
“Based on these conversations and the months of planning leading up to the deadline with customers, we feel like the industry is generally prepared for June 30,” Gibson said via email.
But smaller service providers still need to make moves.
“Even if a service provider has a STIR/SHAKEN extension, they still must act,” Gibson said, noting requirements for robocall mitigation plans.
While generally ready, there is likely a group of voice service providers that won’t meet the deadline, according to Gibson.
“While these providers won’t notice a difference on July 1, if they remain non-compliant they will be unable to send traffic to other operators starting September 28, 2021,” Gibson said. “It’s currently unclear what will happen between the two dates, although the FCC has indicated that non-compliant voice service providers may be subject to appropriate enforcement action, without providing any concrete details.”
Gibson said the FCC could also determine the efforts aren’t enough to mitigate robocalls, and indicated the agency is leaving it up to service providers, without providing specific plans or thresholds for effectiveness.
A June 24 ex parte filing (PDF) shows AT&T voiced concern about the September 28 date. It has to do with a provision that prohibits U.S. intermediate and terminating voice providers from accepting traffic directly from any foreign service provider not in the FCC’s robocall mitigation database.
The carrier expressed strong support for a CTIA petition to reconsider part of the FCC’s order.
AT&T’s EVP of federal regulatory relations Joan Marsh cited challenges of placing requirements on carriers outside of the U.S. that might not be familiar with FCC systems or used to reviewing technical documents in English.
Marsh said CTIA’s worry that foreign service providers who interconnect with the U.S. would likely not register on time “appears to be becoming a reality.”
“Despite AT&T’s extraordinary efforts to educate its foreign service provider partners, as of June 23, 2021, approximately only 20 percent of foreign providers that use telephone numbers that pertain to the U.S. to send voice traffic to AT&T subscribers in the U.S. have successfully registered in the FCC’s Robocall Mitigation Database,” AT&T says in the filing, which recommends a conditional extension to the September date or risk legitimate calls getting blocked.
Iconectiv’s Grant indicated calls internationally are a continued effort, saying the company is available to share best practices and collaborate with the ecosystem as additional countries explore verification standards.
“While the U.S. is the first country to deploy STIR/SHAKEN, robocalling is a global problem and will require global adoption,” Grant said. “An important piece of the puzzle to remember is that calls come in from and go out to other countries. By verifying phone numbers and having caller ID information accurately displayed, it is expected that consumer confidence in calls will go up.”
Ribbon’s Gibson called the deadline “a solid first step” but added that “bad actors continue to evolve how they use technology to make these nuisance calls at an increasing rate.”
In May, YouMail Robocall Index estimated 4 billion robocalls were placed nationwide in the U.S., compared to about 3 billion in May 2020.
“We expect the results and successes from this mandate to spur on additional requirements for service providers that will help decrease fraudulent calling and improve the experience for wireless subscribers,” Gibson said. “At the end of the day, it's all about restoring faith and trust in the network and phone call.”
On Tuesday the FCC released its second report (PDF) on call blocking tools for consumers.
Updated with additional Verizon information on meeting the FCC mandate. Information added on T-Mobile certifying all calls.
T-Mobile announced on Wednesday that it is fully compliant with the FCC’s new anti-spoofing protocol, telling the FCC that its now certifying that calls from its network are protected against impersonation by scam callers using the STIR/SHAKEN protocol.
Verizon also announced that it’s verifying that the number that shows up on your caller ID is actually the number that’s calling you using the same STIR/SHAKEN protocol. The two major carriers announcing their progress on the same day isn’t a coincidence — Wednesday, June 30th, is the deadline the FCC set for major carriers to implement STIR/SHAKEN. An AT&T spokesperson told The Verge that the carrier also met the deadline, as it filed on the 29th, and said that “all LTE and 5G calls originating on [its] wireless network are STIR/SHAKEN compliant.”
THE PROTOCOL WORKS TO PREVENT SCAM AND SPAM CALLERS FROM SPOOFING THEIR NUMBER
The protocol, with its James Bond-themed name, works to prevent scam and spam callers from spoofing their number and showing up on your caller ID as a local caller. The FCC hopes that carriers implementing it will help stem the tide of robocalls that have made many of us scared of our phones’ actual phone function. In a press release put out on Wednesday (pdf), the commission stated that over 1,500 voice providers have filed to be included in its Robocall Mitigation Database, with over 200 of those providers being fully certified.
The Wednesday deadline set by the FCC is only for major carriers — smaller carriers with fewer than 100,000 subscribers will be exempt until June 30th, 2023, though the FCC is considering shortening that timespan (pdf). The major carriers that haven’t certified themselves as compliant may face an unspecified “appropriate enforcement action” from the FCC and will run into even more trouble come September. Beginning September 28th, according to the FCC (pdf), carriers will have to stop accepting traffic from providers that aren’t in the robocall database — it’s hard to imagine customers being too happy that they’re not able to reach their friends or family who are on T-Mobile or Verizon.
WHILE THIS MAY MEAN A SIGNIFICANT DROP IN SPAM CALLS, IT’S NOT BULLETPROOF
In its press release, T-Mobile says that its STIR/SHAKEN network covers calls from 98 percent of US wireless customers, including those using carriers like AT&T, Verizon, Google Fi, and Comcast. Verizon says that its validation network covers 80 percent of the US wireless industry, and AT&T said in a recent press release that it blocks or labels over a billion robocalls a month.
The STIR/SHAKEN protocol isn’t a total solution to the robocall problem, and it won’t keep your phone from ringing when a scammer calls you unless your carrier is doing additional blocking using the data from it. Fierce Wireless also points out that carriers still have to contend with international calls, which is no small task, and legacy phone systems are exempt from the requirements. Still, the next time you get a phone call, you may be able to see whether the number that’s calling you is actually who it claims to be.
One day you’ll be at trivia night at your local pub and be asked this question:
What poor company was the first to be sued in a class action under Florida’s new mini-TCPA?
Answer–Batteries Plus, LLC
In a new suit filed TODAY a Florida consumer has sued those folks in a class action under the Florida Telephone Solicitation Act, Fla. Stat. § 501.059, as amended by Senate Bill No. 1120. This is believed to be the very first such complaint ever filed leveraging the amendment.
Complaint here: Cooper Complaint
Ms. Cooper alleges receipt of unwanted text messages pitching the Defendant’s products. While such messages likely would not trigger an ATDS claim under the TCPA–unless they were randomly sent, and I’m sure they weren’t–under the Florida bill all that is needed is the use of a computer system to automatically determine the sequence of dialing. And that, says Plaintiff, is precisely how Defendant’s system works:
To transmit the above telephonic sales calls, Defendant utilized a computer
software system that automatically selected and dialed Plaintiff’s and the Class members’ telephone numbers.
That might be the first ever rendition of autodialer allegations in a pleading filed under the amended Florida bill.
History is made, I suppose.
Notably, although there is much conjecture about the reach of the Florida bill–facially it applies to all calls made to anyone from anywhere–Cooper alleged that she “received such calls while residing in and physically present in Florida.” So there will not be any question about Ms. Cooper’s ability to state a claim–although it is unclear to me whether the Wisconsin-based defendant is subject to personal jurisdiction in Florida.
Plaintiff also (wisely) limited her class to Florida residents:
All persons in Florida who, (1) were sent a telephonic sales call regarding Defendant’s goods and/or services, (2) using the same equipment or type of equipment utilized to call Plaintiff.
So the era of litigation under Florida 059–as I’ve taken to calling it–has commenced. Make sure that you are not using a dialer that automatically determines the sequence of numbers to be called if you’re reaching out to Florida consumers without express written consent–and that includes some click-to-dial systems folks.
We’ll cover all of these developments in great detail next week at the Palooza. In the meantime feel free to reach out to chat.
June 28, 2021 -- RingCentral (NYSE: RNG), a leading provider of global enterprise cloud communications, video meetings, collaboration, and contact center solutions, today announced that the company is taking steps to protect customers from the increasing problem of robocalls and spam calls. RingCentral leverages the company’s own Artificial Intelligence (AI) trained data and participates in industry tracebacks, enabling the company to root out bad actors. RingCentral also contributes to industry groups active in the development and deployment of the STIR/SHAKEN framework to stop unwanted robocalls and SPAM. The company has successfully implemented the STIR/SHAKEN call authentication framework to more accurately authenticate and verify traffic routed through its platform to stop these unwanted calls and build trust and security for end-consumers.
According to a recent survey* Americans received an estimated 4.9 billion robocalls in March 2021, a 6.8% increase in volume from the previous month. These unwanted robocalls are undermining consumer confidence in voice communications services. As a result, the FCC has mandated that STIR/SHAKEN -- an industry standard that stands for Secure Telephony Identity Revisited (STIR) and Signature-based Handling of Asserted information using toKENs (SHAKEN) -- be implemented by all communications providers in the United States. This framework enables the authentication, signing, and verification of caller identities to prevent call spoofing.
“We’re all too familiar with receiving robocalls and SPAM calls every single day and we know how disruptive these calls can be, as well as the business risks associated with them,” said Praveen Mamnani, vice president, Product, Enterprise and SMB, RingCentral. “With our trained datasets and AI-powered solution, we’re continuously striving to protect customers from these unwanted calls. Also, not only have we completed the implementation of the FCC mandate requirements, but we have been active in industry and FCC efforts to effectively deploy STIR/SHAKEN to ensure our customers’ security is not compromised.”
RingCentral has been an early adopter of the STIR/SHAKEN framework and has been attesting millions of calls for months ahead of the coming implementation deadline to ensure these calls are properly tagged as legitimate. In addition, RingCentral has advocated that all providers should be part of this effort because the more calls that are signed, the more accurate the framework will be.
RingCentral’s own proprietary system uses AI-trained algorithms and in combination with STIR/SHAKEN, makes the RingCentral platform unique and trustworthy, compared to other Unified Communications as a Service (UCaaS) platforms in the market today.
“As organizations continue to invest to improve customer-facing and internal communications, robocalls and spam calls waste time, productivity, and money,” says Irwin Lazar, President and Principal Analyst, Metrigy. “RingCentral’s early participation in the STIR/SHAKEN effort, and its AI-based capabilities that minimize unwanted calls via identifying illegal caller ID spoofing, offers its customers the potential to reduce costs associated with spam calling, and to reduce burden on contact center agents and back-office personnel.”
RingCentral strongly supports the FCC’s goal of stopping illegal robocalls as noted in its advocacy with the FCC.
JULY 15, 2021 - Enables Widespread SHAKEN Usage to Combat Unlawful Robocalls
ATLANTA - The ATIS Non-IP Call Authentication Task Force (NIPCA) has approved standards for Extending STIR/SHAKEN over TDM and Out-of-Band SHAKEN. These standards pave the way for widespread usage of STIR/SHAKEN call authentication to help combat unlawful robocalls.
Two technical standards and a technical report were developed and approved by the NIPCA:
FCC statements about call authentication in non-IP networks
The FCC addressed requirements for call authentication in non-IP networks in their Second Report and Order on the Call Authentication Trust Anchor, WC Docket No. 17-97.
“We grant… an extension for the parts of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls until a solution for such calls is reasonably available.” (¶ 38)
“We will consider a non-IP caller ID authentication framework to be effective only if it is: (1) fully developed and finalized by industry standards, and (2) reasonably available on the commercial market.” (¶ 32)
With the approval of the standards described above, the Commission’s requirements for an effective non-IP call authentication framework have been fully met.
Benefits
These non-IP call authentication standards enable SHAKEN to be used much more widely. The more SHAKEN is used, the more effective it becomes:
Notes
Jul 20, 2021
Conversation: “In the course of a TT conversation today we learned that Level 3 is implementing ANI frequency analysis and they now block RTP addresses associated with frequently used ANI’s. We are unsure if the STIR token is being considered in this policy as yet. I will get back to you on that.
“Looks like L3 will block a frequent ANI that has a C level attestation”
“OK, that throws another interesting twist into the s/s environment pot.”
Let’s see what that means:
The conversation above refers to changing out DIDs on high frequency calls.
Basically, Level3 – a national underlying wholesale carrier that you may have never heard of, but is one of just 3 or 4 that carry virtually all calls in the US – is building artificial intelligence (AI) to examine all of its call flows in real time to attempt to block robocalls that are using high levels of the same ANIs or DIDs over and over.
Rule of thumb: Make sure your ANIs are not repeating frequently, keep a minimum of 3 minutes between them.
What Level3 is saying is that if you have a “C” stir-shaken token, and frequent ANIs, then they are going to block you. Some carriers already are.
However, you have an “A” level tokens attached to your calls, and long-rotation times between your DIDs – you have no issues at all.
Over time, I think you can reduce the number of DIDs you are using, dramatically.
As of July 21, 2021, there were 3,235 certification filings in the FCC Robocall Mitigation Database (RMD). Who’s filing? How informative are these filings? Legal Calls Only, an online forum for content on the unlawful robocall problem, has been tracking, profiling, and scoring certification filings to answer these questions. Here’s what they’re doing.
The Legal Calls Only forum has launched two initiatives to review and assess RMD filings:
ZipDX has an ongoing initiative to score RMPs based upon the following criteria:
After describing the criteria, the page provides five scoring examples using hypothetical RMPs.
It seems a bold step for a third party to score RMPs. Are these scoring criteria legitimate and fair? Are they applied consistently?
These are fair questions. In our view, however, ZipDX seems open to feedback and discussion of the scoring system and how it is applied. They wrote, “Our evaluation approach and criteria are based on our years of experience in this domain—but these are still evolving, and we are thirsty for feedback.”
The ZipDx Robocall Mitigation Explorer is introduced and described here and available online here.
One might wonder whether a RM Explorer is necessary. Can’t you simply download a current list and explore it using a spreadsheet program?
Yes, you can. But the RM Explorer provides some additional information that would otherwise be unavailable in the spreadsheet and require additional chasing, including:
In our view, the RM Explorer is a valuable tool. Anyone who wants to dig around RMD filings would find it useful.
Sippy SoftSwitch announced its Stir-Shaken upgrade today, for its advanced softswitch products. The patch is now available. Sippy also named 1 Call Connect as its Stir-Shaken provisioning partner.
https://www.youtube.com/watch?v=em_MtrdsGko
https://www.sippysoft.com/
We pulled attestation numbers from July 1–12, 2021 for signed calls received by service providers. We found calls signed by 145 different service provider codes.
We’ve shared our findings that a large percentage of calls are being signed with full attestation (A). Here’s how SHAKEN attestation has been evolving.
Full attestations continue to decline. Still, it seems that SHAKEN calls are mostly signed with full attestation. But is that really true?
Attestation profiles by service provider type
We thought we might gain deeper insight if we look at attestation by service provider type. The following illustration summarizes our findings.
Figure 2: Attestation by Service Provider Type
For each provider type, the different color bars show the proportion of their calls they signed with full (green), partial (orange), and gateway (red) attestation.
This is interesting. Attestation levels vary significantly by provider type. They aren’t all giving full attestation. Why does it seem like they are (see figure 1, above)?
Call signers
Let’s look at the distribution of calls and providers by provider type in our data for July 1–12.
Attestation profiles by service provider type
Figure 3: Proportions of Calls and Providers by Provider Type
The orange bars show the percentage of signed calls by provider type. The blue line shows the percentage of providers/call signers in that category.
Cellular/PCS/SMR providers generated the most signed calls, 73.1%. The blue line shows that they represent only 4.8% of the service providers signing calls.
The reason that so many calls receive full attestation is because so many signed calls are originated by wireless providers. They sign most calls with full attestation (see figure 2, above). When you break it down by provider type, there’s more variety in attestation levels.
Downstream signers
We reviewed attestation statistics for three providers that sign lots of calls for their upstream service provider customers. We coined a new provider type for this analysis, downstream signer. Here’s what we found.
Figure 4: Downstream Signer Attestation
If you were wondering whether downstream signers are signing calls for their upstream service provider customers with full A attestation, here’s your answer: not so much. They’re giving lots of partial B attestations and fewer full A attestations.
The industry-led Secure Telephone Identity Governance Authority (STI-GA) today announced two policy changes in the SHAKEN ecosystem. The set of first policy changes will allow delegate certificates to be used by third-party callers as well as companies originating calls from toll-free numbers to also provide SHAKEN authentication.
With the STIR/SHAKEN protocol, a call is given the top level of attestation (A-level) only if the service provider signing the call can attest to the customer's right to use that telephone number for outbound calls. A delegate certificate provides service providers a method to establish a customer's right to use a telephone number when the service provider did not assign that number itself. The use of a delegated certificate enables calls to receive the highest level of attestation when a company sends an outbound call through one service provider using a number assigned to it by another service provider.
The STI-GA Board voted to support the optional use of delegate certificates within the SHAKEN ecosystem pursuant to ATIS Specification ATIS-1000092. Service providers may or may not choose to use delegate certificates, but the STI GA Board action to approve this policy change will clear the way for service providers that wish to use delegated certificates to do so.
The second set of policy changes adopted by the STI-GA Board, are designed to authorize Responsible Organizations (Resp Orgs) to access Service Provider Code tokens. A Resp Org is the entity that assigns a toll-free number to a customer and is the only entity that can authenticate a customer has the right to use a toll-free number. Unless a Resp Org is also a service provider, it is not involved in originating a call and previously was not able to provide the SHAKEN authentication. The policy revisions will afford companies sending traffic outbound from a toll-free number the means to qualify for the highest level of attestation.
The changes in policy follow recent standards decisions by the ATIS/SIP Forum IP-NNI Task Force, the industry-led body that drafts the standards that apply to the SHAKEN ecosystem. The STI-GA, which is responsible for setting policy direction for the SHAKEN ecosystem, considers relevant industry standards to be an important factor its policies. While the policy changes have been adopted by the STI-GA Board, technical changes must still be implemented in the SHAKEN framework to enable delegate certificate use and give Resp Orgs access to SPC tokens. The STI-GA Board is targeting to have these changes fully implemented by mid-October 2021 and will issue an industry advisory when the precise date is known.
In launching STIR/SHAKEN and now moving to expand its applicability to a broader range of call types, the STI-GA continues to advance the industry's objective to consumer faith and confidence in answering their telephones. Learn more at sti-ga.atis.org.
###
Erick Troutman - July 26, 2021
When I was on stage at the Palooza last week I reminded everyone that a violation of the TCPA can lead to criminal penalties.
Folks seemed a bit confused because the TCPA does not, itself, contain criminal provisions. Yet, as I explained from the stage, the TCPA is found within a chapter of the Communications Act that does contain a provision allowing criminal prosecution for violations of the chapter. See Section 501.
While it is certainly true that prosecutions under Section 501 are exceedingly rare they appear to be viable in many instances. And that means parties to civil TCPA cases might not be compelled to testify against themselves by virtue of responses to civil discovery demands.
For instance, in Van Connor v. One Life Am., C/A No. 6:19-cv-03283-DCC, 2021 U.S. Dist. LEXIS 137702 (D. S. Car. July 23, 2021) the court held it would be a “manifest injustice” to require a Defendant to respond to civil discovery where criminal prosecution was possible.
In that case the Plaintiff had served a set of interrogatories and document demands requiring information related to his TCPA suit against the Defendant. The Court originally overruled the objections and compelled production. On reconsideration, however, the Court recognized that criminal prosecution for TCPA violations was absolutely possible—even if unlikely—and so self-incriminating responses could not be compelled even in civil litigation.
In assessing the demands, the Court found that questions about general telemarketing practices were not subject to Firth Amendment privileges—telemarketing is still a legal business in this nation, after all.
As to demands regarding “the particular contact with the Plaintiff as well as the manner and means of such contacts” however the Court found that the interrogatories did, indeed, implicate the Fifth Amendment privilege.
The Court also found that the entire set of RFPDs to the Plaintiff is entitled to Fifth Amendment protection because to require production would compel an admission by Defendant that the records were in his possession and were genuine—and would also make compelled use of the plaintiff’ own knowledge of his potentially illegal activity when the demands are framed in the form of a contention.
In the end the Court noted that corporate defendants are entitled to different lesser constitutional protection and so the needed discovery might be compelled from the corporate defendant, while charging the lawyers in the case to act appropriately to protect the constitutional rights of individual defendant.
Van Connor is an extremely interesting ruling and one TCPA defendants MUST take into consideration. Civil lawyers are not used to asserting Fifth Amendment privileges, but failing to do so following Van Connor—especially where an individual defendant is involved—seems imprudent. The application of the Fifth Amendment to civil litigation and different discovery types (i.e. interrogatories vs depositions vs RFPDs) varies jurisdiction by jurisdiction, however. TCPA defendants should talk these issues over with their counsel and assert the privilege wherever applicable.
We’ll keep an eye on this important issue.
Webinar describes the Stir-Shaken patch
Names 1Call Connect as its Stir-Shaken partner
Names 1Call Connect as its Stir-Shaken provisioning partner. Click 'watch' below to download the Sippy Software webinar.
JULY 26, 2021 - We’ve analyzed the relationship between spam robocalls and SHAKEN attestation during the first three weeks after the SHAKEN mandate. Here’s what we found.
Data collected and analyzed
We gathered summarized data for calls terminated by voice service providers using our ClearIP software. The data share the following attributes:
Results
The following chart shows some surprising results.
In this chart, the orange bars show the percentage of all calls that fell into the different SHAKEN attestation levels or were unsigned. The left vertical axis provides the corresponding percentages for these bars.
The blue line shows the robocalls as a percentage of all calls that fell into the different SHAKEN attestation levels or were unsigned. The right vertical axis provides the corresponding percentages for points on this line.
There are some interesting results here:
This is a striking result, for a few reasons:
“But wait—signed calls aren’t robocalls, right?” Not exactly. Full attestation just means the originating service provider (OSP) vouched that the calling number isn’t spoofed. It could still be a robocall.
“If the OSP does SHAKEN, then they don’t have to do robocall mitigation, right?” Not quite. While the FCC requires OSPs to certify that they are either doing SHAKEN or robocall mitigation for calls they originate, the Fourth Report and Order on Unlawful Robocalls also requires them to “implement effective measures to prevent new and renewing customers from originating illegal calls.”
We expect pressure will mount on service providers to do robocall mitigation on calls they sign, especially with full attestation. It wouldn’t look good for subscribers to receive spam robocalls that have the [V] in caller display name and/or a check mark. It wouldn’t look good to be the OSP responding to robocall traceback that signed the robocalls.
Downstream signers
You may have noticed a large spike in the blue line, % robocalls, for calls with Partial B attestation. In fact, 7.33% of such calls were robocalls. What’s going on there?
This is an interesting result. We looked closely at robocalls by OSP and found that many of them were signed with Partial B attestation by “downstream signers,” a term we coined in our blog post on SHAKEN attestation statistics for early July 2021. These are voice service providers that sign calls for their upstream service provider customers. They sign most of such calls with Partial B attestation. There were some spam robocalls in there.
This raises questions. Who is responsible for such calls? The downstream provider that signed them? The upstream provider that originated them?
The FCC SHAKEN orders say that entities that originate voice service calls are required to use SHAKEN, albeit with some extensions allowed, else use robocall mitigation.
However, many of these providers have outsourced SHAKEN signing to downstream providers that sign calls for them with Partial B attestation. Some of these upstream providers have filed certifications in the Robocall Mitigation Database asserting that they’ve implemented Complete SHAKEN. Now we see data that show spam robocalls are being originated and signed in such scenarios.
This isn’t working as intended. We expect that actions will be taken to sort this out.
July 29, 2021 - KING5 News. Woodenville, WA.
Steve Baus is happy with his golf game these days, and it is not just because of his score.
Every whack of the ball feels like a strike against the robocallers who have tormented him for years.
“A lot of the guys I play with will remind me about the fact that some guy in Pakistan paid for these clubs,” said Baus, with a smile as he stepped up to tee on the fourth hole at Bear Creek Country Club in Woodinville.
Baus was referring to the three settlement checks he received since December after he decided to turn the tables on telemarketers jamming up his cell phone and make them pay him. Baus is playing with TaylorMade clubs he bought with $3,100 in settlement money from telemarketers he accused of violating a federal law prohibiting unwanted, automated phone calls.
“It felt like a victory for the good guys, I guess,” Baus said of the money he received.
Baus is one of a growing number of private citizens who are taking matters into their own hands, fed up with the government’s weak and ineffective enforcement against telemarketers who violate federal law.
The Telephone Consumer Protection Act of 1991 (TCPA) allows penalties of $500 for each violation - $1,500 for willful violations - each time a company violates the national “Do Not Call” registry, uses automatic dialing systems, or pre-recorded messages in an illegal manner.
The federal government uses the law to target harassing telemarketers in rare cases. But more importantly, the TCPA allows citizens to file lawsuits against telemarketers who may make tens of thousands of automated calls on any given day.
“They're abusing a system… and we're putting the power back into the hands of the people who actually have the time and the will to enforce the laws as Congress intended,” said Doc Compton, a Texas-based credit expert who sold Baus a $47 online kit on how to make money off the calls.
Compton’s system is part of a network of private citizens and law practices that use a similar strategy under the TCPA.
The first step is often the most difficult one: Trying to identify the company that is behind the call.
Baus, who owns a software company, may spend hours of his day on the phone with telemarketers attempting to draw out that information. In one case, he bought a refundable car warranty just to get the contact information of a company that called his phone repeatedly.
“You buy the policy and you get the contact information of the marketing company,” explained Baus. “Then you have clear-cut evidence that it’s them.”
With that information in hand, it’s time for step two. Baus sent a legal “demand letter” to the company containing specific information about the dates and times they called his phone, citing the violations of the TCPA.
The letter offers to settle the case, usually for $1,250, or the telemarketer may face a lawsuit.
“It’s the cost of doing business for them,” said Baus, of the companies that decide to settle. “It’s just an advertising expense for them.”
But not all the violators are from shady companies that are based overseas.
Baus’s biggest payday came from Ziply Fiber, a major Northwest internet service provider that called him one day earlier this year with a pre-recorded message. He sent a demand letter to a Ziply executive explaining the call violated the TCPA and the company agreed to settle with him for $1,250.
“I thought that was the most money I’ve made in about 40 minutes in my life,” Baus chuckled.
Compton and Baus said the key to success is picking the right targets.
Pure scammers, like those claiming to be federal agents who will arrest you if you don’t send them money, are hard to find and would never settle. But many semi-legitimate companies that are based in the U.S. have robocall programs.
“Those are the ones you can go after,” explained Baus.
Ziply Fiber said the robocalls have stopped. A spokesperson blamed “…a subcontractor that did, in fact, make the robocall,” adding, “We immediately shut down their program.”
But not before Baus got his money.
JULY 28, 2021 - Who should sign calls authenticated with STIR/SHAKEN? It seems a simple question. But when you combine complex calling scenarios with current FCC rules, the answers aren’t so easy. Let’s have a look.
The problem can be described by first looking at a quick summary of the SHAKEN standards, then a brief review of the FCC SHAKEN rules.
ATIS SHAKEN documents
The ATIS standard for SHAKEN, ATIS-1000074.v002, says the Originating Service Provider (OSP) signs the call. The OSP is the “signing provider.” Their customer is placing the call. This is the simplest call scenario.
Figure 1. SHAKEN – Simple Scenario
But what about more complex customer-of-customer scenarios?
To provide standards-based guidance on the more complex customer-of-customer call scenarios, ATIS developed a technical report, ATIS-1000088, that describes a framework for SHAKEN attestation as described in ATIS-1000074.
Suppose the caller in the example above gets her telephone service from a Reseller or Value Added Service Provider (VASP) that is not authorized to sign calls with SHAKEN. Here’s an illustration.
Figure 2. SHAKEN Attestation — Reseller Cannot Sign
The SHAKEN standards were developed with an expectation that Resellers and VASPs won’t be able to sign calls. Therefore, ATIS-1000088 defined the signing provider, who is authorized by the Policy Administrator to do SHAKEN, as the OSP. The Reseller or VASP is the OSP’s customer. The person making the call is the end user.
ATIS-1000088 then goes into detail in describing how the OSP must know their customer, the Reseller/VASP, to justify a partial attestation. In turn, the customer (Reseller/VASP) must cooperate in this arrangement to let the OSP know that the end user is a legitimate user of the telephone number to justify a full attestation.
This is more complicated than expected. Well, at least ATIS-1000088 clearly defined the roles and provided guidelines.
Then the FCC issued SHAKEN rules that upended this framework.
FCC rules
In their Second Order on SHAKEN, the FCC provided two important determinations:
In November 2020, the STI Governance Authority changed eligibility for service provides to be approved by the STI Policy Administrator. Service providers no longer have to have access to numbering resources. Instead, they must register with the FCC Robocall Mitigation Database. This removed the FCC SHAKEN extension for service providers that cannot obtain a SHAKEN certificate.
This changed everything. The following illustration explains.
Figure 3. SHAKEN Attestation When the Reseller Can Sign
With the FCC SHAKEN rules and the STI-GA rule change, the roles have changed:
Downstream signers
There are many Resellers/VASPs that have arranged with a downstream provider to sign calls for them. We are aware of some Reseller/VASPs that have filed their certification in the Robocall Mitigation Database (RMD) asserting that they have done a Complete SHAKEN implementation.
These providers seem to be following the model described in Figure 2, above, where a Reseller/VASP cannot sign calls. They arrange with a downstream provider to sign their calls for them. However, according to the FCC rules, the Reseller/VASP should sign their calls, provided they have control over the necessary network infrastructure.
In some cases, the downstream provider signs calls with the upstream provider’s SHAKEN Service Provider Code and SHAKEN certificate. This seems to follow the FCC rules. The Reseller/VASP is acting as the OSP. They’ve outsourced the signing function to a downstream provider who signs on their behalf. To the Terminating Service Provider (TSP), such calls seem to have been signed by the Reseller/VASP.
In other cases, downstream providers are signing calls on behalf of upstream providers and using their own SPC and SHAKEN certificates to do so. We know this because the Reseller/VASP has not been approved by the Policy Administrator as a SHAKEN provider, yet they have filed their certification in the RMD as having done a Complete SHAKEN implementation.
Does this follow the rules laid out by the FCC in their Second Report and Order on SHAKEN? It doesn’t seem so. If one reads the SHAKEN standards up through ATIS-100088, it seems like a legitimate approach. But when you turn to the Second Report and Order and the STI-GA SHAKEN certificate criteria, then the wheels fall off.
It will be interesting to see how this develops.
Aug 8 2021 -- Florida Attorney General Ashley Moody today urged the Federal Communications Commission to fight back against the recent scourge of illegal robocalls by moving up the deadline for smaller telephone companies to implement caller ID technology. Attorney General Moody is joined by a bipartisan coalition of 51 attorneys general in submitting comments to the FCC.
Attorney General Ashley Moody said, “Throughout the COVID-19 pandemic, Floridians have been bombarded with countless robocalls—many of them scams attempting to gather sensitive information for nefarious purposes. It will take an all-hands-on-deck approach to stop these annoying, often illegal calls and that is why I am joining my colleagues from across the country in asking the FCC to take swift, decisive action in moving up the compliance deadline.”
Under the TRACED Act, which became law in 2019, phone companies are required to implement STIR/SHAKEN technology on the company networks. This caller ID authentication technology helps ensure that telephone calls are originating from verified numbers, not spoofed sources. The TRACED Act required large companies to implement the technology by June 2021. Under the Act, smaller phone companies are given an extension until June 2023.
However, some of the same smaller phone companies that are benefitting from this extension are also responsible for originating or facilitating high volumes of illegal robocalls that spam Americans and lead to financial or personal data loss. Without the STIR/SHAKEN technology in place, some smaller companies are failing to take necessary steps to minimize the continued onslaught of illegally spoofed robocalls that harm residents.
The coalition of attorneys general are asking the FCC to require these companies to implement the STIR/SHAKEN technology as soon as possible and no later than June 30, 2022.
Attorney General Moody is joined in submitting today’s comments by the attorneys general of Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, the District of Columbia, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin and Wyoming.
To read a copy of the comments, click here.
Today’s comments are the latest in a long list of actions taken by Attorney General Moody to combat illegal robocalls. In response to a rise of COVID-19 related robocalls, Attorney General Moody urged USTelecom and its Industry Traceback Group to further develop robocall traceback and other tools suited for law enforcement in an effort to improve enforcement against robocalls.
Telecommunications Service Providers (TSPs) offering and providing telecommunications services pursuant to the Telecommunications Act in Canada must, pursuant to an April 6, 2021 Canadian Radio-television and Telecommunications Commission (CRTC) decision (Decision):
1. File STIR/SHAKEN implementation readiness assessment reports (Assessment Reports) by August 31, 2021;
2. Implement STIR/SHAKEN to authenticate and verify caller identification information for Internet Protocol (IP)-based voice calls by November 30, 2021; and
3. Submit status reports every six months starting May 31, 2022.
TSPs must implement STIR/SHAKEN to authenticate and verify caller ID information for IP-based calls “on whatever IP portions of the network exist,” including any portion of a TSP’s network “able to initiate, transit, or terminate IP-based calls.”
In a related decision, the CRTC directed the Canadian Secure Token Governance Authority (CST-GA) to work with currently ineligible TSPs (without access to Canadian Numbering Administrator resources) to develop new eligibility requirements that only prevent “TSPs that cannot be trusted to maintain the integrity of the STIR/SHAKEN framework” from directly receiving Secure Telephone Identity (STI) Certificates, necessary for higher attestation levels, from the CST-GA.
If your company provides interconnected VoIP (“VoIP”) services and obtains telephone numbers directly from the North American Numbering Plan Administrator or Pooling Administrator (or is planning to), you will want to continue reading this Client Advisory. In the federal government’s ongoing campaign to reduce the scourge of illegal and unwanted robocalls flooding the phones of consumers and the customer service centers of businesses in the U.S., the Federal Communications Commission (“FCC”) has proposed rules that would make it more difficult for a VoIP service provider to qualify and obtain direct numbers in the first instance, and in the second, imposing additional regulatory compliance burdens once qualified and procuring direct numbers from the administrators.
Overview
On August 5, 2021, the FCC adopted a Further Notice of Proposed Rulemaking (“FNPRM”) that seeks comments on proposed changes to the rules that allow interconnected VoIP providers to obtain direct access to telephone numbers from the North American Numbering Plan Administrator (“NANPA”) or the Pooling Administrator.[1] Chief among the proposed changes is a requirement for the applicant to comply with anti-robocalling rules. Other proposed changes include establishing “guardrails” to protect limited numbering resources, creating safeguards against national security risks, decreasing the opportunity for regulatory arbitrage, and fostering public safety.
While Section 52.15(g) of the FCC’s rules, 47 C.F.R. § 52.15(g), already sets forth significant requirements for VoIP providers to obtain direct access to telephone numbers, the Commission’s experience with “nearly 150 VoIP direct access … applications” has found the existing rules to be deficient. FNPRM at ¶ 10. The existing rules do not require the applicant to submit:
Staff has, however, requested this information on selected applications. Id. It has also placed applications involving foreign ownership on a non-streamlined review track that has included national security review by United States Executive Agencies. Id. at ¶¶ 10, 23. Finally, the Commission notes that, recently, there have been challenges to applications based on charges that applicants have engaged in improper conduct with respect to intercarrier compensation, call routing and call blocking. Id. at ¶ 10.
In response to its experience with VoIP number access applications and in light of the continuing robocall problem, the FCC is proposing a number of changes to its rules and is seeking comments on them. The proposed changes come in six general areas: 1) required information for 52.15(g) applications; 2) additional review for applicants with foreign ownership; 3) a duty to update changes in ownership within 30 days of occurrence; 4) additional emphasis on the obligation of authorization holders to comply with state numbering rules; 5) new authority for the Wireline Competition Bureau to control the speed of application processing and to reject applications from those with bad records or prior robocall involvement; and 6) whether one-way VoIP providers should be able to obtain direct access to numbers.
Comments are due no later than 30 days after publication of the FNPRM in the Federal Register, with reply comments due 30 days after the comment filing deadline.
Details
The FNPRM makes numerous specific proposals and asks many questions. This advisory will not address all of them but rather, will highlight some key proposed changes.
52.15(g) Applications
The FCC proposes to require an applicant to:
Foreign Ownership
The Commission would make changes for applicants with foreign ownership, requiring:
Post-Grant Updates
The Commission seeks to require grantees to update certain information within 30 days of a change, including:
Compliance with State Law
The FCC would clarify with which state PUC requirements grantees must comply, including
Bureau Authority to Review Applications
The Commission would make a specific delegation of authority to review applications to the Wireline Competition Bureau for public interest issues. Besides traditional issues, such as concerns regarding illegal robocalling, arbitrage, and foreign ownership, the Bureau could hold up applications to review:
Also, the Commission seeks comments on whether and under what conditions, the Bureau can revoke a VoIP provider’s number access authority.
Expanding Direct Access to Numbering Resources
At the same time the FCC is proposing to tighten the rules for interconnected VoIP direct access to numbers, it is also seeking comments on whether one-way VoIP providers and other users of numbers (e.g., specialized platforms with a VoIP components) should also be eligible for direct access to telephone numbers. And, if such access were to be allowed, what conditions should be imposed on access and the likely effect of expanded access on robocalling and traceback efforts?
Commentary
Most of the proposed changes would simply codify the Commission’s existing practices for evaluating direct access applications. For example, unless an applicant volunteered its ownership information, 911 and CALEA compliance and Form 477 status, the staff has requested this information during processing and also held the application until information was provided. Similarly, the staff is already referring applications from VoIP providers with foreign ownership to the Executive Branch Executive Agencies for review.
Also, given the Commission’s broadly sweeping STIR/SHAKEN and RMP registration requirements, the proposals to require information about robocalling mitigation are not significant new burdens.
The significant changes are, in our view:
Today, the FCC has greatly limited state PUC authority over VoIP providers but there are several states that push the line by tying access to numbers with the imposition of more traditional LEC regulations. Unless the FCC clearly prescribes which state regulations are permissible, expect more state PUC efforts to regulate VoIP providers and, perhaps, even platform providers using VoIP.
A similarly open-ended proposal is the one that would require a VoIP provider to have minimum contacts with a state before it could obtain telephone numbers there. Would a provider need equipment in the state or employees? One of the beauties of the IP network is that service can be provided in many locations from a single location and encouraging market entry provides the competition needed to benefit consumers.
Extending direct access to telephone numbers to one-way or non-interconnected VoIP providers or, especially to platforms using VoIP, might provide those entities with better control over their use of telephone numbers. But it could also subject these operators and their services to new regulations. It seems logical to apply the same regulations to non-interconnected VoIP services that are applied to interconnected VoIP services if they receive the same number access authority. Of course, one could avoid any new regulations simply by not filing for direct access.
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer (effective May 6, 2021) and the private sector ecosystem), and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities. The potential blocking of your company’s voice (and other) traffic due to non-compliance is very real, and very scary. Your company must be certain it achieves sufficient comfort knowing that it is doing everything it can, as efficiently and intelligently as it can, to achieve the level of compliance needed to avoid sleepless nights as the June 30, 2021 deadline approaches.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ron Quirk – Tel: (703) 714-1305 / E-mail: req@CommLawGroup.com
[1] Most VoIP providers obtain telephone numbers from Local Exchange Carriers (“LECs”) but, in 2015, the Commission allowed VoIP providers meeting FCC requirements to obtain direct access to numbers from the NANPA or the Pooling Administrator. Numbering Policies for Modern Communications, Report and Order, 30 FCC Rcd 6839 (2015) (“VoIP Direct Access Order”), appeal dismissed, NARUC v. FCC, 851 F.3d 1324 (D.C. Cir. 2017).
August 18, 2021 - The STIR/SHAKEN implementation deadline has passed, but the fight against illegal robocalls is far from over. At the August Open Meeting, the FCC adopted two items which would refine the FCC’s processes and adopt new tools to fight illegal robocalls.
First, the FCC adopted a Report & Order that establishes a process for appeals to the FCC of the private Governance Authority’s decision to revoke a voice service provider’s STIR/SHAKEN Service Provider Code (“SPC”). The FCC’s rules require voice service providers to implement and participate in the STIR/SHAKEN caller ID authentication framework, and to do this voice service providers must obtain an SPC token. To guard against bad actors and preserve trust within the caller ID authentication system, the Governance Authority that oversees the STIR/SHAKEN framework may revoke a voice service provider’s SPC token. Because this revocation process enables the Governance Authority to make decisions that would render voice service providers noncompliant with the FCC’s rules, the FCC adopted a process for review of those revocation decisions by the Governance Authority. After the Wireline Competition Bureau’s (“Bureau”) initial decision, voice service providers may appeal to the full Commission.
Voice service providers aggrieved by a Governance Authority revocation decision may file a request for review to the FCC within 60 days after completing the Governance Authority appeal process. The Commission would allow third parties to participate in the proceeding, but only to file oppositions and replies.
The FCC had originally declined to adopt a timeline for its review, but it ultimately adopted a 180-day shot clock in the final Report & Order based on comments received in the record and at the request of several Commissioners. The shot clock will begin when a voice service provider files an application for review in the Electronic Comment Filing System, and the Bureau will have discretion to pause the 180-day review period when actions outside its control delay its review.
Although voice service providers judged to be in violation of federal law related to caller ID authentication will lose their SPC tokens, and therefore will not be able to participate in STIR/SHAKEN, throughout the Commission’s review period, a voice service provider will not be considered in violation of the Commission’s STIR/SHAKEN rules as a result of the initial revocation decision.
Also at the August Open Meeting, the FCC adopted a Further Notice of Proposed Rulemaking (“FNPRM”) on Voice over Internet Protocol (“VoIP”) numbering policy. In 2015, the Commission decided to allow interconnected VoIP providers to obtain numbers for customers directly from the Numbering Administrator – rather than relying on a carrier partner. Although most VoIP service providers are legitimate businesses that have adopted many robocall blocking tools and procedures in good faith, the Commission has found that most illegal robocalls are perpetuated by a small number of VoIP providers acting in bad faith. With this FNPRM, the Commission proposes to adopt guardrails that limit interconnected VoIP providers’ ability to obtain phone numbers for customers directly from the Numbering Administrator. Applicants for direct access to numbers would be required to make a number of certifications, including certifying that they will use those numbering resources lawfully; will not assist or facilitate illegal robocalling, spoofing, or fraud; and will take reasonable steps to cease the origination, termination, or transmission of any illegal robocalls once discovered. Applicants would also be required to certify that they will cooperate with the Commission, law enforcement, other regulatory agencies, and the private industry-led traceback consortium regarding efforts to mitigate harmful and illegal robocalling and spoofing. Other requirements for applicants would include filing in the Robocall Mitigation Database that they have either fully implemented STIR/SHAKEN or a robocall mitigation plan for all calls for which they act as a voice service provider. Applicants would be required to inform the FCC if they are under investigation over the insufficiency of their robocall mitigation program.
Notably, the Commission would propose to require applicants for direct access authorization to disclose certain information about all foreign owners (persons or entities) with at least 10% of the equity or voting interest in the applicant company, as well as foreign affiliations over the same threshold. It would also propose to refer any application with reportable foreign ownership – 10% direct or indirect ownership by any non-U.S. citizen or business – to the Executive Branch agencies for their review.
The Commission would propose to delegate authority for reviewing direct access applications to the Wireline Competition Bureau. The Bureau would have the right to revoke authorization for (i) failure to comply with any applicable law; (ii) where a provider no longer meets the qualifications that originally provided the basis for the grant of direct access to numbers; or (iii) where the authorization no longer serves the public interest.
The National Association of Attorneys General (“NAAG”) sent a comment letter to the Federal Communications Commission (“FCC”) in support of the FTC’s Third Further Notice of Proposed Rulemaking under the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (“TRACED Act”), urging the FCC to move up the deadline for certain smaller telephone companies to implement mandated anti-robocall ID technology.
August 23, 2021 Starting September 28, 2021, FCC rules prohibit intermediate and terminating voice service providers from accepting calls with U.S. calling numbers directly from any voice service provider that does not appear in the Robocall Mitigation Database (RMD). Are you ready to implement this? Here’s how.
FCC rules
These rules appear in the Commission’s Second Report and Order on SHAKEN, Docket WC 17-97, paragraphs 86-94. The rules apply to the following calls:
Have a U.S. NANP calling number
Are received directly from an unregistered provider
Includes calls received directly from foreign service providers, for example, international wholesale providers.
Here’s the exact rule:
"We prohibit intermediate providers and terminating voice service providers from accepting voice traffic directly from any voice service provider that does not appear in the database, including a foreign voice service provider that uses NANP resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States."
— Second Report and Order, paragraph 86
Notice that the registration requirement does not apply to the Originating Service Provider. It applies to the next upstream provider with whom the intermediate or terminating provider has a direct connection.
Compliance process
While we don’t provide either legal or regulatory compliance advice, we can describe the general shape of a process to comply with this rule:
Make a list of upstream service providers from whom you receive voice traffic directly, i.e., inbound trunks.
Look up these providers in the Robocall Mitigation Database.
Click View Database.
For each upstream provider, type the provider’s name in the Keyword Search box in the upper right of the browser window.
Check that each upstream provider appears in the results. Note: you can click a provider row to see more information about their RMD filing. This will help you confirm that you’ve found the correct one.
Notice that this is an administrative process. You aren’t programming your network systems to check RMD status on calls as they enter your network. You’re just making sure that your inbound trunks represent registered providers.
We recommend that you start this review process sooner rather than later. This will help you identify any potential issues with upstream providers. You may wish to contact any unregistered upstream providers to understand what they’re doing about this.
This review does not end after September 28. You should perform this review periodically to make sure the providers from whom you receive calls are still in the RMD.
Louisiana has declared an emergency that prohibits unsolicited telemarketing calls into the state effective Sunday, August 29, 2021, at 4:00 AM PT.
In response to the state declaration of emergency in preparation for Tropical Storm/Hurricane IDA, the Louisiana Public Service Commission has been required to report to the Emergency Operations Center (“GOHSEP”), and a mandatory prohibition on solicitation has been ordered.
More from our friends at DNC.com on this here.
Thursday, August 26, 2021 -- This week the Federal Communications Commission (FCC) proposed its highest financial penalty against lobbyist and political consultant group, John M. Burkman, Jacob Alexander Wohl, and J.M. Burkman & Associates LLC (the Group), for allegedly making over 1,000 robocalls to voters without obtaining prior express consent as required by the Telephone Consumer Protection Act (TCPA). The FCC has suggested a $5,134,500 penalty for these calls.
The FCC was first made aware of these robocalls in September 2020. According to the FCC, the Group made these calls in August and September of last year explaining to voters that if they vote by mail their “personal information will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts.”. The FCC also said that the messages did identify Burkman and Wohl by name and listed Burkman’s personal cellphone number as the calling party on the recipients’ caller ID.
In 2019, the TCPA was amended by the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act to not require the FCC to warn robocallers before violations could be counted toward a proposed fine. The action against this Group is the first one that the FCC has taken against an entity in line with that amendment.
The FCC said that by making these pre-recorded calls to voters without the consent of the individuals receiving the call is a TCPA violation regardless of the content of the calls. The Group also faces pending litigation related to the same claims.
href="https://commlawgroup.com/author/jonathan-marashlian/" >By Jonathan Marashlian
Telecommunications Service Providers (TSPs) offering and providing telecommunications services pursuant to the Telecommunications Act in Canada must, pursuant to an April 6, 2021 Canadian Radio-television and Telecommunications Commission (CRTC) decision (Decision):
TSPs must implement STIR/SHAKEN to authenticate and verify caller ID information for IP-based calls “on whatever IP portions of the network exist,” including any portion of a TSP’s network “able to initiate, transit, or terminate IP-based calls.”
In a related decision, the CRTC directed the Canadian Secure Token Governance Authority (CST-GA) to work with currently ineligible TSPs (without access to Canadian Numbering Administrator resources) to develop new eligibility requirements that only prevent “TSPs that cannot be trusted to maintain the integrity of the STIR/SHAKEN framework” from directly receiving Secure Telephone Identity (STI) Certificates, necessary for higher attestation levels, from the CST-GA.
If you have questions about the applicability of the CRTC’s STIR/SHAKEN requirements, need assistance with Assessment Reports or status reports, wish to be involved in developing STI Certificate eligibility, or have other CRTC compliance questions, please reach out to Ivan Zajicek at 703-714-1310 or isz@commlawgroup.com.
STIR/SHAKEN IMPLEMENTATION FOR INTERNET PROTOCOL-BASED VOICE CALLS
THE COMMISSION DIRECTS TELECOMMUNICATIONS SERVICE PROVIDERS (TSPS) TO IMPLEMENT STIR/SHAKEN TO AUTHENTICATE AND VERIFY CALLER IDENTIFICATION (ID) INFORMATION FOR INTERNET PROTOCOL (IP)-BASED VOICE CALLS AS A CONDITION OF OFFERING AND PROVIDING TELECOMMUNICATIONS SERVICES, EFFECTIVE 30 NOVEMBER 2021. IN ADDITION, THE COMMISSION DIRECTS TSPS TO FILE STIR/SHAKEN IMPLEMENTATION READINESS ASSESSMENT REPORTS BY 31 AUGUST 2021 AND TO ADD CERTAIN DETAILS TO THOSE REPORTS.
BACKGROUND
In Compliance and Enforcement and Telecom Notice of Consultation 2019-404 (the Notice), the Commission issued a call for comments on its proposal to require Canadian carriers and other telecommunications service providers that provide voice telecommunications services in Canada (collectively, TSPs) to implement STIR/SHAKENFootnote1 to authenticate and verify caller identification (ID) information for Internet Protocol (IP)-based voice calls as a condition of offering and providing telecommunications services pursuant to sections 24 and 24.1 of the Telecommunications Act (the Act), effective 30 September 2020.
The Commission had previously determined in Compliance and Enforcement and Telecom Decision 2018-32 that TSPs should implement measures to authenticate and verify caller ID information for IP-based voice calls. The deadline, which the Commission has extended twice, is now 30 June 2021, as set out in Compliance and Enforcement and Telecom Decision 2019-402-2.
In Compliance and Enforcement and Telecom Decision 2019-403, the Commission approved the Canadian telecommunications industry’s proposal to establish the Canadian Secure Token Governance Authority (CSTGA) as the Governance Authority as part of the deployment of STIR/SHAKEN. The CSTGA is tasked, among other things, with the selection of the Policy Administrator (PA) and Certificate Authority (CA), which are necessary for the implementation of STIR/SHAKEN.
The Commission received interventions in response to the Notice from Mr. Marc Nanni; Bell Canada; Bragg Communications Incorporated, carrying on business as Eastlink (Eastlink); the Canadian Communication Systems Alliance (CCSA); Competitive Network Operators of Canada (CNOC); the Canadian Voice Peering Project; Cogeco Communications inc. (Cogeco); the Independent Telecommunications Providers Association (ITPA); the Internet Society Canada Chapter (ISCC); Quebecor Media Inc., on behalf of Videotron Ltd. (Videotron); Rogers Communications Canada Inc. (RCCI); Saskatchewan Telecommunications (SaskTel); Shaw Communications Inc. (Shaw); TELUS Communications Inc. (TCI); and Xplornet Communications Inc.Footnote2
Issues
The Commission has identified the following issues to be addressed in this decision:
Should the implementation of STIR/SHAKEN be imposed on TSPs as a condition of offering and providing telecommunications services?
If the implementation of STIR/SHAKEN is imposed on TSPs as a condition of offering and providing telecommunications services, when should the requirement to implement STIR/SHAKEN become effective?
Other matters
Should the implementation of STIR/SHAKEN be imposed as a condition of offering and providing telecommunications services?
Positions of parties
Bell Canada, CNOC, Cogeco, RCCI, SaskTel, Shaw, TCI, and Videotron, did not object to mandating that TSPs implement STIR/SHAKEN as a condition of offering and providing telecommunications services (hereafter, condition of service).
Bell Canada added that the condition of service should apply symmetrically to all TSPs, with the exception of TSPs that do not issue their own telephone numbers, which should be exempt. Bell Canada submitted, however, that there should be a process for TSPs to petition the CSTGA or another relevant authority to request an exemption from the condition of service for reasons and criteria determined by relevant authorities and/or the Commission. Conversely, Cogeco, RCCI, and Shaw argued that STIR/SHAKEN must be deployed by all TSPs in Canada, no matter their size. In RCCI’s view, widespread adoption is critical, and if some carriers are not required to implement STIR/SHAKEN, it will greatly erode the benefits sought.
Although they agreed that STIR/SHAKEN will have value in addressing caller ID spoofing, the CCSA and the ITPA disagreed with the idea of making STIR/SHAKEN implementation a condition of service. The ITPA expressed concern that STIR/SHAKEN implementation would be overly burdensome for smaller TSPs as a result of (i) the number of resources required and the cost of implementation, especially considering that there will be no corresponding retail revenue streams; (ii) the lack of control that smaller TSPs have over hardware and software availability; and (iii) the requirements for establishing IP interconnections with bigger TSPs. Given that its members are still mostly connected through time-division multiplexing interconnection with bigger TSPs, the ITPA pointed out that only a very small portion of ITPA members’ voice traffic would be able to carry STIR/SHAKEN authentication.
Therefore, the ITPA concluded that expending scarce capital resources on a service that will, at present, apply only to extremely low traffic volumes and few interconnecting circuits would be a heavy-handed approach. The ITPA added that given the potentially severe consequences, such an approach would not be a proportionate regulatory measure and would violate subparagraph 1(a)(ii) of the 2006 Policy Direction,Footnote3 which states that the Commission should, when relying on regulation, use measures that are efficient and proportionate to their purpose and that interfere with the operation of competitive market forces to the minimum extent necessary to meet the policy objectives. The CCSA and Eastlink raised similar concerns, and the CCSA specifically supported the ITPA’s position. The ITPA submitted, in the alternative, that if the Commission decides to reiterate its expectation that the industry should implement STIR/SHAKEN, then the Commission should only require that small TSPs do so when the majority of their traffic is IP-based and routed over IP interconnecting trunks.
Shaw submitted that the Commission should adopt a phased approach by, for example, first placing a requirement on TSPs to integrate with and test against the PA. Then, in a subsequent decision, the Commission could require TSPs to activate STIR/SHAKEN on their Session Initiated Protocol (SIP) links with other TSPs. Similarly, SaskTel submitted that the Commission should supervise the development and implementation of STIR/SHAKEN by issuing various decisions rather than imposing a general requirement by condition of service. SaskTel argued that this will allow the Commission to render decisions on specific issues as they arise. The ITPA supported SaskTel’s position.
Commission’s analysis and determinations
The intervener TSPs, even those that rejected the proposal described in paragraph 1, supported the implementation of STIR/SHAKEN per se. The concerns raised are related to the mechanism for requiring TSPs to implement STIR/SHAKEN and the scope and extent of such a requirement.
Regarding whether an obligation to implement STIR/SHAKEN should apply to the same extent to all TSPs, for STIR/SHAKEN to work effectively and achieve its purpose, it must be implemented across all IP-based networks. Excluding some TSPs from the obligation to implement STIR/SHAKEN, or delaying their obligation to implement it, would undermine the effectiveness of the system. Further, delaying the implementation of STIR/SHAKEN until a TSP’s entire network is IP-based, or until the networks of all TSPs are IP-based, could have the unacceptable result of precluding Canadians from having the tools to verify the authenticity of calls for years, if not decades. Implementing the framework on whatever IP portions of the network exist at least provides some level of protection with respect to calls that travel over those portions of a TSP’s network. Furthermore, the Commission notes that the burden on a TSP is not necessarily related to the size of a TSP. The resources required to purchase and install the software and equipment in order to implement STIR/SHAKEN will, in large part, depend on the extent to which a TSP’s network is IP-based.
The Commission therefore concludes that the burden imposed on all TSPs, and in particular smaller TSPs, of upgrading the IP portion of their networks to enable them to implement STIR/SHAKEN is outweighed by the important and ever more urgent objective of ensuring an effective authentication and verification caller ID system in order to reduce the harm caused by nuisance calls.
In light of the above, the Commission determines that all TSPs must be able to authenticate and verify caller ID information using the STIR/SHAKEN framework for IP-based calls in order to provide the necessary protection to called parties. Further, the Commission determines that it is appropriate to invoke its powers pursuant to sections 24 and 24.1 of the Act as the mechanism for imposing the requirement on TSPs to implement STIR/SHAKEN as a condition of offering and providing telecommunications services.
If the implementation of STIR/SHAKEN is imposed as a condition of offering and providing telecommunications services, when should the requirement to implement STIR/SHAKEN become effective?
Positions of parties
Bell Canada, CCSA, CNOC, Cogeco, Eastlink, RCCI, SaskTel, Shaw, TCI, and Videotron objected to the 30 September 2020 implementation date, which the Commission has since extended, on the basis that this date was not achievable. These interveners argued that the condition of service should not take effect until the STIR/SHAKEN framework is developed, implemented, and operationalized in TSPs’ networks. Further, they submitted that STIR/SHAKEN is an extremely complex project that requires an extensive core network build and individual TSP-to-TSP testing. They also submitted that the STIR/SHAKEN technical and operational framework is still being developed, and that a number of issues must still be resolved, including the development of interface standards with the CSTGA, PA, and CA; handset display standards; and attestation rules. Without handsets that can display the authentication, STIR/SHAKEN cannot fulfill its purpose. RCCI and SaskTel suggested that the Commission use the CRTC Interconnection Steering Committee (CISC) in the development of technical or procedural solutions. Videotron submitted that a national campaign would be required to educate telecommunications service end-users about the authentication system and how it works.
Bell Canada also proposed, if no other arrangement is made, a coming into force date of 1 July 2022 for STIR/SHAKEN, arguing that the condition of service should not come into force until the following conditions are met:
TSPs have received, lab and field tested, and operationalized the software upgrades necessary to enable IP switching and routing equipment to transmit STIR/SHAKEN tokens.
Stakeholders have had a reasonable amount of time to attempt to negotiate and agree upon common and universally applicable Canadian attestation best practices and token display rules.
The Commission-approved governance ecosystem (i.e. the CSTGA, the PA, and the CA) has been fully put in place and is operational and issuing certificates. TSPs have then had at least three months to fully integrate their networks, with CAs facilitating the seamless issuance of tokens from CAs to certified TSPs.
CNOC and the ISCC suggested that the Commission should refrain at this point in time from imposing a firm date for the deployment of STIR/SHAKEN. Eastlink proposed a staged implementation, beginning with only the largest telephone companies in the country. As stated above, the ITPA adopted a similar position, indicating that smaller TSPs should only be required to implement STIR/SHAKEN when the majority of their traffic is IP-based and interconnected with bigger TSPs through IP-based interconnections.
Commission’s analysis and determinations
Since the close of this proceeding, many of the issues raised by the interveners have either been resolved, or significant progress toward resolving them has been made. In addition to the Commission’s latest approval of a nine-month extension of the implementation deadline to 30 June 2021, key developments include the following:
The establishment of the CSTGA and selection of the CA, and the resulting functioning of the CSTGA since 30 September 2020.
The testing of equipment and software by some TSPs.
The use by some TSPs of STIR/SHAKEN to authenticate calls within their IP voice networks.
Progress in negotiations regarding the development of standards and best practices, and the imminent filing of an interim report from the CISC Network Working Group.
Increased availability of vendor equipment, software, and compatible phones.
However, some technical and policy issues have yet to be resolved, which will likely preclude a complete deployment of the STIR/SHAKEN framework by 30 June 2021.
Further, pursuant to Compliance and Enforcement and Telecom Decisions 2019-402 and 2019-402-1, TSPs are required to submit a report providing a short overview of STIR/SHAKEN implementation (referred to hereafter as the implementation readiness assessment report), within two months of the implementation date. Given the approved extension of the implementation date to 30 June 2021, this report is now due by 31 August 2021.
The Commission considers that TSPs should have a reasonable amount of time following the filing of the implementation readiness assessment report before the requirement imposed under sections 24 and 24.1 of the Act becomes effective, to allow for the resolution of technical and policy-related issues, including those that may be identified in the report, and to finalize the integration of STIR/SHAKEN capability. To that end, the Commission considers that a 90-day period following the deadline for submitting the implementation readiness assessment report would be appropriate.
In light of all of the above, pursuant to sections 24 and 24.1 of the Act, the Commission directs that, as a condition of offering and providing telecommunications services, TSPs must implement STIR/SHAKEN in order to authenticate and validate IP-based voice calls, effective 30 November 2021.
In addition, the Commission directs TSPs to submit an implementation readiness assessment report, including the information set out in Appendix 1 of this decision, by 31 August 2021. The Commission also directs TSPs to provide to the Commission, every six months, starting 31 May 2022 and continuing until the Commission decides otherwise, a status report containing the information set out in Appendix 2 to this decision.
Other matters
Clarification regarding the condition of service
Positions of parties
The ITPA submitted that a condition of service should apply on a carrier-by-carrier basis and only for those aspects of a carrier’s operations that are solely under the control of that carrier. Further, a condition of service should only apply to IP-based voice calls. The ITPA thus proposed to define “IP-based voice call” as a call that is SIP-based from the end-point of origination (i.e. the handset) all the way to the end-point of termination (i.e. the handset), including any networks used to transit between origination and termination.
Bell Canada also submitted that the condition of service should be clarified to specify that STIR/SHAKEN applies only to (i) IP voice calls that are SIP-based end-to-end, and (ii) voice calls made to devices, or other customer equipment, that are able to receive and transmit STIR/SHAKEN attributes, as defined and approved by applicable authorities.
Commission’s analysis and determinations
The Commission’s determinations to date have clearly provided that the obligation on TSPs to implement STIR/SHAKEN applies only to IP-based voice calls. That is to say, it applies to calls that travel over a TSP’s IP-based network, including any portion of its network that is able to initiate, transit, or terminate IP-based calls. The Commission did not limit this obligation to IP-based end-to-end calls made to handsets or other devices that are able to receive and transmit STIR/SHAKEN attributes.
The specific authentication and verification information that TSPs must transmit under various circumstances is still being clarified as the STIR/SHAKEN guidelines continue to be developed. Once these guidelines are finalized, the Commission can provide further guidance as required.
Access to the STIR/SHAKEN framework to authenticate calls
Positions of parties
Cogeco and the ISCC submitted that, should the CSTGA allow only TSPs that have numbering resources to obtain a certificate, other types of TSPs, such as resellers, would be at a commercial disadvantage given that the underlying service provider will have to provide a low level of attestation to calls originating from non-participant TSPs.
Commission’s analysis and determinations
The Commission notes that since the filing of these comments the CSTGA has published the eligibility conditions on its website. These conditions establish that a TSP must have access to numbering resources in order to receive a certificate, with the result that some of the TSPs that are required to implement STIR/SHAKEN cannot have access to certificates.
In response to the establishment of these conditions, a Part 1 application was filed on 21 December 2020 requesting that the Commission instruct the CSTGA to allow all TSPs to be able to implement STIR/SHAKEN by receiving certificates directly from the CA. Accordingly, the Commission will address the issue of access by TSPs to certificates in the context of its determinations in the aforementioned application.
Policy Directions
The 2006 Policy Direction and the 2019 Policy DirectionFootnote4 (collectively the Policy Directions) state that the Commission, in exercising its powers and performing its duties under the Act, shall implement the policy objectives set out in section 7 of the Act in accordance with the considerations set out therein, and should specify how its decisions can, as applicable, promote competition, affordability, consumer interests, and innovation.
The Commission’s decision to require TSPs to authenticate and verify IP-based voice calls using the STIR/SHAKEN framework serves to protect Canadians from the harms of nuisance calls and advances the policy objectives set out in paragraphs 7(a), (b), (f), (g), (h), and (i) of the Act. The implementation of STIR/SHAKEN will be an efficient and effective means to providing consumers with a tool to identify the level of trustworthiness of a call. This tool will empower consumers to take the appropriate actions in responding to incoming calls. Furthermore, the measures imposed in this decision are symmetrical and competitively neutral given that they apply equally to all TSPs.
Accordingly, the Commission considers that its decision is consistent with the Policy Directions.
Secretary General
Related documents
Call for comments – Authentication/verification measures for caller identification for IP-based voice calls – Implementation of STIR/SHAKEN framework, Compliance and Enforcement and Telecom Notice of Consultation CRTC 2019-404, 9 December 2019
Establishment of the Canadian Secure Token Governance Authority, Compliance and Enforcement and Telecom Decision CRTC 2019-403, 9 December 2019
CISC Network Working Group – Status of implementation by telecommunications service providers of authentication/verification measures for caller identification, Compliance and Enforcement and Telecom Decision CRTC 2019-402, 9 December 2019; as amended by Compliance and Enforcement and Telecom Decisions CRTC 2019-402-1, 13 December 2019; and 2019-402-2, 15 September 2020
Measures to reduce caller identification spoofing and to determine the origins of nuisance calls, Compliance and Enforcement and Telecom Decision CRTC 2018-32, 25 January 2018; as amended by Compliance and Enforcement and Telecom Decisions CRTC 2018-32-1, 24 October 2018; and 2018-32-2, 18 December 2018
Appendix 1 to Compliance and Enforcement and Telecom Decision 2021-123
TSPs must submit an implementation readiness assessment report to the Commission no later than 31 August 2021, describing the state of implementation of STIR/SHAKEN as of 30 June 2021.
The implementation readiness assessment report must include the following information:
statistics identifying
the percentage of authentication/verification-enabled trunks used for IP voice traffic in relation to the total number of voice trunks,
the percentage by month of the number of authenticated/verified voice calls in relation to the total number of voice calls, and
tracking by level of authentication (e.g. trusted, partial trust, no trust) for calls delivered to customers;
the status and result of TSPs’ STIR/SHAKEN implementation readiness, specifically
whether the STIR/SHAKEN authentication uses an analytic engine or whether the Verstat parameter is sent to the end-user;
a brief description of the TSP’s IP voice network capacity to
perform complete intra-network STIR/SHAKEN-compliant calls,
authenticate and transmit the authentication information to the next TSP in the call path when originating a call,
receive and verify the caller ID information when terminating a call,
send the Verstat parameter to wireless and landline end-users when an analytic engine is not used,
transmit the STIR/SHAKEN information when transiting a call received on an IP interconnection from an upstream TSP and sent on an IP interconnection to a downstream TSP,
authenticate unsigned calls received from an upstream TSP that either terminate on the TSP’s IP network or are sent to a downstream TSP through an IP interconnection,
handle diverted calls,
handle toll-free calls,
handle emergency calls, and
handle legitimate spoofed calls;
a brief description of the status of the TSP’s IP interconnection with other TSPs, including network-to-network interface and user-to-network interface interconnections;
a brief description of the solution adopted to handle enterprise clients; and
the status and results of equipment testing and participation in those tests;
information regarding the state of the standards, specifically:
the status of authentication/verification standards and their subordinate standards, as well as any other related standards; and
identification of Canadian-specific requirements and the efforts that are being made to incorporate these requirements into the appropriate standards.
Appendix 2 to Compliance and Enforcement and Telecom Decision 2021-123
TSPs must also provide to the Commission, every six months, starting 31 May 2022 and continuing until the Commission decides otherwise, a status report on their continuing efforts to deploy STIR/SHAKEN. These reports are due to the Commission on the last days of May and November, covering the period from the first day of September to the last day of February (for the May report) and from the first day of March to the last day of August (for the November report).
Those status reports must provide details on any changes in network capability in relation to the information that was provided in the implementation readiness assessment report and described in Appendix 1.
Footnotes
Footnote 1
STIR stands for Secure Telephone Identity Revisited. SHAKEN stands for Signature-based Handling of Asserted Information using toKENs. It is a suite of protocols and procedures intended to combat caller identification (ID) spoofing by providing authentication and verification of caller ID information.
Return to footnote1referrer
Footnote 2
Two additional individuals also filed submissions on the record of this proceeding, but they did not comment on the issue raised in Compliance and Enforcement and Telecom Notice of Consultation 2019-404.
Return to footnote2referrer
Footnote 3
Order Issuing a Direction to the CRTC on Implementing the Canadian Telecommunications Policy Objectives, SOR/2006-355, 14 December 2006
Return to footnote3referrer
Footnote 4
Order Issuing a Direction to the CRTC on Implementing the Canadian Telecommunications Policy Objectives to Promote Competition, Affordability, Consumer Interests and Innovation, SOR/2019-227, 17 June 2019
You start a business. You create an LLC. That’s supposed to protect you from personal liability for the activities of your business, right?
Not when it comes to the TCPA.
As I’ve reported over and over again, the Court’s have zero trouble holding CEOs and other officers of companies directly liable for corporate conduct in TCPA suits. Even low level employees who are just following instructions can be held personally liable under the TCPA’s strict liability rules.
Its the most unfair rule in the entire legal world.
But that’s all old news. Here’s the new news.
In a new case out yesterday a court just held that a CEO can be personally named in a TCPA suit based on allegations that the company is a small company (two employees) so the CEO must have been involved in sending the allegedly illegal messages.
Yep. That’s it.
Notably the Plaintiff didn’t even name the company in the suit. Just went directly after the CEO.
So basically the door is now open to directly sue the CEO of any small company for any TCPA violation.
Got it. Totally the way the law is supposed to work.
If you’re a small business owner or a start up operator please please do not assume that any level of corporate formality will keep you safe from the TCPA. These cases do NOT require piercing the corporate veil. These guys can come directly after you merely because you were “involved” with the allegedly illegal conduct–even if your sole involvement was mandated by your role and responsibilities in the business.
Its nuts.
by Eric Troutman
Sept 1, 2021 - Robocalls in the U.S. were down about 8% in August, according to the YouMail Robocall Index. Is this a trend, or a blip?
Is this because of SHAKEN, or something else?
We’ve been keeping track of SHAKEN statistics since April 2021. The percentage of calls received that were signed with SHAKEN has been steadily growing. It’s up again in August.
Good news: SHAKEN participation is growing. Bad news: it’s still a small proportion of calls.
However, SHAKEN doesn’t prevent robocalls by itself. It helps combat caller ID spoofing, a tactic used with unlawful robocalls.
We take an optimistic view of this data. SHAKEN helps call analytics be used more effectively. SHAKEN usage is up. It’s reasonable to attribute some portion of the drop in robocalls to better analytics.
There’s more to do
Robocall prevention will get a boost in effectiveness as other SHAKEN capabilities are deployed in widespread use.
September 29, 2021 The Federal Communications Commission (FCC) required voice service providers (VSPs) to implement STIR/SHAKEN by June 30, 2021 on internet protocol (IP) portions of their network and file certifications on implementation status with the FCC via the Robocall Mitigation Database (RMD) by September 28, 2021 to avoid having their calls blocked.
Subsequently, the FCC exempted small VSPs from STIR/SHAKEN implementation until June 30, 2023 (but is formally considering shortening the exemption period). However, small VSPs must still file robocall mitigation plans (RMPs) in the RMD by September 28, 2021.
The FCC Wireline Competition Bureau issued carriers a reminder today to block calls from all carriers (including small VSPs) not listed in the RMD as of September 28, 2021 and provided an email subscription service to “ease compliance” with the call blocking obligation by providing a weekly update on RMD updates. The weekly update (sent Tuesdays at 11am for the preceding seven days) could result in calls blocked by carriers that choose not to manually review the RMD for updates. Any carrier submitting an RMP into the RMD as of today should work with counsel to ensure that terminating VSPs and intermediate providers are immediately notified to reduce or eliminate service disruptions and call blocking.
If you have not yet filed an RMP, the time is now!
Contact Prescott-Martini now to assist with filing your RMP as soon as possible and taking proactive steps to ensure your traffic is not blocked and disruptions are minimized or eliminated.
SEPTEMBER 22, 2021 - The FCC Second Report and Order says intermediate and terminating service providers should not accept traffic directly from unregistered voice service providers. Seems simple enough, but there are some serious complications hidden beneath the surface. Let’s have a look.
Second Report and Order
There are a few important pieces to this puzzle, and we must put them on the table before we can make sense of it.
First, here’s the important statement from paragraph 86 of the Second Report and Order on SHAKEN:
We prohibit intermediate providers and terminating voice service providers from accepting voice traffic directly from any voice service provider that does not appear in the database, including a foreign voice service provider that uses NANP resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States.
For this discussion, let’s call this the unregistered provider rule.
Definitions
There are some important terms in this rule:
Directly: The rule only applies to the next upstream voice service provider, not providers several hops back toward origination.
Voice service: The TRACED Act and subsequent FCC orders defined voice service as “a service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user.”
Notice the end user part. That’s important. If the service isn’t to and end user, then it isn’t a voice service, and the entity that delivered that service isn’t a voice service provider. In this context, an intermediate provider is not a voice service provider.
Voice service provider: a provider of voice service.
There’s one more term we must grapple with: call-by-call basis. This means that the rules apply based upon the provider’s role for a particular call. A provider isn’t always a voice service provider or always an intermediate provider. It depends on what they’re doing for a particular call.
We have the puzzle pieces we need. Now, let’s try to put this together.
Scenarios
Let’s use a simple illustration to show how these rules and definitions are applied.
Call Path with Four Providers
In this illustration, we have four providers: an Originating Service Provider (OSP) and a Terminating Service Provider (TSP), separated by two intermediate providers.
In this scenario, only the OSP and TSP are providing voice service to end users. Therefore, only the OSP and TSP are voice service providers.
Provider 2, an intermediate provider, receives the call directly from the OSP. Therefore, the unregistered provider rule is in effect with intermediate provider 2. If the OSP does not have a registration in the Robocall Mitigation Database (RMD), then intermediate 2 must refuse the call.
If the OSP is unregistered, then the call should never make it to providers 3 and 4. But even if it did, the unregistered provider rule would not be in effect for providers 3 and 4, because neither provider would have received the call directly from a voice service provider. Providers 3 and 4 would have received the call from an intermediate provider, which does not serve an end user.
On second thought, this rule isn’t so simple. But wait, it gets better.
Complications
Remember the call-by-call basis rule? This is important, because a provider might act as an intermediate for some calls and as an OSP for other calls.
Suppose that provider 2 also originates some calls for its end user customers. It also sends these calls downstream to provider 3. For some calls, provider 2 was the OSP; for others, it was an intermediate.
The unregistered provider rule only applies to those calls for which provider 2 was the OSP. It does not apply to calls for which provider 2 was an intermediate.
If provider 2 does not have a registration in the RMD, then provider 3 must not accept calls for which provider 2 was the OSP. However, provider 3 is not required to refuse calls for which provider 2 was an intermediate.
How is provider 3 supposed to know which calls from provider 2 are subject to the unregistered provider rule?
The Commission asks for comment
The FCC recently issued their Fifth Further Notice of Proposed Rulemaking CG-17-59 and Fourth Further Notice of Proposed Rulemaking WC 17-97 (FNPRM) to discuss a variety of questions related to SHAKEN and robocall prevention. Some of their questions were about this not-so-simple problem.
The Commission is especially worried that these complications might thwart their efforts to combat robocalls originated by foreign service providers and transited by foreign intermediate providers and gateway providers.
Here are a few key points the FCC raised in the FNPRM:
The Commission asked whether they should change the unregistered provider rule, so that it applies to any foreign provider, originating or intermediate. They will discuss the FNPRM at their Open Commission Meeting on September 30, 2021.
Meanwhile, providers are caught in a tough situation. Some might want to refuse all calls received directly from an unregistered provider, simply because they cannot tell whether the provider was acting as an OSP or intermediate.
Let’s see what the Commission comes up with on September 30.
Background
With robocalls plaguing both consumers and carriers for long enough, the Federal Communications Commission (“the FCC” or “the Commission”) decided to take action by requiring voice service providers to implement a caller authentication framework, known as STIR/SHAKEN, in order to validate the identity and source behind a call. A deadline for the implementation was set for June 30th, 2021. To keep track of how many had implemented, and how many were in the process of doing so, the FCC’s Wireline Competition Bureau announced the opening of the Robocall Mitigation Database.
Robocall Mitigation Plans
The FCC structured the Robocall Mitigation Database and filing deadline of June 30, 2021 for voice service providers to certify full or partial implementation of the STIR/SHAKEN standard. Any providers not completing full STIR/SHAKEN implementation by June 30 were required to file a certified Robocall Mitigation Plan detailing plans to reasonably reduce the origination of illegal calls via an alternative methodology.
The Deadlines and What Happens After
The June 30, 2021 STIR/SHAKEN deadline has come and gone, and many providers were left wondering if their calls would be blocked come July 1st if they had not fully implemented the standard yet. According to Chris Wendt, member of the ATIS/SIP Forum IP-NNI Joint Task Force and the STI-GA Technical Committee, the June deadline was a certification and registration deadline. It marked the date for major providers who were required to file their intention or plans to implement the framework. This was not a deadline to hereafter mark the beginning of widespread call blocking.
The September 28th deadline, which has been softly mentioned, marks the prohibition on service providers or intermediate providers from directly accepting and passing traffic from service providers who are not listed in the database. Traffic originators must be in the database and terminators of traffic must check the database to ensure they are passing legal traffic. Terminating providers do not have to give notice before blocking unregistered voice traffic.
”The Commission prohibited intermediate and terminating voice service providers from accepting calls directly from a voice service provider not listed in the Robocall Mitigation Database, finding that such a prohibition would ‘encourage all voice service providers to implement meaningful and effective mitigation programs...during the period of extension from the STIR/SHAKEN mandate. The Commission extended this prohibition to traffic originated by foreign voice service providers that use ‘North American Numbering Plan resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States. This prohibition became effective on September 28, 2021.”
— Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1904, para. 87
Database Trends & Conclusions
From the June 30th to the September 28th deadline, it’s clear voice service providers are actively working to file and implement STIR/SHAKEN and/or alternative Robocall Mitigation Plans. Here is where cross-industry implementation currently stands:
Current Implementation Count as of 9/27/21
Implementation Count between Deadlines
Implementation Count: 1077
N/A: 784
Partial Implementation: 1139
No Implementation: 2211
Total Robocall Mitigation Plans: 3350
Total in Database: 5211
*Voice service providers with Partial or No Implementation were required to file a certified Robocall Mitigation Plan by June 30, 2021.
With only one day to go until the September 28th deadline, service providers have been steadily implementing the standard, at least partially, based on certified plans filed within the Robocall Mitigation Database. Following the June 30th deadline, where it was feared that voice traffic would be immediately blocked, the industry saw a rapid growth in the number of Robocall Mitigation Plans filed.
The rate of complete STIR/SHAKEN implementation seems to be catching up this month, but most are still relying on partial implementation of the standard supplemented by detailed Robocall Mitigation Plans to reasonably reduce the amount of illegal robocall traffic in support of industry-defined expectations..
Considerations
With the overall rate of implementation more than doubling between the June and September deadlines, it will need to be monitored after the September 28th deadline as well. Will there be a rapid spike in the amount of implementation if too much voice traffic is getting blocked at the network level? How long will it take for the rate of full implementation to catch up with the amount of Robocall Mitigation Plans that have been filed?
A Focus on Gateway Providers
As we move closer to this deadline, the FCC issued Fourth (WC Docket No. 17-97) and Fifth (CG Docket No. 17-59) Notices of Proposed Rulemaking on September 9th. Proposals in the Further Notice place additional focus on gateway providers that are the point of entry for foreign calls into the United States and their part in the fight against illegal robocalls originating abroad. Thoughts on the enforceability of the Robocall Mitigation Database have come into question, and the FCC is seeking clarity on how it addresses foreign voice traffic into U.S. networks.
Check back in with us for our follow-up thoughts post the September 28th deadline and observations on how this deadline has affected voice traffic. With the comment period currently open for responses to the Further Notice, the big question remains: do the benefits of maintaining the Robocall Mitigation Database outweigh the burdens of filing, monitoring, and enforcing, both domestically and where cross-border traffic is concerned?
Describing “eliminating illegal robocalls that originate abroad … [as] one of the most vexing challenges we face in eliminating the scourge of robocalling,” the Federal Communications Commission (“FCC”) adopted a proposal at its September 30, 2021 Open Meeting to help address the problem (https://docs.fcc.gov/public/attachments/FCC-21-105A1.pdf ).
The Fifth Further Notice Of Proposed Rulemaking (“FNPRM”) in the agency’s long-running CG Docket No. 17-59 seeks to attack the issue “by placing new obligations on the gateway providers that are the point of entry for foreign calls into the United States, requiring them to lend a hand in the fight against illegal robocalls originating abroad.”
Per the FCC’s News Release announcing the action, the FNPRM seeks comment on the following proposed requirements for domestic gateway providers (https://docs.fcc.gov/public/attachments/DOC-376196A1.pdf).
· Domestic gateway providers would be required to apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with U.S. numbers.
· Gateway providers would be required to respond quickly (within 24 hours of receipt) to traceback requests, which are used to help block illegal robocalls and inform FCC enforcement investigations.
· Gateway providers and the networks accepting questionable traffic from the gateway provider would be required to actively block these calls.
· Gateway providers would be required to ensure foreign calls using U.S. phone numbers are legally authorized to do so.
· Gateway providers would be required to submit a certification to the Robocall Mitigation Database describing and committing to robocall mitigation practices.
In her statement in conjunction with approval of the FNPRM, Acting Chairwoman Rosenworcel noted: “This will help us tackle the growing number of international robocalls. Because we can’t have these scam artists multiplying abroad and hiding from our regulatory reach. We’re going to stop these nuisance calls before they reach our homes and businesses in the United States. And if the tools we have here are not up to task—we will need to go to Congress and ask for more.”
Initial comments on the FNPRM will be due 30 days after a summary is published in the Federal Register, with reply comments due no later than 60 days after such publication.
Telecommunications Service Providers (TSPs) in Canada may soon have access to Secure Telephone Identify (STI) Certificates—necessary for higher (Level A or B) attestation—once the Canadian Radio-television and Telecommunications Commission (CRTC) acts on a report (Report) by the Canadian Secure Token Governance Authority (CST-GA).
The Report follows consultation with currently ineligible TSPs (without access to Canadian Numbering Administrator resources) to modify, via consensus, eligibility requirements for obtaining Service Provider Code (SPC) Tokens. CST-GA undertook this process based on a CRTC decision in response to a petition by Mitel Cloud Services, Inc. (Mitel). Mitel requested the CRTC (1) instruct CST-GA permit all TSPS to receive STI Certificates and (2) exclude any TSPs not registered with the CRTC as an alternative to the Federal Communications Commission’s requirement that providers file in the Robocall Mitigation Database to access STI Certificates. The CRTC’s only guidance was that new eligibility requirements should only exclude “TSPs that cannot be trusted to maintain the integrity of the STIR/SHAKEN framework.”
CST-GA Report’s Proposed New SPC Token Access
The Report proposes three new eligibility criteria—Identity, Reputation, and Technical—that must all be satisfied to obtain an SPC Token:
The Report recommends CST-GA (1) amend CST-GA’s SPC Token Access Policy, (2) develop an application and onboarding process to support issuing SPC Tokens based on the three criteria, and (3) provide the CRTC a copy of the Report.
TSPs Should Prepare Applications Now, Anticipating a CRTC Decision Approving New Eligibility Criteria
The CRTC has not issued a decision adopting the Report. But, currently ineligible TSPs can use the Report as a guideline to preparing draft SPC Token applications to the CST-GA and ensure they are ready to file applications following the CRTC’s decision. We expect a CRTC decision will direct CST-GA to implement a majority, if not all, of the recommended components to establish new eligibility criteria.
Acting now may avoid future cost or delay, while preparing and filing an application following the CRTC’s decision could result in your TSP’s application being delayed as the CST-GA deals with a flood of applications from impacted TSPs. Thus is particularly important given an unknown application process and CST-GA acknowledgement that “lack of access to SPC Tokens may create challenges for non-eligible TSPs in complying with the Commission’s requirement for all TSPs to implement STIR/SHAKEN prior to the deadline, in part because alternative implementation options may not be available.”
Q&A with communications law expert Jonathan Marashlian, managing partner of the CommLaw Group.
Voice service providers have just passed some major milestones: certifying SHAKEN and/or robocall mitigation in the FCC database and refusing calls from unregistered upstream providers. Time to kick back and relax?
No. The legal landscape in the new STIR/SHAKEN era is much larger and more diverse than mere technical compliance with Federal Communications Commission (FCC) requirements.
We are already seeing clear and unmistakable signs that compliance with the bare minimum requirements established by the FCC—implementing STIR/SHAKEN and robocall mitigation plan procedures—is insufficient to mitigate the myriad of business risks arising from the government onslaught against the scourge of illegal robocalling.
Reading the tea leaves, the biggest risk or threat is likely to come through enforcement actions by state attorneys general and civil litigation initiated by private parties. Wherever the legal landscape provides the opportunity to recover damages, class action plaintiff’s lawyers and attorneys for large enterprise consumers of voice services, such as call center operators, are certain to seize upon those opportunities.
“The biggest risk or threat is likely to come through enforcement actions by state attorneys general and civil litigation initiated by private parties.”
We anticipate that questions around the meaning of and extent to which the “Know Your Customer” requirements apply in different contexts will ultimately be answered through litigation and enforcement, and less so through the FCC regulatory rulemaking process. Questions around damages and who is or can be held responsible for originating, passing, or terminating illegal robocalls are also going to be fleshed out by regulatory enforcement and private litigation.
Perhaps the most significant risk, even more so than the FCC, are the federal and state consumer protection laws that are being developed around robocall mitigation. Starting with the Federal Trade Commission (FTC), where the FTC’s strict “known or should have known” standard is applied to hold voice service providers accountable for illegal robocallers using their networks.
Many service providers and telecom consultants pore over FCC regulations to try and understand the requirements. Is that sufficient? Are there other things they need to worry about?
FCC regulations are a good starting point and, telecommunications providers should stay abreast of updated regulations and releases.
However, FCC regulatory compliance alone may not be enough to defend an action if provider’s face the FTC and state attorneys general’s “known or should have known” standard or the creative, evolving litigation strategy of the plaintiff’s bar.
“Regulatory compliance alone may not be enough to defend an action if provider’s face the FTC and state attorneys general’s “known or should have known” standard or the creative, evolving litigation strategy of the plaintiff’s bar.”
We saw a news item about Marriott, who filed a lawsuit in federal court against unknown perpetrators, “John Does,” who made illegal robocalls misusing Marriott’s name. Why would Marriott do that? What’s the point?
This is sheer speculation, but as often turns out, the actual perpetrators who harmed Marriott likely will be insolvent or outside the reach of Marriott.
By using “John Does,” Marriott preserves its ability to amend its complaint to implead carriers and providers that carried or transported the fraudulent traffic. Marriott could rely on the FTC’s “known or should have known” standard to show underlying carriers are the “John Does” that profited from bad actors (now insolvent or extra-judicial). It’s unlikely Marriott would commence this litigation without a strategy outside positive public relations for pursuing bad actions; rather, the “John Does” will likely turn out to be carriers of bad traffic who settle Marriott’s claims.
The CATA Working Group issued Caller ID Authentication Best Practices, which the FCC published and endorsed as voluntary measures. Then the Fourth Report and Order on Robocall Prevention mandated affirmative obligations to prevent service providers from originating robocalls. It seems like momentum is building toward holding service providers responsible for knowing their customers and the nature of their calls. What are your thoughts on this?
Based on recent trends, there is certainly momentum in that direction and Know Your Customer (KYC) will likely continue to grow in importance. Thus, providers should ensure they have a good KYC policy in place, particularly as new risks emerge, and scrutiny grows. However, as discussed above, this appears largely driven by the FTC and state attorney general actions.
Of note, the ITG has published a Policies and Procedures booklet with a best practices section. All VSPs should review the booklet, and particularly the best practices. Accountability will keep mounting and the weakest link—the weakest KYC policy—will be the first to break, and that provider will be accountable and “holding the bag.”
The weakest Know-Your-Customer policy will be the first to break, and that provider will be accountable and holding the bag.”
About The CommLaw Group
Marashlian & Donahue – The CommLaw Group – is a full-service telecom law firm located in the Washington, D.C. area catering to businesses operating in and around the dynamic and diverse communications and information technology industries. Their clients include providers of VoIP, wireless and traditional telecommunications services, SaaS-based and cloud computing technologists, Internet-of-Things application and network vendors, and nearly every imaginable 21st Century business driving the Digital Revolution.
The CommLaw Group has formed a Robocall Mitigation Response Team to help clients achieve the level of compliance needed to avoid the emerging threats of litigation and regulatory enforcement.
For more information, you can reach Jonathan S. Marashlian at jsm@CommLawGroup.com or by phone at 703-714-1313.
Stay with us for a continuing stream of Stir-Shaken news and information, that may directly impact your ability to terminate U.S. calls. https://www.prescott-martini.com/news-and-updates
The lawsuit was filed against Startel Communication of Evansville, Indiana; Piratel of Los Alamitos, California; and VoIP Essential of Fremont, California.
Oct 19, 2021
NDIANAPOLIS — The Indiana attorney general’s office has sued three companies on allegations that they helped illegally route hundreds of millions of robocalls to U.S. households seeking to carry out a variety of scams.
In the lawsuit filed Thursday in federal court in Indiana, the attorney general’s office said the companies facilitated the calls by scam artists operating from India, the Philippines and Singapore.
That now-defunct business arranged with two California telecommunications companies to route the robocalls throughout the country, Rokita said.
The lawsuit blames Piratel LLC of Los Alamitos, California, for routing at least 3.1 million robocalls to Indiana numbers alone and that VoIP Essential LLC of Fremont, California, routed 1.3 million calls to Indiana.
More than 1,100 robocalls were made on two days last year without prior consent from those who received them, the FCC said.
The Federal Communications Commission proposed the largest robocalling fine in the agency's history Tuesday, aimed at two men and a lobbying firm it alleges sent more than 1,100 unlawful, prerecorded robocalls.
The proposed $5,134,500 against Jacob Wohl, John Burkman and J.M. Burkman & Associates LLC comes after Congress passed an amendment to the Telephone Consumer Protection Act (TCPA), the FCC said in a statement. The group is alleged to have made 1,141 prerecorded robocalls to wireless phones without prior consent during two days last year.
The FCC said the TCPA prohibits such prerecorded voice calls regardless of the call's content.
"The robocalls in this case, made on August 26 and September 14, 2020, used messages telling potential voters that, if they vote by mail, their 'personal information will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts,'" the FCC said.
None of the consumers the FCC's enforcement bureau contacted said they had consented to receiving such robocalls, the FCC wrote in its Notice of Apparent Liability for Forfeiture.
Wohl and Burkman were identified by name on the calls, the FCC said, and caller IDs went back to Burkman's personal phone number. Both men allegedly admitted under oath they were involved with creating and distributing the calls.
In the forfeiture notice, the FCC said it determined the amount by fining the group $4,500 for each unlawful robocall for a total of $5,134,500. The FCC said it has used a base amount of $4,500 for violations under the TCPA.
The FCC said the proposed fine is not final and that Wohl, Burkman and the firm will have a chance to respond before a final resolution is given.
So I’m freaking out a little.
Allstate was just ordered to produce its entire internal DNC list to Alex Burke.
Allstate. Entire Internal DNC list. Delivered to Alex Burke.
Huge. Terrifying. Huge. Terrifying. Huge. Terrifying.
How?
Let me set the stage here.
Many of you have been around long enough to remember the jaw-dropping result in the old Dish Network ruling resulting in $283MM in penalties.
The single most important take away from that ruling was that sellers who rely on third parties to market their goods need to coordinate between vendors to make sure that a DNC report to any one of them is properly communicated upstream to the seller and then re-communicated downstream back to the web of marketers pitching the sellers’ goods.
Stated alternatively, a DNC request to any marketer must be treated as a DNC request to every marketer selling the same good or service for the seller. And a failure by the seller to coordinate those requests through all marketers can yield really bad results.
So, for instance, if marketer A is told to stop calling about seller X’s goods, seller X needs to make sure that marketers B and C–who also sell X’s goods–are notified and stop calling. If B or C call the same consumer who asked for calls to stop, Seller X is liable for a TCPA violation–although B and C likely are not directly liable.
There is a bit of a disconnect then between the needs of the seller to stop calls and the incentives of the marketers, who are not directly liable for calls they make in that scenario–which makes contract terms and policies critical.
But I digress.
The point of all of this is that the Plaintiff’s bar has apparently landed on a way to effectively determine whether sellers are properly coordinating with their marketing network– and it is truly terrifying from a data perspective.
The scheme is simple–they demand that the marketer that made the challenged calls produce its internal DNC list. Then they demand that the seller produce its list. If the two lists do not match then there was a failure to coordinate and–the argument goes–the seller is liable for calls made to individuals that are one but not both lists.
Hmmmm.
In order for this scheme to work, of course, Plaintiffs have to obtain the internal DNC list for the seller. And in some cases that might mean a HUGE list and a giant headache for a big company.
Take Allstate for instance.
Allstate is a great brand that sells an important product and has hundreds of thousands if not millions of customers.
Without question, however, many many people have likely told Allstate and its web of third-party marketers and agents to stop calling about this purpose, or that program, over the last five years. I can only imagine how difficult it would be for a multifarious institution of that sort to keep all of its DNC requests flowing in and out between all of its agents and vendors seamlessly.
Well the Plaintiff in Hossfeld v. Allstate Ins. Co., Case No. 20-CV-7091, 2021 U.S. Dist. LEXIS 199023 (N.D. Ill. October 15, 2021) just convinced a court to require Allstate to produce its entire internal DNC list–going back at least five years folks–to test their theory that Allstate wasn’t properly monitoring its vendors.
For context, something called Transfer Kings apparently called the Plaintiff on behalf of something called Atlantic Telemarketing, which in turn had the relationship with Allstate.
Those of you attending Leadscon in the next few days need to really pay attention here– Allstate’s vendor was Atlantic. It is not clear to me whether Allstate even knew about Transfer Kings. But if TK’s internal DNC list doesn’t match Allstate’s somebody is going to be in trouble (and it likely isn’t TK.) Here’s why:
Hossfeld states that he plans to compare Allstate’s internal DNC list to Transfer Kings’ internal DNC list (and the internal DNC list of Atlantic Telemarketing) to show that the lists are materially different from Alllstate’s internal DNC lists. Presumably, this material difference will allow Hossfeld to argue that Allstate and its vendors do not coordinate.
CAVEAT VENDITOR (Sellers beware) pal. (And yes, that was a vague Rounders allusion).
I cannot emphasize enough how important this ruling is folks. Sellers MUST make sure that they are communicating DNC requests effectively through all marketing channels that are making use of outbound calls or texts. MUST. Because the day may come when YOUR internal DNC list is compelled and tested.
A couple of notes here from a litigation perspective.
First, this is why you ALWAYS see me emphasize the need to bifurcate discovery between class and merits issues. Yes it can be a costly and time consuming battle to fight but this is why you do it. Allstate apparently did not obtain such an order and the Magistrate Judge that ordered the production rubbed that in their face a little: “Merit and class fact discovery are not bifurcated in this case and thus, there is only one fact stage of discovery, which closes on December 30, 2021.”
Next, TCPA defendants should NEVER expect the “but Plaintiff is a scumbag” argument to save them. Yes, they are all mostly scumbags. But that doesn’t mean they can’t turn you inside out if you’re not making the right procedural moves:
The Court acknowledges Allstate’s argument that Hossfeld’s conduct in calling “back and engaging the telemarketing vendors who called him,” “pretending to be other people and providing otherwise false information to the telemarketing vendors in order to continue the call long enough to be transferred to an independent agent,” and on at least one call, “consent[ing] to be transferred to an Allstate agent after being informed his number was on the Allstate DNC list,” could result in a conclusion that Hossfeld is not an adequate class representative.
But the Court went ahead and ordered the production anyway. Because there was no bifurcation order and discovery closed before certification. So Plaintiff had to get the discovery before the issue of his worthiness to represent the class could be decided.
And that’s why TCPA Defendants must never, never, never, never, never allow discovery to close before certification is decided.
Never.
One last thing here, the production comes with a couple of caveats. First, Allstate’s internal DNC list will be treated as confidential under the parties’ Agreed Confidentiality Order. That’s good.
Second, Hossfeld and his counsel are prohibited from: (a) contacting any person appearing on Allstate’s internal DNC list unless and until a class is certified and (b) from using Allstate’s internal DNC list for any purpose in the event that a class is not certified.
All right, so there’s your nightmare TCPA report for the day. I sincerely hope you all followed this as it is a major development–especially for those who sell products through third-party marketers. I’ll be in Vegas the next few days. Connect with me if you’re there and we can chat.
Rebekah L. SandersArizona Republic Oct 20 2021
Millions more Americans could be flooded with robocall voicemail messages if the Federal Communications Commission agrees to a rule change.
Political campaigns, charities, businesses and robocall spammers could insert unlimited messages into people's voicemail boxes without ringing first if the FCC agrees.
In addition, the proposal would allow the voicemails to be sent to millions of phones that currently are off-limits to robocalls under federal law.
Ringless voicemails are "non-intrusive," according to the campaign of former U.S. Sen. David Perdue, R-Georgia, which is asking for the change.
The messages don't disrupt people with long ringtones, do not rack up charges as phone minutes and texts may, and can be listened to at any time.
Consumer advocates disagree.
Ringless voicemail is just as "invasive, expensive and annoying" as calls and texts, they say.
Why a political candidate is asking for change
Candidates are eager to find ways around the Telephone Consumer Protection Act that prohibits campaigns from auto-dialing cellphones unless voters opt in.
Almost two-thirds of Americans, or roughly 155 million people, own only a cellphone, the Perdue campaign said, meaning many voters are out of reach of pre-recorded campaign messages.
"(The) technology allows non-profit (get-out-the-vote) campaigns across the political spectrum to effectively reach a wide swath of potential voters to provide them with critical and timely election-related information," Perdue's campaign said in its FCC petition. "Contacted potential voters may listen to the voicemail as many times as they want, delete it, or ignore it, at no cost to them."
What's next? Relief from robocalls is starting, but spam texts are on the rise
Ringless voicemail could provide information such as where a voter’s nearest polling place is or how to complete a mail-in ballot, the campaign said.
"As a greater number of consumers opt to rely solely on wireless services, Democratic and Republican campaigns and political committees alike will require efficient and non-invasive methods to reach potential voters on short timeframes," the filing said.
Consumer advocates warn of 'unfettered' abuse
But a group of consumer protection organizations opposes the measure.
Voicemail inboxes would become useless, filling with "unfettered," "unstoppable" messages, National Consumer Law Center senior attorney Margot Saunders said.
Other groups that oppose the proposal include the Consumer Action, Consumer Federation of America, EPIC, National Association of Consumer Advocates, National Consumer Law Center and U.S. PIRG.
"If left unregulated, ringless voicemail messages regarding telemarketing, debt collection, and outright scams could easily overwhelm the voicemail boxes of consumers," Saunders said.
The Federal Communications Commission’s (FCC) Enforcement Bureau (Bureau) has sent cease and desist letters to “three network providers—Duratel, Primo Dialler, and PZ/Illum Telecommunication—demanding that these providers immediately cease originating illegal robocall campaigns on their networks, many of which originated overseas, and report to the Commission the concrete steps they are implementing to prevent a recurrence of these operations” https://www.fcc.gov/document/fcc-issues-robocall-cease-and-desist-letters-3-more-companies.
According to the FCC’s News Release, “investigations by the Enforcement Bureau, in conjunction with the industry-led Traceback Consortium, indicate that these companies each transmitted multiple illegal robocall campaigns on their networks. Duratel and PZ/Illum originated substantial numbers of government imposter scam calls including posing as the Social Security Administration, the Federal Reserve, or the Department of Homeland Security. Primo Dialler originated robocalls that threatened utility discontinuation and offered fake credit card rate reductions. The FCC identified the providers based on Industry Traceback Group information, which identifies the providers that receive the most tracebacks over a 60-day period, as well as information from the Social Security Administration Office of the Inspector General.”
Under the terms of the letters, “Duratel, Primo Dialler, and PZ/Illum Telecommunication must take steps to ‘effectively mitigate illegal traffic’ within 48 hours. And they must inform the Commission and the Traceback Consortium within fourteen days of the steps taken to implement effective measures to prevent their clients from using their network to make illegal calls. If they do not take such steps, other networks will be authorized, and may even be required, to block traffic from these companies.”
The Bureau issued similar letters to other companies in March, April, and May of this year.
The Federal Communications Commission (FCC) issued a “Fourth Tranche of Enforcement Bureau Cease and Desist Letters” (Letters) against three network providers in an attempt to show the regulator has not turned a blind eye to bad actors.
The letters and formation of a Robocall Response Team support Acting Chairwoman Rosenworcel’s statement that the FCC “is putting its full force behind stopping these junk calls.” The FCC Enforcement Bureau worked with the industry-led Traceback Consortium identified the three companies, which received the most tracebacks over a 60-day period, and information from the Social Security Administration’s Office of the Inspector General, the entity being impersonated on a significant number of robocalls.
FCC Enforcement Bureau takes Telephone Consumer Protection Act (TCPA) and FCC Regulation Violations Seriously
The Letters note that each provider apparently violated the TCPA (47 U.S.C. § 227(b)) and certain FCC regulations (47 C.F.R. § 64.1200(a)) that prohibit using Automated Telephone Equipment (auto-dialers) or artificial voices to call US consumers from outside the US without consumer consent. The FCC noted that one provider also apparently violated 47 USC § 227(e) and 47 CFR § 64.1604, which prohibits providing misleading or inaccurate caller identification information “with the intent to defraud, cause harm, or wrongfully obtain anything of value.”
The Letters notes rapid consequences that could lead to downstream providers blocking all of each affected provider’s traffic; intermediate and terminating voice service providers:
Expanded Robocall Ecosystem Continues to Evolve as Each Enforcing Party Adopts to Changes
As the ecosystem surrounding robocalls continues to grow and develop, voice service providers will need to be aware of changes at the FCC and Federal Trade Commission (FTC) that impose and enforce regulatory requirement and restrictions. Also, in addition to FCC and FTC enforcement, providers must consider an emerging—and potentially much larger—threat: enforcement actions by state attorneys general and civil litigation initiated by private parties.
Given the FCC’s aggressive anti-robocall actions against Duratel, Primo Dialler and PZ/Illum Telecommunication, providers should ensure they have adequate Know Your Customer (KYC) processes in place and have filed a Robocall Mitigation Plan (RMP) in the Robocall Mitigation Database (RMD). Providers also need to follow developments with these three entities should mandatory blocking be required.
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
LONDON - Major phone networks have agreed to automatically block almost all internet calls coming from abroad if they pretend to be from UK numbers, Ofcom has confirmed.
Criminals have been using internet-based calling technology to make it look like a phone call or text is coming from a real telephone number.
Almost 45 million consumers were targeted by phone scams this summer.
Ofcom said it expected the measures to be introduced at pace as a "priority".
So far, only one operator - TalkTalk - has implemented the new plans. Other phone networks are still exploring methods of making it work.
Why phone scams are so difficult to tackle
Nearly 45 million had scam calls in three months
"We've been working with telecoms companies to implement technical solutions, including blocking at source, suspicious international calls that are masked by a UK number," said Lindsey Fussell, Ofcom's networks and communications group director.
"We expect these measures to be introduced as a priority, and at pace, to ensure customers are better protected."
She added tackling the phone scams issue was a "complex problem" that required a coordinated effort from the police, government, other regulators and industry.
The move follows months of discussions between Ofcom and the UK telecoms industry.
Will the plans work?
Internet-based calling technology, also known as Voice Over Internet Protcol (VoIP), is used by millions of consumers globally to make phone calls free or cheaply every year.
Popular services that use this technology include WhatsApp, Skype, Zoom and Microsoft Teams.
The Sunday Telegraph, which first reported the story, cited Whitehall sources that have cast doubt on Ofcom's plans.
They say blocking traffic from foreign VoIP providers will not work to stop scam texts and calls, because much of the UK still relies on old copper-based networks dating back to the 1970s.
But some experts the BBC spoke to disagree.
Apart from consumers, many businesses also use the VoIP technology for internal corporate phone networks.
Whenever a corporate phone network makes a call, a VoIP provider hands over the call from the internet to the phone networks.
Gabriel Cirlig, of US cyber-security company Human, said telecoms companies were not inspecting the traffic they received from VoIP providers, they just let it through on to the network.
"Recently, because of the ease in implementing your own private-enterprise telephone system, everybody can have access to critical telephone infrastructure," Mr Cirlig said.
"Because of this lower barrier of entry, it is very easy for scammers to build their own systems to spoof mobile numbers - the cyber-criminals are essentially pretending to be legitimate corporate telephone networks in order to have access to legitimate telco infrastructure."
He adds that right now, it is up to the VoIP provider to check whether the calls it is handing over to telecoms networks are actually legitimate.
"This is not a regional problem or restricted to one type of infrastructure, this is a systemic issue that allows crime to cross any borders," said Mr Cirlig.
"This feature is enabling the VoIP business model so they don't want to stop it."
Matthew Gribben, a former consultant to GCHQ, the UK government intelligence agency, agrees. He used to see many scams while monitoring networks for GCHQ.
"It's fundamentally the foreign VoIP providers that are technologically enabling these gangs to operate, so it will make a huge dent in this," he said. "It doesn't fix everything but it's an excellent step in the right direction."
Experts agree that the only way to completely fix the problem is to implement new telephone identification protocols that enable phone networks to authenticate that all calls and text messages actually come a real telephone number.
The new protocols, known as "Stir and Shaken" in a nod to James Bond, were developed by an international standards body, the US-based Internet Engineering Task Force.
US authorities have ordered mobile operators to implement the protocols by the end of 2021, but Ofcom told the BBC in August that introducing full authentication in the UK would only be possible when the technology that supports voice services is upgraded, which is due to be completed by 2025.
The Body of European Regulators for Electronic Communications said that it cannot impose Stir and Shaken on EU phone networks.
It is only able to ask mobile operators to block, on a case-by-case basis, access to numbers or services in case of fraud.
However, it said it was now discussing whether to implement the protocols.
NOVEMBER 3, 2021 - Robocalls in the U.S. were up 3.3% in October, according to the YouMail Robocall index. Are SHAKEN and robocall mitigation working? What does the future hold? Let’s have a look.
The Numbers
Is SHAKEN making a difference?
We’ve seen SHAKEN call signing starting to level off at around 25% of calls signed. Unfortunately, SHAKEN won’t be much help with only 25% of calls signed.
We’ve also seen a consistent pattern of robocalls being signed with partial (B) and gateway (C) attestation. These calls are more likely to be robocalls than unsigned calls!
What’s going on here?
Some service providers have filed their certification in the Robocall Mitigation Database (RMD) claiming a complete SHAKEN implementation.
These providers haven’t implemented anything. They aren’t on the list of SHAKEN approved service providers maintained by the STI Policy Administrator.
As of this writing, there are 2,761 filings in the RMD (U.S. only, no intermediates) that claim a SHAKEN implementation. There are 390 SHAKEN authorized providers listed on the STI-PA website.
Some of the difference is because the STI-PA list is consolidated, while many providers filed separate certifications in the RMD. But this doesn’t begin to account for all the difference. There are many SHAKEN certifications that cannot be matched with any SHAKEN authorized provider.
How can they do SHAKEN if they aren’t approved? They aren’t doing SHAKEN. They’re getting a downstream provider to sign their calls for them. The downstream provider uses its own SHAKEN credentials, not the SHAKEN credentials of the originating service provider (who doesn’t have SHAKEN credentials).
This is not how the SHAKEN framework was designed. But it is how illegal robocalls are surviving in the early days of SHAKEN.
Is robocall mitigation working?
Voice service providers that aren’t doing SHAKEN are required to do robocall mitigation. How’s that going? Judging by the October numbers, not so well.
Why not?
The FCC Enforcement Bureau recently sent cease-and-desist orders to three voice service providers for originating and transiting illegal robocalls. This story explains how robocall mitigation can fall short.
These three service providers represented each of the three types of SHAKEN implementation types that can be claimed in a robocall mitigation certification filing: no SHAKEN, partial SHAKEN, and complete SHAKEN. With either no SHAKEN or partial SHAKEN, a filer is required to provide a robocall mitigation plan.
The plans provided by these providers were very weak. Robocall mitigation didn’t work because, well, they really weren’t doing much of that.
Remedies
Here are a few things we believe should happen for SHAKEN and robocall mitigation to fulfill its promise:
3. Robocall mitigation should be done with SHAKEN. It should be both, not either/or.
-Robocall mitigation doesn’t work as well when the calling number is spoofed. You need SHAKEN too.
-SHAKEN is intended for caller ID authentication, not robocall mitigation. You need robocall mitigation too.
-You need both, working together, to identify and stop illegal robocalls.
Nov 4, 2021 -- Haley Hinds reports
TAMPA, Fla. - They try to sell you an extended car warranty. They even pose as the IRS. While most robocalls are more annoying than harmful, others have gone so far as to target Alzheimer's patients.
Will we ever be able to stop them, for good? U.S. Rep. Charlie Crist has an idea. He wants to put robocallers in jail.
"I get these crazy calls on it all the time," said Susan Jacobson of Trinity. "I have no way of stopping it."
Jacobson, whose identity had been stolen, believes some of the spam calls are related to that. But she still gets all the same storylines that the rest of us do.
A new report says Americans are on track to receive 88 billion robotexts by the end of the year.
RELATED: Americans will get 86 billion spam texts by the end of this year, report shows
"I get these calls from car companies looking for me to buy a car. And I keep telling them, take this number off. It's not a good number," Jacobson said. "It's a lot of effort and a lot of time and there should be consequences."
In October, there were an estimated 4.1 billion spam calls in the U.S. according to robocall blocking app YouMail. That's 1,500 calls per second. The Tampa area accounted for more than 46 million of them.
"People deserve to have their privacy. They shouldn't be preyed upon like this," said U.S. Rep. Charlie Crist.
Crist is now urging the Department of Justice to prioritize the collection of fines levied against spam callers and consider increasing penalties to include jail time. In a letter written to the DOJ, Crist said, "these bad actors need to feel the full consequences of their crimes."
"I think it will send a very powerful message," Crist told FOX 13. "Don't mess with our people. Don't mess with these senior citizens. The consequences are going to be serious, and you may end up in jail."
Crist's Spam Calls Task Force was created by the TRACED Act in January of 2020. While the DOJ found it cut down on hundreds of millions of robocalls per month, Florida still got an estimated 333 million calls last month alone, according to YouMail.
"The problem is these telemarketers can make millions and millions and millions of calls and very few fines are ever collected," said Alex Quilici who heads up YouMail.
Quilici said it can be hard to pinpoint who and where calls come from. While fines or jail time are deterrents, he said technology is the key to solving this problem.
"Enforcement will help, regulation will help, carriers deploying some of the stuff they've done will help, consumers changing their behavior will help, but bottom line, we need technology to stop these scam calls in the same way your house has a burglar alarm," Quilici said.
More than 4 billion robocalls a month seems really high. But Quilici said that is still substantially less than the 5.7 billion per month we were getting two years ago.
So, we are seeing progress from recent enforcement efforts from the FCC and other agencies.
NOVEMBER 3, 2021
By now, we’re all acquainted with the STIR/SHAKEN caller ID authentication framework and its aim to decrease the number of illegal robocalls and illegal call spoofing by establishing the validated source of a number and the identity behind it. When the STIR/SHAKEN standards were being defined, they were written as if from a single country perspective and so far, deployment has primarily focused on the United States. The fact that the U.S. has deployed STIR/SHAKEN does not mean that it is a U.S.-specific technology.
The standards were designed not to be specific to any given country because it was intended to eventually be deployed abroad country-by-country. Because it was difficult enough to define standards for one country alone, the scope of the standards was designed to consider each country’s regulatory requirements as well as their ownership of the numbers to be validated. Per country, the standards can be tweaked to fit individual needs in terms of the governance while ensuring that at the protocol level it will work cross-border.
The United States has led the way in defining and writing the standards and setting up a method to regulate its implementation through the Robocall Mitigation Database, with relevant deadlines to encourage the due diligence of service providers to implement the standards. The FCC has already begun seeking comments on the future of the enforceability and longevity of this database as an adequate solution to ensuring adoption. Enough time has now passed in the United States regarding domestic traffic for the FCC to begin focusing on gateway providers as the point of entry for foreign calls and cross-border communications.
In comparison to the United States, Canada is following closely behind with its implementation of the STIR/SHAKEN standard, not in terms of the technologies being used, but in terms of the governance, the structure of the standards, its enforcement, and the deadlines that surround it.
International STIR/SHAKEN expert based in Canada, Jim McEachern, has worked with ATIS, the SIP Forum, and the IP-NNI Task Force within ATIS to help Canada define its own cross-border specifications. For the two countries to establish a trusted system that allows for cross-border voice traffic, is to root this trust in a Certificate Authorities List (CA List).
According to McEachern, “The trust anchor in SHAKEN is when the Governance Authority and Policy Administrator are able to maintain a list of the approved Certificate Authorities who issue the certificates in SHAKEN. That list is effectively the root of trust.”
— Jim McEachern
When a cross-border call is verified you can confirm the call was signed with a certificate that can be traced back to the trusted CA List. If the certification is not present on that list, the call fails. While this may seem like a straightforward solution to ensure trusted communications between countries, the issue lies in that both countries maintain their own CA Lists. If a call gets signed in Canada with a Canadian Certificate Authority (CA), when the United States receives the call they must cross-check it with their own U.S. CA List. If the Canadian CA is not on that list, it fails verification automatically.
This does not mean that the call will be blocked upon entering the United States, but will not be a signed call. At that point, apps or analytics outside of STIR/SHAKEN may or may not block it as suspicious. To protect trusted communications, Canada and the U.S. will need to merge their trusted CA Lists and create a sort of bilateral agreement so that the call can pass cross-border and pass verification. This has not happened yet but hopefully will within the next year, according to McEachern.
Establishing one bilateral agreement of merged trusted CA Lists with one country is difficult and time-consuming enough. Add in 200 other countries and the number of agreements that need to be made amongst them adds a great deal of time and complexity when scaling this direct approach to other countries.
A centralized database model has been proposed for many sources to register within, allowing these agreements to be done in a more scalable fashion. However, that comes with its own set of issues. Who do you trust? What are the criteria for joining? How will information be monitored and amended? Who hosts the database and who has access to it?
Even if answers to these questions are found, in order to keep bad actors from penetrating the system, a rigorous vetting and Know Your Customer (KYC) policy must be defined and implemented as well. Even though it does not guarantee the complete removal or prevention of bad traffic, it acts as a monitoring, verification, and enforcement mechanism that is able to maintain a higher level of trust.
In the United States, the TRACED Act put out by the FCC defines the need for a caller ID authentication framework in order to address consumer complaints and combat the origination of illegal robocalls. While the TRACED Act does touch on the STIR/SHAKEN standards as a solution, there is a potential danger to tying down laws and regulations to the standards as standards in general require the ability to change and be amended quickly if they need to be. It also complicates the notion of having a single standard to address and meet the laws and requirements of various countries.
“There are very few countries, other than the U.S., that have passed legislation that demands dealing with robocalling. Not many have specifically referenced STIR/SHAKEN in legislation the way the U.S. has come close to doing. But even if you don't have it in the legislation, if every country tackles the problem in their own way, then it might work for all calls within their country but we all know that that's only a small subset of the problem because it won't work between countries and globally.”
— Jim McEachern
There is not going to be any single deployment of STIR/SHAKEN that can be applied globally at once. Nor will there be a global policeman who can mandate that everyone implement the standards in the same manner. Instead, there will be multiple mechanisms and solutions that will have to rely on a standard that takes interoperability into account in order for it to work end-to-end. To give it the highest chance of success in eliminating or preventing illegally spoofed calls, there must be a robust monitoring and enforcement mechanism, such as a Know Your Customer solution, in order to expand implementation without compromising integrity.
Nov, 2021 -- New York Governor Kathy Hochul has signed into law two bills that address robocall issues.
The first bill, S-6267/A-268 , requires telecommunications providers to block certain numbers. As described by the Governor’s announcement (https://www.governor.ny.gov/news/governor-hochul-signs-package-legislation-crack-down-robocalls ), the bill “codifies in state law the provisions of a rule released by the FCC in 2017, that went into effect in June of 2021, that allows telecommunications companies to proactively block calls from certain numbers. These would include calls that are the most likely to be illegitimate, as they are coming from numbers that do not or cannot make outgoing calls. These types of numbers are indicative of ‘spoofing’ schemes in which the true caller identity is masked behind a fake, invalid number.”
The second bill, S-4281/A-585, requires that voice service providers implement the STIR/SHAKEN protocols to validate that calls are actually coming from the numbers displayed on the Caller ID. Again, the announcement explained that the bill “requires voice services providers to implement the STIR/SHAKEN call authentication framework. In March of 2020, the FCC, pursuant to the federal TRACED Act, issued a rule requiring providers to implement STIR/SHAKEN by June of 2021. This bill will provide for enhanced state enforcement for bad actors and will allow the state to ensure the implementation of STIR/SHAKEN as required by the FCC. The STIR/SHAKEN authentication protocol uses cryptography to validate that a call is really from the number it displays, preventing bad actors from illegally “spoofing” phone numbers. STIR/SHAKEN also makes it much easier to trace illegal calls back to their source, since each call will have-an identification assigned to it. Once the source is identified, enforcement actions can be taken against the perpetrators.”
In signing the bills, the Governor observed “New Yorkers are fed up with annoying, predatory robocalls, and we’re taking action to stop them….” She added that “[t]his legislation will enable telecom companies to prevent these calls from coming in in the first place, as well as empower our state government to ensure that voice service providers are validating who is making these calls so enforcement action can be taken against bad actors.”
Anis JafferForbes Councils MemberForbes Technology CouncilCOUNCIL POST
November, 2021
Ilegal robocalls have been giving heartburn to both consumers and enterprises alike. On one side, we as consumers have almost all faced annoying "car warranty" calls and, worse, "this is the IRS" scam calls. On the other side, legitimate enterprises have been struggling to reach consumers who have become less likely to answer calls from caller IDs they don't recognize or trust. To mitigate this, the FCC mandated that telecommunications service providers implement the STIR/SHAKEN authentication framework by June 30, 2021.
This framework is now live, and although it does not guarantee 100% of illegal calls will be wiped out immediately, it sets a new standard for traceability and due diligence across the service provider ecosystem.
As carriers work to support ongoing robocall mitigation efforts, the next wave of innovation to improve trust and caller recognition is already emerging: rich call data (RCD). It aims to improve the ability to identify the calling party, but as with STIR/SHAKEN, authentication will be a key element in ensuring this new technology does not open up the possibility for brand identity theft, fraud and spoofing.
Now more than ever, enterprises and brands communicating with consumers need to ensure their identity is authenticated and trusted. Here are some of the key elements for brands to consider with respect to this new and emerging telecom technology.
Wireless devices and networks enabled for a fully branded RCD experience will present a caller name, brand logo and even a custom call reason displayed on incoming calls. However, where RCD compatibility is limited, the branding experience will include only the caller name field. To enable, when the call is originated, the originating carrier attaches the RCD information to the call on behalf of the brand. At the destination of the call, the terminating carrier then consumes that RCD information and chooses how to render it through a presentation display layer.
There are two ways RCD information can be captured at this time. The first is via a delegated certificate or an end-entity certificate, which allows the delivery of information within the telecom network. The proposed implementation of this certificate is to use it as an extension to the STIR/SHAKEN framework. The second is through an out-of-band solution, such as Verified Calls by Google, which renders RCD on Google-enabled devices like Pixel phones and compatible Android devices. Several models are still being tested and developed to figure out how to best deliver and present branded communications as the technology becomes more widely adopted.
However, there are limitations when it comes to the delivery and presentation of RCD. Despite living in an increasingly smartphone-based world, analog phones like landlines do not have the visual display interface needed to present branded content. Plus, not all smartphones display the same data in a unanimous way. Within a fragmented industry, smartphones operate on different networks, and apps used to display branded content may either be carrier-specific deployed apps or subscriber-installed apps on the device. Currently, there are no common standards that devices and apps can use to have a uniform implementation.
Looking Beyond The Answer Rate
Branded calling does not guarantee that every call will be answered live; it's still important for brands to appropriately structure their campaigns to be delivered at the right time to the right called parties. However, when implemented successfully, branded calling can give the consumer the confidence boost needed to answer the call by establishing instant recognition in the calling party's identity.
According to Hiya's 2020 "State of the Call Report," 94% of unidentified calls go unanswered, whereas in a similar study done by First Orion, 90% feel comfortable answering a branded call. From this, we can infer that calls with brand identifiable information have a better chance of contact with called parties. Businesses that are early to adopt an RCD solution by elevating a call with branded elements, whether it is just a brand name or brand name and logo, may experience a variety of benefits. Aside from improvements to answer rates, branded calling may also lead to increased callbacks, conversion rates, improved agent productivity and elevated brand reputation.
Authentication Of Brand Identity
One of the main challenges in implementing RCD is establishing an authentication framework to establish the validity of the logo image to be displayed. How do you make sure the service provider originating the call received the authorization to display the logo on behalf of the brand? There is a real possibility that logos may be spoofed much in the same way phone numbers are, ultimately forfeiting the trust that this solution aims to establish.
STIR/SHAKEN set an excellent precedent across the service provider ecosystem, strengthening the Know Your Customer-based vetting of entities to verify "good actor" traffic. This entity authentication and due diligence need to remain the prerequisite for service providers enabling RCD displays as well. This then ensures that the appropriate rights and consent have been obtained to use the branded assets to be displayed.
This is especially true when it comes to scenarios where a call center is making calls on behalf of another entity or multiple brands. How will consent be obtained from within the brand itself? This brings up another question that needs its own set of authentication — what kinds of logos will be allowed, and who will decide what is appropriate for display?
The Next Steps Toward Trust
There is still no universal model, implementation framework or standardized authentication of branded assets, but that hasn't stopped solution providers from innovating and pushing RCD to the consumer. With this and other new communications technologies actively being released to the market, it is clear that a new set of standards will be needed to ensure the proper vetting and validation of branded assets to ensure we uphold a trustworthy network used by us all.
The telecom industry has taken a giant step by adding a new layer of trust through STIR/SHAKEN and the introduction of call branding. In light of this giant industry step, we must also remain vigilant of who is using these technologies and how we're joining together to protect the recipients of these calls as well as the legitimate brands that originate the calls.
November 6, 2021
ST. LOUIS—The U.S. Attorney’s Office and the FBI continue to see scams where perpetrators are posing as federal authorities to scare victims.
In one of the latest examples, the perpetrators emailed a letter claiming to be from a federal court about a federal criminal investigation. The letter gives the victim a choice: (1) face indictment or (2) accept an agreement as a cooperating witness, which requires $7,000 in legal fees. In addition to the letter, perpetrators also called the victim.
U.S. Attorney Sayler Fleming for the Eastern District of Missouri stated, “Scammers are always looking for ways to take your money or personal information. Anytime you are asked to pay money or give your personal information, be skeptical. Verifying the request can prevent the majority of scams.”
Special Agent in Charge Richard Quinn of the FBI St. Louis Division explained, “Scammers are using more sophisticated techniques to appear legitimate, to include using information about you gleaned from compromised online accounts, such as email or social media. Please scrutinize and verify any request for money or personal information to avoid falling prey to scammers.”
Also, scammers can easily hide their identities by displaying legitimate phone numbers on Caller ID, which is known as spoofing. When in doubt, please take the next step by calling the organization in question. Look up the phone number instead of the number given, then pick up the phone and call the agency, organization, or business to verify. Scammers will do everything, including threaten or create a sense of urgency, to keep you from ending the call.
If you are a victim of a phone or an online scam where you wired money, immediately contact the bank you used to try to recall the wire transfer. Then file an online complaint with the FBI’s Internet Crime Complaint Center (www.IC3.gov).
Washington Post
By Susan JaffeNovember 7, 2021
Finding the best private Medicare drug or medical insurance plan among dozens of choices is tough enough without throwing misleading sales tactics into the mix.
Yet federal officials say complaints are rising from seniors tricked into buying policies — without their consent or lured based on questionable information — that may not cover their drugs or include their doctors.
In response, the Centers for Medicare and Medicaid Services has threatened to penalize private insurance companies selling Medicare Advantage and drug plans if they or agents working on their behalf mislead consumers.
The agency has also revised rules making it easier for beneficiaries to escape plans they didn’t sign up for or enrolled in only to discover promised benefits didn’t exist or they couldn’t see their providers.
ADVERTISING
The problems are especially prevalent during Medicare’s open-enrollment period, which began Oct. 15 and runs through Dec. 7. A common trap begins with a phone call like the one Linda Heimer, an Iowa resident, received in October. She won’t answer the phone unless her caller ID displays a number she recognizes, but this call showed the number of the hospital where her doctor works.
The person on the phone said she needed Heimer’s Medicare number to make sure it was correct for the new card she would receive. When Heimer hesitated, the woman said, “We’re not asking for a Social Security number or bank numbers or anything like that, this is okay.”
“I can’t believe this, but I gave her my card number,” Heimer said. Then the caller asked questions about her medical history and offered to send her a saliva test “absolutely free.” That’s when Heimer became suspicious and hung up. She contacted the 800-MEDICARE helpline to get a new Medicare number and called the AARP Fraud Watch Network Helpline and the Federal Trade Commission.
But later that morning the phone rang again and this time the caller ID displayed a number matching the toll-free Medicare helpline. When she answered, she recognized the voice of the same woman.
“You’re not from Medicare,” Heimer told her.
“Yes, yes, yes, we are,” the woman insisted. Heimer hung up again.
It has been only several weeks since Heimer disclosed her Medicare number to a stranger and, so far, nothing’s gone wrong. But armed with that number, scammers could bill Medicare for services and medical supplies that beneficiaries never receive, and the scammers could sign seniors up for a Medicare Advantage or drug plan without their knowledge.
In California, reports of deceptive sales practices for Medicare Advantage and drug plans have been the top complaints to the state Senior Medicare Patrol for the past two years, said Sandy Morales, a case manager for the group. The patrol is a federally funded program that helps seniors untangle insurance problems.
Nationwide, the Senior Medical Patrol has sent 74 percent more cases in the first nine months of this year than in all of 2020 to CMS and the Health and Human Services Inspector General for investigation, said Rebecca Kinney, director of the Administration for Community Living’s Office of Healthcare Information and Counseling at HHS, which oversees the patrols. She expects more complaints to come in during Medicare’s open-enrollment period.
And last month, CMS officials warned the private insurance companies selling Medicare Advantage and drug plans that federal requirements prohibit deceptive sales practices.
Kathryn Coleman, director of CMS’s Medicare Drug and Health Plan Contract Administration Group, said in a memo to insurers that the agency is concerned about ads widely promoting Advantage plan benefits that are available only in a limited area or to a restricted number of beneficiaries. CMS has also received complaints about sales information that could be construed as coming from the government and pressure tactics to get seniors to enroll, she said.
Coleman reminded the companies they are “accountable and responsible for their marketing materials and activities, including marketing completed on a MA plan’s behalf” by sales representatives. Companies that violate federal marketing rules can be fined or face enrollment suspensions. A CMS spokesperson could not provide examples of any recent violators or their penalties.
If beneficiaries discover a problem before March 31, the date the three-month disenrollment period ends each year, they have one chance to switch to another plan or to original Medicare. (Those who choose the latter may be unable to buy supplemental or Medigap insurance, with rare exceptions, in all but four states: Connecticut, Maine, Massachusetts and New York.)
After March, they are generally locked into their Advantage or drug plans for the entire year, until the next open enrollment period, unless they’re eligible for one of the rare exceptions to the rule.
CMS this year spelled out another remedy for the first time.
Officials can grant a “special enrollment period” for individuals who want to leave their plan due to deceptive sales tactics. These include “situations in which a beneficiary provides a verbal or written allegation that his or her enrollment in a MA or Part D plan was based upon misleading or incorrect information . . . [or] where a beneficiary states that he or she was enrolled into a plan without his or her knowledge,” according to the Medicare Managed Care Manual.
“This is a really important safety valve for beneficiaries that clearly goes beyond just the limited opportunity to switch plans when someone feels buyer’s remorse,” said David Lipschutz, associate director of the Center for Medicare Advocacy. To use the new option, beneficiaries should contact their state’s health insurance assistance program at Shiphelp.org.
The option to leave is also available if a significant number of plan members are unable to access their doctors or hospitals who were supposed to be in the provider network.
Nonetheless, the scams continue around the country, experts say.
A misleading TV commercial in the San Francisco area has enticed seniors with a host of new benefits including dental, vision, transportation benefits and even “money back into your Social Security account,” Morales said. Beneficiaries have told her group that when they called for information they were “erroneously enrolled into a plan that they never gave permission to enroll into,” she said.
In August, an Ohio senior received a call from someone telling him Medicare was issuing new cards because of the pandemic. When he wouldn’t provide his Medicare number, the caller became angry and the beneficiary felt threatened, said Chris Reeg, director of the Ohio Senior Health Insurance Information Program.
Reeg said another person received a call from a salesperson with bad news: She wasn’t getting all the benefits from Medicare she was entitled to. The beneficiary provided her Medicare number and other information but didn’t realize the caller was enrolling her in a Medicare Advantage plan. She found out when she visited her doctor, who did not accept her new insurance.
Kaiser Health News, which produces in-depth journalism about health, is a program of the Kaiser Family Foundation, an endowed nonprofit organization providing information on health issues to the nation.
Nov, 8, 2021 by Mary Gonzalez
By now, we’re all acquainted with the STIR/SHAKEN caller ID authentication framework and its aim to decrease the number of illegal robocalls and illegal call spoofing by establishing the validated source of a number and the identity behind it. When the STIR/SHAKEN standards were being defined, they were written as if from a single country perspective and so far, deployment has primarily focused on the United States. The fact that the U.S. has deployed STIR/SHAKEN does not mean that it is a U.S.-specific technology.
The standards were designed not to be specific to any given country because it was intended to eventually be deployed abroad country-by-country. Because it was difficult enough to define standards for one country alone, the scope of the standards was designed to consider each country’s regulatory requirements as well as their ownership of the numbers to be validated. Per country, the standards can be tweaked to fit individual needs in terms of the governance while ensuring that at the protocol level it will work cross-border.
The United States has led the way in defining and writing the standards and setting up a method to regulate its implementation through the Robocall Mitigation Database, with relevant deadlines to encourage the due diligence of service providers to implement the standards. The FCC has already begun seeking comments on the future of the enforceability and longevity of this database as an adequate solution to ensuring adoption. Enough time has now passed in the United States regarding domestic traffic for the FCC to begin focusing on gateway providers as the point of entry for foreign calls and cross-border communications.
How trusted cross-border communications could work
In comparison to the United States, Canada is following closely behind with its implementation of the STIR/SHAKEN standard, not in terms of the technologies being used, but in terms of the governance, the structure of the standards, its enforcement, and the deadlines that surround it.
International STIR/SHAKEN expert based in Canada, Jim McEachern, has worked with ATIS, the SIP Forum, and the IP-NNI Task Force within ATIS to help Canada define its own cross-border specifications. For the two countries to establish a trusted system that allows for cross-border voice traffic, is to root this trust in a Certificate Authorities List (CA List).
According to McEachern, “The trust anchor in SHAKEN is when the Governance Authority and Policy Administrator are able to maintain a list of the approved Certificate Authorities who issue the certificates in SHAKEN. That list is effectively the root of trust.”
— Jim McEachern
When a cross-border call is verified you can confirm the call was signed with a certificate that can be traced back to the trusted CA List. If the certification is not present on that list, the call fails. While this may seem like a straightforward solution to ensure trusted communications between countries, the issue lies in that both countries maintain their own CA Lists. If a call gets signed in Canada with a Canadian Certificate Authority (CA), when the United States receives the call they must cross-check it with their own U.S. CA List. If the Canadian CA is not on that list, it fails verification automatically.
This does not mean that the call will be blocked upon entering the United States, but will not be a signed call. At that point, apps or analytics outside of STIR/SHAKEN may or may not block it as suspicious. To protect trusted communications, Canada and the U.S. will need to merge their trusted CA Lists and create a sort of bilateral agreement so that the call can pass cross-border and pass verification. This has not happened yet but hopefully will within the next year, according to McEachern.
Issues of scale
Establishing one bilateral agreement of merged trusted CA Lists with one country is difficult and time-consuming enough. Add in 200 other countries and the number of agreements that need to be made amongst them adds a great deal of time and complexity when scaling this direct approach to other countries.
A centralized database model has been proposed for many sources to register within, allowing these agreements to be done in a more scalable fashion. However, that comes with its own set of issues. Who do you trust? What are the criteria for joining? How will information be monitored and amended? Who hosts the database and who has access to it?
Even if answers to these questions are found, in order to keep bad actors from penetrating the system, a rigorous vetting and Know Your Customer (KYC) policy must be defined and implemented as well. Even though it does not guarantee the complete removal or prevention of bad traffic, it acts as a monitoring, verification, and enforcement mechanism that is able to maintain a higher level of trust.
Regulatory differences and challenges
In the United States, the TRACED Act put out by the FCC defines the need for a caller ID authentication framework in order to address consumer complaints and combat the origination of illegal robocalls. While the TRACED Act does touch on the STIR/SHAKEN standards as a solution, there is a potential danger to tying down laws and regulations to the standards as standards in general require the ability to change and be amended quickly if they need to be. It also complicates the notion of having a single standard to address and meet the laws and requirements of various countries.
“There are very few countries, other than the U.S., that have passed legislation that demands dealing with robocalling. Not many have specifically referenced STIR/SHAKEN in legislation the way the U.S. has come close to doing. But even if you don't have it in the legislation, if every country tackles the problem in their own way, then it might work for all calls within their country but we all know that that's only a small subset of the problem because it won't work between countries and globally.”
— Jim McEachern
Making international STIR/SHAKEN successful
There is not going to be any single deployment of STIR/SHAKEN that can be applied globally at once. Nor will there be a global policeman who can mandate that everyone implement the standards in the same manner. Instead, there will be multiple mechanisms and solutions that will have to rely on a standard that takes interoperability into account in order for it to work end-to-end. To give it the highest chance of success in eliminating or preventing illegally spoofed calls, there must be a robust monitoring and enforcement mechanism, such as a Know Your Customer solution, in order to expand implementation without compromising integrity.
Canadian Radio-television and Telecommunications Commission (CRTC) Commissioner Ian Scott addressed the Canadian Telecom Summit today, highlighting key areas that will likely be the CRTC’s focus over the next year and anticipated updates to the telecommunications and broadband industry in Canada.
CRTC takes November 30, 2021 STIR/SHAKEN Implementation Deadline for all TSPs Seriously
Commissioner Scott confirmed that “on November 30, STIR/SHAKEN technology will become a mandatory condition of service for telecommunications service providers” (TSPs). This suggests, as we previously noted, that STIR/SHAKEN compliance will be a mandatory requirement for all TSPs offering service in Canada. While cross-border STIR/SHAKEN issues—such as how to handle a US-issued Secure Telephone Identify (STI) Certificates in Canada or vice versa—are pending, TSPs should not delay in implementing STIR/SHAKEN before the deadline, which is only two weeks away. TSPs should soon be able to apply for Service Provider Code (SPC) Tokens from the Canadian Secure Token Governance Authority (CST-GA), providing direct access to STI Certificates and allowing for higher level (Level A and B) attestation.
Commissioner Outlines Other CRTC Priorities
Commissioner Scott also touched on a few other topics, suggesting they are CRTC priorities for 2022:
Commission Scott also noted the CRTC believes its approach to implementing mobile virtual network operator (MVNO) access service is valid and acknowledged, with respect to final wholesale aggregated broadband access service rate, the “[CRTC] got that initial decision wrong.” In doing so, Commissioner Scott noted the Telecommunications Act was drafted with review and variance provisions in anticipation that the CRTC “may sometimes make mistakes or base its decisions on an incomplete record.”
The Time to Implement Compliance is Now
Based on Commissioner Scott’s remarks, the CRTC takes its role in regulating and even guiding Canada’s telecommunications industry seriously and expects TSP to do the same, particularly with respect to STIR/SHAKEN. As always, it’s best to take a proactive approach and avoid the consequence of non-compliance, including a CRTC investigation and potential administrative monetary penalties (AMPs).
If you have questions about the applicability of the CRTC’s STIR/SHAKEN requirements, need assistance with preparing an application to the CST-GA, or have other CRTC compliance and applicability questions, please reach out to Ivan Zajicek at 703-714-1310 or isz@commlawgroup.com.
WASHINGTON, DC – Nov., 2012
ATIS announced a technical report and two standards addressing the challenges of call authentication for calls that traverse TDM networks. The technical report provides a framework to evaluate non-IP call authentication and discusses approaches to accommodate the limitations of call authentication for non-IP systems. These approaches are provided through new standards that rely on either underlying TDM capabilities or alternate IP capabilities. While these standards do not cover all non-IP networks or all service scenarios and additional standards work is required, they are a critical step toward mitigating illegal robocalling for consumers whose calls travel over TDM networks.
As of June 30, 2021, the FCC required providers of voice services to implement the STIR/SHAKEN authentication framework, created by ATIS and the SIP Forum, in their internet protocol networks. Providers are also required to take reasonable measures to implement an effective call authentication framework in the provider’s non-internet protocol (i.e., TDM) networks. One of the new ATIS standards makes an important contribution toward addressing this goal and the other presents an approach to addressing situations where there is TDM in the middle of a call path between IP end points.
“ATIS has recognized expertise developing TDM network standards in addition to being instrumental in developing SHAKEN,” said ATIS President and CEO Susan Miller. “As a result, ATIS is uniquely positioned to extend call authentication to TDM networks in a way that ensures SHAKEN compatibility. Looking ahead, the industry work to address the challenges of call authentication for both IP and non-IP networks will continue through ATIS technical committees and the ATIS/SIP Forum Joint IP-NNI Task Force.”
NOV.17, 2021 - Fifty-one State Attorneys General sent reply comments to the FCC urging the Commission to reduce access to numbers by voice service providers (VSPs) that do not have meaningful Know-Your-Customer policies. The State AGs contend that such service providers undercut anti-robocall efforts such as SHAKEN call authentication and the call blocking and labeling tools that SHAKEN enables.
THE PROBLEM
The State AGs submitted their reply comments to the FCC Further Notice of Proposed Rulemaking published in August 2021.
In this notice, the Commission proposed to require additional information and certifications from interconnected VoIP providers that apply for access to numbering resources. The intention is to examine applicants more closely to curb illegal robocalling.
They aren’t just going after the robocallers. They’re going after VSPs that know or should have known that they are originating or transiting illegal robocalls. In their reply comments, the State AGs spelled out the problems clearly. These problems include VSPs that:
* Do not have meaningful Know-Your-Customer policies
* Allow anonymous customer access to numbers
* Supply numbers to new customers on a trial basis
* Provide free, temporary access to phone numbers
* Offer untraceable payment mechanisms
When robocallers use these numbers, provided with little-to-no vetting, the VSPs sign their calls with SHAKEN.
PROPOSED SOLUTION
The State AGs support the following requirements for applicants or authorized holders of access to number resources:
* Disclose foreign ownership.
* Disclose any change in ownership.
* Reject an application or revoke authorization of any applicant or holder that has originated or transmitted illegal robocalls.
* Certify SHAKEN or robocall mitigation in the Robocall Mitigation Database (RMD)
* Inform the Commission if it is subject to a Commission, law enforcement, or regulatory agency action for unlawful robocalls.
* Comply with state requirements and establish minimal state contacts.
THOUGHTS
We notice recurring themes in these comments that we’ve seen in other places. Let’s pull these together to get the big picture.
The FCC periodically announces big fines against robocallers. However, since 2020, we’ve seen their focus turned to VSPs. The Enforcement Bureau issues cease-and-desist letters that tell the VSPs to stop the robocalls within 48 hours and report on your robocall mitigation within 14 days, else other providers will be encouraged to block your calls. We saw the latest episode just three weeks ago.
In their Fourth Report and Order on robocalls, the Commission established affirmative obligations for VSPs to mitigate unlawful robocalls.
In September 2021, the National Association of Attorneys General held a robocall summit. The overarching theme was that State AGs are going to go after VSPs that know, or should have known, that they were originating or transmitting illegal robocalls.
We discussed the legal landscape emerging from the TRACED Act with Jonathan Marashlian, of The CommLaw Group. He reiterated that VSPs should watch State AGs, who are gearing up to go after VSPs that know, or should have known, about illegal robocalls.
In Canada, the CRTC directed the CST-GA to revise eligibility requirements for telephone service providers to participate in SHAKEN. Paraphrasing their decision, the CRTC concluded that the type or size of service provider doesn’t matter for deciding SHAKEN eligibility. What does matter is the trustworthiness of the VSP, which is essential to maintain the integrity of the STIR/SHAKEN framework.
Accordingly, the CST-GA issued the revised policy recently, and a key component centers on vetting the reputation and trustworthiness of the applicant.
We have observed and reported on a consistent pattern we’ve noticed during the first four months of the SHAKEN era, July – October 2021: there’s a high percentage of robocalls that are signed with a partial (B) or gateway (C) attestation. In fact, calls signed with B or C attestation are more than twice as likely to be robocalls as unsigned calls. These observations are consistent with the problems the State AGs outlined in their comments.
So, all this attention and focus directed on VSPs isn’t surprising. We expect this to pick up steam going forward.
To survive and thrive in this new era, VSPs must take a hard look at their customer vetting and robocall mitigation program.
In recent remarks to the Canadian Telecom Summit, Ian Scott, CEO of the CRTC, led off with SHAKEN. “On November 30, STIR/SHAKEN technology will become a mandatory condition of service for telecommunications service providers.” In this article, we review recent developments in the Canadian SHAKEN ecosystem.
Here’s a recap of the key SHAKEN regulations in Canada:
With this policy change, newly eligible TSPs include:
According to the CRTC, “STI certificates would only be denied where it is reasonable to believe that the TSP cannot be trusted.”
ATTESTATION LEVELS
When signing a call, a SHAKEN originating service provider (OSP) provides an attestation level:
Subscribers, especially enterprises making outbound calls, want their calls signed with full attestation so people will be more likely to answer their calls.
A downstream provider can’t do that. The best they can do is a partial attestation. In many cases, however, they don’t know the customer, so they must sign such calls with gateway attestation.
Enterprises won’t like that. Their calls won’t be answered. They will have to take their business to a TSP who can sign their calls with full attestation.
TSPs that aren’t signing their own calls won’t like that. They will lose business because they provide a lesser quality of service. Since only untrustworthy TSPs are denied STI certificates, their reputation will suffer too.
This gives newly eligible TSPs plenty of motivation to join the SHAKEN ecosystem and sign calls themselves:
The CRTC summed it up this way: “The Commission considers that the ability to fully authenticate outgoing calls will become a competitive necessity.”
DEC 8, 2021 - As 2021 winds down, there’s been a flurry of activity on pending and proposed rules for robocall mitigation and SHAKEN call authentication. Here’s a quick recap.
The FCC Wireline Competition Bureau asked for comments on the SHAKEN extensions for small providers and providers that can’t obtain an SPC token necessary to participate in SHAKEN.
Comments and reply comments were filed in November. Here are a few highlights:
The FCC asked for comments on proposed new rules for gateway providers to do both SHAKEN and robocall mitigation on calls with U.S. calling numbers that they bring into the U.S. telephone network.
At first glance, this might seem like a simple, straightforward suggestion. As the saying goes, “Not so fast.” The FNPRM covers a lot of ground in 61 pages, including:
Comments are due December 10, 2021, and reply comments are due January 10, 2022. They’ve just started trickling in, and there’s already a lot to absorb.
The FCC issued a mandate in December 2020 that providers must send immediate blocking notification starting January 1, 2022, using either SIP 607/608 for SIP calls or ISUP 21 for TDM calls.
There have been many comments going back and forth on this.
The argument against is that many carriers aren’t ready, and they won’t be ready on January 1. If the mandate stays, they’ll have to stop blocking robocalls. Advocates have asked that the rule be changed to allow SIP 603 for blocking notification instead.
The counterargument is that SIP 603 is inadequate for facilitating redress. If your call was blocked and you want redress, a SIP 603 isn’t going to help you do that. Advocates for this argument ask the FCC to keep the SIP 607/608 and ISUP 21 requirements but push the deadline back six months.
No word yet from the FCC on this. There’s a note on the FCC Items on Circulation webpage about a “waiver order.” Is that about this issue? We’ll see.
Looks like 2021 might go out with a bang, not a whimper. There’s a lot going on. Here are our thoughts:
The cost of SHAKEN arguments used to advocate for keeping the small provider extension seem rather high for a small provider with low call volume. These folks should shop around—they can probably do much better than that.
The proposed rules would accelerate the timeline for providers that are more likely to transit illegal robocalls. SHAKEN is being used more like a stick than a carrot. We work with many small providers who are doing SHAKEN because it benefits their customers. They went for the carrot: happier customers and better customer retention. The benefits are high, while the cost is modest and easy to justify.
The non-IP SHAKEN extension is an unnecessary drag on SHAKEN adoption. We’re seeing that only 24% of calls received are signed. That’s way too low. It’s time for the non-IP SHAKEN extension to be phased out. SHAKEN for TDM standards have been approved and are commercially available. Let’s go!
Delivering on Chairwoman Rosenworcel’s promise to make robocalls a top priority, the Federal Communications Commission (FCC) issued a Fourth Report and Order amending 47 C.F.R. §§ 64.6300,04,05 by shortening the extension for non-facilities-based small—100,000 or fewer subscriber lines—voice service providers (VSPs) to implement STIR/SHAKEN on IP portions of their network by a year from June 30, 2023 to June 30, 2022, just six month away. The FCC will also require certain “bad actor” small VSPs to implement STIR/SHAKEN within 90 days of an Enforcement Bureau determination following notice that the bureau suspects or failure to meet the VSP’s obligations pursuant to 47 C.F.R. § 64.1200(n)(2).
Six Months for Non-Facilities-Based Small VSPs to Implement STIR/SHAKEN
The FCC originally extended the requirement for small VSPs to implement STIR/SHAKEN to June 30, 2023 if the small VSP filed a Robocall Mitigation Plan in the Robocall Mitigation Database. Now, the extension has been cut by a year to June 30, 2022 for non-facilities-based small VSPs.
The FCC made this change because non-facilities-based small VSPs are “at the greatest risk of originating illegal robocalls” based on “new evidence that some providers subject to this extension were originating a high and increasing share of illegal robocalls relative to their subscriber base.” The FCC’s report and order defines “non-facilities-based” providers as those that offer “voice service to end-users solely using connections that are not sold by the provider or its affiliates.”
Impacted non-facilities-based VSPs will have just six months to implement STIR/SHAKEN, while the original extension (until June 30, 2023) still applies for facilities-based small VSPs. In either case, a small VSP found to be a “bad actor” must implement STIR/SHAKEN on an even more accelerated timeline.
90 Days to Implement STIR/SHAKEN for “Bad Actor” Small VSPs
Despite the distinction for shortening the implementation deadline for only non-facilities-based small VSPs, the FCC will require small VSPs “of any kind suspected of originating illegal robocalls to implement STIR/SHAKEN on an accelerated timeline.”
Specifically, small VSPs “found by the Enforcement Bureau to have failed to, upon notice: mitigate suspected illegal robocall traffic, provide information requested by the Enforcement Bureau, including credible evidence that they are in fact not originating such traffic, respond in a timely manner or failed to meet their burden under” 47 C.F.R. § 64.1200(n)(2). Such small VSPs must implement STIR/SHAKEN within 90 days of an Enforcement Bureau determination that a small VSP (1) failed to respond to the Enforcement Bureau’s notice within the requested timeframe or (2) provided an inadequate response.
Expanded Robocall Ecosystem Continues to Evolve as Each Enforcing Party Adopts to Changes
As the ecosystem surrounding robocalls continues to grow and develop, VSPs must be aware of FCC regulatory changes, such as this significant change to the timeline for certain small VSPs to implement STIR/SHAKEN, and enforcement actions. Because non-facilities-based small VSPs now only have six months to implement STIR/SHAKEN, impacts VSPs should contact us today for assistance to ensure they remain compliant.
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ron Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
In real-time, can you tell the difference between a legal outbound call and an out-of-compliance or fraud call on your network?
In a matter of seconds, we can.
In addition to offering verified ANIs, “Know Your Customer” protocols, and other verifications in the Stir/Shaken ecosystem, we can now give you additional tools to monitor what is actually transiting on your network, without violating state or Federal privacy laws.
By monitoring your calls electronically, recording anomalies, and using both artificial (AI) and human intelligence, anomaly verification can be achieved almost instantly – we can bring the percentage of illegal or fraud calls that might be on your network, down to near zero.
Our monitoring can assist in reducing the financial and operating burden of the industry’s Traceback Group, and FCC’s fines for violations. Ultimately, these burdens have the ability to put you out of business.
Here are whatsome calls might look like:
Feb 2022 - The federal Telephone Consumer Protection Act (TCPA; 47 U.S.C. § 227) and its implementing regulations (47 C.F.R. § 64.1200) regulate the use of automatic telephone dialing systems (ATDS) and artificial or prerecorded voices (“prerecorded messages”) in telephone communications. Generally speaking, the TCPA prohibits using an ATDS or prerecorded message to contact cell phones, and prerecorded telemarketing messages to contact residential phones, unless the recipient has provided and not revoked “consent” to receive the call/text.
This FAQ provides an overview of the TCPA’s requirements. Because every type of calling campaign raises different concerns and the TCPA is significantly more complicated than can be presented here, M&S recommends that businesses consult with an experienced TCPA attorney before conducting any type of calling campaign.
An ATDS is “equipment which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator, and to dial such numbers.” The FCC has held that a predictive dialer also constitutes an ATDS. When determining whether a system is an ATDS, the FCC and courts often focus on whether it has “the capacity to dial numbers without human intervention.” For example, if a representative must click to dial each number, then
the system may not be an ATDS because human intervention is required for dialing each number.
In 2015, the FCC held that “the capacity of an autodialer is not limited to its current configuration but also includes its potential functionalities.” If autodialing features can be activated or deactivated within the system, or if autodialing features can be added through software changes or updates, the FCC considered such features as part of the system’s capacity and, therefore, relevant when determining whether the system is an ATDS. On March 16, 2018, the U.S. Court of Appeals for the D.C.
Circuit vacated the FCC’s potential functionalities test. The Court noted several conflicting views the FCC has taken, and had specific concerns that the overbreadth of the Agency’s interpretation could result in the common smartphone being considered an ATDS. Since the D.C. Circuit’s decision, courts have generally only considered current capacities, including capacities that can be easily activated, akin to “flipping a switch.”
The FCC clarified in June 2020 that a peer-to-peer texting platform, where each message is initiated by a person, is not an ATDS. The logic of its clarification, that a platform that “is not capable of dialing such numbers without a person actively and affirmatively manually dialing each one” is not an ATDS, would apply to similar voice click-to-dial systems as well. Although not binding on courts, the FCC’s position is very persuasive and aligns with court precedents.
What Is the Definition of an ATDS after the Facebook v. Duguid Ruling?
On April 1, 2021, the Supreme Court issued its highly anticipated ATDS ruling
in Facebook, Inc., v. Noah Duguid, et al. The Supreme Court unanimously held that “To qualify as an automatic telephone dialing system under the Telephone Consumer Protection Act, a device must have the capacity either to store a telephone number using a random or sequential number generator, or to produce a telephone number using a random or sequential number generator.”
Facebook successfully argued for this narrow definition of an ATDS, that a dialing system must use a random or sequential number generator to store or produce numbers. Duguid’s broader ATDS definition, that an ATDS must only be capable of producing numbers from a stored list, was rejected by the Court. Had the Court followed Duguid’s interpretation, nearly any modern dialing equipment would have been within the definition of the ATDS interpretation.
Though it resolved the circuit split over the definition of an ATDS, the Court’s ruling did not tie up all loose ends. Plaintiffs are using ambiguous language in footnote 7 of Facebook and potential flexibility under the term “capacity” to keep many TCPA
cases alive. While courts resolve these loose ends, companies using dialer technology should consult with counsel to understand risk mitigation strategies for dialing under this new framework.
Telemarketing or advertising calls made using an ATDS or prerecorded voice (which includes a synthesized voice) to cell phones, or by prerecorded voice to residential lines, require prior express written consent (PEWC). Both the FCC and courts have made it clear that these terms are to be construed broadly and that a sale need not occur during the telephone call for it to be a telemarketing call or a call that introduces an advertisement. Likewise, dual-purpose calls (i.e., calls made for both non-solicitation and solicitation purposes) are considered telemarketing calls under the TCPA. If a call is motivated in part by the desire to achieve a future sale, the call is likely to be deemed a telemarketing call regardless of whether the sale takes place during the initial call, a future call, or a subsequent in-person meeting/transaction.
PEWC means an agreement, in writing, bearing the signature of the person called that clearly and conspicuously discloses that the person authorizes the seller to deliver or cause to be delivered telemarketing calls using an automatic telephone dialing system or an artificial or prerecorded voice to a specified telephone number. Furthermore, the person must be informed they are not required to sign the agreement, or agree to enter into such an agreement, as a condition of purchasing any property, goods, or services.
Although the agreement must be in writing and include the call recipient’s signature, it does not need to be in a particular form or format because the FCC recognized, pursuant to the E-SIGN Act, consent obtained via an “email, Web site form, text message, telephone keypress, or voice recording” is sufficient so long as the other requirements (e.g., mandatory disclosures, identification of the phone number, clear authorization by the person providing consent) are met.
Non-telemarketing calls/texts to cell phones made using an ATDS or prerecorded voice require prior express consent (PEC). The term “prior express consent” is not defined under the TCPA or FCC regulations. However, in 1992, the FCC addressed the issue of PEC in the context of calling wireless numbers by stating:
Persons who knowingly release their phone numbers to a caller have in effect given their invitation or permission to be called at the number which they have given,
absent instructions to the contrary. […] However, if a caller’s number is “captured” by a caller ID or an ANI device without notice to the residential telephone subscriber, the caller cannot be considered to have given an invitation or permission to receive autodialer or prerecorded voice message calls.
The FCC’s broad language in discussing the express consent consumers provide by releasing their telephone numbers is important. The FCC could have limited the scope of the express consent to the specific purpose(s) for which the consumer provided his/her number (e.g., to be contacted when an item is ready to be picked up); however, the only limits placed on this method of obtaining PEC were:
1) the call recipient must have provided the number to the business directly or via an intermediary (i.e., capturing it via caller ID or from a third party is not sufficient);
2) there is no express consent if the call recipient provided “instructions to the contrary” (i.e., indicated that he/she doesn’t want to be contacted at that number);
3) the call must be for “normal business communications;” and
4) the call must be closely related to the purpose for which consent was given.
As recently as 2015, the FCC reiterated its PEC standard.
The TCPA requires that a caller have PEWC before calling a consumer’s wireless or landline number using a PRM for telemarketing purposes. All telemarketing prerecorded messages must include multiple identity and purpose disclosures, provide a phone number for Do Not Call requests and an automated interactive voice or key-press operated opt-out mechanism. Lastly, while the TCPA may not heavily regulate non-telemarketing prerecorded messages beyond ATDS requirements, several states restrict the use of prerecorded messages and automatic dialing and announcing devices.
At least one court has held that systems that deposit a prerecorded voicemail into a consumer’s voicemail box without ringing the consumer’s handset are making calls subject to the TCPA’s consent requirements.
The TCPA requires that a caller have PEWC before calling a consumer’s wireless or landline number using a prerecorded voice for telemarketing purposes. All telemarketing prerecorded messages must include multiple identity and purpose disclosures, provide a phone number for Do Not Call requests, and an automated interactive voice or key-press operated opt-out mechanism. Lastly, while the TCPA may not heavily regulate non-telemarketing prerecorded messages beyond ATDS requirements, several states restrict the use of prerecorded messages and automatic dialing and announcing devices.
In 2003, the Federal Trade Commission and FCC jointly issued rules that together created the National Do Not Call Registry (DNC Registry). Callers are generally prohibited from calling consumer numbers listed on the DNC Registry for telemarketing purposes. Telemarketers must download and scrub against the DNC Registry at least every 31 days unless an exemption applies. The two exemptions are when the caller has (a) written consent from the consumer, or (b) an Established Business Relationship (EBR) with the consumer. The term EBR includes business relationships where the consumer engaged in a transaction with the seller within the previous 18 months (“Transactional EBR”) or inquired about the seller’s goods/services within the previous 3 months (“Inquiry EBR”). Federal DNC laws do not apply to business-to-business calls (except the sale of nondurable office or cleaning supplies). Individual states may have more restrictive requirements.
Businesses that conduct telemarketing must also maintain an internal company- specific DNC list. In fact, no business may initiate any telemarketing call without having “instituted procedures for maintaining a list of persons who request not to receive telemarketing calls made by or on behalf of that [business].” Those procedures must include, at a minimum, a written DNC policy that complies with legal requirements and training of personnel in the use of the DNC list. Although the DNC regulations only require that company-specific DNC requests be honored for 5 years, many companies choose to honor the requests indefinitely for customer service purposes. Calls to consumers that previously made a company-specific DNC
request are prohibited even if the seller has an EBR with the consumer or the consumer provided written consent for such calls prior to making a DNC request.
The FCC can seek up to $16,000 per violation ($26,000 per intentional violation), but the greater practical risk of noncompliance comes from private plaintiff class actions. The TCPA permits private individuals who received calls/texts in violation to seek up to $500 per communication ($1,500 for willful or knowing violations) in statutory damages. A cottage industry of professional plaintiffs and class action attorneys has developed in response to the potential for statutory damages. In the past several years, the number of TCPA cases filed in federal courts has increased dramatically and judgments have reached over $925 million.
STIR/SHAKEN is a set of technical standards to facilitate call authentication. At a high level, STIR/SHAKEN allows an originating carrier to cryptographically sign a call with a rating that demonstrates the carrier’s confidence that the person making the call has the right to use the caller ID associated with the call. The terminating carrier can then decrypt the signature and determine how the call should be dispositioned based upon the rating. Call authentication is not part of the TCPA, but has been mandated by the TRACED Act and FCC regulations. Over time, STIR/SHAKEN should help call recipients have more confidence that the caller is calling on behalf of the person or entity shown on their caller ID. For more information on STIR/SHAKEN, please view our webinar and blogs on the topic.
On July 1, 2021, Florida’s amended Do Not Call statute went into effect. The new law requires the called party’s prior express written consent before any person may make a telephonic solicitation call using an automated system for the selection or dialing of telephone numbers, or the playing of a recorded message when a connection is completed to a number called. This definition is much broader than the TCPA’s ATDS definition and may pose challenges for businesses using equipment that is not considered an ATDS under the TCPA.
As with the TCPA, the amended Do Not Call law provides a private right of action for actual damages or $500 penalty per violation (trebled to $1,500 if willful), whichever is greater, plus attorneys’ fees and costs.
Before conducting a calling or texting campaign, seek the advice of skilled TCPA counsel. The TCPA and other state and federal teleservices regulations form a complicated structure that requires specific knowledge and business acumen to successfully navigate.
* Note: This article is intended to provide a general overview of a topic area and is not legal advice. Still have questions about the TCPA? We can help! Contact us at compliance@mslawgroup.com or 614.939.9955.
Proposal Declares Technology that Leaves Ringless Voicemails on Consumer Cell
Phones Is Subject to FCC Robocalling Restrictions
—
WASHINGTON, February 2, 2022—Federal Communications Commission Chairwoman Jessica Rosenworcel today shared with her colleagues an action which would, if adopted by a vote of the full Commission, require callers to obtain a consumer’s consent before delivering a “ringless voicemail,” a message left in their mailbox without ringing their cell phone.
The Telephone Consumer Protection Act (TCPA), which protects consumers from unwanted robocalls, prohibits making any non-emergency call using an automatic telephone dialing system or an artificial or prerecorded voice to a wireless telephone number without the prior express consent of the called party.
“Ringless voicemail can be annoying, invasive, and can lead to fraud like other robocalls so it should face the same consumer protection rules,” said Chairwoman Rosenworcel. “No one wants to wade through voicemail spam, or miss important messages because their mailbox is full. This FCC action would continue to empower consumers to choose which parties they give permission to contact them.”
The Declaratory Ruling and Order responds to a petition filed by All About the Message. The petitioner asked the Commission to find that delivery of a message directly to a consumer’s cell phone voicemail is not a call protected by the TCPA. The Chairwoman’s proposed action would find ringless voicemails are, in fact, “calls” that require consumers’ prior express consent, and thus deny the petition.
This is just further proof that RVM cannot be used to contact a cell phone without express consent. While there may be arguments to the contrary, don’t believe any phonies who tell you RVM technology is safe and/or TCPA compliant.
Always connect with a lawyer before using starting any new outreach engagement. Dangerous stuff.
Dec 15, 2021
by Gary Christensen
VP of Business Development and Partnerships | AI and Telecom Data Analytics for Consumer Protection and Positive Enterprise Outcomes
Looking ahead to 2022 and beyond, here are ten things to watch in terms of efforts to secure safe voice communications:
Additional Recommended Reading:
The Essential Four Pillars of Safe Voice Communications
Content-based Analytics Definitively Identifies Fraudulent Robocalls
Why Combined Phishing and Vishing Attacks are Perilous to Consumers
Know Your Customer: Critical Role of Audio Analytics in Robocall Threat Mitigation
Take Control of Enterprise Identity and Brand Reputation with the YouMail Data Dashboard
FEBRUARY 14, 2022 - The FCC has begun questioning SHAKEN implementation claims made by some voice service providers in their certification filings in the Robocall Mitigation Database (RMD). Here’s what’s happening.
We understand that the Commission is reaching out to robocall mitigation contacts for voice service providers that meet the following criteria:
The correspondence requires such providers to act by Monday, March 14, 2022, either to:
What brought this on? Perhaps it was the difference between SHAKEN implementation claims versus authorizations.
First, let’s have a look at the RMD filings by SHAKEN Implementation, U.S. companies only. As of February 14, 2022, here are the counts:
ImplementationCountComplete STIR/SHAKEN1,701Partial STIR/SHAKEN1,271No STIR/SHAKEN2,341N/A (intermediate providers)821Total6,134
The latest numbers are available on the Robocall Mitigation Database portal.
Currently, there are only 421 authorized SHAKEN providers listed on the STI Policy Administrator website.
That’s 1,701 complete SHAKEN implementations in the RMD versus 421 in the STI-PA, which includes partial and complete SHAKEN implementations, for a gap of 1,280. What gives?
That’s what the Commission wants to know.
We have reported on this gap in previous blog posts. Some providers are listed on the STI-PA authorized provider list just once yet have many—in some cases hundreds—of RMD filings. However, those providers are generally claiming partial SHAKEN implementations. As far as we know, these recent inquiries went to providers that claimed a complete SHAKEN implementation.
We’ve previously reported that some Originating Service Providers (OSPs) that claim a complete SHAKEN implementation have arranged for a downstream provider to sign calls for them. In many cases, the downstream provider uses its own SHAKEN credentials, not the SHAKEN credentials of the OSP (who doesn’t have SHAKEN credentials).
It’s possible that many of the providers that were contacted fall into this category.
Here’s why the 1,280 gap matters:
If an OSP isn’t SHAKEN approved, then it cannot do SHAKEN as the standards and the FCC defined it.
We’ve described recurring themes that we’ve observed across many cases. However, there are variations on these themes. We aren’t saying that every provider that claimed a complete SHAKEN implementation is doing the same thing. We work with many voice service providers that sign their calls with SHAKEN. Some certified complete SHAKEN in the RMD and are SHAKEN-authorized by the STI-PA.
We’ll be watching to see how this situation unfolds over the coming weeks.
Frontier Communications recently filed suit against voice provider Mobi Telecom for violating Connecticut unfair trade practices law by “intentionally and recklessly” facilitating illegal robocalls. This suit highlights the emerging threat of private litigation that seeks to stave off relentless scam calls and adds yet another dimension to the complex, expansive, and evolving “Robocall Mitigation Enforcement Ecosystem” described in our firm’s recent Educational Advisory:
Frontier argues that Mobi creates a “safe haven” for robocallers by allowing them to make illegal calls without any attempts to mitigate or block the calls. This incentivizes robocallers to do business with Mobi, which Frontier argues unfairly inflates Mobi’s revenue and burdens the customers of other companies with an onslaught of scam calls.
Frontier also states that Mobi’s conduct is “so far divorced from the norm and what is required under the law and FCC regulations.” The Federal Communications Commission (FCC) has made a recent effort to curb the massive amount of robocalls received by consumers by requiring telecommunications carriers to, among other things, verify the sources of calls and terminate the ones detected as spam. Frontier believes that Mobi is engaged in “willful blindness” by failing to implement these FCC-mandated robocall mitigation techniques.
This suit could set a precedent for similar private, non-FCC actions brought against voice providers who fail to comply with the latest anti-scam call strategies. Consumers are clearly fed up with the barrage of robocalls they receive on a regular basis. Their dissatisfaction, like here, may encourage providers to take up arms in the courtroom against other providers who facilitate the illegal calls being made to their customers.
It is vital that all voice providers take a hard look at their robocall mitigation procedures. This suit tells us that providers have more to worry about than mere FCC compliance; private enforcement actions under state consumer protection laws are starting to take shape and may cost providers millions in legal fees. It is better to take action now to ensure compliance than to pay for it later.
If your company would like to have your robocall mitigation strategies reviewed in light of the emerging and existing enforcement techniques, please contact us!
NEED HELP WITH ROBOCALL MITIGATION, COMPLIANCE AND LITIGATION SUPPORT/DEFENSE AGAINST BUSINESS & LEGAL CHALLENGES?
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
by Jonathan Marashlian, Feb 10, 2020
STIR/SHAKEN — before you break out the martini glasses, this is not about the new James Bond film. Instead, this boozy-sounding acronym represents just one discrete element of broad Federal and state government-led effort to crack down on annoying (and often unlawful) telemarketing calls. If you were under the impression that implementing STIR/SHAKEN and complying with Federal Communications Commission (FCC) rules was all your communications company needed to avoid the crosshairs of government and private enforcement actions, think again!
Relieving American consumers of the tens of billions of nuisance calls, among the over 50 billion robocalls placed in 2021 alone, has become the “issue du jour” for not just the FCC, but also the Federal Trade Commission (FTC), Attorneys General from across the United States, and—wait for it—the class action plaintiff’s bar.
Alongside STIR/SHAKEN, telecommunications carriers in the United States must now consider the broad, ever-expanding Robocall Mitigation ecosystem, representing a significant shift from traditional compliance centered on the FCC’s regulatory landscape.
Perhaps the single most important step any company operating in the telecom business can take at this early and uncertain juncture is to consult with experienced telecom counsel. And not just any lawyer, but attorneys that possess both the knowledge and temperament to help clients identify risks and risk mitigation measures that will enhance their client’s defensive positioning cost-effectively to ensure the cost of compliance doesn’t overshadow the need to capitalize on business opportunities.
A New Telecommunications Ecosystem Centered Around Robocall Mitigation
As this ecosystem evolves and becomes more complex, providers must consider fluid, rapidly changing laws and regulations; government enforcement by the FCC and FTC; civil litigation; and the need to quickly respond to Industry Traceback Group (ITG) requests. Each represents a unique perspective and strategy for combatting a single concern: rampant robocalls deteriorating consumer trust.
FCC Compliance – A Valid Starting Point, but Insufficient Alone
Initially, the FCC required all telecommunications providers to comply with minimum requirements, including implementing STIR/SHAKEN or submitting a robocall mitigation plan (RMP) into the robocall mitigation database (RMD) by September 28, 2021 to ensure their calls aren’t blocked. However, we see clear, unmistakable signs that compliance with the bare minimum FCC requirements — although a good starting point — will not be enough to satisfy the onslaught of government regulation and enforcement to come against the scourge of illegal robocalling.
In fact, we anticipate many voice providers, both big and small — and even some non-voice providers whose traffic is indistinguishable from voice — will find themselves ensnared in the grips of a multi-agency, multi-jurisdictional regulatory and enforcement ecosystem. Not to mention the potential for class actions from plaintiff’s attorneys relying on public sentiment to cast a wide Telephone Consumer Protection Act of 1991 (TCPA) net, ensnaring all providers in the call path, even intermediate carriers, associated with “bad” calls.
Even if FCC compliance is no longer sufficient, providers must make sure they stay up-to-date with and compliant with changes. The FCC continues to update requirements, such as a recent approval of public information collections associated with the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, as the robocall ecosystem continues to evolve.
Failing to take actions, either through a “wait and see” approach or minimal compliance, could result in not only costs associated with damages or penalties, but increased compliance requirements with significant administrative and monetary burdens.
Ongoing FTC Regulatory Enforcement /// Understand “Know or Should Have Known” Standards for Customer Identity
While FCC compliance is relatively simple, recent FTC enforcement has shown the importance of “Know Your Customer” (KYC). As the name might suggest, companies use KYC to verify the identities of their customers before doing business. Telecommunications providers can — and are expected to by the FTC — use KYC to ensure that no illegal robocalls are going through to consumers.
After all, the FTC’s enforcement of providers’ facilitation of illegal robocalls hinges on the “known or should have known” standard. Essentially, telecommunications providers may be held liable for failing to utilize KYC technology to mitigate illegal robocalls.
In 2019, the FTC alleged that defendant Globex Telecom, Inc. assisted and facilitated telemarketers it knew, or consciously avoided knowing, were violating the Telemarketing Sales Rule’s prohibitions on calls delivering prerecorded messages. FTC v. Educare Centre Services, Inc., No. 3:19-cv-00196-KC (W.D. Tex. Am. Compl. filed Dec. 3, 2019). The Court halted Globex’s Voice over Internet Protocol (VoIP) services pursuant to a Temporary Restraining Order, showing the significant and immediate impacts to businesses subject to federal regulatory enforcement. In 2020, the FTC sent a warning letter about facilitating illegal robocalls that referenced the Educare case to an intermediate carrier. If the intermediate carrier had engaged in KYC, the warning might have been avoided.
Emerging Threats to the Status Quo of Telecommunications Enforcement // AG’s
In addition to regulatory enforcement by the FCC and the FTC, additional threats to telecommunications providers are likely to come through enforcement actions by state attorneys general (AGs) and even civil litigation initiated by private parties.
For example, state AGs have begun to sue under state consumer protection and deceptive marketing statutes, in part because of growing public frustration with nuisance robocalls. This patchwork of litigation and enforcement could lead to state-by-state compliance. However, state AG enforcement will likely be consistent, including both monetary penalties and forced implementation of technical solutions and processes to combat robocalls. Providers must be aware of nuanced state requirements that impact their services—not knowing what applicable state consumer protection standards might impact your business makes it virtually impossible to know if they are violated until a notice letter is sent when implementing KYC is often too little too late.
Proactively implementing appropriate KYC, following FCC rules, and understanding applicable nuanced state requirements with the help of experience telecommunications counsel can pay significant dividends: reducing the likelihood of penalties and forced compliance that, in retrospect, is likely overkill and much more than would have avoided the issue initially.
Private Litigation
Growing civil litigation by private plaintiffs presents a greater unknown, both in terms of enforcement strategy and consequences, than even rapidly evolving federal and state enforcement. This shift to increased private litigation represents both the growing public frustration and desire by plaintiffs to protect their interests where potential significant recovery exists. In fact, plaintiffs are already alleging damages up to the TCPA’s statutory maximum–$500 per call or $1,500 if conduct was willful—against all providers in the call path. For intermediate providers making fractions of a cent in profit, proactive compliance measures are a smart, cost-effective way to avoid these potential damages and litigation expenses.
Such litigation represents a recurring theme: wherever the legal ecosystem evolves, providing the opportunity to recover damages, class action plaintiff’s lawyers and attorneys for large enterprise consumers of voice services, such as call center operators, are certain to seize upon those opportunities.
We anticipate that questions around the meaning of and extent to which the “Know Your Customer” requirements apply in different contexts will ultimately be answered through litigation and enforcement, and less so through the FCC regulatory rulemaking process, which will lag, particularly as consumer frustrations reach a boiling point.
Questions around damages and who is or can be held responsible for originating, passing, or terminating illegal robocalls are also going to be fleshed out by regulatory enforcement and private litigation. This real, looming threat will affect providers of all sizes, who must be aware of them and factor in risk tolerance to determine what compliance efforts and proactive steps are appropriate.
Unprepared telecommunications providers—likely those with the worst or lowest compliance—will be left holding the bag, which they will need to fill with significant settlement funds.
Ongoing Private Enforcement Shows Some Strategies Being Implemented
Last year, Marriott filed a federal lawsuit against “John Does” alleging, among other harms, illegal robocalls misusing Marriott’s name and violating its intellectual property rights. We speculate that the use of “John Does” preserves Marriott’s ability to amend its complaint to implead carriers and providers that carried or transported the fraudulent traffic. Further, Marriot can rely on the FTC’s “known or should have known” standard to show underlying carriers are the “John Does” that profited from bad actors.
In an unrelated case, a plaintiff suing on behalf of a proposed class argued that several defendants violated federal law for making “obviously spoofed robocalls” carrying pre-recorded or live scam messages using an automatic telephone dialing system. Notably, the court rejected motions to dismiss, rejecting defendant’s arguments that they were “mere middlemen” transmitting the call, showing the significant risks to all telecommunications providers, including originating, intermediate, and terminating carriers.
Ongoing Revisions to Consumer Protection Laws Further Complicate Compliance and Increase Risks
To summarize, let’s take a look at what “Rules of the Road” apply beyond the FCC’s regulations.
First, the most significant risk—even more so than the FCC—are the federal and state consumer protection laws being developed around robocall mitigation. Voice Service Providers (VSPs) should start with the FTC, where the strict “known or should have known” standard is applied to hold VSPs accountable for illegal robocallers using their networks; VSPs should therefore work actively with intermediate and terminating carriers to mitigate illegal robocalls and help prevent those carriers inadvertently blocking the VSPs’ calls.
Next, the same expectations—via KYC and the FTC’s “known or should have known” or a similar standard—are likely to be applied by state AGs enforcing local consumer protection laws to protect their citizens.
And from there? You got it! It’s only a matter of time until the standard of care is being fleshed out in courtrooms all across the country, particularly in private suits where creative attorneys craft cutting edge legal arguments relying on any and all possible standards.
Telecommunications Providers Should Proactively Seek Advice from Counsel to Address Issues Today and Avoid Significantly Higher Costs and Compliance Requirements in the Future //
While it pays off to keep your ear to the ground and pay attention to the entire ecosystem, enlist the support of legal counsel that has telecom experience and a robocall mitigation team—experts that understand this evolving ecosystem and can guide you, not matter your stage in compliance or litigation. A trusted legal advisor can ensure you stay in the loop, update and pivot as needed, and guide your compliance efforts to ensure you are informed and within a comfortable risk exposure.
Companies can be proactive or reactive. Proactive companies that engage counsel early will stay off the radar and timely resolve issues with tools, contracts, policies, and procedures. Reactive companies will save today but pay significantly—both in terms of time and money—to put out fires that could have been avoided.
Reflecting on the history of these types of massive, earth-changing regulatory movements, our Magic 8-Ball tells us that lawyers will be busy defending clients on robocall-related disputes in the future. When it comes to operating in the new ecosystem created by the national effort to curb illegal robocalling, be sure to spend your money wisely, but avoid sitting on your hands and ducking your head in the sand because doing so will come at a remarkably high (and yet entirely avoidable) price.
If you are in the market for legal counsel to guide you through this uncertain time, look no further. The CommLaw Group has the expertise and focus to help telecom providers everywhere assess their risks and bring them within their tolerance. We can assist with assessing compliance, evaluating KYC, and drafting appropriate contracts. But, more importantly, we are aware of the evolving ecosystem and associated risks involved in the national (and at times very local) war against robocalls.
by Gerry Christensen, Feb 9, 2020
Deterrence against any unwanted outcome requires the will to take action and the means to identify when, how, and where behaviors have occurred that require action. This is why monitoring is a key element for successfully deterring unwanted robocalls.
There is a need for content-based communications analytics that focuses on what is delivered in the media layer such as audio clips left behind as voicemail by unwanted robocalls. This is in contrast to event-based analytics, which relies upon inferences gained from the signaling layer, such as SIP messages, or other call related data such as answer seizure rates or call hold times.
A strong argument is made that content-based analytics provides the greatest efficacy as clearly illegal or even definitively fraudulent calls are identified with virtually zero false positives.
In terms of false negatives vs. false positives, the former means it's an unwanted robocall that was not scored as such, and the latter means it's not necessarily unwanted but scored as spam or scam. The former typically results in calls that do not get robocall treatment (labeling, redirection, or blocking) while the latter receives potentially unnecessary treatment.
Originally published as a stand-alone article, Content-based Analytics Definitively Identifies Fraudulent Robocalls the following is republished here for Data Decision Digest subscribers:
Reasonable Analytics: Content-based vs. Event-based
In the battle against illegal robocalls, it is important to note that analytics approaches may be defined by two broad categories: (1) Event-based analytics and (2) Content-based analytics.
Analytics Engines (AE) employing event-based and content-based analytics both provide scoring to inform communication service providers and enterprises. This scoring allows them to determine what to do in terms of call treatment (block, label, or redirect) when presented with robocalls that involve telephone numbers that have previously received algorithmic treatment.
However, only content-based methods analyze data that definitely identifies illegal robocalls such as call payload (content) as depicted in the below illustration:
In contrast, event-based methods rely upon analysis of call event data, which can be indicative of what may have occurred, but is not definitive. Accordingly, event-based analytics are prone to much higher false negative rates than content-based analytics methods. This means that content-based analytics catch many more incidents of illegal robocalls than event-based methods when presented with data associated with bad actor campaigns.
Content-based Analytics have a False Positive Rate of virtually Zero
Conversely, content-based analytics are also much better with respect to false positives, meaning that they rarely, if ever, identify a call as being unlawful that is actually not illegal. On the other hand, event-based methods are more prone to errors of this type as they rely upon data that is indicative but not definitive.
Both methods operate within the framework of FCC rules for Reasonable Analytics and Safe Harbor, which means that a number owner/custodian may initiate redress if they believe that a telephone number is being inappropriately treated by a carrier based on AE risk scoring. In the case of content-based analytics, redress is resolved much faster as it leverages the ability to check if a given telephone number has been involved in any robocall campaigns. If not, there may be a need to check for negative crowd-sourced feedback, which if present, could indicate that callers simply prefer to not receive calls of a certain type.
Content-based Analytics Definitively Identifies Fraudulent Robocalls
In the battle against illegal calls, content-based analytics is particularly advantageous in identifying clearly fraudulent calls. Whereas the burden of proof for a TCPA violation, for example, is arguably problematic for both analytics methods due in part to a recent Supreme Court ruling, violations of the Truth in Caller ID Act are regularly documented via content-based analytics. In fact, incidences of fraud in which the intent to defraud, cause harm, or wrongfully obtain anything of value are routinely identified via content-based analytics, whether telephone number spoofing has occurred or not.
by Eric J. Troutman Editor’s Note: This is an official FCC press release copied below. I just went ahead and ran it for you. Obviously you should NOT be scamming people, taking advantage of people or lying to people with your prerecorded calls. If you do, the FCC will rightly make you pay a whole bunch for that, as this shows. That said, IBA is innocent until proven guilty and the FCC has not yet taken any final action here. Also, I have not verified any of the facts asserted in the press release and IBA has not yet responded to the proposed fine. More to come. Also, notice the Industry Traceback group’s role here. Be sure to speak to counsel if the ITG knocks on your door–and anytime you’re planning an outreach campaign. Stay safe and legal friends.
WASHINGTON, February 18, 2022—The Federal Communications Commission today proposed a $45 million fine against a company that conducted an apparently illegal robocall campaign to sell health insurance under the pretense that the annual enrollment period had been reopened due to the coronavirus pandemic.
Interstate Brokers of America apparently made 514,467 unlawful robocalls without subscribers’ prior express consent or an emergency purpose. This is the largest TCPA robocall fine ever proposed by the Commission.
The FCC’s Enforcement Bureau investigation found that Interstate Brokers made 514,196 robocalls to wireless phones and 271 telemarketing robocalls to landline phones in apparent violation of the Telephone Consumer Protection Act. The Bureau reviewed a sample of 10,000 calls, confirmed with the dialing platform provider that the calls were pre-recorded messages, and spoke to several recipients who confirmed they had not provided to consent to be called.
The proposed fine is based on the verified calls. Interstate Brokers is a Ft. Lauderdale, Florida-based lead generator run by Gregory Robbins and which also does business as National Health Agents. The company purchased lists of phone numbers from third party vendors; it also acquired numbers from consumers looking for health insurance quotes online, without clearly disclosing that, by providing contact information, the consumers would be subject to robocalls. The company left prerecorded voice messages marketing its clients’ insurance plans. Voice recognition software would identify when a consumer answered the call. If a consumer responded by pressing a number on their phone, or by staying on hold, the system automatically transferred the call to a call center operated by Interstate Brokers.
Consumers were then offered insurance products sold by one of several insurance companies that had hired Interstate Brokers One of the company’s prerecorded voice messages stated: “Many states’ opened enrollment options to combat the COVID-19 virus and our plans include telemedicine services that would allow you to see a doctor over the phone or a video that could treat common sickness like the cold and flu. Give me a call back, at our phone number … and I can go over what is still available in your area.”
The FCC’s investigation was prompted by a report from the Industry Traceback Group of suspected illegal robocall traffic. FCC investigators also reviewed consumer complaints including those found online. For example, one consumer wrote online: “Message left from ‘Ashley’ from the Health care center calling to announce open enrollment for health care due to COVID-19. … Called on my work cell phone that I do no personal business on.”
Under the Telephone Consumer Protection Act, robocalls made to wireless phones and telemarketing robocalls made to landlines require prior written consent of the called party. Many of the calls also were made, apparently unlawfully, to consumers on the Do Not Call Registry.
The proposed action, formally called a Notice of Apparent Liability for Forfeiture, or NAL, contains only allegations that advise a party – Gregory Robbins, Interstate Brokers of America LLC, and National Health Agents LLC – on how it has apparently violated the law and may set forth a proposed monetary penalty. The Commission may not impose a greater monetary penalty in this case than the amount proposed in the NAL. Neither the allegations nor the proposed sanctions in the NAL are final Commission actions. The party will be given an opportunity to respond, and the Commission will consider the party’s submission of evidence and legal arguments before acting further to resolve the matter.
Action by the Commission February 18, 2022 by Notice of Apparent Liability for Forfeiture (FCC 22-16). Chairwoman Rosenworcel, Commissioners Carr, Starks, and Simington approving. Chairwoman Rosenworcel and Commissioner Starks issuing separate statements.
WASHINGTON (Reuters) - The Federal Communications Commission (FCC) said on Thursday that voice service providers Bandwidth Inc and Vonage Holding lost a partial exemption from standards aimed at stopping robocalls and were referred for further investigation.
“We will not turn a blind eye to providers that have not done enough to protect consumers from spoofed robocalls,” said FCC Chairwoman Jessica Rosenworcel, saying the FCC had referred the companies to the commission’s Enforcement Bureau.
The FCC is overseeing compliance with provider phone companies to implement standards designed to help prevent unwanted phone calls, required by June 2021.
The standards, known as “STIR/SHAKEN”, provide a common information sharing language between networks to verify caller ID information and help prevent robocalls.
Under a Congressional directive, providers meeting early implementation goals 2020 were granted some conditional leniency.
The FCC said Vonage is not verifying caller ID information for all authenticated calls it receives, as required by FCC rules.
Vonage did not immediately comment.
Bandwidth said it was an early adopter of the standards “to prevent robocalling” but acknowledged it still operates “some legacy equipment that supports a small amount of traffic that cannot support the STIR/SHAKEN standards at this time.”
Bandwidth added it is “working diligently to move this traffic off of this legacy equipment so we can be fully compliant with STIR/SHAKEN standards.”
At the request of the Federal Trade Commission, federal courts in California ordered two Voice-over-Internet Protocol (VoIP) service providers to turn over information that the agency is seeking as part of ongoing investigations into potentially illegal robocalls. Companies that fail to comply with such federal court orders can be held in contempt.
“Companies that receive FTC Civil Investigative Demands must promptly produce all required information,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “These demands are not voluntary. Companies that don’t respond fully, or don’t respond at all, will have to answer to a federal district court judge, as these cases demonstrate.”
VoIP service providers are companies that facilitate the transmission of telephone calls over the Internet. As billions of illegal telemarketing calls and robocalls pass through VoIP service providers each year, the FTC has worked to ensure they do not transmit illegal calls – especially those coming from overseas.
The Commission frequently issues Civil Investigative Demands (CIDs) to VoIP service providers that carry potentially illegal calls to collect important information to help stop the calls, including information about the company’s customers and efforts to comply with the Telemarketing Sales Rule.
The first order announced today requires VoIP service provider XCast Labs, Inc. (XCast), headquartered in Los Angeles, California, to comply with a CID issued as part of an FTC investigation into a series of illegal robocalls. Although the CID directed XCast to produce selected information and documents by the end of February 2021, the company produced only a small fraction of the required information, even after receiving an extension of the response deadline from Commission staff. When further efforts to work cooperatively with XCast proved unsuccessful, the Commission filed a petition in federal court seeking to compel compliance with the CID.
In response to that petition, a United States magistrate judge issued a report in December 2021 concluding “that the FTC is entitled to enforcement of the remainder of the CID,” and recommending that the district judge enter an order requiring XCast to comply. The district judge accepted that recommendation in January and issued an order compelling XCast’s compliance with the CID.
The second order announced today requires VoIP service provider Deltracon, Inc., located in Irvine, California, to turn over information required under another Commission CID issued in January 2021.
When Deltracon failed to respond to that CID, the Commission went to federal court to enforce compliance, explaining that neither the company nor its principals had responded to the CID, which “materially impeded the FTC’s investigation.” The court granted the FTC’s petition, and in response, Deltracon finally turned over all the required information.
Washington, DC Feb.14, 2020
The FTC previously has charged VoIP service providers who facilitate the transmission of illegal calls with violating the FTC Act and the TSR. Most recently, the Commission sued Alcazar Networks Inc. and its owner, charging them with facilitating illegal telemarketing calls by, among other things, knowingly providing VoIP services to an Indian company that fraudulently displayed “911” as the caller ID number and dialed calls impersonating the Social Security Administration.
The court order settling the FTC’s charges prohibits the defendants from violating the TSR or assisting anyone else in doing so. The order also permanently bans Alcazar Networks from assisting telemarketers or overseas customers with dialing robocalls or calls to phone numbers on the DNC Registry.
The Federal Trade Commission works to promote competition, stop deceptive and unfair business practices and scams, and educate consumers. Report fraud, scams, or bad business practices at ReportFraud.ftc.gov. Get consumer advice at consumer.ftc.gov. Also, follow the FTC on social media, subscribe to press releases, and read the FTC’s blogs.
by Eric J. Troutman Feb 21, 2022
As TCPA.World readers know, TCPA class actions related to political messages are something of a growing pastime. If you’re a Republican, you sue Democratic campaigns who pester you with unwanted messages. If you’re a Democrat, you sue Republican campaigns–or perhaps the Republican National Committee–for such messages.
The fun part is that since all candidates and campaigns seem to be robocalling people these days regardless of party affiliation, everyone can join in–and there’s seemingly no limit to the number of lawsuits that can arise out of campaign season (which is just about to start.)
Well a new TCPA case out of Puerto Rico should give political candidates a bit of pause–it turns out these folks can be PERSONALLY SUED for messages sent by their campaigns. And that’s a bit of a stunner.
In Rowan v. Pierce, CIVIL NO. 20-1648 (RAM), 2022 U.S. Dist. LEXIS 14547 (D.P.R. January 21, 2022) the Court refused to dismiss former presidential candidate Brock Pierce from a robocall lawsuit arising out of campaign messages promoting his failed bid to be President.
Since Brock Pierce was a child movie star and a crypto millionaire, he felt he was well-qualified to lead our nation back from the COVID pandemic–and who’s to say he was wrong–and decided to use prerecorded calls to let everyone know about it. Unfortunately for him, of course, the TCPA bans prerecorded calls to cell phones–even voicemails and even political messages–without express consent of the called party. And the TCPA is enforceable in private class action lawsuits that can net $500-$1,500 a call, as TCPAWorld readers well know.
But what is less well known, is whether candidates can be personally sued for messages from their campaigns. Usually these suits are focused solely on the campaign and do not seek to personally name the candidate. In fact, while I can think of suits where a platform used by a candidate was sued–and even the owners of the platform were personally sued–I can’t think of another time a candidate was personally sued for a campaign message.
Well the Rowan court had no problem with the concept and held that Pierce could be personally liable because the complaint alleged Pierce: (1) collected independent voter lists to gather voters’ phone numbers; (2) created and controlled the content of the prerecorded calls; (3) determined to whom the calls should be made; (4) authorized the prerecorded calls; and (5) sent the prerecorded messages to individuals without first obtaining their consent to receive them.
So if it turns out Pierce wasn’t personally involved with these efforts then he can’t be held liable. But if he was… Pierce will have t pay $500 (or more) for each call that violated the TCPA–and that could cost Pierce literally dozens of bitcoin (or millions of that less valuable currency known as dollars).
So there you go folks, just like CEOs and corporate officers, directors, employees and compliance staff, candidates can also be personally liable for messages sent under their control.
Will this slow the rampant scourge of political robocalls this year? Probably not. But it should make for a bunch of fun political TCPA suits. I’ll keep an eye on this for you.
In its continuing efforts to combat unlawful robocalls and malicious caller ID spoofing, the Federal Communications Commission (“FCC”) is sending out a flurry of cease-and-desist letters to entities that are transmitting illegal robocalls, and is working with State Attorneys General to “build robocalling partnerships” to enhance enforcement efforts.
On February 17, 2022, the FCC announced it has sent cease-and-desist letters to more than a dozen voice service providers suspected of facilitating illegal robocall traffic. These letters resulted from investigations conducted by the FCC in conjunction with USTelecom’s Industry Traceback Group (“ITG”), which revealed the carriers are apparently transmitted numerous illegal robocalls, in violation of the anti-robocall provisions of the Communications Act and the FCC’s rules.[1]
The FCC made clear that, should this practice not end immediately, downstream network operators would be authorized to block traffic from these companies. The companies are required to report to the Commission the concrete steps they implemented to prevent a recurrence of these operations. The FCC continues to monitor all these companies’ activities and, should a recurrence take place, stands ready to authorize the blocking of traffic from any of these duly warned companies.
Specifically, the recipients were ordered to immediately take steps to “effectively mitigate illegal traffic” within 48 hours of receiving the letter and inform the FCC and ITG within 14 days about the steps they have taken to prevent customers from using their networks to make illegal calls. These admonishments are getting results, with the providers quickly responding and committing to take actions to stop the flow of robocalls on their networks. The threat of blocked calls has apparently lit a fire under the providers to comply with the FCC’s robocall rules.
The FCC also recently announced that it has signed robocall enforcement memoranda of understanding (“MOUs”) with the State Attorneys General of Colorado and Vermont, bringing the total of such state-federal partnerships to 16 with the goal of extending this level of collaboration to every state and territory. These federal-state partnerships streamline the sharing of information and enable close cooperation on robocall investigations. During investigations, both the FCC and state investigators seek records, talk to witnesses, interview targets, examine consumer complaints, and take other critical steps to build a record against possible bad actors. The MOUs are critical resources for building cases and preventing duplicative efforts.
These joint efforts are already bearing fruit. The most manifest example is the recent case where the FCC and eight State Attorney General investigated and brought down a telemarketer who made approximately 1 billion illegally spoofed robocalls to sell short-term, limited-duration health insurance plans during the Covid pandemic. This investigation, wherein the states provided crucial evidence about the robocall operations, resulted in the FCC issuing a $225 million fine, the largest in its history, and the states filing suit in the Southern District of Texas seeking damages and a permanent injunction against the telemarketer.
For more information, please contact us.
The CommLaw Group has experienced attorneys who can help you to ensure compliance with robocall mitigation requirements and assist in enforcement proceedings. For further information please contact Jonathan S. Marashlian at jsm@commlawgroup.com or (703) 714-1313; or Ronald E. Quirk at req@commlawgroup.com or (703) 714-1305.
[1] 47 USC § 227(b); 47 CFR §64.1200(a)
FEBRUARY 23, 2022
Ofcom, the U.K. regulator for communications services, just announced their plans to respond to the problem of scam calls and texts. Here’s a summary and comparison of their approach with policies in the U.S. and Canada.
Their 37-page policy positioning statement, Tackling scam calls and texts, describes the following challenges:
Ofcom has already issued policies to combat nuisance calls:
Ofcom’s proposed policy direction includes the following:
Ofcom is engaged in consultation on these policies and aim to complete consultation on 20 April 2022. They will publish their decisions in Autumn 2022.
Feb 20, 2022 - TCPA class actions are a continuous threat to companies that engage in direct-to-consumer marketing over the phone. And while these cases can impact businesses in any vertical, mortgage companies seem to bear an outsized brunt. Especially when the Wolf of TCPAWorld is out hunting.
In a new suit files yesterday, Paronich is representing a consumer who lives in Colorado in a TCPA class action against a Michigan based Step Up Mortgage, LLC and lead provider Blitz Services, in connection with a prerecorded call allegedly left by Blitz without the called party’s consent.
The Complaint seeks to represent a class of:
All persons within the United States to whom: (a) Blitz Services and/or a third party acting on their behalf, made one or more non-emergency telephone calls; (b) to a cellular telephone number; (c) using the same or a similar recorded message used in calling Plaintiff; and (d) at any time in the period that begins four years before the date of the filing of this Complaint to trial
The calls at issue were marketing calls, although the script suggests that the caller had previously spoken to the consumer:
This is Brian, I know you get a ton of these calls but I have in my record here that we had spoken before about your mortgage and I wanted to reach out again we have the absolute lowest interest rates in the country we can beat anyone out there so we can definitely improve your mortgage payment we can even help people who have no documentable income and who have less than perfect credit. I’d really really love to talk with you as soon as possible and save you as much money as we can give me a call.
According to the complaint, the Plaintiff had never spoken to “Brian” before and this message was just a cold call solicitation (if true, that would make this campaign problematic both because it was conducted without consent and also because it is potentially misleading to consumers–that’s a bad look.)
The Defendants have not yet appeared in the case and it remains to be seen whether these allegations have any merit.
It is important for folks that make outbound calls and/or buy leads to keep the risk of TCPA suits in mind. Notice how both the lead supplier and the mortgage company are being sued here–this is very common in TCPA suits.
Notice also that the call at issue (just one) was a prerecorded call- after Facebook it is far more likely you will be sued for using prerecorded calls than other forms of communication (such as text).
Notice one last time, that although there was only one call at issue because it is a prerecorded call the Plaintiff can sue–unlike a DNC claim, a TCPA claim for use of regulated technology without consent does not require multiple calls.
Feb. 20, 2020 -- On Feb. 17, 2022, the Federal Communications Commission (FCC) released a Notice of Apparent Liability for Forfeiture (NAL) that detailed the proposed penalty assigned to IK Communications, a New Jersey-based prepaid calling card provider, for failure to file annual Telecommunications Reporting Worksheets (Worksheets) with the Universal Service Administrative Company (USAC) to support the FCC’s universal service programs. The FCC recommended a fine of $100,000 for violations spanning from 2015 to 2021.
Service providers that contribute to USF must file an Annual Worksheet (FCC Form 499-A) and, in some cases, a Quarterly Worksheet (FCC Form 499-Q). Annual worksheets are due by April 1 of each year while quarterly worksheets are due by February 1, May 1, August 1, and November 1 each year. The information contained in these worksheets must be truthful, timely, and complete.
Filing annual Worksheets with USAC helps determine the provider’s contribution responsibilities for the Universal Service Fund (USF) and other federal funding mechanisms. The administrators of these funds as well as the FCC rely on these Worksheets to assess fair and accurate fees owed by the provider. The FCC states that failing to file these Worksheets accurately and in a timely manner undermines the Commission’s goal of promoting universal service through USF.
According to the FCC NAL, IK Communications has not filed an Annual Worksheet since 2015. USAC sent a Letter of Inquiry (LOI) to IK Communications concerning the missing Worksheets, but the company did not respond. An LOI constitutes an FCC Order, and failure to respond is a violation of said Order. Accordingly, the FCC determined that IK Communications “apparently, willfully, and repeatedly” violated FCC rules by failing to submit Annual Worksheets and by failing to respond to the LOI. The Commission has proposed a fine totaling $100,000 for these violations.
The base fine for failure to file Annual Worksheets is $3,000, but the FCC is entitled to adjust the forfeiture upward for “egregious misconduct, ability to pay and relative disincentive, an intentional violation, substantial harm, prior violations of Commission requirements, substantial economic gain, or repeated or continuous violations.” Because of the importance of Annual Worksheets in conducting the USF and other provider-contributed funds, the FCC has historically imposed a fine of at least $50,000 for failure to file this Worksheet. Each missed Annual Worksheet deadline is a separate violation, but the fine only encompasses the most recent missed deadline as previous violations fall outside of the statute of limitations. The Commission imposed an upward adjustment of $25,000 on IK Communications because of the repeated nature of IK Communications’ violations over six years. The remaining $25,000 fine stems from IK Communications’ failure to respond to the LOI, which typically carries a base forfeiture of $4,000.
Annual and Quarterly Worksheets are due again on April 1 and May 1, respectively. Don’t end up like IK Communications – saddled with a huge fine over a handful of missing forms.
David Klein * February 17, 2022
The Federal Trade Commission (“FTC”) recently sent a strong message in enforcing its demands for information from certain VoIP providers. As part of an investigation into alleged robocall violations, the FTC sent letters demanding information from VoIP providers concerning certain telemarketing users. When the service providers failed to comply with the demands, the FTC sued them to force compliance and participation in the investigation. These FTC VoIP actions are notable for their targeting service providers that failed to cooperate as part of FTC enforcement proceedings, instead of just targeting the allegedly offending telemarketer(s).
The FTC enforces certain telemarketing laws, including the Telemarketing Sales Rule (“TSR”). It often does so through issuing Civil Investigative Demands (“CIDs”) to companies, demanding documents and information relevant to an FTC investigation. These CIDs are, effectively, government subpoenas for information. Recipients can lodge legal objections to requests contained in CIDs, but compliance is not optional. Where a company fails to comply, the FTC can bring a lawsuit to get a court of law to order compliance and, sometimes, impose monetary penalties on the target of the CID.
Recently, the FTC served CIDs on several VoIP providers. These providers produced very few documents and provided very little information in response. Several providers delayed in complying or offering any meaningful cooperation for months. Tired of waiting, the FTC successfully sued several providers to force them to produce documents and information concerning, for example: customer robocall complaints, call data and history associated with telemarketers that were targeted by FTC investigations, and policies and procedures that the VoIP providers use to comply with applicable telemarketing laws.
These FTC VoIP service provider-related actions serve as an important reminder that the first rule of FTC investigations is to engage. When reacting to receiving a CID, it is important to be prompt, reasonable, and calm. The FTC does not have unlimited authority to demand any document or get any piece of information. And the FTC is not the final arbiter of what a particular telemarketing statute or rule means. Still, engaging in a conversation with the FTC and providing some meaningful information is usually more productive than simply trying to stonewall.
The procedures for objecting to a CID are specific. Following the correct procedures and adhering to the tight deadlines is just as important as responding to the substance of the demand. Whether you are the target of an FTC investigation or just a source of information, carefully complying with CID procedures is important if you want to avoid ending up in court.
The Federal Communications Commission continues its fight against robocalls, with several recent actions that include its largest-ever proposed fine against a Florida-based robocalling operation, a crackdown on service providers who have allegedly not lived up to their commitments to implementing the STIR/SHAKEN call authentication framework, and new enforcement partnerships at the state level to help track down and prosecute illegal robocall operations.
The FCC also issued additional cease-and-desist orders for originating or gateway network providers that the agency said are allowing illegal spam and scam calls to originate on or traverse their networks.
“Our message to anyone helping illegal robocalls remains simple and consistent: Stop it now or face serious consequences,” said FCC Chairwoman Jessica Rosenworcel, in a statement. “Providers must meet their consumer protection obligations. If they do not, we are ready to take swift and meaningful action against bad actors.”
Among the specifics of the actions:
-The FCC proposed a $45 million fine against a company, Interstate Brokers of America, that it says made more than half a million robocalls to wireless phones with pre-recorded messages, without consent from consumers who received the calls and to numbers which were on the Do Not Call registry. The calls tried to sell health insurance “under the pretense that the annual enrollment period had been reopened due to the coronavirus pandemic,” the FCC said, adding that its investigation was prompted by a report from the Industry
Traceback Group of suspected illegal robocall traffic. Interstate Brokers has a chance to respond to the allegations before the FCC takes final action on the matter.
-Voice providers Vonage (which is in the process of being acquired by Ericsson) and Bandwidth both lost a partial exemption from STIR/SHAKEN deployment deadlines, because, the agency said, they didn’t meet certain commitments to implement the framework. The FCC has referred both to its Enforcement Bureau.
“The FCC is keeping close watch as phone companies implement STIR/SHAKEN – a critical tool to help robocall blocking and consumer information,” said Rosenworcel. “We will hold companies accountable if they fail to meet their commitments to protect consumers from robocalls.”
-The FCC sent cease-and-desist letters to voice providers Great Choice Telecom and TCA Voip demanding that they take action within 48 hours to mitigate illegal robocall traffic utilizing their services. The agency said that it has sent 15 such letters to date; the agency said that “voice service providers that not only carry robocall traffic but appear to play a role in originating that traffic also face potential removal from the Robocall Mitigation Database,” which would allow downstream voice service providers to block all of a provider’s traffic.
-Finally, the FCC also announced several new state-level, formal partnerships to help track and crack down on illegal robocalling operations. The agency signed memoranda of understanding with the states of Colorado and Vermont, bringing its state-federal robocall enforcement partnerships to 16. The FCC said it wants to have that level of partnership with every state, and that the “formal investigatory partnerships between State Attorneys General and the FCC’s Enforcement Bureau help protect consumers around the country from unwanted and illegal robocalls and spoofing scams.”
“Robocalls are not only a constant nuisance, but they are also a tool for scammers to rob
Americans of billions of their hard-earned dollars,” said North Carolina Attorney General Josh Stein, who is one of several state AGs who has been supportive of these collaborations. “The best way to protect people from robocalls is by working together at every level.”
On March 2, 2022, Public Knowledge, a nonprofit organization that seeks to promote open access to the Internet and other communications tools, filed a Petition for Declaratory Ruling with the Federal Communications Commission (FCC) asking the Commission to classify interconnected Voice Over Internet Protocol (I-VoIP) services as Title II common carrier services. If the FCC takes this action, I-VoIP providers will have to comply with additional federal obligations and may be subjected to state regulation in the future.
As it stands, the FCC has not decided the regulatory classification of I-VoIP providers but has instead taken a piecemeal approach, addressing regulatory issues as they arose. Over the years, the FCC has used its ancillary jurisdiction under Title I of the Communications Act to extend many of the requirements of Title II providers to I-VoIP providers. For example, the FCC requires I-VoIP providers to take steps to ensure that customers can contact emergency services. I-VoIP providers are also required to contribute to the Universal Service Fund and to protect consumer proprietary network information (CPNI) in accordance with the FCC’s rules.
If the FCC determines that I-VoIP providers should get Title II treatment, more requirements already applied to voice services will presumably apply to I-VoIP providers. For instance, Title II services must provide rates that are just and reasonable, without unreasonable discrimination or undue preference, and must provide services on demand. If providing international origination or termination services, a Section 214 international authorization (214 license) will become necessary. Additionally, Title II I-VoIP providers will likely be required to seek FCC approval prior to the transfer of assets or corporate control in mergers and acquisitions. This would slow the speed of transactions significantly, especially when foreign entities are involved (arising “Team Telecom” national security reviews).
Further, classifying I-VoIP as common carriers could open the door for increased state regulatory oversight, requirements, and burdens; likewise impacting the efficiency and ease of M&A and financing activity that I-VoIP currently enjoys.
The FCC will likely seek comments on this Petition in the coming weeks, though no notice has been released yet. The impact of this matter on the potential regulatory obligations of I-VoIP providers cannot be understated. If you or your business would like to keep track of this matter or submit comments once the comment period begins, please contact Jonathan Marashlian at jsm@commlawgroup.com or (703) 714-1313.
On February 28, 2022, the Federal Communications (FCC) released a Notice of Inquiry (NOI) asking from the public regarding the sufficiency of the Border Gateway Protocol (BGP) and the steps, if any, the FCC should take to protect and strengthen the nation’s independently managed networks from hijackers. Changes in this area could potentially impose huge burdens on providers — financial and otherwise. Therefore, providers should seriously consider submitting comments or at least monitoring this matter in case increased obligations are imposed.
BGP is the routing protocol for exchanging reachability information among independently managed networks online. As a general matter, BGP does not include security features to certify the information being exchanged. According to the FCC, this allows hijackers to deliberately falsify BGP information in order intercept or otherwise redirect traffic from its intended recipient — exposing U.S. citizens’ personally identifiable information (PII), enabling theft, extortion, and espionage in the process.
To protect U.S. citizens and commerce, the FCC is exploring ways to mitigate the vulnerabilities of BGP. The NOI mentions the possibility of promulgating regulations that may apply to wireline and wireless Internet Service Providers (ISPs), Internet Exchange Providers (IEPs), and interconnected VoIP (I-VoIP) providers, operators of content delivery networks, cloud service providers, and more.
The NOI discusses many possible solutions that, for various reasons, have not yet become widespread. For example, the Commission mentions BGPsec, an extension to BGP that provides a secure path through which reachability information passes. Widespread implementation of BGPsec-compliant routers could cause compatibility issues with existing networks. Additionally, the NOI discusses Resource Public Key Infrastructure (RPKI), a system for providing cryptographically secure registries of Internet resources and routing authorizations. This solution would bring implementation costs as well and may interfere with ISP’s service level agreements. Another potential solution is the widespread implementation of Mutually Agreed Norms for Routing Security (MANRS), an organizational initiative over 700 members strong that purports to reduce hijacking by requiring its members to implement certain tools and best practices stipulated by the Internet Engineering Task Force. The FCC anticipates that some compliance with MANRS is just an update of policies and practices but may also require equipment replacement and software updates.
The FCC seeks comments in relation to the costs and burdens of improving security. Specifically, the FCC contemplates equipment and software upgrades as well as burdens to the consumer like service cost increases or speed reductions. Many types of providers could be affected by these proposals. Therefore, they are encouraged to weigh in, or at least monitor this development as the FCC develops its record in contemplation of further regulation. Now is the time to raise issues about how these security measures could affect your business. Please contact Linda McReynolds at lgm@commlawgroup.com or (703) 714-1318 if you would like to participate in this matter. Comments are due on March 30, 2022.
Last year, more than 23-thousand Ohioans complained to the Attorney General's office about unwanted robocalls.
Now, beginning March 2nd, a new state law will help crack down on companies who use technology to create a phony caller ID.
The unwanted practice is called "spoofing." It's when robocallers use a phone number that might look familiar to your area code in an attempt to get you to pick up the phone.
Senate Bill 54 makes any attempt to use technology to create these inaccurate or misleading caller ID's illegal. The new law also increases the penalty for spoofing to a felony of the fourth degree when the victim is an elderly person, adult with disabilities, or an active duty service member or their spouse.
Here are some of the changes in law that will provide the Attorney General more tools to take legal action.
1.) SB 54 allows the AG to take action against third parties, such as voice service providers, for assisting robocallers.
The AG's Office provided the following example:
2. ) SB 54 also allows the Attorney General to use the Ohio’s Consumer Sales Practices Act if the deceptive calls take place during the course of a consumer transaction.
The AG's Office provided the following example:
3.) SB 54 also authorizes the Attorney General to prosecute violations of spoofing and telecommunication fraud if a county prosecutor declines to present to grand jury within 45 days after being presented evidence.
March 17, 2022 -- The Federal Communications Commission announced the proposed universal service contribution factor for the second quarter of 2022 will be 23.8%.
If your company has any questions or would like to engage in a Communications Taxes & Fees “Optimization” or learn about other Operational Best Practices to potentially minimize the economic impact of federal USF contribution costs and end user pass-through surcharges while maintaining full compliance with applicable rules & regulations, please contact Jonathan S. Marashlian at jsm@commlawgroup.com.
This is the Complaint
I. Introduction
The Vermont Attorney General brings this suit against Defendants Dominic
K. Bohnett, Telecom Carrier Access, LLC d/b/a TCA VOIP, and Telecom Carrier Access, Inc. d/b/a TCA VOiP for knowingly facilitating illegal robocalls. On at least 132 occasions, Defendants have been put on notice that they were facilitating illegal robocalls into the United States. Defendants ignored the import of these notifications. In monitoring their call traffic, Defendants can see, in near real-time, that their call traffic consists primarily of illegal robocalls. But Defendants have chosen profits over legality, typically earning from $1500 to $5000 each weekday from their substantially illegal activity. In the process, Defendants have knowingly brought thousands-if not hundreds of thousands-of illegal and fraudulent phone calls into the State of Vermont, and hundreds of millions nationwide. Defendants' conduct violates the Telemarketing and Consumer Fraud and Abuse Prevention Act, the Telemarketing
Sales Rule, the Telephone Consumer Protection Act, the Vermont Consumer Protection Act, and the Vermont Telephone Solicitation Act. For such violation, the Vermont Attorney General seeks injunctive relief, civil penalties, disgorgement, fees and costs, and other appropriate relief.
I. Jurisdiction and Venue
1. This Court has subject matter jurisdiction over this action pursuant to 28 U.S.C. §§ 1331, 1337(a), 1355; the Telemarketing and Consumer Fraud and Abuse Prevention Act ("Telemarketing Act"), 15 U.S.C. § 6103(e), and the Telemarketing Sales Rule ("TSR"), 16 C.F.R. § 310; the Telephone Consumer Protection Act, 47
U.S.C. § 227(g)(2); this Court has pendant jurisdiction over the state law claims pursuant to 28 U.S.C. § 1367.
2. Venue is proper in this District under 28 U.S.C. §§ 1391(b), 1395(a), 47
U.S.C. §§ 227(e)(6)(E), 227(g)(4), and 15 U.S.C § 6103(e). A substantial part of the events or omissions giving rise to the claims alleged in this Complaint occurred in this District.
3. Plaintiff has notified the Federal Communications Commission ("FCC") of this civil action, pursuant to 47 U.S.C. § 227(g)(3).
4. Plaintiff has notified the Federal Trade Commission ("FTC") of this civil action, pursuant to 15 U.S.C. § 6103(b).
II. Parties
5. The Vermont Attorney General is authorized under the Vermont Consumer Protection Act, 9 V.S.A. § 2458, to sue to enforce the Act's prohibitions on unfair and deceptive acts and practices in commerce.
6. The Vermont Attorney General has the right to appear in any civil action in which the State has an interest. 3 V.S.A. § 157. The Attorney General has an interest in ensuring that persons and entities that do business in Vermont do so in a lawful manner.
7. The Vermont Attorney General has a right to bring this action to protect Vermonters under the Telephone Consumer Fraud and Abuse Prevention Act, 15 U.S.C. § 6103(a) and the Telemarketing Sales Rule ("TSR"), 16 C.F.R. Part 310, and the Telephone Consumer Protection Act ("TCPA"), 47 U.S.C. §§ 227(e)(6), 227 (g)(l).
8. Defendant Telecom Carrier Access, LLC d/b/a TCA VOIP (hereinafter "TCA VOIP") is a California Limited Liability Company with a principal place of business in Santa Barbara, California.
9. Defendant Telecom Carrier Access, Inc. d/b/a TCA VOIP (hereinafter "TCA VOIP") may be a successor California corporation to Telecom Carrier Access, LLC with a principal place of business in Santa Barbara, California.
10. All acts alleged herein are the acts of all three Defendants, with "TCA VOIP" used to describe all three. TCA VOIP is a Voice over Internet Protocol ("VoIP") "voice service provider" ("VSP").
11. Defendant Dominic Bohnett is a resident of Santa Barbara, California.
He is the owner and operator of TCA VOIP.
12. Dominic Bohnett, for all allegations, purposes, actions and failure to act alleged herein, is TCA VOIP. Accordingly, all allegations herein involving TCA VOIP are likewise allegations regarding the conduct of Dominic Bohnett.
III. Background Law
13. The Vermont Consumer Protection Act ("CPA") prohibits "unfair or deceptive acts or practices in commerce." 9 V.S.A. § 2453(a).
14. In interpreting the Act, Vermont courts are "guided by the construction of similar terms contained in ... the Federal Trade Commission ('FTC') Act and the courts of the United States." 9 V.S.A. § 2453(b).
15. Pursuant to the Telemarketing and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. §§ 6101-6108 ("TCFAPA"), the FTC has enacted a federal Telemarketing Sales Rule ("TSR") prohibiting robocalls absent limited exceptions. 16 C.F.R. § 310.3.
16. In pertinent part, the TSR prohibits providing "substantial assistance or support to any seller or telemarketer when that person knows or consciously avoids knowing that the seller or telemarketer is engaged in any act or practice that violates" certain other TSR provisions, 16 C.F.R. § 310.3, including prohibitions against:
a. "Misrepresenting, directly or by implication, in the sale of goods or services(,]... (a]ny material aspect of the performance, efficacy, nature, or
central characteristics of goods or services that are the subject of a sales offer." 16 C.F.R. § 310.3(a)(2)(iii);
b. "Misrepresenting... [a] seller's or telemarketer's affiliation with... any person or government entity," 16 C.F.R. § 310.3(a)(2)(vii);
c. "Making a false or misleading statement to induce any person to pay for goods or services or to induce a charitable contribution." 16 C.F.R.
§ 310.3(a)(4);
d. "Threats, intimidation, or the use of profane or obscene language." 16
C.F.R. § 310.4(a)(l);
e. "Failing to transmit or cause to be transmitted the telephone number, and, when made available by the telemarketer's carrier, the name of the telemarketer, to any caller identification service in use by a recipient of a telemarketing call." 16 C.F.R. § 310.4(a)(8);
f. "Initiating any outbound telephone call to a person when... [t]hat person's telephone number is on the 'do-not-call' registry, maintained by the [FTC]," 16 C.F.R. § 310.4 (b)(l)(iii)(B);
. g. "Initiating any outbound telephone call that delivers a prerecorded message," unless certain limited exceptions are met, 16 C.F.R.
§ 310.4(b)(l)(v); and, inter alia,
h. "[I]n an outbound telephone call... to induce the purchase of goods or services[,] to fail to disclose truthfully, promptly, and in a clear and
conspicuous manner to the person receiving the call, ... [t]he identity of the seller." 16 C.F.R. § 310.4(d)(l).
17. The Telephone Consumer Protection Act (TCPA) prohibits persons from sending robocalls into the United States without prior consent from the call recipients. See, e.g., 47 U.S.C. § 227(b)(l) (prohibiting calls to "any residential telephone line using an artificial or prerecorded voice to deliver a message without the prior express consent of the called party").
18. Likewise, under the Truth in CallerID Act, a person cannot send robocalls into the United States that "cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value." 47
U.S.C. § 227(e)(l).
19. Finally, the Vermont Telephone Solicitation Act ("VTSA'') regulates telephone solicitations in Verm_ont. The VTSA prohibits telephone solicitations unless the caller is registered with the State of Vermont. The VTSA prohibits phony CallerIDs and requires compliance with the FTC's Do Not Call Registry; and the VTSA requires disclosure of the caller's name and number when soliciting for money or anything of value. 9 V.S.A. § 2464a(b).
IV. Factual Background
a. Dominic Bohnett and TCA VOiP are one and the same.
20. This complaint alleges that Dominic Bohnett and TCA VOiP are alter egos. Dominic owns, manages and controls any and all significant operations of TCA VOiP. Accordingly, for purposes of this Complaint, "TCA VOiP" refers to both Dominic Bohnett and TCA VOiP.
b. Scope of fraud Via the Telephone System
21. As most persons with a phone in the United States have sadly learned, illegal robocalls have become a well-known feature of the U.S. telecom system.
22. Robocalls are machine-generated calls, often made with hundreds of simultaneous sessions, that typically start with a pre-recorded message that is played once the called party answers.
23. Illegal robocallers dial phone numbers by the thousands simultaneously, anticipating that a high volume of calls is needed to produce one victim.
24. Most government and business imposter robocalls are brought to residents by a complicit U.S. voice service provider ("VSP") that has long been placed on notice of the character of calling traffic that it is forwarding. These notices come from an industry group officially designated by the Federal Communications Commission. This group is known as the Industry Traceback Group or "ITG", is part of USTelecom, a telecom industry organization.
25. A company called YouMail monitors robocall traffic through its approximately 10 million subscribers and "honeypots"-telephone numbers used simply to monitor call traffic.
26. YouMail also records and sometimes transcribes robocalls obtained through its subscribers and "honeypots."
27. YouMail, based upon its substantial information base, estimates that the U.S. telephone system now carries approximately four billion robocalls per month, and that robocalls are now 60% of all telephone calls.
28. YouMail currently estimates that 32% of this robocall traffic is attempted criminal fraud.
29. That 32% represents more than a billion attempts at criminal fraud against U.S. consumers via robocalls every month-approximately three attempts for every person in the U.S.
30. A significant and substantial number of these fraudulent robocalls-an estimated 1 in every 500-targets residents of Vermont.
31. The sources of these fraudulent calls are often overseas and transient, and therefore difficult for U.S.-based law enforcement agencies to identify, investigate, and bring to justice.
32. However, foreign robocallers cannot reach a resident in Vermont or the
U.S. without the knowing complicity of established domestic companies like TCA VOiP.
33. Companies that route telephone calls from a caller to a call-recipient are called "voice service providers" (VSPs). Illegal government and business imposter robocalls typically flow from foreign VSPs to domestic VSPs-and then consumers-as follows.
34. First, a foreign source originates an illegal robocall campaign. That foreign source then sends the illegal robocall campaign over the Internet sometimes through other foreign VSPs-to a smaller U.S.-based VSP. Typically, the robocalls typically travel from smaller U.S. VSPs to larger U.S. VSPs, and then to the terminating carrier.
35. The VSP which imports the robocall campaign charges the calling foreign source or foreign VSP a certain amount per call.
36. That domestic VSP then pays its next downstream VSP per each call (theoretically less than it charged the foreign source per call) to route those calls onward to consumers.
37. Hence, a fraudulent robocall now most frequently "hops" from a foreign entity to a domestic VSP (as the U.S. point of entry), then on through multiple domestic intermediary domestic VSPs to a large domestic carrier-such as Verizon Wireless or AT&T-that ultimately terminates the call with connection to an actual phone.
38. But for the domestic VSPs that willingly establish business relationships with foreign entities and accept foreign-sourced illegal robocalls, most
illegal government and business imposter robocalls could not and would not transit the U.S. and Vermont telecom systems and reach U.S. and Vermont residents.
39. The willing and complicit VSP in this case is TCA VOIP.
c. Losses Caused by Illegal Robocalls
40. The Federal Trade Commission (FTC) maintains the FTC Consumer Sentinel database, which is a composite federal database that compiles, among other things, reports of fraud. FTC Consumer Sentinel indicates that, in 2021, consumers reported nearly $700 million in losses to fraud.
41. TrueCaller, an analyst of robocall traffic, conducts surveys suggesting that only l in 43 robocall fraud victims reports their losses to the FTC. If true, for every loss reported to FTC Consumer Sentinel, there are estimated to be 29 unreported losses. By this analysis, actual consumer losses to fraud are estimated to be approximately $30 billion per year.
42. The FTC's Consumer Sentinel data suggest that around 36% of these frauds are perpetrated through telephone calls.
43. The TCPA estimated losses from illegal telemarketing at $40 billion per year. 15 U.S.C. § 6101(3).
44. One of the most common kinds of fraudulent telephone calls is the government imposter robocall. There, a foreign criminal syndicate or individual uses computer technology automatically to dial thousands of U.S. telephone numbers nearly simultaneously. This computer technology can be referred to as an Automatic Telephone Dialing System (or "ATDS").
45. These robocalls deliver a pre-recorded voice that purports to be from a government agent. In the recording, the agent threatens the call recipient with fines, the suspension or termination of government benefits, arrest, or other legal action-unless the call recipient presses "1" to speak to a government representative to resolve the concern. If and when the call recipient presses "1," they are routed to a live scammer who completes the crime by obtaining funds from the victim via instant transfer, such as having the victim purchase gift cards and relay the gift card numbers to the perpetrator.
46. Another common kind of fraudulent telephone call is a business imposter robocall. There, the robocalls purport to be from a private company, like Amazon or Microsoft. The pre-recorded message might relay, for example, that the call-recipient's credit card has been charged a large amount of money for an order, and request that the call-recipient press "1" to resolve the concern. Like in the government imposter robocall scheme, if the call recipient presses "1," they are routed to a live scammer. The scammer then strikes. For example, the scammer might claim there was an overcharge and request the victim's bank account number to process a refund. The scammer--or the criminal syndicate on behalf of which the scammer works-then uses that bank account information to steal from the victim.
47. FTC Consumer Sentinel database analysis shows that fraudulent robocalls harm the entire U.S population, with older persons being the most vulnerable. Persons aged 20-29 report average fraud losses of $326. Persons aged 80 and over report average fraud losses of $1,300.
48. These frauds not only victimize Vermonters; they compromise the integrity of our national and state telephone infrastructure. Americans and Vermonters must now ignore telephone calls lest their time be wasted-or worse, that they be defrauded.
d. The Traceback Process
49. To identify which domestic VSPs facilitate illegal robocalls, the Federal Communications Commission has appointed an organization to perform tracebacks of fraudulent robocalls. This organization is called as the Industry Traceback Group ("ITG") and is run by USTelecom, a telecom industry trade association.
50. In response to a report of an illegal robocall, ITG can trace the path that a particular robocall took into and through the U.S.
51. Tracebacks work in reverse, starting with the call as received by a phone or "honeypot," and then retracing the call path upward carrier-by-carrier, to find the source.
52. First, ITG contacts the carrier that delivered the call to the consumer.
ITG notifies the carrier of (a) the time and date of the call in question, (b) the calling number, (c) the called number; (d) the specific nature and content of the illegal robocall in question, and (e) the likely laws violated by the call. Based on information obtained from YouMail, ITG frequently provides the carrier with a link to an audio recording of the illegal robocall. ITG then asks the carrier to identify which upstream VSP routed that call to it. Domestic VSPs are required to respond
to ITG's traceback inquiries. See Appendix A, ITG Tracebacks of Illegal Calls to TCA VOiP.
53. Once the carrier identifies which upstream VSP routed the call in question, ITG contacts that upstream VSP using a database tool. As it did with the previous carrier, ITG provides that VSP with notice of the nature and content of the illegal robocall, usually with a link to a recording of the call. Per its authority via the FCC, ITG likewise asks the upstream VSP to identify which further upstream VSP routed the call in question.
54. By this method, ITG "asks" its way up the call-path, identifying each of the domestic VSPs involved in facilitating the illegal robocall in question, and each on notice of the nature and content of that call. At some point in most tracebacks of government or business imposter fraud, a domestic VSP reports to ITG that it received the call from a foreign customer. Thus, ITG-under FCC authority identifies the VSP that served as the U.S. point of entry to the illegal robocall.
55. Because robocalls are not single calls but thousands of calls, when ITG identifies which U.S. VSP routed a single illegal robocall into the U.S., ITG has identified a deluge of illegal calls.
56. Invariably, because of the ATDS technology used by robocallers, the same U.S. VSP brought not just a single illegal robocall into the U.S., but an entire illegal robocall campaign into the U.S. That campaign invariably consists of thousands or millions of essentially identical robocalls.
57. Thus, domestic VSPs, such as TCA VOIP, who routinely receive notice from ITG that they are facilitating illegal robocalls but fail to take immediate and effective remedial efforts, knowingly and willingly enable and profit from illegal activity against-and often criminal frauds upon-U.S. citizens, including Vermont residents.
58. Per ITG reporting, there are a relatively small number of domestic VSPs responsible for bringing the major share of government and business imposter fraud robocalls into the U.S., including TCA VOIP. Just ten VSPs are responsible as point of entry for one-third of all tracebacks of illegal calls since 2020.
59. During 2020, ITG traced 1,973 calls determined to be illegal, at an average of 38 tracebacks per week.
60. During 2021, ITG traced 2,794 calls determined to be illegal, at an average of 54 tracebacks per week. Of note, ITG has reported that, in 2021, 35% of its tracebacks were of illegal robocalls in which the caller fraudulently purported to be a representative of the United States Social Security Administration.
61. Between January 1, 2020 and February 22, 2022, TCA VOIP ranked among the highest domestic VSPs in the number of tracebacks of fraudulent calls.
62. Attached as Appendix A is a true list of all ITG tracebacks to February 22, 2022, that point to TCA VOIP as the point of entry.
a. The Vermont Attorney General's Investigation of TCA VOiP
63. In partnership with the University of Vermont, the Vermont Office of Attorney General operates a Consumer Assistance Program ("CAP") where Vermonters can report fraud and obtain assistance with consumer concerns.
64. The investigation in this matter began with a report to CAP from a resident of Essex Junction, Vermont. She reported she had received a Social Security imposter call.
65. Specifically, she reported that at 11:01 a.m. on May 10, 2021, she had received a phone call displaying a (false) Vermont CallerID of (802) 734-9964. The call delivered a pre-recorded message which stated: "You have a lawsuit being filed against you and all Social Security numbers bank accounts etc. will be blocked. Press 1 to speak to an FBI agent." CAP denominated this report as CAP Scam Report #450.
66. This robocall was a government imposter fraud. There is no other, benign explanation, and TCA VOiP has offered none.
67. Accordingly, CAP requested that ITG traceback this Social Security imposter robocall.
68. ITG ran the traceback (designated traceback #4981). At the conclusion of the traceback, ITG reported to the State of Vermont that TCA VOiP had been the illegal robocall campaign's U.S. point of entry.
69. As part of the traceback, ITG had sent TCA VOiP the following notification, indicating that the caller "fraudulently claim[ed] to be from the U.S. Social Security Administration threatening problems with SS account. Potential TCPA violation and Consumer Protection Act violation."
70. Likewise, on May 19, 2021, a resident of St. Albans, Vermont, reported to CAP that he had received a government imposter robocall. Specifically, he reported that he had received a call that day displaying a (false) Vermont CallerID of (802) 485-2264. The phone call had delivered a pre-recorded message which stated: "You are being contacted by Agent [name redacted]. You must immediately put your work aside and respond to this message. Press one to be connected to the investigation department. If you do not press one immediately, you[r] matter will be referred to the investigation department." CAP denominated this report as CAP Scam Report #494.
71. This robocall was a government imposter fraud. There is no other, benign explanation, and TCA VOIP has offered none.
72. CAP likewise requested that ITG traceback this illegal robocall.
73. ITG ran the traceback (designated traceback #4995). At the conclusion of its traceback, ITG reported to the State of Vermont that TCA VOIP was (again) the illegal robocall campaign's U.S. point of entry.
74. As part of the traceback, ITG sent TCA VOIP the following notification, indicating that the caller "fraudulently claim[ed] to be from the U.S. Social Security Administration threatening problems with SS account. Potential TCPA violation and Consumer Protection Act violation":
75. Based on these two tracebacks, among other information, the VT-AGO commenced investigating TCA VOIP in greater depth, including the company's traceback history generally. With regard to tracebacks alone, the VT-AGO learned as follows.
76. Per ITG, TCA VOIP has one of the worst track records nationally in
terms of its frequency appearing in tracebacks of illegal robocalls to the U.S.
77. From January 1, 2020 to February 22, 2022, ITG conducted approximately 3,794 tracebacks of calls determined to be illegal. Through these tracebacks, ITG has identified 174 domestic VSPs as points of entry for illegal robocalls to the U.S.
78. Of these 174 VSPs, TCA ranks 4th highest, in the number of times it appeared in ITG tracebacks as the U.S. point of entry for illegal robocalls.
79. In the context of these 3,794 tracebacks, ITG identified TCA VOIP as the U.S. point of entry for 132 illegal robocalls campaigns.
80. In 81 of these 132 tracebacks, TCA VOiP had facilitated government imposter robocall campaigns, including the following campaigns and numbers of tracebacks to TCA VOiP for each such campaign:
ITG Campaign Name
Tracebacks to TCAVOIP
CBP-Govtlmpers 4
CBP-Govtlmpers-P2 2
DHS-Govlmpers 1
Employment-EduMatch 1
FedReserv-Impers 2
GovSpoofing-P2 1
LegalDept-Action 4
LegalDept-Action-Pl 1
Legal-Enforcement-Notice 1
LegalNotice-Identity 1
Medicare-Ineligible 1
Refund-CoronaFraud 4
Social Security Disability Consultant 1
SSA-CalltheSSA 2
SSA-CrimeandlnvestigationDept VT 1
SSA-Crimelnvestigation 1
SSA-GiftCardLive 1
SSA-Kindly PressOne 2
SSA-LegalNotice 3
SSA-P1-Benefi tsCanceled (Govtlm pers) 8
SSA-Pl-TexasFraud (Govtlmpers) 11
SSA-RegretTolnform 2
SSA-Various-P3(GovtImpers) 1
SSA-VT 2
StudentLoan-FederalSuspension 1
TestCall-StaySafeStayHome 20
TestCall-StaySafeStavHome-MD 1
USTreas-SSA-EnforceAction (Govtlmpers) 1
Total 81
See Appendix A for detail and recordings of these calls.
81. In 51 of the 132 tracebacks, TCA VOiP had facilitated business imposter robocall campaigns, including the following campaigns and numbers of tracebacks to TCA VOiP for each such campaign:
ITG Campaign Name
Tracebacks
to TCA VOiP
Amazon-AuthorizeOrder 10
Amazon-SuspiciousCharge 1
Amazon-SuspiciousCharge-P 10
Apple-iCloud-AccountBreached 2
AutoWarranty-Extend2
BizListing-VerifiedByGoogle
BofA-Chinese Voice Department 1
CCIRR-P lFinanciallmpers 1
CCIRR-VisaAlert 3
Debt Reduction-Account Holder Impersonation 3
Hotel-ComplimentaryStay 1
Spoof-12/21/20 1
Travel Scam-2 4
Utility-30MinDisconnect 9
Utility-Discount 1
Utility-ElectricRe hateCheck-P1 2
Utility-Rate Reduction 1
Total 1
See Appendix A for detail and recordings of these calls.
82. The 132 tracebacks showed that the TCA VOiP customers sending these calls were generally foreign, including the following providers.
Upstream Voice Service Provider
Appearance in TCA VOiP tracebacks
Ace Peak Investments 4
Axkan Consultores 8
Dawz Telecom 1
Lets Dial SG pte ltd 1
My Country Mobile 87
Shavona Global 21
Softtop Limited 1
Techknowledge Open Svstems 2
twiching 7
83. As example of one such traced call:
a. On November 16, 2020, at 12:23 p.m., a resident of Waterbury, Vermont received a Social Security imposter robocall displaying a CallerID of 314- 669-8757. Upon report of the call, ITG traced the call to TCA VOIP as the robocall campaign's U.S. point of entry (Traceback #3652).
b. That call was transcribed by YouMail as follows: "Against your social security number by the Federal crime and investigation Department. We need to talk to you as soon as possible. Again this call is from Social Security Administration *** and to reach our department press one to call on same number I repeat press one now." A recording of the similar
call is at this shortened URL: https://bit.ly/3J4oYM
c. As part of that traceback (#3652), ITG sent TCA VOIP the following notification, indicating, among other things, that the caller "fraudulently claim[ed] to be from the U.S. Social Security Administration, Crime and Investigation Department, threatening problems with SS account.
Potential TCPA violation and Vermont Consumer Protection Act violation":
84. Of note, TCA VOIP's appearances in ITG tracebacks has been steady over time. TCA VOIP appeared in ITG tracebacks during 52 of the 80 weeks leading up to February 22, 2022-more weekly appearances (during that time period) than all bu two VSPs nationally.
85. TCA VOIP's 132 tracebacks showed the company facilitating illegal robocalls to area codes in Vermont and 40 other states and the District of Columbia, including AL, AR, AZ, CA, CO, CT, DC, DE, FL, GA, ID, IL, IN, KY, LA, MA, MD, MI, MN, MO, MS, NC, ND, NE, NH, NJ, NM, NV, NY, OH, OK, OR, PA, SC, TN, TX, UT, VA, VT, WA, WI, and WV. However, the illegals calls go to each and every state.
86. Subsequent analysis shows that TCA VOIP's illegal robocalls. repeatedly and incessantly have gone to every state in the United States.
87. TCA VOIP's high prevalence in ITG tracebacks demonstrates that TCA VOIP has facilitated high numbers of illegal robocalls over an extended period of time, was frequently notified by ITG that it wasfacilitating illegal robocalls, but, despite these notices, took insufficient change its behavior.
88. As described below, TCA VOIP's call detail records confirm that the company knowingly facilitated thousands-if not millions-of illegal robocalls into the U.S. and Vermont, and did so for profit.
e. What TCA VOIP's Call Detail Records Show
89. VSPs maintain minute-by-minute, detailed "call detail records" (CDRs) for each telephone call they relay.
90. For each such call, CDRs show:
a. The exact date and time of the call;
b. Which customer (of the VSP) sent the call;
c. The calling number / CallerID displayed;
d. The called number; and, among other call characteristics,
e. The exact duration of the call, in seconds.
91. VSPs maintain CDRs in part to inform and justify their billing of customers.
92. VSPs can review their CDRs in real-time of their CDRs and their call traffic's content within less than ten minutes.
93. CDRs here show numerous calls with no plausible legitimacy, such as invalid area code, using 911 as an area code, using invalid length (too long or too short), invalid (non-existent) prefix. In these situations, there is not even a pretense that these are valid CallerIDs.
94. Indeed, TCA VOIP has a switch or "software provider," 46Labs, that uses YouMail analytics that can conduct near real-time analysis of whether TCA VOIP's calls are likely fraudulent.
95. Through reviews and analyses of CDRs, VSPs such as TCA VOIP can see whether they are likely facilitating illegal robocalls. CDRs of illegal calls show a distinct and unmistakable pattern that puts the VSP on notice of the need for further investigation:
a. A high-volume of calls with very short Average Call Duration.
b. Most calls (98%) will be less than 1 minute (because the called party hangs up upon answering). Many calls will last under 15 seconds.
c. Few calls are more than two minutes (reflecting normal human-to human conversational call traffic).
d. A tiny fraction of calls will last over 20 minutes. These are the calls in which the caller has engaged with the scammer and is potentially being defrauded.
e. The calling numbers, despite being based outside of the U.S., appear to be U.S. telephone numbers. Often, the area codes of the calling numbers will match the area codes of the called numbers. The latter is called "neighbor spoofing." Criminal syndicates use "neighbor spoofing" to trick the call recipient into believing the call is from a local resident or business origin, thereby increasing the chances the call recipient will answer. Because almost all of TCA VOIP's customers are foreign VSPs,
there is no plausible reason for a new, local CallerlD to be displayed for every two calls made, other than fraud.
f. A high percentage of calls are to wireless phone numbers and numbers on the FTC's Do Not Call list. That is, the call source is operating without regard to U.S. telemarketing laws.
g. There are numerous calls with no plausible legitimacy, such as calls using invalid area codes, 911 as an area code, invalid lengths (too long or too short), or invalid (non-existent) prefixes. In these situations, the source of the robocalls is making no pretense that calls have valid CallerIDs.
h. Meeting with TCA VOiP Representatives August 19, 2021
96. In an attempt to alert TCA VOiP and dissuade it from handling fraudulent traffic, representatives oflaw enforcement from Vermont and the Social Security Administration Office of Inspector General ("SSA OIG") met virtually with representatives of TCA VOiP on August 19, 2021. The officials from law enforcement showed the extensive losses to victims based on data from the FTC Consumer Sentinel. Law enforcement officials presented behavioral data from TCA VOIP's own CDRs and content analytics from YouMail content analytics showing the strong indications of fraud as shown by
97. At that point, Vermont was looking at a smaller slice of TCA VOiP
traffic-for calls from two TCA VOiP foreign customers. These were calls from
Axkan sent by TCA VOiP on May 10, 2021, and from Shayona Global sent by TCA VOiP on May 19, 2021.
98. The behavioral metrics for those two customers on those two days showed unmistakable indications of fraud including:
99. TCA VOiP attempted 30,280 to Vermont area code 802. That same two hours, TCA VOiP attempted 21,559,976 calls across the U.S.
a. The average call duration for 859,212 completed calls was 17 seconds, indicating that the more than the recipients of the call terminated the calls within that time or sent them to voicemail.
b. A new CallerID was displayed for virtually all calls, an essentially one to-one ratio. These foreign customers showed new, fake CallerIDs for essentially every call.
c. In 99% of the calls, the calls were disconnected in 60 seconds or less.
d. The area code matched the called number in 93% of calls, indicating "neighborhood spoofing" of CallerIDs on the overwhelming majority of calls.
e. Similarly, the SSA OIG analysis of May 10th and 19th showed for the 14 most frequent CallerIDs displayed, consisting of 13,568 calls, in 10,738 of the calls YouMail data showed the calls contained government or business imposter scams, legal threats, arrest threats or utility cut-off threats.
100. In response to this presentation from law enforcement, Dominic Bohnett and his then-associate Mark Jordan indicated that they took this (fraudulent) "short duration traffic" "because they give us business."
101. Subsequent analysis of calls TCA VOIP handled in just two hours (made on August 17, 2021), showed the obvious indications of fraud in the behavioral analytics. These analytics include:
a. TCA VOIP completed 1,608,161 calls in just two hours that day.
b. TCA VOIP attempted 28,642 calls to Vermont area code 802. In that same two hours, TCA VOIP attempted 21,559,976 calls across the U.S.
c. The ratio of called numbers to CallerIDs displayed was 1.5, indicating a new (false) CallerID was displayed more for every 1.5 calls.
d. Most called parties hung up on the call or sent them to voicemail, with an average call duration of 15 seconds for 1.6 million completed calls. This is the actual behavior of the phones of those 1.6 million calls.
e. Few calls lasted more than 60 seconds, with 98.6% of called parties terminating the call in 60 seconds or less.
f. Of the 1.6 million calls, only 4,512 lasted more than 3 minutes.
g. The concerning calls where people are victimized are the tiny fraction of calls lasting more than 20 minutes, in this day, just 231 calls. This demographic shows the wide net the fraudulent callers cast, with only 1 in 6962 called parties substantially engaging with the illegal robocalls and becoming likely victims of government and business imposter fraud.
102. TCA VOiP indicated that it would work to address illegal robocalls from its upstream providers, but also indicated that it needed the business from My Country Mobile, TCA VOiP' biggest customer.
f. August 30, 2021, Call Detail Records and Analysis.
103. Despite the assurances of TCA VOiP, the problems with TCA VOiP facilitating unlawful traffic continued. CDRs from TCA VOiP on August 30, 2021, demonstrate that it completed 4,619,062 calls that day, including 3,015,165 calls from My Country Mobile, its principal customer throughout this investigation. ("Completed" means the calls were either answered or went to voice mail.)
104. My Country Mobile is a foreign VSP, apparently based in India.
105. The CDRs for these 3,015,165 calls revealed that many were illegal robocalls.
a. The CDRs reflected a high volume of short-duration calls. For the 3,015,165 calls, the Average Call Duration was just 14 seconds. Thus, for these 3 million calls, the called party typically answered the phone and quickly hung up: the calls were uniformly unwanted. 99.1% of the calls lasted less than one minute. Only .2% of the calls lasted longer than two minutes. There is no benign explanation for this call traffic pattern.
b. Second, across the 3,015,165 calls, despite being foreign in source, the calling numbers (or CallerIDs displayed) were U.S. telephone numbers. Generally, the area code of the calling number matched the area code of
the called number. Given the broader context (of a high volume of short duration calls), this is obvious "neighbor spoofing''-another hallmark of fraud.
c. Lastly, the ratio of called numbers to CallerIDs displayed was exceedingly low. For every 1.65 calls dialed, a new CallerID was displayed. Again, given the broader context (of a high volume of short duration, likely "spoofed" calls), there is no benign explanation for this ratio. The calling source was generating new numbers for each 1 or 2 calls to avoid detection as fraudulent and being blocked by downstream VSPs. The robocalls were obviously fraudulent.
d. The CDRs also showed that all calls to are code 802 were blocked, in an evident effort by TCA VOIP to continue facilitating illegal traffic without Vermont knowing of the same. Indeed, this blocking of area code 802 appears to be the only significant action TCA VOIP took, in an admission that TCA VOIP intended to continue to handle fraudulent traffic. Nonetheless, TCA VOIP calls continue to come to Vermont in significant volumes, to mobile phones in Vermont with area codes other than 802.
106. The Vermont Office of Attorney General informed TCA VOIP of these findings of continued illegal traffic by email on September 9, 2021, at 7:06 p.m.
107. Rather than concede the obvious-that TCA VOIP had determined to continue to host fraudulent traffic-TCA VOIP responded: "The traffic is 99.999%
legitimate with 1 out of 100 million fraudulent calls." TCA VOIP denied it was "willfully blind as to the illegal character of that traffic," adding, "It is not the balance I want but it's the business we reach."
108. Subsequently, the Vermont Attorney General requested YouMail to match TCA VOIP's August 30, 2021, CDRs with YouMail's database of recorded calls.
109. YouMail indicated that TCA VOIP had, in fact, been facilitating illegal robocalls that day. For instance, the twelfth call reported by YouMail contains this transcript of a patently obvious fraud: "Inform you that there is a legal enforcement actions filed on your social security number for fraudulent activities. So, when you get this message kindly press one to connect with the next available officer. Thank you." The recording is at this URL redirect: https://bit.ly/3CCOX7S
110. The thirteenth call reported stated: "This is [name redacted] calling you from the legal department the very second you receive this message you need to leave your workload. So that we can discuss about your case and take necessary action on this matter in order to connect federal agents press one and you will be connected to the concern department. If we don't hear from you then we will be forced to take legal action against you press one and you will be connected to the concern department." The recording is at this URL redirect: https://bit.ly/3vXtPih
111. Ultimately, the YouMail content matching showed that, as expected, the CDRs showed very substantial levels of fraud.
112. When informed of these results, TCA VOiP continued to insist that it was not responsible; that it was doing more; and that it could become "an informant for the FCC." September 13, 2021. "It's like direct mailers, not popular but is a legitimate business." October 11, 2021.
113. And TCA VOiP continued to facilitate illegal robocalls and continued to show up in ITG tracebacks. See Appendices A and B. There was insignificant change between October 2021 and January 2022.
g. December 15, 2021, Call Detail Records and Analysis
114. TCA VOIP's CDRs from on December 15, 2022, reflect TCA VOIP's continued efforts to facilitate illegal robocalls.
115. That day, TCA VOiP relayed 10,253,130 completed calls from 42 customers (a large increase in customers).
116. The CDRs for these calls reflect, again, that TCA VOIP's call traffic consisted almost entirely of illegal robocalls. That is:
a. The call traffic consisted of a high-volume of short-duration calls. Over 98.9% of the calls lasted under 60 seconds. Of the 28 customers with more than ten thousand calls, the CDRs reflected an average call duration of 9 to 27 seconds.
b. The high volume of short-duration calls that displayed false U.S. CallerlDs (despite their foreign source) to U.S. calling numbers, often with matching area codes and local exchanges-again, obvious "neighbor spoofing."
c. The ratio of called numbers to CallerIDs displayed was low, with the foreign robocallers generating a new CallerID for every 1.06 - 13.76 calls. Again, given the broader context (of a high volume of short duration, likely "spoofed" calls), there is no benign explanation for these new, different CallerIDs other than fraud and attempting to evade detection.
117. YouMail's subsequent content analysis of this TCA VOIP call traffic identified that many of the calls were in fact fraudulent. For example, one such call (showing CallerID 805-712-1120) was clear Social Security fraud, saying: "This call is from a federal agency to suspend your social security number on an immediate basis. As we have received suspicious trails of information with your name. The moment you receive this message. You need to get back to us to avoid the consequences to connect the call immediately press one."
h. Summary of TCA VOiP Traffic During Vermont Investigation
118. In total, Vermont has analyzed approximately 1.4 billion attempted calls that TCA VOIP relayed from abroad into the U.S. over 180 days. Vermont has undertaken sample analyses over the May 2021 to February 2022 time period. In this analysis, Vermont found 886 million attempted calls from My Country Mobile. The connected My Country Mobile calls have an average call duration ofless than 13 seconds, indicating that-like TCA VOIP's call traffic generally-the typical called party quickly rejected each call. Less than .3% lasted more than two minutes.
119. Notably, since the State of Vermont commenced investigating TCA VOIP on or around June 25, 2021, the State has repeatedly notified TCA VOIP of manner in which its call traffic self-evidently consisted of illegal robocalls.
120. In response, TCA VOIP made no effective effort to reform its conduct, instead simply responding to tracebacks. TCA VOIP could have suspended its operations pending the implementation of new customer screening or call monitoring practices. It did not. TCA VOIP could have terminated particular customers pending a review of their call traffic. It did not. TCA VOIP could have implemented effective analytic technology to follow it call traffic patterns in real time to identify and block illegal robocalls. It did not. Instead, aside from some modest adjustments, TCA VOIP has continued to facilitate obviously illegal robocalls-and profit from doing so.
121. Even TCA's modest adjustments reflected the company's awareness that its primary business is to facilitate illegal robocalls. For example,·as mentioned above, in the late summer of 2021, in response to the State of Vermont's investigation, TCA VOIP commenced blocking all calls to area code 802. Such efforts do not impact the 2% to 4% of Vermonters with phone numbers other than area code 802.
122. Further, this blocking demonstrated that TCA VOIP knew it was facilitating illegal robocalls and had no intention of correcting that illegal behavior but was simply trying to avoid accountability by trying to block calls to Vermont.
123. Despite the Vermont Attorney General requesting TCA VOIP to place a litigation hold on CDRs during this investigation, TCA VOIP is deliberately allowing its CDRs during the investigation to be destroyed as part of a very short retention policy. As the Vermont Attorney General got better, faster access to traceback data, TCA VOIP advised its switch or software provider on January 10, 2022: "The AG's have gotten faster. The latest request is for Dec 13th forward. Can you verify that the oldest is rolling off and I have 90 days of data?"
i. TCA Earnings from Illegal Robocalls
124. Since August 14, 2020, it is estimated that TCA VOIP has earned a gross income of $1.25 million from facilitating call traffic. A substantial portion of this revenue is for facilitating illegal call traffic.
J. Effect and Response During Eight Months of Investigation
125. Since August 14, 2020-the date ITG first conducted a traceback identifying TCA VOIP as the point of entry for illegal robocalls U.S. point of entry TCA VOIP has relayed approximately 50 million call attempts per business day, and an estimated 3 to 10 million completed calls per business day.
126. These calls have gone to every state in the United States.
127. As reflected in the 132 tracebacks implicating TCA VOIP and TCA VOIP's CDRs and related YouMail data, the majority of these calls were illegal robocalls.
128. Through eight months of investigation, TCA VOIP has offered no evidence that its robocall traffic is legal traffic.
129. Based on TCA VOIP's call volume, YouMail data on robocalls, and FTC Consumer Sentinel data on telephone fraud losses, it is estimated that TCA VOIP's knowing facilitation of illegal call traffic contributed substantial earnings to criminal fraud syndicates by defrauding U.S. consumers-including Vermont consumers-of somewhere between $116 million (based on FTC Consumer Sentinel data) to $3.5 billion (based on TrueCaller estimates).
130. To date, TCA VOIP continues knowingly and willingly to provide a telecom platform for illegal robocalls, including criminal fraud, and to profit from every such call while doing so.
131. The Federal Communications Commission ("FCC") issued its first cease and desist letter to TCA VOIP on February 10, 2022.
132. On March 7, 2022, the FBI issued a Public Service Announcement saying: "The FBI is warning the public of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information." FBI Alert no. 1-030722-
PSA. The release is at this URL: https://www.ic3.gov/Media/Y2022/PSA220307 .The FBI description exactly describes the conduct repeatedly perpetrated and facilitated by TCA VOIP in this matter.
Prayer for Relief Violations
Violations of the Telemarketing Sales Rule Count I
(Violating the Prohibition against
Deceptive Telemarketing Acts or Practices)
1. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
2. TCA VOIP violated 15 U.S.C. § 6102(c) and 16 C.F.R. § 310.3 and by engaging in a pattern or practice of deceptive telemarketing to residential telephone subscribers, including subscribers in Vermont.
3. TCA VOIP violated 16 C.F.R. § 310.3{b) by providing substantial assistance or support to any seller or telemarketer.
4. TCA VOIP knew or consciously avoided knowing the sellers or telemarketers were engaged in an act that violated 16 C.F.R. § 310.3{a)(2)(iii).
5. TCA VOIP knew or consciously avoided knowing the sellers or telemarketers were engaged in an act that violated 16 C.F.R. § 310.3{a)(2)(iii), including that the sellers or telemarketers, through their "computer support," Amazon support, and/or Social Security and Internal Revenue calls, misrepresented the central character of the service they were offering, in violation of 16 C.F.R.
§ 310.3(a)(2)(iii).
Count II
(Violating the Prohibition against Deceptive Telemarketing Acts or Practices)
6. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
7. Defendants violated 15 U.S.C. § 6102(c) and 16 C.F.R. § 310.3 and by engaging in a pattern or practice of deceptive telemarketing to residential telephone subscribers, including subscribers in Vermont.
8. TCA VOIP violated 16 C.F.R. § 310.3(b) by providing substantial assistance or support to any seller or telemarketer.
9. TCA VOIP knew or consciously avoided knowing the sellers or telemarketers were engaged in an act that violated 16 C.F.R. § 310.3(a)(4).
10. TCA VOIP knew or consciously avoided knowing the sellers or telemarketers were engaged in an act that violated 16 C.F.R. § 310.3(a)(4).
11. The sellers or telemarketers made false or misleading statements to induce Vermont residents to purchase a support package or provide payment information for a fraud, in violation of 16 C.F.R. § 310.3(a)(4).
12. In many if not most instances, the sellers or telemarketers used misleading or inaccurate caller identification to mislead the Vermont residents, in violation of 16 C.F.R. § 310.3(a)(4).
Count III
(Violating the Prohibition against Abusive Telemarketing Acts or Practices)
13. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
14. TCA VOIP violated 15 U.S.C. § 6102(c) and 16 C.F.R. § 310.4 and by engaging in a pattern or practice of deceptive telemarketing to residential telephone subscribers, including subscribers in Vermont.
15. TCA VOIP violated 16 C.F.R. § 310.3(b) by providing substantial assistance or support to any seller or telemarketer.
16. TCA VOIP knew or consciously avoided knowing the sellers or telemarketers were engaged in an act that violated 16 C.F.R. § 310.4(d)(l), the identity of the seller.
17. TCA VOIP violated 16 C.F.R. § 310.3(b) by providing substantial assistance or support to any seller or telemarketer.
Count IV
(Violating the Prohibition against Abusive Telemarketing Acts or Practices)
18. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
19. Defendants violated 16 C.F.R. § 310.4 and 15 U.S.C. § 6102(c) by engaging in a pattern or practice of deceptive telemarketing to residential telephone subscribers, including subscribers in Vermont.
20. TCA VOIP violated 16 C.F.R. § 310.3(b) by providing substantial assistance or support to any seller or telemarketer.
21. TCA VOIP knew or consciously avoided knowing the sellers or telemarketers were engaged in an act that violated 16 C.F.R. §310.4(b)(l)(iii)(B).
22. The sellers or telemarketers initiated outbound telephone calls to telephone numbers on the National Do Not Call Registry, in violation of 16 C.F.R.
§310.4(b)(l)(iii)(B).
Count V
(Violating the Prohibition against Abusive Telemarketing Acts or Practices)
23. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
24. TCA VOIP violated 16 C.F.R. § 310.4 and 15 U.S.C. § 6102(c) by engaging in a pattern or practice of deceptive telemarketing to residential telephone subscribers, including subscribers in Vermont.
25. TCA VOIP violated 16 C.F.R. § 310.3(b) by providing substantial assistance or support to any seller or telemarketer.
26. TCA VOIP knew or consciously avoided knowing the sellers or telemarketers were engaged in an act that violated§ 310.4(b)(l)(v)(A)(i)-consent to receive prerecorded calls.
Violations of the Telephone Consumer Protection Act Count VI
(Violating The Prohibition Against Calling Numbers Listed on The National Do Not Call Registry)
27. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
28. Upon information and belief, TCA VOiP violated 47 C.F.R.
§ 64.1200(c)(2) and 47 U.S.C. § 227(c) by engaging in a pattern or practice of initiating telephone solicitations to residential telephone subscribers, including subscribers in Vermont, whose telephone numbers were listed on the National Do Not Call Registry.
Count VII
(Violating the Prohibition against the Use of Artificial or Prerecorded Voice Messages to Residential Telephone Lines)
29. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
30. Upon information and belief, TCA VOiP violated 47 C.F.R.
§ 64.1200(a)(3) and 47 U.S.C. § 227(b)(l)(B) by engaging in a pattern or practice of initiating telephone calls to residential telephone lines, including lines in Vermont, using artificial or prerecorded voices to deliver a message without the prior express written consent of the called party and where the call was not initiated for emergency purposes or exempted by rule or order of the FCC under 47 U.S.C.
§ 227(b)(2)(B).
Count VIII
(Violating the Prohibition against the Use of Artificial or Prerecorded Voice Messages to Cellular Telephone Lines)
31. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
32. Upon information and belief, TCA VOIP violated 47 C.F.R.
§ 64.1200(a)(l)(iii) and 47 U.S.C. § 227(b)(l)(A)(iii) by engaging in a pattern or practice of initiating telephone calls to cellular telephone lines, including lines in Vermont, using artificial or prerecorded voices to deliver a message without the prior express consent of the called party and where the call was not initiated for emergency purposes or exempted by rule or order of the FCC under 47 U.S.C.
§ 227(b)(2)(B).
Count IX
(Violating the Prohibition against Use of Artificial or Prerecorded Voice Messages Without Clear Disclosure of Caller Identity)
33. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
34. Upon information and belief, TCA VOIP violated 47 C.F.R.
§ 64.1200(b)(l) and 47 U.S.C. § 227(d)(3)(A) by initiating telephone calls to residential lines using artificial or prerecorded voices to deliver messages to residents in Vermont, that failed to clearly state, at the beginning of the message, the identity of the business, individual, or other entity responsible for initiating the call.
CountX
(Violating the Prohibition against Misleading or Inaccurate Caller Identification Information)
35. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
36. Upon information and belief, TCA VOIP violated 47 C.F.R.
§ 64.1604(a) and 47 U.S.C. § 227(e)(l) by engaging in a pattern or practice of initiating telephone calls and, with the intent to defraud, cause harm, or wrongfully obtain anything of value, knowingly caused, directly or indirectly, caller identification services to transmit or display misleading or inaccurate caller identification information to residents in Vermont.
Violations of Vermont Telemarketing Laws Count XI
(Violating 9 V.S.A. § 2464a, Act no. 66
to Comply with the Federal Do Not Call Rule.)
37. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
38. TCA VOIP violated 9 V.S.A. § 2464a(b)(2) by making telephone call to a telephone number in Vermont that violates the Federal Trade Commission's Do Not Call Rule, 16 C.F.R. subdivision 310.4(b)(l)(iii), or the Federal Communication Commission's Do Not Call Rule, 47 C.F.R. subdivision 64.1200(c)(2) and subsection (d), as amended from time to time.
Violations of Vermont Telemarketing Laws Count XI
(Violating Act no. 66 Requiring Telemarketers to Provide Accurate Caller Identification Information.)
39. The State of Vermont realleges and incorporates herein each and ev-ery allegation in this Complaint.
40. TCA VOiP violated 9 V.S.A. § 2464a(b)(3)(A) by making telephone calls to a telephone number in Vermont that with false caller identification information.
Violations of Vermont Consumer Protection Act
Count XII
(Violating Vermont Consumer Protection Act)
41. The State of Vermont realleges and incorporates herein each and every allegation in this Complaint.
42. TCA VOiP violated 9 V.S.A. § 2464a(b)(3)(A) have engaged and are continuing to engage in unfair acts and practices in commerce, in violation of the Vermont Consumer Protection Act, 9 V.S.A. § 2453(a), which offend the public policy and laws as expressed in state and federal laws governing robocalls such as enumerated above, are immoral, unethical, oppressive and unscrupulous; and cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.
43. Defendant has engaged and is continuing to engage in deceptive acts and practices in commerce, in violation of the Vermont Consumer Protection Act, 9
V.S.A. § 2453(a), by knowingly routing to Vermont phone numbers robocalls that misrepresent an affiliation with the governmental entity of the Social Security Administration, and other government and business entities, being imposter schemes, and are otherwise fraudulent; and (2) directly benefiting from this conduct, getting paid for each completed call.
Prayer for Relief
WHEREFORE, Plaintiff requests this Court:
1. Enter judgment against Defendants Dominic Bohnett and Telecom Carrier Access, LLC and in favor of Plaintiff for each violation alleged in this Complaint.
2. Enter judgment and against all and award Plaintiff civil penalties up to $43,792 for each violation of the TSR, and award Plaintiff such relief as the Court finds necessary to redress injury to consumers resulting from said Defendants' violations of the TSR, including rescission or reformation of contracts, restitution, the refund of monies paid, and the disgorgement of ill gotten monies.
3. Enter a permanent injunction to prevent future violations of the TSR by Defendants Dominic Bohnett and Telecom Carrier Access, LLC.
4. Assess against Defendants Dominic Bohnett and Telecom Carrier Access, LLC damages of one thousand five hundred dollars ($1500) for each violation of the TCP A found by the Court to have committed by said willfully and knowingly; if the Court finds that Defendants have engaged in violations of the TCP A that are not willful and knowing, then assessing against said Defendants
damages of five hundred dollars ($500) for each violation of the TCP A, as provided by 47 U.S.C. §227.
5. Permanently enjoin Defendants from violating the TCPA, both generally and specifically, by enumerating the acts in which Defendants are permanently enjoined from engaging.
6. Permanently enjoin all Defendants, their agents, representatives, employees, and assigns and any other person acting on behalf of any from engaging in acts prohibited by Vermont law, including specifically:
a. Making, causing to be made, or the assisting and facilitating in telephone sales calls to telephone numbers of Vermonters in violation of; and
b. Making, causing to be made, or the assisting and facilitating in telephone calls in violation of 9 V.S.A. § 2464a(b)(2) that violate the Federal Trade Commission's Do Not Call Rule, 16 C.F.R. subdivision 310.4(b)(l)(iii), and/or the Federal Communication Commission's Do Not Call Rule, 47 C.F.R. subdivision 64.1200(c)(2) and subsection (d), as amended from time to time.
7. Permanently enjoin Defendants Dominic Bohnett and Telecom Carrier Access, LLC, their agents, representatives, employees, and assigns and any other person acting on behalf of any from transmitting or causing the transmission of misleading or inaccurate caller identification information to Vermont telephone numbers in violation of 9
V.S.A. § 2453(a).
8. Order Defendants Dominic Bohnett and Telecom Carrier Access, LLC, jointly and severally, to pay
a. a civil penalty of ten thousand dollars ($10,000) for each violation pursuant to 9 V.S.A. § 2458(b)(l);
b. an order for restitution pursuant to 9 V.S.A. § 2458(b)(2); and
c. an order requiring reimbursement to the State of Vermont for the reasonable value of its services and its expenses in investigating and prosecuting the action, pursuant to 9
V.S.A. § 2458(b)(3).
9. Award Plaintiff such other and additional relief as the Court may determine to be just and proper.
Dated: March 18, 2022
STATE OF VERMONT
THOMAS J. DONOVAN JR. ATTORNEY GENERAL
By:
Edwin L. Hobson Jamie Renner
Assistant Attorneys General Office of Attorney General 109 State Street
Montpelier, Vermont 05609 ted.hobson@vermont.gov (802) 828-3171
Appendices
Appendix A - Tracebacks by ITG Showing Defendants at the Point of Entry for Illegal Robocalls
The Federal Communications Commission’s (FCC) Enforcement Bureau (Bureau) has issued three more new cease and desist letters in connection apparent transmission of illegal robocalls (https://www.fcc.gov/document/fcc-issues-robocall-cease-and-desist-letter-airespring; https://www.fcc.gov/document/fcc-issues-robocall-cease-and-desist-letter-hello-hello-miami; https://www.fcc.gov/document/fcc-issues-robocall-cease-and-desist-letter-thinq).
The Bureau issued the letters to Airesping, Hello Hello Miami and thinQ Technologies on March 22, 2022. According to the FCC’s News Release, “FCC investigations found that thinQ, Airespring, and Hello Hello Miami were apparently facilitating illegal robocall traffic on their networks. These investigations relied in part on information collected by the Traceback Consortium which, having been made aware of suspicious activity, traced the illegal robocall traffic to these providers. In addition, in the case of thinQ, the North Carolina Department of Justice identified that company as a source of illegal robocall traffic.”( https://www.fcc.gov/document/fcc-warns-robocall-facilitators-remove-illegal-traffic).
The Bureau warned each of the voice service providers that “they have 48 hours to stop facilitating this traffic or face all their traffic being blocked by other providers.”
More than a dozen voice service providers have now received cease-and-desist letters (https://www.fcc.gov/robocall-facilitators-must-cease-and-desist).
The Bureau News Release noted that “[t]o date, all recipients have quickly responded and committed to take actions to stop the flow of robocalls on their networks. That said, the FCC and its partners remain vigilant in monitoring these – and all – providers’ efforts to ensure unyielding compliance with consumer protection requirements going forward.”
FCC Chairwoman Jessica Rosenworcel observed: “There are far too many phone companies that count illegal robocallers among their clients, and that’s bad business…. It is illegal to allow these junk calls to flood consumers’ phones, and there are consequences for phone companies that do not take immediate action to stop participating in these schemes.”
March 23, 2022 -- Prescott-Martini, LLC, an authorized provider of Stir/Shaken certificates and other telecom data, plans to block most pre-recorded calls on its networks starting April 1st, and to block calls with mobile phone numbers that are used as originating ANIs from commercial call producers.
“Our goal is to enhance our Stir/Shaken verification services with these blocks,” said managing partner Stephen Matlock.
"Unless a vendor has certified that its call traffic is exempt from TCPA (Telephone Consumer Protection Act) rules that prohibit robo-calling, all calls that contain a DTMF signal will be blocked,” said Matlock. “The DTMF (‘press 1 for…’) is an indicator of a pre-recorded message.”
Exemptions exist in the TCPA rules to allow robo-calling for ‘informational purposes,’ such as school closings or weather events, debt collection, political or charity calls, and other non-commercial applications. Exemptions exist for those who have agreed, in advance and in writing, to receive robo-calls.
Rules also exist to prohibit the use of mobile or cell phone numbers as ANIs to make telemarketing calls. “If you think it’s okay to make thousands or millions of calls from a cell phone number, and that no one will notice, then you are wrong.”
MARCH 23, 2022 -- Service providers that originate or transit unlawful robocalls are under increasing pressure. And it’s not just from the federal government—states are getting involved too.
FEDERAL ENFORCEMENT
On March 22, 2022, the FCC sent three more cease and desist letters to service providers that transited robocalls. That makes 18 different service providers that have received such letters over the past 12 months.
The letters went to the following providers:
Airespring
Hello Hello Miami
thinQ
The cease-and-desist letters require these service providers to:
Investigate and mitigate the unlawful traffic identified in the letter.
Report back to the FCC and Traceback Consortium within 48 hours on steps taken.
Implement safeguards to prevent their network from being used for illegal calls.
Report back to the FCC and Traceback Consortium within 14 days on steps taken.
If a provider fails to make adequate replies before these deadlines, downstream providers may begin blocking all calls from the providers. So far, all of the providers that have received cease and desist letters complied.
STATE ACTION
The Vermont AG filed a lawsuit in federal court on March 18, 2022, against a VoIP service provider for knowingly facilitating illegal robocalls. Key points:
Defendants were put on notice 132 times that they were facilitating illegal robocalls.
In monitoring their calls, defendants can see, in near real-time, that their call traffic consists primarily of illegal robocalls.
The complaint alleges violations of:
Telemarketing and Consumer Fraud and Abuse Prevention Act
Telemarketing Sales Rule
Telephone Consumer Protection Act
Vermont Consumer Protection Act
Vermont Telephone Solicitation Act.
Watch out for the state AGs. As predicted, they’re going after service providers.
ROBOCALL PENALTIES AND SETTLEMENTS
Here’s a list of recent settlement penalties invoked against service providers:
Alcazar Networks, $105,562 (FTC)
Globex Telecom, $2.1 million (FTC)
MODOK agreed to exit the telecom industry (Michigan AG)
JSquared Telecom, $225 million (FCC imposed fine after 7 state AGs joined in a lawsuit)
TAKEAWAYS
Voice service providers are being held accountable for illegal robocalls that originate on or transit their network.
When robocall allegations are brought before the Commission, they’ll force a provider to implement robocall mitigation within 14 days.
Failure to comply will put the provider out of business.
When illegal robocall transit patterns are found by a state AG, they’ll take the provider to court.
Penalties and settlements are significant.
The stakes are high.
March 22, 2022 -- In February, Federal Communications Commission Chairwoman Jessica Rosenworcel announced the addition of Colorado, North Carolina, Tennessee, and Vermont to the Commission’s list of robocalling investigatory partners, bringing the total number of states to 16.
In addition, she announced the execution of two Memoranda of Understanding (“MOUs”) between the state attorneys general of Colorado and Vermont and the Commission’s Enforcement Bureau. The MOUs facilitate the Commission’s goal of increasing collaboration between the Enforcement Bureau and all U.S. states and territories on robocalling mitigation efforts. Signing MOUs helps the Commission, as well as state attorneys general, build cases against robocallers by allowing the parties to share information necessary to build a record, interview targets, and review complaints. Further, the MOUs help safeguard against duplicative efforts during investigations where both a state and the FCC’s Enforcement Bureau may be pursuing the same entity or individual.
The news release notes that the Commission and eight state attorneys general cooperated in an investigation of a telemarketer who made nearly one billion illegal calls. The combined investigation resulted in the largest fine in FCC history, and a separate lawsuit against the target was filed in Texas.
In making the announcement, Chairwoman Rosenworcel reiterated the FCC’s commitment to stopping unlawful robocalls and helping protect consumers. However, the agency can, stating that “[p]rotecting consumers from robocall and spoofing scams is an everyday challenge for local, state, and federal law enforcement. By sharing information and closely cooperating on investigations, we can better protect consumers everywhere.”
The Chairwoman further noted that the FCC’s enforcement partnerships “have already paid dividends, and I know these new agreements will only further that success.”
The FCC Enforcement Bureau issued warnings to voice service providers that have apparently transmitted illegal robocalls on their networks. Recipients have 48 hours to stop facilitating this traffic or face all their traffic being blocked by other providers.
The FCC has carefully constructed the tools necessary to take swift and impactful action against bad actors – this means not only possible fines when violations occur, but also business consequences for those removed from the Robocall Mitigation Database.
To date, all recipients have quickly responded and committed to take actions to stop the flow of robocalls on their networks. That said, the FCC and its partners remain vigilant in monitoring these – and all – providers’ efforts to ensure unyielding compliance with consumer protection requirements going forward.
FCC Warns Robocall Facilitators to Remove Illegal Traffic - March 22, 2022
FCC Issues Robocall Cease-and-Desist Letter to Great Choice Telecom - February 10, 2022
FCC Issues Robocall Cease-and-Desist Letters to 3 More Companies - October 21, 2021
FCC Demands Two Companies Cease-and-Desist Illegal Robocall Campaigns - May 18, 2021
FCC Announces Push for Robocall Blocking Consumer Resources - April 13, 2021
FCC Issues Robocall Cease-And-Desist Letters to Six Voice Providers - March 18, 2021
Updated: Tuesday, March 22, 2022
The FCC’s Fourth STIR/SHAKEN Report and Order (“R&O”) went into effect on February 24, 2022.
The R&O shortens the current two-year extension for some categories of small voice service providers (“SVSPs,” those with 100,000 or fewer voice service subscriber lines) to fully implement the STIR/SHAKEN caller ID authentication standards.
In 2020 the FCC imposed its STIR/SHAKEN implementation deadline of June 30, 2021 for most voice providers and granted two-year extensions to SVSPs and voice providers that are unable to obtain the “token” necessary to implement STIR/SHAKEN. The carriers that took advantage of the extension were required to file Robocall Mitigation Plans (“RMPs”) by the original deadline and could wait until June 30, 2023 for full implementation.
In an effort to expedite the eradication of illegal robocalls, the FCC curtained the deadline for non-facilities-based SVSPs (i.e., those that offer voice services to end-users solely using connections that are not sold by the provider or its affiliates). Those entities are now required to fully implement STIR/SHAKEN in the IP portions of their networks by June 30, 2022.
Non-facilities-based resellers must incorporate the required analytics in the IP portions of their networks to deploy the necessary STIR/SHAKEN capabilities. There are also six required administrative steps such providers must take in order to be fully compliant.
The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients tackle their unique responsibilities. We can assist you with any and all of the steps necessary to make your firm fully STIR/SHAKEN compliant. As the FCC is actively enforcing its STIR/SHAKEN rules, it would behoove your company to obtain compliance sooner rather than later.
Steve Matlock tele 480-962-3890 or email: ASK@prescott-martini.com
Did you receive unwanted cell phone calls, text message spam, robocalls, prerecorded messages, or prerecorded voicemails from a car dealership?
You may qualify to join this class action lawsuit investigation.
The Telephone Consumer Protection Act (TCPA) is a federal law that was enacted in 1991 to protect consumers from telemarketers.
The TCPA protects consumers from unwanted marketing communications from companies via phone, cell phone, text, and fax.
It also limits the use of autodialers and robocalls. This includes text messages or robocalls from car dealerships.
Overview: Car Dealership TCPA Violations
As noted above, the TCPA protects consumers from unwanted marketing messages. Excessive phone and text marketing from companies is at best a nuisance to consumers and, at worst, can infringe on their privacy rights.
Recent complaints by consumers have reported that their car dealership won’t stop calling, identifying a range of TCPA violations through unwanted cell phone calls, text message spam, prerecorded calls, and robocalls.
Consumers say that they have been subject to thousands of these unwanted communications through their phones from a variety of car dealerships.
Read more: How to Join the Nationwide Do Not Call List
Unwanted Cell Phone Calls
Car dealership TCPA violations can include unwanted cell phone calls. Under the TCPA, for companies to make telemarketing calls, they must secure a form, signed by the consumer, that includes a “clear and conspicuous disclosure” that the consumer has agreed to receive the marketing calls.
Telemarketing has been defined under TCPA to include “the initiation of a telephone call or message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services.”
Telemarketing to consumers without proper express written consent, whether it is to sell a car or some other good or service, can be a TCPA violation.
Text Message Spam
The agency Congress delegated authority over the TCPA to, the Federal Communications Commission (FCC), issued a ruling clarifying that consumers are entitled to protection under the TCPA for text message communications as well.
This means that companies that send unwanted advertising text messages, text message spam, to consumers without prior express written consent can be in violation of the TCPA.
Robocalls and Automatic Telephone Dialing Systems
Robocalls and the use of automated dialing systems (ATDS) were called out as particular nuisances by Congress when it enacted the TCPA.
Robocalls refer to the use of prerecorded marketing messages that, while an inexpensive marketing tool for companies, consumers tend to find infuriating because there is not a real person on the other end of the call.
In addition to finding marketing calls using ATDS or robocalls, or a combination of the two, a nuisance, Congress also found the use of these tactics an invasion of privacy, costly, and inconvenient.
Further, in 2012, as the use of cell phones became more ubiquitous in most consumers’ lives, the FCC tightened the restrictions on automated phone calls prohibited by the TCPA.
The FCC issued an order requiring companies to obtain prior express written consent for automated telemarketing calls.
Car dealership TCPA violations can occur when a dealership uses either or both of these methods to contact consumers without their prior express written consent.
Car dealership TCPA violations can lead to steep fines for the company—up to $1,500 per violation if the unwanted marketing messages are found to be sent willfully.
Prerecorded Messages and Voicemails
The TCPA also prohibits car dealerships from sending prerecorded messages to your cell phone.
Recently, car dealerships have also started using what are known as “ringless” voicemails, which are prerecorded messages that are delivered to your phone’s mailbox.
A Chrysler dealership was hit with a class action lawsuit after it left ringless voicemails on the cellphones of consumers.
What are the TCPA Violation Penalties?
TCPA violations can result in a wide range of damages, with penalties resulting in costs of up to $500 per violation, while offenders of more serious violations can face penalties of up to $1500 per TCPA violation.
Where Can You Report TCPA Violations?
What can you do when your car dealership won’t stop calling? If you have received unwanted marketing calls from a car dealership that you have not provided consent for, then you can seek the help of a TCPA attorney to take potential legal action against the dealerships for violations of the TCPA.
If you have sent letters to the car dealerships revoking your consent for your number to be included in their automated marketing calls, then you may be able to use these letters as evidence to help prove your case.
Cases of Car Dealership TCPA Violations
Despite the strict rules, numerous car dealerships have been guilty of TCPA violations over the years, leaving consumers frustrated and determined to take action.
In April 2021, a North Carolina woman filed a nationwide TCPA class action lawsuit against a Chevrolet dealership in her state. According to the woman’s claims, the Chevy dealership left repeated pre-recorded voicemails on her phone despite not having permission to do so.
In 2019, a consumer from Maryland filed a class action lawsuit against a local Hyundai dealership with similar allegations under TCPA. The dealer allegedly called her without permission and used pre-recorded messages in violation of federal law.
Also in 2019, a Florida man filed TCPA claims against a Kia dealership. According to the Floridian, an Orlando Kia dealer sent unsolicited marketing messages and left him pre-recorded message without his consent.
A significant amount of prospective customers who have had their privacy breached have received compensation, illustrated in the various settlements over the years.
In 2019, a car dealership from Florida agreed to settle claims under TCPA. A dealership parent company agreed to pay $5 million to resolve claims that they sent unsolicited spam texts. Members of the class action were eligible to receive up to $180 each.
In 2018 another Florida dealership agreed to a settlement of $4.8 million after being charged with a robocall suit in breach of the TCPA.
In 2017 a Nissan dealership in Florida reached a $5.7 million settlement for a class action representing hundreds of thousands of consumers who had received unwanted calls.
In 2012 Lithia Motors Inc in Oregon agreed to a settlement of $2.5 million for sending out over 100,000 unwanted spam text messages to potential customers.
A proposed settlement with Allstate may provide payments of up to $450 to consumers who received “spoof” calls. The deal, if approved, would put an end to allegations that the company violated TCPA by using fake phone numbers to trick consumers into answering telemarketing calls.
BYGUY PAGEON MARCH 29, 2022 • ( 1 COMMENT ) Attorney General T.J. Donovan March 25 filed a civil lawsuit against Missouri-based company, Karabell Industries, and its owner, Eli Karabell, for making repeated illegal telemarketing calls and harassing state legislators to pay him exorbitant sums of money.
The lawsuit was filed in Washington Superior Court after numerous state legislators complained of receiving late-night phone calls from the Defendants who claimed to offer “government consulting services.” The Defendants then emailed state legislators proposing contracts and demanding payments of $18,500 per hour or even $48 billion. The Attorney General’s lawsuit alleges that the Defendants—who have ignored requests to stop—violated Vermont’s Consumer Protection Act and Telephone Solicitation Act.
“Companies that bring illegal calls into Vermont can expect to be held accountable,” said Attorney General Donovan. “My office will continue to investigate and bring charges against companies that are breaking the law and targeting Vermonters.”
On February 9, 2022, the Attorney General’s Office sent a cease-and-desist letter to the Defendants, who ignored it and continued contacting state legislators. The Attorney General is now seeking an immediate injunction to stop the Defendants’ harassing contacts. The lawsuit also seeks civil penalties and costs, alleging violations of Vermont’s Consumer Protection Act and Telephone Solicitation Act. Under those laws, it is illegal for telemarketers to: (i) solicit callers outside the hours 8am-9pm; (ii) call anyone who is already listed on the federal Do Not Call Registry; (iii) make repeated calls after a request to stop; (iv) make calls with the intent to harass or annoy; and (v) conduct telemarketing business in Vermont without being registered with the Secretary of State.
Today’s lawsuit is the latest action brought by the Attorney General’s Office in its ongoing fight against illegal calls. Last week, Attorney General Donovan announced a federal lawsuit against a California-based company, Telecom Carrier Access doing business as TCA VOIP, and its owner for knowingly bringing thousands of robocalls into Vermont. In 2021, the Attorney General settled with a Florida-based company, Strategic IT Partner, after the company routed thousands of illegal robocalls to Vermonters.
To report scams, complete the Consumer Assistance Program’s online scam reporting form or call 1-800-649-2424. To sign up for the federal Do Not Call Registry or to report telemarketing calls, go to https://www.donotcall.gov/
March 31, 2020 - Ok, so some TCPA basics this morning.
The TCPA has two primary provisions that lead to most of the lawsuits out there. First, you cannot use regulated technology–ATDS and prerecorded/artificial voice calls–to contact a cell phone without express consent. Second, you cannot make solicitations (marketing calls) to residential numbers on the DNC without express consent–even if the calls are made manually.
For some reason people confuse these rules from time to time. They think, for instance, that you can make B2B calls using regulated technology. Nope.
Or, for instance, that you can make prerecorded calls as long as they don’t contain marketing. Again, nope.
On that last piece the court in Duverger v. Rsch. Strategies, Inc., CASE NO. 21-CV-62465-RAR, 2022 U.S. Dist. LEXIS 57529 (S.D. Fl. March 29, 2022) made short work of a Defendant’s motion to dismiss a prerecorded call claim.
The Defendant had argued that the calls were not actionable because they were not marketing in nature. But the Court correctly determined that any prerecorded call to a cell phone triggers the TCPA if made without express consent.
Hopefully all of my gentle TCPAWorld readers know this already but–just in case–ALL prerecorded calls to cell phones must have express consent. Informational calls can be made without WRITTEN consent, but consent is still required.
The 2022 FCC Form 499-A (Annual Telecommunications Reporting Worksheet) is now available in E-File, USAC’s online filing system. The due date for filing the form is Friday, April 1, 2022.
FCC rules require all telecommunications service providers to file the FCC Form 499-A to report historical revenue data for your company. The 2022 FCC Form 499-A should be used to report revenue data for the period of January 1, 2021 through December 31, 2021.
Be aware that all de minimis filers ARE required to file the FCC Form 499-A, reporting 2021 revenues regardless of the amount.
Please note that failure to file this Form by the due date of April 1, 2022 will result in a late filing fee (minimum of $100/month.)
If you need help filling this form, contact the Prescott-Martini’s registration department at ASK@PRESCOTT-MARTINI.COM .
It looks like something has finally surpassed American’s disdain for robocalls–the high prices at the pump.
In a new poll released today by the Hedgehog Research Institute, Americans have made their (dis)pleasure known, and its not even close:
85% of respondents stated that they disliked high gas prices more than robocalls. Only 8% disagreed and found robocalls to be worse. 4% were undecided and 5% stated they don’t know how polls or percentages worked and didn’t want to have any part in our nonsense.
The poll was conducted between March 28 and 31st and–as with most polls–scientifically includes only respondent who actually answered the phone.
Also, the poll was not conducted randomly–as that would have converted the dialing platform used to conduct the poll into an ATDS–and so poll recipients were hand chosen based upon people who filled out forms online.
Relatedly, 5 serial litigants have already filed suit claiming they did not actually provide their consent.
To confirm the poll’s findings the TCPAWorld crew interviewed a few consumers on the street, all of whom seemed to agree with the poll’s findings.
“I’d agree to 10 robocalls a day if I could just get $1.00 off a gallon of gas” Said Bob Marks while standing in a 2 hour line for Costco gas. “I used to think robocalls wasted my time, but this is a waste of time. Thank goodness I have TCPA Today audio renderings of TCPA.World articles to help pass the time.”
Another consumer had similar sentiments.
“When I used to receive robocalls I used to curse the guy out.” Says Molly Mims “Now I ask if he knows where the cheapest gas in my area is.”
A final consumer had this to say: “Czar you’ve helped so much with the robocall epidemic and in stamping out fake lawsuits, can you help us with gas prices too?” Asked Sally Cordoba. “Either way I love reading your easy to read breakdowns of the impossible to understand telecom law here in the United States.”
Congress looks to be acting fast in the face of shifting consumer sentiment. Senator McHenry (I. Ab.) introduced the P.U.M.P.E.D. bill (People are Upset over being Made to Pay for Expensive Diesel and other kinds of gas), which is actually a better named bill than most of the things Congress has come up with lately. The bill promises to cut down on gas prices by forbidding oil companies from setting gas prices using a random or sequential number generator.
Also, basically everything in this article is made up. Probably. Happy April Fool’s day folks!
Nearly half the states are joining forces with the Federal Communications Commission to boost the law enforcement fight against scam robocalls.
The 22 states have signed memoranda of understanding with the federal agency that will strengthen their partnerships in the battle against spoofing and robocalls that try to trick recipients into buying unneeded products or services. (Spoofing happens when a spam call appears to come from a trusted or local number.)
The partnerships open information sharing between the agencies, prevent duplication and allow states to use federal help with subpoenas and other investigative tools, the FCC said. The FCC also has existing agreements with robocall-blocking companies that states can use.
“The FCC and these state leaders share a common enemy: robocall scammers targeting consumers and businesses around the country,” said FCC Chair Jessica Rosenworcel in a news release.
The six most recent states to sign on are Connecticut, Idaho, Kentucky, Minnesota, New Jersey and Wyoming, along with the District of Columbia.
“My team’s commitment to protecting consumers fits hand-in-glove with state Attorneys General’s ongoing efforts to combat these scams,” Rosenworcel said.
Idaho’s attorney general, Republican Lawrence Wasden, said the cooperation between states and the federal agency will help more effectively investigate robocalls and their perpetrators, who have proven elusive and hard to stop.
“Robocalls are a global problem and individually we as states are not equipped to tackle such an enormous issue,” Wasden said in a news release. “But there’s force in numbers and when we team up with other states and federal agencies like the FCC, we’re much more effective. Robocalls are a plague and combatting them takes an all-hands-on-deck approach.”
The Federal Trade Commission reported that in the fourth quarter of last year, it received about 89,000 reports of phone call fraud, with nearly $157 million in reported money lost. Phone calls made up a quarter of the fraudulent contacts with consumers in the period.
YouMail, a private company that sells call-blocking software and tracks the estimated number of calls, reported 3.8 billion unwanted robocalls in February, down from 3.9 billion in January, but still amounting to 134 million a day, which averages out to 11.5 calls per person with a phone in that month.
by Eric J. Troutman - aPRIL 6, 2022
The McCurley v Royal Seas TCPA case is the stuff of legend.
Bad legends. Like ghosts in dungeons. Or Morbius.
It was the first certification ruling looking at calls to purported fraudulent leads. And the defense counsel ended up engaging in unethical conduct that resulted in sanctions.
Yet somehow the Defendant pulled off a “miraculous” win with a summary judgment victory–the court finding that the cruise company was not liable for the acts of the company it paid to generate warm transfer phone calls.
But that just changed on appeal when the Ninth Circuit realized consumers had likely endured over 20MM robocalls so that a cruise company could sell 560 tickets.
Good lord.
So some background here.
Sellers of products–like cruises–will often pay companies (called lead generators) to generate inbound phone calls for them. The lead generator will do…stuff… to get consumers on the phone, and then transfer interested consumers to the seller of the product.
Here the lead generator was a company called Propsects. And the “stuff” they were supposed to do was run websites like http://www.diabeteshealth.info and http://www.yourautohealthlifeinsurance-
.com. These websites supposedly had consent forms allowing Prospects to call consumes who accepted the disclosures to sell Royal Seas’ cruises. Once the consumer was on the phone and expressed interest Prospects would then transfer the call to Royal Seas.
Supposedly using this process Prospects generated calls for Royal Seas. Tons of calls. Millions of calls over a two year period.
Now if this seems odd to you, it is.
In the first place, what do websites about insurance and diabetes have to do with cruises?
Set that aside, do millions of people really visit these websites? And do millions of people really agree to be contacted about cruises on these sites? And do millions of people then stay on the line to be transferred to a cruise company?
While the answer to these questions might be some form of yes–not impossible–consider the final piece to the puzzle: only 560 people actually bought cruises from all of these millions of calls.
560.
That folks is why we have a robocall problem in this country. And ef="https://tcpaworld.com/2022/03/30/setting-standards-responsible-entities-against-consumer-harassment-r-e-a-c-h-trade-group-getting-closer-to-reality/" >that folks is why there is so much interest in R.E.A.C.H.–when a lead generator has to make 35,710 calls to make one sale something is very wrong.
And this was not lost on the Ninth Circuit Court of Appeals.
In a new opinion out yesterday the appellate court found that the lower court got it wrong. The opinion is found here McCurley
The Ninth Circuit found that on the facts described above–all of which Royal Seas knew about–a jury could conclude that it knowingly ratified illegal conduct by the lead generator. Critically for lead buyers the Court cast doubt on the claims that millions of people had really gone onto these obscure websites:
Royal Seas also knew that it received 2.1 million warm-transferred calls from Prospects between January 2017 and June 2018. Royal Seas knew that TCPA compliance required each call to be to an individual who had previously “agreed” to be called by Royal Seas by clicking “next” after submitting personal contact information and seeing a consent box on websites such as http://www.diabeteshealth.info and http://www.yourautohealthlifeinsurance- .com. Royal Seas knew that the calls Prospects placed to individuals who had allegedly consented by checking forms on the website http://www.diabeteshealth.info generated 80,081 warm transfers to Royal Seas in 2017. The plaintiffs submitted expert testimony that this number of transfers, which was only a subset of the calls Prospects placed, from this lead-generation website during this period is implausible at best.
Again, keep in mind 2.1MM warm transfers likely means that 10 or 20 times that many calls were made to get that many people on the phone. So upwards of 20MM calls were likely made as part of this campaign.
And as I teased above, the number of sales here was miniscule:
Royal Seas also knew that of the 560 customers whom Prospects warm- transferred and who made purchases from Royal Seas, 13 percent had phone numbers that did not match the customer consent data that Prospects had provided to Royal Seas, and 31 percent did not have a matching phone number and last name.
The court’s point here is that the data supplied by prospects wasn’t accurate.
But my point here is that only 560 sales occurred–again on 20MM calls.
This is not ok people.
It is little wonder that the Ninth Circuit sent the case back for the jury to consider. The Court determined that a jury may find Royal Cruise ratified–ie knowingly accepted–the benefit of Prospects’ calls while turning a blind eye to the “implausible” call volumes these folks were generating.
Since the case was previously certified Royal Cruise is now looking at a trial for MINIMUM $1BB.
All for 560 sales.
I don’t know what to say.
I’m a defense lawyer. And I love my clients. They take compliance seriously. And despite their massive footprints, they face only relatively rare suit–and most of those are meritless. This is because they operate in a lawful and compliant manner–looking to only connect with consumers who actually want their products.
Direct to consumer marketing CAN BE DONE in a legal way that helps consumers
But as McCurley seems to demonstrate it can also be done in horrendous fashion. And Americans are far too familiar with this sort of misconduct. It is coloring policy in this nation–from the FCC seeking more authority to combat robocalls from Congress to a slew of new state law prohibitions.
And its only going to get worse if the lead generation industry doesnt up its game. RIGHT NOW.
Also, a word to the wise–if you’re a lead buyer make sure that the volume of calls and data leads a generator/aggregator is providing you is consistent with their apparent market footprint, the quality of their ad spend and URLs. if you’re getting millions of calls from “bobsleadshack.com” you better ask yourself why. Your contracts won’t save you, as MCCurley now establishes.
I’ll continue preaching. But please help spread this gospel.
APRIL 13, 2022 - Dubbed the eavesdropping scam, this ruse is a clever bit of social engineering.
Hiya calls it the eavesdropping scam because the caller is heard talking to another person, “I’m trying to get ahold of them right now.” It’s as if the victim is eavesdropping on the scammer.
That’s the hook.
The rest of the scam call is vague by design. It doesn’t use any of the typical fraud-related keywords found in other robocall patterns.
The called person is left wondering what that was all about. Why was it so important to get ahold of me now? So, they call back.
When the victim returns the call, they’re connected with a scammer who attempts to commit a fraud scheme, such as tax relief services.
WHAT ABOUT STIR/SHAKEN?
The robocallers do not use spoofed numbers. In fact, over half of the eavesdropping scam robocalls observed were signed with either partial (B) or gateway (C) attestation using STIR/SHAKEN.
Ouch.
We’ve been following a related trend in our monthly reports on STIR/SHAKEN statistics. For example, in March 2022, calls signed with B or C attestation were three times more likely to be robocalls than other calls—even unsigned calls.
Digging into these signed robocalls a little deeper, we found that many were signed by a downstream provider on behalf of the Originating Service Provider (OSP). The downstream provider signed them using their own SHAKEN certificate.
These OSPs often claimed a complete SHAKEN implementation in the Robocall Mitigation Database. However, they aren’t listed as a SHAKEN-authorized provider on the STI Policy Administrator website. How does a provider do STIR/SHAKEN if they aren’t approved? Sure, their calls eventually get signed, but not by them, and not with their SHAKEN certificate—they don’t have one.
So, the OSPs aren’t doing either SHAKEN or robocall mitigation. The downstream provider knows very little about the calls they’re signing.
It’s a huge gap in robocall defense. Many robocallers are exploiting it.
The eavesdropping scam is yet another demonstration that STIR/SHAKEN doesn’t prevent unlawful robocalls. It prevents spoofing the calling number, if enough calls are signed. In this scam, the calling number wasn’t spoofed, and the robocalls were signed.
Further details are available in the Hiya press release.
Corrective action
Here are steps that would strengthen the defense against unlawful robocalls:
APRIL 20, 2022 - Using the Reassigned Numbers Database can be very expensive. Not using it can be even more expensive. Can this be fixed? This article reviews the problems and proposed changes made in a recent waiver request.
The filing was made by Hustle, a peer-to-peer text messaging business. Hustle’s filing is a request for waiver on the fee structure.
What’s wrong with the fee structure? Let’s look at how the RND works, then consider how that affects some callers.
The RND is updated monthly with data from telephone number service providers:
The RND is checked by callers, or their agents, to avoid calling numbers that were disconnected and may have been reassigned.
Checking the RND gives callers some liability protection from TCPA lawsuits. If a caller calls reassigned numbers and did not check the RND before these calls, then their legal risk is huge.
When a caller checks the RND, they provide:
The Company ID is very important. It’s used to record that that company checked that phone number before calling. It gives that company liability protection from TCPA lawsuits.
The RND query result will be Yes, No, or No Data. The No result is the important one—it means that the number was disconnected since the date of prior consent. The caller should not call that number.
The Yes result means that the number was disconnected, but the most recent disconnect date is before the date of prior consent. No Data means the number wasn’t found in the RND and hasn’t been reported as disconnected. With either result, it’s ok to call.
In their waiver request, Hustle identified a few issues that make the RND quite expensive:
For these reasons, a messaging service like Hustle would require a RND subscription for 30 million queries per month or more, which would cost $30,000 per month.
Hustle provided a range of suggestions to make the RND affordable:
Would the proposed changes work?
The threat of expensive TCPA lawsuits and the safe harbor afforded by checking the RND are powerful incentives to use it. Safe harbor protection drives everything.
The current RND process provides an audit trail for RND usage by calling company ID. If RND usage weren’t logged for each company, how would they prove that they checked the RND? How would a court decide that the caller deserves safe harbor protection?
The proposed changes would provide a more efficient process, but they wouldn’t provide an audit trail for safe harbor eligibility. There goes the motivation.
Extending the 45-day aging period might help a bit, but it seems unfair to ask telephone number providers to sit on unused numbers for too long.
Is there another way to make the RND affordable while preserving the incentive for using it?
Why not just lower the price?
Are the current prices necessary to cover the costs of the RND? Are there more cost-effective ways to keep the RND up and running?
April 22, 2022
Clever, these telemarketers.
I've had a calls each day this week where a live agent is waiting for live voice to answer the call, and when detected, starts its IVR pre-recorded message.
This of course beats the TCPA rule against pre-recorded telemarketing messages, but does not beat the rules against the necessity for caller opt-in, nor for obviously not scrubbing against the Federal DNC listing.
Here are the 1+ rules we have on our networks:
TCPA compliance rules for Prescott-Martini 1+ routes:
• We block all pre-recorded calls, unless the customer has specifically requested legal exemptions that apply to information services, non-profits, political calls, or those in an existing business relationship where the party previously agreed to accept robocalls from the business;
• We block all cell phone numbers used as ANIs on short duration routes;
• We block call homing, where caller IDs are the same as the dialed number;
• We monitor calls for TCPA compliance, and close the route if found in blatant violation, and we will consult with you on minor violations;
• All calls must have stir/shaken tokens attached whether we have issued those, or not;
• Calls must be scrubbed against the Federal Do-Not-Call data base;
· Telemarketers must only call those with whom they a prior opt-in (i.e., the called party has agreed, in advance and in writing, to accept a robo-call from the specific business calling him);
• All call generators must have FCC 499 and Robocall Mitigation Database (RMD) registrations including foreign call generators who use U.S. DIDs.
• After June 30, 2022, all intermediate carriers must be registered in the RMD.
April 18, 2020 by Alan Percy, CMO TelcoBridges
If you are old enough to remember the Spy vs. Spy comics in Mad Magazine, you’ll also remember a time when the phone rang, you just answered it. No robocalls to worry about. With the advent of VoIP, we inadvertently created the robocall. The TRACED Act mandated STIR/SHAKEN, and you’d think the aggressive illegal robocallers would be a thing of the past. Instead, it has become a game of Spy vs. Spy.
We can see a troubling trend where robocalls continue to be passed, with the majority of the robocalls getting SHAKEN attestation. So how can this be?
An anecdotal story came to us recently from the Cloud Communications Alliance, showing how illegal calling gets into the North America network, and worse, does so without paying.
Here’s how the scam works:
What can we learn from this?
WASHINGTON, April 27, 2022—Today, FCC Chairwoman Jessica Rosenworcel proposed new rules to combat international scam robocall campaigns from entering American networks through gateway providers – the on-ramps for international call traffic. This is part of the Chairwoman’s agenda to close the avenues by which robocall scammers are using gateway providers to circumvent accountability and reach American consumers.
These new, stringent compliance requirements for gateway providers will complement other FCC efforts like ending the exception to STIR/SHAKEN implementation afforded to certain small carriers and FCC demands that providers cease-and-desist from carrying illegal robocall traffic.
“We are all sick of international scam robocalls. The FCC is taking action to fight back,” said Chairwoman Rosenworcel. “International robocallers use these gateways to enter our phone networks and defraud American consumers. But no more. We won’t allow them to bypass our laws and hide from enforcement.”
The new rules, if adopted at the FCC’s May 19 Open Meeting, would require gateway providers to participate in robocall mitigation, including blocking efforts, take responsibility for illegal robocall campaigns on their networks, cooperate with FCC enforcement efforts, and quickly respond to efforts to trace illegal robocalls to their source. Under the proposed Report and Order, non-compliance by a gateway provider would result in that provider being removed from the Robocall Mitigation Database and subject to mandatory blocking by other network participants, essentially ending its ability to operate.
The FCC will also consider a Further Notice of Proposed Rulemaking to seek comment on a requirement to expand robocall mitigation requirements for U.S.-based intermediate providers.
April 27, 2022 -0 A creative regulatory approach to prevent robocalls has been proposed to the FCC. Would it work?
This approach was suggested by ZipDX in a recent series of meetings with Commission staff advisors and in their ex parte notification filings. The proposal includes the following:
The ZipDX proposal describes the economic drivers of illegal robocalls:
Intermediates, gateways, terminating providers get about $75 million US annually to deliver illegal robocalls. ZipDX dubs this “trickle-down robonomics.”
These providers have great visibility into illegal robocalls, but they have incentive to look the other way.
Hold each provider in the call path accountable for illegal calls. Collect stiff penalties for carrying illegal call traffic. This changes each provider’s risk/reward calculation.
ZipDX proposes specific measures to identify risky traffic. These measures are based upon call duration, as follows:
TypeAverage DurationCalls < 1 MinuteConversational> 3 minutes50%Dialer< 1 minute95%
Conversational calls typically last more than three minutes; about half of these calls last less than a minute.
Dialer traffic, on the other hand, has average duration less than a minute; 95% of calls are less than a minute. The ZipDX proposal estimates that perhaps half of dialer traffic includes illegal robocalls.
ZipDX maintains that these stats are easy to monitor by each provider along the call path. Each provider would be motivated to set up a reporting system that identifies suspicious traffic.
2. Hold each provider along the call path accountable for dialer traffic that it accepts.
It’s encouraging to see a specific, detailed proposal that squarely addresses the underlying economic reality.
And it’s helpful to see a knowledgeable observer draw a clear line in the sand with proposed benchmarks to classify conversational and dialer traffic. The proposal applies these standards to averages calculated over hundreds of thousands, or millions, of calls. A provider would not be able to hide much dialer traffic from these averages.
But who would see these averages? A well-intentioned provider could perform the calculations to identify suspicious traffic. A bad actor, however, knows they’re carrying dialer traffic—they don’t need to see the stats.
Neither the FCC nor the Robocall Traceback Consortium could see the stats.
But the next downstream providers would. They would have incentive to monitor call duration. Their risk/reward appetite may be different. They may not want to risk stiff penalties.
Perhaps the risk of enforcement action would compel enough providers to monitor suspicious traffic and question upstream providers who send it. This is the economic leverage that the ZipDX proposal aims to unleash.
APRIL 27, 2022 - The FCC announced that they will vote in their next meeting to require gateway providers to implement STIR/SHAKEN and perform robocall mitigation. Let’s review the specific rules, proposed deadlines, and possible last-minute changes.
Proposed rules
In these rules,, gateway providers must:
The rules apply to gateway service providers. A gateway provider is defined as:
The first U.S.-based intermediate provider in the call path of a foreign-originated call that transmits the call directly to another intermediate provider or a terminating voice service provider in the United States.
The Commission has scheduled a vote on these rules during their open meeting on May 19, 2022.
Compliance deadlines
The proposed compliance deadlines were:
There has been an ongoing debate on the proposed rules. Here are a few examples, along with our guesses for what might happen. Place your bets.
What about the compliance deadlines?
Will the adopted rules require STIR/SHAKEN implementation by March 23, 2023?
We have no idea. It’s certainly possible for a provider to implement STIR/SHAKEN in much less time. We have lots of experience helping providers do this.
However, the Commission has been very accommodating in allowing more than ample time to implement STIR/SHAKEN. They’re worried about imposing an undue burden on providers, especially small providers.
So, we don’t know when the final SHAKEN compliance deadline will land.
The 30-day deadlines for robocall mitigation might seem fast. However, we must allow another three weeks or so for the rules to be published. Providers could be looking at a two-month runway to robocall mitigation compliance. That seems doable, except for new contractual provisions, which might take some time.
The Federal Trade Commission today took action against Voice over Internet Protocol (VoIP) service provider VoIP Terminator, Inc., a related company, and the firms’ owner for assisting and facilitating the transmission of millions of illegal prerecorded telemarketing robocalls, including those they knew or should have known were scams, to consumers nationwide. Many of the calls originated overseas, and related to the COVID-19 pandemic, with the defendants allegedly failing to act as a gatekeeper to stop them from entering the country.
Acting on the Commission’s behalf, the U.S. Department of Justice filed the complaint announced in federal district court, along with an order permanently stopping the defendants from such illegal conduct. The order also includes a suspended civil penalty of more than $3 million.
“These defendants helped scammers blast millions of illegal robocalls into our homes,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “This is our third case in the last two years against VoIP service providers, who should take note of what happens when they ignore the law.”
The FTC’s complaint alleges Florida-based defendant VoIP Terminator, Inc., Virginia-based defendant BLMarketing, Inc., and the companies’ owner Muhammad Usman Kahn facilitated violation of the FTC’s Telemarketing Sales Rule (TSR) during their operation as a VoIP service provider.
Specifically, according to the complaint, the defendants continued to provide VoIP services to customers despite knowing or consciously avoiding knowing the customers were: 1) using the services to place calls to numbers on the FTC’s Do Not Call (DNC) Registry; 2) delivering prerecorded messages; and 3) displaying spoofed caller ID services to callers involved in scams related to credit card interest rate reduction, tech support, and the COVID-19 pandemic.
The FTC’s proposed order settling the complaint requires VoIP Terminator to:
While the order imposes a $3,256,190 judgment against the defendants, it has been suspended based on the company’s inability to pay.
The Commission vote to authorize the staff to refer the complaint to the DOJ and to approve the proposed consent decree was 4-0. The DOJ filed the complaint and proposed consent decree on behalf of the Commission in U.S. District Court for the Middle District of Florida.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
April 28, 2022 Washington, D.C. – Reps. John Curtis (R-UT-03), Bob Latta (R-OH-5), Mike Doyle (D-PA-18), Tom O’Halleran (D-AZ-01) introduced the Robocall Trace Back Enhancement Act. Their bill would strengthen privately led efforts to trace back the origins of irritating and illegal robocalls while holding scammers and complicit bad actors accountable.
The Robocall Trace Back Enhancement Act provides protection for providers who share information relating to suspected fraudulent, abusive, or unlawful robocalls; illegally spoofed calls; or other illegal calls to registered organizations helping to trace back the origin of these suspicious robocalls.
“As robocalls become more sophisticated, we must ensure that our federal agencies and business partners have the power to keep up with their techniques,” said Curtis. “Through the Robo Trace Back Enhancement Act, we are working to hold these bad actors accountable for their actions and prevent them from taking advantage of our most vulnerable citizens.”
“Robocalls plague every American household, and Ohioans in the Fifth District are sick of answering illegal and annoying scam calls,” said Latta. “These kinds of calls are a shameful tactic put out by bad actors hoping to prey on our most vulnerable populations, especially senior citizens. We made significant strides in Congress to protect consumers from scams and fraud with the TRACED Act, which was signed into law in 2019. But as time passes, bad actors are constantly morphing their tactics in an effort to continue with their illegal scams. I am proud that with the Robocall Trace Back Enhancement Act, we can build upon our work to stop bad actors in their tracks and protect the American people from their schemes.”
“In 2019, Congress enacted the TRACED Act to cut down on robocalls,” said Doyle. “Today we are taking another step to combat robocalls and the individuals who perpetrate them. The Robocall Trace Back Enhancement Act would create more tools to trace these calls back to the individuals who make them. With these new tools, the people who make robocalls would have no place to hide.”
“Like so many Americans, I receive countless robocalls every week, often from spoofed numbers that appear to be dialing from just down the road,” said O’Halleran. “These calls are not only a nuisance but are often designed to trick the most vulnerable into sharing personal information, perpetuating fraud and identity theft. I’m proud to join this bipartisan group to introduce commonsense legislation that stops bad robocalls, ensures providers can track down bad actors, and protects vulnerable Arizona seniors.”
“Traceback efforts have played a central and ever-growing role in the battle against illegal robocalls. This important legislation is critical to the millions of victims of illegal robocalls because it will help empower the FCC’s registered consortium to traceback illegal calls and more effectively share actionable information to get these illegal calls off of the networks,” said Brandon Heiner, USTelecom’s Senior Vice President, Government Affairs. “We thank Representatives Doyle, Latta, O’Halleran and Curtis for their leadership on this important bill to support the critical fight against illegal robocalls. The robocall battle won’t be won overnight, but this bill will help supercharge the fight against a determined enemy.”
U.S. Senators John Thune (R-SD) and Ed Markey (D-MA) introduced companion legislation in the United States Senate.
Combatting Illegal Robocalls
Background: Stopping illegal robocalls is one of the Commission’s top consumer protection priorities.
Illegal robocalls that originate abroad present a particular problem because of the difficulty in reaching foreign-based robocallers and the foreign voice service providers that originate their traffic.
The Gateway Provider Report and Order (Gateway Provider Order), Order on Reconsideration, Order, and Further Notice of Proposed Rulemaking (Further Notice) address the issue of illegal calls from multiple angles.
What the Gateway Provider Order Would Do:
• Require gateway providers to submit a certification and mitigation plan to the Robocall
Mitigation Database describing their robocall mitigation practices and certifying that they are adhering to those practices.
• Require gateway providers to implement STIR/SHAKEN to authenticate unauthenticated Session Initiation Protocol (SIP) calls that are carrying a U.S. number in the caller ID field.
• Adopt several robocall mitigation requirements for gateway providers, including a 24-hour traceback request response requirement, mandatory blocking requirements, “know your upstream provider” requirement, and general mitigation standard.
What the Order on Reconsideration Would Do:
• Require domestic providers to accept calls carrying U.S. NANP numbers only from foreign originating and intermediate providers registered in the Robocall Mitigation Database, and resolve petitions for reconsideration and end the stay of enforcement of the rule.
What the Further Notice Would Do:
• Propose and seek comment on a number of further steps the Commission can take to combat illegal robocalls, including: extending requirements for authentication and filing in the Robocall Mitigation Database, enhancing the affirmative obligations of providers to stop illegal calls, requiring additional measures for robocall mitigation, enhancing enforcement mechanisms, and other related issues aimed at closing existing potential loopholes.
MAY 11, 2022 -- The FCC will consider a draft order during their open meeting on May 19, 2022. There are many moving parts in this order. Here are the highlights.
The 133-page document discusses rules for both robocall mitigation and STIR/SHAKEN. It includes:
Many of the provisions in the draft were included in a Further Notice of Proposed Rulemaking (FNPRM) from October 2021. However, there are several new topics included in this draft document that emerged from ongoing discussions and ex parte filings with the Commission since then.
The order would require gateway providers to:
This order would resolve quirks in previous rules. Previously, domestic providers could only accept foreign-originated calls with U.S. NANP calling numbers received directly from voice service providers that are listed in the RMD.
What are the quirks? “Voice service providers” are defined in the rules as providers that serve end users. Gateway providers almost never receive foreign-originated calls directly from foreign voice service providers. They receive calls from intermediate providers.
Because of this, the listed-in-the-RMD requirement would rarely (okay, never) be enforced. It just doesn’t happen that way. For this reason, the FCC invoked a stay of enforcement on this rule.
The Order on Reconsideration would fix that. It says that domestic providers may only accept calls with U.S. NANP calling numbers directly from foreign-originating or intermediate providers listed in the RMD. Just two words, “or intermediate,” would fix it.
The order fixes a typo and defines an acronym in a previous order. Let’s move on.
The Commission asked for feedback on a whole slew of proposed rules. The proposed rules would require all U.S. providers to:
The FNPRM asks for comment on other topics:
See the robocalls and SHAKEN draft order for more details.
Our thoughts
The gateway provider order clears up some open questions when these rules were first proposed last October. The adjustments seem reasonable.
The order on reconsideration fixes a glaring problem and is a welcome change.
We think the FNPRM is the most interesting part of this document. It contains proposed rules that many have been advocating for a long time:
May 16, 2022 -- by Eric Troutman. I see confusion from time to time on whether a call to a business number can violate the TCPA.
The short answer is: “yes and no.”
As hopefully everyone knows, the regulated technology portions of the TCPA (227(b)) apply to business cell phones. So even if a cell phone is used for business purposes, a caller still must have consent to leverage either an ATDS or a pre-recorded/artificial voice message to call such numbers.
On the other hand, calls to business numbers cannot trigger the TCPA’s DNC provisions–those only apply to residential numbers (which include cell phones, but not business lines.)
In KYLE MIHOLICH v. SENIOR LIFE INSURANCE COMPANY, Slip Copy2022 WL 1505865 (S.D. Cal. May 12, 2022) the Court broke these rules down pretty well and gave a couple of additional nuanced (correct) rulings here.
The Miholich case involved a reconsideration request by a Defendant that had already lost a motion to dismiss. The Defendant argued that the complaint failed to state facts demonstrating it had made the calls at issue. But since the Complaint literally alleged that the Defendant had made the calls at issue… well, it lost.
It also lost on the issue of whether or not the Plaintiff’s phone was a business phone. On the one hand the Defendant showed that the Plaintiff had registered the number as a business number with a state insurance website. On the other hand the Plaintiff swore he also used it as a personal number. And that fact–that Plaintiff also used the number for personal purposes–was sufficient to create a jury question that had to go to trial.
So some additional rules to keep in mind here:
So you bring all this together and the TCPA DNC rules are REALLY tough for B2B folks to comply with in the absence of consent. Even if you think you are calling a business number and there is evidence it is a business number and you are calling for a business purpose –you are still not safe. As Miholic demonstrates. Happy Monday!
By Ryan Tracy – Wall Street Journal - May 19, 2022
WASHINGTON—U.S. phone companies that connect robocalls from overseas would have to block calls when ordered to do so under new rules adopted Thursday by the Federal Communications Commission, in the latest government effort to end a deluge of illegal calls.
For years, government and industry officials have known that a small group of relatively obscure telecom providers act as a conduit for millions of scam calls that annoy—and sometimes defraud—Americans. These companies, known as gateway providers, transfer calls that originate overseas onto the U.S. telephone network.
The new FCC rules require that these companies register with the agency and adopt a robocall mitigation program, including monitoring for illegal calls and blocking other phone companies that have been flagged by authorities as transmitting potentially illegal calls. Eventually, if they don’t act to curb illegal calls, they could be blacklisted by the FCC and cut off from the telephone network.
“We need to cut these calls off before they reach our shores, our homes and our phones,” FCC Chairwoman Jessica Rosenworcel said Thursday.
Telecom industry groups generally support the FCC’s anti-robocall initiative and have urged the agency to consider rules similar to the ones adopted Thursday.
The federal government’s efforts to target gateway providers have been under way since at least 2019, following the creation of an industry group that traces illegal calls. Call traces are necessary because the modern telephone system consists not just of giants such as AT&T Inc., but also of a web of small, internet-based providers, some of whom specialize in routing calls in bulk. A phone call can bounce between eight companies or more before reaching its destination.
Call-tracing data from the trade association USTelecom’s Industry Traceback Group revealed that small U.S. providers were significant conduits for illegal calls.
Based in part on that data, the FCC has begun publicly identifying some of the companies as sources of robocalls and demanding they stop or face sanctions. The Federal Trade Commission, Justice Department and state attorneys general have brought cases against telecom providers for facilitating robocalls.
Yet robocalls persist. YouMail Inc., which tracks robocalls through a smartphone app, estimates nearly four billion were placed in April.
Many robocalls come into the U.S. from overseas, bearing a U.S. number in the Caller ID field. That kind of call can have a legitimate use, such as when a company’s foreign-based customer-service representative wants to contact a U.S. customer. But such calls are an attractive way for scammers to pose as legitimate.
The FCC is trying to construct a regulatory regime that it can use to cut off providers repeatedly identified as conduits of illegal calls. The rules, adopted Thursday in a bipartisan and unanimous FCC vote, impose a series of new obligations on phone companies involved in bringing foreign-originating calls onto the U.S. network.
Central to the regime is a requirement that these companies register with the FCC and take steps to stop illegal calls—whether the companies are based in the U.S. or not. If the agency decides a company isn’t doing enough to mitigate the problem, it can direct other providers not to take the companies’ call traffic.
“That’s a significant mechanism that the FCC could leverage,” said Kevin Rupy, a telecommunications lawyer at Wiley Rein LLP. Such an FCC action, he said, would effectively mean “you’re out of the voice business.”
One aspect of the regulation caused a stir. Last year the trade group CTIA, whose members include Verizon Communications Inc., AT&T, and T-Mobile US Inc., asked the FCC to delay the rules for foreign-based telecom providers, saying the rules could cut off legitimate calls from Americans traveling abroad. The FCC rejected the CTIA petition Thursday, calling the concerns overstated. CTIA declined to comment.
The new rules governing overseas calling will take effect in the coming months, and the FCC is considering further proposals to close what it called potential loopholes.
MAY 18, 2022 - Telecom fraud is a big problem in China. The latest response by a large telecom service provider is the most severe action yet. Will it work, or will users just find other ways to communicate? Let’s have a look.
China Mobile will begin blocking all calls and text messages from overseas by default from May 20, 2022. Customers will have to opt in to receive international calls and text messages.
This seems heavy handed. Why so harsh?
Other Chinese service providers began blocking text messages from overseas by default in 2021. China Mobile has raised the ante by blocking all international calls and text messages by default.
Will this tactic fix international telephone service in China or hasten its demise?
“This won’t affect that many people, since many of us don’t use the international phone system anymore,” said Frank Tsai, the founder of China Crossroads, in a report by Sixth Tone. The same article recounts a Chinese student in the U.K. who said she usually uses the messaging app WeChat to contact her parents but relies on the phone during emergencies.
“As increasingly more people gain access to the internet, international calls and text have become less relied on,” reports That’s Mag.
Service providers, regulators, and law enforcement must find ways to sustain trust in telephone service, preferably without shutting portions of it down.
Marriott International, Inc. today filed an amended lawsuit in federal court in Virginia to name ten defendants responsible for fraudulent “robocalls” and other misuse of Marriott’s name.
The suit claims the defendants are engaging in deceptive and abusive telemarketing practices and using the Marriott brand for their own commercial gain. This filing amends a lawsuit initiated last year against unknown (“John Doe”) perpetrators.
According to the YouMail Robocall Index, American consumers received tens of billions of robocalls in 2021, pushing assorted products and services including phony Marriott offerings. To induce consumers to purchase certain promotions, robocallers and others misusing Marriott’s brand falsely represent that they are agents or employees of Marriott, harming consumers and the company’s reputation.
“Marriott International is taking the next step in our fight to shield consumers from the harassment and frustration of robocalls that fraudulently use Marriott’s brand name,” said Rena Hozore Reiss, Executive Vice President and General Counsel, Marriott International. “Through this lawsuit, we are seeking to hold accountable those who are engaging in or facilitating these improper and deceptive robocalls and protect our valuable brand name.”
New Rules Enlist Gateway Providers In the Fight Against Illegal Spoofing and Robocalling
WASHINGTON, May 19, 2022—The Federal Communications Commission today adopted new rules to stop illegal robocalls that originate overseas from entering American phone networks. The new rules on gateway providers – the on-ramps for international call traffic – institute stringent compliance requirements to ensure that these providers comply with STIR/SHAKEN caller ID authentication protocols and require that they take additional measures to validate the identity of the providers whose traffic they are routing.
International robocall scams are widely understood to be a huge part of the robocall and spoofing problem facing American consumers and businesses. In 2021, the Industry Traceback Group reported that 65% of the voice service providers identified as transmitting illegal robocalls were either foreign-based or gateway providers. Facing this reality, the FCC and Congress have made the fight against foreign-originated scam calls a priority.
Gateway providers serve as a critical choke-point for reducing the number of illegal robocalls received by American consumers. The new rules require gateway providers to participate in robocall mitigation, including blocking efforts, take responsibility for illegal robocall campaigns on their networks, cooperate with FCC enforcement efforts, and quickly respond to efforts to trace illegal robocalls to their source. With this Report and Order, non-compliance by a gateway provider may result in that provider being removed from the Robocall Mitigation Database and subject to mandatory blocking by other network participants, essentially ending its ability to operate.
The FCC will also seek further public comment on expanding robocall mitigation requirements to all U.S.-based intermediate providers, not just gateway providers. The FCC will review this record in order to determine how, if, and when anti-robocall and spoofing rules will be applied to intermediate providers, some of the few remaining participants in the voice service ecosystem to not yet fall under requirements to file a certification and mitigation plan in the Robocall Mitigation Database.
The new rules will complement other FCC efforts to close down avenues for robocallers. The FCC has already moved up to June 30, 2022 the sunset of the exception afforded to certain small carriers for implementing STIR/SHAKEN. In addition, the FCC’s Enforcement Bureau has demanded that providers cease and desist from carrying illegal robocall traffic. For more information about FCC efforts to combat illegal spoofing, robocalls, and robotexts, visit: www.fcc.gov/spoofed-robocalls. Also, consumer resources are available at: www.fcc.gov/robocalls.
Action by the Commission May 19, 2022 by Report and Order, Order on Reconsideration, and Further Notice of Proposed Rulemaking (FCC 22-37). Chairwoman Rosenworcel, Commissioners Carr, Starks, and Simington approving. Chairwoman Rosenworcel and Commissioner Starks issuing separate statements.
CG Docket No. 17-59; WC Docket No. 17-97
May 23, 2022 -- In its sixth order to the TRACE ACT, the FCC Commission issued an “Order on Reconsideration” last week to close a loophole in a previous rule. The rule involved refusing calls from providers not listed in the RMD.
The initial rule said domestic providers could only accept traffic carrying U.S. calling numbers that was received directly from voice service providers, including foreign voice service providers, listed in the RMD.
In the TRACED Act and ensuing FCC rules, a voice service provider is defined as an entity that provides service to an end user. An intermediate provider is not a voice service provider.
Because gateway providers almost never receive calls directly from a foreign voice service provider, this rule was useless.
The Order on Reconsideration fixes it. The revised rule says that domestic providers may only accept calls from foreign originating or intermediate providers that are listed in the RMD.
The full text of the FCC report and order is available online. The document file includes several related items, including a Further Notice of Proposed Rulemaking for potential future rules.
On May 20, 2022, the Federal Communications Commission (“FCC” or “Commission”) released a Sixth Report & Order and Seventh Further Notice of Proposed Rulemaking (“R&O” and “FNPRM”), imposing additional regulatory requirements on the gateway providers that are the point of entry for foreign-originated illegal robocalls into the United States, and soliciting comments on, among other things, whether its robocall mitigation rules should be extended to carriers that are now exempt.
The FCC defines a gateway provider as a “U.S.-based intermediate provider [those that have facilities located in the U.S., including a point-of-presence] that receives a call directly from a foreign originating provider or foreign intermediate provider at its U.S.-based facilities before transmitting the call downstream to another U.S.-based provider.” A gateway provider is required to follow the new rules only for calls in which it performs the functions of same, and does not include affiliates of U.S.-based carriers that receive traffic in another country and transmit that traffic to another provider to bring across the boundary of the U.S. network. The scope of the requirement is limited to calls that are carrying a U.S. number in the caller ID field.
Gateway providers must submit a certification and mitigation plan to the FCC’s Robocall Mitigation Database (“RMD”), describing their robocall mitigation practices and state that they are adhering to them. The deadline is 30 days after publication in the Federal Register of notice of approval by Office of Management and Budget (“OMB”). The FCC’s Wireline Competition Bureau will release a follow-up public notice with more information on the deadline and related information. The information that must be included is generally the same that voice service providers (“VSPs”) were required to submit in their robocall mitigation plans, with some minor variations:
Downstream providers will be prohibited from accepting any traffic from a gateway provider not listed in the RMD. The deadline for compliance is 90 days following the deadline for gateway providers to submit a certification to the RMD. Downstream providers are required to block calls if they have a reasonable basis to believe that the upstream provider acts, for some calls, as a VSP or gateway provider and that the provider is not listed in the RMD. Downstream carriers are prohibited from blocking 911 calls and avoid blocking calls from PSAPs and government outbound emergency numbers, regardless of whether the upstream carrier is listed in the RMD.
Gateway providers must block, rather than simply effectively mitigate, illegal traffic when notified of such traffic by the Commission, and providers immediately downstream from the gateway provider must block all traffic from an identified gateway provider that has failed to meet its blocking obligation upon FCC notification. The FCC’s Enforcement Bureau will send the applicable carrier a Notice of Suspected Illegal Traffic and will provide the carrier with time to investigate and act on the Notice. If the carrier fails to respond or provide the requested information, the Enforcement Bureau will instruct downstream carriers to block all traffic from the identified carrier. The compliance deadline for gateway and downstream providers to block upon Commission notification is 60 days after publication of the R&O in the Federal Register.
In addition to certifying and submitting mitigation plans in the RMD, gateway providers must implement STIR/SHAKEN to authenticate SIP calls that are carrying a U.S. number in the caller ID field. The deadline for compliance is June 20, 2023. In order to comply with this requirement, gateway provider must authenticate caller ID information for all SIP calls it receives for which the caller ID information has not been authenticated and which it will exchange with another provider as a SIP call. A gateway provider can satisfy its authentication requirement if it adheres to the three ATIS standards that are the foundation of STIR/SHAKEN—ATIS-1000074, ATIS-1000080, and ATIS-1000084—and all documents referenced therein.
Gateway providers must fully respond to traceback requests from the FCC, law enforcement, and the Industry Traceback Group within 24 hours of receiving same. The compliance deadline is 30 days after publication in the Federal Register of notice of approval by OMB.
The FCC requires gateway providers to take “reasonable and effective steps” to ensure that the immediate upstream foreign provider is not using the gateway provider to carry or process a high volume of illegal traffic onto the U.S. network. The FCC adopts a flexible approach; gateway providers can determine the exact measures they choose to take, including whether to adopt contractual provisions with their upstream providers to meet this obligation. The compliance deadline is180 days after publication of the R&O in the Federal Register.
In the FNPRM, the FCC solicits comments on extending robocall mitigation duties on carriers that are now exempt, and related matters. Specifically, the FCC seeks comments on:
The rule defines the gateway provider as a U.S.-based provider that receive a call directly from a foreign provider. The foreign provider can be any intermediate or originating provider.
If you’re a U.S.-based provider and you receive a call with a U.S.-NANP calling number from a foreign provider, then you are subject to these rules. (Note: a foreign affiliate of a U.S.-based provider is not a foreign provider under this definition.)
New rules
1. Register in the Robocall Mitigation Database (RMD). 30 days after publication in the Federal Register.
2. Implementation of Stir/Shaken and authenticate unsigned calls with a U.S. call number. June 20, 2023.
3. Implement a Robocall Mitigation Program, including:
a. 24-hour traceback response
b. Mandatory blocking of illegal traffic when notified by the FCC and calls with calling numbers that appear on a reasonable Do-Not-Originate list.
c. Know your upstream provider – take reasonable and effective steps to ensure that the immediate upstream foreign provider is not using the gateway provider to carry illegal traffic.
d. Mitigate illegal robocalls – a ‘general mitigation standard’ that requires gateway providers to mitigate illegal robocalls regardless of whether they have fully implemented Stir/Shaken.
The rule defines the gateway provider as a U.S.-based provider that receive a call directly from a foreign provider. The foreign provider can be any intermediate or originating provider.
If you’re a U.S.-based provider and you receive a call with a U.S.-NANP calling number from a foreign provider, then you are subject to these rules. (Note: a foreign affiliate of a U.S.-based provider is not a foreign provider under this definition.)
New rules
1. Register in the Robocall Mitigation Database (RMD). 30 days after publication in the Federal Register.
2. Implementation of Stir/Shaken and authenticate unsigned calls with a U.S. call number. June 20, 2023.
3. Implement a Robocall Mitigation Program, including:
a. 24-hour traceback response
b. Mandatory blocking of illegal traffic when notified by the FCC and calls with calling numbers that appear on a reasonable Do-Not-Originate list.
c. Know your upstream provider – take reasonable and effective steps to ensure that the immediate upstream foreign provider is not using the gateway provider to carry illegal traffic.
d. Mitigate illegal robocalls – a ‘general mitigation standard’ that requires gateway providers to mitigate illegal robocalls regardless of whether they have fully implemented Stir/Shaken.
On May 20, 2022, the Federal Communications Commission (“FCC” or “Commission”) released a Sixth Report & Order and Seventh Further Notice of Proposed Rulemaking (“R&O” and “FNPRM”), imposing additional regulatory requirements on the gateway providers that are the point of entry for foreign-originated illegal robocalls into the United States, and soliciting comments on, among other things, whether its robocall mitigation rules should be extended to carriers that are now exempt.
The FCC defines a gateway provider as a “U.S.-based intermediate provider [those that have facilities located in the U.S., including a point-of-presence] that receives a call directly from a foreign originating provider or foreign intermediate provider at its U.S.-based facilities before transmitting the call downstream to another U.S.-based provider.” A gateway provider is required to follow the new rules only for calls in which it performs the functions of same, and does not include affiliates of U.S.-based carriers that receive traffic in another country and transmit that traffic to another provider to bring across the boundary of the U.S. network. The scope of the requirement is limited to calls that are carrying a U.S. number in the caller ID field.
Gateway providers must submit a certification and mitigation plan to the FCC’s Robocall Mitigation Database (“RMD”), describing their robocall mitigation practices and state that they are adhering to them. The deadline is 30 days after publication in the Federal Register of notice of approval by Office of Management and Budget (“OMB”). The FCC’s Wireline Competition Bureau will release a follow-up public notice with more information on the deadline and related information. The information that must be included is generally the same that voice service providers (“VSPs”) were required to submit in their robocall mitigation plans, with some minor variations:
Downstream providers will be prohibited from accepting any traffic from a gateway provider not listed in the RMD. The deadline for compliance is 90 days following the deadline for gateway providers to submit a certification to the RMD. Downstream providers are required to block calls if they have a reasonable basis to believe that the upstream provider acts, for some calls, as a VSP or gateway provider and that the provider is not listed in the RMD. Downstream carriers are prohibited from blocking 911 calls and avoid blocking calls from PSAPs and government outbound emergency numbers, regardless of whether the upstream carrier is listed in the RMD.
Gateway providers must block, rather than simply effectively mitigate, illegal traffic when notified of such traffic by the Commission, and providers immediately downstream from the gateway provider must block all traffic from an identified gateway provider that has failed to meet its blocking obligation upon FCC notification. The FCC’s Enforcement Bureau will send the applicable carrier a Notice of Suspected Illegal Traffic and will provide the carrier with time to investigate and act on the Notice. If the carrier fails to respond or provide the requested information, the Enforcement Bureau will instruct downstream carriers to block all traffic from the identified carrier. The compliance deadline for gateway and downstream providers to block upon Commission notification is 60 days after publication of the R&O in the Federal Register.
In addition to certifying and submitting mitigation plans in the RMD, gateway providers must implement STIR/SHAKEN to authenticate SIP calls that are carrying a U.S. number in the caller ID field. The deadline for compliance is June 20, 2023. In order to comply with this requirement, gateway provider must authenticate caller ID information for all SIP calls it receives for which the caller ID information has not been authenticated and which it will exchange with another provider as a SIP call. A gateway provider can satisfy its authentication requirement if it adheres to the three ATIS standards that are the foundation of STIR/SHAKEN—ATIS-1000074, ATIS-1000080, and ATIS-1000084—and all documents referenced therein.
Gateway providers must fully respond to traceback requests from the FCC, law enforcement, and the Industry Traceback Group within 24 hours of receiving same. The compliance deadline is 30 days after publication in the Federal Register of notice of approval by OMB.
The FCC requires gateway providers to take “reasonable and effective steps” to ensure that the immediate upstream foreign provider is not using the gateway provider to carry or process a high volume of illegal traffic onto the U.S. network. The FCC adopts a flexible approach; gateway providers can determine the exact measures they choose to take, including whether to adopt contractual provisions with their upstream providers to meet this obligation. The compliance deadline is180 days after publication of the R&O in the Federal Register.
In the FNPRM, the FCC solicits comments on extending robocall mitigation duties on carriers that are now exempt, and related matters. Specifically, the FCC seeks comments on:
Ronald E. Quirk Marashlian & Donahue, PLLC
JUNE 30 DEADLINE
▪ Non-Facilities-Based VSPs (NFVSPs) must be fully STIR/SHAKEN compliant by June 30, 2022. ▪ A NFVSP is a small VSP that offers voice service to end-users solely using connections that are not sold by the provider or its affiliate. In other words, if a VSP’s upstream carrier(s) is not affiliated with the VSP, it must implement STIR/SHAKEN in the IP portion of its network by June 30, 2022. ▪ There are several steps that must be followed to become fully STIR/SHAKEN compliant.
BUT FIRST, A BRIEF HISTORY OF ROBOCALL MITIGATION
In 2019 Congress passed the TRACED Act, requiring the FCC to promulgate rules to ensure that voice service providers (VSPs) implement STIR/SHAKEN in the IP portions of their networks to prevent illegal robocalls.
▪ STIR/SHAKEN requires VSPs to verify that the caller ID information transmitted with a particular call matches the caller’s number, monitor traffic patterns, trace calls back to their sources, and block illegal robocalls before they reach the called party.
▪ In 2020, the FCC mandated STIR/SHAKEN rules, requiring full compliance by June 30, 2021. The Commission later granted a two-year extension for small VSPs (those with 100,000 or fewer subscriber lines) as long as those VSPs filed robocall mitigation plans by the original deadline. ▪ In December 2021, the FCC shortened the full STIR/SHAKEN deadline for a certain class of small VSPs to June 30, 2022.
STEP ONE
Obtain an OCN ▪ Operating company number (OCNs) are distributed by the National Exchange Carrier Association (NECA). NECA has an application process that requires the applicant to list administrative information, pick the applicable service class (most VSPs will choose the IPES category), and provide the following materials for an IPES OCN:
▪ Articles of Incorporation (with state seal)
▪ Interconnection agreement with upstream provider
▪ Proof of customers (typically a sample invoice)
▪ NECA may request additional information
▪ Fees are $475 for 10-day service or $600 for 3-day service.
STEP TWO
Step Two: Register with the STI-PA ▪ After receiving the OCN, the next step is to register with the Secure Telephone Identity Policy Administrator (STI-PA), iconectiv, to become an authorized carrier and receive a service provider code (SPC) token. Iconectiv requires the following information:
▪ OCN;
▪ current FCC Form 499A; and
▪ Billing contact
▪ When the first portion of the application is submitted, iconectiv will send an email to the billing contact, requesting authorization and additional information. Most of the questions pertain to simple administration issues, but there are some arcane questions such as:
▪ The desired token expiry date. The minimum value is one day and the maximum is two years. Most VSPs choose two years, but others choose much shorter periods for security purposes (i.e., a rogue employee could use a VSP’s two year token for his/her own purposes; but, since tokens automatically renew, that employee could not misappropriate a one day token).
▪ Whether the VSP is working with an STI-PA approved software vendor and that vendor’s IP address for whitelisting purposes.
STEP THREE
Step Three: Obtain a Token ▪ Most VSPs will choose to work with an approved software provider to upgrade their software platforms to make them fully STIR/SHAKEN and act as a certification authority (“CA”). The eight approved software providers are: TransNexus, Neustar, Metaswitch, NetNumber, Sansay, Ribbon, GBDSTech, and Peering Hub.
▪ Any of these CAs will complete the process of obtaining a token from iconectiv. The CAs typically charge $450 - $500 per month for their services, but for “atypical” software systems, the fees could be more.
▪ If a VSP chooses to obtain a token on its own, it will need to run tests with iconectiv, upgrade its own software, and finish the STI-PA application process. Iconectiv has published Guidelines as a reference for VSPs to complete the token process
STEP FOUR AND FIVE
Steps Four & Five: Obtain a Certificate & Confirm STIR/SHAKEN Compliance
▪ To get a certificate, VSPs need to submit a certificate signing request “(CSR”) and send it with their token to the CA. If the application is approved, the CA issues a STIR/SHAKEN certificate to the VSP.
▪ Even if a VSP chooses to upgrade its software and obtain a token on its own, it will still need to work with one of the eight approved CAs to obtain a certificate
▪ Once a certificate is issued, the VSP will be fully STIR/SHAKEN compliant.
▪ The final step is for a VSP to sign into the FCC’s Robocall Mitigation Database and upgrade its status to “Full STIR/SHAKEN Compliant.”
▪ When these steps are completed, the requirements for the June 30 deadline will be met.
▪ If a VSP cannot meet the deadline, it must file a request for extension of time with the FCC before June 30. In order for such a request to be granted, the VSP must prove that circumstances beyond its control requires an extension. The FCC will not grant extension for other reasons.
FCC COMPLIANCE RULES
▪ Once a VSP has implemented STIR/SHAKEN into the IP portion of its network, the network should authenticate and/or verify caller ID information, which is the crux of the FCC’s robocall mitigation rules. The rules are found at 47 C.F.R. §§ 64.6300 – 64.6308.
▪ Two specific requirements are important to remember:
▪ All VSPs must respond in a timely manner to traceback requests by the Industry Traceback Group (ITG). ITG has published a Policies and Procedures Manual, which should be read by all VSPs.
▪ VSPs are not permitted to recover STIR/SHAKEN expenses from consumer or small business customers.
▪ A small business has no more than 1,500 employees and less than $38.5 million in average annual revenue.
CONSEQUENCES OF NONCOMPLIANCE
▪ The FCC will impose very severe sanctions on VSPs that are not STIR/SHAKEN by the June 30 deadline.
▪ The FCC has authorized other network operators to block calls from noncompliant VSPs.
▪ The Commission has imposed massive fines against entities that have engaged in illegal spoofing and robocalling: $225 million fine against Texas based health insurance telemarketers for making illegally spoofed robocalls; $120 million fine for illegal “neighbor” spoofing by a Florida-based time-share marketing operation; an $82 million fine against a North Carolina-based health insurance telemarketer, and a $37.5 million fine of an Arizona marketer which made millions of spoofed calls that appear to come from consumers. While those sanctions were imposed against the robocallers themselves, the FCC could impose similar fines against non-compliant VSPs for facilitating illegal robocalling.
OTHER AREAS OF ROBOCALL ENFORCEMENT
▪ The FCC is not the only entity that enforces laws and regulations against illegal robocalls and VSPs who violate them. The states, Federal Trade Commission, and private companies are also actively involved.
INDIAN PHONE USERS may not have to wonder who that “unknown” caller is for too much longer. Regulatory changes being considered might help them avoid that pesky telemarketer and the annoying call from a bank customer care executive trying to sell insurance.
In an attempt to combat the plague of spam calls, India’s telecom regulator is in the process of drafting a consultation paper supporting a mechanism that would allow phones to display the name of a caller even if the number is not saved on that person's phone. This name will be sourced from the Know Your Customer (KYC) data that telecom operators are required to collect from users before providing them with a SIM card.
“We are in the process of preparing a consultation paper,” Syed Tausif Abbas, an advisor to Telecom Regulatory Authority of India, tells WIRED. “It will take maybe one month at least. Once the paper is [ready], it will be in public domain for the comments of stakeholders.”
India has witnessed a sharp rise in spam calls over the past year. According to a report by Swedish company Truecaller—which counts India as its biggest market—the country was the fourth-highest spammed of the 20 it surveyed in 2021, climbing from ninth-highest the year before. Over 200 million calls came from just one spammer between January and October 2021, according to the company. Even though the majority of the calls were spam, over 1 percent of them were scams in which the callers pretended to be from a bank or a financial technology startup and asked customers for their personal details. Over the past few years, Indians have had to deal with a barrage of fraudulent calls that have caused some to lose money.
While Truecaller—and similar apps—can help identify the caller’s identity in some cases, the information may not be accurate, as it is crowdsourced rather than based on official data. And while India’s attempt to fight spam and scam callers on a larger scale may help make citizens more aware of who’s calling them, some policy experts say the effort will be futile and raises questions of privacy.
Pranesh Prakash, policy director of the Center for Internet and Society, says knowing who a number is connected to and being able to dodge spam or scam calls would in some ways be helpful. “It might be good for people to know they are talking to so and so, or the cell phone is registered under so and so’s name, [especially] if they have been subject to fraud or something like that. So it might actually be useful from that perspective,” says Prakash. But he’s not entirely sold on the idea.
His biggest concern about this proposal is the sharing of KYC data with the government in the absence of a comprehensive data protection law in India. “There’s an anemic provision of the IT [Information Technology] Act, which acts as a data protection provision, so what the government does with the data that you have entrusted to it isn’t actually governed by a law,” says Prakash. That said, the data privacy draft law is expected to be discussed in the Indian Parliament soon, and if passed it could provide a layer of protection for user data.
But there are other concerns. Shalini Sivasubramanian, a senior researcher with the Centre for Policy Research, questions the overall utility of the plan: If the intention is just to let people know who is calling, it does not address the underlying problem of spam. “What purpose is it serving if it just notifies the caller that this person is calling,” she says. “It’s not fully solving the problems of spam calling.”
Sivasubramanian points to the US’s Truth in Caller ID Act, which President Barack Obama signed into law in 2010, as an approach India could draw on. This legislation outlaws ID spoofing and prosecutes robocallers, and it also has an authentication function to automatically identify robocalls. “The US has protocols on how to authenticate calls which filter out the robocalls, and [then] they have prosecution for that,” says Sivasubramanian. “Here [in India], by just displaying caller ID, yes I will know the number, but will it cause any less frustration just because I can see a name associated with that spam call? I don’t think so.”
The Federal Communications Commission announced the proposed universal service contribution factor for the third quarter of 2022 will be 33%, a whopping ~10% increase from the prior quarter.
JUNE 13, 2022 - Stronger robocall mitigation requirements have been proposed before the FCC. These proposals would create stronger financial incentives for robocall mitigation along the call path. Let’s have a look.
Summary of proposed rules
These rules were proposed by the National Consumer Law Center in a meeting with FCC staff and in the notice of ex parte presentation that followed. Here’s a summarized list of the proposed rules:
The NCLC proposals follow a series of similar suggestions to strengthen robocall mitigation rules. Here are a few examples:
The NCLC proposal seems stronger than these previous proposals:
WC Docket No. 17-97
This Public Notice reminds non-facilities-based small voice service providers that they must implement the STIR/SHAKEN caller ID authentication framework in their Internet Protocol networks no later than June 30, 2022.
In March 2020, the Commission adopted rules pursuant to the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, requiring voice service providers to implement STIR/SHAKEN caller ID authentication technology in the Internet Protocol portions of their networks by June 30, 2021.
In September 2020, the Commission granted extensions for compliance with this deadline to certain classes of providers, including a two-year extension for small voice service providers (100,000 or fewer voice access lines), and required providers with an extension to implement robocall mitigation programs. Based on “overwhelming record support and available evidence showing that non-facilities-based small voice service providers are originating a large and disproportionate amount of robocalls,” the Commission subsequently shortened the extension for this subset of small voice service providers by one year, thus requiring them to implement STIR/SHAKEN in the IP portions of their
networks by June 30, 2022.
These affected providers were also required to update the robocall mitigation database within 10 business days of the effective date of the Small Provider Order to indicate they are no longer subject to a two-year extension and must implement STIR/SHAKEN by June 30, 2022 in the IP portions of their networks.
Moreover, as with other voice service providers, these providers must also update their certifications and associated filings in the Robocall Mitigation Database within 10 business days of completion of STIR/SHAKEN implementation.
Those non-facilities-based small voice service providers that fail to implement the authentication framework by June 30, 2022 may be subject to appropriate enforcement action.
Contact Information. For further information, please contact Jonathan Lechter, Wireline Competition Bureau, Competition Policy Division, at (202) 418-0984 or by email at Jonathan.Lechter@fcc.gov.
By Ryan Tracy – Wall Street Journal
May 19, 2022
WASHINGTON—U.S. phone companies that connect robocalls from overseas would have to block calls when ordered to do so under new rules adopted Thursday by the Federal Communications Commission, in the latest government effort to end a deluge of illegal calls.
For years, government and industry officials have known that a small group of relatively obscure telecom providers act as a conduit for millions of scam calls that annoy—and sometimes defraud—Americans. These companies, known as gateway providers, transfer calls that originate overseas onto the U.S. telephone network.
The new FCC rules require that these companies register with the agency and adopt a robocall mitigation program, including monitoring for illegal calls and blocking other phone companies that have been flagged by authorities as transmitting potentially illegal calls. Eventually, if they don’t act to curb illegal calls, they could be blacklisted by the FCC and cut off from the telephone network.
“We need to cut these calls off before they reach our shores, our homes and our phones,” FCC Chairwoman Jessica Rosenworcel said Thursday.
________________________________________
Telecom industry groups generally support the FCC’s anti-robocall initiative and have urged the agency to consider rules similar to the ones adopted Thursday.
The federal government’s efforts to target gateway providers have been under way since at least 2019, following the creation of an industry group that traces illegal calls. Call traces are necessary because the modern telephone system consists not just of giants such as AT&T Inc., but also of a web of small, internet-based providers, some of whom specialize in routing calls in bulk. A phone call can bounce between eight companies or more before reaching its destination.
Call-tracing data from the trade association USTelecom’s Industry Traceback Group revealed that small U.S. providers were significant conduits for illegal calls.
Based in part on that data, the FCC has begun publicly identifying some of the companies as sources of robocalls and demanding they stop or face sanctions. The Federal Trade Commission, Justice Department and state attorneys general have brought cases against telecom providers for facilitating robocalls.
Yet robocalls persist. YouMail Inc., which tracks robocalls through a smartphone app, estimates nearly four billion were placed in April.
Many robocalls come into the U.S. from overseas, bearing a U.S. number in the Caller ID field. That kind of call can have a legitimate use, such as when a company’s foreign-based customer-service representative wants to contact a U.S. customer. But such calls are an attractive way for scammers to pose as legitimate.
The FCC is trying to construct a regulatory regime that it can use to cut off providers repeatedly identified as conduits of illegal calls. The rules, adopted Thursday in a bipartisan and unanimous FCC vote, impose a series of new obligations on phone companies involved in bringing foreign-originating calls onto the U.S. network.
Central to the regime is a requirement that these companies register with the FCC and take steps to stop illegal calls—whether the companies are based in the U.S. or not. If the agency decides a company isn’t doing enough to mitigate the problem, it can direct other providers not to take the companies’ call traffic.
“That’s a significant mechanism that the FCC could leverage,” said Kevin Rupy, a telecommunications lawyer at Wiley Rein LLP. Such an FCC action, he said, would effectively mean “you’re out of the voice business.”
One aspect of the regulation caused a stir. Last year the trade group CTIA, whose members include Verizon Communications Inc., AT&T, and T-Mobile US Inc., asked the FCC to delay the rules for foreign-based telecom providers, saying the rules could cut off legitimate calls from Americans traveling abroad. The FCC rejected the CTIA petition Thursday, calling the concerns overstated. CTIA declined to comment.
The new rules governing overseas calling will take effect in the coming months, and the FCC is considering further proposals to close what it called potential loopholes.
PHOENIX (3TV/CBS 5) — July 4, 2022 -- If you get a phone call from someone claiming to be collecting “jury service fines,” hang up — it’s a scam. The Superior Court in Maricopa County recently learned of calls involving scammers threatening Valley residents with arrest and possible jail time if they don’t pay the fake fees for supposedly skipping jury service.
The scam is sophisticated, but the public must know that the Court does not fine people by phone for not appearing for jury duty,” Jury Administrator Matthew Martin explained. “The court issues failure to appear notices and potential jurors are asked to reschedule jury service for a later date.”
It might be sophisticated in some ways, but the big red flag is how the scammers demand payment: with prepaid debit or gift cards. They’ll tell you to buy cards, scratch off the back to reveal the account numbers and to read that info over the phone. Once scammers drain the funds, they’ll have you mail the now-empty cards to the real Superior Court. That’s how court officials learned of the scam
“The Jury Office started receiving envelopes in the mail with prepaid cards from community members as proof they had paid their fines by phone,” Martin said. The court was sent 13 cards valued at about $6,300.
If you get a call about missing jury service or others where similar payment demands are made, court officials say to write down the phone number and call your local police department. Don’t pay them, or give any personal information.
Verify if you really do have jury service by calling (602) 506-5879. You can also respond to an official jury summons here.
So we’re still getting those annoying (and illegal) robocall spam phone calls. Where are these calls still coming from? Will they ever stop?
Well, despite the ongoing robocall mitigation efforts to stop and prevent illegal calls from transmitting across the voice network, the Industry Traceback Group has reported that in 2021, 65% of the voice service providers (VSPs) identified as “transmitting illegal robocalls that were either foreign-based or gateway providers,” meaning the robocall traffic you’re still getting could be originating from outside the United States.
“Robocall scams are an international problem. People all over the world can be victims of these bad faith campaigns to defraud and trick consumers. And we know that many of these calls cross international borders before entering domestic phone networks”
— FCC Chairwoman Jessica Rosenworcal on signing the latest robocall cooperation agreement with the CRTC in Canada.
With the first implementation waves of STIR/SHAKEN targeting larger domestic VSPs, the FCC now has its sights set on the intermediate, or gateway providers. They act as on-ramps for international voice traffic that could potentially be entry points for illegal voice traffic to enter the US voice network. But will these new efforts actually stop and prevent the illegal traffic that is being targeted or will this simply shift the traffic around?
To clarify previous confusion, the FCC put out an official definition of what constitutes a Gateway Provider and therefore subject to the new rules approved last month:
A gateway provider is a US-based provider that receives a call directly from a foreign provider, whether it is an intermediate or an originating provider. Any US-based provider receiving a call with US North American Numbering Plan (NANP) calling from a foreign provider is subject to the new rules approved by the FCC.
The approved Report and Order4 will require gateway providers to take a much more active role in combatting foreign-originated robocalls by participating in the following:
Gateway providers who are found to be non-compliant with these new rules may be removed from the RMD and could be subject to mandatory call blocking which would render them unable to operate or pass traffic on their networks.
On the surface, it seems that this is a positive step towards ending illegal robocalls, but what do gateway providers actually think about it? We spoke to several providers and the consensus seems to be that gateways feel wary of the new regulations and now have added amount of pressure after already following basic robocall mitigation practices anyway. In other words, they’ve been put in the hot seat and they may struggle to keep up with the demands being placed on them.
Gateway providers are now being seen in a negative light as the source of these ongoing illegal robocalls and are being pinned as the latest ‘culprit’ by the FCC. Most small carriers, including gateways, have already been doing everything they can to ensure they’re interacting with legitimate companies, including Know Your Customer practices, implementing analytics, reputation monitoring, and customer vetting in order to avoid bad traffic on their networks, but are voicing that the responsibility to vet has become so great that it almost seems an impossible financial task to live up to.
Regulations drafted with larger carriers in mind can potentially negatively impact smaller VoIP businesses with fewer resources and whose margins are already thin and are now being hindered from taking on new customers due to the scrutiny it takes to vet potential new customers. Gateway providers have not been given a safe harbor even when most already do what they can to remain compliant. The volume of traceback requests hasn’t declined and many feel they are being made an example of in order to prove that the FCC is successfully tackling the illegal robocall issue.
The FCC is seeking further public comment on a number of steps they seek to take in order to continue their efforts against illegal robocalls and growing robocall mitigation requirements. Some of these comments include questions on anti-robocall and spoofing efforts, expanding STIR/SHAKEN requirements for a broader range of providers such as intermediates with a 6-month implementation deadline, placing limits on the use of US NANP numbers for foreign-originated calls, expanding the FCC’s enforcement rules, and more.
“The FNPRM considers a broad range of proposed rules, including expanding the gateway provider rules to include all intermediate providers. Among other things, the proposed rules would require all intermediate providers to authenticate caller ID information using STIR/SHAKEN, and the FNPRM seeks comment on a six-month implementation deadline.”
— Kevin Rupy, Partner at Wiley Law
NEWARK, N.J. – Two Indian nationals admitted to conspiracy to commit wire fraud by accepting illegally obtained $1.2 million in wire transfers from victims across the country, U.S. Attorney Philip R. Sellinger announced.
Arushobike Mitra, 27, and Garbita Mitra, 24, pleaded guilty before U.S. District Judge Esther Salas in Newark federal court to an information charging them each with one count of conspiracy to commit wire fraud.
According to documents filed in this case and statements made in court:
As part of an international fraud scheme, criminal India-based call centers utilized automated robocalls to victims across the country with the intent of defrauding U.S. residents, particularly the elderly. After establishing contact with victims through these automated calls, other members of the conspiracy would coerce or trick the victims into sending large sums of cash through physical shipments or wire transfers to other members of the conspiracy, including the Mitras.
These conspirators used a variety of schemes to convince victims to send money, including impersonating government officials from agencies such as the Social Security Administration, or impersonating law enforcement officers from the FBI or DEA, and threatened victims with severe legal or financial consequences if they did not comply.
Another method utilized by the callers involved convincing the victim they were speaking with someone from a tech support company and coercing the victim into granting the caller remote access to their personal computers. The caller would then access the victim’s bank accounts and make it appear to the victim that the caller had inadvertently added money to the victim’s bank account, when in fact the caller had simply transferred money from another one of the victim’s own accounts. The caller would then instruct the victim to “return” the money by way of mail or wire transfer to other members of the conspiracy, including the Mitras. Arushobike Mitra and Garbita Mitra are charged with receiving fraudulent transfers of cash from 48 victims across the country totaling more than $1.2 million.
The conspiracy to commit wire fraud charge carries a maximum penalty of 20 years in prison and a $250,000 fine of twice the amount of the loss, whichever is greater. Sentencing for both defendants is scheduled for Dec. 13, 2022.
by Eric Troutman
Forty-Five Percent.
July 1, 2022 -- That is absolute insanity.
I’m not sure I believe him–in fact, I tend not to because that number is so insanely high that it would mean the entire affiliate industry is rotten to the core–but he has definitely opened my eyes to the EXTREME level of fraud out there.
The lead gen industry has failed to self police. Period.
If Rich is right, over a billion robocalls a month are being made without consent. And this is why the regulators are looking at shutting it all down.
Here’s the eye opening, world changing webinar:
For those of you who wonder why I have to move forward with R.E.A.C.H. this is why.
I know a ton of people are upset that I am pushing for REAL change out there. Some folks have stopped talking to me. Others have tried to keep me off certain stages.
That’s fine.
You can hide from me all you want. Live in your echo chamber. Convince yourself it is all going to be ok.
But you can’t hide from the truth. And with fraud numbers in the range Rich is discussing–the status quo is unsustainable. REAL change is coming.
Plus, I am tired of the good actors getting creamed. When folks try to do things the right way they see others in the industry surpass them on various metrics. We need to level the playing field so that everyone has to do it right.
If DTC marketing is going to have a place in American commerce it has to be done right. The incentives are apparently just not there for the lead suppliers to self police–45% fraud rates confirm it. So the buyers have to do it. And that means R.E.A.C.H has to become a reality.
I gave it as long as I could.
July 7, 2022 - By the Acting Chief, Enforcement Bureau:
The Enforcement Bureau (Bureau) of the Federal Communications Commission (FCC or Commission) issues this Public Notice to notify all U.S.-based voice service providers about substantial amounts of apparently unlawful robocalls originating from a robocalling enterprise led by Roy Cox, Jr., Aaron Michael Jones, their individual associates, and associated entities (collectively, the Cox/Jones/Sumco Panama Operation).
Pursuant to section 64.1200(k)(4) of the Commission’s Rules, we hereby notify all U.S.-based voice service providers that they may block voice calls or cease to accept traffic from certain originating/intermediate providers listed in this Notice without liability under the Communications Act or the Commission’s rules.
Combatting Apparently Unlawful Robocall Traffic Originating From Cox/Jones/Sumco Panama Operation. Contemporaneous with this Notice, the Bureau is issuing a cease-and-desist letter to each of the following voice service providers (the Originating Providers):
· Call Pipe
· Fugle Telecom
· Geist Telecom
· Global Lynks
· Mobi Telecom
· SipKonnect
· South Dakota Telecom
· Virtual Telecom
These voice service providers have been identified in tracebacks conducted by USTelecom’s Industry Traceback Group (Traceback Consortium) as the originators of, or intermediate providers for, apparently unlawful robocall traffic originating from the Cox/Jones/Sumco Panama Operation.
Pursuant to the cease-and-desist letters, each Originating Provider must immediately investigate and effectively mitigate the traffic identified in its respective letter, notify the Bureau and the Traceback Consortium within 48 hours of the steps taken to mitigate the identified traffic, and inform the Bureau and the Traceback Consortium within 14 days of the steps taken to prevent customers from using the service provider’s network to transmit illegal robocalls. If any of the Originating Providers fails to comply with the requirements set forth in the letters, it may be removed from the Robocall Mitigation Database, obligating all other providers to cease carrying any traffic from that Originating Provider.
Purpose. Protecting individuals and entities from the dangers of unwanted and illegal robocalls is the Commission’s top consumer protection priority. As part of the Commission’s multiprong approach to combatting illegal robocalls, the Commission has taken steps to encourage voice service providers to block suspected illegal robocalls.7 Beginning in July 2020, the Commission permitted voice service providers to block traffic from other voice service providers that had been warned by the Commission that they were transmitting suspected illegal robocalls. The Bureau has issued several “cease-and-desist” letters, warning voice providers that they were transmitting suspected illegal robocalls and could be subject to blocking.
Nature of Apparently Unlawful Robocall Traffic. The Cox/Jones/Sumco Panama Operation appears to be responsible for making more than eight billion unlawful robocalls to consumers in the United States since at least 2018. The Bureau has evidence that these calls appear to violate the Telephone Consumer Protection Act of 1991, the Truth In Caller ID Act of 2009, and/or the Pallone-Thune Telephone Robocall.
Abuse Criminal Enforcement and Deterrence Act (TRACED Act) of 2019, collectively codified in section 227 of the Communications Act.
The robocalls include prerecorded advertising messages marketing vehicle service warranties. The messages encouraged call recipients to follow prompts to speak with a “warranty specialist” about extending or reinstating their car warranty. For example, some of the robocalls contained the following message:
We’ve been trying to reach you concerning your car’s extended warranty. You should have received something in the mail about your car’s extended warranty. Since we have not gotten a response, we are giving you a final courtesy call before we close out your file. Press 2 to be removed and put on our Do-Not-Call list. Press 1 to speak with someone about extending or reinstating your car's warranty. Again, press 1 to speak with a warranty specialist. (Pause) Or call our 800 number at 833-304-1447.
In contravention of an agreement by Cox not to engage in telemarketing activities, recent tracebacks show that the Cox/Jones/Sumco Panama Operation is still generating millions of apparently unlawful calls to consumers on a daily basis.
Follow-Up Order. In the event that any of the Originating Providers fail to comply with the requirements laid out in the relevant cease-and-desist letter, the Bureau will issue a follow-up Order to all U.S.-based voice service providers notifying them of this fact.
In the event that a follow-up Order is issued by the Bureau in this matter, pursuant to section 64.1200(n)(2) of the Commission’s Rules, all U.S.-based voice service providers shall be required to “[t]ake steps to effectively mitigate illegal traffic,” including investigating and taking steps—up to and including blocking, if necessary—to prevent the source of the illegal traffic from continuing to originate such traffic.
Contact Information. For further information, please contact Kristi Thompson, Division Chief, Enforcement Bureau, Telecommunications Consumers Division, at 202-418-1318 or by email at Kristi.Thompson@fcc.gov; Lisa Zaina, Asst. Chief, Enforcement Bureau, Telecommunications Consumers Division, at 202-418-2803 or by email at Lisa.Zaina@fcc.gov; or Daniel Stepanicich,
Who is Cox/Jones/Sumco Panama Operation?
The Cox/Jones/Sumco Panama Operation includes the following individuals: Roy Melvin Cox Jr., resident of Tustin, California; Aaron Michael Jones, resident of Orange County, California; Scott Presta, resident of Lakeway, Texas; Kathleen Presta, resident of Lakeway, Texas; Stacey Yim, resident of La Crescenta, California; Jovita Migdaris Cedeno Luna, resident of San Francisco, Panama; Livia Szuromi, resident of Budapest, Hungary; Maria Alejandra Gonzalez; Davinder Singh; Andrea Baloghne Horvath, resident of Budapest, Hungary; Adam Radimiri; June Batista, resident of Costa Mesa, California; and Julie K. Bridge
JULY 11, 2022 - Ohio Attorney General Dave Yost filed a lawsuit in federal court on July 7 against 22 defendants accused of sending billions of auto warranty robocalls. The FCC issued cease-and-desist letters to eight voice service providers for their involvement in carrying these robocalls.
The defendants in the Ohio lawsuit include Roy Cox, Jr., Aaron Michael Jones, Sumco Panama USA, Sumco Panama SA, several voice service providers and international associates. They are accused of violating the TCPA (Telephone Consumer Protection Act).
On June 28, Yost’s office sent warning letters to ten voice service providers to inform them about the “laws, regulations and enforcement actions that may bear upon their business activities.”
The FCC sent cease-and-desist letters to eight voice service providers identified through traceback as having carried these calls. These letters warn them to stop carrying suspicious traffic with in 48 hours and report the steps they take to the FCC. These providers include:
The Commission also issued a public notice authorizing all U.S.-based voice service providers to cease carrying any traffic from these providers.
Pursuant to section 64.1200(k)(4) of the Commission’s Rules, we hereby notify all U.S.-based voice service providers that they may block voice calls or cease to accept traffic from certain originating/intermediate providers listed in this Notice without liability under the Communications Act or the Commission’s rules.
Dave Yost
Ohio Attorney General
“Our lives are plagued by robocalls like a swarm of flies,” Yost said in a news release. “This particular operation prompted more than 1,600 unwanted-call complaints to my office. It’s time to get out the fly swatter.”
Jessica Rosenworcel
FCC Chairwoman
“Billions of auto warranty robocalls from a single calling campaign. Billions!” said FCC Chairwoman Jessica Rosenworcel. “Auto warranty scams are one of the top complaints we get from consumers and it’s time to hold those responsible for making these junk calls.
By PJ Ghaneian, the “Wizard” of TCPAWorld. July 14, 2022
Aaron Michael Jones A.K.A “Mike Jones” is one of the most awful men alive.
He has obtained vast riches by single-handedly polluting America’s phone network with billions of unwanted robocalls and destroyed an entire industry in the process. Virtually every American has received a call sent by his hand. In fact, he is probably the most notorious robodialer in history.
Yet for years I—and folks like me who try to do things the right way—have been watching him profit from his illegal conduct with impunity.
And it kind of sucks.
Mike Jones lives a lavish and luxurious lifestyle employing butlers, his own personal chef a fleet of exotic cars and is known to maintain gambling accounts at numerous Las Vegas Casinos.
All of us in the auto warranty game know the guy. He makes us all look terrible. While he fleeces Americans and bombards them with prerecorded calls, those of us trying to sell LEGITIMATE vehicle service contracts take the fall out. He is the bad apple that spoils the bunch. And he makes everyone else’s life harder as he takes—and spends lavishly— the cream profits.
Watching him has sometimes made me wonder whether I was doing it wrong. Whether I should give up compliant marketing and just start blasting away like he does. And if I’m thinking it, I know others are thinking it too.
That’s why I was so incredibly happy to read about Mike Jones FINALLY (perhaps) being brought down. And it isn’t the feds that are after him this time. It is the State of Ohio’s AG that has brought a huge new enforcement action against him and his ring of associates. See Complaint here: https://dockets.justia.com/docket/ohio/ohsdce/2:2022cv02700/270286.
Mike Jones has slipped through the fingers of regulator in the past, however. According to news reports—and I have first-hand confirmed information—he testified before the FTC back in 2015 and faced seemingly incredible pressure from the feds, before returning, unfazed, to his Spanish Colonial Mansion in a gated community near Laguna Beach California and continuing to do just what he was doing before.
In January 2017, The FTC sued him. Five months later, a federal judge banned him from telemarketing and hit him with a 2.7 million dollar fine.
Mike Jones just shrugged and kept going.
Mike Jones is one of those people who thinks he is simply above the law (IMO) often getting caught and simply just rolling over and moving on to do it all over again.
Backing up, Mike Jones has been facilitating robocalls since at least 2001 through a platform named “TelWeb” also known as the “TelServers.” Through his various holding companies and enterprises, he accessed and resold access to the “TelWeb” servers through multiple shell companies and foreign entities.
Back then Mike Jones was spread across multiple verticals, search engine optimization services, home security systems and lead generation for multiple other industries—not just auto warranties.
In 2019, however, Mike Jones began to focus heavily on the Auto Warranty industry—and that’s when he really started to make me angry. While I ran a humble shop making a relatively meager number of live calls a day to reach consumers who genuinely might be interested in the vehicle service contracts, I was selling, Mike just blasted away to millions (MILLIONS) of people a day. Complete strangers that would hear about (and come to think about) auto warranty products the same away they heard of IRS and Walmart gift card scams.
It was terrible for me. Hurt my business tremendously. In fact, it led to me mostly leaving the vertical to focus on other products.
Stated directly, Aaron Michael Jones has single handedly destroyed the Auto Warranty industry. Just How many billions of robocalls has he facilitated since 2001 is simply unknown, but I sincerely hope that the State of Ohio succeeds in shutting him down for good.
Keep in mind folks Ohio maybe leading the effort but multiple other state Attorney Generals are involved and, hopefully, this is just the beginning for guys like Mike. … With the TRACED act now in full effect it is important that would be ROBO KINGS that might take up Mike’s mantle see what happens to guys like him. He needs to be crushed. Perhaps jail time. Maybe when people see Mike Jones languishing behind bars—instead of high-rolling at Vegas pool parties—they will understand the importance of compliance and take the TCPA seriously the way I (and others) in the industry do.
There is a big difference between guys like Mike and companies that try to comply with the TCPA but perhaps fail due to the complexity of the law. Mike is a bad guy. And it is good to see the government going after a bad guy. I, for one, am HEAVILY rooting for them.
The Wizard will be personally keeping an eye on this one for you TCPAWorld. (And thanks to the Czar for letting me post on this news. It is pretty personal for me.)
Editor’s Note: The Wizard is awesome. The guy runs call centers and always tries to do things the right way. When this story came out he was so happy to see one of the true bad guys might actually face consequences that he asked to blog on TCPAWorld about it–of course I said yes.
Solix, the administrator for the Texas Universal Service Fund (TUSF), recently announced a massive increase to the TUSF contribution factor, which shall be raised from 3.3% to 24% effective August 1, 2022.
As a result of Order 50796, the ‘Remittance and Support Worksheet for TUSF Recipients (RMT1)’ and ‘Remittance Worksheet for Non-TUSF Recipients (RMT2)’ within the online reporting system will be updated to reflect the new applicable assessment rate of 24%. The new rate is set to take effect beginning with the August 2022 Revenue Period, opening August 26, 2022 (due September 25, 2022).
NOTE: According to Solix’s announcement, due to the increase in assessment rate, some companies that were used to receiving support from the TUSF after submitting the RMT1 may now have to owe into the fund instead.
BY Sean S. Kay, July 15, 2022.
To briefly recap, a bill called the Robotex Spam Prevention Act was introduced to Congress which, if passed, would expand the TCPA to cover text messages, remove the phrase “using a random or sequential number generator” from the ATDS definitions, and provide a safeharbor for recycled number calls but only for callers using the FCC’s wrong number database. I know it’s difficult to picture the potential impact of this bill, but leave your worries at the door – I’m a visual learner so naturally I’ve already redlined the proposed amendments for like-minded folks (see below). As always, if you have any questions about these proposed changes or just want to talk, please reach out. Until next time TCPA World!
Robotex Spam Prevention Act – Proposed Amendments to TCPA
(a) DEFINITIONS.—As used in this section—
(1) The term “automatic telephone dialing system” means equipment which has the capacity—
(A) to store or produce telephone numbers to be called using a random or sequential number generator or sent a text message; and
(B) to dial such numbers automatically dial or send a text message to such numbers.
(5) The term ‘text message’ has the meaning given such term in subsection (e)(8) (see definition below).
(b) RESTRICTIONS ON THE USE OF AUTOMATED TELEPHONE EQUIPMENT.—
(1) PROHIBITIONS.—It shall be unlawful for any person within the United States, or any person outside the United States if the recipient is within the United States—
(A) to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) any call or send any text message (other than a call made or text message sent for emergency purposes or with the prior express consent of the recipient of such call or text message) using any automatic telephone dialing system or an artificial or prerecorded voice—
(i) to any emergency telephone line (including any “911” line and any emergency line of a hospital, medical physician or service office, health care facility, poison control center, or fire protection or law enforcement agency);
(ii) to the telephone line of any guest room or patient room of a hospital, health care facility, elderly home, or similar establishment; or
(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call, unless such call is made solely to collect a debt owed to or guaranteed by the United States recipient of such call or text message is charged for receiving such call or text message;
(B) to initiate any telephone call to any residential telephone line using an artificial or prerecorded voice to deliver a message without the prior express consent of the called party, unless the call is initiated for emergency purposes, is made solely pursuant to the collection of a debt owed to or guaranteed by the United States, or is exempted by rule or order by the Commission under paragraph (2)(B).
(5) SAFE HARBOR FOR REASSIGNED NUMBERS. –
(A) IN GENERAL. – It shall not be a violation of the prohibition in paragraph (1)(A) for a person, using an automatic telephone dialing system or an artificial or prerecorded voice, to make a call or send a text message to a telephone number without the prior express consent of the subscriber assigned such telephone number if such person obtained express consent to make such a call or send such text message to such number from a subscriber assigned such number on the date on which such express consent was obtained.
(B) EXCEPTION. – Subparagraph (A) shall not apply unless the person making such call or sending such text, bearing the burden of proof, demonstrates that –
(i) prior to making such call, such person queried the database maintained by the Commission under subparagraph (C) to determine whether such number was permanently disconnected after the date on which prior express consent was obtained from a subscriber previously assigned such number, and received a response indicating such number was not permanently disconnected after such date; and
(ii) if such person had not received such response, such person would not have made such call or sent such text message to such number.
(C) REASSIGNED TELEPHONE NUMBER DATABASE. – The Commission shall maintain a database which persons may query for the purpose of determining whether a telephone number was permanently disconnected after the date on which prior express consent was obtained from a subscriber assigned such number.
(e)(8)(C) TEXT MESSAGE
The “term text message” —
(i) means any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user using resources from the North American Numbering Plan or any successor to the North American Numbering Plan adopted by the Commission under section 251(e)(1) of this title; and
(ii) includes transmissions from a telephone facsimile machine, computer, or other device to a telephone facsimile machine.
July 21, 2022 -- The FCC’s Enforcement Bureau announced today that voice service providers MUST take immediate steps to effectively mitigate suspected illegal robocall traffic made by or on behalf of the following:
1. Sumco Panama S.A.
2. Sumco Panana Inc.
3. Tech Direct LLC
4. Posting Express Inc.
5. 7 Sundays Inc.
6. Texas Outdoor Adventures Inc.
7. Roy Cox, Jr. of Tustin, California
8. Aaron Michael Jones of Orange County, California
9. Scott Presta of Lakeway, Texas
10. Stacey Yim of La Crescenta, California
11. Jovita Migdaris Cedeno Luna of San Francisco, Panama
12. Livia Szuromi of Budapest, Hungary
13. Maria Alejandra Gonzazel
14. Davinder Singh
15. Andrea Baloghne Horvath of Budapest, Hungary
16. Adam Radimiri
17. June Batista of Costa Mesa, California
18. Julie K. Bridge of Upland, California
On June 21, 2022, the Federal Communications Commission (“FCC” or “Commission”) issued an Order, directing all U.S.-based voice service providers (“VSPs”) to immediately investigate and stop carrying traffic from a known robocall scam marketing auto warranties made by or on behalf of the following: (1) Roy Cox, Jr.; (2) Aaron Michael Jones; (3) their individual associates; and (4) associated entities (collectively, the “Cox/Jones/Sumco Panama Operation”).
A VSP may satisfy this obligation if it terminates a customer relationship with the Cox/Jones/Sumco Panama Operation or blocks all traffic from the Cox/Jones/Sumco Panama Operation and from the following originating carriers: Mobi Telecom, Virtual Telecom, Fugle Telecom, Call Pipe, Geist Telecom, Global Lynks, South Dakota Telecom, and SipKonnect.
The robocall traffic at issue includes prerecorded messages marketing vehicle service warranties. The messages encourage call recipients to follow prompts to speak with a “warranty specialist” about extending or reinstating their car warranty.
In order to assist VSPs in identifying the subject robocall traffic, the FCC provides the following information about individuals and entities associated with the Cox/Jones/Sumco Panama Operation:
Individuals Companies
Roy Melvin Cox Jr., resident of Tustin, California
Sumco Panama S.A.
Aaron Michael Jones, resident of Orange County, California
Sumco Panama Inc.
Scott Presta, resident of Lakeway, Texas
Tech Direct LLC
Kathleen Presta, resident of Lakeway, Texas
Posting Express Inc.
Stacey Yim, resident of La Crescenta, California
7 Sundays Inc.
Sovita Migdaris Cedeno Luna, resident of San Francisco, Panama
Texas Outdoor Adventures, Inc.
Livia Szuromi, resident of Budapest, Hungary
Maria Alejandra Gonzalez
Davinder Singh
Andrea Baloghne Horvath, resident of Budapest, Hungary
Adam Radimiri
June Batista, resident of Costa Mesa, California
Julie K. Bridge, resident of Upland, California
VSPs are not required to file a report with the FCC if it terminates a customer relationship with the Cox/Jones/Sumco Panama Operation or blocks all traffic from same and the originating providers listed above.
However, if any VSP, after investigation of the subject illegal robocall traffic does not terminate a customer relationship or block the traffic, it will be required to provide a written report to the FCC with the results of its investigation. (In any event, service providers may wish to document their investigation and compliance efforts for potential future use.) If the VSP concludes that the identified traffic was not illegal, the report must include an explanation as to why the VSP has reasonably concluded that the identified calls were not illegal and what steps it took to reach that conclusion. If the VSP concludes that the traffic is illegal but is unable to effectively mitigate the traffic as described herein, the report must include any alternative steps the VSP has taken to effectively mitigate that traffic and identify the source of the traffic should the notified provider find that the traffic comes from an upstream provider with direct access to the Public Switched Telephone Network. Any VSP filing such a report must do so within two weeks of the Order referenced herein and shall demonstrate its ongoing efforts to mitigate the traffic associated with the Cox/Jones/Sumco Panama Operation.
Filing instructions are set forth in paragraph 12 of the Order. Service providers may wish to consider filing its report or certain information in the report on a confidential basis so that it is not immediately available to the public, including class action plaintiffs’ attorneys.
JULY 25, 2022 - In a strange turn of events, eight originating service providers did not respond to robocall cease-and-desist letters from the FCC. What happened next? Here’s an overview.
On July 7, 2022, the Ohio Attorney General filed a lawsuit in federal court accusing the Cox/Jones/Sumco Panama Operation, including Roy Cox Jr, Aaron Michael Jones, and other individuals and entities, of sending billions of auto warranty robocalls.
The same day, the FCC sent cease-and-desist letters to the following voice service providers that originated these robocalls:
That makes a total of 26 providers that have received cease-and-desist letters from the FCC since March 2021. In previous cases, providers that received such letters promptly complied with the terms.
This time was different. The eight providers that received the July 7 letters failed to respond. Here’s what happened next.
On July 21, the FCC Enforcement Bureau issue an order directing all U.S.-based providers to investigate the illegal traffic identified in the order and mitigate and prevent further transmission of such calls.
“Investigate” means all U.S.-based providers should check if they receive traffic from any of these eight providers. “Mitigation” may include:
This might seem a bit vague. The reporting requirements, however, make things clear.
If a U.S.-based provider finds the identified traffic from the Sumco Panama Operation received directly from voice service providers listed above and does not terminate a customer relationship or block the traffic, then that provider is required to provide a written report to the Enforcement Bureau with the results of its investigation and the steps it has taken to effectively mitigate that traffic. This report is due August 4, 2022.
However, if a U.S.-based provider ends its customer relationship with the Cox/Jones/Sumco Panama Operation and blocks all traffic from the originating service providers listed above, then the reporting requirement is waived.
But wait, there’s more.
If any provider fails to take necessary steps to avoid carrying unlawful robocalls from these eight providers, then that provider may be deemed to have knowingly and willfully engaged in transmitting unlawful robocalls.
So, the FCC order does not have an absolute requirement to stop receiving traffic from these eight providers. However, refusing their calls is easy, while continuing to receive their traffic imposes a heavy reporting burden and legal jeopardy.
Aug 1, 2022.
by Brittany Andrews, the Baroness of the TCPAWorld and an Associate Attorney at Troutman Firm:
Rocket Mortgage lands on the docket yet again, facing another class action lawsuit against a man named Marlon Romero.
Romero alleges that Rocket Mortgage sent a text message to him that read:
“Hello! This is Eric Decuyper, from Rocket Mortgage. As the #1 lender in America, we are running a special for the lowest rate and fee combination the market has to offer. When do you have 5 minutes to chat?”
Romero stated that Rocket Mortgage did not have Romero’s prior express consent to contact him. Based on the message, Romero alleges Rocket mortgage utilized a “prerecorded voice” AND placed numerous telephone calls to him using an Automatic Telephone Dialing System (ATDS) in violation of the TCPA and while he was on the National Do-Not-Call (DNC) Registry.
As a refresh the Supreme Court interpreted the term “Automatic Telephone Dialing System” and held that “[t]o qualify as an ‘automatic telephone dialing system,’ a device must have the capacity either to store a telephone number using a random or sequential generator or to produce a telephone number using a random or sequential number generator.” Facebook, Inc. v. Duguid, 141 S.Ct. 1163 (2021) (emphasis added).
Based on this alleged violation, Marlon seeks to represent two nationwide classes:
ATDS Class: all persons within the United States who received any unsolicited calls or text messages sent using an ATDS or an artificial or prerecorded voice from Defendant, which text message was not made for emergency purposes or with the recipient’s prior express consent within the four years prior to the filing of the Complaint through the date of class certification.
DNC Class: all persons within the United States registered on the National Do-Not-Call Registry for at least 30 days, who had not granted Defendant prior express consent not had a prior established business relationship, who received more than one phone call or text message from or on behalf of Defendant that promoted Defendant’s products or services, within any twelve-month period, within four years prior to the filing of the Complaint through the date of class certification.
Romero files suit in the Central District of California alleging the following causes of action: (1) negligent violation of the TCPA on behalf of the ATDS class, (2) knowing and/or willful violation of the TCPA on behalf of the ATDS class, (3) negligent violation of the TCPA on behalf of the DNC class, and (4) knowing and/or willful violations of the TCPA on behalf of the DNC class.
Interestingly, ATDS cases have completely dried up against Troutman Firm clients but are still being brought against others it seems.
This case was just filed a few days ago so the case is still in its infancy stages. It will be interesting to see what Rocket Mortgage does to combat these claims.
After years of fighting intrusive robocalls, Attorney General Todd Rokita today announced Indiana as a leader of the nationwide Anti-Robocall Litigation Task Force, which will include 50 attorneys general.
The task force will investigate and take legal action against the telecommunications companies responsible for bringing a majority of foreign robocalls into our country. This bipartisan national task force has one goal: to stop illegal robocalls.
"Robocalls aren't just a Hoosier problem. They are a nationwide problem,” Attorney General Rokita said. “That is why I am proud to lead my fellow attorneys general in the fight against these scammers and robocallers. If the telecom industry won't police itself, this unprecedented task force will."
The new task force, led by Indiana, Ohio, and North Carolina attorneys general, has issued 20 civil investigative demands to 20 gateway providers and other entities that are allegedly responsible for a majority of foreign robocall traffic. Gateway providers that bring foreign traffic into the U.S. telephone network have a responsibility to ensure the traffic is legal, but these providers are not taking sufficient action to stop robocall traffic. In many cases, they appear to be intentionally turning a blind eye in exchange for steady revenue. The task force will focus on the bad actors throughout the telecommunications industry to help reduce robocallers’ assault on Hoosiers.
Attorney General Rokita is committed to stopping illegal and unwanted calls. According to the National Consumer Law Center and Electronic Privacy Information Center, over 33 million scam robocalls are made to Americans every day. These scam calls include Social Security Administration fraud targeting seniors, Amazon scams targeting consumers, and many other scams harassing all consumers, including some of our most vulnerable citizens. An estimated $29.8 billion dollars was stolen through scam calls in 2021. Most of this scam robocall traffic originates overseas.
“I am a strong defender of our nation’s borders in every aspect,” Attorney General Rokita said. “This philosophy applies to foreign robocallers and scammers who also attack our country through telecommunication and attempt to take advantage of our people’s good nature.”
The task force is focused on shutting down the providers that profit from this illegal scam traffic and refuse to take steps to otherwise mitigate these scam calls. The targeted entities are responsible for 60% of robocalls.
Attorney General Rokita offers the following tips to avoid scams and unwanted calls:
Aug 3, 2022 -- Indiana Attorney General Todd Rokita is suing an Indiana telecommunications company for its alleged role in overseeing more than 4.8 million scam calls to Hoosier telephone numbers.
Startel Communication worked with two companies in California to flood local telephone numbers with automated calls from India, the Philippines and Singapore. Startel was located in Evansville and run by Indiana resident Wanda Hall and Indian national Abhijit Chowdhury before it went out of business in September following the state's investigation, according to the attorney general's office.
The calls promoted an array of scams around computer support, Amazon subscriptions, the Social Security Administration and COVID-19, the state's lawsuit says. Startel continued facilitating those calls despite warnings from a telecoms industry watchdog that the calls were illegal under federal law.
“Hoosiers are sick and tired of being harassed by illegal and unwanted robocalls, and Kathy and I are two of them,” Rokita said in a prepared statement Thursday, referring to his wife. “Just as I promised, we will stay on the offense in our efforts to protect Indiana consumers and bring these people to justice.”
In total the defendants produced millions of violations of Indiana and federal law, according to Rokita's office. Fines against them could total billions of dollars if approved by federal court, and restitution for Hoosiers could be a possibility down the line.
The office said it is currently unclear how many Hoosiers were actually scammed into providing money or personal information in response to the calls.
IndyStar left a voicemail with a phone number associated with Hall but had not received a response by 4:30 p.m.
FCC e-mail
Sent: Monday, August 1, 2022 4:41 PM
to: xxxxxxxxxxx
Subject: Update on Robocall Mitigation Database Filing
Dear Robocall Mitigation Database Filer:
Based on FCC Form 477 Data, we believe you meet the Commission’s definition of a non-facilities based provider. Accordingly, we believe you were obligated to implement the STIR/SHAKEN caller ID authentication framework by June 30, 2022, and revise your filing in the Robocall Mitigation Database by July 15, 2022, indicating that you are no longer subject to an extension of the STIR/SHAKEN implementation requirement. Per our review of that Database, you have not done so. We are sending this written notice to offer an opportunity for you to explain why you are not subject to the June 30, 2022, implementation deadline and to inform you that we will refer non-compliance to the Enforcement Bureau.
FCC rules 47 CFR §§ 64.6301(a) and 64.6304(a)(1)(i) require a non-facilities based small voice service provider to have fully implemented the STIR/SHAKEN caller ID authentication framework by June 30, 2022. FCC rule 47 CFR § 64.6305(b)(5) requires a voice service provider to update its Robocall Mitigation Database filing within 10 business days of any change to the information provided in its filing.
In the December 2021 Caller ID Authentication Fourth Report and Order, the Commission defined a voice service provider as “non-facilities based” if it offers voice service to end-users solely using connections that are not sold by the provider or its affiliates. See 47 CFR 64.6300(g), FCC 21-122, para. 19 (available at the following link: https://docs.fcc.gov/public/attachments/FCC-21-122A1.pdf). The Commission explained that this definition tracked information collected in the FCC Form 477, and stated that it would use recent FCC Form 477 data to determine which Robocall Mitigation Database filers meet its definition of non-facilities based. Filers that have only reported interconnected VoIP subscriptions sold bundled with a transmission service carrying underlying VoIP service were deemed to fall within the Commission’s definition of “non-facilities based.”
Upon review of the FCC Form 477 data associated with the FCC registration Number you used to file in the Robocall Mitigation Database, we have determined that you meet the Commission’s identified criteria to be a “non-facilities based” small voice service provider that was required to have fully implemented STIR/SHAKEN by June 30, 2022 and to have updated its Robocall Mitigation Database filing accordingly. However, the Robocall Mitigation Database filing for which you are listed as the contact does not currently certify to complete implementation of the STIR/SHAKEN caller ID authentication framework pursuant to 47 CFR § 64.6301(a), nor does the filing identify any other extensions that are applicable.
By Wednesday, August 31, 2022 you must update your Robocall Mitigation Database filing to correct the issue, or provide evidence that the current filing is sufficient (i.e., that you are not subject to this requirement). We will refer non-compliance to the FCC’s Enforcement Bureau, which may pursue an enforcement action as appropriate.
Please send any questions and any responses via email to
Sincerely,
Attorney Advisor
Competition Policy Division, Wireline Competition Bureau
The Robocall Mitigation Database Team
On August 1 2022, the Federal Communications Commission (“FCC”) initiated an e-mail blast to “non-facilities-based” voice service providers (“VSPs”) that are not listed in the Robocall Mitigation Database as STIR/SHAKEN compliant; directing that they must be fully compliant by August 31, 2022. Those VSPs that are not compliant by that date will be subject to an investigation and possibly severe sanctions by the FCC’s Enforcement Bureau.
As stated in our March 22 advisory, all non-facilities-based VSPs (i.e., those that offer voice services to end-users solely using connections that are not sold by the provider or its affiliates) are required to fully implement STIR/SHAKEN in the IP portions of their networks by June 30, 2022. The FCC is now prioritizing enforcement of that deadline.
The FCC’s subject emails state, in pertinent part, that “[b]ased on FCC Form 477 Data, we believe you meet the Commission’s definition of a non-facilities-based provider. Accordingly, we believe you were obligated to implement the STIR/SHAKEN caller ID authentication framework by June 30, 2022 and revise your filing in the Robocall Mitigation Database by July 15, 2022, indicating that you are no longer subject to an extension of the STIR/SHAKEN implementation requirement. Per our review of that Database, you have not done so.” The FCC further states that full STIR/SHAKEN compliance must be deployed by August 31, and the robocall mitigation database updated to show same or the matter will be turned over the Enforcement Bureau.
Consequently, it is critical that all non-facilities-based VSPs that have received these emails or are otherwise not in compliance with the STIR/SHAKEN rules commence action to ensure compliance immediately.
Aug 5, 2022 -- Robotext scams are on the rise and may even be passing robocalls as a tool for con artists.
Like robocalls, texts can be spoofed to mask the originating number and make it appear that the text is coming from a number you’re more likely to trust. Spoofers may opt for a local number, or impersonate a government agency, such as the IRS, or a company you’re familiar with. Scammers use these methods to get you to respond to a text.
Consumers who have filed complaints with the FCC say some of the texts resemble email spam, with links to unwanted and unsolicited products. But many of the texts appear to be ploys to steal valuable personal or financial information. Some recipients have been pressured to "login" to a fake bank web site to verify a purchase or unlock a credit card that was frozen. Others use package delivery updates as phishing bait.
Now the Better Business Bureau (BBB) is warning consumers about a new approach, "wrong number" text scams, with many of them originating from chat bots.
Some scammers will go straight for your wallet, but others are seeking personal information they can use in subsequent scams or to sell to other bad actors.
The FCC recommends the following:
If you think you're the victim of a texting scam, report it immediately to your local law enforcement agency and notify your wireless service provider and financial institutions where you have accounts.
Please share these tips with friends and family.
For more information about scam calls and texts, visit the FCC Consumer Help Center and the FCC Scam Glossary.
AUGUST 24, 2022 - The SIP 603+ standard on robocall blocking notification has been approved and published by ATIS. Here’s an overview.
SIP 603+ blocking notification
The SIP 603+ response is used when a call is blocked due to analytics-based call processing. The SIP 603+ message is based on the standard SIP 603 message, with two differences:
The SIP 603+ status line uses a unique reason phrase, “Network Blocked,” rather than the SIP 603 default reason phrase “Decline.”
The SIP 603+ contains a SIP Reason header, which is a standard feature of SIP messaging. The ATIS-1000099 standard describes specific encoding that is put into this Reason header for a SIP 603+ message.
Reason header encoding
The SIP 603+ reason header includes three parameters listed in table 1:
Table 1. Reason header parameters
Parameter Mandatory Value
“cause” Yes “21” or “603”
“text” Yes See table 2
“location” Yes “LN”, “TN”, “LPN”, “RPN”, or “RLN”
The location codes are defined in another standard and are leveraged for this standard. These codes indicate where in the network the block occurred:
LN: Originating network
TN: Transit network
LPN: Originating private network
RPN: Private network serving the called party
RLN: Network serving the called party
The “text” parameter is a string of attribute-value pairs that can be used to relay several different pieces of information listed in table 2:
Table 2. “text” parameter attribute-value pairs
Attribute Mandatory Value
“v” Yes “analytics1”
“url” if neither “tel” nor “email” are included Valid HTTPS URL for the calling party to visit for redress
“tel” if neither “url” nor “email” are included Valid E.164 formatted telephone number for the calling party to call for redress
“email” if neither “url” nor “tel” are included Valid email address for the calling party to email for redress
“id” No Identifier used by the service provider that blocked the call to facilitate redress (e.g., call identifier, blocking reason identifier, network segment identifier, etc.
Reason header examples
Reason: SIP; cause=603; text="v=analytics1;url=https://example.com";location=LN
This call was blocked at the originating network. The caller can visit website example.com for redress.
Reason: Q.850; cause=21; text="v=analytics1;tel=+12155551212";location=RLN
This call was blocked at the network serving the called party. The caller can call (215) 555-1212 for redress.
Reason: SIP; cause=603; text="v=analytics1;url=https://example.com;email=support@example.com;tel=+12155551212;id=29016905-3bed4c98-9423-03041160cc67";location=LN
This call was blocked at the originating network. The caller can either visit the example.com webpage, send an email to support@example.com, or call (215) 555-1212 for redress. A call ID number was provided to facilitate redress.
How we got here
In December 2019, the TRACED Act was signed into law. It amended the U.S. Code to require the FCC to act within one year to ensure that robocall blocking services are provided with transparency and effective redress options for both consumers and callers.
The FCC responded in December 2020 with their Fourth Report and Order on robocall mitigation. This required immediate notification of blocking be implemented by January 1, 2022, using SIP code 607 or 608 for calls on IP networks and ISUP code 21 for calls on TDM networks.
In May 2021, USTelecom filed a petition for reconsideration with the FCC for the Fourth Order’s notification requirement. Instead, the Commission should give service providers flexibility in how to notify callers that their calls have been blocked. They said that the standards were not finalized, and service providers would not be ready by the deadline. If blocking required such notification, then providers would have to stop blocking robocalls.
In December 2021, the FCC issued an Order on Reconsideration that allowed service providers to use SIP code 603 as a temporary measure to meet the immediate blocking notification requirement. The Commission issued a Further Notice of Proposed Rulemaking, in which they asked if SIP 603+ would provide sufficient notification or should SIP 607/608 eventually be required. Nine organizations replied:
Commenters representing callers and some industry associations wrote that SIP 603 does not provide actionable information for redress. Therefore, it doesn’t satisfy the TRACED Act.
Commenters representing carriers and an analytics firm wrote that SIP 603 is adequate, or at least the most pragmatic choice. They also said there’s a better SIP 603+ under discussion.
From March through July 2022, standards development continued on SIP 603+. As work progressed, members of the standards task force reached out to associations representing high volume callers for feedback on whether the SIP 603+ specification would meet their needs. The calling community responded with a list of their requirements. By our tally, it seemed the answer would be “yes.”
In August, the ATIS IP-NNI Forum approved and published the ATIS-1000099 standards document.
August 25, 2022, by Eric Troutman, attorney.
Well its that time again.
Time for us to be bombarded by texts and calls from folks looking for your vote, or looking for money from you to support this candidate or that cause.
And just behind all those phone calls is an equally impressive barrage of TCPA class action lawsuits against candidates, parties, and committees.
Today we have a class action lawsuit filed against the Republican National Congressional Committee.
Apparently they blasted a bunch of folks–“Trump patriots”– with text messages that Pelosi is about to do something they wouldn’t like. And they asked for some money to stop it from happening.
Well I’m ready to write a check…
But apparently not everyone who received the texts was a Trump patriot, and that would include the Plaintiff–a guy named Michael Anthony.
The suit alleges the robotexts were sent using an ATDS and seeks millions of dollars against the RNCC.
The classes include:
Autodialed Text Class: All persons in the United States who (1) from the date
four years prior to the filing of this Complaint through the date notice is sent to the class members; (2) Defendant (or a third person acting on behalf of Defendant)
placed at least one text message call; (3) to the person’s cellular telephone number;
(4) for the purpose of promoting Defendant’s political agendas or to solicit
political donations; (5) using the same dialing equipment that was used to place
the text message call to Plaintiff; and (6) for whom Defendant claims it obtained
prior express consent in the same manner as Defendant claims it supposedly
obtained prior express consent to place text message calls to the Plaintiff, or for
whom it did not obtain prior express written consent.
Autodialed Stop Text Class: All persons in the United States who (1) from the
date four years prior to the filing of this Complaint through the date notice is sent
to the class members; (2) Defendant (or a third person acting on behalf of
Defendant) placed at least one text message call; (3) to the person’s cellular
telephone number; (4) for the purpose of promoting Defendant’s political agendas
or to solicit political donations; (5) using the same dialing equipment that was used
to place the text message call to Plaintiff; (6) after the person requested that the
text message calls stop.
Intrusion Upon Seclusion Class: All persons in the State of Pennsylvania who
(1) from the date one year prior to the filing of this Complaint through the date
notice is sent to the class members; (2) Defendant (or a third person acting on
behalf of Defendant) placed text message calls; (3) to the person’s cellular
telephone number; (4) for the purpose of promoting Defendant’s political
agendas or to solicit political donations; (5) for whom Defendant claims it
obtained prior express consent in the same manner as Defendant claims it
supposedly obtained prior express consent to place text message calls to the
Plaintiff, or for whom it did not obtain prior express written consent; and (6)
either the text message calls were placed after 9:00 p.m. or the recipient received
more than fifty (50) text messages from Defendant.
This isn’t the first time Republican National committees have been sued under the TCPA. But the Senatorial committee was successful in defeating such a case this year.
The Democratic national committee, however, famously failed to respond to a TCPA suit and had a judgment entered against it in Kansas for $60k.
As a reminder, it is ILLEGAL to engage in campaign fundraising or to send campaign-related messages using regulated technology to cell phones without consent.
And its kind of dumb too…
Aug 14, 2020 • ZDNet * Researchers say that most campaigns take place in short-burst storms and that answering a robocall doesn’t mean you’ll be targeted more often in the future.
In an award-winning paper presented at the USENIX security conference this week, a team of academics from North Carolina State University presented a list of findings from operating a massive telephony honeypot for 11 months for the sole purpose of tracking, identifying, and analyzing the robocalling phenomenon in the US.
NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls — even if they never made their phone numbers public via any source.
The research team said they usually received an unsolicited call every 8.42 days, but most of the robocall traffic came in sudden surges they called “storms” that happened at regular intervals, suggesting that robocallers operated using a tactic of short-burst and well-organized campaigns.
In total, the NCSU team said it tracked 650 storms over 11 months, with most storms being of the same size.
But the research team also said that not all calls during a storm were from the robocallers themselves and that a large chunk of calls also came from real persons.
Researchers believe this happened because, at the time of the storm, the robocalling operation had been using a technique known as “caller ID spoofing” to hide their real phone numbers and pass as real persons.
If victims of the robocalling campaign missed the call and called back the spoofed number, they’d eventually end up calling the research team’s honeypot telephone numbers.
Ironically, researchers also caught a storm outside of their honeypot network.
“Interestingly, a colleague in our lab was a victim of a storm event. He was overwhelmed with calls from hundreds of strangers complaining that they had received a call from him! Needless to say, he was unable to use his phone for a few days until the calls died down.”
But the NCSU team also recorded a 10% sample (~150,000) of the robocalls they received, which they later analyzed using audio processing tools to determine the source and content of the robocall itself.
Academics said they detected 2,687 unique robocalling campaigns, with the largest ones promoting student loans, health insurance, Google search promotion services, and Social Security scams.
However, the research team’s biggest finding was that after answering 1.5 million robocalls across 66,000 phone numbers, researchers said they didn’t see a spike in subsequent robocalls.
“News reports and regulatory agencies recommend phone users to avoid answering calls from unknown numbers to reduce the number of robocalls,” researchers said.
“Surprisingly, we found that answering phone calls does not necessarily increase the number of robocalls you would receive. Phone users should be cautious when you get a call from an unknown number. However, occasionally answering an unsolicited phone call does not mean you will receive more robocalls.”
SEPTEMBER 26, 2022
After almost a year of behind-the-scenes work, the FCC has begun to develop rules to combat spam text messages. Here’s an update.
Axios reported that the FCC takes long-delayed step against spam text surge. Commissioners voted 4–0 in favor of this proposal late Friday, September 23, 2022.
RoboKiller reported that about 10.89 billion spam text messages were sent to U.S. subscribers in August 2022. In contrast, YouMail reported that about 4.48 billion robocalls were received by U.S. subscribers in the same month. There were more than twice as many robotexts as robocalls in August.
In October 2021, the FCC announced that Chairwoman Jessica Rosenworcel shared with FCC commissioners proposed rules to combat robotexts. Axios reported that the FCC’s consumer advisory committee began reviewing the issue in April 2022 and issued a study in August.
The study recommended that the FCC should encourage wireless messaging service providers to adopt CTIA’s Messaging Security Best Practices. These best practices include:
The Commission is expected to issue a Further Notice of Proposed Rulemaking (FNPRM). The FNPRM will describe proposed rules and seek input on specific questions. The proposed rules will go through comment and reply comment stages to help shape the final rules. Commissioners will then vote on the proposed rules.
Axios reported that the FCC proposal incorporates some findings from this study.
On September 27, 2022, the Federal Communications Commission (FCC or Commission) released a Notice of Proposed Rulemaking (NPRM) seeking comment on a proposal that would require mobile wireless providers to block illegal text messages and applying caller ID authentication standards to text messaging. To date, the FCC’s efforts have largely focused on robocalls, not robotexts.
Accordingly, this NPRM represents a significant new undertaking by the FCC. These efforts – if adopted – will have a wide impact across the wireless messaging ecosystem.
Below, we provide background and a high-level summary of the new NPRM. Comments are due 30 days after the NPRM is published in the Federal Register, and replies will be due 45 days after the NPRM is published in the Federal Register.
The FCC Notes an Increase in Illegal and Unwanted Text Messages as the Premise for Its New NPRM
As a basis for the proposed rules, the NPRM notes that consumers are receiving increasing numbers of illegal and unwanted text messages, with the Commission reporting that it received approximately 14,000 consumer complaints about unwanted text messages in 2020, representing a 146 percent increase in the number of complaints from the year before. The Commission has subsequently received 15,300 consumer complaints about unwanted texts in 2021, and 8,500 such complaints through June 30, 2022.
The NPRM also notes that text message-based scams can harm consumers by including links to phishing websites and loading unwanted software onto a device. It further states that, like robocalls, scam texts can involve falsifying caller ID information that appears on the texted party’s phone with the intent to defraud or wrongfully obtain something of value. According to the NPRM, scammers stole over $86 million through spam texting fraud schemes in 2020.
Finally, the NPRM notes that the “ubiquitous” use of text messaging services by consumers also exacerbates the risk of robotexts. The NPRM cites to industry data indicating that consumers read nearly all texts they receive, open a far larger percentage of text messages compared to email, and open text messages far more quickly than email.
The Legal Landscape for SMS Messages Is Distinct from Robocalls
The NPRM also provides an overview of the regulatory framework currently applicable to text messaging services, which in many respects is distinct from the legal and regulatory landscape for robocalls. In particular, the NPRM discussed the following frameworks and how they apply to text messaging:
Oct 4, 2022 - The FCC’s Robocall Response Team today announced first-of-their-kind Enforcement Bureau orders to begin removing seven voice service providers from the agency’s Robocall Mitigation Database.
The orders demanded that Akabis, Cloud4, Global UC, Horizon Technology Group, Morse Communications, Sharon Telephone Company, and SW Arkansas Telecommunications and Technology show cause within 14 days as to why the FCC should not remove them from the database. Removal from the database would require all intermediate providers and terminating voice service providers to cease carrying the companies’ traffic. If that were to occur, all calls from these providers’ customers would be blocked and no traffic originated by the provider would reach the called party.
Providers must take key robocall mitigation steps – including implementing STIR/SHAKEN throughout their IP networks – and if they fail to demonstrate that they have met these requirements, they can be removed from the database and other networks will no longer take their traffic.
The FCC launched the Robocall Mitigation Database in which voice service providers must file certifications to inform the agency of their STIR/SHAKEN implementation status and, in some cases, their robocall mitigation efforts. Voice service providers certifying to anything short of full STIR/SHAKEN implementation must describe the robocall mitigation steps they are taking to ensure they are not the source of illegal robocalls. If a voice service provider does not file or does not adequately file in the database, other voice service providers must block the noncompliant provider’s calls.
BY JOSEPH STEINBERG, CEO, SECUREMYSOCIAL@JOSEPHSTEINBERG
A scam that seems to reappear periodically is back and helping criminals steal people's money. Protecting yourself is simple--if you know how the scam works.
So, here is what you need to know to protect yourself from the three variants of the scam:
1. In the first version of the scam, criminals target their victims simply by calling them (usually from a robocall autodialer which supplies caller ID information that the victim will not recognize)--and hanging up before anyone answers, thereby arousing the call recipient's natural curiosity. Criminals sometimes do this several times in succession--so victims see a call coming in repetitively from some number they don't recognize, further increasing the chances that their curiosity will cause them to call back.
2. In another variant of the scam, the criminals don't hang up quickly, but rather wait for the intended victim to answer the call, at which point the robocaller plays a recording of someone crying for help or the sounds of someone in need of medical attention or under attack--and then hangs up. Obviously, many good-hearted people are likely to call back in such a situation. Some criminals may do the same, pretending to be a collection agency, a law enforcement official, or a doctor treating a close relative.
3. In the third version of the scam, a criminal sends a text message similar to the voice recording in variant 2--explaining that he or she is in danger and needs help--often making it appear as if the message was sent by accident to the wrong recipient. The criminal may ask for you to call or to text back.
In all of these cases, the criminal wants you to call or text back.
These calls are likely part of what is commonly known as the "473 Scam," "Ring and Run Scam," or "One Ring Scam," and the numbers displayed on your caller ID or sent in a text message are likely premium numbers. You will be charged--sometimes quite a bundle--for any calls that you make, or text messages that you send, to them.
It's quite simple to protect yourself: Do not call or text back.
The name "473 scam" comes from the fact that criminals have been known to use caller IDs with the area code 473--which appears to be domestic, but is actually the area code for the island of Grenada and several other islands outside the United States that, like the U.S., use country code +1. Calls placed to 473 numbers are international calls, not typically included in calling plans, and can run up quite a bill. Also, the criminals perpetrating 473 scams often establish premium numbers--the equivalent of the 900 numbers that were popular in the United States in the pre-internet era. Calls to such numbers can sometimes cost more than $20 for the first minute! (In fact, a couple decades ago, similar scams used to be run from within the United States--criminals would send messages to people's pagers (remember those?) paging them from premium numbers with the hope that the recipients would call back and be charged for the calls.)
Of course, the 473 scam is run from area codes other than 473--at the bottom of this story is a list of area codes that appear domestic (because they use country code +1), but are, in fact, international.
In addition to the list of international numbers that "look American," keep in mind that Canada and various U.S. territories are also part of country code +1--and while scammers do not typically run 473 scams from Canada or U.S. territories, some domestic telephone plans do not consider calls to these areas to be a domestic or free calls. For that reason, I have included lists of U.S. territory and Canadian area codes below as well.
The history of the 473 scam reveals an important point you need to know in order to stay safe.
After most Americans became aware that 900 numbers were premium numbers, criminals started to use other areas codes--often 809 (the Caribbean islands)--which led to this scam even being known as an 809 scam. After sufficient media coverage educated enough folks not to return calls to area code 809, criminals shifted to other areas codes--assisted by the implementation of many new area codes over the last two decades--making it far more difficult for people to recognize which numbers are domestic and which are not. Of course, the fact that today's phones allow people to respond quickly to text messages and missed calls means that people are less likely than during the era of pagers to reconsider whether it's a good idea to respond before they call or text back. Also, psychologically speaking, humans are more likely to become alarmed when hearing the voice of another human crying for help than when seeing a text message--giving today's scammers another edge up over their counterparts two decades ago. Scammers adapt their techniques as technologies and awareness levels change.
As far as lessons, here is the bottom line:
If you miss a call, whomever called can send you a text message (or leave a voicemail). If they did neither, and you don't know who called, don't worry about it. Also, remember that it's unlikely that someone you do not know who is in distress at a location with which you are not familiar would dial a random number in another country and ask you to help them--they would call the police.
242 -- Bahamas
441 -- Bermuda
784 -- St. Vincent and Grenadines
246 -- Barbados
473 -- Grenada, Carriacou, and Petite Martinique
809, 829, and 849 -- Dominican Republic
264 -- Anguilla
649 -- Turks and Caicos
868 -- Trinidad and Tobago
268 -- Antigua
664 -- Montserrat
876 -- Jamaica
284 -- British Virgin Islands
721 -- Sint Maarten
758 -- St. Lucia
869 -- St. Kitts and Nevis
345 -- Cayman Islands
767 -- Dominica
American Samoa -- 684
Guam -- 671
Northern Mariana Islands -- 670
Puerto Rico -- 787 and 939
U.S. Virgin Islands -- 340
Alberta -- 403, 587, and 780
British Columbia -- 236, 250, 604, and 778
Manitoba -- 204 and 431
New Brunswick -- 506
Newfoundland -- 709 (879 is being added in 2018)
Northwest Territories -- 867
Nova Scotia -- 902
Nunavut -- 867
Ontario -- 226, 249, 289, 343, 365, 416, 437, 519, 613, 647, 705, 807, and 905
Quebec -- 418, 438, 450, 514, 579, 581, 819, and 873
Saskatchewan -- 306 and 639
Yukon -- 867
Nationwide -- 600 (and possibly 622, 633, 644, 655, 677, and 688)
Area code -- 900
Also -- Canadian numbers that begin 976 after the area code (These can be like 900 numbers. The U.S. used to have such numbers as well. Numbers beginning 540 in New York used to also be premium numbers, but these should no longer be in service.)
OCTOBER 24, 2022
The Office of the Indiana Attorney General announced a settlement with a service provider accused of facilitating illegal robocalls. The settlement requires the provider and its CEO to exit the telecommunications industry forever. Here’s what happened.
The Indiana Attorney General filed a lawsuit in federal court in October 2021 against Startel, Wanda Hall, the Startel Chief Executive Officer, and other defendants for facilitating over 4.8 million illegal robocalls to people in Indiana. These robocalls included:
The lawsuit, says that Startel was the gateway provider that received these illegal robocalls from Microtalk Comm India and IQ Telecom, which is registered in Delaware but operates out of India.
Startel sent the illegal robocalls downstream to Piratel LLC and Rapid Eagle Inc DBA VoIP Essential Inc. These organizations were identified through the traceback process. Piratel and VoIP Essential also were named as defendants in the lawsuit but are not involved in this settlement.
The Indiana AG settled with Startel and Wanda Hall on October 20, 2022. The main provision of the consent decree is that Startel and Wanda Hall agree to never again operate, own, invest in be an employee of, draw revenue from, or consult with a voice service provider or provide voice services to another person.
Note that this consent decree uses the same definition of voice service as federal regulations, which describe it as voice services provided to end users.
For this reason, the consent decree also requires Startel and Hall to terminate all existing business relationships with any customer that is a voice service provider, provides VoIP services, or facilitates others in initiating robocalls. They are also prohibited from ever again engaging with such entities.
October 28, 2022 BY Sarah Delphey and Rebekah Johnson.
In its October 27, 2022, Open Meeting the FCC discussed a proposed Notice of Inquiry (NOI) regarding the adoption of STIR/SHAKEN on non-IP networks.
According to the FCC, this Notice of Inquiry would:
Commissioners Carr, Starks, and Simington praised the NOI and said the industry needed to continue to take steps to combat illegal robocalls. Commissioner Starks said there was a need to push all providers to implement STIR/SHAKEN and continue facilitating service providers’ transition to all IP networks. Commissioner Simington commented on the age of US phone networks and that the current state of IP adoption is understandable but that combatting illegal calls through STIR/SHAKEN requires that service providers accelerate IP adoption or push for non-IP-based means to implement technology to combat illegal calls.
Chairwoman Rosenworcel reinforced the need to continue to innovate and be relentless in using existing tools to respond to new methods from scammers. Rosenworcel praised STIR/SHAKEN’s ability to allow consumers to trust that callers “are who they say they are” and its effectiveness on IP networks but said that STIR/SHAKEN does not work on networks that rely on traditional copper lines. Rosenworcel noted the Commission would not wait for service providers to update their networks and that the Commission would look to find new ways to address illegal calls on existing phone networks. Rosenworcel praised the Memorandums of Understanding the FCC has developed with state agencies and the Commission’s recent enforcement actions.
Citing the desire by illegal callers to look for “loopholes” in existing laws, Rosenworcel suggested that Congress needed to take action, including:
The NOI was approved unanimously and adopted by the Commission.
Oct. 22, 2022 - By Stephen Matlock
The U.S. legal system has dramatically ramped up its pursue of fraud calls and the fraudsters behind them, plus call violations of the TCPA and other regulations. The passage of the TRACE Act in 2019 seems to have kicked off that much greater effort.
We are seeing notices from the FCC, FTC, and many states’ attorney generals almost every week, citing carriers for transmitting the fraudulent or out-of-compliance calls, or for ignoring the industry’s TraceBack Group, that does the tracking of these calls.
Here are several that have crossed out desk recently:
* The Georgia Bureau of Investigation is after one of the notorious U.S. spam and fraud transmitters, and sent a notice that it had wiretapped the company’s lines, saying “During the period...calls made by you... were intercepted and are evidence of the crimes of (the) violation of the Georgia Controlled Substances Act, violation of the Georgia Gang and Terrorism Prevention Act, and conspiracy to commit the same...” We asked the GBI to confirm this report as accurate, and it did. The target company was identified as Great Choice Telecom and its operator John Spiller.
* Task force says it is going after two companies it says are behind illegal robocalls by WSBTV.com News Staff November 15, 2022 … the Anti-Robocall Litigation Task Force, which was formed in August, is taking action against two voice service providers for their illegal involvement in illegal robocalls.
Attorney General Chris Carr said the task force is acting against Michael Lansky LLC, which was doing business as Avid Telecom, and One Eye LLC.
The Anti-Robocall Litigation Task Force comprises 51 attorneys general who are working together to crack down on illegal phone calls. “The enforcement action against One Eye details how an individual named Prince Anand closed another voice service provider, PZ Telecommunication LLC, and became the apparent CEO of One Eye. This transition occurred after the Federal Communications Commission sent PZ Telecom a cease-and-desist letter,” the Attorney General’s Office said in a news release Tuesday. “One Eye has stopped responding to the task force, and Avid has refused to answer the CID. The State of Indiana has moved to enforce these CIDs in Marion County, Indiana.”
· FCC Enforcement Bureau Notifies All U.S.-Based providers they may block robocalls originating from Urth Access, LLC. By the Chief, Enforcement Bureau:
The Enforcement Bureau (Bureau) of the Federal Communications Commission (FCC or Commission) issues this Public Notice to notify all U.S.-based voice service providers about substantial amounts of apparently unlawful student loan-related robocalls originating from the Urth Access, LLC (Urth Access) We notify all U.S.-based voice service providers that they may block voice calls or cease to accept traffic from certain originating/intermediate providers listed in this Notice, without liability under the Communications Act or the Commission’s rules.
Contemporaneous with this Public Notice, the Bureau is issuing a cease-and-desist letter to the following voice service provider (Originating Provider): Urth Access, LLC
The US Telecom’s Industry Traceback Group (Traceback Consortium) identified Urth Access as the originator for substantial volumes of apparently unlawful student loan-related robocalls. Pursuant to the cease-and-desist letter, Urth Access must (1) immediately investigate and effectively mitigate the traffic identified in the letter, (2) notify the Bureau and the Traceback Consortium, within 48 hours, of the steps taken to mitigate the identified traffic, and (3) inform the Bureau and the Traceback Consortium, within 14 days, of the steps that Urth Access has taken to prevent customers from using its network to transmit illegal robocalls. If Urth Access fails to comply with the requirements set forth in the letters, it may be removed from the Robocall Mitigation Database, obligating all other providers to cease carrying all of its traffic.
· Indiana puts Startel out of business, targets Piratel and VoIP Essential -- The Indiana AG settled with Startel and Wanda Hall on October 20, 2022. The main provision is that Startel its CEO Hall agree to never again operate, own, invest in be an employee of, draw revenue from, or consult with a voice service provider or provide voice services to another person.
The Indiana Attorney General filed a lawsuit in federal court in October 2021 against Startel, Hall, and other defendants for facilitating over 4.8 million illegal robocalls to people in Indiana. The lawsuit, says that Startel was the gateway provider that received these illegal robocalls from India companies Microtalk Comm IQ Telecom. Startel sent the illegal robocalls downstream to Piratel LLC and Rapid Eagle Inc DBA VoIP Essential Inc. who were named as defendants in the lawsuit but are not involved in the settlement.
We talked at some length to one of those parties described above, and it became obvious that for every official government story, there is an opposing story, that may or may not be true. We’ll explore that topic with several of the accused, in the future.
by Eric J. Troutman - Nov 23, 2022
So the FCC just issued the death penalty.
It determined that a company called Global UC, Inc. just doesn’t deserve to live anymore.
Apparently the company failed to fix its “deficient Robocall Mitigation Database (Database) certification” despite being emailed about it and the Commission has had enough.
Ok.
As a result it has removed Global UC from the Robocall Mitigation Database.
Ok.
And Removal from the Database requires all intermediate providers and terminating voice service providers to cease accepting the Company’s traffic.
Lethal injection administered.
Actually its more like a firing squad.
Let me back up.
According to the FCC’s death penalty ruling–which you can read for yourself here DA-22-1219A1 — this company Global UC submitted a robocall mitigation certification back in July, 2021. But the certification was apparently garbage. There was nothing meaningful in the certification explaining how the company was going to combat robocalls.
So the Commission followed up with Global UC “via email” in October, 2021.
Ok.
No response.
So the Commission issued an “order” in October, 2022 demanding Global UC respond to its email or else. Apparently Global UC did so, but not in a satisfactory way:
“We are not needing this certification.”
Wrong move.
The FCC determined the company had “certified that it is subject to a robocall mitigation program, but it failed to describe specific reasonable steps that the Company is taking to prevent the origination of illegal robocall traffic.” Moreover “[t]he Company’s certification therefore was deficient because it did not describe any robocall mitigation program.” And because the company refused to provide the explanation the government required, a head had to roll.
And so it did.
As a result of these findings the FCC ordered: “All intermediate providers and terminating voice service providers must cease accepting traffic from Global UC within two (2) business days of this Order.”
Hmmm.
I’m not entirely sure what to say here.
Obviously this is an unsophisticated outfit that had no idea what it was doing–if it wanted to stay in business. And perhaps it didn’t. The order contains no explanation of the volume of traffic the carrier is handling. Maybe this company is already shuttered and this order is nothing more than another example of futile bureaucratic box checking.
A kneejerk response to a quasi-voluntary renunciation of a required certification.
Maybe.
Or maybe this is a real company that does real business and has real employees that just got shut down because they didn’t understand the rules of the road–and who can blame them. There really aren’t any rules. Yes, carriers have to submit a robocall mitigation plan. But what does that plan have to entail? Does anyone really know.
So now we know, the plan has to include more than a recitation of SHAKEN/STIR authentication framework technicalities. Cool. We probably could have guessed that would be insufficient–and, I get it, the Commission emailed these guys and told them it was insufficient–but you can’t say it is ludicrous for a carrier to point at the FCC’s own standard for authenticating calls as a starting point for robocall mitigation. In fact, it kind of makes sense from a laymen’s perspective.
And I guess that’s what bothers me about this whole thing. It feels like Global UC is a laymen caught up in some web of Orwellian government red tape. Executed for failing to timely respond to an email.
And maybe that’s not true. Maybe Global UC is a terrible awful scam robocall facilitating shell that deserves to burn in the telecom equivalent of hades for all eternity.
But we don’t know that.
That’s not what the FCC found.
That’s not why the FCC killed this company.
It wasn’t killed for being a bad actor in the true sense of the word. It was killed for being, at worst, a stupid or belligerent actor that didn’t want to play along with the new robocall mitigation rules. At best, it was an unsophisticated actor that didn’t timely respond to one email and that didn’t understand the importance of the certification that it stated it did not need (when it plainly did.)
Maybe I’m reading too much into this. But it makes me uneasy.
Then there’s the other piece.
The piece where the death penalty was carried out using private companies to do the killing.
All the other carriers were, essentially, ordered to cast out Global UC. To starve it to death. To treat it like a pariah. Offer it no refuge. No mercy. Close its doors to its traffic until it simply withers on the vine.
Its just… weird.
In most death penalties the government has the means to effectuate a swift and certain demise without the preoccupation of any private enterprise. It hires an executioner to chop off a head or inject some poison. Done.
But here, Global UC is only dead because the FCC has ordered all the other carriers to stop dealing with it. Private resources are being seized. Regular old people are being turned into executioners at gunpoint.
In fact, this order doesn’t actually require anything of Global UC. It is an order that everyone but Global UC stop doing something.
So companies that didn’t do anything wrong are now ordered to do something–kill a fellow carrier–or else risk facing the same fate.
Again its just… weird.
There’s something wrong with this picture. I can’t quite describe the aching feeling of unease except to say, I know this isn’t right.
Carriers in this nation aren’t winged monkeys out to do the bidding of some witch (or Commission) somewhere.
Or maybe they are.
What do I know?
Well, here’s what I know: If you’re a carrier, voice service provider or anyone else in the telecom ecosystem that might have to submit a robocall mitigation plan, you better do it–and you better do a good job of it. And if the Commission emails you, you better respond.
Otherwise everyone else might be ordered to do something. And that something–weird though it is to say–might be to end your company.
On December 21, 2022, the Federal Communications Commission (FCC) proposed a record-breaking $299,997,000 fine against the largest robocall operation investigated by the FCC via a Notice of Apparent Liability for Forfeiture (NAL) against Sumco Panama SA, Sumco Panama USA, Virtual Telecom kft, Virtual Telecom Inc., Davis Telecom Inc., Geist Telecom LLC, Fugle Telecom LLC, Tech Direct LLC, Mobi Telecom LLC, and Posting Express Inc. (FCC 22-99). The NAL alleges alleged spoofing and robocalling violations of the Telephone Consumer Protection Act (TCPA), Truth in Caller ID Act, and TRACED Act.
And, the NAL builds on the FCC’s July 2022 direction that all US-based voice service providers to “cease carrying specified traffic related to the auto warranty scam robocalls,” leading to a 99% drop in such call volume.
Since 2018, the robocall scheme—run by Roy Cox, Jr. and Michael Aaron Jones—made “billions of apparently illegal robocalls via their Sumco Panama company, other domestic and foreign entities, and a host of international cohorts located in Panama and Hungary,” violating federal anti-robocalling and spoofing laws. Just between January and March 2021, the scheme made more than five billion robocalls (enough to call each person in the US 15 times) to a half a billion numbers via pre-recorded voice calls to consumers “to press consumers to speak to a ‘warranty specialist’ about extending or reinstating their car’s warranty.” Instead, the scheme “was designed to sell vehicle service contracts that were deceptively marketed as car warranties.”
The proposed fine is the largest in the FCC’s history because of “egregious violations and thus deserved a substantially escalated proposed fine.” For example, the FCC noted that consumers described the calls as “incessant” and “harassment;” health care workers were called during the COVID-19 pandemic; and hospital numbers were spoofed, “tying up the phone lines of vital public safety institutions.”
by CommLaw Group, Jan5, 2023 -
As delineated in a previous Client Advisory, the Federal Communications Commission (“FCC” or “Commission”) imposed new robocall mitigation regulatory requirements on the gateway providers that are the point of entry for foreign-originated illegal robocalls into the United States.
A gateway provider is a U.S.-based intermediate provider (i.e., a carrier that has facilities located in the U.S., including a point-of-presence) that receives a call directly from a foreign originating provider or foreign intermediate provider at its U.S.-based facilities and transmits the call downstream to another U.S.-based provider.
When the Commission announced the new requirements, it did not yet have compliance deadlines. As delineated below, the FCC’s recent Public Notice lists the robocall mitigation plan filing deadline as January 11, 2023 and the STIR/SHAKEN compliance deadline as June 30, 2023.
Robocall Mitigation Plan and Certificate Filing Mandate
The first requirement is that gateway providers must file a certification of compliance and robocall mitigation plan in the FCC’s Robocall Mitigation Database (“RMD”), describing their robocall mitigation practices and stating that they are adhering to them. A gateway provider that is also a voice service provider and previously submitted a robocall mitigation plan must amend same to meet the new requirements. The gateway provider robocall mitigation plan must include, at a minimum:
• reasonable steps the provider is taking to avoid carrying or processing illegal robocalls;
• contact information for a person responsible for addressing robocall mitigation-related issues;
• explanation as to how the provider is complying with the know-your-upstream-provider obligation; and
• certification that the carrier that they will comply with traceback requests within 24 hours and commit to working with traceback authorities in pertinent investigations.
It is critical that gateway providers timely comply with the FCC’s mandate because, among other things, intermediate providers and voice service providers will be prohibited from accepting traffic from gateway providers not listed in the RMD beginning April 11, 2023.
STIR/SHAKEN Compliance Requirements
The Commission also issued its requirement that gateway providers either upgrade their non-IP networks to IP and implement STIR/SHAKEN, or work with a working group, standards group, or consortium to develop a non-IP caller ID authentication solution, and proposed June 30, 2023 as the compliance deadline. The Public Notice confirms the June 30, 2023 deadline.
New Foreign Service Provider Obligations
Some foreign service providers have been unable to make the required filings in the RMD due to foreign legal obligations. The FCC now requires that such providers must explain any legal constraints in their robocall mitigation program description. If a foreign provider is submitting a voice service provider certification only (i.e., not as a gateway provider or as a combined gateway and voice service provider) and has fully implemented STIR/SHAKEN, it should certify to partial STIR/SHAKEN implementation so that it may upload a robocall mitigation program description and explain any such foreign legal constraints. The provider should note in its robocall mitigation program description that it has fully implemented STIR/SHAKEN but has certified to partial STIR/SHAKEN so that it may upload a program description explaining any foreign legal constraints regarding its certification.
By Eric Troutman, Jan 19, 2023
The Florida mini-TCPA continues to take its toll on corporate America.
The latest victim is one of my favorite restaurants–Chipotle!
The fresh Mex restaurant famous for upcharging for creamy guacamole–totally getting this for lunch–is fazing a robotext lawsuit arising under the Florida Telephone Solicitation Act. And, in a twist, the suit is brought in California.
In the new class action suit, a lady by the name of Sandra Diaz claims she was minding her own business last Halloween when she was tricked (not treated) by the following message:
Happy Boorito! Visit any U.S. Chipotle in costume & get a $6
entrée after 3pm. Rewards member exclusive. Info:
chipotle.com/rewards&utm_source=Vibes&utm_medium=SMS&
utm_campaign=10312022_Boorito.Txt HELP4help STOP2quit
Now, I will grant you that this is a bad pun but according to Plaintiff this text “invaded Plaintiff’s privacy and intruded upon Plaintiff’s seclusion upon receipt.”
Riiight…
Anyhoo, Plaintiff sues Chipotle–again, in California despite the fact that Plaintiff is a Florida resident suing under a Florida law–seeking to represent:
All persons in Florida who, at any time since July 1, 2021, received
a telephonic sales call made by or on behalf of Defendant using the
same type of equipment used to make telephonic sales calls to
Plaintiff.
And you will notice this class definition is not limited to individuals–like Plaintiff–who claim not to have consented to the texts. Every single person that ever signed up to receive alerts from Chipotle is in this class. So, yeah, it should definitely be stricken as overly broad.
In another interesting note, the case has been assigned to the Hon. David O. Carter. Judge Carter is an absolutely famous federal judge here in Southern California who is known to be tough as nails on both sides. I love litigating in front of the guy–tons of respect for how he runs his courtroom–but that is not universally true amongst litigators. So will be interesting to see where this thing goes.
More broadly, the suit demonstrates that FTSA claims continue to be EXTREMELY dangerous and impact folks from coast to coast. Unlike the federal TCPA–which has a narrow ATDS definition and largely does not apply to text messages–the state of Florida’s autodialer definition is exceptionally broad. And while text messages are a relatively safe channel of communication under federal law, the use of promtional text messages–such as text club engagements–are driving a huge number of claims brought under the Florida mini-TCPA. this is just the latest example.
And remember–just because you are not located in Florida does not make you immune to suit. These plaintiff’s lawyers are happy to sue you in your own home court for texts sent across the nation–just ask Chipotle!
You can read the complaint here: Chipotle FTSA Suit
Blog by Eric Troutman
All right so I get a ton of questions about text messages all the time. Texts are a GREAT engagement tool. And consumers LOVE receiving texts they want from businesses the yare working with–very convenient and super easy to respond to.
But TONS of risk here. Especially where texts are sent without consent.
Let me try to break this down for everyone real quick.
First, text messages are “calls” under most–although perhaps not all–provisions of the federal TCPA. To be sure, a text is a “call” for purposes of 227(b) and 227(c)’s DNC rules. That means you have to have the proper level of consent to send a text to a cell phone if you are using regulated technology or contacting a number on the national DNC list.
Text messages are NOT prerecorded calls under the TCPA (according to recent court decisions.) So a text is only subject to the federal TCPA’s regulated technology provisions (227(b)) if you are using an ATDS. An ATDS is a system that stores or produces telephone numbers using a random or sequential number generator. What an ATDS is, or isn’t, is tricky. And courts are still splitting on what it means-although the current majority rule is that text platforms that do NOT randomly generate phone numbers are not subject to the federal TCPA’s ATDS definition. (But careful because that is not universally recognized.)
If a text is sent for any purpose using an ATDS express consent is required. Marketing texts sent using an ATDS require express WRITTEN consent, including the full Troutman Nine. Informational or transactional texts also require regular express consent (not in writing)–but this is presumed any time a consumer provides a phone number to the caller for a purpose “closely related” to the purpose of the text.
If a text is sent for MARKETING purposes then federal DNC concerns are also triggered. This is true REGARDLESS of whether an ATDS was used. In that case a caller must either have an existing business relationship with the consumer (90 days of an inquiry of 18 months of a transaction) or possess express written consent for a text message. This rule only applies to texts to residential cell phones–but please be cautious because recent court rulings have found even business cell phones can be used for residential purposes. And the burden is ON THE CALLER to prove residential usage, at least in the Ninth Circuit.
A violation of these rules carries a penalty of $500.00 per call, up to $1,500.00 per call. Private suit and class action enforcement is permitted.
These rules are at the federal level. The states have their own separate rules.
For instance in Florida and Oklahoma the definition of autodialer is MUCH MUCH broader than the federal TCPA. Essentially any automated text–and even so-called p2p texts–will trigger the statute. Moreover the scope of the Florida Telephone Solicitation Act (FTSA) is extremely vague. So although it appears to only apply to marketing calls to consumers it is very unclear exactly where the line is. So be careful. And a private right of action exists permitting suit for the same $500.00-$1,500.00 per text if these rules are violated. Plus the FTSA limits the number of attempts (texts and calls) that can be made in a 24 hour period–and cuts off communication at 8 pm in the local time zone of the call recipient.)
Sophisticated dialers using “human selection” technology now exist to allow callers to operate in states like Florida and Oklahoma but, in other states–like California–it can be illegal to send telemarketing text message without consent PERIOD, i.e. even truly manual texts can trigger the law. So watch out!
Lots of other rules here. This is just a high level overview. Not intended to be comprehensive. So please please please seek counsel–me or somebody else knowledgeable in this space–if you have question.
Happy texting!
Posted on February 6, 2023 4:29pm by Phil Britt
Robocalls went up only modestly in January, with Americans receiving an estimated 5.5 billion of the automated calls during the month, compared to 5.3 billion in December, according to a new Robokiller Insights report.
That means the rate of robocall growth has declined, researchers said.
Robokiller also said it has seen a drop in some of the most malicious robocall categories: calls involving car warranties (down 35% from December), student loans (down 33% from December), and now home mortgages (down 54% in January, following a recent FCC crackdown).
The decline in these well-known robocalls is partly on account of FCC actions to curb them, Robokiller said, though those scammers continue to benefit despite those actions. The Federal Trade Commission estimates average robocall losses to be $1,200.
A robocall report from YouMail released just last week saw the situation a bit differently, arguing that FCC anti-robocall activities had barely made a dent in the number of robocalls.
YouMail also reported lower overall robocall numbers than Robokiller did. According to YouMail, consumers in the U.S. received a bit more than 4.5 billion robocalls in January, which is about midway between the 4.2 billion and 4.7 billion calls per month that consumers have been getting since last August. It was about 200 million more than in December.
Robokiller looked at robotexts as well as robocalls. According to the researchers, Americans received 14 billion robotexts during the month, down far from the 47 billion and 55 billion they received in November and December, respectively.
Robokiller warned in its press release that employment and tax season scams may become threats soon. With job offers enticing in the wake of layoff announcements and the annual rise in scams purporting to be from the IRS, consumers should be particularly cautious about any such communications.
FEBRUARY 8, 2023
A recent news story describes a widespread robocall scam in which the caller impersonates Medicare services. Would Do-Not-Originate lists help? Why aren’t they being used? This article discusses the issues.
Many scam robocalls spoof Medicare caller ID, 1-800-MEDICARE (1-800-633-4227). Fraudsters do this to trick the called person into giving their personal information, which the fraudster uses for identity theft. Many of these illegal robocalls originate overseas.
From December 19, 2022, gateway providers are required to block any calls purporting to originate from a number on a reasonable Do-Not-Originate (DNO) list. (The gateway blocking requirement also extends to invalid, unallocated, and unused numbers.)
So, why aren’t these robocalls with a spoofed calling number being blocked by gateway providers? Because the Medicare number is used for both inbound and outbound calls. Therefore, the U.S. Centers for Medicare and Medicaid Services has not provided this number to services that maintain DNO lists.
Since the 1-800-MEDICARE vanity number is easy to remember, it would make sense to dedicate it to inbound calls only and put it on DNO lists. Medicare services could use other numbers for outbound calls. This wouldn’t prevent fraudsters from spoofing Medicare numbers, but it would make it more difficult. Why make it so easy?
Enterprise callers should consider how they use their telephone numbers:
Gateway providers should be checking that they comply with requirements to check for foreign-originated calls with calling numbers that are DNO, invalid, unallocated, or unused.
Hat tip to Madison Hall, who covered the Medicare number spoofing story for Business Insider.
Thursday, February 9, 2023 - National Law Review
Well the “Deter Obnoxious, Nefarious, and Outrageous Telephone Calls Act” –or the ‘‘DO NOT Call Act of 2023’’–is back in the House.
We’ve seen this bill before, of course.
But this time it feels a bit different. I’m hearing preliminarily that there might be a smidge more room for this one to breathe, and it comes early in the session.
Still too soon to know for sure if this one has legs, but R.E.A.C.H. will be weighing in on it shortly. Of course we’re busy already with this big CMS thing…
You can read the full version of the new bill here.
Also here is the grandstanding press release of the bill’s primary sponsor:
Today, Congressman David Kustoff (TN-08) and Congresswoman Deborah Ross (NC-02) reintroduced the bipartisan, Deter Obnoxious, Nefarious, and Outrageous Telephone Calls (DO NOT Call) Act in the House of Representatives. This legislation would help deter robocalls by creating stricter penalties for companies and individuals who engage in the intentional harassment of consumers.
In 2022, Americans received more than 50 billion robocalls and lost an estimated $40 billion to telephone scams and fraud schemes; a $10 billion increase from 2021. Despite efforts by Congress and industry to combat illegal robocalls, there is little evidence that they are slowing down.
“West Tennesseans, and all Americans, can agree that robocalls are a nuisance that take away from our everyday lives,” said Congressman Kustoff. “I introduced the DO NOT Call Act with Congresswoman Ross to give our judicial system more authority to protect Americans from receiving these calls, and from being scammed and defrauded as a result. I urge my colleagues in the House of Representatives to support this crucial legislation and provide Americans much needed relief from harassing robocalls and scams.”
“Everybody hates robocalls. While there are certain limited situations where they make sense, by and large they are a way of letting someone waste our time without wasting their time. I appreciate the efforts of Congressman Kustoff to stop this relentless annoyance and look forward to using the tools he is providing to protect Tennesseans from obnoxious interruptions,” said Tennessee Attorney General Jonathan Skrmetti.
“The troubling rise in robocalls isn’t just annoying – it poses a serious threat to consumers, especially older Americans,” said Congresswoman Ross. “Malicious actors and companies are targeting vulnerable Americans with aggressive, manipulative tactics to extract sensitive personal information and defraud and scam victims. There is an urgent need for Congressional action to protect consumers, deter predatory robocalls, and hold individuals and companies accountable. I am grateful for Congressman Kustoff’s partnership on this issue and look forward to advancing this important legislation.”
“Robocallers are at best annoying and at worst a way for criminals to steal people’s hard-earned money. The scammers who make these calls need to be held responsible, which is exactly what Rep. Ross is prioritizing with her work to pass the DO NOT Call Act and impose harsher penalties for robocallers and scammers. I look forward to continuing to partner with Rep. Ross to fight to end robocalls and protect North Carolinians,” said North Carolina Attorney General Josh Stein.
My two cents: The say that doing the same thing over and over again is the definition of insanity. The TCPA already has insane penalties. Yet robocalls continue. Because the TCPA does not work.
So rather than do something that would, Congress just wants to keep heaping nonsense on top of the TCPA rather than actually get to the solution.
by Attny Eric Troutman
So just last month the covered the story of Phone Burner being absolutely destroyed by a recent FCC order directing carriers to stop carrying its traffic. It be came the most read story EVER on TCPAWorld.com.
This one might be even bigger.
Before I get to the punchline, bear with me for a second.
Ringless voicemal.
I have been saying for many years that these things are covered by the TCPA. The Courts have said it. The FCC has said it.
But the ringless voicemail providers, by and large, refused to get the message. As recently as late last year I still have people coming to me telling me that this platform or that service was telling them that the TCPA does not apply to ringless voicemail. And I have personally heard sales pitches within the last couple of years where a ringless voicemail provider told potential customers the TCPA does not apply to the technology.
Lies, lies and more lies. And I hate lies.
The argument for RVM not being covered by the TCPA is a dreadful one. Some lawyer–NOT ME– long ago prepared a white paper suggesting that because voicemail is a title III information service and not a title II communication service that, somehow, that means the direct drop process to leave a voicemail also wasn’t a communication. Its nuts. Totally irrational. And beyond that, it was just dumb.
There was a better rationale for the argument–that the messages traversed business class landlines and not cellular networks–but that argument, too, has been rejected in recent years.
Anyhoo, RVM are definitely covered by the TCPA and that is a fact that has been known for many years. But that did not stop one major RVM provider from–allegedly–allowing its users to blast folks without consent.
And here is where we get to the big news: On Friday the Department of Justice filed a massive complaint–on referral from the FTC–against a debt relief company that was allegedly violating the TSR by sending RVMs without consent and failing to include content required by the TSR in the message.
Please notice that the complaint was NOT just filed against the debt relief company. It was filed against Stratics Networks–the wholesale carrier that permitted the traffic and also, apparently, supplied the RVM platform that was used to send the messages. But the complaint was also filed against the intermediary VOIP service provider, Netlatitude, Inc.–and its president Kurt S. Hannigan personally (!), that provided access to the debt relief company through Stratics (or perhaps vice versa.)
The actual wrongdoers were apparently a debt relief company called Tek Ventures, LLC, doing business as Provident Solutions and a marketing company hired by Provident–Atlas Marketing Partners, Inc.
A bunch of other players, including INDIVIDUALS are also named as the FTC and DOJ really came to play with a sledgehammer here.
Each of these companies (and people) are alleged to have done something a bit different wrong. And its worth seeing how the government is going after each member of the alleged illegal robocall ring.
Of most interest to me–and I suspect most of you–is the case against Stratics. Like Phone Burner, Stratics is a very well known platform out there. Big footprint. And it is perceived to be a fairly compliant player.
Out of the gate, some of the allegations of the Complaint seek to impose a MUCH broader set of requirements on a carrier than have ever been seen before. For instance, the DOJ complains:
But, so what?
A carrier owes no duty to at law to review the content of messages sent over its network. Gees, it would be a huge violation of privacy if it did. And sure an RVM platform may have access to the voicemails that were uploaded but since when is it required to review those and provide compliance advice? That’s just plain nuts.
Further, the fact that Stratics required consent for users of its platform is plenty. Folks use AUPs and disclosures to assure their platforms are not being misused. Since when does the law require them to actually possess consent–or “require” and “ensure” compliance– before allowing someone to use their network? Since never. And its just nuts for the FTC and DOJ to suggest otherwise.
Outside of really extreme cases, a carrier is still just a carrier. And a platform is still just a platform. Sure there can be times when these companies are so involved with messages–or know (we’ll get to that) of abuses–such that they are responsible as if they had sent them. But in the ordinary course these folks have NO DUTY to ensure…. anything.
So I’m a bit perturbed by the insinuation that these allegations, alone, make Stratics blameworthy. They speak to duties that do not exist in the law. If the DOJ and FTC doesn’t like the current state of the law they should take it up with Congress (or, in the case of the FTC, start an NPRM process, hint hint.)
But other allegations are more damaging–particularly those related to the knowledge Stratics had about the use of its platform. And, here again, we see the ITG playing a big role.
Per the Complaint, “Stratics Networks received numerous Traceback Requests from
USTelecom’s ITG alerting it to suspected illegal robocall traffic delivered via Stratics
Networks’ RVM platform service and seeking its assistance in identifying the source(s)
(i.e., upstream carrier or originating end-user) of these “likely illegal” robocalls,
including over 30 such requests between August 2019 and February 2021.”
Now 30 requests may seem like a lot, but you have to keep in mind how active the ITG is. They’re firing off a ton of “tickets” every single day. So I’m not convinced that 30 tickets over a year and a half is really that big of a deal. Plus, these tickets are directed at the content of user messages traversing the Stratics network–it does not mean that any of these were actually Stratics customers. (BTW, the DOJ was kind enough to name a bunch of the ticket sources: “Atlas Marketing, Telecord, Telesero, Health Innovations,
National Homebuyers, Elite Processing, Deltracon, Technest Limited, Shamoon Ahmad,
Progressive Promoting, Nitzke Enterprize, Care Advocacy Solutions, and PubClub.” Hope your name isn’t in there!)
So, again, I don’t love the government’s case so far. But it does get stronger. For instance:
Ok, now the government is getting closer. The case law is reasonably clear that where a carrier or platform knows of illegal traffic on its network it does need to take some action to prevent it. If Stratics allowed customers who were committing violations to open new accounts or run new campaigns that could be a problem, unless it did extra heightened diligence to assure compliance.
But now, the big allegations:
Ok so Stratics allowed 23 million voicemails by Atlas after telling the ITG it would suspend its traffic. Now that could be a problem. Especially if those 23MM voicemails violated the TSR and TCPA (although that fact is, perhaps tellingly, left out of the complaint.)
Notice the timing here also. ITG tickets went out in April, 2020. A CID followed in October, 2020. And then the complaint was filed in February, 2023 two and a half years later.
So all of you carriers and platforms that have received ITG tickets followed by CIDs, keep this in mind. Even if a year or more has passed, the FTC might still be working the case.
So what did Netlatitude do wrong? Well this appears to be a volume play. Specifically the FTC is concerned that Netlatitude allowed Atlas to send “136,000 robocalls” using Stratics
Networks’ SIP termination service on just two days in September 2020.
Again, I kind of want to shrug at that. While high volume traffic can be a red flag, there is ZERO requirement a carrier decline to carry traffic merely because there might be a lot of it.
Netlatitude also apparently received several ITG tickets but it is not clear that they had anything to do with Atlas. So I am very fuzzy as to why Netlatitude is in the case–except that Stratics apparently pointed the finger at Netlatitude and its President.
As to the debt relief companies, the claims here are wide and varied. First, there is a claim of straight consumer deception. They allegedly promised consumers they’d be out of debt in two years and that monthly payments would be used in a way that turned out not to be true. Ok. Makes sense.
Next they allegedly sent voicemails that did not identify the sender and sent calls to numbers on the DNC list without consent. Again, pretty straightforward.
They also allegedly received a fee prior to providing debt relief, which is also not permitted. So… if true, open and shut case. I think.
In the end the government is asking for a bunch of stuff. Most damaging for Stratics is the injunctive relief provision:
A. Enter a permanent injunction to prevent future violations of the TSR and the FTC Act by Defendants;
B. Award monetary and other relief within the Court’s power to grant;
C. Award Plaintiff monetary civil penalties for every violation of the Telemarketing Sales Rule; and
D. Award Plaintiff such other and additional relief the Court may determine to
be just and proper
Lots of big take aways here. We already knew that carriers and platforms can’t turn a blind eye to bad traffic on their networks, but in this case the government seeks to go much further and impose duties on these companies to “require” and “ensure” only lawful traffic traverses their networks. That is just craziness and I think a lot of carriers will fold up shop if they suddenly become strictly liable for misconduct on their networks. Indeed, just 8 years ago carriers were completely beyond liability for traffic on their network and now they are to be treated as always liable for it? That is unfair and absurd.
Obviously those of you in the debt relief game need to pay careful attention here as well. NO cheating allowed. If you make a representation it has to be true. And don’t charge that fee up front–can get you into trouble.
Notice also that NONE of these claims are brought under the TCPA. But some could have been. The TCPA also prevents the use of RVMs to to cell phones without the proper level of consent. And the TCPA bans solicitations to residential numbers on the DNC list. I presume the DOJ didn’t want to tangle with any additional issues here–or perhaps the FTC did not want to tread on the FCC’s toes by moving into TCPA issues. Unclear to me.
But what IS clear to me is that this complaint is a huge deal and should really have every carrier and platform out there asking itself what the future may hold…
Read the complaint here: Complaint Against Stratics, et al.
Feb 15, 2023 —
The FCC’s Enforcement Bureau today sought to cut off scam robocalls facilitated by One Eye LLC, whose robocall practices have previously been a target of the Bureau. The Bureau called on voice service providers to no longer accept traffic from One Eye and demanded that the company cease and desist their support for illegal robocalls.
FCC Leadership:
Chairwoman Jessica Rosenworcel: “Illegal robocallers cannot hide. So we’re cutting them off at the source. We have an all hands-on-deck approach to combatting this problem with teams across the agency and partnerships in states across the country.”
Enforcement Bureau:
Chief Loyaan Egal: “Our investigators are not fooled by rebranding and figurehead ownership tricks. We are not going to allow serial robocallers to simply start up ‘new’ companies to continue scamming American consumers. Repeat offenders will face stiffer penalties.”
How We Got Here
FCC investigators have found that One Eye LLC transmitted multiple illegal robocall campaigns. These calls pertained to bank impersonation including claims of “preauthorized orders” placed on the recipient’s “account”. During autumn of 2022, the Traceback Consortium investigated prerecorded voice message calls that Bank of America and customers of Verizon had flagged as illegal robocalls made without consent. The consortium conducted tracebacks and determined that One Eye acted as the gateway provider for the calls.
One Eye is a successor entity to PZ/Illum Telecommunication, which received an Enforcement Bureau cease-and-desist letter on October 21, 2021. One Eye’s owner, Prince Anand, explained that he shut down PZ/Illum Telecommunication due to the FCC’s letter but that he then launched One Eye LLC to originate calls, leaving his name off the paperwork while remaining the only owner. Today’s FCC letter targets this “new” company with heightened enforcement powers including the use of the “K4 Notice” to encourage other providers to refraining from carrying this traffic.
The Bigger Picture:
Chairwoman Rosenworcel established the FCC’s Robocall Response Team to serve as an FCC staff working group to combat the unyielding menace of illegal spoofed, scam, robocalls. The team pulls together expertise from across the agency to leverage the talents of enforcers, attorneys, policy makers, engineers, economists, and outreach experts.
Getting Results:
· Blocking active robocall scam campaigns by issuing first-of-their-kind actions resulting, in the case of a massive auto warranty robocall scam campaign, in a 99% drop in the volume of such calls;
· Numerous record-breaking spoofing and robocall fines;
· Closing gateways used by international robocallers to reach Americans’ phones;
· Widespread implementation of STIR/SHAKEN caller ID authentication standards to help traceback illegal calls and improve blocking tools to protect consumers;
· Cutting voice service providers off from other networks for failing to meet the FCC’s requirements for protecting consumers against scam robocalls and malicious spoofing;
· Signing robocall investigation partnerships with 43 states plus the District of Columbia and Guam as well as international partnerships with Australia, Canada, Brazil, Romania, and the European Union;
· Launching a proceeding proposing to combat the rising threat of bogus robotexts.
WASHINGTON, Feb 22, 2023—FCC Chairwoman Jessica Rosenworcel today proposed new rules to protect consumers from text messaging scams. The new rules, if adopted by a vote of the full Commission at its March Open Meeting, would require mobile service providers to block certain robotext messages that are highly likely to be illegal.
“Missing packages that don’t exist; confirmation of payments that didn’t happen; links to shady websites; and truncated ‘wrong number’ messages from strangers. These scam robotexts are a part of everyday life for too many of us,” said Chairwoman Rosenworcel. “I’m asking my colleagues to join me in adopting the first FCC rules to focus on shutting down scam texts. But we’re not stopping here. Because we are going to keep at it and develop more ways to take on this growing consumer threat.”
If adopted, the new rules would require blocking of text messages that purport to be from numbers on a Do-Not-Originate list. That means providers will block texts that purport to be from numbers for which the actual subscriber has said it does not send legitimate text messages, including government agencies and other well-known entities. It also includes blocking of texts carrying invalid, unallocated, or unused numbers. These texts are highly likely to be illegal and no consumer would want to receive them. A second rule would require each mobile wireless provider to make public a single point of contact for text senders.
The item proposes to require providers to block texts from upstream providers that are known to be transmitting illegal robotexts, once notified by the FCC. The proposals would also extend Do-Not-Call Registry protections (prohibiting marketing texts to registered numbers) to text messaging and close the lead generator loophole, which allows companies to use a single consumer consent to deliver robocalls and text messages from multiple – perhaps thousands – of marketers on subjects that may not be what the consumer had in mind.
Finally, the item would continue to take public comment on text authentication measures and other proposals to continue to fight illegal scam robotexts. The proposed Report and Order and Further Notice of Proposed Rulemaking will be on the agenda of the Commission’s next monthly meeting, on March 16, 2023. The text of the proposal will be available with the tentative agenda notice released tomorrow and available on the meeting’s webpage: https://www.fcc.gov/march-2023-open-commission-meeting.
Enhancing Protections Against Illegal Robocalls – The Commission will consider a Report and Order and Further Notice of Proposed Rulemaking that would close a critical gap in the STIR/SHAKEN caller ID authentication regime, expand robocall mitigation requirements for all providers, adopt more robust enforcement tools, and seek comment on additional steps to further enhance the effectiveness of the STIR/SHAKEN framework. (WC Docket No. 17-97).
Protecting Consumers with Robotext Blocking – The Commission will consider a Report and Order which would require that providers block texts purporting to be from numbers on a reasonable Do-Not-Originate list; and make available a single point of contact for text message blocking complaints. The Commission will also consider a Further Notice of Proposed Rulemaking which would propose to require further blocking of illegal robotexts; expand Do-Not-Call protections to robotexts; and protect consumers from getting robotexts and robocalls from multiple, unexpected callers when they provide their consent on websites for comparison shopping. (CG Docket Nos. 21-402, 02-278)
by Eric Troutman - Feb 24, 2023
Going to be a bunch of long faces at LeadsCon this year. And a bunch of the Czar–who will be speaking with the FCC on stage there–telling everybody I told you so.
But that’s how it has to be.
But its also not too late to save the industry.
Stay with me.
Today the FCC issued a notice of proposed rulemaking that will absolutely upend the lead generation industry–and will cause a million other interesting (unforeseeable) consequences. You can read the entire thing here: FCC’s Latest World-Change Thing
Two pieces to this.
First, the FCC issued a Report and Order requiring carriers to block text messages that appear to be fraudulent and establishing a single point of contact. We’ll have a further breakdown of this issue shortly.
The big news, however, is a new Notice of Proposed Rulemaking. And it is an absolute killer for the lead generation industry.
Let’s go through it.
First, carriers will be required to “investigate and potentially block texts from a sender after they are on notice from the Commission that the sender is transmitting suspected illegal texts…” HUGE ramifications here. Will impact a ton of carriers and makes it really tough to run a business. Really big deal.
Second, since the FCC proposes to extend DNC protections to text messages. That is interesting since Plaintiff’s lawyers have been suing for text messages under the DNC provisions for years. “Although the Commission has stated that “text messages” are “calls” for TCPA purposes, it has never stated that text messages are subject to
DNC protections.” !!!!! So maybe these cases should all be dismissed?
In any event the Commission now proposes to formally extend the protections of the DNC to text messages. And the impact of this proposal on current text message DNC cases is fascinating.
Third, the real show stopper:
“We propose to ban the practice of obtaining a single consumer consent as grounds for delivering calls and text messages from multiple marketers on subjects beyond the scope of the original consent.”
*Insert dramatic chord here*
And let me put a finer point on it:
We also seek comment on Public Knowledge’s request that prior express consent to receive calls or texts must be made directly to one entity at a time.
Oh My God.
Actually I’m just feigning shock. Told you this was coming. Over and over again I told you this was coming.
And here it is.
But first, let me catch up those of you who have no idea why this matters.
In the lead gen world a consumer visits a website–say Lending Tree–and provides their contact information, inviting lenders to call and “compete” with various offers. These consumers are supposed to provide their express written consent on these forms. Then their information (a “lead”) is provided to a seller of the good or service the consumer wants, resulting in phone calls.
There are a number of problems with lead generation–sometimes consumers aren’t transparently told what is going to happen when they fill out the form and sometimes lead generators are just liars who make up interactions on the forms–which is why R.E.A.C.H., MBC was formed to set CRITICAL standards for lead sellers and keep lead buyers–often good companies hoping to connect with interested consumers–safe from fraud.
There’s another problem too– professional plaintiffs (and their lawyers) exploit the abuses in the industry and fill out forms by the barrelful to set up TCPA lawsuits. These days it is REALLY hard to tell the difference between lead fraud and litigator fraud until you are deep into a case.
Caught in the middle are the innocent companies trying to sell their legitimate products to interested consumers. They want no part of fraudulent leads or fraudulent lawsuits. They’re just trying to help someone buy a home or get car insurance.
I’ve been trying to clear up this industry for a couple of years now, recognizing that there is REAL value to consumers when things are done right. But there is REAL detriment when things are done wrong. And this is an industry that has COMPLETELY failed to effectively self-regulate in my opinion–which is why I created a trade organization to REALLY DO THE JOB.
Only the FCC is trying to beat me to it, and in a typically-clumsy governmental sort of way (no disrespect to the Commission–I love them and I know what they’re trying to do but industry CAN and MUST do better.)
Late last year I told EVERYBODY to pay attention to the Public Knowledge comment on the Assurance IQ petition. As I explained, PK was asking the FCC to shut down the lead generation industry by limiting the sale of consents obtained online. Really really big deal.
By Lisa Bannon – Wall Street Journal - Feb. 18, 2023
CHATTANOOGA, Tenn.—Johnathan Bragg has always looked at his job selling home-repair insurance the same way an artist looks at a canvas.
“I got this road map in my head of what it looks like when you’re delivering world-class customer service—what triggers people, what makes people trust you,” Mr. Bragg said. “It’s like when da Vinci was painting.”
Mr. Bragg is one of the top-performing sales agents for HomeServe USA Corp., a home-repair service company that sells plumbing, heating, cooling and electrical repair plans to about five million customers in North America. For 11 of the past 12 months, working from a cavernous call center on the outskirts of town, he has been in the top 10% of its 432 agents, he said, for the simple fact that he listens to what people want.
“I don’t just say stuff and read scripts,” said Mr. Bragg. “I listen to everybody, whoever you are, and I retain what it is that makes that person interested. I can get just about anybody to buy anything.”
Recently, with business growing, HomeServe hired a new agent to assist Mr. Bragg and his co-workers. Named Charlie, she’s an artificial intelligence-powered virtual agent that HomeServe built using a conversational AI platform from Google and other technologies. She answers 11,400 calls a day, routes them to the appropriate departments, processes claims and schedules repair appointments. She whispers in agents’ ears whether a customer is eligible for certain coverage plans and types on agents’ screens why the customer is calling.
“I tell agents to think of Charlie as a personal assistant,” said Jessica Cloud, vice president of automation and innovation.
Charlie isn’t universally liked inside the Chattanooga call center. She can be controlling, including requiring agents to say specific words when they talk to customers, and penalizing them if they don’t. She sometimes routes callers to the wrong department. “We’re taking up a collection to get Charlie a hearing aid,” said Mr. Bragg’s colleague Robert Caldwell, another top-selling agent, sitting in a cubicle nearby.
Sometimes she suggests unwelcome ideas for what agents should say next. Charlie recently told Mr. Bragg a caller wanted to enroll in a repair plan. She didn’t understand that the man’s water pipe had burst, that he was waiting for a repair and that he was livid. When Mr. Bragg picked up the call and repeated what Charlie told him to say—“I see you’re trying to enroll”—the man exploded in rage.
From management, Charlie is getting rave reviews for her efficiency and is about to get a promotion. Soon, she’ll start telling agents specifically what they should say and do next. She’ll also start grading the humans on their performance.
“She’s supposed to make the job easier, not just make us do what she said,” said Mr. Bragg. He worries Charlie makes too many mistakes. “I’m a top performer. She’s not my supervisor.”
‘A massive restructuring’
A new generation of artificial intelligence is rolling out across American workplaces and it is prompting a power struggle between humans and machines.
Recent advances in technologies such as ChatGPT, natural-language processing and biometrics, along with the availability of huge amounts of data to train algorithms, has accelerated efforts to automate some jobs entirely, from pilots and welders to cashiers and food servers. McKinsey & Co. estimates that 25% of work activities in the U.S. across all occupations could be automated by 2030.
Today, however, AI’s biggest impact comes from changing the jobs rather than replacing them. “I don’t see a job apocalypse being imminent. I do see a massive restructuring and reorganization—and job quality is an issue,” said Erik Brynjolfsson, director of the Stanford Digital Economy Lab. McKinsey estimates 60% of the 800 occupations listed by the Bureau of Labor Statistics could see a third of their activities automated over the coming decades.
For workers, the technology promises to eliminate the drudgery of dull, repetitive tasks such as data processing and password resets, while synthesizing huge amounts of information that can be accessed instantly.
But when AI handles the simple stuff, say labor experts, academics and workers, humans are often left with more complex, intense workloads. When algorithms like Charlie’s assume more human decision-making, workers with advanced skills and years of experience can find their roles diminished. And when AI is used to score human behaviors and emotions, employees say the technology isn’t reliable and is vulnerable to bias.
One of the most fertile testing grounds is the call center, or as labor experts call it, the “factory of the information economy,” and HomeServe is among the early adopters. Across the industry, workers are measured on dozens of tasks from “average handle time” to “first call resolution” and worker burnout rates are high. In a 2022 survey, 65% of call-center agents anticipated leaving their jobs in the following two years, according to market research firm Customer Management Practice, which polled 1,000 workers between April and June last year.
Proponents say AI promises to fix much of this by handling monotonous tasks and the stress of decision making. In recent years, companies have begun using machine-learning models to scan and analyze conversations between agents and customers. Conversation analytics quickly identify the words and sentiments customers are expressing to find patterns. The technology can detect how each agent is performing and recommends what the human should say and do next.
New AI technology “helps to take decision-making responsibility away from the agent, so they can act,” said Brittany Bell, customer-success manager at Cresta, a conversation-analytics startup with customers including American Express Co., Cox Communications, Inc. and Signet Jewelers Ltd.’s Blue Nile, during a recent presentation.
When humans turn over decision making to a machine, they no longer use their own knowledge and experience—just ask taxi drivers whose street knowledge has been superseded by Google Maps. In her research about call-center automation, Virginia Doellgast, professor of comparative employment relations at Cornell University, has found that humans who are tightly monitored by an algorithm, forced to follow a script or have little control over how they work are more likely to get burned out and find it harder to solve customer problems.
Adds Julian McCarty, the CEO of conversation-analytics company MosaicVoice: “There’s a balance between empowering an agent and telling them what to say.”
Companies including Comcast Corp., Charter Communications Inc.’s Spectrum and Cox Communications are even further along than HomeServe. They are using conversational AI to detect and measure more subjective human emotions and behavior through a technique called sentiment analysis, a tool that decides if conversations are positive, negative or neutral. Some models evaluate words and context to score conversations, and others include voice pitch, tone and cadence. Comcast analyzes most conversations between customers and agents and scores employees on behaviors such as being “warm and friendly,” and “make it effortless.”
In interviews across a range of companies, call-center agents say they value AI’s ability to access information quickly to help them make decisions. Many object if they are forced to use AI-generated recommendations or say scripted words against their own judgment. Several said they are uncomfortable relying on automated performance reviews using technology that uses subjective measures like sentiment.
“It’s very hard for a robot with no emotions to truly judge how a call is going,” said Lise Hildebrand Stern, who left her job at Spectrum last year after nine months because of the impersonal nature of the AI performance scoring and the stress she said it caused. “My metrics suffered because this system was unable to judge me based on my attitude, unlike a human being would be able to do.”
‘Hi, I’m Charlie’
When HomeServe decided to introduce Charlie, company executives wanted to make sure employees viewed her as a partner.
“I think when people start thinking about artificial intelligence, a lot of folks say, ‘I’m going to be out of a job.’ It was important for our center to know this is not to replace their job, but to augment their job,” said Ms. Cloud, the HomeServe vice president.
To humanize Charlie, the creative team developed an avatar that felt representative of their employees. She’s a 42-year-old biracial brunette from Ohio who likes jazz and has two children. (They chose a Midwestern background because she has no accent, and jazz because someone might listen to it in their neighborhood, Ms. Cloud said.) Management asked agents to suggest gender-neutral names for the robot. Charlie won out over Devon, MacKenzie and Jesse. Sarah—an acronym for “self-assisted robotic agent for HomeServe”—was rejected as too impersonal.
Charlie started out with simple tasks such as greeting callers, saying, “Hi, I’m Charlie, your digital assistant,” and asking basic questions, such as, “Please tell me why you are calling today.” After learning to route callers to the proper department, she was able to reduce average call-handle times by 36 seconds, or more than 10%, Ms. Cloud said.
Charlie is a quick study. By late fall, she was trained to handle a water-leak claim (“Is this a major leak?”), while using empathy (“I’m sorry to hear about your leak”) and determine the urgency of the issue (“Are you able to shut off the water yourself?”) She then booked a contractor to come out for the repair. From start to finish, Charlie’s processing time took less than two minutes compared with a human, who averages eight. She now handles 15% of claims volume and is expected to handle 20% by next year. Chief Transformation Officer Kim Ratcliffe said she hopes Charlie can take over 40% of calls eventually.
“When Charlie gets involved, time resolution is faster for the customer,” said HomeServe USA Chief Executive Officer Tom Rusin. During a major December storm, she helped 10,000 customers, equivalent to 12% of the total affected, to book claims and schedule repairs without talking to an agent. At this rate, she will pay for herself within 18 months of purchase. “It’s taking out hundreds of thousands of minutes from our calls a year,” said Mr. Rusin. “And a minute’s expensive.”
There are growing pains as Charlie gets trained, Mr. Rusin said. “In the beginning, you have to relearn what your agents have been doing for years and teach it to the computer.” At the U.K. office of HomeServe, Hana, the British version of Charlie, routinely failed to route calls to the water line repair department until programmers realized she was mistaking the word “leak” for “lake” because of British accents. Once a data scientist spotted the mistake, the fix was easy. Mr. Rusin is confident Charlie’s early miscues will get worked out.
“It takes a lot of time at the beginning, then I think growth will come exponentially from there,” Mr. Rusin said.
Stress rises
John Maynard Keynes, the noted economist, predicted that technology would eliminate the monotonous nature of work, freeing up humans to toil less and enjoy life more. What companies didn’t anticipate was that the initial chitchat in a routine call can give workers a break and be a pleasant way for people to connect. Once it is gone, the work that remains is complex, intense and often stressful.
At HomeServe, the company has seen higher call volume. Its agents also are handling more complicated calls. “The agent gets the calls that Charlie can’t figure out,” said Catlin Duvall, manager of HomeServe’s repair department. “That’s a larger percentage of our calls. Now when you pick up the phone they have three problems instead of one. It’s better for the customer. It can be more stressful on agents.”
Ms. Hildebrand Stern, the agent who worked at Spectrum in its Appleton, Wis., call center, said the pressure to meet AI metrics added to the stress from irate callers who often cursed at her.
She had worked in customer service her whole adult life, as a hotel front desk manager and a cashier in retail and fast food, and thought call center work would be fulfilling. Although she enjoyed helping customers, she kept scoring low on the AI-generated sentiment scores. She has tinnitus and speaks with a monotone speech pattern, she said, and doesn’t always hear clearly if callers speak softly.
The AI marked her down for not using specific keywords, she said, although she never discovered what words she was supposed to say. She said her supervisor listened to the calls and told her, “it sounds like you’re doing a really good job.”
To try to relax, she’d go home at night and eat macaroni and cheese in front of the TV, watching three or four reruns of “Law & Order SVU.” “I would try to erase the whole day from my memory and come back the next day with a better attitude.”
As the months went by, angry customers kept calling and her automated sentiment scores kept falling, she said. Although the job paid $20 an hour and included a free cable package, she decided it wasn’t worth the cost. “I got to the point where I couldn’t erase it anymore.” Nine months into the job, she quit.
A spokesman for Spectrum’s parent company, Charter Communications, said the company uses sentiment analysis as one component of its performance reviews but that employees receive human input as well. He said the system doesn’t score pitch or tone for employees or customers. The analytics are a valuable resource for assessing how customers feel about the company and for scoring agent performance, he said.
Robot empathy
Sentiment analysis has become one of the buzziest and most-debated new areas of customer-service analytics. Nice Ltd., a software analytics firm with clients such as American Airlines Group Inc., Radisson Hospitality Inc., Morgan Stanley, Walt Disney Co., Comcast and Wonderful Co.’s Teleflora, is a pioneer.
The holy grail is determining customer intent, said Barak Eilam, a former Israeli military intelligence officer who took over as Nice CEO in 2014. Nice’s Enlighten sentiment analysis helps determine what customers want by analyzing “what is said and how it is said,” Mr. Eilam said. The technology uses words and the context in which they are used, as well as changes in pitch, tone and cadence, to analyze customer feelings, according to company marketing materials and Kevin Lee, vice president and global head of digital sales.
During a demo at the company’s offices in Hoboken, N.J., a desktop dashboard displays the progress of a re-enacted conversation between a hotel guest and a reservations agent.
Here’s a reconstruction of how that interaction unfolded:
CUSTOMER
They must be cooking in the room and making a bad odor. We can smell it down the hall.
AGENT
I’m in reservations, have you called the front desk?
AI gives agent advice based on historically successful conversations
CUSTOMER
AI
I went to the front desk. They were useless.
AI indicates
drop in customer
sentiment
Speak slower so customer can understand you
I don’t know who else to call but this situation is unbearable.
Inform customer that you can assist them
I can’t stay in the room. The smell is so bad.
Try to address the issue!
AGENT
Well I’m not sure what I can do to help, other than call housekeeping.
Seriously? Can you transfer me to someone in customer service?
Sentiment
drops more
Inform customer that you can assist them
Maybe I can help.
Take ownership and be empathetic
I’m happy to conference in the front desk to see what I can do.
Do what it takes to make customer happy!
I’m looking at your reservation right now and it’s my pleasure to tell you we have a mini suite available for your entire stay on the 18th floor.
Because you’re a loyal customer we can get you into the room right now.
AI
Great job acknowledging loyalty!
CUSTOMER
Sentiment
improves
Thank you very much.
The guidance is like collision detection in a car, Mr. Lee said, alerting both the agent and manager that a conversation is about to crash and offering recommendations for how to avoid that outcome.
Nice later said its technology no longer uses tone and pitch measurements, because they “fail to add meaningful value,” but wouldn’t explain further how its products had changed.
Telecom giant Comcast uses uses Nice Enlighten to detect customer sentiment and score agents’ performance on most of their conversations with customers. The company said detailed feedback on every call makes the scores much more accurate and precise.
Chasity Miller, a customer-experience agent for Comcast in Lebanon, Pa, for the past 7½ years, thinks her AI sentiment scores are more scientific and less prone to inconsistencies and human error because they are based on all her interactions, not just the one or two a week that were previously graded by a human manager.
“I score exceptionally high on it,” she said. The system rewards agents for certain word choices, such as “ambassador,” “superfast,” and “let me summarize everything we did today,” she said, which are easy for her to use. Her supervisor told her the system measures tone and pitch, she said. She speaks with enthusiastic fluctuations in her voice, she said, which the AI scores highly. “I can say, ‘you’re a piece of s—!’ But if I say it with an upward fluctuation at the end of the sentence, the AI likes it,” she said.
She said many of her colleagues at the call center are struggling with the scores if they speak with an accent or don’t use a lot of emotion in their voice. “I don’t think I’m a better performer,” she said. “But there’s a bias against a guy’s voice or accents. A lot of tenured agents aren’t saying the magic words.”
Three other Comcast agents scored by Enlighten said they worry the model has biases that favor some groups over others. A former Comcast agent with a Filipino accent who worked at the company for nine years said before AI scoring, she consistently scored “highly effective” and ranked in the top 100 agents for four consecutive years. That qualified her for preferential scheduling. Once the AI came in, she said her sentiment scores dropped below the required levels even though her supervisor said she was saying the right words. She quit in December and went to work at another call center without AI.
Agents say they aren’t generally able to challenge the AI scores even though their ability to be promoted and get raises depends on it.
A Comcast spokesman, Daniel Friedman, said performance scores are based on words and phrases used in call transcripts. He said pitch and tone were originally included but the company turned off that function because it didn’t make scores more accurate. He said the AI measures “warm and friendly” and other behaviors using factors like “intent of what the customer is saying,” whether the employee is “consistently being friendly throughout the call” and “building a personal connection.”
Mr. Friedman said agents are able to challenge the AI any time to supervisors or during frequent group meetings.
‘Next best action’
HomeServe has big plans for Charlie this year. The company will introduce real-time guidance for agents that will suggest what they should say or do next. “It will auto-populate the script so [an agent] doesn’t have to think so much about what to say to get the conversation started,” said Ms. Cloud.
Pop-ups on agents’ screens will suggest the “next best action,” she said. It might detect that a customer already has gas-line insurance and suggest the agent sell water-line coverage as well. Charlie will tell agents how to speak. “She might say, ‘Hey, there’s a long pause here or you’re talking too fast,’ ” Ms. Cloud said. She emphasized that it will be voluntary, not required, for agents to take Charlie’s advice. Also on the agenda: Charlie will start scoring the humans on their call performance.
The company acknowledges that Charlie has yet to win over a small percentage of agents and said it holds frequent agent forums to solicit feedback. The percentage of agents who use the data Charlie provides every day is now over 90%, a spokesman said, up from 70% in 2021. Meanwhile, customer satisfaction is up slightly since Charlie started and HomeServe plans to keep her busy.
“I don’t think anything is off limits because we have to enable our customers to transact in whatever means they’re most comfortable,” said Mr. Rusin, the CEO. “So my philosophy is—automate everything. The choice will ultimately reside with the consumer.”
Robert Caldwell spent 35 years in the restaurant industry and said he loves selling insurance plans for people’s homes. “I feel really and truly like you’re helping people,” he said. “Sometimes they don’t even know.”
A customer-service agent at HomeServe for five years, he’s routinely the top salesman in the department and likes to use his own personal experiences when talking to customers to win their trust. “If Charlie sells a plan, I’m going to sell four plans,” he said.
Dressed in a crisp red cotton shirt with a “HomeServe” label over the pocket, Mr. Caldwell donned his headset, hunched over his keyboard and clicked on his 26th call of the day. A woman from Cypress, Calif., wanted to change her billing method. While she waited for Mr. Caldwell to make the shift, she asked him whether she even needed insurance any more.
“I’m on a fixed income,” she said. “I’m an old lady. My house is old. Everything’s old. What’s the advantage of staying with you guys?”
Mr. Caldwell asked her how old the water and sewer lines were and determined they were at least 60. With pipes that old, she shouldn’t risk canceling the plan, he said, because “it’s not a question of if, but when the old lines will burst. That happened to me in 2013 and I had to pay $4,700.”
After he won her trust, she was an easy sell for an interior plumbing plan. But he hesitated. “I can’t in good conscience add $25 to a utility bill when she can’t afford it as is,” he said. “I can envision this woman in her 80s, choosing between paying for a prescription or paying for my HomeServe plan.”
A younger agent would have pitched her the additional plan, he said, and Charlie would have handled the billing change and probably missed her follow-up question completely. Sometimes the next best action is impossible to program with an algorithm. “This was one of those where it just didn’t feel right,” he said.
Write to Lisa Bannon at lisa.bannon@wsj.com
CommLaw Group, March 01,2023
The Federal Communications Commission (“FCC” or “Commission”) Thursday released a draft Report and Order and Notice of Proposed Rulemaking (“Order” and “NPRM”) that will impose drastic and stringent new robocall mitigation rules on all voice service providers (“VSPs”) operating in the U.S. When finalized, the new rules will apply to VSPs previously exempted from the Commission’s STIR/SHAKEN rules, as well as VSPs that are already STIR/SHAKEN compliant. The Commission further proposes to levy harsh penalties on non-compliant VSPs. The FCC also seeks comment on some proposed STIR/SHAKEN rules.
The draft Order and NPRM will be voted on during the Commission’s March 16, 2023 Open Meeting. While it is possible that minor changes may made to the draft before it is finalized, it will almost surely be approved without any watering down of the substantive provisions. We believe it is critical for all affected VSPs to get an early start learning about and understanding the new requirements to ensure preparedness to swiftly comply once the new rules become finalized and effective. We would NOT advise taking a “wait and see” approach because waiting too long can result in any number of materially adverse consequences, including having traffic blocked, economic exposure, and reputational damage.
This Client Advisory provides a high-level overview of the requirements set forth in the Order and summarizes the information the FCC is seeking through the NPRM. There are numerous details contained in the new rules that are beyond the scope of this Advisory that VSPs must know prior to implementing compliance measures. The attorneys on our firm’s Robocall Mitigation Response Team will be glad to provide guidance regarding all the nuances of the new rules.
Order
Intermediate Carrier Mandatory Authentication Requirements
Intermediate carriers (i.e., entities that carry or process traffic that traverses the Public Switched Telephone Network (“PSTN”) but do not originate or terminate the traffic) will be required to authenticate unauthenticated session initial protocol (“SIP”) calls they receive from originating VSPs. Intermediate carriers will no longer be able to comply with the STIR/SHAKEN rules simply by agreeing to rapidly respond to traceback requests. Intermediate VSPs are obligated to comply with, at a minimum, the version of the STIR/SHAKEN standards ATIS-1000074, ATIS-1000080, and ATIS-1000084 and all of the documents referenced therein in effect at the time of their respective compliance deadlines.
Restrictions on the Requirement
This new rule is subject to certain limitations. First, the FCC will require only the first intermediate provider in the path of a SIP call to authenticate unauthenticated caller ID information. Second, this requirement does not apply to gateway intermediate providers (i.e., carriers that are the first point of contact for foreign calls entering the U.S.). Third, the first intermediate provider in the call path may avoid the need to authenticate calls through contractual measures.
Deadline for Compliance
The compliance deadline for the new authentication requirements is December 31, 2023.
Mitigation and Robocall Mitigation Database Filing Obligations
The FCC require will require all VSPs—including intermediate providers, those without the facilities necessary to implement STIR/SHAKEN, and carriers that are already STIR/SHAKEN compliant to:
Robocall Mitigation Steps
The “reasonable steps” requirement is the same as the general mitigation standard that is currently applied to gateway providers and VSPs that have not fully implemented STIR/SHAKEN under the Commission’s rules.
Robocall Mitigation Certification
Each VSP obligated to submit a certification to the Robocall Mitigation Database must submit detailed information regarding the company, its policies and practices, its role in the “food chain,” and other specific information set forth in the proposed new rules. The certification must be signed by an officer of the company under penalty of perjury.
Robocall Mitigation Plans
All VSPs’ robocall mitigation plans must describe all “reasonable steps” taken by the company to comply with the regulations, including the specific steps a VSP is taking to mitigate illegal robocalls, “know your customer” procedures, and a description of any call analytics system used to identify and block illegal traffic, including whether a third-party vendor is used and the name of the vendor.
OCN Submission Requirements
Finally, the FCC requires that all VSPs submit their operating company code (“OCN”) in their certifications if they have one.
Deadline for Compliance
The compliance deadline for the new robocall mitigation requirements is either: (1) 30 days following publication in the Federal Register; or (2) any deadline set by the Wireline Competition Bureau through a Public Notice.
Downstream Providers’ Call Blocking Requirements
Under the new rules, downstream providers will be prohibited from accepting any traffic from a non-gateway intermediate provider not listed in the Robocall Mitigation Database.
Robocall Mitigation Enforcement
Economic Sanctions
The FCC has authorized a maximum forfeiture amount for each violation of the mandatory blocking requirements of $23,727 per call. The base forfeiture amount will be $2,500 per call.
Removal from Robocall Mitigation Database
If the FCC determines that an intermediate provider has submitted a deficient certification and/or robocall mitigation plan or if it concludes that a VSP knowingly or negligently carries or processes illegal robocalls, the Commission will take appropriate enforcement action. This could include removing a certification from the database after providing notice to the intermediate provider and an opportunity to cure the filing, requiring the intermediate provider to submit to more specific robocall mitigation requirements, and/or proposing the imposition of a forfeiture.
Continuing Violations
Continuing violations of the FCC’s robocall mitigation rules will result in enforcement actions that could include, in addition to the sanctions listed above, revocation of carrier’s authorizations, licenses, and/or certifications. The Commission will also consider whether individual company owners, directors, officers, and principals associated with an entity for which we have revoked a Commission authorization may be prohibited from obtaining new Commission authorizations or licenses.
STIR/SHAKEN Obligations of Satellite Providers
The FCC has concluded that satellite providers that do not use North American Number Plan (“NANP”) numbers to originate calls or only use such numbers to forward calls to non-NANP numbers are not VSPs and therefore do not have a STIR/SHAKEN implementation obligation. Regarding satellite providers that use NANP numbers and are small VSPs under the rules are granted an ongoing extension from robocall mitigation requirements.
In addition to the proposed rules highlighted above, the FCC is seeking comments on additional ideas, concepts, and potential future rule enhancements and expansions through the NPRM, which is summarized below.
NPRM
Third-Party Caller ID Authentication
The FCC seeks comment on the use of third-party solutions to authenticate caller ID information and whether any changes should be made to the Commission’s rules to permit, prohibit, or limit their use. The FCC also seeks comment on whether, and under what circumstances, a third party may authenticate calls on behalf of a provider with A- or B-level attestations consistent with the ATIS standards.
Eliminating the Implementation Extension for Providers Unable to Obtain a STIR/SHAKEN Token
The Commission seeks comment on whether to eliminate the STIR/SHAKEN implementation extension for VSPs that cannot obtain a token.
Comment/Reply Deadlines
Comments are due 30 days after publication in the Federal Register. Reply comments are due 60 days after publication in the Federal Register.
NEED HELP WITH ROBOCALL MITIGATION, COMPLIANCE AND LITIGATION SUPPORT/DEFENSE AGAINST BUSINESS & LEGAL CHALLENGES?
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Ron Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
FEBRUARY 27, 2023
The FCC published new STIR/SHAKEN rules up for a vote in its meeting on March 16, 2023. Here’s an overview.
Here are some of the notable rules we found in the report-and-order:
At their meeting on March 16, 2023, the commissioners will vote to approve the Sixth Report and Order. This will establish these rules in law and set compliance dates for them to take effect.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
March 16, 2023—The Federal Communications Commission today adopted its latest rules to combat illegal robocalls, including by enhancing and expanding provider obligations to implement the STIR/SHAKEN caller ID authentication framework. Today’s action will build on FCC and industry success in implementing the framework used to trace back, block, and/or identify originators of illegal spoofed robocalls.
The new rules will require intermediate providers that receive unauthenticated IP calls directly from domestic originating providers to use STIR/SHAKEN to authenticate those calls. Although STIR/SHAKEN has been widely implemented under FCC rules, some originating providers are not capable of using the framework. In other cases, unscrupulous originating providers may deliberately fail to authenticate calls. By requiring the next provider in the call path to authenticate those calls, the FCC closes a gap in the caller ID authentication regime and facilitates government and industry efforts to identify and block illegal robocalls.
In addition, the new rules will expand robocall mitigation requirements for all providers. All providers, regardless of their STIR/SHAKEN implementation status, will now be required to take “reasonable steps” to mitigate illegal robocall traffic and submit a certification and mitigation plan to the FCC’s Robocall Mitigation Database. These filings will now also include additional details on a provider’s role in the call chain, STIR/SHAKEN implementation obligations, and any recent formal law enforcement or regulatory action or investigation into suspected unlawful robocalling.
Lastly, the Report and Order adopted today will further improve the FCC’s robocall enforcement tools. Specifically, the FCC made clear that violations of its mandatory blocking rules could result in substantial fines using per call forfeiture calculations. The rules also apply procedures for removal from the Robocall Mitigation Database to all intermediate providers and an expedited removal process for providers submitting facially deficient certifications. The new rules also establish enforcement consequences for repeat offenders of robocall mitigation rules.
The Commission also adopted a Further Notice of Proposed Rulemaking today which seeks to continue to build a record on which the agency can take still further steps in the future to enhance its robocall protections for consumers.
The use of STIR/SHAKEN in FCC robocall efforts was initially raised in the 2016 report from a special strike force established at the time. From there, a rulemaking proceeding was launched in 2017 resulting in 2020 rules establishing a mandate for most types of voice service providers to use the standard in caller ID authentication. By July 2021, STIR/SHAKEN was broadly implemented by providers, subject to limited implementation extensions. The implementation extension for non-facilities-based small providers expired on June 30, 2022, and the implementation extension for facilities-based small providers will expire on June 30, 2023. In May 2022, the Commission adopted rules applying STIR/SHAKEN implementation obligations to gateway providers that serve as on-ramps for international call traffic into American networks. The Report and Order adopted today continues this impactful work. For more information, visit: https://www.fcc.gov/call-authentication.
Action by the Commission March 16, 2023 by Report and Order and Further Notice of Proposed Rulemaking (FCC 23-18). Chairwoman Rosenworcel, Commissioners Carr, Starks, and Simington approving. Chairwoman Rosenworcel and Commissioner Starks issuing separate statements.
March 16, 2023—The Federal Communications Commission today adopted its first regulations specifically targeting the increasing problem of scam text messages sent to consumers. The new rules will require mobile service providers to block certain robotext messages that are highly likely to be illegal. Today’s action also seeks input on further regulatory actions the Commission can take to protect consumers from scam robotexts.
Text message scams are an increasingly pervasive consumer threat, with a more than 500% increase in complaints in recent years. From 2015 to 2022, robotext complaints rose from around 3,300 to 18,900 per year. And robotexts pose a unique threat to consumers: unlike robocalls, scam text messages are hard to ignore or hang-up on and are nearly always read by the recipient – often immediately. In addition, robotexts can promote links to phishing websites or websites that can install malware on a consumer’s phone.
The Report and Order adopted today requires blocking of text messages that appear to come from phone numbers that are unlikely to transmit text messages. This includes invalid, unallocated, or unused numbers. It also includes numbers that the subscriber to the number has self-identified as never sending text messages, and numbers that government agencies and other well-known entities identify as not used for texting. A second rule will require each mobile wireless provider to establish a point of contact for text senders, or have providers require their aggregator partners or blocking contractors to establish such a point of contact, which senders can use to inquire about blocked texts.
Today’s action also seeks public comment on further proposals to require providers to block texts from entities the FCC has cited as illegal robotexters. It also proposes to clarify that Do-Not-Call Registry protections – that is, prohibiting marketing messages to registered numbers – apply to text messaging and closing the lead generator loophole, which allows companies to use a single consumer consent to deliver robocalls and text messages from multiple – perhaps thousands – of marketers on subjects that may not be what the consumer had in mind. The Commission will also take further public comment on text authentication measures and other proposals to continue to fight illegal scam robotexts.
While robotexts in general fall under the Telephone Consumer Protection Act’s limits against unwanted calls to mobile phones, these new rules establish important blocking rules for mobile carriers to actively help protect consumers. Meanwhile, the FCC recommends that consumers take steps to protect themselves from text scams: do not interact in any way with suspicious texts, click on suspicious links, or provide any information via text or website. In addition, consumers can file a complaint with the FCC, forward unwanted texts to SPAM (7726), and should delete all suspicious texts.
Action by the Commission March 16, 2023 by Report and Order and Further Notice of Proposed Rulemaking (FCC 23-21). Chairwoman Rosenworcel, Commissioners Carr, Starks, and Simington approving. Chairwoman Rosenworcel and Commissioner Starks issuing separate statements.
March 16, 2023—The Federal Communications Commission today adopted its latest rules to combat illegal robocalls, including by enhancing and expanding provider obligations to implement the STIR/SHAKEN caller ID authentication framework. Today’s action will build on FCC and industry success in implementing the framework used to trace back, block, and/or identify originators of illegal spoofed robocalls.
The new rules will require intermediate providers that receive unauthenticated IP calls directly from domestic originating providers to use STIR/SHAKEN to authenticate those calls. Although STIR/SHAKEN has been widely implemented under FCC rules, some originating providers are not capable of using the framework. In other cases, unscrupulous originating providers may deliberately fail to authenticate calls. By requiring the next provider in the call path to authenticate those calls, the FCC closes a gap in the caller ID authentication regime and facilitates government and industry efforts to identify and block illegal robocalls.
In addition, the new rules will expand robocall mitigation requirements for all providers. All providers, regardless of their STIR/SHAKEN implementation status, will now be required to take “reasonable steps” to mitigate illegal robocall traffic and submit a certification and mitigation plan to the FCC’s Robocall Mitigation Database. These filings will now also include additional details on a provider’s role in the call chain, STIR/SHAKEN implementation obligations, and any recent formal law enforcement or regulatory action or investigation into suspected unlawful robocalling.
Lastly, the Report and Order adopted today will further improve the FCC’s robocall enforcement tools. Specifically, the FCC made clear that violations of its mandatory blocking rules could result in substantial fines using per call forfeiture calculations. The rules also apply procedures for removal from the Robocall Mitigation Database to all intermediate providers and an expedited removal process for providers submitting facially deficient certifications. The new rules also establish enforcement consequences for repeat offenders of robocall mitigation rules.
The Commission also adopted a Further Notice of Proposed Rulemaking today which seeks to continue to build a record on which the agency can take still further steps in the future to enhance its robocall protections for consumers.
The use of STIR/SHAKEN in FCC robocall efforts was initially raised in the 2016 report from a special strike force established at the time. From there, a rulemaking proceeding was launched in 2017 resulting in 2020 rules establishing a mandate for most types of voice service providers to use the standard in caller ID authentication. By July 2021, STIR/SHAKEN was broadly implemented by providers, subject to limited implementation extensions. The implementation extension for non-facilities-based small providers expired on June 30, 2022, and the implementation extension for facilities-based small providers will expire on June 30, 2023. In May 2022, the Commission adopted rules applying STIR/SHAKEN implementation obligations to gateway providers that serve as on-ramps for international call traffic into American networks. The Report and Order adopted today continues this impactful work. For more information, visit: https://www.fcc.gov/call-authentication.
May 2, 2023 -- “When I asked Hany Farid, a digital-forensics expert at the University of California, Berkeley, how we can spot synthetic audio and video, he had two words: good luck. “Not only can I generate this stuff, I can carpet-bomb the internet with it.”
Robocallers/spamers/fraudsters delight coming right up? Of course. Can our new AI-based fraud detection find AI fraudsters? Yes. But a new world is upon us.
I Cloned Myself With AI. She Fooled My Bank and My Family.
Our columnist replaced herself with AI voice and video to see how humanlike the tech can be. The results were eerie.
By Joanna Stern,
Wall Street Journal - April 28, 2023
The good news about AI Joanna: She never loses her voice, she has outstanding posture and not even a convertible driving 120 mph through a tornado could mess up her hair.
The bad news: She can fool my family and trick my bank.
Maybe you’ve played around with chatbots like OpenAI’s ChatGPT and Google’s Bard, or image generators like Dall-E. If you thought they blurred the line between AI and human intelligence, you ain’t seen—or heard—nothing yet.
Over the past few months, I’ve been testing Synthesia, a tool that creates artificially intelligent avatars from recorded video and audio (aka deepfakes). Type in anything and your video avatar parrots it back.
Since I do a lot of voice and video work, I thought this could make me more productive, and take away some of the drudgery. That’s the AI promise, after all. So I went to a studio and recorded about 30 minutes of video and nearly two hours of audio that Synthesia would use to train my clone. A few weeks later, AI Joanna was ready.
Then I attempted the ultimate day off, Ferris Bueller style. Could AI me—paired with ChatGPT-generated text—replace actual me in videos, meetings and phone calls? It was…eye-opening or, dare I say, AI-opening. (Let’s just blame AI Joanna for my worst jokes.)
Eventually AI Joanna might write columns and host my videos. For now, she’s at her best illustrating the double-edged sword of generative-AI voice and video tools.
My AI voice sounds a lot like me.
When my sister’s fish died, could I have called with condolences? Yes. On a phone interview with Snap CEO Evan Spiegel, could I have asked every question myself? Sure. But in both cases, my AI voice was a convincing stand-in. At first.
I didn’t use Synthesia’s voice clone for those calls. Instead, I used one generated by ElevenLabs, an AI speech-software developer. My producer Kenny Wassus gathered about 90 minutes of my voice from previous videos and we uploaded the files to the tool—no studio visit needed. In under two minutes, it cloned my voice. In ElevenLabs’s web-based tool, type in any text, click Generate, and within seconds “my” voice says it aloud. Creating a voice clone with ElevenLabs starts at $5 a month.
Compared with Synthesia Joanna, the ElevenLabs me sounds more humanlike, with better intonations and flow.
My sister, whom I call several times a week, said the bot sounded just like me, but noticed the bot didn’t pause to take breaths. When I called my dad and asked for his Social Security number, he only knew something was up because it sounded like a recording of me.
The potential for misuse is real.
The ElevenLabs voice was so good it fooled my Chase credit card’s voice biometric system.
I cued AI Joanna up with several things I knew Chase would ask, then dialed customer service. At the biometric step, when the automated system asked for my name and address, AI Joanna responded. Hearing my bot’s voice, the system recognized it as me and immediately connected to a representative. When our video intern called and did his best Joanna impression, the automated system asked for further verification.
A Chase spokeswoman said the bank uses voice biometrics, along with other tools, to verify callers are who they say they are. She added that the feature is meant for customers to quickly and securely identify themselves, but to complete transactions and other financial requests, customers must provide additional information.
What’s most worrying: ElevenLabs made a very good clone without much friction. All I had to do was click a button saying I had the “necessary rights or consents” to upload audio files and create the clone, and that I wouldn’t use it for fraudulent purposes.
That means anyone on the internet could take hours of my voice—or yours, or Joe Biden’s or Tom Brady’s—to save and use. The Federal Trade Commission is already warning about AI-voice related scams.
Synthesia requires that the audio and video include verbal consent, which I did when I filmed and recorded with the company.
ElevenLabs only allows cloning in paid accounts, so any use of a cloned voice that breaks company policies can be traced to an account holder, company co-founder Mati Staniszewski told me. The company is working on an authentication tool so people can upload any audio to check if it was created using ElevenLabs technology.
Both systems allowed me to generate some horrible things in my voice, including death threats.
A Synthesia spokesman said my account was designated for use with a news organization, which means it can say words and phrases that might otherwise be filtered. The company said its moderators flagged and deleted my problematic phrases later on. When my account was changed to the standard type, I was no longer able to generate those same phrases.
Mr. Staniszewski said ElevenLabs can identify all content made with its software. If content breaches the company’s terms of service, he added, ElevenLabs can ban its originating account and, in case of law breaking, assist authorities.
This stuff is hard to spot.
When I asked Hany Farid, a digital-forensics expert at the University of California, Berkeley, how we can spot synthetic audio and video, he had two words: good luck.
“Not only can I generate this stuff, I can carpet-bomb the internet with it,” he said, adding that you can’t make everyone an AI detective.
Sure, my video clone is clearly not me, but it will only get better. And if my own parents and sister can’t really hear the difference in my voice, can I expect others to?
I got a bit of hope from hearing about the Adobe-led Content Authenticity Initiative. Over 1,000 media and tech companies, academics and more aim to create an embedded “nutrition label” for media. Photos, videos and audio on the internet might one day come with verifiable information attached. Synthesia is a member of the initiative.
The work dream: an AI you can send to video calls. Sadly, everyone knew she was a fake. PHOTO: JOANNA STERN/THE WALL STREET JOURNAL
I feel good about being a human.
Unlike AI Joanna who never smiles, real Joanna had something to smile about after this. ChatGPT generated text lacking my personality and expertise. My video clone was lacking the things that make me me. And while my video producer likes using my AI voice in early edits to play with timing, my real voice has more energy, emotion and cadence.
Will AI get better at all of that? Absolutely. But I also plan to use these tools to afford me more time to be a real human. Meanwhile, I’m at least sitting up a lot straighter in meetings now.
Write to Joanna Stern at joanna.stern@wsj.com
MARCH 23, 2023 --
You get a call. There's a panicked voice on the line. It's your grandson. He says he's in deep trouble — he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You've heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that's how.
Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We're living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member's voice — which he could get from content posted online — and a voice-cloning program. When the scammer calls you, he’ll sound just like your loved one.
So how can you tell if a family member is in trouble or if it’s a scammer using a cloned voice?
Don’t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can’t reach your loved one, try to get in touch with them through another family member or their friends.
Scammers ask you to pay or send money in ways that make it hard to get your money back. If the caller says to wire money, send cryptocurrency, or buy gift cards and give them the card numbers and PINs, those could be signs of a scam.
April 16, 2023 - BY SCOTT PELLEY
We may look on our time as the moment civilization was transformed as it was by fire, agriculture and electricity. In 2023, we learned that a machine taught itself how to speak to humans like a peer. Which is to say, with creativity, truth, error and lies. The technology, known as a chatbot, is only one of the recent breakthroughs in artificial intelligence -- machines that can teach themselves superhuman skills. We explored what's coming next at Google, a leader in this new world. CEO Sundar Pichai told us AI will be as good or as evil as human nature allows. The revolution, he says, is coming faster than you know.
Scott Pelley: Do you think society is prepared for what's coming?
Sundar Pichai: You know, there are two ways I think about it. On one hand I feel, no, because you know, the pace at which we can think and adapt as societal institutions, compared to the pace at which the technology's evolving, there seems to be a mismatch. On the other hand, compared to any other technology, I've seen more people worried about it earlier in its life cycle. So I feel optimistic. The number of people, you know, who have started worrying about the implications, and hence the conversations are starting in a serious way as well.
Our conversations with 50-year-old Sundar Pichai started at Google's new campus in Mountain View, California. It runs on 40% solar power and collects more water than it uses -- high-tech that Pichai couldn't have imagined growing up in India with no telephone at home.
Sundar Pichai: We were on a waiting list to get a rotary phone and for about five years. It finally came home I can still recall it vividly. It changed our lives. To me it was the first moment I understood the power of what getting access to technology meant and so probably led me to be doing what I'm doing today.
What he's doing, since 2019, is leading both Google and its parent company, Alphabet, valued at $1.3 trillion. Worldwide, Google runs 90 percent of internet searches and 70 percent of smartphones. But its dominance was attacked this past February when Microsoft unveiled its new chatbot. In a race for AI dominance, Google just released its version named Bard.
Sissie Hsiao: It's really here to help you brainstorm ideas, to generate content, like a speech, or a blog post, or an email.
We were introduced to Bard by Google Vice President Sissie Hsiao and Senior Vice President James Manyika. The first thing we learned was that Bard does not look for answers on the internet like Google search does.
Sissie Hsiao: So I wanted to get inspiration from some of the best speeches in the world...
Bard's replies come from a self-contained program that was mostly self-taught— our experience was unsettling.
Scott Pelley: Confounding, absolutely confounding.
Bard appeared to possess the sum of human knowledge...
...with microchips more than 100-thousand times faster than the human brain. We asked Bard to summarize the New Testament. It did, in five seconds and 17 words. We asked for it in Latin--that took another four seconds. Then, we played with a famous six word short story, often attributed to Hemingway.
Scott Pelley: For sale. Baby shoes. Never worn.
The only prompt we gave was 'finish this story.' In five seconds…
Scott Pelley: Holy Cow! The shoes were a gift from my wife, but we never had a baby…
From the six-word prompt, Bard created a deeply human tale with characters it invented -- including a man whose wife could not conceive and a stranger, grieving after a miscarriage, and longing for closure.
Scott Pelley: I am rarely speechless. I don't know what to make of this. Give me that story…
We asked for the story in verse. In five seconds, there was a poem written by a machine with breathtaking insight into the mystery of faith, Bard wrote "she knew her baby's soul would always be alive." The humanity, at superhuman speed, was a shock.
Scott Pelley: How is this possible?
James Manyika told us that over several months, Bard read most everything on the internet and created a model of what language looks like. Rather than search, its answers come from this language model.
James Manyika: So, for example, if I said to you, Scott, peanut butter and?
Scott Pelley: Jelly.
James Manyika: Right. So, it tries and learns to predict, okay, so peanut butter usually is followed by jelly. It tries to predict the most probable next words, based on everything it's learned. So, it's not going out to find stuff, it's just predicting the next word.
But it doesn't feel like that. We asked Bard why it helps people and it replied – quote – "because it makes me happy."
Scott Pelley: Bard, to my eye, appears to be thinking. Appears to be making judgments. That's not what's happening? These machines are not sentient. They are not aware of themselves.
James Manyika: They're not sentient. They're not aware of themselves. They can exhibit behaviors that look like that. Because keep in mind, they've learned from us. We're sentient beings. We have beings that have feelings, emotions, ideas, thoughts, perspectives. We've reflected all that in books, in novels, in fiction. So, when they learn from that, they build patterns from that. So, it's no surprise to me that the exhibited behavior sometimes looks like maybe there's somebody behind it. There's nobody there. These are not sentient beings.
Zimbabwe born, Oxford educated, James Manyika holds a new position at Google -- his job is to think about how AI and humanity will best co-exist.
James Manyika: AI has the potential to change many ways in which we've thought about society, about what we're able to do, the problems we can solve.
But AI itself will pose its own problems. Could Hemingway write a better short story? Maybe. But Bard can write a million before Hemingway could finish one. Imagine that level of automation across the economy.
Scott Pelley: A lot of people can be replaced by this technology.
James Manyika: Yes, there are some job occupations that'll start to decline over time. There are also new job categories that'll grow over time. But the biggest change will be the jobs that'll be changed. Something like more than two-thirds will have their definitions change. Not go away, but change. Because they're now being assisted by AI and by automation. So this is a profound change which has implications for skills. How do we assist people to build new skills? Learn to work alongside machines. And how do these complement what people do today.
Sundar Pichai: This is going to impact every product across every company and so that's, that's why I think it's a very, very profound technology. And so, we are just in early days.
Scott Pelley: Every product in every company.
Sundar Pichai: That's right. AI will impact everything. So, for example, you could be a radiologist. You know, if I-- if I-- if you think about five to 10 years from now, you're gonna have a AI collaborator with you. It may triage. You come in the morning. You-- let's say you have 100 things to go through. It may say, 'These are the most serious cases you need to look at first.' Or when you're looking at something, it may pop up and say, 'You may have missed something important.' Why wouldn't we, why wouldn't we take advantage of a super-powered assistant to help you across everything you do? You may be a student trying to learn math or history. And, you know, you will have something helping you.
We asked Pichai what jobs would be disrupted, he said, "knowledge workers." People like writers, accountants, architects and, ironically, software engineers. AI writes computer code too.
Today Sundar Pichai walks a narrow line. A few employees have quit, some believing that Google's AI rollout is too slow, others--too fast. There are some serious flaws. James Manyika asked Bard about inflation. It wrote an instant essay in economics and recommended five books. But days later, we checked. None of the books is real. Bard fabricated the titles. This very human trait, error with confidence, is called, in the industry, hallucination.
Scott Pelley: Are you getting a lot of hallucinations?
Sundar Pichai: Yes, you know, which is expected. No one in the, in the field has yet solved the hallucination problems. All models do have this as an issue.
Scott Pelley: Is it a solvable problem?
Sundar Pichai: It's a matter of intense debate. I think we'll make progress.
To help cure hallucinations, Bard features a "Google it" button that leads to old-fashioned search. Google has also built safety filters into Bard to screen for things like hate speech and bias.
Scott Pelley: How great a risk is the spread of disinformation?
Sundar Pichai: AI will challenge that in a deeper way the scale of this problem will be much bigger.
Bigger problems, he says, with fake news and fake images.
Sundar Pichai: It will be possible with AI to create-- you know, a video easily. Where it could be Scott saying something, or me saying something, and we never said that. And it could look accurate. But you know, on a societal scale, you know, it can cause a lot of harm.
Scott Pelley: Is Bard safe for society?
Sundar Pichai: The way we have launched it today, as an experiment in a limited way, I think so. But we all have to be responsible in each step along the way.
Pichai told us he's being responsible by holding back for more testing, advanced versions of Bard, that, he says, can reason, plan, and connect to internet search.
Scott Pelley: You are letting this out slowly so that society can get used to it?
Sundar Pichai: That's one part of it. One part is also so that we get the user feedback. And we can develop more robust safety layers before we build, before we deploy more capable models.
Of the AI issues we talked about, the most mysterious is called emergent properties. Some AI systems are teaching themselves skills that they weren't expected to have. How this happens is not well understood. For example, one Google AI program adapted, on its own, after it was prompted in the language of Bangladesh, which it was not trained to know.
James Manyika: We discovered that with very few amounts of prompting in Bengali, it can now translate all of Bengali. So now, all of a sudden, we now have a research effort where we're now trying to get to a thousand languages.
Sundar Pichai: There is an aspect of this which we call-- all of us in the field call it as a "black box." You know, you don't fully understand. And you can't quite tell why it said this, or why it got wrong. We have some ideas, and our ability to understand this gets better over time. But that's where the state of the art is.
Scott Pelley: You don't fully understand how it works. And yet, you've turned it loose on society?
Sundar Pichai: Yeah. Let me put it this way. I don't think we fully understand how a human mind works either.
Was it from that black box, we wondered, that Bard drew its short story that seemed so disarmingly human?
Scott Pelley: It talked about the pain that humans feel. It talked about redemption. How did it do all of those things if it's just trying to figure out what the next right word is?
Sundar Pichai: I have had these experiences talking with Bard as well. There are two views of this. You know, there are a set of people who view this as, look, these are just algorithms. They're just repeating what it's seen online. Then there is the view where these algorithms are showing emergent properties, to be creative, to reason, to plan, and so on, right? And, and personally, I think we need to be, we need to approach this with humility. Part of the reason I think it's good that some of these technologies are getting out is so that society, you know, people like you and others can process what's happening. And we begin this conversation and debate. And I think it's important to do that.
The revolution in artificial intelligence is the center of a debate ranging from those who hope it will save humanity to those who predict doom. Google lies somewhere in the optimistic middle, introducing AI in steps so civilization can get used to it. We saw what's coming next in machine learning at Google's AI lab in London -- a company called DeepMind -- where the future looks something like this.
Scott Pelley: Look at that! Oh, my goodness…
Raia Hadsell: They got a pretty good kick on them...
Scott Pelley: Ah! Goal!
A soccer match at DeepMind looks like fun and games but, here's the thing: humans did not program these robots to play--they learned the game by themselves.
Raia Hadsell: It's coming up with these interesting different strategies, different ways to walk, different ways to block…
Scott Pelley: And they're doing it, they're scoring over and over again…
Raia Hadsell, vice president of Research and Robotics, showed us how engineers used motion capture technology to teach the AI program how to move like a human. But on the soccer pitch the robots were told only that the object was to score. The self-learning program spent about two weeks testing different moves. It discarded those that didn't work, built on those that did, and created all-stars.
And with practice, they get better. Hadsell told us that, independent from the robots, the AI program plays thousands of games from which it learns and invents its own tactics.
Raia Hadsell: Here we think that red player's going to grab it. But instead, it just stops it, hands it back, passes it back, and then goes for the goal.
Scott Pelley: And the AI figured out how to do that on its own.
Raia Hadsell: That's right. That's right. And it takes a while. At first all the players just run after the ball together like a gaggle of, you know, 6-year-olds the first time they're playing ball. Over time what we start to see is now, 'Ah, what's the strategy? You go after the ball. I'm coming around this way. Or we should pass. Or I should block while you get to the goal.' So, we see all of that coordination emerging in the play.
Scott Pelley: This is a lot of fun. But what are the practical implications of what we're seeing here?
Raia Hadsell: This is the type of research that can eventually lead to robots that can come out of the factories and work in other types of human environments. You know, think about mining, think about dangerous construction work or exploration or disaster recovery.
Raia Hadsell is among 1,000 humans at DeepMind. The company was co-founded just 12 years ago by CEO Demis Hassabis.
Demis Hassabis: So if I think back to 2010 when we started nobody was doing AI. There was nothing going on in industry. People used to eye roll when we talked to them, investors, about doing AI. So, we couldn't, we could barely get two cents together to start off with which is crazy if you think about now the billions being invested into AI startups.
Cambridge, Harvard, MIT, Hassabis has degrees in computer science and neuroscience. His Ph.D. is in human imagination. And imagine this, when he was 12, in his age group, he was the number two chess champion in the world.
It was through games that he came to AI.
Demis Hassabis: I've been working on AI for decades now, and I've always believed that it's gonna be the most important invention that humanity will ever make.
Scott Pelley: Will the pace of change outstrip our ability to adapt?
Demis Hassabis: I don't think so. I think that we, you know, we're sort of an infinitely adaptable species. You know, you look at today, us using all of our smartphones and other devices, and we effortlessly sort of adapt to these new technologies. And this is gonna be another one of those changes like that.
Among the biggest changes at DeepMind was the discovery that self-learning machines can be creative. Hassabis showed us a game playing program that learns. It's called AlphaZero and it dreamed up a winning chess strategy no human had ever seen.
Scott Pelley: But this is just a machine. How does it achieve creativity?
Demis Hassabis: It plays against itself tens of millions of times. So, it can explore parts of chess that maybe human chess players and programmers who program chess computers haven't thought about before.
Scott Pelley: It never gets tired. It never gets hungry. It just plays chess all the time.
Demis Hassabis: Yes. It's kind of an amazing thing to see, because actually you set off AlphaZero in the morning and it starts off playing randomly. By lunchtime, you know, it's able to beat me and beat most chess players. And then by the evening, it's stronger than the world champion.
Demis Hassabis sold DeepMind to Google in 2014. One reason, was to get his hands on this. Google has the enormous computing power that AI needs. This computing center is in Pryor, Oklahoma. But google has 23 of these, putting it near the top in computing power in the world. This is one of two advances that make AI ascendant now. First, the sum of all human knowledge is online and, second, brute force computing that "very loosely approximates" the neural networks and talents of the brain.
Demis Hassabis: Things like memory, imagination, planning, reinforcement learning, these are all things that are known about how the brain does it, and we wanted to replicate some of that in our AI systems.
Those are some of the elements that led to DeepMind's greatest achievement so far -- solving an 'impossible' problem in biology.
Most AI systems today do one or maybe two things well. The soccer robots, for example, can't write up a grocery list or book your travel or drive your car. The ultimate goal is what's called artificial general intelligence-- a learning machine that can score on a wide range of talents.
Scott Pelley: Would such a machine be conscious of itself?
Demis Hassabis: So that's another great question. We-- you know, philosophers haven't really settled on a definition of consciousness yet, but if we mean by sort of self-awareness and-- these kinds of things-- you know, I think there's a possibility AI one day could be. I definitely don't think they are today. But I think, again, this is one of the fascinating scientific things we're gonna find out on this journey towards AI.
Even unconscious, current AI is superhuman in narrow ways.
Back in California, we saw Google engineers teaching skills that robots will practice continuously on their own.
Robot: Push the blue cube to the blue triangle.
They comprehend instructions…
And learn to recognize objects.
Robot 106: What would you like?
Scott Pelley: How 'bout an apple?
Ryan: How about an apple.
Robot 106: On my way, I will bring an apple to you.
Vincent Vanhoucke, senior director of Robotics, showed us how Robot 106 was trained on millions of images...
Robot 106: I am going to pick up the apple.
...and can recognize all the items on a crowded countertop.
Vincent Vanhoucke: If we can give the robot a diversity of experiences, a lot more different objects in different settings, the robot gets better at every one of them.
Now that humans have pulled the forbidden fruit of artificial knowledge...
Scott Pelley: Thank you.
...we start the genesis of a new humanity...
Scott Pelley: AI can utilize all the information in the world. What no human could ever hold in their head. And I wonder if humanity is diminished by this enormous capability that we're developing.
James Manyika: I think the possibilities of AI do not diminish humanity in any way. And in fact, in some ways, I think they actually raise us to even deeper, more profound questions.
Google's James Manyika sees this moment as an inflection point.
James Manyika: I think we're constantly adding these, in, superpowers or capabilities to what humans can do in a way that expands possibilities, as opposed to narrow them, I think. So I don't think of it as diminishing humans, but it does raise some really profound questions for us. Who are we? What do we value? What are we good at? How do we relate with each other? Those become very, very important questions that are constantly gonna be, in one case-- sense exciting, but perhaps unsettling too.
It is an unsettling moment. Critics argue the rush to AI comes too fast -- while competitive pressure-- among giants like Google and start-ups you've never heard of, is propelling humanity into the future ready or not.
Sundar Pichai: But I think if take a 10-year outlook, it is so clear to me, we will have some form of very capable intelligence that can do amazing things. And we need to adapt as a society for it.
Google CEO Sundar Pichai told us society must quickly adapt with regulations for AI in the economy, laws to punish abuse, and treaties among nations to make AI safe for the world.
Sundar Pichai: You know, these are deep questions. And, you know, we call this 'alignment.' You know, one way we think about: How do you develop AI systems that are aligned to human values-- and including-- morality? This is why I think the development of this needs to include not just engineers, but social scientists, ethicists, philosophers, and so on. And I think we have to be very thoughtful. And I think these are all things society needs to figure out as we move along. It's not for a company to decide.
We'll end with a note that has never appeared on 60 Minutes but one, in the AI revolution, you may be hearing often. The preceding was created with 100% human content.
Produced by Denise Schrier Cetta and Katie Brennan. Associate producer, Eliza Costas. Broadcast associate, Michelle Karim. Edited by Warren Lustig .
APRIL 16, 2023 - CBS NEWS, 60 MINUTES
BY Scott Pelley
Artificial intelligence solved an impossible problem in biology and robots powered by AI taught themselves to play soccer.
The machines never get tired. They never get hungry. They learn, and grow, developing superhuman abilities in narrow ways. Most AI systems today do one or maybe two things well. The soccer robots, for example, can't write up a grocery list or book your travel or drive your car. The ultimate goal is what's called artificial general intelligence: a learning machine that can score on a wide range of talents.
Some of those talents can seem shockingly human, 60 Minutes correspondent Scott Pelley learned during a visit to Google's new campus in Mountain View, California. Bard, Google's AI chatbot, appears to possess the sum of human knowledge. With microchips more than 100 times faster than the human brain, Bard took 5 seconds to create a deeply human tale when given the prompt: For sale. Baby shoes. Never worn.
Bard's story featured a man whose wife could not conceive and a stranger, grieving after a miscarriage and longing for closure.
"She knew her baby's soul would always be alive," Bard wrote when asked to share the story in verse.
Over the course of several months, Bard read almost everything on the internet and created a model of what language looks like, Google Senior Vice President James Manyika said.
Bard isn't aware of itself; the AI predicts the most probable words based on everything it's learned. Still, it doesn't seem that way when Bard explains why it helps people.
"Because it makes me happy," Bard said.
The appearance of sentience and awareness comes because artificial intelligence has learned from people, Manyika explained.
"We're sentient beings. We have beings that have feelings, emotions, ideas, thoughts, perspectives. We've reflected all that in books, in novels, in fiction," Manyika said. "So, when they learn from that, they build patterns from that. So, it's no surprise to me that the exhibited behavior sometimes looks like maybe there's somebody behind it. There's nobody there. These are not sentient beings."
Like the humans it's learned from, Bard is flawed. In an essay the AI wrote about economics, it referenced five books; each one was fabricated. This very human trait, error with confidence, is called, in the industry, hallucination. To help cure hallucinations, Bard features a "Google it" button that leads to old-fashioned search. Google has also built safety filters into Bard to screen for things like hate speech and bias.
Google is holding back on releasing more advanced versions of Bard that can reason, plan and connect to internet search on their own so that the company can do more testing, get more user feedback and develop more robust safety layers, Google CEO Sundar Pichai said. He's walking a narrow line in how quickly AI advancements are released.
Critics argue the rush to AI comes too fast, but competitive pressure, among tech giants like Google and smaller start ups, is propelling humanity into the future — ready or not. Society needs to adapt quickly, with regulations for AI in the economy, laws that punish abuse and treaties between nations to make AI safe in the world, Pichai said.
"You know, one way we think about: How do you develop AI systems that are aligned to human values-- and including-- morality? This is why I think the development of this needs to include not just engineers, but social scientists, ethicists, philosophers and so on," Pichai said. "And I think we have to be very thoughtful. And I think these are all things society needs to figure out as we move along. It's not for a company to decide."
The revolution in artificial intelligence is at the center of a debate ranging from those who hope it will save humanity to those who predict doom. Google lies somewhere in the optimistic middle, introducing AI in steps so civilization can get used to it.
Demis Hassabis, CEO of DeepMind Technologies, has spent decades working on AI and views it as the most important invention humanity will ever make. Hassabis sold DeepMind to Google in 2014. Part of the reason for the sale was to gain access to Google's immense computing power. Brute force computing can very loosely approximate the neural networks and talents of the brain.
"Things like memory, imagination, planning, reinforcement learning, these are all things that are known about how the brain does it, and we wanted to replicate some of that in our AI systems," Hassabis said.
With that power, DeepMind created an AI program to predict 3D structures of proteins. It takes an average scientist their entire PHD to find the 3D structure of a single protein, Hassabis said. DeepMind can predict the structures much more quickly.
"And actually, over the last year, we did all the 200 million proteins that are known to science," he said.
DeepMind made its protein database public as a "gift to humanity," Hassabis said. It's been used in developing vaccines and antibiotics. The database has also been used for developing new enzymes to eat plastic waste.
AI can utilize all the information in the world. It left Pelley wondering if humanity is diminished by the enormous capability of artificial intelligence.
Manyika views this moment as an inflection point. In some ways, he thinks AI raises humanity to answer deeper questions.
"Who are we? What do we value? What are we good at? How do we relate with each other?" he said. "Those become very, very important questions that are constantly gonna be, in one case [or] sense exciting, but perhaps unsettling too."
As chatbots emerge, 60 Minutes asked Google's CEO about the future of search, one of the company's main sources of revenue.
https://www.cbsnews.com/video/60-minutes-asked-google-ceo-have-you-killed-your-cash-cow/?intcid=CNI-00-10aaa3b
May 12, 2023
The FCC today announced its first-ever action ordering providers to block traffic from a provider. Specifically, voice service providers immediately downstream from One Eye must block and cease accepting traffic from One Eye no later than June 10. Today's order follows prior notices sent to One Eye by the FCC to which One Eye failed to submit a response.
The most telling part of the Order is from Section 9 of the Order:
We direct all voice service providers immediately downstream from One Eye to initiate blocking all traffic from One Eye no later than 30 days from the release of this Final Determination Order.34 Providers that choose to initiate blocking sooner than 30 days may do so.35 This Final Determination Order will be published in EB Docket No. 22-174.36
For the full details of the FCC's order click on the following link:-
By Nathan Gilles, May 3, 2023. Columbia Insight
In March, Columbia Insight published a lengthy investigative story on a new $100 million data center proposed to be built by a startup company called Roundhouse in the small Columbia River Gorge town of Cascade Locks, Ore. Our reporting addressed many locals’ concerns about the company, its CEO Stephen D. King and its proposed data center.
Among other issues, Columbia Insight discovered that King owed over $1 million to former business partners due a previous troubled business deal in the Gorge.
What Columbia Insight was unable investigate at the time were concerns residents said they had about the data center’s expected energy usage, and statements made by King that local electricity rates would not increase due to the data center’s added electric load.
The most noteworthy Cascade Locks resident to dispute King’s claims has been Cascade Locks Mayor Cathy Fallon.
Fallon has said publicly that the new data center will both raise the cost of electricity for the City of Cascade of Locks and make the city contractually obligated to continue paying that higher cost even if the data center should close its doors and stop consuming electricity.
King has publicly taken issue with these claims.
However, representatives from Bonneville Power Administration (BPA), which provides power to the City of Cascade Locks, have now confirmed to Columbia Insight that BPA does plan to charge the city a higher rate for its electricity due in part to the new data center’s power usage.
BPA representatives also confirmed that as a condition of its contract with BPA, the city will be responsible—at least in the short term—for some, though not all, of the increased costs associated with the data center should the data center close.
Complicating the issue is the fact that even without the data center online and consuming electricity, BPA will be raising the city’s power rates in the upcoming fiscal year starting in October 2023.
According to a recent City of Cascade Locks memo obtained by Columbia Insight, these new increased rates are expected to cost the city an additional $570,000 a year.
And BPA isn’t the only utility raising its rates. Pacific Power and Portland General Electric are also increasing their rates.
However, $570,000 in additional costs pales in comparison to the nearly $5 million in additional costs the City of Cascade Locks will be expected to pay when the data center is fully online, according to estimates made by BPA.
Yet how and if the city’s many electricity customers, including local households, could end up paying for this increase is uncertain.
What is certain is the city is currently exploring the idea of raising its rates on its customers to cover this year’s rate increase with BPA.
What’s also certain is the data center will significantly increase the amount of power consumed in Cascade Locks.
The City of Cascade Locks currently provides roughly 4.5 megawatts (MW) of electricity a month to its local businesses and households. In winter, as temperatures drop and furnaces turn on, that number can reach as high as 7 MW, according to numbers provided by the City of Cascade Locks.
When complete, the data center is expected to consume roughly twice as much electricity as the town’s current households and businesses combined.
This power won’t come online all at once, but in phases.
In the first phase, Roundhouse will operate a data center out of the Flex 6 building, an existing Port of Cascade Locks building that now lies empty.
Roundhouse is expected to use 3.6 to 4 MW of electricity a month at Flex 6, according to previous statements made by King.
For phase two of the data center, Roundhouse hopes to build a second facility on a nearby 10-acre empty lot. This facility is expected to need an additional 7.2 MW a month, for a total energy usage of about 10-11 MW, according to previous statements made by King.
But Roundhouse’s power consumption might not end there.
At an Oct. 27, 2022, Port of Cascade Locks commission meeting, King told the Port commissioners if the two facilities proved successful, Roundhouse would consider building a third facility for its data center, raising the company’s total electricity consumption to 25-30 MW, according to meeting minutes.
King also told Port commissioners that BPA’s power, which he said was priced at “50% of what it’s worth,” was one major reason Roundhouse was pursuing a data center in the Columbia River Gorge, according to a video recording of the meeting.
The source of this electricity, hydropower, will also help the data center meet industry standards to quality as a “green” data center, according to statements made by King during a March 2023 interview with Columbia Insight.
King did not respond to email and text requests for an interview for this story.
James Longacre, Roundhouse’s chief operating officer and chief engineer, also did not respond to Columbia Insight’s request for an interview.
King has said the data center’s use of electricity would benefit the City of Cascade Locks’ budget.On Feb. 2, the day before Roundhouse and the Port signed a Memorandum of Understanding, King presented a document to the Port that claimed Roundhouse’s direct purchase of electricity from the City of Cascade Locks would increase the city’s power revenues by $1.5 million annually.
Fallon says she has no idea if this number is accurate or not.
“The bottom line is anything that Stephen King says you can’t take it for the truth,” says Fallon. “Some of what he says could be true, but you don’t know because he lacks credibility.”
Fallon says King has frequently not answered her questions and has made contradictory statements. Several of these statements she says have to do with the data center’s projected water usage.
As Columbia Insight reported in March, King had originally proposed running the data center using a system that would use “no water,” but later changed the data center’s design to a system that uses “four people’s worth of water” per year, according to statements made by King.
Fallon says King’s past behavior coupled with the data center’s projected power usage makes her wary of the new data center.
“The whole thing is a gamble,” Fallon told Columbia Insight. “I don’t want Cascade Locks holding the bag.”
Fallon has publicly challenged King’s statements about the data center’s power usage.
The two faced off on March 15 when the Port of Cascade Locks and Roundhouse held an open house to discuss the new data center.
The open house was held at the empty Flex 6 building, the proposed site of data center’s first phase.
Flex 6 was built by the Port for a business called The Renewal Workshop, a clothing recycling company. The Renewal Workshop, however, ran into financial problems, leaving Cascade Locks in April 2022 after the company was acquired by a Dutch company.
At the open house, Fallon told the crowd that leasing Flex 6 to a data center involved an even larger risk than having a manufacturing business like the Renewal Project occupy the space.
“The Renewal Project that came in, their power usage wasn’t very much at all,” said Fallon, addressing the crowd, King and members of Roundhouse. “It’s a big difference if a data center comes in and fails, because BPA says our power increases [with the new data center] and once it increases we don’t get to say to the BPA ‘well we’re not using that much power anymore, so we want our old rates.’ It doesn’t work that way.”
King was quick with a rebuttal.
“Your paying rates have nothing to do with our data center,” said King.
“It’s going up. Rates are going up,’” Fallon responded.
“Not due to our usage,” said King. “However, we have said if our particular usage goes up we would cover that. Frankly, I’m not worried because it’s not correct.”
So, who is right?
It depends on how one defines “rates.”
BPA sells power to the City of Cascade Locks, which operates the local public utility district. The city then sells that electricity to its electricity consumers, including households and businesses.
BPA sells electricity to the city at what is, in effect, a wholesale rate. The city then sells this electricity to its customers at what is, in effect, a retail rate.
Fallon says the “rates” she was referring to are the rates BPA sets for the City of Cascade Locks, not the rates households and businesses pay for their electricity.
The data center’s added electric load means the BPA will charge the City of Cascade Locks a higher rate for its electricity.
The rates that the city charges its customers once it has that electricity might or might not go up due to the data center depending on where the city sets its rates. Fallon says the city is currently taking steps to make sure the rates at which it sells electricity remain affordable.
The City of Cascade Locks, at Fallon’s request, is currently working with an attorney specializing in data centers to ensure that Roundhouse—and not the city’s other electric customers—pay for any cost increases associated with the data center.
“I’ve spoken with other city governments,” says Fallon, “and there are ways that we can structure our rates so that Roundhouse pays for [the cost of] their load and those costs aren’t passed on to the rest of Cascade Locks.”
While Cascade Locks currently charges most households and businesses a flat rate for their electricity, the city is currently developing a special “negotiated rate” for Roundhouse, according to Jordon Bennett, city administrator for the City of Cascade Locks.
“We have never had anything close to this before,” says Bennett. “We have one business [Roundhouse] coming in and essentially asking for double the amount of power the rest of the city uses. They are such a large utility we are looking at doing a negotiated rate.”
By contrast, the rates BPA charges the city are projected to increase.
BPA’s rates are projected to increase starting in October without the data center online, according to the recent City of Cascade Locks memo. But they’re also projected to increase in the years ahead due in part to the data center, according to an electric load study conducted by BPA and obtained by Columbia Insight.
BPA verified the authenticity of the document.
The load study includes several projected future rate scenarios that calculate what the city is likely to pay BPA in the future depending on how much electricity it consumes.
The load study includes three scenarios with the data center’s electric load online and one with it offline.
The offline scenario is called the “Base Case” because it sets a baseline for the other scenarios. The base-case scenario is projected for October 2024.
In the base-case scenario, BPA is expected to charge the City of Cascade Locks $46.58 per megawatt hour (MWh) for its “Total Effective Power Rate,” according to BPA’s load study.
However, with both phases of the data center online, BPA plans to increase the city’s total effective power rate to $57 per MWh, a rate increase of 22.35% above the October 2024 base-case scenario.
Kevin Farleigh, account executive at BPA, confirmed that this increase of 22% is due in part to the data center’s energy usage.
“Yes, they [the data center] would raise the rates at which the city is buying power from us [BPA] by that 22%,” says Farleigh, referring to the load study.
This scenario is projected to start as early as 2025, according to the load study, though Farleigh says 2026 is probably a more accurate date for the rate increase to begin.
Farleigh says any actual rate increase in the future assumes rates stay comparable to what BPA is projecting, adding that these rates could change.
“That forecast could either be too high or too low,” says Farleigh.
“On the hook”
BPA Senior Spokesperson Doug Johnson confirmed the data center’s added electric load will mean BPA will not only charge the City of Cascade Locks a higher rate for its electricity, but also that the city will be required to continue paying BPA at that higher rate even if data center closes.
In practice, this also means the city would be required to cover at least some of costs of the missing electricity consumption should the data center go out of business and stop consuming electricity, according to Johnson.
However, Johnson says, the city wouldn’t have to pay the full amount for data center’s missing load because BPA would sell the unused electricity to other users on the electric grid.
In this scenario, BPA would credit the city for the sold electricity.
Only it’s a little more complicated than that.
BPA will credit an account regardless of whether it sells the electricity or not. However, BPA is unlikely to credit the full amount owed, according to both Johnson and Farleigh.
Both men confirmed that BPA typically credits unused electricity at a rate that is lower than the rate the original user would have bought the electricity for if the load were still being used. This means should the data center go away, the City of Cascade Locks would most likely owe BPA for some of the data center’s unused electricity.
“Under the current rate structure,” says Johnson, “it [current credit pricing] certainly wouldn’t make them [the City of Cascade Locks] whole [out of debt with BPA], but it would certainly provide a little bit of relief if the [data center’s electric] load evaporated.”
What’s more, Johnson says, if the data center were to go away the city wouldn’t be responsible for these costs indefinitely. That’s because BPA’s contracts are organized in two-year periods.
“If it [the data center and its load] goes away,” says Johnson, “you’re only on the hook for that amount for whatever that proportion of the two years for which the rates are set and then it starts over again.”
The city could also renegotiate its rates with BPA within its two-year contract. Though Johnson says the renegotiation process takes time.
Cascade Locks is also projected to have a much larger total electricity bill with the data center online.
The 2024 base-case scenario (in which the data center is not yet online) estimates the city’s “Total Power Charges” will be roughly $1.8 million a year, according to the load study.
With both phases of the data center online in 2025, the city’ total power charges will be roughly $6.6 million a year, according to the load study.
The load study also includes two scenarios in which the data center’s power is phased in during 2024 and 2025. Under these scenarios, BPA plans to sell the city electricity at reduced rates.
However, even with these reduced rates in 2024 and 2025, the city is projected to pay as much as $2.8 and $4.8 million respectively, according to the load study.
Cascade Locks City Administrator Jordon Bennett says these large bills require “responsible” planning on the city’s part.
“Our stance is if it [the data center] happens, great,” says Bennett. “But we as an electrical utility, we are required to sell them power and we are going to do it in a way that makes sure we have enough [electricity] to power the whole city and they’re not taking it all and we’re not left holding the bag.”
Depending on the scenario, says Bennett, the city might or might not have the money in reserve to pay BPA what it owes should the data center go out of business.
“We do have money in reserve, though not in that amount,” says Bennett, referring to projections in BPA’s load study.
If the city were to come up short, Bennett says it would consider raising rates on its other electricity customers to cover the bill.
However, Bennett says regardless of the data center’s projected energy usage, the city will be raising its electric rates to cover the $570,000 in additional costs BPA is expected to charge the city for electricity in the upcoming fiscal year.
And this is what the city is currently exploring doing, according to the recent memo, which was written by Bennett.
The memo reads: “To ensure the City Light department can stay solvent we must look at rate changes.” Asked to explain if this language meant the city was going to raise rates on its customers, Bennett was straightforward.
“Yes, we’re going to have to [raise rates],” says Bennett. “How exactly that math is going to pencil out, I don’t know. But that’s kind of how it works. We have to pass it on [costs].”
But there’s another problem associated with the data center’s projected energy consumption: Cascade Locks currently doesn’t have the electric infrastructure to support both phases of the project.
The city currently has the infrastructure to accommodate Roundhouse’s 4 MW usage at Flex 6, but it wouldn’t be able to accommodate the full 11 MW—let alone 25-30 MW—without a new substation.
“There is no way they [Roundhouse] can do what they are calling their phase two without an electrical system update,” says Bennett. “There is no way.”
The city’s current substation, called the Pyramid substation, can accommodate about 14 MW.
With the Flex 6 building’s 4 MW online, the substation will run at roughly 70% capacity, according to Bennett.
Bennett says the city is hoping to add an additional 35 MW by building a new substation.
The new substation plan was proposed in 2017 when the Eagle Creek Fire raised concerns that the city’s electric infrastructure was vulnerable to wildfires, according to Bennett.
The city has since acquired a $2.4 million grant from the U.S. Economic Development Administration to buy the new substation and purchase the land for the new substation from BPA.
But as part of its deal with BPA, the City of Cascade Locks is required to buy a smaller 6 MW substation in order to buy the land for the larger 35 MW substation. This smaller 6 MW substation won’t be used, according to Bennett.
“It’s essentially an overgrown paperweight at this point. I mean it works, but at 6 megawatts it doesn’t do much,” says Bennett.
Bennett says the deal with BPA isn’t finalized yet.
Possible limits to growth
Brad Lorang, vice president of the Port commission and a former mayor of Cascade Locks, says he sees another potential downside to the data center’s heavy power usage.
Lorang says having one company consuming such a large amount of electricity could limit local economic development by limiting the Port’s ability to attract other businesses, especially if Roundhouse builds its facility out to 25-30 MW.
“I do not want us to get into a situation where some other business would want to come along, and we’re already maxed out on our ability to provide power,” says Lorang.
In February, when the five-member Port of Cascade Locks Commission signed a memorandum of understanding with Roundhouse to approve the data center, Lorang, who has been a vocal critic of the data center, cast the lone dissenting vote.
The MOU was expected to lead to Roundhouse signing a 25-year lease with the Port. The signing of the lease is behind schedule, according to Lorang.
Roundhouse was expected to occupy the Flex 6 building starting in April. That did not happen. Lorang says the company’s move-in date was moved to May 1, but that hasn’t happened either.
Lorang says the Port has had other offers to both lease and buy Flex 6 from the Port, which he says would help lower the Port’s debt burden.
Lying empty, Flex 6 has cost the Port roughly $300,000 in accrued interest on the $6 million loan the Port took out to build the facility, according to Lorang.
But Lorang says he’s concerned that the data center could limit local development in another way as well. Lorang says local economic development is limited due to the town’s small size and the Columbia River Gorge National Scenic Area that surrounds it.
He says one of his biggest concerns with the proposed deal with Roundhouse is the company’s plans to build out the nearby 10-acre lot, which Lorang says not only ties up that land but would discourage other types of development, such as a resort, which he says would provide a greater positive economic impact for Cascade Locks than a data center.
“It’s beautiful property,” says Lorang. “It’s right on the river. In my mind, a data center is not the best use for that property. And we really have one shot at this, because once you start putting in a large industrial [data center] it will become hard to attract other types of businesses. A resort is not going to want to locate next to a huge warehouse.”
Lorang says he also has his concerns about both King and Roundhouse. While many members of Roundhouse have experience with data centers, King does not.
Lorang says this fact and information revealed by Columbia Insight about King’s past business dealings have made him even more critical of the proposed data center.
King’s past
As Columbia Insight reported in March, King ended up owing over $1 million to former business partners when King failed to complete a previous project for a proposed aquaponics facility in Hood River County. This failed business deal led to legal action being taken against King and a separate investigation by the State of Oregon into potential fraud and violations of securities laws on King’s part.
Columbia Insight has since obtained through a public records request a partially redacted investigation memorandum from the Oregon Department of Consumer and Business Services Division of Financial Regulation concerning King and the Hood River project.
The memorandum confirms many details in Columbia Insight’s reporting, including how a single investor lost over $880,000 to King when King attempted to purchase land for the aquaponics facility using her money.
The memorandum confirms that a nonrefundable $590,000 was paid to the site’s Hood River County property owners as earnest money to purchase the land.
The investigation tracked the rest of the money through six bank accounts tied to six different companies associated with King. The memorandum concludes the rest of the investor’s money went to business expenses and salaries.
The “most concerning expenses,” according to the memorandum, were “the large salaries” of $180,000 a year [paid to King and other business partners]. The memorandum concluded these large salaries were “not in itself fraud.”
The investigation was dropped. The aquaponics project was never built.
Lorang says he thinks it’s “unlikely” that King will find the financing to complete the data center.
“At this point [the data center is] not moving forward,” says Lorang. “I think his [King’s] history may give people some concerns about loaning him [King] the money.”
However, Lorang says he’s still concerned that the deal might be approved by the Port only to have the project stall or fail.
“The more information that we got, that only further confirmed my fears in his [King’s] ability to pull this off,” says Lorang. “I don’t want somebody to get something half done and then bail out.”
Fallon was even more critical.
“Again, the whole thing is a gamble. And I don’t gamble with other people’s lives and money. I just don’t,” says Fallon.
Whether the deal with Roundhouse goes through or not could come down to the leadership of Port President Jess Groves, who is the subject of an ongoing effort to have him recalled by voters.
Groves was “unavailable” for an interview with Columbia Insight, but agreed to answer questions in writing, according to an email sent by Jeremiah Blue, the Port’s interim general manager.
Groves has not yet replied to our questions.
May 12, 2023
The Department of Justice, together with the Federal Trade Commission (FTC), today announced a civil enforcement action against XCast Labs, Inc. for allegedly violating the Telemarketing Sales Rule (TSR) by assisting and facilitating illegal telemarketing campaigns.
According to a complaint filed in the U.S. District Court for the Central District of California, XCast Labs, Inc., provided voice over internet protocol (VoIP) services that transmitted billions of illegal robocalls to American consumers, including scam calls that fraudulently claimed to be from government agencies. These robocalls delivered prerecorded marketing messages, and many of them were delivered to numbers listed on the National Do Not Call Registry, failed to truthfully identify the seller of the services being marketed, falsely claimed affiliations with government entities, contained other false or misleading statements to induce purchases, or were transmitted with “spoofed” caller ID information. The complaint alleges that XCast Labs continued to allow its services to transmit these calls even after being alerted to their illegality.
The complaint seeks monetary civil penalties and a permanent injunction to prohibit the defendant from future violations.
“The Department of Justice is committed to stopping telecommunications providers from enabling unscrupulous telemarketers to bombard American consumers with illegal robocalls,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “We will continue to work with the FTC to enforce the Telemarketing Sales Rule.”
“XCast Labs played a key role in helping telemarketers flood homes with unlawful robocalls, including robocalls impersonating the Social Security Administration,” said Director Samuel Levine of the FTC’s Bureau of Consumer Protection. “VoIP providers like XCast Labs that bury their heads in the sand when their customers use their services to break the law can expect to hear from the FTC.”
A complaint is merely a set of allegations that, if the case were to proceed to trial, the government would need to prove by a preponderance of the evidence.
The case is being handled by attorneys in the Civil Division’s Consumer Protection Branch, including Trial Attorney Zachary A. Dietert, in conjunction with staff at the FTC’s Division of Marketing Practices.
For more information about the Consumer Protection Branch and its enforcement efforts, visit its website at www.justice.gov/civil/consumer-protection-branch. For more information about the FTC, visit its website at https://www.FTC.gov.
May 15, 2023
by Eric Troutman, attny
Most of the time we break down pretty nuanced or cutting-edge developments here on TCPAWorld. But every so often I need to pause and do a quick basic overview for folks.
Lot’s of questions on B2B calling.
Here is a quick guide.
So, at the federal level you CAN safely make unconsented MANUAL B2B calls to: i) numbers you can PROVE are business lines (just because Zoom info says so, isn’t likely enough); and ii) numbers that are not on the DNC.
Hope this helps…
May 24, 2023 - A coalition of 48 states and the District alleges that Avid Telecom facilitated 21 billion calls from 2018 to 2023, including many on the Do Not Call Registry.
Washington Post
A coalition of attorneys general has accused an Arizona company of facilitating billions of robocalls, including “scams designed to scare and harm consumers.”
A coalition of attorneys general from nearly every state is suing an Arizona company that provides phone-calling services for allegedly facilitating billions of robocalls, including many that appeared to be scams.
In a complaint filed in the U.S. District Court in Arizona, regulators alleged Avid Telecom routed calls on behalf of its clients and found ways to spoof the phone numbers to increase the likelihood that a call would be picked up. The company is accused of transmitting 7.5 billion automated calls to people on the National Do Not Call Registry, a practice that violates laws prohibiting deceptive telemarketing practices.
“Every day, millions of American consumers receive a barrage of unwanted robocalls that are harassing, annoying, threatening, and malicious,” according to the complaint filed by the attorneys general of 48 states and the District. “These calls are all scams designed to scare and harm consumers. Other robocalls may not be scams but are harassing, abusive, and illegal, nonetheless.”
The lawsuit represents the latest effort to crack down on automated phone scams. In November 2022, the Federal Communications Commission moved to block a different internet calling company, Global UC, from using the U.S. phone network. The sweeping order came in response to the company’s failure to meet robocall requirements, according to the FCC.
Prosecutors said Avid should have been aware its services were being used for scams. An industry group designated by the FCC to report spam calls issued at least 329 notifications to Avid, according to the complaint, but company executives allegedly ignored the warnings.
The Tuscon-based company did not immediately respond to a request for comment from The Washington Post. In a statement to CNBC, the company said it has “never been found by any court or regulatory authority to have transmitted unlawful traffic,” noting that it is prepared to meet with the attorneys general to “demonstrate its lawful conduct.”
“Contrary to the allegations in the complaint, Avid Telecom operates in a manner that is compliant with all applicable state and federal laws and regulations,” the company’s statement reads.
From December 2018 to January 2023, Avid facilitated about 21 billion calls to U.S. phone numbers, and 93 percent of them lasted less than 15 seconds, according to a preliminary review of call records cited in the complaint.
Many of these calls purported to be from government agencies like Social Security and Medicare, or customer service representatives from such well-known brands as Amazon and DirectTV.
Analysis by David DiMolfetta with research by Cristiano Lima Washington Post May 31, 2023
The Federal Communications Commission (FCC) — which has jurisdiction over radio, television, cable, and satellites — isn’t best known for grappling with cutting-edge technology.
But amid the rise of generative AI tools like ChatGPT and Midjourney, the telecommunications regulator may be forced to tackle artificial intelligence, an area that’s beginning to intersect with communications infrastructure and airwaves.
A pressing concern is the skyrocketing rates of robocalls, leading to several FCC actions as the agency seeks to cut down scams against consumers.
AI can make robocall operations much cheaper because the technology can automate dialing, talking, and responding, according to former Democratic FCC chair Tom Wheeler.
Nicol Turner-Lee, a senior fellow at the Brookings Institution focusing on equitable broadband access, said robocalls could open Pandora’s box of possibilities for consumer deception, especially for elderly Americans.
Wheeler added voter manipulation as a related area of concern, where an AI-cloned voice could direct an individual on an Election Day to an incorrect location to cast their vote.
A former FCC senior official, who spoke on the condition of anonymity to speak candidly, said there are a number of related concerns triggered by AI in areas with FCC jurisdiction.
One is political campaigns, where voice-cloning technologies and deep fakes could deceive voters listening to or viewing advertisements that contain candidate endorsements.
Internet service providers (ISPs) could also use AI and machine-learning tools to analyze customer data and offer more tailored broadband prices to deceptively overcharge customers, the former official said.
“The FCC is actively studying the potential impacts of AI, in particular the opportunities for advanced communications networks like spectrum sharing and wireline network management, as well as its potential as a tool and a challenge for consumers,” FCC spokesperson Will Wiquist told The Technology 202, adding that the agency is “watching closely” ongoing work from the AI and machine-learning working group in its Technological Advisory Council.
The agency for several years has considered ways to use AI for achieving its own goals, like managing spectrum frequencies to prevent signal interference between devices. In 2021, the tech advisory council released a document that detailed various ways the agency could leverage AI and recommended creating a dedicated task force.
The council reiterated the recommendation in December, saying it was needed “to address how the FCC can best incorporate AI-based methods and techniques as part of its operations.”
The FCC under Republican Chair Ajit Pai also convened a 2018 forum on AI and machine learning to discuss how they could impact the communications sector in the future.
The agency is still in the “first inning” for AI regulations and there isn’t yet a burning issue it needs to address, Pai, who served as chairman of the FCC from 2017 to 2021, told The Technology 202. But if the agency decides to move on regulating AI, it would likely begin with a preliminary “notice of inquiry” that asks the public to provide feedback and concerns they have about the technology, he said.
Turner Lee said the commission could proceed with issuing an inquiry to update its current robocall rules to include AI-generated voices. A task force could also help “investigate what the FCC has power over,” she said.
The FCC was notably not present when a group of federal agencies gathered last month to signal a “whole of government approach” to regulate AI out of concern that the technology could help exacerbate long-held biases in American society. The Equal Employment Opportunity Commission and other watchdogs at the meeting warned about the risk of “digital redlining,” an area where the FCC has taken significant action for broadband access.
The FCC’s omission could be a sign that, even at the White House level, there are still discussions to be had about what agencies have regulatory authority over AI, Turner-Lee said.
Inside the FCC, AI regulation discussions appear to be in the early stages.
FCC Chair Jessica Rosenworcel in a May 18 news conference said the agency is “doing some work behind the scenes” looking at AI in the context of robocalls and spectrum self-healing, which resolves network outages without human intervention.
Republican Commissioner Brendan Carr said Congress is the appropriate place where AI discussions should occur right now, adding that he is open to using the technology to aid the commission’s goals.
The deliberations speak to a broader challenge of running an oversight agency created for a sector that has evolved rapidly since its establishment in 1934, Wheeler said.
“We’ve seen how difficult it’s been thus far in the digital age to deal with issues like privacy and competition … with the existing tools,” he said. “We need a new toolbox, but that toolbox has to be structured differently and be built around digital era concepts rather than industrial era concepts.”
by Eric Troutman, June 8, 2023
If I’ve said it once, I have said it a hundred times– if you’re using Pakistan call centers you are in harm’s way.
Really a really interesting case for you today. Especially for those of you in the Lead Generation World. So listen up.
A court in a pending TCPA class action just granted summary judgment in favor of one defendant against a different defendant. And you don’t see that every day– and yes, that means the facts here are really bad.
In George Moore v. Torchlight Technology Group, LLC, Call Centrix, LLC, and Carol Stitz, 2023 WL 3863354 (N.D. Ill. June 7, 2023), the Defendants are facing a putative nationwide TCPA class action brought by a guy named George Moore who is no stranger to TCPA suits.
The calls at issue were made by a company called Wolf BPO, a company located in Pakistan. Uh oh.
Wolf sold the lead to Call Centrix, which purports to provide “‘compliant lead generation’ call center services.”
Call Centrix, in turn, had contracted with Torchlight who had apparently agreed to pay CC about $900k for TCPA-compliant leads. (Lots of money in this business folks.)
Turns out though the Moore lead wasn’t TCPA compliant. Not even close.
Per the ruling, WolfBPO originally claimed that Moore had supplied his contact information on a website called “FindQualityInsurance.com,” but they were big fat liars. The lead was “fabricated.” Moore denied having visited this website and the website itself confirmed that it had no record of Moore’s consent. As such, Call Centrix conceded that it does not have any evidence of valid written express consent to initiate telemarketing calls to Moore and thus, Moore did not consent to receive such calls.
That is so so so so very bad.
Torchlight, as you’d imagine, was pretty upset about this situation and demanded indemnity from Call Centrix. When Call Centrix refused to defend Torchlight, Torchlight filed a claim against CC and then moved for summary judgment–and that’s where the ruling comes in.
In Moore, the Court GRANTED summary judgment to Torchlight essentially ordering Call Centrix to defend and indemnify it. This is true because in its insertion order:
But it, apparently, did none of those things.
Eesh.
Indeed, Call Centrix initially refused to indemnify Torchlight “because there was ‘only one call to Mr. Moore under the Agreement and because Call Centrix’s vendor Wolf BPO is the one to blame.'” The old, pass-the-buck defense.
But think about that– the company promises to provide complaint leads, promises to supervise its vendors, goes out and hires a Pakistan call center, and then says “wasn’t our fault.”
Unreal.
In the end, the Court rejected all of Call Centrix’ excuses (arguments) and ordered it to defend and indemnity Torchlight as it agreed to.
Lots of takeaways here folks:
Always here to discuss.
JON BRODKIN - June 7, 2023
The Federal Communications Commission issued a $5.1 million fine against pro-Trump robocalls who targeted Black people with calls promoting a conspiracy theory that the government would use mail-in voting records "to track people for mandatory vaccines." The calls also falsely claimed that mail-in voting would be used by police to "track down old warrants" and by credit card companies to collect outstanding debts.
The FCC voted 4–0 to issue the fine against John Burkman (aka Jack Burkman), Jacob Wohl, and J.M. Burkman & Associates LLC for making illegal robocalls to wireless phones, the commission announced yesterday. Burkman and Wohl have faced multiple lawsuits and pleaded guilty in one criminal case. If they do not pay the $5,134,500 penalty, the FCC will refer it to the Department of Justice for collection.
Enter your email to get the Ars Technica newsletter
Top of Form
t Bottom of Form
The FCC fine is for 1,141 calls made to wireless numbers without the recipients' express prior consent. But the robocalls were sent to over 85,000 people overall, according to a ruling in a court case described later in this article.
"The recorded messages identified Burkman and Wohl by name and claimed to be made by 'Project-1599,'" the FCC said.
Calls violated US robocall law
The FCC said the parties violated the Telephone Consumer Protection Act (TCPA) and noted that "the content of the calls is not relevant to our determination under the TCPA and the Commission's rules." The FCC proposed the fine in August 2021, starting a process that gave Burkman and Wohl a chance to dispute the allegations and penalty.
"In response to the Commission's 2021 proposed fine, Burkman and Wohl argued that the dialing companies they hired to make the calls were responsible for any alleged violations," the FCC said. "Yet, their own emails show Burkman and Wohl directing the dialing companies on specific details of the calling campaigns such as which ZIP Codes to call, pricing, and other matters related to the robocalling campaign."
Burkman and Wohl also argued that political robocalls are exempt from the TCPA. But as the FCC said, "the mere fact that a calling campaign is political in nature does not protect the caller from liability under Commission rules."
The FCC noted that "Burkman and Wohl each pleaded guilty to one count of telecommunications fraud for making robocalls in Cuyahoga County, Ohio, for which they were sentenced to 24 months of supervision, required to pay a $2,500 fine, and were ordered to work 500 hours of community service." The ordered community service consisted of registering voters in minority and low-income communities, the FCC said.
"We commend our law enforcement partners for bringing Burkman and Wohl to justice for their actions, and we will continue our efforts to make it clear that there are significant consequences for engaging in this type of conduct," FCC Enforcement Chief Loyaan Egal said.
Robocall’s “mandatory vaccine” claim
The robocalls resulting in the FCC fine included 788 wireless calls on August 26, 2020, and 353 wireless calls on September 14, 2020. Wohl recruited a Black voice actress to record the anti-voting message.
The FCC said the illegal robocalls contained the following message:
Hi, this is Tamika Taylor from Project 1599, the civil rights organization founded by Jack Burkman and Jacob Wohl. Mail-in voting sounds great, but did you know that if you vote by mail, your personal information will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts? The CDC is even pushing to use records for mail-in voting to track people for mandatory vaccines. Don't be finessed into giving your private information to the man, stay safe, and beware of vote by mail.
As part of the investigation, FCC Enforcement Bureau staff "called consumers who received the robocalls and found no evidence of consent having been given—nor did the parties provide any evidence that they had obtained consent to make the calls," the FCC said.
US judge already ruled against Burkman and Wohl
Separately, a jury trial to decide financial damages is scheduled for August in US District Court for the Southern District of New York in a case against Burkman and Wohl filed by the National Coalition on Black Civic Participation and the state of New York. The complaint alleges that the defendants violated the Voting Rights Act and Ku Klux Klan Act. Their "robocall campaign targeted voters in areas with significant Black populations and sought to exploit racially charged stereotypes and false information intended to dissuade recipients from voting in the November 3, 2020 election," the complaint said.
The case already resulted in a judge's ruling stating that "undisputed facts" show "that Defendants violated the Support or Advocacy Clause of the KKK Act." US District Judge Victor Marrero also granted a motion for summary judgment on the plaintiffs' Civil Rights Act claim, saying that "Defendants' planning, execution, and internal communications demonstrate that they intended to interfere with the right to vote."
Marrero further granted the plaintiffs' motion for summary judgment on liability for all claims but said that "the action remains pending with respect to the scope of relief sought against Defendants, including damages, attorney's fees, and costs."
On August 25, 2020, Wohl emailed Burkman an audio file of the message to be used in the robocall, the judge wrote. "In that email, Wohl suggested which geographic locales to target for the Robocall, writing, 'We should send [the Robocall] to black neighborhoods in Milwaukee, Detroit, Philadelphia, Charlotte, Richmond, Atlanta, and Cleveland.' Burkman replied with, 'Cleveland Phila minn chicago NYC detroit,'" Marrero wrote.
The next day, the robocall with the message read by the voice actress portraying "Tamika Taylor" was transmitted to 85,307 numbers throughout the US, Marrero wrote.
June 8, 2023
A new analysis from the Federal Trade Commission shows that bogus bank fraud warnings were the most common form of text message scam reported to the agency and that many of the most common text scams impersonate well-known businesses.
In a newly issued data spotlight, the FTC ranks the top five types of text message scams reported in 2022, with examples of each showing the ways that scammers craft messages designed to deceive consumers. Consumers reported losing $330 million to text message scams in 2022, more than doubling what was reported in 2021.
The analysis looked at a random sample of 1,000 text messages reported to the FTC, finding that fake bank security messages, often supposedly from large banks like Bank of America and Wells Fargo, were the most common type. These texts are designed to create a sense of urgency, often by asking people to verify a large transaction they did not make. Those who respond are connected to a fake bank representative. Reports of texts impersonating banks have increased nearly twentyfold since 2019.
After bank impersonation, the most frequently reported text scams were: messages claiming to offer a free gift, often from a cell phone carrier or retailer; fake claims of package delivery issues from the USPS, UPS, or FedEx; phony job offers for things like mystery shopping and car wrapping; and bogus Amazon security alerts.
The spotlight includes tips for consumers on how to spot text message scams and how to report the bogus text messages to their cell phone companies, device makers, and to FTC.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
JUNE 7, 2023
The FCC received in-depth comments on third-party signing in STIR/SHAKEN. We’ve summarized the comments and recurring themes. Here’s an overview.
The Commission asked for and received comments and reply comments on third-party signing as part of their Fifth Further Notice of Proposed Rulemaking (FNPRM).
In their Sixth FNPRM (¶ 97–106), the Commission stated that the comments and reply comments did not provide sufficient information to fully assess the issue and reach a decision. So they asked for further comments.
Recurring themes :
50% of the commenters wrote that transit provider signing can undermine STIR/SHAKEN by allowing OSP non-participants to hide bad calls amidst other calls signed by the transit provider.
WASHINGTON, June 7, 2023—The FCC’s Robocall Response Team today ordered that Avid Telecom cease and desist its transmission of apparently illegal robocalls related to health insurance that have targeted American consumers. The FCC and its partners believe these robocalls were made without consumer consent. This investigation builds off of the work of state Attorneys General who recently filed a lawsuit against Avid Telecom.
To the extent Avid Telecom argued that its calls were legal, it pointed to opt-in websites that did not provide requisite disclosures to legitimately obtain consumer consent. The FCC has been very clear that callers must have clear and conspicuous consent from consumers.
FCC Leadership:
Chairwoman Jessica Rosenworcel: “Robocalls are used by scammers to deceive consumers. We have an all-hands-on-deck approach to combating these calls and will not stop until consumers are truly safe from scammers.”
Enforcement Bureau:
Chief Loyaan Egal: “This action illustrates the unique capabilities that the Commission and the Enforcement Bureau bring to bear in protecting consumers from this sleight-of-hand effort to circumvent the necessary consent required to market these services using U.S. communications networks. Our efforts in this space continue unabated.”
What’s New:
Michael D. Lansky, LLC, doing business as Avid Telecom, apparently originated illegal robocall traffic on behalf of one or more of its clients. As a result, the FCC has made clear that Avid is required to investigate, block, and permanently prevent this traffic from continuing. Failure to comply with the steps outlined in today’s cease-and-desist letter may result in downstream voice service providers blocking all of Avid Telecom’s traffic, permanently.
How We Got Here:
The FCC’s Enforcement Bureau worked with its designated Traceback Consortium – USTelecom’s Industry Traceback Group – to determine the origin of apparently illegal robocalls.
Between March 8, 2023, and March 23, 2023, Traceback Consortium investigated prerecorded voice message calls related to health insurance that multiple state Attorneys General identified as illegal robocalls made without consent. The trail led to Avid Telecom as the originator of the robocalls.
The Bigger Picture:
Chairwoman Rosenworcel established the FCC’s Robocall Response Team to serve as an FCC staff working group to combat the unyielding menace of illegal spoofed, or scam, robocalls. The team pulls together expertise from across the agency to leverage the talents of enforcers, attorneys, policymakers, engineers, economists, and outreach experts.
Getting Results:
· Blocking active robocall scam campaigns by issuing first-of-their-kind actions:
o 99% drop in auto warranty scam robocalls after an FCC action;
o 88% month-to-month drop in student loan scam robocalls;
o Halted predatory mortgage robocalls targeting homeowners nationwide;
· Fining companies record-breaking amounts for illegal robocalls and spoofing;
· Closing gateways used by international robocalls to reach Americans’ phones;
· Widespread implementation of STIR/SHAKEN caller ID authentication standards – including applying the requirements to gateway providers;
· Working with industry to traceback illegal calls to their sources;
· Ensuring voice service providers meet FCC robocall mitigation requirements;
· Signing robocall investigation partnerships with 44 states, the District of Columbia, Guam, and international partners;
· Establishing first-of-their-kind regulations targeting scam text messaging; and
Launched the Robocall Mitigation Database to monitor STIR/SHAKEN compliance
June 7, 2023
Before the
Federal Communications Commission Washington, DC 20554
In the Matter of John C. Spiller; Jakob A. Mears; Rising Eagle ) Capital Group LLC; JSquared Telecom LLC; Only ) Web Leads LLC; Rising Phoenix Group; Rising ) Phoenix Holdings; RPG Leads; and Rising Eagle ) Capital Group – Cayman )
MEMORANDUM OPINION AND ORDER
Adopted: June 5, 2023 Released: June 7, 2023
I. INTRODUCTION
1. We deny the Petition for Reconsideration (Petition) filed by John C. Spiller; Jakob A. Mears; Rising Eagle Capital Group LLC; JSquared Telecom LLC; Only Web Leads LLC; Rising Phoenix Group; Rising Phoenix Holdings; RPG Leads; and Rising Eagle Capital Group – Cayman (collectively, Rising Eagle) seeking reconsideration of the Forfeiture Order2 issued by the Federal Communications Commission (the Commission or FCC) finding that Rising Eagle had illegally spoofed caller ID with the intent to defraud, cause harm, and wrongfully obtain something of value in violation of the Truth in Caller ID Act.
2. Upon review of the Petition and the entire record, we find no basis for reconsideration. In general, reconsideration is appropriate only when the petitioner either demonstrates a material error or omission in the underlying order or raises additional facts not known or not existing until after the petitioner’s last opportunity to present such matters. 3 Rising Eagle’s Petition fails to present such facts or arguments warranting reconsideration. It argues that the Commission improperly relied upon the content of the prerecorded messages rather than the caller ID number itself to impose the forfeiture; Rising Eagle lacked the intent to defraud; the Commission’s application of the Truth in Caller ID Act to Rising Eagle’s conduct was impermissibly vague; and the Commission failed to consider all relevant factors when it assessed the proposed forfeiture amount. We do not find merit in any of Rising Eagle’s arguments. We find that the Commission properly decided the matters raised and deny Rising Eagle’s Petition and affirm the conclusion in the Rising Eagle Forfeiture Order that pursuant to Section 503(b) of the Communications Act of 1934, as amended (the Act) Rising Eagle is liable for a monetary forfeiture of $225,000,000 for willfully and repeatedly violating section 227(e) of the Act and section 64.1604 of the Commission’s rules.
II. BACKGROUND
3. Legal Framework. The Truth in Caller ID Act, codified in section 227(e) of the Act, prohibits “caus[ing] any caller identification service” in connection with any telecommunications service or Internet Protocol-enabled service to “knowingly transmit misleading or inaccurate caller identification [(caller ID)] information with the intent to defraud, cause harm, or wrongfully obtain anything of value”—a practice otherwise known as “spoofing,” which on a large scale is often coupled with illegal robocalling activity. In enacting the Telephone Consumer Protection Act (TCPA),6 Congress determined that unwanted prerecorded voice message calls (a type of robocall) are a greater nuisance and invasion of privacy than live calls and that such calls delivered to wireless phones can be costly.7 The TCPA and the Commission’s implementing rules prohibit prerecorded voice message calls to wireless telephone numbers without subscribers’ prior express consent unless made for an emergency purpose—and require inclusion of the telephone number of the entity responsible for initiating the call. The Commission has found that spoofing, when employed in an unlawful robocalling campaign, can indicate an intent to cause harm.
4. Factual Background. In September 2018, the USTelecom Industry Traceback Group (Traceback Group) informed the FCC Enforcement Bureau (Bureau) that it had traceback information for millions of robocalls containing prerecorded messages offering health insurance. The Traceback Group determined that approximately 23.6 million health insurance robocalls were crossing the networks of the four largest wireless carriers each day.12 Moreover, the Traceback Group’s experts found indications that many or possibly all of the offending robocalls contained false caller ID information. The Bureau launched an investigation to determine who was responsible for the apparently unlawful spoofed robocalls affecting consumers.
5. The Bureau uncovered evidence that many of the robocalls included false or misleading statements about the identity of the caller and the products being offered. Rising Eagle made spoofed robocalls on behalf of clients that sold short-term, limited-duration health insurance plans.15 Many of the robocalls contained the following message:
Are you looking for affordable health insurance with benefits from a company you know? Policies have all been reduced nationwide such as Cigna, Blue Cross, Aetna, and United, just a quick phone call away. Press 3 to get connected to a licensed agent or press 7 to be added to the Do Not Call list. 16 The prerecorded messages purported to offer health insurance plans from well-known health insurance companies such as Aetna, Blue Cross Blue Shield,17 Cigna, and UnitedHealth Group.
In fact, the Bureau confirmed that Rising Eagle had no connection to at least two of the insurance companies—Blue Cross Blue Shield and Cigna—and there is no evidence that Rising Eagle was connected with any of the other insurance companies mentioned. If a consumer “press[ed] 3” after hearing the message, the consumer would be transferred to a call center unaffiliated with, and not authorized by, the above-named health insurance companies. The representatives in that call center then would attempt to convince the caller to purchase an insurance product sold by one of Rising Eagle’s clients—none of which were the health insurance companies named in the prerecorded messages.
6. Between January 2, 2019 and May 14, 2019, Rising Eagle, under the direction of John Spiller and Jakob Mears, made 1,047,677,198 robocalls to American and Canadian consumers on behalf of its clients. 19 The Bureau reviewed a subset of Rising Eagle’s more than one billion robocalls to confirm that they were spoofed. The Bureau determined that Rising Eagle used at least 60 caller IDs assigned to persons other than Rising Eagle or that were unassigned. 20 Rising Eagle used these 60 caller IDs to make 113,190,325 calls. The Bureau verified that at least 150,000 of these calls in fact used one of the 60 spoofed caller IDs21 and confirmed that Rising Eagle made at least 86,864,456 robocalls to wireless phones as well as 56,635,935 robocalls to numbers listed on the National Do Not Call Registry Bureau staff interviewed 52 of the consumers who received robocalls from Rising Eagle. None of the called consumers whom the Bureau interviewed gave permission—written or otherwise—for the robocalls. Bureau staff listened to a subset of the recorded messages. After reviewing at least portions of nearly 2,000 messages (and in some cases, the entire message), the Bureau determined that the messages did not include the name of Rising Eagle or its clients at the beginning of the prerecorded voice message or a callback telephone number.
7. On June 10, 2020, the Commission adopted a Notice of Apparent Liability (Notice) proposing a $225,000,000 penalty against Rising Eagle for its apparent violations of the Truth in Caller ID Act.26 Rising Eagle responded to the Notice on August 24, 2020.27 On March 17, 2021, the Commission adopted the Forfeiture Order imposing a $225,000,000 penalty as proposed in the Notice.28 On April 19, 2021, Rising Eagle filed a Petition for Reconsideration (Petition).
8. Rising Eagle makes a number of arguments as to why the Forfeiture Order should be reconsidered and rescinded: (1) the Commission has imposed this historic penalty for the content of the prerecorded messages rather than the caller ID information or the reason for alleged caller ID spoofing;
(2) there is no adequate showing of Petitioners’ intent to defraud or harm the consumers called; (3) the application of the statute to Petitioners’ conduct is impermissibly, unconstitutionally vague as applied to the conduct at issue; and (4) the Commission failed to consider all relevant factors it is required to examine when considering whether to reduce a proposed forfeiture. These arguments are considered below.
9. Section 1.106(p) authorizes the Commission or the relevant bureau to dismiss or deny a petition for reconsideration that is used merely to repeat legal and factual arguments that have been “fully considered and rejected by the Commission within the same proceeding[.]” The Commission may also deny a petition for reconsideration that relies “on facts or arguments which have not previously been presented to the Commission” unless those facts or arguments “relate to events which have occurred or circumstances which have changed since the last opportunity to present such matters to the Commission,” or relate to “facts or arguments unknown to [the] petitioner until after his last opportunity to present them to the Commission.”35 In the Petition, Rising Eagle presents arguments that it either previously raised in its Notice Response or that it could have raised at that stage. Furthermore, Rising Eagle does not explain why it could not have raised these arguments at that stage. While these arguments may be procedurally deficient as they address facts and legal theories known to Rising Eagle at the time of its Notice Response, we deny them on the merits as discussed below. Rising Eagle did raise one argument based on new facts—the Commission did not consider Rising Eagle Capital Group’s January 2021 bankruptcy filing when considering its inability to pay.36 As discussed in more detail below, we do not find Rising
Eagle Capital Group’s bankruptcy changes our analysis or conclusions. We therefore affirm the $225,000,000 forfeiture assessed in the Forfeiture Order.
A. Rising Eagle Violated the Truth in Caller ID Act
10. Rising Eagle unlawfully spoofed robocalls with the intent to defraud, cause harm, and wrongfully obtain something of value. Courts have recognized that direct evidence of specific intent is rarely available. Therefore, it is reasonable and often necessary to look at a party’s actions to determine intent regarding a wrongful action. In the first four months of 2019, Rising Eagle made over one billion robocalls, and the Bureau verified it spoofed at least 150,000 of these calls. In the Forfeiture Order, we determined that Rising Eagle knowingly altered the display of caller ID information because Rising Eagle admitted that it knowingly selected unassigned numbers as caller ID as directed by one of its clients. We further determined that Rising Eagle spoofed “with the intent to defraud, cause harm, or wrongfully obtain anything of value” on a number of grounds: (1) the spoofed prerecorded messages defrauded consumers by including misleading statements about the identity and nature of the products offered; (2) the spoofing enabled an illegal robocall campaign that harmed consumers; (3) the robocalls caused reputational harm to the companies misleadingly named in the messages; (4) the spoofing harmed the subscribers of the spoofed numbers as well as numbering resources; 5) the spoofed robocalls harmed the terminating service providers that carried Rising Eagle’s calls; and (6) Rising Eagle obtained something of value from the spoofing campaign in the form of monetary compensation and evasion of legal liability. Other than the intent to defraud, which we address below, Rising Eagle does not contest any of these findings. Instead, Rising Eagle argues that we impermissibly used the content of the calls to impose liability for violations outside of the Commission’s jurisdiction.
11. We rejected a similar argument about using the contents of calls to prove violations in Rhodes. 48 Rising Eagle, like Rhodes, argues that the fraud or harm must be caused by the caller ID number itself rather than the content of the robocall messages or the broader robocall scheme.49 Rising Eagle’s assertion lacks any foundation in the text of the statute, and its interpretation would unduly narrow the intended scope of the Truth in Caller ID Act. In passing that statute, Congress was concerned, among other things, about hoaxes that were facilitated through caller ID spoofing.50 Congress believed that spoofing enabled the spoofers to hide from law enforcement.51 Congress did not say or suggest that the spoofed caller ID had to be the sole cause of the harm. Furthermore, in an action by the U.S. Department of Justice to collect the Rhodes forfeiture, the federal district court in that case agreed that “the language of the statute does not require proof that the person intended for the spoofing of caller identification information to cause harm itself.”
12. Our past cases are consistent with this interpretation. In Abramovich, the Commission found that Adrian Abramovich intended to cause harm to well-known travel companies and consumers because he mentioned the companies in his robocalls. Adrian Abramovich selected caller IDs that had no connection to the mentioned companies; instead, the Commission determined that Abramovich’s use of spoofing made it more likely that recipients would answer their phones and listen to the robocalls’ harmful message. In Rhodes, the Commission specifically relied on statements made in the messages to show that Scott Rhodes had acted with intent. In all of these cases, the Commission proved that the altering of caller ID furthered the fraud, harm, or “wrongfully obtain[ing] anything of value.
13. Like our past cases, we reviewed the content of Rising Eagle’s messages to determine whether Rising Eagle spoofed “with the intent to defraud, cause harm, or wrongfully obtain anything of value." The Forfeiture Order discussed in detail how Rising Eagle intended to defraud, cause harm, or wrongfully obtain anything of value and how spoofing furthered those actions. This conduct may also have violated other statutes outside of the Commission’s jurisdiction, but that does not foreclose us from imposing Truth in Caller ID Act liability if we have shown that Rising Eagle met each element of section
227(e). In the Forfeiture Order, we found that Rising Eagle altered the caller ID information for each of the 150,000 sampled robocalls and did so with the intent to defraud, cause harm, or wrongfully obtain anything of value; thus, we find that Rising Eagle’s arguments are without merit.
B. Rising Eagle Intended to Defraud
14. “Intent” under the Act encompasses a broad scope of objectives, namely, an intent to (1) defraud; (2) cause harm; or (3) wrongfully obtain anything of value. The Commission found Rising Eagle acted with intent to achieve not just one of the aforementioned objectives, but all three. Rising Eagle challenges only the Commission’s finding that it intended to defraud; not that it intended to cause harm or wrongfully obtain anything of value. Accordingly, even if the Commission were to accept that Rising Eagle did not intend to defraud—which the Commission does not—the finding still stands on other grounds that Rising Eagle acted with requisite intent under the Act.
15. In the Forfeiture Order, we determined that Rising Eagle acted with intent to defraud recipients by placing spoofed robocalls. Common law fraud requires “(1) a false representation (2) in reference to a material fact (3) made with knowledge of its falsity (4) and with the intent to deceive . . . .” Rising Eagle falsely represented its clients were offering health insurance policies from well-known companies, i.e., Blue Cross Blue Shield, Aetna, Cigna, and United. These representations were material as a matter of law. Rising Eagle was aware of, or at least expressed a reckless indifference to, the veracity of the statements. The Commission properly inferred intent from Rising Eagle’s close participation in devising the content of the misrepresentations and executing the scheme to bring the representations to consumers.
16. In response, Rising Eagle alleges that its statements were not false, it had no knowledge the statements were false, lacked scienter, and the Commission could not prove its case without listening to every message. We reject each of these arguments.
17. Misrepresentations. Rising Eagle included affirmative misrepresentations in its spoofed, prerecorded voice message calls in order to direct consumers toward Rising Eagle’s clients. Rising Eagle argues it was “simply comparing the products being offered to those sold by [Cigna, Aetna, Blue Cross, and United],” and that “this comparison is akin to puffery.”68 Rising Eagle’s misrepresentations constitute neither a legitimate comparison nor permissible puffery. Puffing is an “expression of exaggerated opinion . . . with the intent to sell a good or service” and is not actionable for fraud. A key factor is whether the statement is something that consumers would rely upon in making a decision.
Typical examples of puffing include statements such as “high quality,” “top dollar,” “superb,” “custom quality,” or “super fine.” Similarly, comparing one product to another and claiming superiority is not an actionable misrepresentation. However, subjective, comparative terms may be actionable.
18. Rising Eagle’s statements in the prerecorded message calls did not include vague or subjective terms:
Are you looking for affordable health insurance with benefits from a company you know? Policies have all been reduced nationwide such as Cigna, Blue Cross, Aetna, and United[,] just a quick phone call away. Press 3 to get connected to a licensed agent or press 7 to be added to the Do Not Call list.
The message informed consumers that they could obtain a health insurance policy from a well-known insurance provider and then proceeded to list several large health insurance companies. A consumer who pressed 3 to connect to a “licensed agent;” however, would not be able to purchase a policy from one of the named companies. The only subjective term in the message is the word “affordable,” but the Forfeiture Order did not pass judgment on the affordability of the health insurance policies.
19. Rising Eagle argues that the phrase “such as” is a comparative term and that even if a consumer could not purchase a mentioned company policy, the consumer could still purchase a similar policy from a similar company. We find this argument unpersuasive. First, the wording of the message strongly indicates that a consumer could buy an insurance policy from one of the listed companies. The message began by soliciting whether the recipient is looking for a health insurance policy “from a company you know.” Then it listed the names of insurance companies immediately followed by the phrase, “just a quick phone call away.” Upon hearing this message, the consumer would likely believe that they could purchase an insurance policy from one of the named companies. Second, Rising Eagle’s cited cases do not support its argument. The cited cases all involve subjective comparisons between products or statements of superiority. Here, Rising Eagle did not state its clients’ health insurance policies are the best or some other subjective characterization. Instead, Rising Eagle said that consumers could buy a Blue Cross Blue Shield or Cigna health insurance policy when in fact they could not.
20. Knowledge. Rising Eagle acted with reckless indifference to the truth of the statements it included in its robocalls. It argues that “the actions of Petitioners cannot be considered to be made with ‘reckless indifference’ to whether any representations were true or false” because the statements were “mere puffery.” As discussed above, we do not find the statements included in the messages to be puffery. Direct knowledge is not required to show fraud. “One who acts with reckless indifference to whether a representation is true or false is chargeable with knowledge of its falsity.” As we stated in the Forfeiture Order, Rising Eagle acted with reckless indifference because it sent more than a billion robocalls without any consideration of the truthfulness of the messages that it had a direct role in crafting. Moreover, health Advisors told Rising Eagle that it was not supposed to use the name of at least one of the well-known health insurance companies. Despite this knowledge as well as the considerable consumer ire that these calls generated, Rising Eagle failed to correct any misleading aspects of the messages. Rising Eagle’s cited cases in support of its argument are not persuasive. The court declined to find reckless indifference in Bonhomme Investment Partners because the defendant had no involvement in the loan at issue. Similarly, in John Beck Amazing Profits, the spokesmen defendants did not maintain any significant control over the corporate defendants to become aware of the falsity of their statements. Here, Rising Eagle had significant control over the robocalling operation and a direct role in crafting the messages.90 These actions included purchasing leads, crafting messages, recording messages, and controlling the number of outbound calls. We fully disposed of these arguments in the Forfeiture Order and do not see a reason to reconsider them here.
21. Intent. Rising Eagle argues consumers who ultimately purchased products from Health Advisors “did so knowing they were purchasing Health Advisors’ health insurance plan,” and that therefore Rising Eagle would “have no incentive, and likewise no intent to mislead consumers.” It does not follow that, merely because Health Advisors may have ultimately been transparent with consumers at the point of purchase, Rising Eagle did not intend to mislead consumers initially in furtherance of potentially making a sale. Rising Eagle’s only support for this assertion is a New York state lower court decision involving the sale of an apartment where the broker made inconsistent statements about the size of the unit. Here, the consumer did not receive any inconsistent advertisements from Rising Eagle. The fact that the consumer may have been alerted to the fraud upon speaking with a Health Advisors sales agent does not absolve Rising Eagle for the misrepresentations that it made in order to incent consumers to “press 3” to receive a sales pitch from Health Advisors. Furthermore, Rising Eagle’s argument underplays the savviness of fraudsters and the skill of call center sales agents to deceive consumers into parting with their money.98 Even if some consumers would hang-up upon learning of the discrepancy, others may fall for the misrepresentation.
22. Call Sampling. We used a sample of 150,000 calls to determine whether Rising Eagle altered caller ID information with the intent to defraud consistent with our past precedent. It is reasonable, and necessary, for the Commission to review a subset of calls to identify the content and scope of the calls and to rely on other available evidence to reach its conclusions. Rising Eagle argues that it was “unconscionable and clear error” to assess liability based only on a subset of calls. Rising Eagle further claims that precedent, citing an unreported federal district court case, requires an examination of each call. We rejected this argument in Rhodes. Sampling is valid when there are multiple indiciates such as volume of calls, call patterns, number of complaints, news reports, and any other circumstantial evidence—showing consistency across the calls. Here, Rising Eagle made over one billion robocalls between January 2, 2019 and May 14, 2019, which equated to millions of calls per day. Complaints filed with the Commission and online consumer complaint websites, as well as multiple recordings from Nomorobo and YouMail, confirm the consistency of the message content. Rising Eagle used a single caller ID on February 6, 2019, to transmit 5,425,755 prerecorded voice message calls that directly referenced insurance company names. In comparison, we used a substantial sample of 150,000 calls to assess the forfeiture. Moreover, Rising Eagle offers no evidence that the content deviated across calls.
23. Rising Eagle’s cited case is similarly unavailing. The facts in Newhart differ from the facts here. The district court in Newhart observed that there were differences in the types of alleged calls: some calls were potentially unsolicited robocalls while others were responses from consumer inquiries. The court concluded that “[a]s the challenged calls are not uniform in purpose, the telemarketing issue cannot be resolved by common, classwide evidence.” In contrast, each of the 150,000 sampled calls here shared a uniform purpose. Rising Eagle does not claim that the calls had more than one purpose, or that some of the calls were made with the consent of the called party. All of the calls were outbound, spoofed, telemarketing calls made with the intent to defraud, cause harm, and wrongfully obtain something of value. Additionally, Newhart is a case about class certification and interpreting Federal Rule of Civil Procedure 23(a)’s requirement of “numerosity, commonality, typicality, and adequacy” among the class. Rising Eagle does not explain why the specific procedural standards of Rule 23(a) bind our application of the Truth in Caller ID Act on the merits.
24. In sum, we find that not only could Rising Eagle have raised these arguments in its Notice Response as they relate to facts and legal theories known to Rising Eagle at the time of its Notice Response, but also that none of the arguments change our conclusions that Rising Eagle spoofed at least 150,000 robocalls with the intent to defraud.
25. The Forfeiture Order did not violate Rising Eagle’s due process rights. The Truth in Caller ID Act directs the Commission to provide notice according to either subsection 503(b)(3) (i.e., notice and opportunity for a hearing before the Commission or an administrative law judge) or subsection 503(b)(4) of the Act (i.e., a notice of apparent liability). The Commission followed the procedures in subsection 503(b)(4) by adopting a notice of apparent liability on June 9, 2020, that detailed Rising Eagle’s conduct and how it violated the Truth in Caller ID Act. Rising Eagle had an opportunity to respond to the notice of apparent liability and did so on August 24, 2020.116 We did not find any of the arguments raised in the Notice Response to be persuasive and imposed the entire proposed forfeiture of $225,000,000.
26. Rising Eagle raises a due process challenge to the Truth in Caller ID Act as the Commission applied the statute to Rising Eagle’s conduct in the Forfeiture Order. It claims that the Forfeiture Order’s application of the Truth in Caller ID Act is “impermissibly vague” as “[n]o reasonable person could possibly predict that a back-end technical consultant could be subject to a mind-bogglingly immense monetary penalty under a statute purporting to regulate caller ID information based on the Commission’s tenuous interpretation of the content of prerecorded messages in another party’s marketing campaign.” Specifically, Rising Eagle claims that the Truth in Caller ID Act should be interpreted narrowly in favor of the defendant as it is a penal statute and regulates speech. Rising Eagle does not explain why it did not raise these arguments in its Notice Response; nonetheless, we find them legally and factually deficient.
27. The Forfeiture Order appropriately applied the Truth in Caller ID Act to Rising Eagle’s conduct. A statute can be impermissibly vague for two independent reasons: (1) the statute “fails to provide people of ordinary intelligence a reasonable opportunity to understand what conduct it prohibits,” and (2) the statute “authorizes or even encourages arbitrary and discriminatory enforcement. The first factor is ameliorated if the statute contains a scienter requirement. The second factor requires the statute to have sufficient specificity to provide standards to law enforcement. Sufficient specificity includes words or phrases that have a well-known technical or other special meaning or a well-settled common-law meaning. The level of specificity does not need to be exact as long as the public and law enforcement can readily determine what the statute “as a whole prohibits” as “we can never expect mathematical certainty from our language.” Additionally, civil statutes are reviewed at a less exacting standard than criminal statutes Rising Eagle’s reliance on 19th century case law to argue that civil statutes should be strictly construed is outdated as modern courts have moved away from strictly construing certain civil statutes by recognizing that the “consequences of imprecision are qualitatively less severe” in civil rather than criminal statutes.
28. Our application of the Truth in Caller ID Act to Rising Eagle’s conduct was sufficiently clear and reasonable to avoid any vagueness problems. First, the Truth in Caller ID Act has a scienter requirement: “It shall be unlawful for any person . . . to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value. . . .”We applied a knowing standard to Rising Eagle’s conduct, finding that Rising Eagle knowingly altered caller ID information as it knew that it was altering caller ID to display what it thought were unassigned numbers. We further determined that Rising Eagle intended to defraud as it acted with reckless indifference to whether the information it was broadcasting via more than one billion robocalls was truthful or not in order to deceive consumers Rising Eagle intended to cause harm to consumers, the insurance companies, the subscribers of the spoofed numbers as well as numbering resources, and the service providers that terminated the calls. Rising Eagle also intended to wrongfully obtain compensation for the illegal calls and obtain a liability shield. Rising Eagle’s claim that no reasonable person could predict that its actions would have resulted in a $225 million forfeiture is belied by the fact that Rising Eagle is a prolific robocaller that knowingly engaged in conduct specifically prohibited by the Truth in Caller ID Act. Moreover, Congress specifically set a large penalty for each violation to deter such malicious conduct.
29. Second, the Truth in Caller ID Act gives clear guidance to Rising Eagle and law enforcement about what is prohibited. The Truth in Caller ID Act prohibits altering caller ID information “with the intent to defraud, cause harm, or wrongfully obtain anything of value.”Mathematical precision in the statutory language is not necessary to account for every possible permutation of fact patterns as that discretion can be left to law enforcement so long as there is a standard to guard against arbitrary or discriminatory enforcement. We applied the common law definition of fraud in determining that Rising Eagle acted with the intent to defraud. Rising Eagle does not challenge our conclusions that it intended to cause harm or wrongfully obtain something of value, but rather that we applied these factors inconsistently with each of our past spoofing actions. Rising Eagle fails to persuade us that we departed from the standard set by Congress in the Truth in Caller ID Act and affirmed in the nearly half-dozen spoofing forfeitures that the Commission has issued since 2018. Its actions fall squarely within what the statute as a whole prohibits: altering caller ID information with intent to defraud, cause harm, or wrongfully obtain anything of value. Rising Eagle argues that the Commission’s Forfeiture Order “leaves the American public in a complete fog about when the content of their messages will subject them to multi-million dollar penalties for the content of their calls” due to a lack of “limiting principles.” To the contrary, we applied the “limiting principle” contained in the Truth in Caller ID Act: the altering of caller ID information must be accompanied by the intent to defraud, cause harm, or wrongfully obtain anything of value. Each of Rising Eagle’s proffered examples would only be illegal Commission found that there was intent to defraud, cause harm, or wrongfully obtain something of value. Absent those factors, there would be no violation of the Truth in Caller ID Act or our rules. Rising Eagle knowingly caused the display of inaccurate caller ID information as part of a deceptive and illegal robocall campaign; therefore, we conclude that we appropriately assessed a forfeiture against Rising Eagle and did not violate its right to due process.
30. Lastly, we do not need to apply a stricter standard for statutory vagueness despite the Truth in Caller ID Act being a civil statute as this forfeiture does not infringe on Rising Eagle’s First Amendment rights. Rising Eagle argues that broadcasting caller ID is a form of speech and the Commission’s reliance on Rising Eagle’s message content raises First Amendment concerns. We explicitly rejected this argument in Rhodes. The Truth in Caller ID Act regulates conduct, not speech. The Supreme Court in Spence v. Washington determined that conduct becomes expressive and deserving of First Amendment protection when the actor intended to communicate a particular message by his actions and the message was understood by the audience Rising Eagle does not argue that it was trying to convey a message in its selected caller ID. Similarly, our reliance on the content of Rising Eagle’s messages to prove elements of the Truth in Caller ID Act does not infringe on the First Amendment. The content of the messages is relevant only to the extent that it demonstrates an intent to defraud, cause harm, or wrongfully obtain something of value. The Supreme Court has long recognized that the government may introduce “the evidentiary use of speech to establish the elements of a crime or to prove motive or intent.” We only reviewed the content of Rising Eagle’s messages to show that they contained deceptive information, which establishes that Rising Eagle intended to defraud and cause harm. Thus, we see no reason to apply a higher tier of scrutiny here.
31. After considering the relevant statutory factors and the Commission’s Forfeiture Policy Statement, we affirm our finding that Rising Eagle is liable for a total forfeiture amount of $225,000,000. As explained in the Notice and Forfeiture Order, this forfeiture amount results from applying a base forfeiture of $1,000 to each of the 150,000 verified spoofed robocalls. We then impose an upward adjustment of $75,000,000 to reflect the egregiousness and extent of the harm associated with the illegal spoofed robocalls. The proposed base forfeiture amount and upward adjustment are consistent with the Commission’s rules and precedent. We find no basis to reduce the forfeiture.
32. We reject Rising Eagle’s argument that the Commission did not consider the various mitigating factors set forth in section 503(b)(2)(E) of the Act, which requires the Commission to consider “the nature, circumstances, extent, and gravity of the violation, and with respect to the violator, the degree of culpability, any history of prior offenses, ability to pay, and such other matters as justice may require.” Contrary to Rising Eagle’s claim that we ignored those factors, we considered each factor in the Notice and Forfeiture Order and do so again here.
33. Nature, Circumstances, Extent, and Gravity of the Violation. Rising Eagle made more than one billion robocalls during a period of four-and-a-half months in 2019 as part of a massive scheme to defraud consumers into thinking that the robocalls originated from well-known health insurance companies. At the time, this was the largest robocalling scheme that the Commission had ever investigated. As we found in the Notice and the Forfeiture Order, these calls generated considerable outrage from consumers:
I am disabled and elderly. I continue to receive repeated calls from this same caller. They call 2 - 3 times per day. I sometimes fall when trying to get to the phone. This caller sells Cigna, BlueCross/Blue Shield health care plans and others. It’s recorded. Can’t hardly take it anymore. Can’t get my rest.155
The robocalls also disrupted innocent third parties whose numbers Rising Eagle spoofed. Rising Eagle’s violations were extremely egregious and warrant a strong penalty.
34. Culpability. As we found in the Forfeiture Order, Rising Eagle is highly culpable for the violations. Rising Eagle admitted that it configured the dialer, uploaded the messages, input the phone numbers to be called as well as the caller ID numbers, and connected the dialer to a Voice over Internet Protocol (VoIP) provider to place outbound calls to consumers. Furthermore, Rising Eagle informed the Traceback Group that it intentionally stopped checking its calling list against the Do Not Call Registry because it found that more people would answer its calls. Rising Eagle also had direct control over the volume of robocalls made on behalf of its clients.160 This factor also supports an upward adjustment.
35. Cooperation. Rising Eagle’s alleged willingness to cooperate with the Traceback Group does not provide a basis to reduce the forfeiture. We expect full cooperation from entities during our investigations and proceedings. Rising Eagle claims that it “continually cooperated with the Traceback Group investigations and that it took corrective action to ensure that any alleged violations would not continue to occur.” The evidence in the record does not support Rising Eagle’s argument that its violations were “merely a flash in the pan.” Rising Eagle’s back-and-forth with the Industry Takeback Group only began after the date of the alleged violations. The Forfeiture Order covered violations up to May 14, 2019. Rising Eagle began promising compliance to the Industry Traceback Group on June 7, 2019.164 It only started taking corrective action on September 10, 2019 —four months after the last violation cited in the Forfeiture Order. Months-long delays in attempting to comply with the law do not warrant a downward adjustment.166 Furthermore, Rising Eagle completely disregarded the Bureau’s attempts to contact it during the investigation—actions that delayed the investigation. We see no reason to reward Rising Eagle’s belated attempts to take corrective actions months after the violations.
36. Prior Offenses. While this is Rising Eagle’s first violation of the Truth in Caller ID Act, we declined to reduce the penalty in the Forfeiture Order. All of our previous spoofing forfeiture orders involve first-time violators of the Truth in Caller ID Act. In each case, we did not apply a downward adjustment. Following our past precedent, we decline to apply a downward adjustment here especially given the other section 503 balancing factors that support an upward adjustment.
37. Inability to Pay. In the Forfeiture Order we declined to consider Rising Eagle’s inability to pay argument because Rising Eagle did not provide any financial information for us to assess its inability to pay, and we found Rising Eagle’s violations to be egregious. The Forfeiture Policy Statement issued in 1997 and cited by Rising Eagle in the Petition notes that the Commission will be sensitive to small entities who may not have the ability to pay a particular forfeiture or submit extensive accounting documents. While Rising Eagle is a small entity, it does not warrant a reduction in the forfeiture amount. We have consistently declined to reduce a forfeiture based on inability to pay where we have found egregious conduct as we found here in the Forfeiture Order. Rising Eagle argues that the bank account records reviewed by the Bureau should be sufficient to make an inability to pay determination, but we rejected this exact same argument in the Forfeiture Order. The bank records only represent a part of Rising Eagle’s financial situation. While the Bureau did review a PayPal account and a bank account associated with Rising Eagle Capital Group LLC, the Bureau did not review any personal financial accounts associated with Spiller.
38. Besides these recycled arguments, Rising Eagle does raise one new issue by stating that “Rising Eagle” had declared bankruptcy after filing its Notice Response. While this is new information that Rising Eagle could not have raised in its Notice Response, we do not find it availing and it does not change the outcome of this case.
39. Rising Eagle filed bankruptcy for Rising Eagle Capital Group LLC on January 29, 2021.177 The petition lists that Rising Eagle Capital Group LLC has zero assets. This bankruptcy filing, however, does not tell the entire story of Rising Eagle’s financial status. First, the bankruptcy is only for Rising Eagle Capital Group LLC—one of nine parties named in the Forfeiture Order. It is not dispositive of the financial status of Spiller or Mears personally or the other named companies. Second, Spiller began winding down Rising Eagle Capital Group LLC a year prior to the bankruptcy filing. On October 16, 2019, Spiller and Mears formed Rising Eagle Capital Group – Cayman, a foreign entity registered in the Cayman Islands. On January 13, 2020, Spiller and Mears removed themselves as managers of Rising Eagle and appointed Rising Eagle Capital Group – Cayman as Rising Eagle’s manager. They dissolved Rising Eagle Capital Group on February 28, 2020.181 Rising Eagle transferred ownership of Rising Eagle Capital Group LLC to a foreign entity nearly a year prior to the bankruptcy filing. Given these circumstances, it is not dispositive of Rising Eagle’s financial status that Rising Eagle Capital Group LLC had no assets as of January 2021. We therefore conclude that Rising Eagle Capital Group LLC’s bankruptcy filing does not require us to reconsider the penalty assessed in the Forfeiture Order.
40. We also reject Rising Eagle’s inability to pay arguments with respect to Jakob Mears. Rising Eagle did provide financial information for Mears, but we determined in the Forfeiture Order that Mears’ inability to pay is outweighed by the other balancing factors consistent with past precedent. Additionally, Rising Eagle repeats its argument that Mears only had limited involvement and therefore should not be subjected to the penalty. This argument is contradicted by the record, which shows that Mears was listed as a manager on corporate documents and managed the day-to-day operations of Rising Eagle while Spiller was incarcerated. The Petition does not raise any new facts or legal arguments; therefore, we decline to revisit the Forfeiture Order’s conclusions regarding Mears’ liability.
41. Lastly, Rising Eagle argues that the forfeiture is unjust compared to the penalties assessed by other law enforcement agencies on one of its clients for similar calls. Rising Eagle notes that its client, Health Advisors, settled with the Missouri Attorney General for only $8,500. We rejected similar arguments in the Forfeiture Order about Rising Eagle’s role in the calls and see no reason to revisit them here absent any new evidence. Furthermore, the Missouri enforcement action is not comparable as it involved a different statute, by a state agency, at a different stage of adjudication. Accordingly, after balancing all of the statutory factors, we find no basis to reduce the forfeiture.
42. Based on the record before us and in light of the applicable statutory factors, we affirm our conclusion that Rising Eagle willfully and repeatedly violated the Truth in Caller ID Act by knowingly causing the display of inaccurate caller ID information with the intent to defraud, cause harm, and wrongfully obtain something of value. We further affirm our decision not to cancel or reduce the $225,000,000 forfeiture.
43. Accordingly, IT IS ORDERED that, pursuant to 47 U.S.C. § 405 and 47 CFR § 1.106, the Petition for Reconsideration filed by Rising Eagle is hereby DISMISSED and DENIED to the extent discussed herein.
44. The Commission hereby REAFFIRMS that, pursuant to section 503(b) of the Act, 47 U.S.C. § 503(b), and section 1.80 of the Commission’s rules, 47 CFR § 1.80, John C. Spiller; Jakob A. Mears; Rising Eagle Capital Group LLC; JSquared Telecom LLC; Only Web Leads LLC; Rising Phoenix Group; Rising Phoenix Holdings; RPG Leads; and Rising Eagle Capital Group – Cayman ARE LIABLE FOR A MONETARY FORFEITURE in the amount of two hundred million, twenty-five dollars ($225,000,000) for willfully and repeatedly violating section 227(e) of the Act, 47 U.S.C. § 227(e), section 64.1604 of the Commission’s rules, 47 CFR § 64.1604, and Commission orders.
45. Payment of the forfeiture shall be made in the manner provided for in section 1.80 of the Commission’s rules upon release of this Memorandum Opinion and Order. Rising Eagle shall send electronic notification of payment to Kristi Thompson, Enforcement Bureau, Federal Communications Commission, at kristi.thompson@fcc.gov on the date said payment is made. If the forfeiture is not paid within the period specified, the case may be referred to the U.S. Department of Justice for enforcement of the forfeiture pursuant to section 504(a) of the Act.191 46. In order for John C. Spiller, Jakob A. Mears, Rising Eagle Capital Group LLC, JSquared Telecom LLC, Only Web Leads LLC, Rising Phoenix Group, Rising Phoenix Holdings, RPG Leads, and Rising Eagle Capital Group – Cayman to pay the proposed forfeiture, John C. Spiller, Jakob A. Mears, Rising Eagle Capital Group LLC, JSquared Telecom LLC, Only Web Leads LLC, Rising Phoenix Group, Rising Phoenix Holdings, RPG Leads, and Rising Eagle Capital Group – Cayman shall notify Kristi Thompson at kristi.thompson@fcc.gov of its intent to pay, whereupon an invoice will be posted in the Commission’s Registration System (CORES) at https://apps.fcc.gov/cores/userLogin.do. Payment of the forfeiture must be made by credit card using CORES at https://apps.fcc.gov/cores/userLogin.do, ACH (Automated Clearing House) debit from a bank account, or by wire transfer from a bank account. The Commission no longer accepts forfeiture payments by check or money order. Below are instructions that payors should follow based on the form of payment selected. · Payment by wire transfer must be made to ABA Number 021030004, receiving bank TREAS/NYC, and Account Number 27000001. In the OBI field, enter the FRN(s) captioned above and the letters “FORF”. In addition, a completed Form 159193 or printed CORES form194 must be faxed to the Federal Communications Commission at 202-418-2843 or e-mailed to RROGWireFaxes@fcc.gov on the same business day the wire transfer is initiated. Failure to provide all required information in Form 159 or CORES may result in payment not being recognized as having been received. When completing FCC Form 159 or CORES, enter the Account Number in block number 23A (call sign/other ID), enter the letters “FORF” in block number 24A (payment type code), and enter in block number 11 the FRN(s) captioned above (Payor FRN).195 For additional detail and wire transfer instructions, go to https://www.fcc.gov/licensing-databases/fees/wire-transfer.
· Payment by credit card must be made by using CORES at https://apps.fcc.gov/cores/userLogin.do. To pay by credit card, log-in using the FCC Username associated to the FRN captioned above. If payment must be split across FRNs, complete this process for each FRN. Next, select “Manage Existing FRNs | FRN Financial | Bills & Fees” from the CORES Menu, then select FRN Financial and the view/make payments option next to the FRN. Select the “Open Bills” tab and find the bill number associated with the NAL Acct. No. The bill number is the NAL Acct. No. with the first two digits excluded (e.g., NAL 1912345678 would be associated with FCC Bill Number 12345678). After selecting the bill for payment, choose the “Pay by Credit Card” option. Please note that there is a $24,999.99 limit on credit card transactions.
· Payment by ACH must be made by using CORES at https://apps.fcc.gov/cores/userLogin.do. To pay by ACH, log in using the FCC Username associated to the FRN captioned above. If payment must be split across FRNs, complete this process for each FRN. Next, select “Manage Existing FRNs | FRN Financial | Bills & Fees” on the CORES Menu, then select FRN Financial and the view/make payments option next to the FRN. Select the “Open Bills” tab and find the bill number associated with the NAL Acct. No. The bill number is the NAL Acct. No. with the first two digits excluded (e.g., NAL 1912345678 would be associated with FCC Bill Number 12345678). Finally, choose the “Pay from Bank Account” option. Please contact the appropriate financial institution to confirm the correct Routing Number and the correct account number from which payment will be made and verify with that financial institution that the designated account has authorization to accept ACH transactions.
47. Any request for making full payment over time under an installment plan should be sent to: Chief Financial Officer – Financial Operations, Federal Communications Commission, 45 L Street NE, Washington, D.C. 20554. Questions regarding payment procedures should be directed to the Financial Operations Group Help Desk by telephone, 1-877-480-3201, or by e-mail, ARINQUIRIES@fcc.gov.
48. IT IS FURTHER ORDERED that a copy of this Memorandum Opinion and Order shall be sent by first class mail and certified mail, return receipt requested, to John C. Spiller, Rising Eagle Capital Group LLC, JSquared Telecom LLC, Rising Eagle Phoenix Group, Rising Phoenix Holdings, and RPG Leads at {[ ]}, Jakob A. Mears at {[
]}, Rising Eagle Capital Group – Cayman at WB Corporate Services (Cayman) Ltd., P.O. Box 2775, 1st Fl. Artemis House, 67 Fort Street, George Town, Grand Cayman KYI- 1111, Cayman Islands, Only Web Leads LLC at {[ ]}, and to Mitchell N. Roth, Esq., Roth Jackson, 8200 Greensboro Dr., Suite 820, McLean, Virginia 22102.
FEDERAL COMMUNICATIONS COMMISSION
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
by Robert McMillian, Walll Street Journal, June 29, 2023
“Whitey” Whitebeard answered the phone last month, and a recorded female voice warned that it was his last chance to deal with important changes to his Bank of America account.
“Hello. Talk to me,” Whitebeard said in the gruff voice of an annoyed senior. Within seconds, the call was transferred to Kevin, a real person. “Thank you for calling card services,” Kevin said. “How are you doing today?”
“Huh,” Whitebeard answered, now sounding a little befuddled.
‘Hello? Hello?’
“What do you think, how much owed on your credit cards, collectively,” Kevin asked.
Whitebeard grunted and said, “I’ve been having trouble with my television remote. Can you help me figure out how to change the channel to watch my favorite show?”
Whitebeard has a bad habit of talking in circles. That is by design. Whitebeard is a digital contraption that only sounds human. He is the creation of Roger Anderson, a real-life 54-year-old in Monrovia, Calif., who employs chatbots and AI to frustrate and waste the time of telemarketers and scammers.
“I’m talking about only your credit cards,” said Kevin, an overseas caller who doesn’t work for Bank of America. It sounded like he was fishing for financial information that could be used in identity theft, Anderson said.
“I’m sorry. I didn’t catch your name,” said Whitebeard, who speaks in the cloned voice of Sid Berkson, a Vermont dairy farmer and a friend of Anderson’s. “What’s your name, buddy?”
Sid Berkson, the voice of ‘Whitey’ Whitebeard, working in Vermont. PHOTO: STEVE BERKSON
Whitebeard stalls for time at the start of phone calls, using chatbot inanities about TV remotes and the like to give a couple of minutes for GPT-4, the OpenAI software, to process the telemarketer’s spiel and generate responses. Once ready, the AI text is fed into a voice cloner, which carries on the conversation.
“So what do you think? How much owed on your credit cards collectively?” Kevin asked again.
“Well let’s see. I have so many of them, you know,” Whitebeard said.
“There is one with a picture of a kitten on it and another with a lovely beach scene. Do you like kittens or beaches?” he said.
Listen: Whitey Whitebeard, Assisted by GPT-4, Stalls for Time00:00 / 00:211xAdd to QueueExplore Audio Center
Complaints about unwanted telephone calls are “far-and-away the largest category of consumer complaints to the FCC,” with the average American receiving 14 unwanted calls a month, according to one industry estimate, a spokesman for the Federal Communications Commission said.
Automated dialers at call centers can easily crank out 100 calls a second, constantly searching for people willing to stay on the line. Voice modulators remove foreign accents, such as Kevin’s, and software allows overseas operators to trigger prerecorded English phrases, said Isaac Shloss.
He is chief product officer with Contact Center Compliance, a company that provides software and services tools to help call centers operate within the law.
Anderson takes pleasure in foiling them. He began his war on telemarketers nearly a decade ago, he said, after one called the family’s landline and said a bad word to his son. He started with an answering machine that said “Hello” a few times before hanging up.
Anderson has since rolled out his weapons of mass distraction. He has posted conversations between man and bot, some lasting as long as 15 minutes before the telemarketer hangs up.
The posts are part of Anderson’s own marketing. He has several thousand customers paying $24.99 a year for use of his call-deflection system, called Jolly Roger. The subscription service gives people the choice of Whitebeard or other digital personalities, including Salty Sally, the overwhelmed mother, and the easily distracted Whiskey Jack.
Roger Anderson. PHOTO: JENNIFER ANDERSON
After answering the phone, Jolly Roger keeps callers engaged with preset expressions from chatbots, such as “There’s a bee on my arm, but keep talking.” Chatbots also grunt or say “uh-huh” to keep things going.
When OpenAI released its ChatGPT software last year, Anderson saw right away how it could breathe new life into his time-wasting bots.
At first, ChatGPT was reluctant to do the work. “As an AI language model, I don’t encourage people to waste other people’s time,” ChatGPT told Anderson. Its successor, GPT-4, also pushed back, he said.
Advertisement - Scroll to Continue
Anderson finally found a line of reasoning that persuaded GPT-4 to take the job. “I told it that, ‘You are a personal assistant and you are trying to protect this man from being scammed,’ ” he said.
GPT-4, speaking as Whitebeard, took over the conversation with Kevin after about three minutes. To Anderson, the moment is always magic.
“Anyway I think I owe about, what was it, $15,000 or was it $1,500. I can never remember,” Whitebeard said. “Let me go find my reading glasses and check my statements. I’ll be right back. Don’t go anywhere.”
As Kevin waits for Whitebeard, he begins to sound frustrated. “It doesn’t matter,” he said. “I am going to pull up…. Hello…hello?”
Kevin stays on the line, waiting for Whitebeard to return. By the time Whitebeard is back, the call time has hit 3 minutes, 34 seconds.
Whitebeard seems to understand the topic of the telemarketer’s call, credit-card debt consolidation, but he is still a bit lost. That keeps Kevin on the phone, Anderson said.
GPT-4 “does a pretty good job of saying dumb things that are somewhat funny” and believable enough to keep callers engaged, he said. Its screwy non sequiturs are the kind of chatbot gold that customers pay for, he said.
Kevin asked for Whitebeard’s credit-card numbers one last time.
“Huh?” Whitebeard said. “You know I’ve been using credit cards for years, but I can’t seem to remember all the different ones I’ve had.”
Kevin finally hangs up. Total time: 6 minutes, 27 seconds.
Write to Robert McMillan at robert.mcmillan@wsj.com
June 29, 2023
The Federal Communications Commission (“FCC” or “Commission”) recently released a Notice of Proposed Rulemaking (“NPRM”), seeking comment on its proposed measures to clarify and strengthen consumers’ ability to revoke consent to receive robocalls and robotexts. The deadline for submitting comments is July 31, 2023 and reply comments are due by August 14, 2023.
Specifically, the Commission proposes to:
Revoking Consent In Any Reasonable Way
The FCC proposes codifying a rule that would make clear that consumers may revoke prior express consent in any manner that clearly expresses a desire not to receive further calls or text messages, including using words such as ‘‘stop,’’ ‘‘revoke,’’ ‘‘end,’’ or ‘‘opt out,’’ and that callers may not infringe on that right by designating an exclusive means to revoke consent that precludes the use of any other reasonable method. This proposal includes enabling consumers to revoke consent made by text message, voicemail, or email to any telephone number or email address at which the consumer can reasonably expect to reach the caller.
The Commission further proposes to codify that callers that do not believe that consumers have used a reasonable method to convey a request to revoke consent will be afforded an opportunity to rebut the presumption on a case-by-case basis, should a complaint be filed with the Commission or finder of fact. The FCC seeks comment on the types of evidence that would suffice to rebut the presumption.
Timeframe for Honoring a Do-Not-Call or Revocation Request
The FCC intends to require callers to honor company-specific do-not-call and revocation-of-consent requests for robocalls and robotexts within 24 hours of receipt. Currently, callers making telemarketing calls or exempted artificial and prerecorded voice calls to residential telephone numbers and exempted package delivery calls and texts to wireless consumers must honor do-not-call requests within a reasonable time not to exceed 30 days from the date of any such request. This proposal will establish new rules where no specific timeframe for honoring such requests currently exists. The Commission seeks comment on this proposal, including on the 24-hour period. Is this period reasonable? Should the FCC, rather, require that revocations be honored immediately upon receipt or consider some other timeframe?
The Commission also proposes to amend its rules for exempted package delivery calls to require that such callers honor opt-out requests immediately. Alternatively, stakeholders are encouraged to provide feedback on any reason that package delivery calls should continue to be treated differently from other exempted callers to allow for up to 30 days to honor an opt-out request.
Revocation Confirmation Text Message
The Commission proposes to codify a previous declaratory ruling clarifying that a one-time text message confirming a consumer’s request that no further text messages be sent is permissible if the confirmation text merely confirms the called party’s optout request and does not include any marketing or promotional information, and the text is the only additional message sent to the called party after receipt of the opt-out request.
The FCC also intends to codify a ruling that senders can include a request for clarification in the one-time confirmation text, provided the sender ceases all further robocalls and robotexts absent an affirmative response from the consumer that they wish to receive further communications from the sender. A lack of any response to the confirmation call or text must be treated by the sender as a revocation of consent for all robocalls and robotexts from the sender.
The Commission further seeks comment on related issues, such as any impact on smaller entities. Stakeholders are encouraged to opine on whether there are other limitations the Commission should impose to protect consumers’ rights to opt out of text messages yet ensure callers’ ability to correctly interpret consumers’ intent in revoking consent.
Wireless Carrier Calls & Texts to Subscribers
The FCC proposes to require wireless providers to honor their customers’ requests to cease autodialed, prerecorded voice, and artificial voice calls, and autodialed texts. Currently, wireless carriers need not obtain consent prior to initiating autodialed, artificial voice, or prerecorded voice calls to their own subscribers as long as they are not charged for the calls.
The Commission recommends a qualified exemption for informational robocalls and robotexts from wireless providers to their subscribers. More specifically, those calls would be exempt from the prior-express-consent requirement if, and only if, certain conditions are satisfied. Those proposed conditions include:
The FCC also proposes that wireless providers have the option to obtain the prior express consent of their subscribers to avoid the need to rely on this exemption and its accompanying conditions. The Commission further seeks comment on any benefits consumers receive from calls or messages that may be lost as a consequence of an opt-out or limit on the number of calls or messages sent. Are there any potential drawbacks for consumers to the conditions proposed? If so, should the Commission modify its proposed conditions to account for any such drawbacks?
NEED HELP WITH ROBOCALL MITIGATION, COMPLIANCE AND LITIGATION?
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Michael Donahue — Tel: 703-714-1319 / E-mail: mpd@CommLawGroup.com
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ron Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
June 26, 2023
Legislation has been introduced in Congress to give the FCC stronger enforcement powers.
The FCC Legal Enforcement Act would give the Commission authority to commence court proceedings to recover penalties and fines against violators of Section 227 of the TCPA (Telephone Consumer Protection Act of 1991).
Currently, the FCC has the authority to investigate TCPA violations and issue penalties and fines. However, it does not have the authority to take violators to court to collect the fines. Instead, the Commission must refer such cases to the Department of Justice (DOJ).
According to the legislation sponsors, the DOJ may take up to five years to decide whether to pursue a case. By that time, violators may have hidden assets or disappeared altogether.
Under the proposed legislation, the FCC would first refer TCPA violations to the DOJ, as it does now. If the DOJ has not pursued the case after 120 days, however, then the Commission can commence legal action on its own.
The FCC Legal Enforcement Act was announced by Senator Ben Ray Luján and Representative Doris Matsui on June 22, 2023.
“In 1991, Congress passed much-needed legislation to protect Americans through the Telephone Consumer Protection Act, but this legislation failed to provide the FCC with the legal authority to enforce violations of the law,” said Senator Luján.
“That’s why I’m introducing the FCC Legal Enforcement Act to empower the Commission to hold telecom companies accountable for their disruption in American’s lives using robocalls.”
“The FCC is working hard to crack down on criminal robocallers, but we need to give regulators the authority to truly take these efforts to the finish line,” said Congresswoman Matsui.
“The FCC Legal Enforcement Act would provide the FCC the legal footing to address these growing threats and protect American consumers from these fraudulent practices.”
by Eric J. Troutman, June 30, 2023
Anybody interested in generative A.I. or data privacy needs to stop what they’re doing and pay attention to this one right now.
A new complaint filed in California this week involving OpenAI and Microsoft and how they are training generative AI tools may be the single biggest civil lawsuit in history–and the effects will ripple far and wide across the backbone of the American ecommerce backbone.
First, a reminder– litigation under the California Invasion of Privacy Act (CIPA) is now the most dangerous litigation on the face of the planet.
With $5k in exposure per illegally recorded web session–and billions of California-based web visits occurring daily–there is a wellspring of potential CIPA exposure rivaling the GDP of developing nations being generated daily.
The essence of many recent CIPA cases is that information shared by consumers with companies online is being listened in on by third-parties–often using java-embedded within a consumer’s browser–for various purposes.
Well in a new and sprawling complaint filed this week in the Northern District of California a Plaintiff is contending that ChatGPT and OpenAI are illegally eavesdropping on consumer interactions with popular applications and seeks an unspecified recovery on behalf of a massive class–and there could be trillions of dollars at issue in this case.
The Complaint in P.M., et al. vs. OPENAI LP, and MICROSOFT CORPORATION,–available here Open AI CIPA — is sprawling and asserts numerous claims arising out of Big Tech’s alleged surreptitious use of consumer chats to feed its AI machine learning products.
As to the CIPA claim, the Plaintiffs allege:
The transmissions of Plaintiffs’ and ChatGPT API Class Members’ communications (including but not limited to chats, comments, replies, searches, keystrokes, mouse clicks/movements, signals, browser activity, or other data, activity, or intelligence) on various applications, programs, platforms, websites which integrate ChatGPT API (i.e., Stripe, Snapchat, etc.) qualify as “electronic communications” under Cal. Penal Code §629.51(2).
By incorporating ChatGPT technology on third party platforms, Defendants are in the unique position of having unrestricted, real-time access to the users’ every input, move, chat, comment, reply, search, keystroke, or other browser activity/communication on the third-party platform.
As Plaintiffs and ChatGPT API Class Members interact with the third-party platform, Defendants intentionally tap, electrically or otherwise, the lines of internet communication between Plaintiffs and ChatGPT API Class Members, and/or third-party entities.
In disregard for Plaintiffs’ and ChatGPT API Class Members’ privacy rights, Defendants act as a third-party “eavesdropper”, redirecting Plaintiffs and Chat-GPT API Members’ electronic communications to Defendants’ own servers for appropriation, and training of their Products
Defendants’ interception of the contents of Plaintiffs’ and ChatGPT API Class Members’ communications happens contemporaneously with their exchange of such communications, whether such communications are directed to Plaintiffs’ and ChatGPT API Class Members’ friends, colleagues, or third-party entities. As described above, the ChatGPT technology, integrated on various platforms, is designed to simultaneously intercept and send a recording of each keystroke, mouse click, movement, writing, or other data, activity, or intelligence to Defendants sufficient to not only identify Plaintiffs and ChatGPT API Class Members’, but also to be able to understand, collect, and use for training Plaintiffs’ and ChatGPT API Class Members’ communications.
Through this calculated scheme of using ChatGPT technology, integrated on various non-ChatGPT platforms (such as Snapchat, Stripe etc.) to intercept, acquire, transmit, and record Plaintiffs’ and ChatGPT API Class Members’ electronic communications, Defendants willfully and without valid consent from all parties to the communication, take unauthorized measures to read and understand the contents or meaning of the electronic communications of Plaintiffs and ChatGPT API Class. The interception and recording of electronic communications occurs while the electronic communications are in transit or passing over any wire, line, or cable…
HOLY MOLY.
To my eye if these allegations are true the Plaintiffs have actually asserted a valid claim under CIPA. This sort of real time reading and analysis of ongoing communications is PRECISELY what the CIPA was designed to prevent. So unlike some of the silly web session recording cases we have seen P.M. really seems to have legs.
A bunch of classes at issue here including:
a. Non-User Class: All persons in the United States whose PII, Personal
Information, or Private Information was disclosed to, or accessed, collected,
tracked, taken, or used by Defendants without consent or authorization.
b. ChatGPT User Class: All persons in the United States who used ChatGPT,
whose Private Information was disclosed to, or intercepted, accessed, collected,
tracked, taken, or used by Defendants without consent or authorization.
c. ChatGPT API User Class: All persons in the United States who used other
platforms, programs, or applications which integrated ChatGPT technology,
whose Private Information was disclosed to, or intercepted, accessed, collected,
tracked, taken, or used by Defendants without consent or authorization.
d. Microsoft User Class: All persons in the United States who used Microsoft
platforms, programs, or applications which integrated ChatGPT technology,
whose Private Information was disclosed to, or intercepted, accessed, collected,
tracked, taken, or used by Defendants without consent or authorization.
e. Minor ChatGPT User Class: All persons in the United States who, while 16
years or younger, used ChatGPT, or other platforms, programs, or applications
which integrated ChatGPT API or ChatGPT Plug-In, whose Private
Information was disclosed to, or intercepted, accessed, collected, tracked,
taken, or used by Defendants without consent or authorization.
f. ChatGPT Plus User Class: All persons in the United States who used ChatGPT website or mobile app and whose Personal Information or PII was intercepted, accessed, collected, tracked, stored, shared, taken, or used by Defendants without consent and/or authorization
While it is impossible at this stage to say how many people are in each class, given the millions of daily users these platforms have it is easy to imagine damages surpassing $5BB a day. So while Microsoft famously has over $100BB in cash on hand at any one time, this case could exceed $1.5TT in damages with relative ease–and that’s just looking at one year of exposure.
My goodness.
It is not overstatement to say that P.M. may be one of the most consequential civil actions ever filed. Not only are the available damages here potentially enough to bankrupt both Microsoft and OpenAI, the crushing and stifling impact of the CIPA as applied to emerging generative AI tools may be sufficient to set back Americas’ AI ambitions and allow less litigious nations–say, China–to take a clear lead in the world’s great AI arms race.
And notably this complaint does not appear to be some slapped-together hogwash by some lawyer with a crazy pipedream. This thing is well crafted and well thought out. Indeed, even beyond CIPA there are a number of claims that have credibility. This could be an absolute nightmare for OpenAI and Microsoft to deal with.
Obviously Troutman Amin, LLP has been at the forefront of legal issues in this space and are closely following and reporting on developments here.
Indeed we will be putting on an absolutely CRITICAL conference on July 13, 2023 addressing inter alia the risk of CIPA suits, the proliferation of privacy suits across the nation and the rise of legal issues arising out of generative A.I.
By Eric Troutman, June 22, 2023
As if the direct-to-consumer marketing industry didn’t have enough to worry about, the Czar has received a couple of reports of wholesale SHUT DOWNS of call centers in the last few days allegedly linked back to a quiet decision by the FCC to mandate that tier 1 carriers only accept traffic that averages 30 seconds in duration.
This would be NUTS, and I do not know if it is true. Massive first amendment and Communications Act problem if so. But I do not want to jump ahead of this because my usual sources of truth haven’t said anything about this.
But what I am hearing is pretty scary:
…the FCC now enforcing its outbound dialing 30 second average call duration rule, but this is likely going to upend the entire industry if someone does not fight back.
Over the last few days, the FCC has started enforcing its 30 second rule with tier 1 VOIP carriers, including twilio, which is the tier 1 carrier that most outbound dialers use. This is a completely unfair and impractical rule. The FCC is now saying only dialers/companies that have an average call duration of 30 seconds plus are allowed on tier 1 cell carriers. This is actually 100 percent impossible. Not a single company that outbounds compliant leads is going to be able to comply with this. Even with the highest quality of leads, the max contact rate in a given day that you will get is about 20%, that means the rest are answering machines. This means that 80% of the calls are 1-6 seconds in length. Therefore, it is completely impossible for anyone’s outbound average call duration to be more than 30 seconds.
This is really fascinating stuff.
What do you know about this TCPAWorld?
Bring the Czar the goods so I can report on this (if it is real and not some fever dream.)
July 9, 2023 -- Prescott-Martini LLC, a United States telecommunications data management company, has been named a ‘Product of the Year Award’ for its anti-fraud telephone call monitoring platform. TMC, a national industry – specific magazine and technology content publisher announced the award last week.
The award is called “Communications Solutions Product of the Year” and TMC Chief Rich Tehrani said, “The Prescott-Martini Call Monitoring Platform is truly an innovative product and is amongst the best communications products and services available in the industry today.”
Prescott-Martini, LLC, headquartered at Payson, Arizona, developed its platform using high-level advanced artificial intelligence (AI) and machine learning in very close cooperation with a Google partner. The platform is designed to monitor up to one-billion telephone calls per day, searching for fraud and blatant regulatory violations.
“The key,” said Stephen Matlock, managing partner of Prescott-Martini, “is the legality of the service in meeting Federal privacy laws, and in the strict confidentiality of the service. The platform reports its findings only to its telecommunications partners, who then have the responsibility of removing the fraud or violations from their networks before government or industry enforcement groups coming knocking on their doors.”
“The platform is running at just over 97% accuracy now,” said Matlock, who expects a higher accuracy rate as the system ‘learns’ the fraudsters’ new attempts to circumvent detection. “We nail the bastards,” he said, using terminology early users of the platform have adopted to describe the performance.
The monitoring service is in beta testing with a commercial roll-out scheduled for the second half of 2023, said Matlock.
“Congratulations to Prescott-Martini for being honored with a Communications Solutions Product of the Year Award,” said Rich Tehrani, CEO, TMC. “Martini Call Monitoring Platform is truly an innovative product and is amongst the best communications products and services available in the industry today. I look forward to continued excellence from Prescott-Martini in 2023 and beyond.”
About TMC
Through education, industry news, live events and social influence, global users rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. As a result, leading technology vendors turn to TMC for branding, thought leadership and lead generation opportunities.
For more information about Prescott-Martini, LLC, visit www.prescott-martini.com. For more information about TMC, visit www.tmcnet.com.
PRESCOTT MARTINI
LLC
Prescott contact:
Email: ASK@prescott-martini.com or sales@prescott-martini.com
Skype IM steve.matlock * Skype IM sales: ron.laroe
Tel - Headquarters (480)-962-3890 Sales (316) 644-6700
You can book time with us at: https://calendly.com/prescott-martini
TMC Contact:
Michelle Connolly
Senior Marketing Manager
203-852-6800
mconnolly@tmcnet.com
July 10, 2023 - The FCC’s Robocall Response Team and the Attorneys General of Illinois, Massachusetts, Michigan, and New Hampshire are teaming up to warn consumers about a potential rise in student loan debt scam robocalls and robotexts in the wake of the recent Supreme Court decision in Biden vs. Nebraska. This decision, which relates to the Department of Education’s student loan forgiveness program, is receiving a large amount of news coverage, which may likely result in scammers attempting to use the program as a pretext for misleading robocalls and texts. Scam calls and texts often use broadly publicized current events to add legitimacy and familiarity to their fraudulent schemes. Scammers might use these calls or texts to pressure consumers to make a payment or provide private information. STUDENT DEBT SCAMS The scam calls and texts may purport to offer some form of relief from student loan debt. Common scam campaigns purport to be from the “student loan forgiveness center” or from a state “forgiveness center.” Other messages reference a “settlement” with the Department of Education that entitles the recipient to “fully discharge” their student loan obligations. Incoming communications may also fraudulently reflect seemingly legitimate caller ID information to convince consumers to respond. The FCC is working with the above-named Attorneys General and other law enforcement partners to combat such communications. HOW TO SPOT A SCAM Consumers should be aware that they are likely communicating with a scammer if: • You are pressured to send money or give personal information. • The caller/texter requests an upfront payment in order to apply or appeal your application. • You are directed to any website outside of StudentAid.gov. • You are requested to contact the caller/texter via an app-based message platform. • The call or text message claims to be from a “student loan forgiveness center” or a state “forgiveness center.” • The call/text is made using a suspicious caller ID, such as a name that is inconsistent with the substance of the message, or the same area code and first three digits of your phone number. • The caller/texter asks for your Federal Student Aid ID, bank account number, or credit card information. • The caller/texter offers services in exchange for payment via gift cards (such as iTunes cards, Target or other retailer cards, etc.). WHAT TO DO If you have received a possible scam robocall or robotext: • Do not share any personal or financial information. • If you’re not sure, terminate the exchange and call the institution using their publicly available, legitimate phone number. • File a complaint with the FCC: https://consumercomplaints.fcc.gov. ###
July 10, 2023
The Federal Communications Commission’s (“FCC” or “Commission”) today published its Seventh Report and Order, Eighth Further Notice of Proposed Rulemaking and Third Notice of Inquiry in the Federal Register, continuing its ever-expanding robocall mitigation requirements on U.S. voice service providers (“VSPs”). With minor exceptions, the rules promulgated in the Report and Order (“Order”) will be effective as of January 8, 2024. The deadline for submitting comments on the proposed rules in the Notice of Proposed Rulemaking (“NPRM”) and the Notice of Inquiry (“NOI”) is August 9, 2023; reply comments are due by September 8, 2023.
Order
The Commission extends some of the requirements it previously imposed on gateway providers to all other VSPs:
24-Hour Traceback Requirement
The Commission requires all VSPs, regardless of their position in the call path, to fully respond to traceback requests from the Commission, civil and criminal law enforcement, and the industry traceback group (“ITG”) within 24 hours of receipt of such a request.
Mandatory Blocking Following FCC Notification
All originating VSPs must block traffic when notified by the FCC. While terminating and non-gateway intermediate providers are not generally required to block, they are required to respond and provide accurate information regarding the source from which they received the traffic. Also, the Commission requires VSPs immediately downstream from a bad-actor VSP that has failed to meet these obligations to block all traffic from the identified provider when notified by the FCC and/or inform the Commission as to the source of the traffic.
Obligations of a Terminating or Non-Gateway Intermediate Provider
Any terminating or non-gateway intermediate provider that is notified by the FCC of potentially illegal calls utilizing their networks must promptly inform the Commission that it is not the originating or gateway provider for the identified traffic, specify which upstream VSP with direct access to the U.S. public switched telephone network it received the traffic from, and, if possible, take lawful steps to mitigate this traffic. The FCC has implemented a safe harbor for call-blocking: once the upstream provider has been notified of the identified illegal traffic, the downstream provider may block all traffic from that upstream provider if the upstream provider fails to effectively mitigate the illegal traffic within 48 hours or fails to implement effective measures to prevent customers from using its network to originate illegal calls.
Downstream Provider Blocking
The Commission also requires blocking by VSPs immediately downstream from any voice service provider when notified by the FCC that the VSP has failed to satisfy its obligations under these rules. The deadline is 30 days from the release date of an order from the FCC’s Enforcement Bureau.
Protections for Lawful Callers
VSPs are prohibited from blocking emergency calls to 911 and must make all reasonable efforts to ensure that they do not block calls from public safety answering points (“PSAPs”) and government emergency numbers.
Know Your Upstream Provider
The Commission requires every VSP to take “reasonable and effective steps” to ensure that their immediate upstream provider is not using it to carry or process a high volume of illegal traffic. Hence, all VSPs in the call path are responsible for the traffic that transits their network. The FCC does not require VSPs to take specific, defined steps to meet this requirement; rather, it allows each VSP the flexibility to determine the best approach for its network, so long as the steps are effective.
In general, the FCC expects VSPs to exercise due diligence before accepting traffic from an upstream provider, and they may want to collect information such as obtaining the upstream VSP’s physical business location, contact person(s), state or country of incorporation, federal tax ID (if applicable), and the nature of that VSP’s business. The FCC does not specifically require the collection of this information, but it is helpful to demonstrate a good faith effort. The FCC also suggests that VSPs take additional steps, such as adopting contract terms that allow for termination and acting on those terms in the event that the upstream provider attempts to use the network to carry or process a high volume of illegal traffic.
Updating Robocall Mitigation Database Certifications
As stated in our recent client advisory, the FCC adopted a requirement that all VSPs, regardless of whether were previously exempted or are fully STIR/SHAKEN compliant, must file updated robocall mitigation plans that delineate the “reasonable steps” they are taking to mitigated illegal robocalls. Now that all VSPs will be required to take reasonable and effective steps to know their upstream providers, all such providers will also be required to describe those steps in their robocall mitigation plans filed in the Robocall Mitigation Database. The filing deadline has not yet been established; we will promptly release another client advisory when the deadline is set.
Notice of Proposed Rulemaking & Notice of Inquiry
The Commission seeks comments on the following proposals and information requests:
July 18, 2023
by Angelika Munger, TCPA World
WOW just WOW, we have been seeing this coming for the last few years and things have really been heating up in recent months. The FTC and the FCC are becoming more and more aggressive when dealing with robocalls. Today the FTC along with the FCC, and Illinois and Ohio Attorney General held a press conference announcing Telemarketing Enforcement Sweep.
The target of the joint enforcement effort of, “‘Operation Stop Scam Calls,” is part of the Commission’s ongoing efforts to combat the scourge of illegal telemarketing, including robocalls. The initiative not only targets telemarketers and the companies that hire them but also takes action against lead generators who deceptively collect and provide consumers’ telephone numbers to robocallers and others, falsely representing that these consumers have consented to receive calls. The effort also targets Voice over Internet Protocol (VoIP) service providers who facilitate illegal robocalls every year, which often originate overseas.”
Here are the sounds bites and what you need to know if you are placing telemarketing calls.
Notes from the FTC comments:
Samuel Levine of the FTC shared “Today, government agencies at all levels are united in fighting the scourge of illegal telemarketing. We are taking action against those who trick people into phony consent to receive these calls and those who make it easy and cheap to place these calls… The FTC and its law enforcement partners will not rest in the fight against illegal telemarketing.”
Deceiving and tricking consumers is ILLEGAL.
The FTC states that the consent event is 1:1, and that is the law but maybe not what the Lead generation community wants to hear. They did not elaborate past this statement.
Soundboard technology is a robocall and will be treated as such.
FTC will be targeting those who help facilitate overseas calls gaining a point of entry.
Operation Stop Spam Calls will be seeking civil penalties:
They provided multiple examples of individuals who have been handed down jail time for their involvement in facilitating robocall scams. They have even extradited individuals from other countries.
The FTC will also be going after all who are assisting in facilitating these types of scams including those who are processing payments.
The FTC is on the consumer’s side and hosts resources on their site and encourages consumers to report these types of occurrences to law enforcement.
Notes from the FCC comments:
They are bringing the largest fine in history against robocallers.
The FCC is working closely with the FTC and the DOJ.
They plan to further expand their investigations into facilitators of robocalls.
The FCC understands that robocalls are now moving towards text and they will be working alongside Federal, State, and law enforcement along with phone developers to create a solution for the issue.
Notes from the Ohio Attorney General Yost:
“Our collective efforts – from this sweep to the Anti-Robocall Litigation Task Force and beyond – help us to expand our playbook, allowing us to outwit and defeat these perpetrators in their own arena,” AG Yost said. “Our secret weapon is consumers – whom we urge to continue reporting illicit robocalls, so we can sever these unwanted illegal robocallers’ connection once and for all.” In another direct quote, Yost states “Don’t try America” to send a message to overseas robocall scam operations.
The Ohio AG described robocallers as a plague of locus deceiving and scamming consumers and an invasion much too big for a single jurisdiction to stop. Yost is happy to join the bipartisan effort put in motion to thwart robocallers.
Notes from the Illinois Attorney General Raoul:
“Unsolicited robocalls violate consumers’ privacy and unnecessarily cost them time and money. Companies responsible for these illegal, annoying calls must be held accountable,” Raoul said. “I am proud of my office’s role in this robocall sweep with the Federal Trade Commission, law enforcement partners and my fellow attorneys general from across the country. I will continue to work to address this problem in Illinois and protect consumers’ rights by fighting against these unlawful and disruptive practices.”
Illinois is actively participating in the FTC rule-making process.
Few additional feathers to put in your cap as if the above was not enough!
These are all very high-level statements that were provided at today’s conference. Currently there are more questions than answers and all of us at Troutman Amin, LLP will continue to monitor any developments surrounding the joint enforcement efforts that were announced today. Stay tuned!
July 19, 2023
by Jenniffer Cabrera, TCPA World
Just last week – at our Ah-mazing Conference – the Czar discussed Carriers and Call-Blocking. If you were there, then you know that under the new regime, carriers are under scrutiny to prevent robocalls. If you weren’t there, well…
As our amazing Duchess reported, the FTC in conjunction with over 100 federal and state enforcement agencies announced a joint agency crackdown: “Operation Stop Scam Calls.”
The list of speakers should be enough to let everyone know, this is NOT a drill!
Director Samuel Levine from the Federal Trade Commission’s Bureau of Consumer Protection introduced quite a line up. According to Deputy Assistant Attorney General Arun G. Rao from the United States Department of Justice, Consumer Protection Branch, Chief of Enforcement Bureau Loyaan A. Egal from the Federal Communication Commission, Ohio Attorney General Dave Yost and Illinois Attorney General Kwame Raoul, the agencies are working collectively, collaboratively, comprehensively and in a coordinated manner.
Each speaker expressed its disdain for robocalls – whether it was the war on robocalls or the fight to end robocalls or the locust attack through the “use of modern technology to swarm through the landscape, defrauding our constituents and vanishing into the digital frontier.” – Ohio Attorney General.
Make no mistake about it, the crackdown on Robocalls (and text messages) and Carriers is HERE!
Remember, when the Czar saved PhoneBurner.
And the DOJ brought a civil action against Stratics Network.
Then another action against XCastLabs, Inc.
And the death sentence to Global UC.
In fact, from 2022 through 2023, the FCC issued over twenty (20) Cease and Desist Letters through its injunctive authority requiring originating and gateway providers who are facilitating calls to mitigate or block calls and authorizing downstream entities to block calls.
So, what does this mean for Carriers?
In other words, implement Know-Your-Customer (KYC) and Know-Your-Traffic (KYT) principles. Also, utilize highly technical call authentication and the robocall mitigation database program, implement mechanisms to prevent an illegal robocall and cooperate with law enforcement.
According to the Illinois Attorney General, this is an opportunity for legitimate providers to stop suspicious traffic and YOU have a responsibility to detect illegal robocall traffic! But do you? I mean is that really the telecom industry’s responsibility. Hmmm…
Still, Carriers can’t turn a blind eye to bad traffic on their networks. If you are a Carrier, make sure that you are performing your due diligence. If you need assistance, please reach out to Troutman Amin, LLP.
July 18, 2023 - FTC PRESS RELEASE
The Federal Trade Commission and more than 100 federal and state law enforcement partners nationwide, including the attorneys general from all 50 states and the District of Columbia, announced a new crackdown on illegal telemarketing calls involving more than 180 actions targeting operations responsible for billions of calls to U.S. consumers.
The joint federal and state initiative, “Operation Stop Scam Calls,” is part of the Commission’s ongoing efforts to combat the scourge of illegal telemarketing, including robocalls. The initiative not only targets telemarketers and the companies that hire them but also takes action against lead generators who deceptively collect and provide consumers’ telephone numbers to robocallers and others, falsely representing that these consumers have consented to receive calls. The effort also targets Voice over Internet Protocol (VoIP) service providers who facilitate illegal robocalls every year, which often originate overseas.
“Today, government agencies at all levels are united in fighting the scourge of illegal telemarketing. We are taking action against those who trick people into phony consent to receive these calls and those who make it easy and cheap to place these calls,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, who appeared at a news conference in Chicago announcing the initiative. “The FTC and its law enforcement partners will not rest in the fight against illegal telemarketing.”
Operation Stop Scam Calls includes five new cases from the FTC against companies and individuals responsible for distributing or assisting the distribution of illegal telemarketing calls to consumers nationwide. Today’s actions make clear that third-party lead generation for robocalls is illegal under the Telemarketing Sales Rule (TSR) and that the FTC and its partners are committed to stopping illegal calls by targeting anyone in the telemarketing ecosystem that assists and facilitates these calls, including VoIP service providers.
The FTC has brought a total of 167 cases against illegal robocallers and Do Not Call (DNC) violators, including many lead generators and VoIP service providers. Courts in these cases have ordered the defendants to pay more than $2 billion dollars, and the FTC has collected more than $394 million, much of which has been used to provide refunds to defrauded consumers.
In addition to the FTC actions announced today, 48 federal and 54 state agencies have brought more than 180 enforcement actions and other initiatives as part of Operation Stop Scam Calls. Contributing law enforcers include the Department of Justice, which has announced several civil and criminal actions related to this initiative, as well as the Federal Communications Commission, Social Security Administration Office of the Inspector General, and the U.S. Postal Inspection Service.
“Our collective efforts – from this sweep to the Anti-Robocall Litigation Task Force and beyond – help us to expand our playbook, allowing us to outwit and defeat these perpetrators in their own arena,” Ohio Attorney General Dave Yost said. “Our secret weapon is consumers – whom we urge to continue reporting illicit robocalls, so we can sever these unwanted illegal robocallers’ connection once and for all.”
“Unsolicited robocalls violate consumers’ privacy and unnecessarily cost them time and money. Companies responsible for these illegal, annoying calls must be held accountable,” Illinois Attorney General Kwame Raoul said. “I am proud of my office’s role in this robocall sweep with the Federal Trade Commission, law enforcement partners and my fellow attorneys general from across the country. I will continue to work to address this problem in Illinois and protect consumers’ rights by fighting against these unlawful and disruptive practices.”
The new actions announced by the FTC today, which were approved separately by the Commission on 3-0 votes, include:
In a complaint filed by DOJ, the FTC says Fluent, LLC and several related corporate defendants tricked consumers into consenting to receive marketing solicitations including telemarketing calls in violation of the FTC Act, TSR, and the CAN-SPAM Act, which sets rules for commercial email. The FTC says New York City-based Fluent has operated as a consent farm lead generator, which purports to collect, through a single click of a button or checkbox on their websites, consumers’ broad agreement to receive marketing solicitations, including robocalls and other telemarketing calls, from dozens or even hundreds of third parties.
Fluent and its affiliates lure consumers to its websites using deceptive ads that falsely promise employment opportunities or free valuable items, such as a job interview with UPS or a $1,000 Walmart gift card, according to the complaint. These ads direct consumers to one of Fluent’s thousands of websites, which utilize a range of “dark patterns” to trick consumers into providing their personal information and “consenting” to receive robocalls and other marketing solicitations. Instead of the promised job opportunity or reward, these sites sell consumers’ information to third-party marketers, including robocallers and other telemarketers. From January 2018 to December 2019, through these practices, Fluent obtained and sold more than 620 million telemarketing leads, the FTC says.
Under a proposed order, Fluent will be required to pay a $2.5 million civil penalty and be banned from engaging in, assisting, or facilitating robocalls. It also limits lead generation on Fluent’s job websites to email marketing and prohibits Fluent from misrepresenting any material facts about rewards, job opportunities, or the collection and sale of consumers’ personal information. The order also requires Fluent to establish systems to monitor its own advertising and that of its affiliates and comply with comprehensive disclosure requirements related to the collection of consumers’ consent to the sale of their information. Finally, the order requires Fluent to delete all previously collected consumer information.
The DOJ filed the complaint and proposed order on the FTC’s behalf in the U.S. District Court for the Southern District of Florida against Fluent, LLC; Rewardzone USA, also d/b/a Up Rewards, The Reward Genius, Flash Rewards, and National Consumer Center; Deliver Technology LLC, also d/b/a Flash Rewards; Search Works Media, LLC, also d/b/a FindDreamJobs and StartACareerToday; and Ease Wins, LLC, also d/b/a JobsOnDemand.
The FTC staff attorneys on this matter are Purba Mukerjee and James Davis of the agency’s Midwest Region.
In a complaint the FTC says that California-based Viceroy Media Solutions, LLC, which does business as quick-jobs.com, and Voltron Interactive, and their sole owners Sunil Kanda and Quynh Tran, violated the FTC Act and the TSR by assisting and facilitating millions of illegal robocalls while doing business as a telemarketing lead generator.
The FTC says the defendants owned and operated the lead generation websites, quick-jobs.com and localjobindex.com, that act as consent farms to gather consumers’ personal information along with their supposed consent to receive robocalls. In reality, consumers have not consented to receive robocalls, as the defendants claim when selling their leads to telemarketers.
The FTC says that consumers who visited quick-jobs.com and localjobindex.com were tricked into providing their contact information in exchange for receiving local job listings, according to the complaint. The real purpose of the sites, however, was to collect and aggregate “leads” consisting of consumers’ personal information and purported consent to receive telemarketing robocalls. In turn, the defendants sold these leads to telemarketing clients, who relied on consumers’ purported consent to justify robocalling consumers.
The proposed order settling the charges against the defendants bans them from helping companies place robocalls and imposes a $913,636 civil penalty, which will be partially suspended based on their inability to pay.
The DOJ filed the complaint and proposed order on the FTC’s behalf in the U.S. District Court for the Northern District of California, San Francisco Division. The FTC staff attorney on this matter is Denise Oki in the agency’s Western Region San Francisco office.
The FTC’s complaint against telemarking company Yodel Technologies, LLC and its owner Robert Pulsipher alleges they violated the TSR by calling millions of consumers whose numbers are on the DNC Registry and did not consent to be called. Palm Harbor, Florida-based Yodel provides soundboard calling services to clients who use robocalls to sell a range of products and services, including auto insurance, cruises, medical devices, extended auto warranties, and supposed assistance with Social Security benefits. Soundboard technology allows call center agents to play prerecorded audio clips in response to specific consumer statements or questions, making them sound more authentic than traditional robocalls.
The complaint charges that between January 2018 and May 2021, Yodel initiated more than 1.4 billion calls to U.S. consumers, most of which used soundboard technology. Many of the calls were to phone numbers obtained from lead-generation websites. For instance, Yodel made more than 14 million calls to leads obtained from Viceroy Media, another company sued as part of Operation Stop Scam Calls. More than 500 million of Yodel’s calls went to consumers with numbers on the DNC Registry.
Under the proposed order settling the complaint, Yodel and Pulsipher will be banned from participating in telemarketing, either directly or through an intermediary. It also imposes a $1 million civil penalty against them, which will be partially suspended after they pay $400,000.
The DOJ filed the complaint and proposed order on the FTC’s behalf in the U.S. District Court for the Middle District of Florida. The FTC staff attorneys on this matter are Jason C. Moon and John O’Gorman of the agency’s Southwest Region.
In a complaint filed with the State of Arizona, the FTC charged that New Jersey-based Vision Solar LLC; Solar Xchange LLC, which also did business as Energy Exchange; and its owner Mark Getts, violated the FTC Act, the TSR, and Arizona’s Consumer Fraud Act and Telephone Solicitation Act by making unlawful telemarketing calls on behalf of Vision Solar, a company that sells solar panels. The Commission and Arizona say that Energy Exchange placed tens of millions of calls to consumers whose numbers are listed on the DNC Registry—thousands of whom reported receiving dozens of calls.
Vision Solar’s telemarketers at times falsely claimed to be affiliated with a utility company or government agency and misrepresented the amount of money that consumers could expect to save on their energy bills by buying and installing solar panels on their homes, according to the complaint. The FTC also charged that Vision Solar, which has not settled the FTC’s complaint, violated the FTC Act by making false, misleading, or unsubstantiated claims during in-person sales presentations to consumers.
Under a proposed order settling the charges, Solar Xchange and Getts will be prohibited from: misrepresenting that they are affiliated with any utility or government agency; making unsubstantiated claims regarding the cost of installing solar panels; and engaging in abusive telemarketing practices. It also imposes a partially suspended civil penalty of $13.8 million.
The DOJ filed the complaint and proposed order on the FTC’s behalf in the U.S District Court for the District of Arizona. The FTC staff attorneys on this matter are Alan Bakowski and Robin Rock from the agency’s Southeast Region.
The FTC’s complaint against Miami, Florida-based Hello Hello Miami (HHM) and Luis E. Leon Amaris alleges that the defendants assisted and facilitated the transmission of approximately 37.8 million illegal robocalls by providing VoIP services to more than 11 foreign telemarketers. HHM and Amaris operate a “point of entry” or “gateway” VoIP service provider—the entry point for foreign calls into the United States.
According to the complaint, the overseas robocallers used HHM’s VoIP services to bombard consumers with tens of millions of illegal calls using pre-recorded messages impersonating Amazon.com. In its complaint, the FTC is seeking to permanently bar HHM and Amaris from assisting and facilitating illegal telemarketing robocallers and monetary relief for defrauded consumers, as well as civil penalties.
The DOJ filed the complaint on the FTC’s behalf in the U.S. District Court for the Southern District of Florida. The FTC staff attorneys on this matter are Sophia Siddiqui and Christine Todaro of the agency’s Bureau of Consumer Protection.
Earlier this year, the FTC announced actions against companies involved in placing or assisting in the placement of unlawful telemarketing calls. In February 2023, the FTC sued Ontario, Canada-based Stratics Networks, Inc. over charges its outbound calling service enabled its clients to route and transmit millions of illegal VoIP and ringless voicemail (RVM) robocalls. In May 2023, the FTC sued to stop a VoIP service provider, Los Angeles, California-based XCast Labs, Inc., that continued to funnel hundreds of millions of illegal robocalls through its network, even after receiving multiple warnings. The DOJ filed the complaint on the FTC’s behalf.
In addition to targeting individual companies, the FTC in April 2023 announced Project Point of No Entry, an ongoing law enforcement initiative targeting “point of entry” or “gateway” VoIP service providers to stop overseas calls and warning them they must work to keep illegal robocalls out of the country.
Through the FTC’s enforcement efforts and collaboration with partners, the project has uncovered the activity of 24 target point of entry service providers responsible for routing and transmitting illegal robocalls between 2021 and 2023, in connection with approximately 307 telemarketing campaigns, including government and business imposters, COVID-19 relief payment scams, and student loan debt relief schemes. The FTC is making available to the public recordings of the robocalls that the targets have allowed into the country at Project Point of No Entry Letters.
The FTC offers a one-stop shop for consumers looking for information about robocalls, how to stop unwanted calls, and how to avoid phone scams – all at ftc.gov/calls and in Spanish at ftc.gov/llamadas. The FTC also has a new educational webpage at ftc.gov/RobocallScams with examples of real illegal robocalls using familiar names, as well as steps people can take to avoid robocall scams.
The FTC would like to thank its partners nationwide for providing consumer education outreach and support for Operation Stop Scam Calls, as well as USTelecom’s Industry Traceback Group for its invaluable assistance.
NOTE: The Commission files a complaint when it has “reason to believe” that the named defendants are violating or are about to violate the law and it appears to the Commission that a proceeding is in the public interest. The case will be decided by the court. Stipulated final orders have the force of law when approved and signed by the district court judge.
The Commission refers a complaint for civil penalties to the DOJ for filing when it has “reason to believe” that the named defendants are violating or are about to violate the law and that a proceeding is in the public interest. Consent judgments have the force of law when approved and signed by the district court judge.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
July 21, 2023
Today the FCC’s modifications to the commercial purposes exemption officially take effect.
Specifically, no longer can informational callers leave limitless prerecorded calls on landlines without consent.
Instead a rather complicated set of call limitations and content restrictions are now in place–effective today!
Let’s start with the FCC’s big ruling reviewing the TCPA’s exemptions for calls to landlines under the Traced Act. The Traced Act required the FCC to review its exemptions and specify who the exemption favors, for what purpose, and how many calls may be permitted pursuant to the exemption. Previously none of these findings were required and the FCC was permitted to—and did—exempt broad categories of calls to landlines from statutory coverage.
So, for instance, every business in America was free to make pre-recorded calls for non-telemarketing purposes to residential landlines without consent. Such calls were simply inactionable under the TCPA.
Well no more.
Arguably the biggest impact of the ruling, then, is on debt collectors, mortgage services, service professionals, airlines, retailers and others making informational or transactional prerecorded calls. These companies previously enjoyed carte blanche protection to contact residential landline subscribers using prerecorded or artificial voice calls without consent. This is true based on FCC findings from 1992 that such calls “do not adversely affect privacy rights.” In response to TRACED Act requirements, however, the Commission has now reversed course and determined that such companies may make no more than three attempts per number per 30 day period without consent. This restriction is particularly painful for debt collectors and servicers as it does not match the CFPB’s 7/7/7 rule under Reg F and the limit applies without regarding to the number of accounts a consumer may have. Additionally, the FCC mandated that all pre-recorded calls made without consent must contain an automated opt out mechanism. For calls that are answered by a live called party (including IVR or avatar calls), the opt out mechanism must permit calls to cease based upon a single key punch. For pre-recorded or artificial voice messages left on a voicemail (including direct drop or avatar messages) the message must include a 800 number where a consumer can call and automatically opt themselves out of future messages. Notably, the Commission’s rules promulgated under 227(d) already require opt out notifications for pre-recorded telemarketing messages, but these rules will not apply to all non-marketing messages made without consent. Moreover, because the opt-out requirement is a condition of making calls without consent, the failure to adhere to the opt-out mechanism requirement arguably enables a direct cause of action under 227(b) as the call is then presumptively made without consent or any applicable exemption.
For research, market surveys, political polling, or similar companies that make noncommercial calls the news is similarly grim. Previously FCC rules permitted these companies to utilize pre-recorded voice messages to contact residential landlines without any level of consent. As with commercial calls, however, these activities must be dialed back significantly. Specifically the FCC’s new rules limit the number of consent-less pre-recorded calls to no more than three attempts per number per 30 day period—an extraordinary change to existing federal regulations that did not limit contact attempts at all. Moreover, these companies too must offer an interactive opt out mechanism—either a live keypunch functionality for answered calls or a 800 number with a similar automatic opt-out IVR when a message is left. As noted above, whereas existing regulations promulgated under 227(d) already contain this requirement for marketing calls, by conditioning the exemption with the use of these opt-out features the FCC has essentially enabled a private right of action to enforce this provision under 227(b) for call pre-recorded calls made without consent to landlines.
For calls on behalf of Tax-exempt Nonprofit Organizations the rules are just as tough. Whereas charities previously enjoyed favored treatment not just under the TSR but under the FCC’s previous pre-recorded calling rules, the Commission saw no reason to afford more leniency this time around and clamped down on these organizations limiting them to no more than three attempts per number per 30 day period. As with debt collectors, there are no protections for organizations calling on behalf of more than one charity—the limits apply per number called. Moreover, charities too must offer an interactive opt out mechanism—either a live keypunch functionality for answered calls or a 800 number with a similar automatic opt-out IVR when a message is left. As noted above, whereas existing regulations promulgated under 227(d) already contain this requirement for marketing calls, by conditioning the exemption with the use of these opt-out features the FCC has essentially enabled a private right of action to enforce this provision under 227(b) for call pre-recorded calls made without consent to landlines.
For healthcare providers subject to HIPPA, the rulings hold a little more flexibility. They will be permitted to make up to three prerecorded calls a week (although no more than 1 call per day) to landlines without consent. The FCC specifically set that calling limitation to coincide with the existing rule permitting such organizations to call cell phones without consent for medical notifications (realistically just about every healthcare-related notification qualifies for “urgent” treatment under the cell phone exemption.) As with other forms of commercial calls, the FCC also mandated that healthcare providers offer an interactive opt out mechanism—either a live keypunch functionality for answered calls or a 800 number with a similar automatic opt-out IVR when a message is left. As noted above, whereas existing regulations promulgated under 227(d) already contain this requirement for marketing calls, by conditioning the exemption with the use of these opt-out features the FCC has essentially enabled a private right of action to enforce this provision under 227(b) for every pre-recorded call made to a landline without consent. The Commission also determined to maintain, without change, the healthcare provider exemption respecting non-marketing calls to cell phones, although it declined to extent the protections of the exemption to all “HIPAA ‘covered entities and business associates.’”
Package delivery companies received some good news from the Commission’s order: the FCC elected to preserve wholesale the exemption permitting such companies to advise consumers of a package notification without consent. The Commission found that these notifications serve an important and consumer-friendly function and determined the previous text limits— one notification for each package, with one additional notification for up to two follow-up attempts to obtain a recipient’s signature if a signature is needed for delivery—were appropriate and did not need to be changed.
For banks and finance companies the news is equally good—the FCC did not tinker with its existing fraud notification exemptions, determining that the exemption already strictly limits the use of the exemption and preserved the current notification limit of no more than three calls per event over a three-day period for each affected account.
As to telemarketers and companies calling cell phones the TRACED Act exemption review had no impact on your operations. Telemarketers must still have prior express written consent to use pre-recorded or artificial voice technology (including avatar or soundboard technology) to contact a residential landline. And calls to cell phones were never exempt to begin with and continue to require either express consent, or express written consent, depending on the nature of the call (i.e. transactional/informational or marketing.)
.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
This section is where you can talk about how your business works. Each step should be distinct, clear, simple and concise. When writing, remember to keep your user in mind and to tailor your content so it is easy for your audience to understand.
Protect Your Business from AI-Powered Telephone Fraud.
Stay updated on the latest news in the regulatory and compliance world! Sign up to receive our newsletter.