Wow, it's been a long time for me away from the blog. Busy with so…
Most FCC regulations come about through a rigorous, multistep Rulemaking process, wherein the agency opens a docket, solicits input, drafts a proposed rule, endures a public comment period, and then issues an Order.
But there’s a quicker path, as the FCC reminded me in their just-issued draft Declaratory Ruling regarding robocall blocking. At footnote 56, they say: See 47 CFR § 1.2 (“The Commission may . . . on its own motion issue a declaratory ruling terminating a controversy or removing uncertainty.”). (I posted my thoughts on that DR a few days ago.)
Terrific. Here are a few things I think they should clear up with respect to the ORIGINATION of robocalls (see my recent related post). What better way to do that than in another Declaratory Ruling that I’ve drafted below.
We know that all calls to US telephone numbers enter the network through some US-based service provider. Some of these providers grant access to high-volume calling capability, even to anonymous or unvetted callers. Some providers also invite those customers to use any caller-ID value of their choosing, even allowing a different value for every call. These are invitations for abuse. These providers are the sources of massive numbers of illegal robocalls. This Declaratory Ruling clarifies to all providers that such practices, considering the illegal robocalling scourge now facing us, are deemed unreasonable. The scope of the Declaration is as follows:
First, a service provider originating a call on behalf of a caller will include in the signaling a Caller-ID value supplied by the caller only when the provider has effective technical and/or contractual procedures in place to insure that the value is a number assigned to the caller, or is a number which the assignee has granted permission to the caller to use, unless the caller is excepted under 47 CFR § 64.1604(b).
Although STIR/SHAKEN will be deployed by major carriers soon, those carriers are not the sources of problematic calls; the technology also does not apply to calls transiting legacy networks. We can’t wait for STIR/SHAKEN to address the spoofing problem. This rule puts some onus on providers to limit caller-ID values and thus dramatically reduce the incidence of improper spoofing.
Second, a service provider affixing a signature to a call using any call authentication technology will apply full attestation, as that term is defined in the technology, only when that provider has a documented and effective mechanism in place to know that the caller-ID value satisfies the criterion in the paragraphs immediately above.
With the forthcoming STIR/SHAKEN technology, originating providers will “vouch” for the authenticity of the calling number. But there are no teeth in the process; the service provider is under no obligation to be truthful or diligent. Just as some providers today are complicit in the illegal calling activities of their customers, the problem could get worse if the new authentication technology is undermined by nefarious providers. This rule says that a provider can only declare “full” attestation (the highest level) if it is willing to risk penalties if the caller-ID is in fact not one used properly by the caller.
Third, in any given hour, a service provider will not originate more calls on behalf of a caller than could reasonably be expected via manually dialed human-to-human calling if the caller: (i) is anonymous; (ii) has not been vetted by that provider such that the provider can make a reasonable assessment that all the calls are legal; or (iii) has previously placed calls which have been the subject of complaints, said complaints having not been reconciled through the provider’s established and effective measures.
Many service providers allow, by default, any customer to blast hundreds or thousands of calls per minute with no vetting. This rule dictates that the provider will only make that capability available selectively and will act quickly if calls prove problematic (as evidenced by complaints).
Fourth, any service provider worldwide originating or transiting a call to a United States public network telephone number must timely factually respond to an inquiry about the source of that call, provided that the inquiry includes good-faith evidence that the call is illegal, and said inquiry is made by (i) a duly-authorized US federal or state agency, or (ii) a US telecommunications provider in the call path or their agent.
We have demonstrated that “traceback” is a very effective method for finding the source(s) of an illegal calling campaign so that it can be mitigated. But it requires cooperation from every provider in the call path and while most cooperate voluntarily, this rule ensures that the problematic providers cannot exempt themselves and that the technique will achieve maximum effectiveness.
Fifth, a US-based provider will not transit calls on behalf of a non-US provider to a US telephone number if that non-US provider has previously delivered calls which have been the subject of complaints, said complaints having not been reconciled through the US provider’s established and effective measures.
A sizable fraction of illegal calls originates outside the US. Because we lack jurisdiction and timely and effective enforcement with respect to overseas entities, the best place to address this problem is where the calls enter our country. This rule gives the special attention required for this situation. If a US provider opts to accept calls from overseas, they’ll need to use their commercial (contractual) levers to make sure their customer complies with our rules. This provision kicks in if there are complaints; otherwise, no action is required.
For the purposes of the above, a “provider” is an entity covered by 47 U.S. Code § 201(b); violations will be considered an “unreasonable practice” thereunder and subject to associated FCC enforcement actions. Entities not subject to regulation by that section are instead “callers” subject to the associated penalties for call initiators and the related private right-of-action where applicable. Providers cannot exist in a “no-man’s-land” where they claim exemption from both sets of regulations.
(I’ll revise this post to the extent I get suggestions to make it better. Original published 22-May-2019.)