2019-13320. Advanced Methods To Target and Eliminate Unlawful Robocalls, Call Authentication Trust Anchor  

  • Start Preamble

    AGENCY:

    Federal Communications Commission.

    ACTION:

    Proposed rule.

    SUMMARY:

    In this document the Federal Communications Commission (FCC or Commission) invites comments on proposed revisions to its rules implementing the Telephone Consumer Protection Act and seeks comment on issues pertaining to the implementation of SHAKEN/STIR. The Commission proposes: A safe harbor for call-blocking programs targeting unauthenticated calls, which may be potentially spoofed; safeguards to ensure that the most important calls are not blocked; and to require voice service providers to Start Printed Page 29479implement the SHAKEN/STIR Caller ID Authentication framework, in the event major voice service providers have failed to do so by the end of this year.

    DATES:

    Comments are due on or before July 24, 2019, and reply comments are due on or before August 23, 2019.

    ADDRESSES:

    You may submit comments, identified by CG Docket No. 17-59 and WC Docket No. 17-97, by any of the following methods:

    Federal Communications Commission's website: http://apps.fcc.gov/​ecfs/​. Follow the instructions for submitting comments.

    Paper Mail: Parties who choose to file by paper must file an original and one copy of each filing. Filers must submit two additional copies for each additional docket or rulemaking number. Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission.

    People with Disabilities: Contact the FCC to request reasonable accommodations (accessible format documents, sign language interpreters, CART, etc.) by email: FCC504@fcc.gov or phone: 202-418-0530 or TTY: 202-418-0432.

    For detailed instructions for submitting comments and additional information on the rulemaking process, see the SUPPLEMENTARY INFORMATION section of this document.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Jerusha Burnett, Consumer Policy Division, Consumer and Governmental Affairs Bureau, email at jerusha.burnett@fcc.gov or by phone at (202) 418-0526.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    This is a summary of the Commission's Third Further Notice of Proposed Rulemaking (TFNPRM), in CG Docket No. 17-59, WC Docket No. 17-97; FCC 19-51, adopted on June 6, 2019 and released on June 7, 2019. The Declaratory Ruling that was adopted concurrently with the TFNPRM is published elsewhere in this issue of the Federal Register. The full text of document FCC 19-51 is available for public inspection and copying via the Commission's Electronic Comment Filing System (ECFS), and during regular business hours at the FCC Reference Information Center, Portals II, 445 12th Street SW, Room CY-A257, Washington, DC 20554. To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an email to fcc504@fcc.gov or call the Consumer and Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (TTY).

    This matter shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission's ex parte rules. 47 CFR 1.1200 et seq. Persons making oral ex parte presentations are reminded that memoranda summarizing the presentations must contain summaries of the substances of the presentations and not merely a listing of the subjects discussed. More than a one or two sentence description of the views and arguments presented is generally required. See 47 CFR 1.1206(b). Other rules pertaining to oral and written ex parte presentations in permit-but-disclose proceedings are set forth in § 1.1206(b) of the Commission's rules, 47 CFR 1.1206(b).

    Initial Paperwork Reduction Act of 1995 Analysis

    The TFNPRM in document FCC 19-51 seeks comment on proposed rule amendments that may result in modified information collection requirements. If the Commission adopts any modified information collection requirements, the Commission will publish another notice in the Federal Register inviting the public to comment on the requirements, as required by the Paperwork Reduction Act. Public Law 104-13; 44 U.S.C. 3501-3520. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, the Commission seeks comment on how it might further reduce the information collection burden for small business concerns with fewer than 25 employees. Public Law 107-198; 44 U.S.C. 3506(c)(4).

    Synopsis

    1. In the TFNPRM, the Commission takes additional steps to protect consumers from illegal calls and ensure the effectiveness and integrity of the SHAKEN/STIR Caller ID authentication framework by proposing rules to allow voice service providers to block calls based on Caller ID authentication in certain instances. The Commission further proposes protections to ensure that the most important calls are not blocked. The Commission also proposes to require voice service providers to implement the SHAKEN/STIR Caller ID authentication framework in the event that major voice service providers have not met Chairman's Pai's deadline for doing so by the end of 2019.

    Safe Harbor for Call-Blocking Programs Based on Potentially Spoofed Calls

    2. The Commission proposes a narrow safe harbor for voice service providers that offer call-blocking programs that take into account whether a call has been properly authenticated under the SHAKEN/STIR framework and may potentially be spoofed.

    3. First, the Commission proposes a safe harbor for voice service providers that choose to block calls (or a subset of calls) that fail Caller ID authentication under the SHAKEN/STIR framework. A call would fail authentication when the attestation header has been maliciously altered or inserted—in other words, where a malicious actor has tried to inappropriately spoof another number and attempted to circumvent the protection provided by SHAKEN/STIR. Accordingly, the Commission would expect the vast majority of calls blocked in such circumstances to be illegitimate and call-blocking programs targeting such calls to be deserving of safe harbor. The Commission seeks comment on this view.

    4. Are there other instances where authentication would fail? Would a safe harbor for such a call-blocking program provide a strong incentive to participating SHAKEN/STIR providers to ensure their public key infrastructure is up to date, as well as bolster the value of a failed authentication as a strong indicator of an illegal call? As SHAKEN/STIR deployment becomes more widespread, will failed authentication be a good proxy for illegal calls? To the extent it is overbroad, how should the Commission address false positives? Are there specific notification or other procedures that are most appropriate for use to enable callers to correct such false positives quickly?

    5. Second, the Commission seeks comment on whether it should create a safe harbor for blocking unsigned calls from particular categories of voice service providers. Many larger voice service providers have committed to deploying SHAKEN/STIR in 2019. If other large voice service providers fail to do so, should blocking unsigned calls from such voice service providers, after a reasonable transition period, fall within the safe harbor? Alternatively, should a safe harbor target those voice service providers that are most likely to facilitate unlawful robocallers?

    6. How can the Commission ensure that any safe harbor does not impose undue costs on eligible telecommunications carriers participating in the Commission's high-cost program? And how can the Commission ensure any such carve-out Start Printed Page 29480does not protect those few voice service providers that actively facilitate unlawful spoofing and robocalling, often from foreign countries?

    7. Can downstream providers reliably determine on which network a particular unsigned call originated? Are there concerns regarding a call that was initially signed transiting a non-IP network? Should the Commission set a date certain for when this type of blocking is permissible?

    8. Are there any particular protections the Commission should establish for a safe harbor to ensure that wanted calls are not blocked? The Commission seeks comment on whether to require providers seeking a safe harbor to provide for identifying and remedying the blocking of wanted calls.

    9. Compliance with Rural Call Completion Rules. The Commission also seeks comment on how its proposal intersects with the Commission's rural call completion rules, including those implementing the Rural Call Quality and Reliability Act of 2017 (RCC Act), and whether to include additional criteria related to these rules. The Commission seeks comment on whether Caller ID authentication provides sufficient justification to permit a downstream provider to block calls from an upstream provider.

    10. Use of SHAKEN/STIR-Based Analytics. SHAKEN/STIR's ability to determine the source of robocalls will be a significant contribution to the quality of these analytics. The Commission therefore seeks comment on the use of SHAKEN/STIR-based analytics once this technology is implemented.

    Protections for Critical Calls

    11. Certain emergency calls must never be blocked. Accordingly, the Commission considers requiring any voice service provider that offers call-blocking to maintain a “Critical Calls List” of numbers it may not block. Such lists would include at least the outbound numbers of 911 call centers (i.e., PSAPs) and government emergency outbound numbers. The prohibition on call blocking would only apply to authenticated calls. The Commission seeks comment on this proposal.

    12. The Commission seeks comment on what numbers should be required on a Critical Calls List. How should the Commission define outbound numbers of 911 call centers (i.e., PSAPs)? How should the Commission define government emergency outbound numbers? How can the Commission mitigate the burden of administering a Critical Calls List? Should a Critical Calls List be centrally maintained, or should each voice service provider instead maintain its own list? If centrally, what entity should maintain the list and how should voice service providers access the list? Does the Commission's proposal capture the most important numbers to avoid blocking?

    13. The Commission also seeks comment on limiting Critical Calls List protections to only those calls for which the Caller ID is authenticated. Does this provide protection against illegal callers spoofing these crucial numbers? The Commission seeks comment on whether voice service providers should be required to complete calls where any level of attestation is present so long as the Caller ID authenticates, or whether the Commission should limit this requirement.

    14. How can the Commission ensure that a Critical Calls List is sufficiently protected from abuse by unscrupulous callers? Should the list be kept non-public to avoid unlawful spoofing of listed numbers? The Commission seeks comment on whether there are any benefits to making the list public that outweigh these risks. If not public, who should be able to access it? The Commission invites comment on any other critical details. The Commission further seeks comment on the associated costs and benefits of implementing such a Critical Calls List.

    15. Calls Placed to 911. The Commission see no reason that the rule prohibiting blocking of calls to 911 should not apply to the blocking proposed herein. The Commission seeks comment on the extent to which PSAPs have received calls with a spoofed Caller ID reporting a false emergency.

    16. The Commission seeks comment on other ways to protect callers from erroneous blocking. Should the Commission consider other bases for blocking unwanted, illegal calls?

    Mandating Caller ID Authentication

    17. If major voice service providers fail to meet an end of 2019 deadline for voluntary implementation of the SHAKEN/STIR Caller ID authentication framework, the Commission proposes to require them to implement that framework. The Commission seeks comment on this proposal.

    18. Implementation of the SHAKEN/STIR framework across voice networks is important in the fight against unwanted, including illegal, robocalls. Should major voice service providers fail to meet this end-of-year deadline, the Commission proposes to take appropriate regulatory action to ensure that voice service providers implement SHAKEN/STIR. If major voice service providers meet the end-of-year deadline, what steps should the Commission take to ensure that other voice service providers implement SHAKEN/STIR?

    19. Determining whether it is necessary to mandate implementation of SHAKEN/STIR. The Commission seeks comment on how best to define “major voice service providers” for the purpose of evaluating the progress made by such providers in implementing SHAKEN/STIR by the end of this year.

    20. The Commission seeks comment on how best to evaluate whether major voice service providers have met the end of year deadline for implementation set by Chairman Pai. In discussing SHAKEN/STIR, providers often refer to signing calls on an intercarrier basis and using signature information they receive to enhance the consumer experience. Should this be the standard the Commission uses to measure implementation? The Commission invites comment on this approach and on specific alternatives. Should the Commission require certifications documenting compliance?

    21. Voice service providers covered by the SHAKEN/STIR implementation requirement. If the Commission mandates provider implementation of SHAKEN/STIR, the Commission proposes to require implementation by all voice service providers—wireline, wireless, and Voice over internet Protocol (VoIP) providers. The Commission seeks comment on this proposal. Are there other voice service providers the Commission should include? Are there any exceptions to an implementation requirement?

    22. Implementation. If the Commission mandates implementation of SHAKEN/STIR, what should the Commission require providers to accomplish to meet the requirement? Should it require providers to sign calls on an intercarrier basis and use signature information they receive to enhance the consumer experience? Should the Commission impose other or different requirements?

    23. For example, if the Commission mandates SHAKEN/STIR implementation, should the Commission require providers to adopt a uniform display showing consumers whether a call has been authenticated? Or should the Commission encourage provider experimentation to develop the most useful display for consumers?

    24. Timing of the requirement. If the Commission mandates implementation of SHAKEN/STIR, how much implementation time should the Commission give voice service providers? The Commission invites commenters to propose specific categories of voice service providers, Start Printed Page 29481specify how the Commission should distinguish between or among them, explain why the Commission should do so for purposes of setting implementation deadlines, and propose specific implementation deadlines for each proposed specific category of voice service providers.

    25. Governance. What role should the Commission have in SHAKEN/STIR governance? Industry has taken steps to establish a governance regime. Are there aspects of the governance authority that the Commission should handle itself or should its role be formal oversight? Are there other functions that the Commission should undertake to ensure the adoption and implementation of SHAKEN/STIR?

    26. Legacy Networks. The Commission recognizes that there are challenges for smaller and rural carriers. The Commission seeks comment on how to encourage Caller ID authentication for carriers that maintain some portion of their network on legacy technology. Are there technologies available to enable legacy networks to participate in Caller ID authentication?

    27. Illegal calls originating outside the United States. The Commission seeks comment on how the Commission and the industry can best leverage Caller ID authentication technology and specifically SHAKEN/STIR to combat illegal calls originating outside the United States.

    Measuring the Effectiveness of Robocall Solutions

    28. Should the Commission create a mechanism to provide information to consumers about the effectiveness of providers' robocall solutions? If so, how should “effectiveness” be defined? How would the Commission obtain the information needed to evaluate the effectiveness of the robocall solutions?

    Legal Authority

    29. The Commission seeks comment on its authority to adopt new rules here. Sections 201(b) and 202(a) of the Communications Act (the Act) have formed the basis for the Commission's traditional prohibitions on call blocking. The Commission also is charged with prescribing regulations to implement the Truth in Caller ID Act, which made unlawful the spoofing of Caller ID “in connection with any telecommunications service or IP-enabled voice service . . . with the intent to defraud, cause harm, or wrongfully obtain anything of value . . . .” And section 251(e) of the Act gives the Commission authority over the use and allocation of numbering resources in the United States, including the use of unallocated and unused numbers.

    30. The Commission seeks comment on whether these statutory provisions—or any others—confer on the Commission sufficient authority to adopt rules to create a safe harbor for certain call-blocking programs and require voice service providers that offer call-blocking programs to maintain a Critical Calls List. Is creating a safe harbor equivalent to declaring certain practices presumptively just and reasonable? Is encouraging providers to adopt SHAKEN/STIR consistent with the Commission's authority under the Truth in Caller ID Act? Does the Commission's plenary authority over numbering extend to requiring that calls from certain numbers be sacrosanct? Does the Commission's authority depend, in part or at all, on whether the calls considered in a call-blocking program are in fact illegal under federal law or merely unwanted by consumers? Are these proposals necessary to allow voice service providers to help prevent unlawful acts and protect voice service subscribers? Would any of these proposals be limited only to calls purporting to use North American Numbering Plan (NANP) numbers?

    31. The Commission believes section 251(e) of the Act, which grants the Commission plenary jurisdiction over the NANP resources in the United States and the authority to administer numbering resources, provides the Commission the authority to mandate Caller ID authentication and specifically SHAKEN/STIR. By permitting voice providers and consumers to identify when a Caller ID number has been spoofed, mandating SHAKEN/STIR would prevent NANP resources from being fraudulently exploited. The Commission concludes that section 251(e) provides it sufficient authority to adopt such rules. Do commenters agree? Are there any other statutory provisions or other sources of authority the Commission should consider?

    Initial Regulatory Flexibility Analysis

    32. As required by the Regulatory Flexibility Act of 1980, as amended, the Commission has prepared the Initial Regulatory Flexibility Analysis (IRFA) of the possible significant economic impact on a substantial number of small entities by the policies and rules proposed in the TFNPRM. Written public comments are requested on the IRFA. Comments must be identified as responses to the IRFA and must be filed by the deadlines for comments on the TFNPRM provided.

    33. Need for, and Objectives of, the Proposed Rules

    The TFNPRM proposes rules to permit voice service providers, on their own initiative, to block calls based on Caller ID authentication, specifically where the Caller ID is eligible for authentication but fails. The TFNPRM also proposes to require a “Critical Calls List” of numbers that must never be blocked so long as the Caller ID is authenticated. The TFNPRM further proposes and seeks comment on requiring voice service providers to implement the SHAKEN/STIR call authentication framework if major voice service providers fail to voluntarily implement it by the end of 2019.

    Legal Basis

    34. The proposed and anticipated rules are authorized under sections 201, 202, 227, 251(e), and 403 of the Act, as amended, 47 U.S.C. 201, 202, 227, 251(e), 403.

    Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements

    35. As indicated above, the TFNPRM seeks comment on proposed rules to codify that voice service providers may block telephone calls in certain circumstances to protect subscribers from illegal calls, as well as on proposed rules to prevent the blocking of lawful calls. Until these requirements are defined in full, it is not possible to predict with certainty whether the costs of compliance will be proportional between small and large voice service providers. In the TRNPRM, the Commission seeks to minimize the burden associated with reporting, recordkeeping, and other compliance requirements for the proposed rules, such as modifying software, developing procedures, and training staff.

    36. Under the proposed rules, the Commission tentatively concludes that voice service providers will need to keep records of Caller ID authentication information. In addition, voice service providers may need to set up communication with other voice service providers to share information about failed authentication. Voice service providers will also be required to maintain a “Critical Calls List” of numbers that should not be blocked.

    37. The TFNPRM also proposes to require voice service providers to implement SHAKEN/STIR if major voice service providers have not voluntarily implemented the framework by the end of 2019. At this time, the Commission is not in a position to determine whether, if adopted, the Commission's proposals will require small entities to hire attorneys, engineers, consultants, or other Start Printed Page 29482professionals and cannot quantify the cost of compliance with the potential rule changes discussed herein. The TFNPRM proposes to require implementation by all voice service providers—wireline, wireless, and VoIP providers.

    Steps Taken To Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered

    38. These proposed rules to codify that voice service providers may block telephone calls in certain circumstances to protect subscribers from illegal and unwanted calls are permissive and not mandatory. Small businesses may avoid compliance costs entirely by declining to block calls, or may delay their implementation of call blocking to allow for more time to come into compliance with the rules. However, the Commission intends to craft rules that encourage all carriers, including small businesses, to block such calls and the TFNPRM therefore seeks comment from small businesses on how to minimize costs associated with implementing the proposed rules. The TFNPRM poses specific requests for comment from small businesses regarding how the proposed rules affect them and what could be done to minimize any disproportionate impact on small businesses.

    39. The Commission's proposed rules allow voice service providers to block calls based on certain criteria, including where the Caller ID fails authentication. In addition, the proposed rules protect callers from the risk of their calls being blocked erroneously. The TFNPRM requests feedback from small businesses and seeks comment on ways to make the proposed rules less costly and minimize the economic impact of the Commission's proposals.

    40. The TFNPRM also seeks comment on the length of time the Commission should allow voice service providers to implement SHAKEN/STIR, whether smaller and medium-sized voice providers should be given additional time to implement this framework, and how to qualify and quantify voice providers' sizes. Moreover, the Commission seeks updated information for entities of all sizes, including small entities, regarding the upfront and recurring costs to providers of implementing SHAKEN/STIR.

    41. The Commission expects to consider the economic impact on small entities, as identified in comments filed in response to the TFNPRM and the IRFA, in reaching its final conclusions and taking action in this proceeding.

    Federal Rules That May Duplicate, Overlap, or Conflict With the Proposed Rules

    42. None.

    Start List of Subjects

    List of Subjects in 47 CFR Part 64

    • Communications common carriers
    • Reporting and recordkeeping requirements
    • Telecommunications
    • Telephone
    End List of Subjects Start Signature

    Federal Communications Commission.

    Cecilia Sigmund,

    Federal Register Liaison Officer, Office of the Secretary.

    End Signature

    Proposed Rules

    For the reasons discussed in the preamble, the Federal Communications Commission proposes to amend 47 part 64 as follows:

    Start Part

    PART 64—MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

    End Part Start Amendment Part

    1. The authority citation for part 64 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 47 U.S.C. 154, 201, 202, 217 218, 220, 222, 225, 226, 227, 228, 251(a), 251(e), 254(k), 262, 403(b)(2)(B), (c), 616, 620, 1401-1473, unless otherwise noted.

    End Authority Start Amendment Part

    2. Amend § 64.1200 by

    End Amendment Part Start Amendment Part

    a. Redesignating paragraph (k)(2) as paragraph (k)(5);

    End Amendment Part Start Amendment Part

    b. Redesignating paragraph (k)(4) as paragraph (k)(2);

    End Amendment Part Start Amendment Part

    c. Redesignating paragraph (k)(1) as paragraph (k)(4);

    End Amendment Part Start Amendment Part

    d. Redesignating paragraph (k)(3) as paragraph (k)(1); and

    End Amendment Part Start Amendment Part

    e. Adding new paragraphs (k)(3) and (k)(6).

    End Amendment Part

    The additions to read as follows:

    Delivery restrictions
    * * * * *

    (k) * * *

    (3) Any provider blocking pursuant to this subsection must maintain a list of numbers from which calls will not be blocked where the Caller ID is authenticated on a call purporting to originate from the number. Providers must include on their lists only numbers used for outbound calls by Public Safety Answering Points or other emergency services; government-originated calls, such as calls from local authorities generated during emergencies; and outbound calls from schools and similar educational institutions to provide school-related emergency notifications, such as weather-related closures or the existence of an emergency affecting the school or students.

    * * * * *

    (6) A provider may block a call that is eligible for authentication of Caller ID and for which authentication by the terminating provider has failed.

    * * * * *
    End Supplemental Information

    [FR Doc. 2019-13320 Filed 6-21-19; 8:45 am]

    BILLING CODE 6712-01-P

Document Information

Effective Date:
7/24/2019
Published:
06/24/2019
Department:
Federal Communications Commission
Entry Type:
Proposed Rule
Action:
Proposed rule.
Document Number:
2019-13320
Dates:
Comments are due on or before July 24, 2019, and reply comments are due on or before August 23, 2019.
Pages:
29478-29482 (5 pages)
Docket Numbers:
CG Docket No. 17-59, WC Docket No. 17-97, FCC 19-51
Topics:
Communications common carriers, Reporting and recordkeeping requirements, Telecommunications, Telephone
PDF File:
2019-13320.pdf
CFR: (1)
47 CFR 64.1200