The Federal Communications Commission ("FCC" or "Commission") has released a Declaratory Ruling and Third Further Notice of Proposed Rulemaking on June 7, 2019 in an attempt to further protect consumers from illegal, including spoofed, robocalls. (Docket Nos. CG 17-59 and WC 17-97) The FCC clarifies that voice service providers may utilize "reasonable analytics" to identify and block robocalls on a default basis. At the same time, the FCC is proposing to adopt a rule mandating the implementation (for those voice providers who have not already voluntarily done so) of the industry's SHAKEN/STIR Caller ID authentication and protections for critical calls, including calls to Public Safety Answer Points ("PSAPs"). The rulemaking was published in the Federal Register on June 24, 2019, with comments due on July 24, 2019, and reply comments due on August 23, 2019.
Declaratory Ruling
The Declaratory Ruling provides voice service providers with a number of different options to block illegal robocalls on behalf of consumers. Importantly, the Commission now permits voice service providers to begin providing call-blocking services by default if the provider is using "reasonable analytics," using a variety of metrics, to identify unwanted calls, so long as they also give consumers the right to opt-out of the call blocking programs. Significantly, the FCC observes that the previous reliance on having customers opt-into such blocking programs, "appears to have slowed the development of call-blocking programs in the United States." [1] The Commission views the solution to poor adoption of call-blocking programs is to simplify the process for consumers "by providing anti-robocall tools on an opt-out basis." [2] The Commission will further require those voice providers that offer an opt-out call-blocking program to provide sufficient information so customers can make an informed choice as to whether or not to opt-out of the call-blocking program. Such information should include the types of calls that may be blocked; the risk of blocking wanted calls; and how a consumer can opt-out of a call-blocking program; all provided in clear, easily understandable language. [3]
Conversely, if a voice provider utilizes a call-blocking program based upon white-listing, i.e. using the consumer's own contact lists to block calls not appearing on the consumer's contact lists, that will require an affirmative opt-in from the consumer.
Third Further Notice of Proposed Rulemaking
In its associated FNPRM, the Commission seeks comment on a number of other issues relating to the further implementation of rules and programs to curb robocalling.
The Commission also seeks comment on a proposed safe harbor for voice service providers that implement call-blocking programs for calls that have not been properly authenticated under the SHAKEN/STIR framework (due to a malicious actor spoofing another number to circumvent authentication). Specifically, the Commission proposes to provide safe harbor for voice service providers that choose to block calls that fail authentication under the SHAKEN/STIR framework. But, the Commission also asks if a legitimate call may fail authentication under SHAKEN/STIR and be blocked, such as in the instance when a certificate inadvertently expires? Should the proposed safe harbor apply to unassigned calls from a particular category of service provider, such as when a service provider participates in SHAKEN/STIR but fails to sign certain calls? Are there any protections that should be established to ensure that wanted calls are not blocked? Are there costs and benefits to implementing a safe harbor of blocking calls based SHAKEN/STIR authentication?
The FCC also seeks comment on a proposed requirement that any service provider that offers call-blocking services to maintain a "Critical Calls List" of numbers that it will not block, and what numbers should be placed on such lists. How should emergency outbound numbers be defined? Should there be a master "Critical Calls List" or should each voice service provider maintain its own list? Should there be other entities, both governmental and private, other that emergency responder contact numbers, that included on the "Critical Calls List", such as schools, hospitals, local governments, fraud and weather alerts, and the like? Should the Commission limit "Critical Calls List" protections to only those calls for which Caller ID can be authenticated? And, how can a "Critical Calls List" be sufficiently protected from spoofing?
Finally, the Commission proposes rules to implement elements of the RAY BAUM Act that expand prohibitions against spoofing Caller IDs to callers originating calls from outside of the United States and proposes to extend new prohibitions against spoofing caller information using alternative text and voice services (see our previous alert for more information on this here). As part of this rulemaking, the Commission seeks comment on how Caller ID authentication, specifically SHAKEN/STIR, will impact illegal robocalls originating outside of the United States.
Comments on these proposals are due Wednesday, July 24, 2019, with reply comments due Friday, August 23, 2019.
If you have questions about this rulemaking or other related robocalling initiatives, please contact Douglas G. Bonner or Katherine Barker Marshall.
______________________________________________________________
[1] In the Matter of In the Matter of Advanced Methods to Target and Eliminate Unlawful Robocalls Call Authentication Trust Anchor, Declaratory Ruling and Third Further Notice of Proposed Rulemaking, CG Docket No. 17-59 WC Docket No. 17-97, ¶29 (Rel. June 7, 2019)
[2] Id.
[3] Id. at ¶ 33.
[4] Id. at FN 45.
[5] Id. at ¶ 71