The Federal Communications Commission (“FCC”), in its recently released Second Report and Order (“Order”) respecting the Truth in Caller ID Act of 2009 (the “Act”), implements new rules that prohibit malicious caller ID spoofing of text messages and foreign calls. The Act prohibits anyone from causing a caller ID service to knowingly transmit misleading or inaccurate caller ID information ( i.e., “spoofing”) with the intent to defraud, cause harm, or wrongly obtain anything of value. The Act was amended last year; Congress expanded its scope to include entities outside the United States and changed the scope of covered communications to “a voice service or text message sent using a text message service.”
The rules adopted in the Order will become effective six months after its August 5, 2019 release or 30 days after publication in the Federal Register, whichever is later.
Communications Originating Outside the U.S.
The FCC expands one rule, Section 64.1604, to encapsulate its new prohibition against international spoofing: “no person in the U.S. or outside the U.S. if the recipient is inside the U.S. shall, with the intent to defraud, cause harm, or wrongfully obtain anything of value, knowing cause, directly or indirectly, any caller identification service to transmit or display misleading or inaccurate caller identification information in connection with any voice service or text messaging service.”
Expanding the Scope of Covered Communications
In order to implement the Act’s new anti-spoofing provisions, the FCC specifically defines “text message,” “text messaging service,” “voice service,” “caller identification information,” “caller identification service,” “short message service” (“SMS”) and “multimedia message service” (“MMS”). A careful reading of these definitions is critical to understanding which entities are covered under the new rules. The new definitions are found in Section 64.1600 of the FCC’s Rules.
The FCC defines “text message” for anti-spoofing purposes as a “message consisting of text, images, sounds, or other information transmitted to or from a device that is identified as the receiving or transmitting device by means of a 10-digit telephone number or N11 service code.” The FCC defines “N11 service code” as an abbreviated dialing code that allows telephone users to connect to a network node by dialing only three digits (if the first digit is not 1 or 0); e.g., 911 or 411.
The newly-defined “text message” includes SMS and MMS messages. SMS is defined as a wireless service that enables users to send and receive short text messages, “typically 160 characters or fewer, to or from mobile phones and can support a host of applications.” The FCC defines MMS as a service that extends SMS protocol “and can deliver a variety of media, and enables users to send pictures, videos, and attachments over wireless messaging channels.”
The FCC further clarifies that Common Short Codes (“Short Codes”) are included in the definition of “text message.” Short Codes, an addressing mechanism using SMS and MMS protocols, enables the user to send messages to devices using 10-digit telephone numbers. Short Codes are leased from the Common Short Code Administrator (i.e., the Cellular Telecommunications & Internet Association (“CTIA”)), to enterprises to facilitate the delivery of high-volume traffic.
The Act specifically excludes from the definition of “text message” “real-time, two-way voice or video communications [and] messages sent over an IP-enabling messaging service to another user of the same messaging service [except for SMS and MMS messages].”
Accordingly, the FCC excludes from its own “text message” definition IP-enabled services such as iMessage, Google hangouts, WhatsApp, Skype, and Rich Communications Services to the extent such messages are sent to the same service and are not otherwise classified as SMS or MMS. Text communications between two or more Skype users or iMessages between iPhone users are also exempted from the “text message” definition.
Text Messaging Service
“Text messaging service” is defined as “a service that enables the transmission or receipt of a text message, including a service provided as part of or in connection with a voice service.” The FCC issued this definition in order to comport with the Act’s language, which states that only text messages sent via a text messaging service are covered under the new anti-spoofing provisions.
The FCC’s definition of “voice service” for anti-spoofing purposes is more expansive than its definitions of “telecommunications service” and “Interconnected Voice over Internet Protocol (“iVoIP”)” elsewhere in its rules. The new definition is: “any service that is interconnected with the public switched telephone network (“PSTN”) and that furnishes voice communications to an end-user using resources from the North American Numbering Plan (“NANP”) [and successors to same] adopted by the Commission under section 251(e)(1),” including transmissions from a fax machine or similar device to another fax machine.
The FCC interprets “interconnected” to mean any service that enables voice communications either to or from the PSTN. Accordingly, “voice service” includes one-way VOIP and similar IP-based or other technology-based calling capability that furnishes voice communications to an end-user using NANP (or NANP successor) resources. The FCC clarifies that the “use of NANP resources” includes one-way VOIP service that allows customers to send voice communications to any end-user who uses NANP resources; i.e., it does not require that the NANP resources be provided directly to the spoofer.
In sum, “voice services” includes “real-time, two-way voice communications that are transmitted by means of a 10-digit telephone number or N11 service code.” The definition does not include real-time, two-way voice communications between closed groups that do not use 10-digit telephone numbers or N11 codes.
Caller Identification Information and Caller Identification Service
The FCC defines these terms to comport with the statutory definitions.
Caller Identification Information means information provided by a caller ID service “regarding the telephone number of, or other information regarding the origination of, a call using voice service, or a text message sent using a text messaging service.”
Caller Identification Service is defined as “any service or device designed to provide the user of the service or device with the telephone number of, or other information regarding the origination of a call made using a voice service or a text message sent using a text messaging service.”
The Order includes a statement that the FCC will mandate implementation of SHAKEN/STIR if major voice providers do not implement its requirements, as well as adopting a safe harbor for call-blocking programs targeting unauthenticated calls, by the end of 2019.
SHAKEN/STIR is basically a framework of interconnected standards. SHAKEN/STIR are acronyms for Signature-based Handling of Asserted Information Using toKENs (“SHAKEN”) and the Secure Telephone Identity Revisited (“STIR”) standards. This means that calls traveling through interconnected phone networks would have their caller ID “signed” as legitimate by originating carriers and validated by other carriers before reaching consumers. SHAKEN/STIR digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person making it.
As summarized herein, the FCC’s anti-spoofing rules are far-reaching; covering many different types of communications that were previously exempt. An understanding of the new rules is critical to all covered entities, as spoofing has become an epidemic (the FCC has issued forfeitures totaling more than $200,000 and proposed another $37.5 million in fines for violations of its anti-spoofing rules), and the FCC is closely watching for rule breaches.
Marashlian & Donahue, PLLC has experienced attorneys that can answer any questions you may have regarding these rule changes. For further information, please contact Michael P. Donahue, Esq., firstname.lastname@example.org or (703) 714-1319 or Robert H Jackson, Esq., at email@example.com or (703) 714-1316.