Noting that the agency’s current highest priority is the reduction of unwanted robocalls, the Federal Communications Commission (FCC) has adopted with some modifications the recently circulated draft Declaratory Judgment and Notice of Proposed Rulemaking with immediate effect.
In order to resolve legal uncertainty and clarify which tools for controlling spam calls are available to Voice Service Providers (VSP), the FCC affirms the broad right of consumers to block incoming calls and authorizes, but does not require, both opt-out analytics based programs (call-blocking) and opt-in programs which limit calls to the consumer’s contact list (white-lists).
Neither Commission rules nor the Communications Act of 1934 prohibit users from blocking unwanted calls or the providers from blocking calls with user consent.
The FCC encourages opt-out call-blocking programs because these function best when used most widely. Where call-blocking programs require active participation, very few customers opt in, discouraging program development. Opt-out systems encourage provider investment in call-blocking programs with minimum consumer burden.
Both systems can only be used with informed user consent. Call-blocker programs must notify consumers how calls are screened, the risks of blocking wanted calls, and how to opt out. White-lists must notify consumers that they are sharing their contact lists with providers. Firms have discretion in how they inform consumers as long as the information is distributed widely and accessibly.
Believing that improved call-blocking will lower costs across the industry, the FCC expects providers to implement opt-out call-blocking service immediately for all current and future users at no separate charge.
Notice of Proposed Rulemaking
The FCC proposes a safe harbor for providers who block calls made under the SHAKEN/STIR system that show signs of tampering with the authentication message.
The FCC also asks for comment on how to design the safe harbor to incentivize the widest possible adoption of SHAKEN/STIR. What besides malicious action might cause authentication to fail, and is failed authentication the best basis for blocking calls? The safe harbor would apply only to calls made with full caller ID attestation; blocking based on partial attestation or of calls originating outside the caller ID system would not be protected.
Providers should also comment on strategies to avoid blocking wanted calls.
Protections for Critical Calls
The FCC considers the creation of a “Critical Calls List” of numbers that may never be blocked, and seeks comment on which numbers should go on this list, what body should maintain it, and how to keep the list secure from malicious actors.
Mandating Caller ID Authentication
Several questions remain regarding the future mandatory implementation of SHAKEN/STIR. They include: Which companies are “major voice service providers” and should this category include the 14 firms which Chairman Pai wrote to in November 2018? How should firms outside this category be brought into the SHAKEN/STIR framework?
More broadly, the FCC seeks comment on what constitutes full implementation of the system, how long the implementation will take, and how different categories of providers will be evaluated.
As for customers, the FCC seeks comment on the best interface for notifying callers of authentication status, and considers the creation of a mechanism to inform consumers about the nature and efficacy of industry robocall solutions.
There is currently no SHAKEN/STIR governing body, and the FCC seeks comment on the nature of this body, how it will be created, and what role the Commission will play in it.
Lastly, the FCC seeks comment on its own legal authority to implement the solutions discussed in the memo.
Reports of Deployment and Implementation
The Commission directs the Consumer and Governmental Affairs Bureau (CGB) to study the impact of Commission and industry policy intended to combat robocalls. The CGB is empowered to collect any information and metrics relevant to the deployment of call-blocking measures and the adoption of caller ID authentication.
The CGB shall submit these reports to the FCC in no later than 12 months, for the first report, and 24 months for the second.
These reports should give a wide range of data on the extent of SHAKEN/STIR implementation, costs and savings from call-blocking measures, and the success of the blocking tools.
If you desire more information about or seek assistance with SHAKEN/STIR compliance, please contact Robert H. Jackson at firstname.lastname@example.org.
 Comments on the Notice of Proposed Rulemaking are due no later than 30 days after the Notice is published in the Federal Register, with reply comments due 60 days after publication.
 The Alliance for Telecommunications Solutions (ATIS), an industry standards body, which has been working on SHAKEN/STIR issues, announced that it has selected inconectiv to be the U.S. STI Policy Administrator (STI-PA). In that role, inconectiv will apply and enforce the rules as defined by the STI-GA to operationalize the SHAKEN. https://iconectiv.com/news-events/mitigating-illegal-robocalling-advances-secure-telephone-identity-governance-authority.