FCC Expands Robocall Mitigation Rules and Seeks Comment on Additional Requirements for Voice Service Providers
The Federal Communications Commission’s (“FCC” or “Commission”) today published its Seventh Report and Order, Eighth Further Notice of Proposed Rulemaking and Third Notice of Inquiry in the Federal Register, continuing its ever-expanding robocall mitigation requirements on U.S. voice service providers (“VSPs”). With minor exceptions, the rules promulgated in the Report and Order (“Order”) will be effective as of January 8, 2024. The deadline for submitting comments on the proposed rules in the Notice of Proposed Rulemaking (“NPRM”) and the Notice of Inquiry (“NOI”) is August 9, 2023; reply comments are due by September 8, 2023.
The Commission extends some of the requirements it previously imposed on gateway providers to all other VSPs:
- VSPs must respond to traceback requests within 24 hours;
- VSPs are required to block calls following FCC notification;
- the Know Your Upstream Provider requirement is expanded; and
- changes to VSPs’ Robocall Mitigation Database filing and mitigation obligations are imposed.
24-Hour Traceback Requirement
The Commission requires all VSPs, regardless of their position in the call path, to fully respond to traceback requests from the Commission, civil and criminal law enforcement, and the industry traceback group (“ITG”) within 24 hours of receipt of such a request.
Mandatory Blocking Following FCC Notification
All originating VSPs must block traffic when notified by the FCC. While terminating and non-gateway intermediate providers are not generally required to block, they are required to respond and provide accurate information regarding the source from which they received the traffic. Also, the Commission requires VSPs immediately downstream from a bad-actor VSP that has failed to meet these obligations to block all traffic from the identified provider when notified by the FCC and/or inform the Commission as to the source of the traffic.
Obligations of a Terminating or Non-Gateway Intermediate Provider
Any terminating or non-gateway intermediate provider that is notified by the FCC of potentially illegal calls utilizing their networks must promptly inform the Commission that it is not the originating or gateway provider for the identified traffic, specify which upstream VSP with direct access to the U.S. public switched telephone network it received the traffic from, and, if possible, take lawful steps to mitigate this traffic. The FCC has implemented a safe harbor for call-blocking: once the upstream provider has been notified of the identified illegal traffic, the downstream provider may block all traffic from that upstream provider if the upstream provider fails to effectively mitigate the illegal traffic within 48 hours or fails to implement effective measures to prevent customers from using its network to originate illegal calls.
Downstream Provider Blocking
The Commission also requires blocking by VSPs immediately downstream from any voice service provider when notified by the FCC that the VSP has failed to satisfy its obligations under these rules. The deadline is 30 days from the release date of an order from the FCC’s Enforcement Bureau.
Protections for Lawful Callers
VSPs are prohibited from blocking emergency calls to 911 and must make all reasonable efforts to ensure that they do not block calls from public safety answering points (“PSAPs”) and government emergency numbers.
Know Your Upstream Provider
The Commission requires every VSP to take “reasonable and effective steps” to ensure that their immediate upstream provider is not using it to carry or process a high volume of illegal traffic. Hence, all VSPs in the call path are responsible for the traffic that transits their network. The FCC does not require VSPs to take specific, defined steps to meet this requirement; rather, it allows each VSP the flexibility to determine the best approach for its network, so long as the steps are effective.
In general, the FCC expects VSPs to exercise due diligence before accepting traffic from an upstream provider, and they may want to collect information such as obtaining the upstream VSP’s physical business location, contact person(s), state or country of incorporation, federal tax ID (if applicable), and the nature of that VSP’s business. The FCC does not specifically require the collection of this information, but it is helpful to demonstrate a good faith effort. The FCC also suggests that VSPs take additional steps, such as adopting contract terms that allow for termination and acting on those terms in the event that the upstream provider attempts to use the network to carry or process a high volume of illegal traffic.
Updating Robocall Mitigation Database Certifications
As stated in our recent client advisory, the FCC adopted a requirement that all VSPs, regardless of whether were previously exempted or are fully STIR/SHAKEN compliant, must file updated robocall mitigation plans that delineate the “reasonable steps” they are taking to mitigated illegal robocalls. Now that all VSPs will be required to take reasonable and effective steps to know their upstream providers, all such providers will also be required to describe those steps in their robocall mitigation plans filed in the Robocall Mitigation Database. The filing deadline has not yet been established; we will promptly release another client advisory when the deadline is set.
Notice of Proposed Rulemaking & Notice of Inquiry
The Commission seeks comments on the following proposals and information requests:
- whether all terminating providers should offer, at a minimum, analytics-based blocking of calls that are highly likely to be illegal on an opt-out basis, without charge;
- whether all VSPs should be required to block calls based on a reasonable do not originate (“DNO”) list;
- what should be the correct SIP Code for providing callers with immediate notification of blocked calls on an ongoing basis;
- whether, and if so how, should the FCC require terminating providers that choose to display an indication as to caller ID authentication status to provide some version of caller name to call recipients;
- whether a base forfeiture should be established for any violation of the requirement for VSPs to take effective measures to prevent customers from originating illegal calls;
- what is the current state of technology for identifying and combating illegal calls, and current state of call labeling;
- what are effective tools VSPs currently use to identify and combat illegal calls, and what tools that are in development that show particular promise;
- the FCC has a particular interest in the use of honeypots (unassigned phone number used by VSPs to “listen in” on calls) and whether there is any way to leverage or facilitate the use of honeypots more broadly without violating a customer’s privacy.
NEED HELP WITH ROBOCALL MITIGATION, COMPLIANCE AND LITIGATION?
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Michael Donahue — Tel: 703-714-1319 / E-mail: mpd@CommLawGroup.com
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ron Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com