Following passage of the Pallone-Thune TRACED Act (TRACED Act or TRACED) in late 2019, the Federal Communications Commission (FCC or Commission) implemented the law’s numerous robocall abatement provisions on the statute’s relatively short timelines, resulting in a flurry of FCC proceedings and actions related to robocalls in 2020. These proceedings and actions covered a broad range of issues, including call authentication, traceback, and call blocking, among others. Of note, many of the Commission’s robocall efforts in 2020 resulted in new requirements for voice service providers, including a mandate to implement STIR/SHAKEN across IP networks, requirements for certain providers to implement robocall mitigation programs, and requirements for all providers to take certain robocall abatement steps, such as responding to official traceback requests and implementing know-your-customer practices to prevent new and renewing customers from originating illegal calls.
The key takeaway coming out of 2020 is that the regulatory landscape has significantly shifted away from a more voluntary mitigation approach and toward more affirmative expectations on providers. All stakeholders in the voice ecosystem should be aware of these new requirements, and as providers assess the new landscape and develop compliance plans, they should be aware that robocall mitigation will likely continue to be a focus of the new Administration.
2020’s Transformative Shift in the Robocall Regulatory Landscape
Consistent with the TRACED Act, the FCC took a number of significant robocall abatement actions in 2020, including establishing the Traceback Consortium, confirming that providers may legally block one-ring scam robocalls, issuing best practices that providers may adopt to implement effective call authentication frameworks, and proposing a new online portal for information sharing related to robocalls, among other actions. While the proceedings were numerous, several stand out due to their significant impact on the regulatory landscape in the robocall environment.
FCC Mandates STIR/SHAKEN Implementation
A major initiative stemming from the TRACED Act was the FCC’s adoption of a Report and Order and Further Notice of Proposed Rulemaking in the Call Authentication Trust Anchor in March 2020 (March Order and FNPRM) that mandated that all voice service providers implement the STIR/SHAKEN caller ID authentication framework in the Internet Protocol (IP) portions of their networks by June 30, 2021. That item also initiated a rulemaking that covered a broad range of issues relating to the scope of STIR/SHAKEN requirements, extensions of implementation deadlines, application of its STIR/SHAKEN obligations to intermediate providers, caller-ID authentication in non-IP networks, and other related issues. The March Order and FNPRM established the cornerstone mandate for the STIR/SHAKEN framework and laid the groundwork for further regulations. Wiley’s more detailed summary of the March Order and FNPRM can be accessed here.
FCC Creates Call Blocking Safe Harbors
In July 2020, the FCC adopted a Third Report and Order, Order on Reconsideration, and Fourth Further Notice of Proposed Rulemaking (Third Report and Order) in its Advanced Methods to Target and Eliminate Unlawful Robocalls docket. The Third Report and Order established two safe harbors from liability for voice service providers working to block illegal or unwanted robocalls, and also established redress and other requirements to protect against erroneous blocking.
The first safe harbor protects terminating voice service providers from liability when they block calls based on reasonable analytics designed to identify unwanted calls. Such providers must take into account information provided by STIR/SHAKEN (or, for non-IP based calls, any other effective call authentication framework that satisfies the TRACED Act) “when such information is available for a particular call.” The second safe harbor enables voice service providers to block traffic from bad-actor upstream voice service providers that continue to allow unwanted calls to traverse their networks.
The Third Report and Order also established various redress requirements for providers that engage in call blocking, including requirements for voice providers to designate a single point of contact for redress and prompt cessation of blocking based on credible claims by callers.
Finally, the accompanying FNPRM proposed placing affirmative obligations on voice service providers in the context of traceback and robocall mitigation, extending the safe harbor to network-level blocking, expanding redress requirements to safeguard against erroneous blocking, and providing transparency to consumers by requiring voice service providers to identify a list of blocked calls. Further details are available in Wiley’s summary of the Third Report and Order.
FCC Establishes a STIR/SHAKEN Deadline Extension Framework, to Include Robocall Mitigation Plan Requirements for Providers Subject to an Extension
In October 2020, the FCC adopted a Second Report and Order in its call authentication docket that largely adopted the rules proposed in its March rulemaking. As noted in Wiley’s client alert at the time, the rules significantly impacted voice service providers across the ecosystem, including originating and terminating voice service providers, intermediate providers, and foreign voice service providers. Among other things, the item:
- Established obligations related to caller ID authentication in non-IP networks;
- Established frameworks for exemptions from the mandate;
- Established extensions of the June 30, 2021 STIR/SHAKEN deadline; and
- Imposed new STIR/SHAKEN (and in some cases traceback) obligations on intermediate providers.
A significant component of the Second Report and Order is the FCC’s establishment of a robocall mitigation program requirement (which includes a traceback requirement) for any voice service provider that is subject to a STIR/SHAKEN deadline extension. Such voice service providers, during the time of the extension, are required to implement an appropriate robocall mitigation program to prevent unlawful robocalls from originating on the network of the provider. The Second Report and Order also enabled the FCC’s Enforcement Bureau to impose on a voice service provider more prescriptive measures where its robocall mitigation program is deemed insufficient.
Another significant component of the Second Report and Order is that it created a certification process and database. Importantly, this new certification process applies to all voice service providers – not only those granted an extension – who will be required to file robocall certifications with the FCC.
FCC Imposes Affirmative Mandates on Voice Providers
Wrapping up 2020, in December, the FCC adopted a Fourth Report and Order that, among other things, expanded the existing call blocking safe harbor to cover network-based blocking of certain calls that are highly likely to be illegal. Additionally, the Fourth Report and Order levied several new affirmative obligations on voice service providers. Among other things, it required voice service providers to:
- Respond to traceback requests from the Commission, civil and criminal law enforcement, and the designated Traceback Consortium;
- Take steps to effectively mitigate illegal traffic when it receives actual written notice of such traffic from the Commission; and
- Implement affirmative, effective measures to prevent new and renewing customers from using its network to originate illegal calls.
Additionally, the Fourth Report and Order established additional call blocking redress requirements. First, the item adopted a requirement for terminating voice service providers that block calls to immediately notify the caller that the call has been blocked by sending either a Session Initiation Protocol (SIP) or ISDN User Part (ISUP) response code, as appropriate, and for all voice service providers in the call path to transmit these codes to the origination point. Second, the item requires terminating voice service providers that block calls on an opt-in or opt-out basis to disclose to their subscribers a list of blocked calls upon request. Third, when a calling party disputes whether blocking its calls is appropriate, the FCC will require terminating voice service providers to provide a status update to the party that filed the dispute within 24 hours. The point of contact which terminating voice service providers have established to handle blocking disputes will also handle contacts from callers that are adversely affected by information provided by caller ID authentication seeking to verify the authenticity of their calls.
2021 Will Be a Formative Year for the New Administration at the FCC
With a new Administration taking the helm at the FCC, it will look to further implement – and potentially build upon – the workstreams from 2020. One of the first components of its 2021 obligations will be for the FCC to establish its new certification process and registration database. No earlier than March 30, 2021, the Wireline Competition Bureau must establish the portal and database, provide filing instructions and training materials, and release a Public Notice when voice service providers may begin filing certifications. Voice service providers will begin filing certifications no earlier than June 30, 2021.
Another crucial milestone for the FCC and industry this year will be June 30, 2021 – deadline for implementation of STIR/SHAKEN by voice service providers subject to the obligation. Once implemented, such providers will be required to certify as such in the new database. For those providers that are subject to an extension of this deadline, they will need to have implemented a robocall mitigation program and to certify as such in the new database.
2021 will also see further implementation of the TRACED Act. For example, by June 30, 2021, the FCC is required to adopt regulations governing its information-sharing framework for private entities to voluntarily share information on robocalls with the FCC, which as noted above, the agency has already proposed and sought comment on. The information-sharing portal will likely be integral to the FCC’s increasingly aggressive enforcement efforts in the robocall space, as it will potentially provide the agency with a new stream of data beyond the Industry Traceback Group that it could use to pursue enforcement actions.
In sum, the regulatory landscape applicable to voice services changed dramatically during 2020. In addition to establishing additional robocall blocking safe harbors, the FCC also imposed a number of new obligations on industry related to STIR/SHAKEN implementation and robocall mitigation. In 2021, with a new Administration taking the helm of the FCC and remaining TRACED Act implementation efforts, app developers, service providers, analytics engines, and others should heed the Commission’s actions and prepare for more.