The STIR/SHAKEN implementation deadline has passed, but the fight against illegal robocalls is far from over. At the August Open Meeting, the FCC adopted two items which would refine the FCC’s processes and adopt new tools to fight illegal robocalls.
Token Revocation Report and Order
First, the FCC adopted a Report & Order that establishes a process for appeals to the FCC of the private Governance Authority’s decision to revoke a voice service provider’s STIR/SHAKEN Service Provider Code (“SPC”). The FCC’s rules require voice service providers to implement and participate in the STIR/SHAKEN caller ID authentication framework, and to do this voice service providers must obtain an SPC token. To guard against bad actors and preserve trust within the caller ID authentication system, the Governance Authority that oversees the STIR/SHAKEN framework may revoke a voice service provider’s SPC token. Because this revocation process enables the Governance Authority to make decisions that would render voice service providers noncompliant with the FCC’s rules, the FCC adopted a process for review of those revocation decisions by the Governance Authority. After the Wireline Competition Bureau’s (“Bureau”) initial decision, voice service providers may appeal to the full Commission.
Voice service providers aggrieved by a Governance Authority revocation decision may file a request for review to the FCC within 60 days after completing the Governance Authority appeal process. The Commission would allow third parties to participate in the proceeding, but only to file oppositions and replies.
The FCC had originally declined to adopt a timeline for its review, but it ultimately adopted a 180-day shot clock in the final Report & Order based on comments received in the record and at the request of several Commissioners. The shot clock will begin when a voice service provider files an application for review in the Electronic Comment Filing System, and the Bureau will have discretion to pause the 180-day review period when actions outside its control delay its review.
Although voice service providers judged to be in violation of federal law related to caller ID authentication will lose their SPC tokens, and therefore will not be able to participate in STIR/SHAKEN, throughout the Commission’s review period, a voice service provider will not be considered in violation of the Commission’s STIR/SHAKEN rules as a result of the initial revocation decision.
VoIP Numbering Policy Further Notice of Proposed Rulemaking
Also at the August Open Meeting, the FCC adopted a Further Notice of Proposed Rulemaking (“FNPRM”) on Voice over Internet Protocol (“VoIP”) numbering policy. In 2015, the Commission decided to allow interconnected VoIP providers to obtain numbers for customers directly from the Numbering Administrator – rather than relying on a carrier partner. Although most VoIP service providers are legitimate businesses that have adopted many robocall blocking tools and procedures in good faith, the Commission has found that most illegal robocalls are perpetuated by a small number of VoIP providers acting in bad faith. With this FNPRM, the Commission proposes to adopt guardrails that limit interconnected VoIP providers’ ability to obtain phone numbers for customers directly from the Numbering Administrator. Applicants for direct access to numbers would be required to make a number of certifications, including certifying that they will use those numbering resources lawfully; will not assist or facilitate illegal robocalling, spoofing, or fraud; and will take reasonable steps to cease the origination, termination, or transmission of any illegal robocalls once discovered. Applicants would also be required to certify that they will cooperate with the Commission, law enforcement, other regulatory agencies, and the private industry-led traceback consortium regarding efforts to mitigate harmful and illegal robocalling and spoofing. Other requirements for applicants would include filing in the Robocall Mitigation Database that they have either fully implemented STIR/SHAKEN or a robocall mitigation plan for all calls for which they act as a voice service provider. Applicants would be required to inform the FCC if they are under investigation over the insufficiency of their robocall mitigation program.
Notably, the Commission would propose to require applicants for direct access authorization to disclose certain information about all foreign owners (persons or entities) with at least 10% of the equity or voting interest in the applicant company, as well as foreign affiliations over the same threshold. It would also propose to refer any application with reportable foreign ownership – 10% direct or indirect ownership by any non-U.S. citizen or business – to the Executive Branch agencies for their review.
The Commission would propose to delegate authority for reviewing direct access applications to the Wireline Competition Bureau. The Bureau would have the right to revoke authorization for (i) failure to comply with any applicable law; (ii) where a provider no longer meets the qualifications that originally provided the basis for the grant of direct access to numbers; or (iii) where the authorization no longer serves the public interest.