FCC Issues Voluntary Caller ID Authentication Best Practices for Voice Service Providers
In another year-end action as directed by Section 4(b)(7) of the TRACED Act, the Federal Communications Commission’s (FCC) Wireline Competition Bureau (Bureau) has issued “best practices that providers of voice services may adopt as part of their implementation of effective call authentication frameworks to ensure that the calling party on a voice call is accurately identified.’’ In a Public Notice (PN) released December 22, 2020, the Bureau noted that the “best practices” are “voluntary,” but represented an “industry consensus on the best ways to ‘assist in the overall objective of mitigating robocalling when implementing call authentication frameworks’” (https://docs.fcc.gov/public/attachments/DA-20-1526A1.pdf).
The “best practices” derive from recommendations put forth by Call Authentication Trust Anchor Working Group of the North American Numbering Council (NANC) sought by the Bureau last February and approved by the NANC in September. The Bureau’s PN “encouraged voice service providers to follow” a number of the recommendations “when appropriate and applicable.” Specifically, the PN summarized the following recommendations in Appendix A to the PN:
Subscriber Vetting. Voice service providers should vet the identity of retail and wholesale subscribers, in conjunction with (i) approving an application for service; (ii) provisioning of network connectivity; (iii) entering into a contract agreement; or (iv) granting the right-to-use telephone number resources.
Telephone Number Validation. Originating voice service providers should confirm the end user or customer’s right to use a telephone number.
Third-Party Validation Services. Originating voice service providers should use a third-party validation service when they cannot or choose not to independently perform telephone number validation in accordance with Best Practice #2.
International. Voice service providers that sell services to international call originators using North American Numbering Plan numbers should develop processes to validate that the calling party is authorized to use the telephone number or caller identity. Further, domestic gateway providers may wish to explore voluntary commercial arrangements with international providers that include terms and conditions that would give the domestic gateway provider the tools, information, and confidence to trust the validity of the calling identity.
Ongoing Robocall Mitigation. Voice service providers, whether IP- or non-IP-based, should have ongoing robocall mitigation programs in addition to implementing caller ID authentication protocols. The elements of such programs may vary depending on the nature of the voice service provider’s business but may include ongoing monitoring of subscriber traffic patterns to identify behaviors that are consistent with illegal robocalling. Voice service providers may, after further investigation, take appropriate action to address such behaviors.
Finally, the Bureau chose not to adopt two best practice recommendations relating to components of the FCC’s STIR/SHAKEN standards, noting that “voice service providers are already required to comply with those standards to satisfy our caller ID authentication rules….” (emphasis supplied). As a result, the Bureau resolved that these particular recommendations were not appropriate for inclusion “on a list of voluntary best practices” (emphasis in original).