TCPA Regulatory Update: FCC Expands Anti-Spoofing Rules, Reviews Comments on Default Opt-Out Call-Blocking
The Federal Communications Commission (FCC) unanimously adopted revised anti-spoofing rules, implementing part of the RAY BAUM’s Act, at its August meeting. As we anticipated in last month’s TCPA Digest, the Second Report and Order (“Second R&O”) extends the FCC’s Truth in Caller ID rules to encompass malicious spoofing activities originating outside the U.S. that are directed at consumers within the U.S. It also expands the scope of communications covered by the Truth in Caller ID rules beyond telecommunications services and interconnected voice over Internet Protocol (“VoIP”) services to include text messaging and alternative voice services, such as one-way VoIP services.
The Second R&O was generally unopposed by stakeholders. The only concern raised in the record related to the addition of Common Short Codes to the definition of “text message” in the Second R&O. Those opposed to the change argued that there is no evidence that Common Short Codes can be spoofed, there was insufficient notice of the change under the Administrative Procedure Act, and there is no reference to short codes in the RAY BAUM’s Act. The FCC rejected these arguments.
In his statement, Commissioner Michael O’Rielly said that while he was sympathetic to these arguments, he supported the new wording because the modified definition of text messaging was limited to the Truth in Caller ID context. He also said that he believed that the expanded extraterritorial jurisdiction will be difficult to implement in practice in uncooperative nations. Commissioner Jessica Rosenworcel said the agency must do more to fight illegal and unwanted robocalls. Commissioner Geoffrey Starks welcomed the FCC Enforcement Bureau’s increased authority to target illegal robocalls arising outside the U.S.
At the July 24 deadline, the FCC received nearly fifty comments from stakeholders in response to its Declaratory Ruling and Third Further Notice of Proposed Rulemaking on default opt-out call blocking. In the Declaratory Ruling, detailed in our June TCPA Digest, the FCC clarified that voice service providers may offer call blocking to their customers on a default opt-out basis, and sought comment on the establishment of a safe harbor from liability for voice service providers that block calls for which Caller ID authentication shows the call was spoofed. The Commission found that the need to opt-in to various call-blocking and labelling programs reduced adoption rates, leaving many consumers without protection from unwanted robocalls. The Further Notice also proposed the creation of a Critical Calls List to ensure that emergency calls are not blocked, and contemplated mandating implementation of the SHAKEN/STIR framework by the end of this year.
The comments reflected a diverse set of views. Large voice service providers generally argued that a broad safe harbor, which would be based not just on SHAKEN/STIR attestation, but also on reasonable analytics, will help incentivize providers to implement opt-out call blocking to better protect consumers. Smaller and rural voice service providers, as well as calling party interests, argued that SHAKEN/STIR attestation was not yet deployed widely enough to serve as the basis for a safe harbor, and the FCC should not create a safe harbor for blocking calls that fail SHAKEN/STIR until it is deployed industry-wide – which could take several years. Some also argued that any safe harbor adopted by the Commission should require a strong and mandatory process that allows for a rapid redress of legitimate calls that are inadvertently blocked. Calling parties also expressed concern that the reasonable analytics deployed by voice service providers could block many legitimate and wanted calls due to their call patterns, such as many short calls in quick succession.
Most commenters supported the creation of some sort of Critical Calls List to protect emergency communications and generally believed it should be centrally maintained by the FCC. Some raised security concerns, noting that if the list were public, bad actors could spoof the numbers on the list. Parties disagreed, however, on whether the list should include a narrower subset of emergency numbers such as Public Safety Answering Points and other government entities, or a broader constituency of “wanted” callers.
Reply comments are due August 23.