2019 saw an effort by both Congress and various state legislatures to reduce the volume of robocalling and “spoofed” calls. Robocalls are pre-recorded calls placed through automated dialing equipment while spoofed calls falsely appear to come from a particular area code or legitimate place of business to increase the recipient’s chances of answering. Both have been the source of federal and state legislation in 2019 due to the surge of these practices throughout the country.
This alert provides a general overview of the federal Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act
) and also discusses several notable examples of state laws passed in 2019 aimed at reducing robocalling and spoofing.
The TRACED Act
The TRACED Act, signed into law by President Trump on December 30, 2019, provides additional consumer protections against robocalls. Notably, the TRACED Act allows for certain civil forfeiture penalties for Telephone Consumer Protection Act (TCPA) violations and up to $10,000 in additional penalties for intentional violations. The TRACED Act also provides the Federal Communications Commission (FCC) with additional time (from 2 years to 4 years) to bring actions for civil forfeiture penalties based on violations related to knowingly providing misleading or inaccurate caller ID information. Lastly, the TRACED Act requires the FCC to issue a number of reports, rules, and proceedings regarding a wide variety of issues affecting the telecommunications industry, such as spoofing and call authentication.
TRACED Act provisions include:
Civil forfeiture penalties: TCPA violations
- The TRACED Act adds two new subsections under the TCPA allowing for civil forfeiture penalties for violations of the TCPA’s prohibitions against the use of automated telephone equipment under 47 U.S.C. § 227(b).
- Civil forfeiture penalties (under a 1-year statute of limitations) may be added on top of any other statutory penalty with an additional $10,000 in penalties (under a 4-year statute of limitations) for those who are determined by the FCC to have violated the TCPA “with the intent to cause such violation.”
- Certain procedural protections are mandated, such as notice and an opportunity to be heard, before the FCC may impose these penalties, but other safeguards, such as the issuing of a citation prior to fining certain classes of alleged violators, are not required.
Under the TRACED Act, the FCC is required to provide reports to Congress and/or the public on a myriad of telecommunications issues, such as:
- FCC enforcement efforts taken against robocalling, including the number of complaints received by the FCC, FCC-issued citations, amount of penalties and fines, and FCC proposals to reduce robocalling.
- Implementation efforts taken by voice service providers—which are required under the TRACED Act to enable the Secure Telephone Identity Revisited (STIR)/Secure (or Signature-based) Handling of Asserted Information Using ToKENs (SHAKEN) authentication technologies—aimed at blocking unauthenticated calls and cutting back on spoofed calls.
- The progress of setting up a reassigned number database, which the FCC must report on within 1 year of the TRACED Act’s enactment.
- Efforts taken by voice service providers to determine the source of suspected robocalls as part of an annual robocall report by the FCC.
- Evidence of intentional robocall violations, which the FCC must report to the US Attorney General. The FCC must also provide the number and types of such violations via an annual, public summary.
FCC proceedings and working groups
The TRACED Act directs the FCC to initiate proceedings on specified topic areas as well as implement certain working groups to combat robocalling, including for example:
- Within 120 days of the TRACED Act’s enactment, the FCC is required to initiate a proceeding regarding one-ring scams.
- The FCC is also required to initiate a proceeding regarding how it may reduce potential robocallers’ ability to access phone numbers.
- As for working groups, the US Attorney General and Chairman of the FCC are instructed to form an interagency group to study TCPA prosecutions. The FCC must also create an advisory group specifically to address robocalling practices to hospitals.
FCC rulemaking and regulations
Examples of additional FCC regulations required under the TRACED Act include:
- Rulemaking regarding spoofed calls from unauthenticated phone numbers.
- The addition of certain consumer protection requirements for specific categories of exemptions under the TCPA.
- Regulations to streamline private entities’ abilities to provide information to the FCC regarding robocalls and spoofing violations.
2019 State Legislative Updates
At the state level, there were also a number of new legislative and regulatory initiatives focused on reducing the number of robocalls and spoofed calls.
A number of states—including Arkansas, California, New York, North Carolina, and Texas—pursued efforts to combat the use of misleading information provided to caller ID services in a concerted attempt to reduce spoofing.
A new law promulgated in Arkansas in April 2019, for example, designates spoofing as a felony and similarly increases criminal penalties in connection with robocalling to felonies. California has also sought to reduce robocalling and spoofing by mandating that telecommunications service providers have STIR/SHAKEN call authentication protocols or comparable technology put in place by January 1, 2021. And in New York, under its Nuisance Call Act signed into law in December 2019, telemarketers during live telemarketing sales calls are now required to offer consumers the choice to be added to the company’s do-not-call list.
Like the TCPA, which is one of the most powerful consumer protection statutes of our era, these newly enacted laws are noteworthy examples of Congress and state legislatures providing greater protection to consumers against robocalling and spoofing.