Commission Also Proposes to Mandate “SHAKEN/STIR” Caller ID Authentication If Major Voice Service Providers Fail to Voluntarily Adopt By Year-End
The Federal Communications Commission (FCC) has taken its most aggressive—as well as controversial—step to date in its efforts to combat “robocalls,” i.e., unsolicited prerecorded calls that violate restrictions in the Telephone Consumer Protection Act (TCPA) against autodialing, and that may be otherwise unlawful. Last week’s Declaratory Ruling granted voice service providers the ability to immediately start applying their own criteria to identify illegal calls in offering call-blocking by default, from which consumers must opt-out. The final Declaratory Ruling issued after the Commission modified its initial draft in order to build in protection for legitimate calls that may get ensnared by call-blocking. The Declaratory Ruling also includes a Third Further Notice of Proposed Rulemaking (FNPRM) looking toward next steps in addressing these issues, including a proposal, also added after release of the initial draft, to require larger voice service providers to adopt an industry-developed caller ID authentication system favored by the FCC, if those carriers do not voluntarily adopt it by the end of 2019.
Declaratory Ruling – Effective Immediately
The FCC has said that stopping illegal robocalls that plague recipients and undermine confidence in answering the phone is the agency’s “top consumer protection priority.” In 2015, as part of an “omnibus” ruling on two-dozen petitions involving TCPA issues, it clarified that nothing in the Communications Act (of which the TCPA is a part), including common carrier call-completion and nondiscrimination duties, prohibits call-blocking on an informed opt-in basis by consumers, provided the risks of inadvertent blocking of desired calls are disclosed. At the end of 2017, the FCC adopted rules allowing voice service providers to block calls originating from numbers that strongly suggest the call is illicit, whether because the subscriber to that number has asked to be on a “do not originate list” or the digits to the originating number cannot be valid based on area code, other oddities, or because the number is unassigned to a legitimate subscriber. The FCC allowed this blocking without consumers affirmatively opting in, based on a presumption they would not wish to receive such calls bearing indicia of illegality. The current Declaratory Ruling, which is effective immediately, takes the next step in allowing call blocking by default.
Several weeks ago, the FCC issued a draft of the Declaratory Ruling and FNPRM that expanded when and under what circumstances voice service providers could block calls they believe to be unlawful, without consumers first having to opt in. The Declaratory Ruling, as now adopted, largely following the draft, says that voice providers can immediately initiate call-blocking services by default, without consumers opting in, but rather requiring them to opt-out, using any call-blocking program based on “reasonable analytics to identify unwanted calls.” The Ruling goes on to specify that reasonable analytics can include:
- large bursts of calls in a short timeframe
- low average call duration or completion ratios
- invalid numbers placing a large volume of calls
- common Caller ID Name values across voice service providers
- a large volume of complaints related to a suspect line
- sequential dialing and/or neighbor spoofing patterns
- patterns that indicate TCPA or contract violations
- correlation of network data with data from regulators, consumers, and other carriers
- comparison of dialed numbers to the National Do Not Call Registry
- war dialing, foreign-based spoofing and one-ring scams
- information about the originating provider, such as whether it has been a consistent source of unwanted robocalls
The FCC notes “this list is not exhaustive” so as-yet undefined additional criteria could be permissible. The only restriction is that any analytics for identifying illegal robocalls must be applied “in a non-discriminatory, competitively neutral manner.” The Declaratory Ruling notes that a service provider’s implementation is “voluntary, not required,” and specifies that those offering opt-out call-blocking must sufficiently inform consumers so that they can choose whether to remain in the program or opt-out, by disclosing what types of legitimate calls may be blocked, and the risks of blocking wanted calls, in a manner that is clearly and easily understandable.
In addition or as an alternative to opt-out call-blocking, the Declaratory Ruling states that nothing in the Communications Act or FCC rules prohibits service providers from also offering, on an opt-in basis, “white-listing” by which providers block all calls except those from numbers in a customer-defined list, which could include leveraging contacts in their phone. Here, the FCC specifies that implementing white-list programs requires informed opt-in consent, and that providers should disclose risks of potentially blocking wanted calls (and the scope of information the consumer must provide the carrier if such is necessary for white-listing, and the extent to which it may be shared to effectuate it), also in a clear and easily understandable manner.
In response to concerns arising after issuance of the draft Declaratory Ruling regarding potential for blocking legitimate calls—like fraud alerts, flight changes, delivery updates, prescription and appointment reminders, school closures, public safety alerts, etc.—the final version attempts to provide some degree of protection. First, the FCC notes that as long ago as its 2015 omnibus order, it counseled that any blocking mechanism would ideally allow consumers to check what calls have been blocked, and to report and have corrected any blocking errors, and that, now, some providers already offer these capabilities. Building on this, the final Declaratory Ruling states that reasonable call-blocking programs instituted by default should offer a point of contact for legitimate callers to report what they believe to be erroneous blocking, and include a mechanism for the complaints to be resolved. Callers believing they are being unfairly blocked may file a petition for declaratory ruling with the FCC.
Short of that, there appears to be no consequence to voice service providers for blocking lawful calls erroneously. And for callers (or their originating and/or intermediary carriers) whose traffic is being blocked, it is unlikely the FCC’s declaratory ruling process offers immediate enough relief. The Declaratory Ruling “encourages” carriers that block calls to develop a means of notifying callers their calls have been blocked, but this also is not a requirement, and there is no penalty for failing to adopt such a mechanism. Commissioner O’Rielly “urged carriers to adopt expeditious processes to correct call blocking and labeling errors,” but it remains to be seen what impact call-blocking-by-default will have on lawful automated calling and, if it is significant, what the FCC (or the industry) will ultimately do about such interruptions in legitimate telephonic outreach.
Third Further Notice of Proposed Rulemaking
In the FNPRM, the FCC tees up additional steps building off the Declaratory Ruling. These include ensuring the integrity of the “Secure Telephony Identity Revisited (STIR) and Signature-based Handling of Asserted information using ToKENs (SHAKEN)” caller ID authentication standard. “SHAKEN/STIR” is an industry-developed system for targeting spoofing by confirming a call actually comes from the number listed on the Caller ID. This is particularly important where call-blocking is based on characteristics of the call itself. Among other things, the FNPRM proposes a safe harbor for voice service providers that offer call-blocking that accounts for whether a call has been authenticated under SHAKEN/STIR and may potentially be spoofed. The FCC also added, after the draft issued, a proposal that would require major voice providers to use SHAKEN/STIR if they fail to start doing so by the year-end 2019 deadline Chairman Pai set for voluntary compliance.
The FCC also asks if there are particular protections it should establish to ensure wanted calls are not blocked, and states that it is considering requiring any service provider offering call-blocking to have a “Critical Calls List” of numbers it may not block, including, at a minimum, outbound numbers for 911 call centers and other government emergency services. There was also a request added to the final version of the Third FNPRM asking if the FCC should create some kind of “scorecard” or other means for informing consumers about the effectiveness of various providers’ robocall solutions. Also added for the final version of the FNPRM was a mandate for the FCC’s Consumer and Governmental Affairs, Wireline Competition, and Public Safety and Homeland Security Bureaus to report on progress relating to methods and tools intended to eliminate unlawful robocalls, including the impact of call blocking (along with a delegation of authority to collect “any and all relevant information and data from voice service providers necessary”).
* * *
Comments on the proposals will be due 30 days after the Third FNPRM appears in the Federal Register, with replies due 30 days after the comment deadline.