84 FR 29478 - Advanced Methods To Target and Eliminate Unlawful Robocalls, Call Authentication Trust Anchor

In this document the Federal Communications Commission (FCC or Commission) invites comments on proposed revisions to its rules implementing the Telephone Consumer Protection Act and seeks comment on issues pertaining to the implementation of SHAKEN/STIR. The Commission proposes: A safe harbor for call-blocking programs targeting unauthenticated calls, which may be potentially spoofed; safeguards to ensure that the most important calls are not blocked; and to require voice service providers to implement the SHAKEN/STIR Caller ID Authentication framework, in the event major voice service providers have failed to do so by the end of this year.

[Federal Register Volume 84, Number 121 (Monday, June 24, 2019)]
[Proposed Rules]
[Pages 29478-29482]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2019-13320]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 64

[CG Docket No. 17-59, WC Docket No. 17-97; FCC 19-51]


Advanced Methods To Target and Eliminate Unlawful Robocalls, Call 
Authentication Trust Anchor

AGENCY: Federal Communications Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In this document the Federal Communications Commission (FCC or 
Commission) invites comments on proposed revisions to its rules 
implementing the Telephone Consumer Protection Act and seeks comment on 
issues pertaining to the implementation of SHAKEN/STIR. The Commission 
proposes: A safe harbor for call-blocking programs targeting 
unauthenticated calls, which may be potentially spoofed; safeguards to 
ensure that the most important calls are not blocked; and to require 
voice service providers to

[[Page 29479]]

implement the SHAKEN/STIR Caller ID Authentication framework, in the 
event major voice service providers have failed to do so by the end of 
this year.

DATES: Comments are due on or before July 24, 2019, and reply comments 
are due on or before August 23, 2019.

ADDRESSES: You may submit comments, identified by CG Docket No. 17-59 
and WC Docket No. 17-97, by any of the following methods:
    [ssquf] Federal Communications Commission's website: http://apps.fcc.gov/ecfs/. Follow the instructions for submitting comments.
    [ssquf] Paper Mail: Parties who choose to file by paper must file 
an original and one copy of each filing. Filers must submit two 
additional copies for each additional docket or rulemaking number. 
Filings can be sent by hand or messenger delivery, by commercial 
overnight courier, or by first-class or overnight U.S. Postal Service 
mail. All filings must be addressed to the Commission's Secretary, 
Office of the Secretary, Federal Communications Commission.
    [ssquf] People with Disabilities: Contact the FCC to request 
reasonable accommodations (accessible format documents, sign language 
interpreters, CART, etc.) by email: [email protected] or phone: 202-418-
0530 or TTY: 202-418-0432.
For detailed instructions for submitting comments and additional 
information on the rulemaking process, see the SUPPLEMENTARY 
INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT: Jerusha Burnett, Consumer Policy 
Division, Consumer and Governmental Affairs Bureau, email at 
[email protected] or by phone at (202) 418-0526.

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Third 
Further Notice of Proposed Rulemaking (TFNPRM), in CG Docket No. 17-59, 
WC Docket No. 17-97; FCC 19-51, adopted on June 6, 2019 and released on 
June 7, 2019. The Declaratory Ruling that was adopted concurrently with 
the TFNPRM is published elsewhere in this issue of the Federal 
Register. The full text of document FCC 19-51 is available for public 
inspection and copying via the Commission's Electronic Comment Filing 
System (ECFS), and during regular business hours at the FCC Reference 
Information Center, Portals II, 445 12th Street SW, Room CY-A257, 
Washington, DC 20554. To request materials in accessible formats for 
people with disabilities (braille, large print, electronic files, audio 
format), send an email to [email protected] or call the Consumer and 
Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 
(TTY).
    This matter shall be treated as a ``permit-but-disclose'' 
proceeding in accordance with the Commission's ex parte rules. 47 CFR 
1.1200 et seq. Persons making oral ex parte presentations are reminded 
that memoranda summarizing the presentations must contain summaries of 
the substances of the presentations and not merely a listing of the 
subjects discussed. More than a one or two sentence description of the 
views and arguments presented is generally required. See 47 CFR 
1.1206(b). Other rules pertaining to oral and written ex parte 
presentations in permit-but-disclose proceedings are set forth in Sec.  
1.1206(b) of the Commission's rules, 47 CFR 1.1206(b).

Initial Paperwork Reduction Act of 1995 Analysis

    The TFNPRM in document FCC 19-51 seeks comment on proposed rule 
amendments that may result in modified information collection 
requirements. If the Commission adopts any modified information 
collection requirements, the Commission will publish another notice in 
the Federal Register inviting the public to comment on the 
requirements, as required by the Paperwork Reduction Act. Public Law 
104-13; 44 U.S.C. 3501-3520. In addition, pursuant to the Small 
Business Paperwork Relief Act of 2002, the Commission seeks comment on 
how it might further reduce the information collection burden for small 
business concerns with fewer than 25 employees. Public Law 107-198; 44 
U.S.C. 3506(c)(4).

Synopsis

    1. In the TFNPRM, the Commission takes additional steps to protect 
consumers from illegal calls and ensure the effectiveness and integrity 
of the SHAKEN/STIR Caller ID authentication framework by proposing 
rules to allow voice service providers to block calls based on Caller 
ID authentication in certain instances. The Commission further proposes 
protections to ensure that the most important calls are not blocked. 
The Commission also proposes to require voice service providers to 
implement the SHAKEN/STIR Caller ID authentication framework in the 
event that major voice service providers have not met Chairman's Pai's 
deadline for doing so by the end of 2019.

Safe Harbor for Call-Blocking Programs Based on Potentially Spoofed 
Calls

    2. The Commission proposes a narrow safe harbor for voice service 
providers that offer call-blocking programs that take into account 
whether a call has been properly authenticated under the SHAKEN/STIR 
framework and may potentially be spoofed.
    3. First, the Commission proposes a safe harbor for voice service 
providers that choose to block calls (or a subset of calls) that fail 
Caller ID authentication under the SHAKEN/STIR framework. A call would 
fail authentication when the attestation header has been maliciously 
altered or inserted--in other words, where a malicious actor has tried 
to inappropriately spoof another number and attempted to circumvent the 
protection provided by SHAKEN/STIR. Accordingly, the Commission would 
expect the vast majority of calls blocked in such circumstances to be 
illegitimate and call-blocking programs targeting such calls to be 
deserving of safe harbor. The Commission seeks comment on this view.
    4. Are there other instances where authentication would fail? Would 
a safe harbor for such a call-blocking program provide a strong 
incentive to participating SHAKEN/STIR providers to ensure their public 
key infrastructure is up to date, as well as bolster the value of a 
failed authentication as a strong indicator of an illegal call? As 
SHAKEN/STIR deployment becomes more widespread, will failed 
authentication be a good proxy for illegal calls? To the extent it is 
overbroad, how should the Commission address false positives? Are there 
specific notification or other procedures that are most appropriate for 
use to enable callers to correct such false positives quickly?
    5. Second, the Commission seeks comment on whether it should create 
a safe harbor for blocking unsigned calls from particular categories of 
voice service providers. Many larger voice service providers have 
committed to deploying SHAKEN/STIR in 2019. If other large voice 
service providers fail to do so, should blocking unsigned calls from 
such voice service providers, after a reasonable transition period, 
fall within the safe harbor? Alternatively, should a safe harbor target 
those voice service providers that are most likely to facilitate 
unlawful robocallers?
    6. How can the Commission ensure that any safe harbor does not 
impose undue costs on eligible telecommunications carriers 
participating in the Commission's high-cost program? And how can the 
Commission ensure any such carve-out

[[Page 29480]]

does not protect those few voice service providers that actively 
facilitate unlawful spoofing and robocalling, often from foreign 
countries?
    7. Can downstream providers reliably determine on which network a 
particular unsigned call originated? Are there concerns regarding a 
call that was initially signed transiting a non-IP network? Should the 
Commission set a date certain for when this type of blocking is 
permissible?
    8. Are there any particular protections the Commission should 
establish for a safe harbor to ensure that wanted calls are not 
blocked? The Commission seeks comment on whether to require providers 
seeking a safe harbor to provide for identifying and remedying the 
blocking of wanted calls.
    9. Compliance with Rural Call Completion Rules. The Commission also 
seeks comment on how its proposal intersects with the Commission's 
rural call completion rules, including those implementing the Rural 
Call Quality and Reliability Act of 2017 (RCC Act), and whether to 
include additional criteria related to these rules. The Commission 
seeks comment on whether Caller ID authentication provides sufficient 
justification to permit a downstream provider to block calls from an 
upstream provider.
    10. Use of SHAKEN/STIR-Based Analytics. SHAKEN/STIR's ability to 
determine the source of robocalls will be a significant contribution to 
the quality of these analytics. The Commission therefore seeks comment 
on the use of SHAKEN/STIR-based analytics once this technology is 
implemented.

Protections for Critical Calls

    11. Certain emergency calls must never be blocked. Accordingly, the 
Commission considers requiring any voice service provider that offers 
call-blocking to maintain a ``Critical Calls List'' of numbers it may 
not block. Such lists would include at least the outbound numbers of 
911 call centers (i.e., PSAPs) and government emergency outbound 
numbers. The prohibition on call blocking would only apply to 
authenticated calls. The Commission seeks comment on this proposal.
    12. The Commission seeks comment on what numbers should be required 
on a Critical Calls List. How should the Commission define outbound 
numbers of 911 call centers (i.e., PSAPs)? How should the Commission 
define government emergency outbound numbers? How can the Commission 
mitigate the burden of administering a Critical Calls List? Should a 
Critical Calls List be centrally maintained, or should each voice 
service provider instead maintain its own list? If centrally, what 
entity should maintain the list and how should voice service providers 
access the list? Does the Commission's proposal capture the most 
important numbers to avoid blocking?
    13. The Commission also seeks comment on limiting Critical Calls 
List protections to only those calls for which the Caller ID is 
authenticated. Does this provide protection against illegal callers 
spoofing these crucial numbers? The Commission seeks comment on whether 
voice service providers should be required to complete calls where any 
level of attestation is present so long as the Caller ID authenticates, 
or whether the Commission should limit this requirement.
    14. How can the Commission ensure that a Critical Calls List is 
sufficiently protected from abuse by unscrupulous callers? Should the 
list be kept non-public to avoid unlawful spoofing of listed numbers? 
The Commission seeks comment on whether there are any benefits to 
making the list public that outweigh these risks. If not public, who 
should be able to access it? The Commission invites comment on any 
other critical details. The Commission further seeks comment on the 
associated costs and benefits of implementing such a Critical Calls 
List.
    15. Calls Placed to 911. The Commission see no reason that the rule 
prohibiting blocking of calls to 911 should not apply to the blocking 
proposed herein. The Commission seeks comment on the extent to which 
PSAPs have received calls with a spoofed Caller ID reporting a false 
emergency.
    16. The Commission seeks comment on other ways to protect callers 
from erroneous blocking. Should the Commission consider other bases for 
blocking unwanted, illegal calls?

Mandating Caller ID Authentication

    17. If major voice service providers fail to meet an end of 2019 
deadline for voluntary implementation of the SHAKEN/STIR Caller ID 
authentication framework, the Commission proposes to require them to 
implement that framework. The Commission seeks comment on this 
proposal.
    18. Implementation of the SHAKEN/STIR framework across voice 
networks is important in the fight against unwanted, including illegal, 
robocalls. Should major voice service providers fail to meet this end-
of-year deadline, the Commission proposes to take appropriate 
regulatory action to ensure that voice service providers implement 
SHAKEN/STIR. If major voice service providers meet the end-of-year 
deadline, what steps should the Commission take to ensure that other 
voice service providers implement SHAKEN/STIR?
    19. Determining whether it is necessary to mandate implementation 
of SHAKEN/STIR. The Commission seeks comment on how best to define 
``major voice service providers'' for the purpose of evaluating the 
progress made by such providers in implementing SHAKEN/STIR by the end 
of this year.
    20. The Commission seeks comment on how best to evaluate whether 
major voice service providers have met the end of year deadline for 
implementation set by Chairman Pai. In discussing SHAKEN/STIR, 
providers often refer to signing calls on an intercarrier basis and 
using signature information they receive to enhance the consumer 
experience. Should this be the standard the Commission uses to measure 
implementation? The Commission invites comment on this approach and on 
specific alternatives. Should the Commission require certifications 
documenting compliance?
    21. Voice service providers covered by the SHAKEN/STIR 
implementation requirement. If the Commission mandates provider 
implementation of SHAKEN/STIR, the Commission proposes to require 
implementation by all voice service providers--wireline, wireless, and 
Voice over internet Protocol (VoIP) providers. The Commission seeks 
comment on this proposal. Are there other voice service providers the 
Commission should include? Are there any exceptions to an 
implementation requirement?
    22. Implementation. If the Commission mandates implementation of 
SHAKEN/STIR, what should the Commission require providers to accomplish 
to meet the requirement? Should it require providers to sign calls on 
an intercarrier basis and use signature information they receive to 
enhance the consumer experience? Should the Commission impose other or 
different requirements?
    23. For example, if the Commission mandates SHAKEN/STIR 
implementation, should the Commission require providers to adopt a 
uniform display showing consumers whether a call has been 
authenticated? Or should the Commission encourage provider 
experimentation to develop the most useful display for consumers?
    24. Timing of the requirement. If the Commission mandates 
implementation of SHAKEN/STIR, how much implementation time should the 
Commission give voice service providers? The Commission invites 
commenters to propose specific categories of voice service providers,

[[Page 29481]]

specify how the Commission should distinguish between or among them, 
explain why the Commission should do so for purposes of setting 
implementation deadlines, and propose specific implementation deadlines 
for each proposed specific category of voice service providers.
    25. Governance. What role should the Commission have in SHAKEN/STIR 
governance? Industry has taken steps to establish a governance regime. 
Are there aspects of the governance authority that the Commission 
should handle itself or should its role be formal oversight? Are there 
other functions that the Commission should undertake to ensure the 
adoption and implementation of SHAKEN/STIR?
    26. Legacy Networks. The Commission recognizes that there are 
challenges for smaller and rural carriers. The Commission seeks comment 
on how to encourage Caller ID authentication for carriers that maintain 
some portion of their network on legacy technology. Are there 
technologies available to enable legacy networks to participate in 
Caller ID authentication?
    27. Illegal calls originating outside the United States. The 
Commission seeks comment on how the Commission and the industry can 
best leverage Caller ID authentication technology and specifically 
SHAKEN/STIR to combat illegal calls originating outside the United 
States.

Measuring the Effectiveness of Robocall Solutions

    28. Should the Commission create a mechanism to provide information 
to consumers about the effectiveness of providers' robocall solutions? 
If so, how should ``effectiveness'' be defined? How would the 
Commission obtain the information needed to evaluate the effectiveness 
of the robocall solutions?

Legal Authority

    29. The Commission seeks comment on its authority to adopt new 
rules here. Sections 201(b) and 202(a) of the Communications Act (the 
Act) have formed the basis for the Commission's traditional 
prohibitions on call blocking. The Commission also is charged with 
prescribing regulations to implement the Truth in Caller ID Act, which 
made unlawful the spoofing of Caller ID ``in connection with any 
telecommunications service or IP-enabled voice service . . . with the 
intent to defraud, cause harm, or wrongfully obtain anything of value . 
. . .'' And section 251(e) of the Act gives the Commission authority 
over the use and allocation of numbering resources in the United 
States, including the use of unallocated and unused numbers.
    30. The Commission seeks comment on whether these statutory 
provisions--or any others--confer on the Commission sufficient 
authority to adopt rules to create a safe harbor for certain call-
blocking programs and require voice service providers that offer call-
blocking programs to maintain a Critical Calls List. Is creating a safe 
harbor equivalent to declaring certain practices presumptively just and 
reasonable? Is encouraging providers to adopt SHAKEN/STIR consistent 
with the Commission's authority under the Truth in Caller ID Act? Does 
the Commission's plenary authority over numbering extend to requiring 
that calls from certain numbers be sacrosanct? Does the Commission's 
authority depend, in part or at all, on whether the calls considered in 
a call-blocking program are in fact illegal under federal law or merely 
unwanted by consumers? Are these proposals necessary to allow voice 
service providers to help prevent unlawful acts and protect voice 
service subscribers? Would any of these proposals be limited only to 
calls purporting to use North American Numbering Plan (NANP) numbers?
    31. The Commission believes section 251(e) of the Act, which grants 
the Commission plenary jurisdiction over the NANP resources in the 
United States and the authority to administer numbering resources, 
provides the Commission the authority to mandate Caller ID 
authentication and specifically SHAKEN/STIR. By permitting voice 
providers and consumers to identify when a Caller ID number has been 
spoofed, mandating SHAKEN/STIR would prevent NANP resources from being 
fraudulently exploited. The Commission concludes that section 251(e) 
provides it sufficient authority to adopt such rules. Do commenters 
agree? Are there any other statutory provisions or other sources of 
authority the Commission should consider?

Initial Regulatory Flexibility Analysis

    32. As required by the Regulatory Flexibility Act of 1980, as 
amended, the Commission has prepared the Initial Regulatory Flexibility 
Analysis (IRFA) of the possible significant economic impact on a 
substantial number of small entities by the policies and rules proposed 
in the TFNPRM. Written public comments are requested on the IRFA. 
Comments must be identified as responses to the IRFA and must be filed 
by the deadlines for comments on the TFNPRM provided.
    33. Need for, and Objectives of, the Proposed Rules
    The TFNPRM proposes rules to permit voice service providers, on 
their own initiative, to block calls based on Caller ID authentication, 
specifically where the Caller ID is eligible for authentication but 
fails. The TFNPRM also proposes to require a ``Critical Calls List'' of 
numbers that must never be blocked so long as the Caller ID is 
authenticated. The TFNPRM further proposes and seeks comment on 
requiring voice service providers to implement the SHAKEN/STIR call 
authentication framework if major voice service providers fail to 
voluntarily implement it by the end of 2019.

Legal Basis

    34. The proposed and anticipated rules are authorized under 
sections 201, 202, 227, 251(e), and 403 of the Act, as amended, 47 
U.S.C. 201, 202, 227, 251(e), 403.

Description of Projected Reporting, Recordkeeping, and Other Compliance 
Requirements

    35. As indicated above, the TFNPRM seeks comment on proposed rules 
to codify that voice service providers may block telephone calls in 
certain circumstances to protect subscribers from illegal calls, as 
well as on proposed rules to prevent the blocking of lawful calls. 
Until these requirements are defined in full, it is not possible to 
predict with certainty whether the costs of compliance will be 
proportional between small and large voice service providers. In the 
TRNPRM, the Commission seeks to minimize the burden associated with 
reporting, recordkeeping, and other compliance requirements for the 
proposed rules, such as modifying software, developing procedures, and 
training staff.
    36. Under the proposed rules, the Commission tentatively concludes 
that voice service providers will need to keep records of Caller ID 
authentication information. In addition, voice service providers may 
need to set up communication with other voice service providers to 
share information about failed authentication. Voice service providers 
will also be required to maintain a ``Critical Calls List'' of numbers 
that should not be blocked.
    37. The TFNPRM also proposes to require voice service providers to 
implement SHAKEN/STIR if major voice service providers have not 
voluntarily implemented the framework by the end of 2019. At this time, 
the Commission is not in a position to determine whether, if adopted, 
the Commission's proposals will require small entities to hire 
attorneys, engineers, consultants, or other

[[Page 29482]]

professionals and cannot quantify the cost of compliance with the 
potential rule changes discussed herein. The TFNPRM proposes to require 
implementation by all voice service providers--wireline, wireless, and 
VoIP providers.

Steps Taken To Minimize Significant Economic Impact on Small Entities, 
and Significant Alternatives Considered

    38. These proposed rules to codify that voice service providers may 
block telephone calls in certain circumstances to protect subscribers 
from illegal and unwanted calls are permissive and not mandatory. Small 
businesses may avoid compliance costs entirely by declining to block 
calls, or may delay their implementation of call blocking to allow for 
more time to come into compliance with the rules. However, the 
Commission intends to craft rules that encourage all carriers, 
including small businesses, to block such calls and the TFNPRM 
therefore seeks comment from small businesses on how to minimize costs 
associated with implementing the proposed rules. The TFNPRM poses 
specific requests for comment from small businesses regarding how the 
proposed rules affect them and what could be done to minimize any 
disproportionate impact on small businesses.
    39. The Commission's proposed rules allow voice service providers 
to block calls based on certain criteria, including where the Caller ID 
fails authentication. In addition, the proposed rules protect callers 
from the risk of their calls being blocked erroneously. The TFNPRM 
requests feedback from small businesses and seeks comment on ways to 
make the proposed rules less costly and minimize the economic impact of 
the Commission's proposals.
    40. The TFNPRM also seeks comment on the length of time the 
Commission should allow voice service providers to implement SHAKEN/
STIR, whether smaller and medium-sized voice providers should be given 
additional time to implement this framework, and how to qualify and 
quantify voice providers' sizes. Moreover, the Commission seeks updated 
information for entities of all sizes, including small entities, 
regarding the upfront and recurring costs to providers of implementing 
SHAKEN/STIR.
    41. The Commission expects to consider the economic impact on small 
entities, as identified in comments filed in response to the TFNPRM and 
the IRFA, in reaching its final conclusions and taking action in this 
proceeding.

Federal Rules That May Duplicate, Overlap, or Conflict With the 
Proposed Rules

    42. None.

List of Subjects in 47 CFR Part 64

    Communications common carriers, Reporting and recordkeeping 
requirements, Telecommunications, Telephone.

Federal Communications Commission.
Cecilia Sigmund,
Federal Register Liaison Officer, Office of the Secretary.

Proposed Rules

    For the reasons discussed in the preamble, the Federal 
Communications Commission proposes to amend 47 part 64 as follows:

PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

0
1. The authority citation for part 64 continues to read as follows:

    Authority:  47 U.S.C. 154, 201, 202, 217 218, 220, 222, 225, 
226, 227, 228, 251(a), 251(e), 254(k), 262, 403(b)(2)(B), (c), 616, 
620, 1401-1473, unless otherwise noted.
0
2. Amend Sec.  64.1200 by
0
a. Redesignating paragraph (k)(2) as paragraph (k)(5);
0
b. Redesignating paragraph (k)(4) as paragraph (k)(2);
0
c. Redesignating paragraph (k)(1) as paragraph (k)(4);
0
d. Redesignating paragraph (k)(3) as paragraph (k)(1); and
0
e. Adding new paragraphs (k)(3) and (k)(6).
    The additions to read as follows:


Sec.  64.1200  Delivery restrictions

* * * * *
    (k) * * *
    (3) Any provider blocking pursuant to this subsection must maintain 
a list of numbers from which calls will not be blocked where the Caller 
ID is authenticated on a call purporting to originate from the number. 
Providers must include on their lists only numbers used for outbound 
calls by Public Safety Answering Points or other emergency services; 
government-originated calls, such as calls from local authorities 
generated during emergencies; and outbound calls from schools and 
similar educational institutions to provide school-related emergency 
notifications, such as weather-related closures or the existence of an 
emergency affecting the school or students.
* * * * *
    (6) A provider may block a call that is eligible for authentication 
of Caller ID and for which authentication by the terminating provider 
has failed.
* * * * *
[FR Doc. 2019-13320 Filed 6-21-19; 8:45 am]
 BILLING CODE 6712-01-P