Connect with us

FCC

Telephony Industry Rises to the Challenge of Robocalls, With Legislation, Regulation and Enforcement Close Behind

Published

on

Photo of FCC Chairman Ajit Pai at the 2019 FCBA Chairman's Dinner by Drew Clark

WASHINGTON, December 13, 2019 – The industry group that is hammering out technical standards governing an anti-robocall framework announced Thursday that that the STIR/SHAKEN framework will launch on Monday, December 16, 2019.

The launch of STIR/SHAKEN calling verification service won’t be final word in ending robocalls. But the much-anticipated milestone does represent a significant achievement for the creation of an entirely new framework governing authenticated telephony.

The rampant rise of robocalls have made person-less phone calls uniquely despised. The widespread disgust associated with time-wasting, distracting and fraudulent calls highlights the one thing that Republicans, Democrats and independents can all agree upon: Government must stop robocalls.

Indeed, the announcement of Monday’s launch of the STIR/SHAKEN framework by the Secure Telephone Identity Governance Authority (STI-GA) is merely one of three forums in which the battle against robocalls is being waged.

“The successful launch of STIR/SHAKEN by the industry-led STI-GA is a major step in the fight to mitigate illegal robocalls and Caller ID spoofing,” STI-GA Chair Linda Vandeloop said Thursday.

In addition to the for-now-voluntary STIR/SHAKEN standard, legislation mandating the use of STIR/SHAKEN by the providers of telephone service is likely to be passed by Congress within the next week.

Even if legislation isn’t passed, Federal Communications Commission Chairman Ajit Pai has done everything possible to rally responsible telephone providers against robocalling – up to and including Thursday’s $10 million fine against an allegedly illegal robocaller.

The origins of STIR/SHAKEN call authentication framework

STIR/SHAKEN is an industry-developed system to authenticate caller ID and hence address unlawful telephone call spoofing. It is designed to confirm that a call actually comes from the number indicated in the Caller ID, or – alternatively – at least to attest that the call entered the U.S. telephone network through a particular voice service provider or gateway.

STIR stands for Secure Telephony Identity Revisited, and is a standard developed by the Internet Engineering Task Force. The loosely-form acronym SHAKEN stands for the “Signature-based Handling of Asserted information using toKENs.”

It is this latter standard that has been the subject of intensive negotiation among telephony engineers in the STI-GA, which was formed to develop STIR/SHAKEN, as well as the non-profit telecom standards organization Alliance for Telecommunications Industry Solutions.

Importantly, the STIR/SHAKEN framework only works on the internet protocol-based telephone networks, including Voice over Internet Protocol services, to which most enterprise callers have migrated.

Estimates vary widely, but a significant chunk of traffic of calls on the public switched telephone network – perhaps as much as half — remain non-IP-based calls. Robocallers, however, almost all use VoIP.

The fundamental idea behind STIR/SHAKEN is that, using public key cryptography, a telephony provider would “provide assurances that Caller ID information transmitted with a particular call is accurate,” according to the FCC’s June 7, 2019, declaratory ruling on robocalls. “Once an originating or gateway provider has implemented these standards, it should sign, or attest to, all IP-based calls originating on its IP-based network or entering the network through its gateway.”

There are three levels of attestation: Level A, or full attestation; Level B, or partial attestation; and Level C, or gateway attestation.

Level A is easy. When a customer using a telephony provider’s network originates a call, and the telephony provider knows that number is associated with a legitimate customer, the provider passes the Level A attestation to the receiving telephone network.

Level C is also pretty straightforward: It refers to the minimal level of attestation that is expected when, for example, a foreign-originating call enters the gateway to a U.S.-provider’s telephone network. The domestic telephone carrier would pass the “Level C” attestation to the terminating carrier, or the carrier of the person who receives the phone call.

Key determinations about attestation of STIR/SHAKEN have yet to be made

In announcing the availability of the calling number verification service, the industry groups STI-GA and ATIS were mum on one of the major issues still in dispute in regard to Level B attestation.

In other words, the rules that govern partial attestation – when the signing voice service provider has not established a verified association with the phone number, but has some other kind of direct relationship with the customer in question – have not yet been made clear.

Beginning on Monday, December 16, however, voice service providers can register with iconectiv, which is the Secure Telephone Identity Policy Administrator, to obtain credentials in order to acquire STI certificates from approved Certification Authorities.

These certificates will be used to authenticate Caller ID, inform customers if the Caller ID was spoofed and to facilitate tracing calls back to their origin.

“Setting SHAKEN into action completes a major milestone in an initiative that brought the industry together through ATIS to find a solution to address the formidable challenge of illegal robocalling,” said ATIS CEO Susan Miller. “This development advances a top industry priority critical to restoring consumer trust in the voice network.”

ATIS and the policy body STI-GA recommended that service providers read the Service Provider Guidelines before registering for the call verification service online. Once registered, service providers will be able to access a list of Certification Authorities that can assign digital certificates used to sign calls and authenticate Caller ID.

If industry self-regulation of robocalls falters, legislation is likely to mandate telephony rules

On Wednesday, December 4, 2019, on a 417-3 vote, the House approved passage of S. 151, the Pallone-Thune “Telephone Robocall Abuse Criminal Enforcement and Deterrence Act,” or the TRACED Act, sponsored by House Energy and Commerce Committee Chairman Frank Pallone, D-N.J., and former Senate Commerce Committee Chairman John Thune, R-S.D.

The revised legislation built upon Thune’s TRACED Act, and effectively requires the implementation of the STIR/SHAKEN technology that is still under development. On December 4, the House incorporated some element of Pallone’s prior H.R. 3375, the Stopping Bad Robocalls Act – and which had not mentioned or mandated STIR/SHAKEN.

The House-passed bill, which now awaits passage by the Senate, “require[s] a provider of voice service to implement the STIR/SHAKEN authentication framework in the internet protocol networks of the provider of voice service” within 18 months of the passage of the legislation.

There are, however, many reasons why certain call spoofing may be legitimate. At a June forum on the subject, Rebecca Thompson, the head of government affairs at Twilio, illustrated several examples. These include protecting Uber riders’ numbers, womens’ shelters and crisis counseling lines preserving safety and privacy. She also pointed out cases of legitimate robocalls, including notifications from schools or emergency providers, that could potentially be blocked.

The TRACED act includes a provision requiring the FCC to develop rules, no later than one year after passage, that would create a safe harbor “establishing when a provider of voice service may block a voice call based, in whole or in part, on information provided by the [STIR/SHAKEN] call authentication framework.”

Pai attempt bully-pulpit regulation and enforcement, even before TRACED Act’s passage

The legislation will give the FCC authority to prosecute robocallers that it might otherwise lack.

In a speech at an anti-robocall symposium on November 22, 2019, Pai said that while he was grateful for industry efforts to implement STIR/SHAKEN, “the reality is were are only seven weeks away from the end-of-the-year deadline, and we are not yet seeing sufficient implementation by all major voice providers.”

He continued: “To any carriers out there who might not be treating this deadline with the urgency it deserves, I am putting them on notice now: at my direction, Commission staff is actively working on developing regulations to make this happen. If industry doesn’t get the job done on time, I will not hesitate to call an FCC vote on these new rules.”

Even without authority to go after carriers who dally in implementing a still-incomplete STIR/SHAKEN, the FCC is taking enforcement action against robocallers using the authority granted from other legislation.

Indeed, on Thursday, the FCC imposed a $9,997,750 fine in issuing a “notice of apparent liability” against Kenneth Moser and his telemarketing company Marketing Support Systems.

The FCC said that he apparently made more than 47,000 unlawful spoofed robocalls over a two-day period by spoofing the telephone number assigned to another telemarketing company when transmitting prerecorded voice calls against a political candidate shortly before California’s 2018 primary election.

Moser, who was in the business of providing political robocall services, spoofed the number of another company that provides robocalling services to political candidates. The spoofing generated many complaints from consumers who received the calls, and a cease-and-desist letter from the candidate against whom the calls were allegedly made.

The California Secretary of State referred a complaint about the matter to the FCC’s Enforcement Bureau, and which used the Truth in Caller ID Act has the basis for the fine.

In addition to finding that Moser apparently violated the Truth in Caller ID Act, the FCC’s Enforcement Bureau found that Moser sent more than 11,000 prerecorded voice messages to wireless phones, without consent, in violation of the Telephone Consumer Protection Act’s.

The Enforcement Bureau found that Moser also violated the TCPA’s requirement that prerecorded messages include the phone number and identity of the entity responsible for initiating the call. As a result, the Bureau also issued a citation for TCPA violations.

About the author:

Drew Clark, the Editor and Publisher of BroadbandBreakfast.com, is a nationally-respected telecommunications attorney at The CommLaw Group. He has closely tracked the trends in and mechanics of digital infrastructure for 20 years, and has helped fiber-based and fixed wireless providers navigate coverage, identify markets, broker infrastructure, and operate in the public right of way. Additionally, see a related advisory laying out some of the salient issues with SHAKEN/STIR that may be of interest to many providers of telecommunications and Voice over Internet Protocol (VoIP) services.

Drew Clark is the Editor and Publisher of BroadbandBreakfast.com and a nationally-respected telecommunications attorney at The CommLaw Group. He has closely tracked the trends in and mechanics of digital infrastructure for 20 years, and has helped fiber-based and fixed wireless providers navigate coverage, identify markets, broker infrastructure, and operate in the public right of way. The articles and posts on Broadband Breakfast and affiliated social media, including the BroadbandCensus Twitter feed, are not legal advice or legal services, do not constitute the creation of an attorney-client privilege, and represent the views of their respective authors.

FCC

Senate Committee OK’s Rosenworcel, Questions Sohn on Mapping, Net Neutrality, Broadband Standards

Gigi Sohn explained her positions on issues facing the FCC.

Published

on

Gigi Sohn at Senate Commerce, Science, and Transportation Committee meeting

WASHINGTON, December 1, 2021 – As the Senate Commerce, Science and Transportation Committee confirmed Jessica Rosenworcel as commissioner of the Federal Communications Commission, it also questioned Wednesday agency nominee Gigi Sohn on issues including net neutrality, broadband mapping, and speeds.

Rosenworcel is already chairwoman of the FCC by virtue of being named to the position by President Joe Biden. The president picks the chair of the agency from among the commissioners. However, Rosenworcel’s term as commissioner is to expire unless the Senate confirms her appointment to another term.

The committee on Wednesday also approved Alvaro Bedoya, a staunch privacy advocate, as commissioner of the Federal Trade Commission and had rounds at questioning Alan Davidson, who was nominated as head of the National Telecommunications and Information Administration, which will oversee $42.5 billion in broadband funds from the recently signed Infrastructure Investment and Jobs Act.

On mapping, Sohn called for a “crowdsourcing” effort amongst states to improve the quality of broadband mapping, as the agency has started to do. “A lot of states have maps already and they are quite accurate,” she said. Though she could not commit to a timeline, Sohn said that there could be no “good policy without good maps” and that if she were confirmed, she would dedicate herself to improve the FCC’s broadband maps.

Sohn also voiced her support for municipal broadband. “I have supported municipal broadband for a very long time,” she said, adding she supports open access models that allow service providers to share the same network. Sohn pointed to Utah as an example, where the model has been implemented successfully. She stated that the model has led to “enormous competition” for service providers.

When pressed as to whether the FCC should be able to preempt states and dictate how they implement their broadband policy, Sohn said she would like the FCC to have a better relationship with states. “If I am confirmed, one of the things I would ask the chairwoman [to use me as] a liaison to the states, because I’ve really formed very good relationships with them,” she said. “In the past, we have not [reached out] to the states and made them partners. We have been more adversarial.”

Net neutrality, broadband standards and Big Tech

Sohn also came out in support of net neutrality. “What I am concerned about now, with the repeal in 2017 of the net neutrality rules and the reclassification of broadband, is that we have no touch,” she said. “[Net neutrality] is really much broader than [preventing] blocking and throttling. It is about whether or not bandwidth – which we all agree is an essential service – should have government oversight, and right now, it does not.”

Legislators also questioned Sohn on her perspectives regarding broadband standards. Sen. Mike Lee, R-Utah, asked Sohn what standard – whether it was 100 Mbps download with 20 Mbps upload, or 100 Mbps symmetrical service – would bridge the digital divide. Sohn stated that it would take more than just the deployment of infrastructure to bridge the digital divide.

“I have urged that Congress adopt a permanent broadband subsidy like the Affordable Connectivity Program – which is more money but is not permanent,” Sohn said. “You still always have the adoption problem as well, where people do not have the digital literacy, sometimes not even [actual] literacy, to be able to use the internet.”

Insofar that capacity and internet speeds are concerned, Sohn emphasized that the Infrastructure Investment Jobs Act “does prefer scalable networks to meet the needs of tomorrow.”

“What we do not want, I would think – or I would not want – is to come back in five or ten years and say, ‘Oh, my goodness! We spent all this money, and we still have slow networks, and we still have areas that are not served,” she said. “The ability to have technologies that can grow over time.” Sohn stopped short of explicitly listing specific scalable technologies.

On Big Tech, Sen. Ted Cruz, R-Texas, described “a confluence of liberals advocating for censoring anyone with whom they disagree,” and a situation where “big tech [is] eagerly taking up the mantle to censor those with whom they disagree.” Cruz asked Sohn how she could guarantee she would not “use the power of government to silence.”

Sohn said that she would “make that commitment” to not act in such a way and added that she would “take any allegations of bias extremely seriously.” She said that she will continue to work with the Office of Government Ethics to dissuade any concerns people may have about her biases.

A date for a vote on Sohn and Davidson’s nominations has not yet been scheduled.

Continue Reading

FCC

FCC Eliminates Emergency Broadband Benefit Enrollment Freeze

The commission says an enrollment freeze is no longer necessary as the Infrastructure Act’s Affordable Connectivity Program takes effect.

Published

on

FCC Chairwoman Jessica Rosenworcel

WASHINGTON, November 29, 2021 – The Federal Communications Commission said Friday it is axing rules requiring a freeze on enrollment at the initial end of the Emergency Broadband Benefit program.

That’s because the Infrastructure Investment and Jobs Act, signed into law two weeks ago, extends the program indefinitely and rebrands it to the Affordable Connectivity Program. The FCC is currently gathering comments on how it should manage the transition to the new program.

The freeze was initially planned to avoid claims volatility and to allow for more certain financial projections in the EBB’s final months when funds were running low. Based on current budget projections, there is no longer concern that the EBB will run out of funding before the Affordable Connectivity Program takes effect, the FCC said.

In its announcement on Friday, the FCC also waived requirements for customer notice on the end of the EBB, which mandated 15- and 30-day consumer notices.

These mandates were eliminated to prevent any alarm or confusion over the EBB Program ending, as consumers will continue to receive service for 60 days following the program’s end due to provisions of the IIJA.

Continue Reading

FCC

FCC Watchdog Finds Evidence of Fraud in Emergency Broadband Benefit

Inspector General report finds “dozens” of cases of EBB abuse across the country.

Published

on

FCC Chairwoman Jessica Rosenworcel

WASHINGTON, November 24, 2021 – The watchdog that monitors fraud and abuse of Federal Communications Commission programs said it has found evidence that service providers are enrolling into the Emergency Broadband Benefit program more students than exist at some schools.

The Office of Inspector General said in a Monday report that service providers, who are reimbursed from the program for offering subsidized broadband services to schools, and their sales agents have been abusing the program by enrolling more “households that claimed they have a dependent child” than students “who are actually enrolled in those schools.”

The report found “dozens” of eligible schools across the country are overenrolled six months into the program. That includes schools in Alaska, Arizona, California, Colorado, New York and Florida.

The most “egregious examples” of such abuse, the OIG said, came out of Florida, with one example of a school that had enrolled 1884 households in the EBB program, when OIG research showed that “no more than 200 students attend” the school. Another school with 152 students had 1048 households enrolled in the program. The OIG said it will not disclose which schools to preserve its on-going investigation.

The report notes that additional households were blocked from enrolling in the program “by other program safeguards.”

Majority of abuse done by “handful” of providers

“Evidence shows this is not consumer-driven fraud – enrollment data directly links certain providers and their sales agents to these enrollments,” the report said, adding the same sales agents who overenrolled students in the aforementioned schools also did the same in other state schools.

“Sales agents who work for just a handful of EBB providers are responsible for the majority of this fraudulent enrollment activity,” it added.

Other examples of abuse, the report said, includes failure to identify the dependent child, the repeated use of the provider retail address as the address of homes served, and more than 2000 EBB households were noted as being more than 50 miles from their schools.

“As EBB providers incentivize sales agents to maximize enrollments by providing commission-based compensation, many of the abuses that once plagued the FCC’s Lifeline program have reappeared in the EBB program,” the report concluded, adding these providers will be liable for violations.

“If providers discover enrollment problems, OIG reminds them of their obligation to take appropriate remedial measures,” the report added. “Providers who defraud FCC programs by violating program enrollment rules and claim support for those households will be held accountable and may be subject to civil or criminal sanctions.”

The $3.2-billion EBB program, which launched in May, provides a subsidy of $50 per month to eligible low-income households and $75 per month for those living on native tribal lands, as well as a one-time reimbursement on a device. The program has enrolled over five million households so far.

The FCC is currently asking the public for comment on how it should handle the program’s expansion into a permanent fixture as a result of the Infrastructure Investment and Jobs Act signed by President Joe Biden last week.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending