47 USC 227 b

47 U.S.C. 227b.pdf

Secure Telephone Identity Governance Authority Token Revocation Review Process

47 USC 227 b

OMB: 3060-1287

Document [pdf]
Download: pdf | pdf
8/31/2020

47 USC 227b: Call authentication
Text contains those laws in effect on August 30, 2020
From Title 47-TELECOMMUNICATIONS
CHAPTER 5-WIRE OR RADIO COMMUNICATION
SUBCHAPTER II-COMMON CARRIERS
Part I-Common Carrier Regulation
Jump To:
Source Credit
References In Text
Codification
Cross Reference

§227b. Call authentication
(a) Definitions
In this section:
(1) STIR/SHAKEN authentication framework
The term "STIR/SHAKEN authentication framework" means the secure telephone identity revisited and signaturebased handling of asserted information using tokens standards proposed by the information and communications
technology industry.
(2) Voice service
The term "voice service"(A) means any service that is interconnected with the public switched telephone network and that furnishes
voice communications to an end user using resources from the North American Numbering Plan or any successor
to the North American Numbering Plan adopted by the Commission under section 251(e)(1) of this title; and
(B) includes(i) transmissions from a telephone facsimile machine, computer, or other device to a telephone facsimile
machine; and
(ii) without limitation, any service that enables real-time, two-way voice communications, including any service
that requires internet protocol-compatible customer premises equipment (commonly known as "CPE") and
permits out-bound calling, whether or not the service is one-way or two-way voice over internet protocol.
(b) Authentication frameworks
(1) In general
Subject to paragraphs (2) and (3), and in accordance with paragraph (6), not later than 18 months after December
30, 2019, the Commission shall(A) require a provider of voice service to implement the STIR/SHAKEN authentication framework in the internet
protocol networks of the provider of voice service; and
(B) require a provider of voice service to take reasonable measures to implement an effective call authentication
framework in the non-internet protocol networks of the provider of voice service.
(2) Implementation
The Commission shall not take the action described in paragraph (1) with respect to a provider of voice service if
the Commission determines, not later than 12 months after December 30, 2019, that such provider of voice service(A) in internet protocol networks(i) has adopted the STIR/SHAKEN authentication framework for calls on the internet protocol networks of the
provider of voice service;
(ii) has agreed voluntarily to participate with other providers of voice service in the STIR/SHAKEN
authentication framework;
(iii) has begun to implement the STIR/SHAKEN authentication framework; and
(iv) will be capable of fully implementing the STIR/SHAKEN authentication framework not later than 18 months
after December 30, 2019; and
(B) in non-internet protocol networks(i) has taken reasonable measures to implement an effective call authentication framework; and
(ii) will be capable of fully implementing an effective call authentication framework not later than 18 months
after December 30, 2019.
(3) Implementation report
1/4

8/31/2020

Not later than 12 months after December 30, 2019, the Commission shall submit to the Committee on Energy and
Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the
Senate a report on the determination required under paragraph (2), which shall include(A) an analysis of the extent to which providers of voice service have implemented the call authentication
frameworks described in subparagraphs (A) and (B) of paragraph (1), including whether the availability of
necessary equipment and equipment upgrades has impacted such implementation; and
(B) an assessment of the efficacy of the call authentication frameworks described in subparagraphs (A) and (B)
of paragraph (1) in addressing all aspects of call authentication.
(4) Review and revision or replacement
Not later than 3 years after December 30, 2019, and every 3 years thereafter, the Commission, after public notice
and an opportunity for comment, shall(A) assess the efficacy of the technologies used for call authentication frameworks implemented under this
section;
(B) based on the assessment under subparagraph (A), revise or replace the call authentication frameworks
under this section if the Commission determines it is in the public interest to do so; and
(C) submit to the Committee on Energy and Commerce of the House of Representatives and the Committee on
Commerce, Science, and Transportation of the Senate a report on the findings of the assessment under
subparagraph (A) and on any actions to revise or replace the call authentication frameworks under subparagraph
(B).
(5) Extension of implementation deadline
(A) Burdens and barriers to implementation
Not later than 12 months after December 30, 2019, and as appropriate thereafter, the Commission(i) shall assess any burdens or barriers to the implementation required by paragraph (1), including(I) for providers of voice service to the extent the networks of such providers use time-division multiplexing;
(II) for small providers of voice service and those in rural areas; and
(III) the inability to purchase or upgrade equipment to support the call authentication frameworks under this
section, or lack of availability of such equipment; and
(ii) in connection with an assessment under clause (i), may, upon a public finding of undue hardship, delay
required compliance with the 18-month time period described in paragraph (1), for a reasonable period of time,
for a provider or class of providers of voice service, or type of voice calls, as necessary for that provider or class
of providers or type of calls to participate in the implementation in order to address the identified burdens and
barriers.
(B) Delay of compliance required for certain non-internet protocol networks
Subject to subparagraphs (C) through (F), for any provider or class of providers of voice service, or type of voice
calls, only to the extent that such a provider or class of providers of voice service, or type of voice calls, materially
relies on a non-internet protocol network for the provision of such service or calls, the Commission shall grant a
delay of required compliance under subparagraph (A)(ii) until a call authentication protocol has been developed for
calls delivered over non-internet protocol networks and is reasonably available.
(C) Robocall mitigation program
(i) Program required
During the time of a delay of compliance granted under subparagraph (A)(ii), the Commission shall require,
pursuant to the authority of the Commission, that any provider subject to such delay shall implement an
appropriate robocall mitigation program to prevent unlawful robocalls from originating on the network of the
provider.
(ii) Additional requirements
If the consortium registered under section 13(d) identifies a provider of voice service that is subject to a delay
of compliance granted under subparagraph (A)(ii) as repeatedly originating large-scale unlawful robocall
campaigns, the Commission shall require such provider to take action to ensure that such provider does not
continue to originate such calls.
(iii) Minimization of burden
The Commission shall make reasonable efforts to minimize the burden of any robocall mitigation required
pursuant to clause (ii), which may include prescribing certain specific robocall mitigation practices for providers
of voice service that have repeatedly originated large-scale unlawful robocall campaigns.
(D) Full participation
The Commission shall take reasonable measures to address any issues in an assessment under subparagraph
(A)(i) and enable as promptly as reasonable full participation of all classes of providers of voice service and types
of voice calls to receive the highest level of trust. Such measures shall include, without limitation, as appropriate,
limiting or terminating a delay of compliance granted to a provider under subparagraph (B) if the Commission
2/4

8/31/2020

determines in such assessment that the provider is not making reasonable efforts to develop the call
authentication protocol described in such subparagraph.
(E) Alternative methodologies
The Commission shall identify, in consultation with small providers of voice service and those in rural areas,
alternative effective methodologies to protect customers from unauthenticated calls during any delay of compliance
granted under subparagraph (A)(ii).
(F) Revision of delay of compliance
Not less frequently than annually after the first delay of compliance is granted under subparagraph (A)(ii), the
Commission(i) shall consider revising or extending any delay of compliance granted under subparagraph (A)(ii);
(ii) may revise such delay of compliance; and
(iii) shall issue a public notice with regard to whether such delay of compliance remains necessary, including(I) why such delay of compliance remains necessary; and
(II) when the Commission expects to achieve the goal of full participation as described in subparagraph (D).
(6) No additional cost to consumers or small business customers
The Commission shall prohibit providers of voice service from adding any additional line item charges to consumer
or small business customer subscribers for the effective call authentication technology required under paragraph (1).
(7) Accurate identification
Not later than 12 months after December 30, 2019, the Commission shall issue best practices that providers of
voice service may use as part of the implementation of effective call authentication frameworks under paragraph (1)
to take steps to ensure the calling party is accurately identified.
(c) Safe harbor and other regulations
(1) In general
Consistent with the regulations prescribed under subsection (j) of section 227 of this title, as added by section 10,
the Commission shall, not later than 1 year after December 30, 2019, promulgate rules(A) establishing when a provider of voice service may block a voice call based, in whole or in part, on
information provided by the call authentication frameworks under subsection (b), with no additional line item
charge;
(B) establishing a safe harbor for a provider of voice service from liability for unintended or inadvertent blocking
of calls or for the unintended or inadvertent misidentification of the level of trust for individual calls based, in whole
or in part, on information provided by the call authentication frameworks under subsection (b);
(C) establishing a process to permit a calling party adversely affected by the information provided by the call
authentication frameworks under subsection (b) to verify the authenticity of the calling party's calls; and
(D) ensuring that calls originating from a provider of voice service in an area where the provider is subject to a
delay of compliance with the time period described in subsection (b)(1) are not unreasonably blocked because the
calls are not able to be authenticated.
(2) Considerations
In establishing the safe harbor under paragraph (1), consistent with the regulations prescribed under subsection (j)
of section 227 of this title, as added by section 10, the Commission shall consider limiting the liability of a provider of
voice service based on the extent to which the provider of voice service(A) blocks or identifies calls based, in whole or in part, on the information provided by the call authentication
frameworks under subsection (b);
(B) implemented procedures based, in whole or in part, on the information provided by the call authentication
frameworks under subsection (b); and
(C) used reasonable care, including making all reasonable efforts to avoid blocking emergency public safety
calls.
(d) Rule of construction
Nothing in this section shall preclude the Commission from initiating a rulemaking pursuant to its existing statutory
authority.
( Pub. L. 116–105, §4, Dec. 30, 2019, 133 Stat. 3276 .)

REFERENCES IN TEXT
Section 13, referred to in subsec. (b)(5)(C)(ii), is section 13 of Pub. L. 116–105, which is set out as a note
under section 227 of this title.
Section 10, referred to in subsec. (c), means section 10 of Pub. L. 116–105.

CODIFICATION
Section was enacted as part of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement
and Deterrence Act, also known as the Pallone-Thune TRACED Act, and not as part of the
3/4

8/31/2020

Communications Act of 1934 which comprises this chapter.

DEFINITION
For definition of "Commission" as used in this section, see section 2 of Pub. L. 116–105, set out as a note
under section 227 of this title.

4/4


File Typeapplication/pdf
File Modified2021-02-16
File Created2020-08-31

© 2024 OMB.report | Privacy Policy