3060-XXXX
March 2021
Compliance with the Non-IP Call Authentication Solution Rules;
Certification to Verify Exemption from Caller ID Authentication Implementation Mandate
SUPPORTING STATEMENT
This new information collection is being submitted to obtain approval from the Office of Management and Budget (OMB) for new information collection requirements due to a recent Federal Communications Commission (Commission or FCC) Order, as explained below.
Justification
Circumstances that make the collection necessary. On December 30, 2019, Congress enacted the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act. The TRACED Act directs the Commission to require, no later than 18 months from enactment, all voice service providers to implement STIR/SHAKEN in the IP portions of their networks and implement an effective caller ID authentication framework in the non-IP portions of their networks. Among other provisions, the TRACED Act also directs the Commission to create extension and exemption mechanisms for voice service providers. To implement the TRACED Act’s provisions related to call authentication, the Commission adopted a Report and Order and Further Notice of Proposed Rulemaking on March 30, 2020, and a Second Report and Order on September 29, 2020. See Call Authentication Trust Anchor, Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97 and 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241 (Mar. 31, 2020); Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, FCC 20-136 (adopted Sept. 29, 2020).
Section 4(b)(1)(B) of the TRACED Act directs the Commission to require that providers of voice service, no later than June 30, 2021, take reasonable measures to implement an effective caller ID authentication framework in the non-IP portions of their networks. In the Second Report and Order, adopting the proposal from the March Further Notice, the Commission interpreted this language to require that a voice service provider be actively working to implement a caller ID authentication framework on the non-IP portions of its network, either by (1) upgrading its non-IP networks to IP so that the STIR/SHAKEN authentication framework may be implemented, or (2) by working to develop a non-IP authentication solution. Furthermore, the Commission adopted the proposal from the March Further Notice that to satisfy this latter option, a voice service provider would have to, upon request, provide the Commission documented proof that it is participating, either on its own or through a representative, as a member of a working group or consortium that is working to develop a non-IP solution, or actively testing such a solution.
Section 4(b)(2) of the TRACED Act requires the Commission to free a voice service provider from the obligation to implement STIR/SHAKEN on the IP portions of its network and an effective call authentication system on the non-IP portions its network if the Commission determines, by December 30, 2020, that the provider: (A) in its IP networks (i) “has adopted the STIR/SHAKEN authentication framework for calls on the [IP] networks of the provider of voice service; (ii) has agreed voluntarily to participate with other providers of voice service in the STIR/SHAKEN authentication framework; (iii) has begun to implement the STIR/SHAKEN authentication framework; and (iv) will be capable of fully implementing the STIR/SHAKEN authentication framework not later than [June 30, 2021]”; and (B) in its non-IP networks (i) “has taken reasonable measures to implement an effective call authentication framework; and (ii) will be capable of fully implementing an effective call authentication framework not later than [June 30, 2021].” The Second Report and Order implemented section 4(b)(2) of the TRACED Act by establishing two exemptions: one exemption for a voice service provider’s IP networks if it meets all four statutory criteria for all calls it originates or terminates in SIP, and one exemption for a voice service provider’s non-IP networks if it meets both statutory criteria for all non-SIP calls it originates or terminates.
The Second Report and Order also established the certification process that the Commission proposed in the March Further Notice as necessary to permit the Commission to meet the TRACED Act’s statutory deadline. Because the section 4(b)(2)(A) and (B) exemptions are based on a voice service provider’s prediction of its future ability to meet the June 30, 2021 implementation deadline, the Second Report and Order adopted the proposal from the March Further Notice that applicable voice service providers be required to file a second certification after June 30, 2021, to verify that they met the criteria to receive their exemption.
Section 4(b)(5) of the TRACED Act requires the Commission to provide extensions of the June 30, 2021 implementation deadline to certain categories of providers. In the Second Report and Order, the Commission provided: (1) a two-year extension to small, including small rural, voice service providers; (2) an extension to voice service providers that cannot obtain a certificate due to the Governance Authority’s token access policy until such provider is able to obtain a certificate; (3) a one-year extension to services scheduled for section 214 discontinuance; and (4) an extension for the parts of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls until a solution for such calls is reasonably available. As required by section 4(b)(5)(C)(i) of the TRACED Act, the Commission further adopted rules that require those voice service providers that receive an extension to implement a robocall mitigation program to protect their customers on the parts of their networks not subject to protection from STIR/SHAKEN.
In order to promote transparency, in the Second Report and Order, the Commission required that all voice service providers file certification with the Commission stating that: (i) the voice service provider has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it originates are compliant with 47 CFR 64.6301(a)(1)-(2); (ii) the voice service provider has implemented the STIR/SHAKEN authentication framework on a portion of its network and calls it originates on that portion are compliant with paragraphs 47 CFR 64.6301(a)(1)-(2), and the remainder of the calls that originate on its network are subject to a robocall mitigation program; or (iii) the voice provider has not implemented the STIR/SHAKEN authentication framework on any portion of its network, and all of the calls that originate on its network are subject to a robocall mitigation program. Pursuant to the rules adopted in the Second Report and Order, each voice service provider must also include in its filing: (i) the voice service provider’s business name(s) and primary address; (ii) other business names in use by the voice service provider; (iii) all business names previously used by the voice service provider; (iv) whether the voice service provider is a foreign voice service provider; and (v) the name, title, department, business address, telephone number, and email address of one person within the company responsible for addressing robocall mitigation-related issues.
The Second Report and Order further requires that any voice service provider certifying all or part of its network is covered by a robocall mitigation program, include in its certification: (i) identification of the type of extension or extensions the voice service provider received under 47 CFR 64.6304, if the voice service provider is not a foreign voice service provider; (ii) the specific reasonable steps the voice service provider has taken to avoid originating illegal robocall traffic as part of its robocall mitigation program; and (iii) a statement of the voice service provider’s commitment to respond fully and in a timely manner to all traceback requests from the Commission, law enforcement, and the industry traceback consortium, and to cooperate with such entities in investigating and stopping any illegal robocallers that use its service to originate calls.
New requirements for which we are seeking OMB approval:
There are three new information collection requirements created under the newly adopted rules of the Second Report and Order.
First, in order to comply with the requirement that a voice service provider has taken reasonable steps to implement an effective call authentication system in the non-IP portions of its network by June 30, 2021, it must either upgrade its network to IP or maintain and be ready to provide the Commission upon request with documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non-Internet Protocol caller identification authentication solution, or actively testing such a solution.
Second, in order to receive either of the exemptions created under 4(b)(2)(A) and (B) of the TRACED Act, a voice service provider must submit a certification verifying, after the June 30, 2021, deadline, that they adequately satisfied each of the exemption criteria that they previously certified to.
And third, to promote transparency in the robocall mitigation programs, the Commission will create an electronic Robocall Mitigation Database where every voice service provider will have to submit certifications that they have implemented STIR/SHAKEN or have created a robocall mitigation program.
Statutory authority for this information collection is contained in 47 U.S.C. §§ 227b, 251(e), and 227(e) of the Communications Act of 1934.
This information collection does not affect individuals or households; thus; there is no impact under the Privacy Act.
Use of information. The Commission will use the information to determine: (1) which providers satisfy the requirement that they take reasonable measures to implement an effective call authentication system in the non-IP portions of their networks; (2) which voice service providers satisfy the criteria to be exempted from the Commission’s call authentication requirements; (3) and which voice service providers comply with the requirements of the Robocall Mitigation Database.
Technology collection techniques. First, regarding a request under section 64.6303(b) for a voice service provider to provide the Commission documented proof that it is participating, either on its own or through a representative, including third party representatives, as a member of a working group, industry standards group, or consortium that is working to develop a non-Internet Protocol caller identification authentication solution, the applicable voice service provider will respond to the Commission in the method specified in the Commission’s request. Second, all submissions for the exemption implementation verification process under section 64.6306(e) will be made electronically in the Commission’s Electronic Comment Filing System (ECFS). Third, all submissions to the Robocall Mitigation Database under section 64.6305(b) will be made electronically into a database set up specifically for this purpose.
Efforts to identify duplication. For each of these three requirements, the information to be collected is unique to each voice service provider, and there are no similar collection requirements.
Impact on small entities. The Commission worked to minimize the amount of information each certification will require.
Consequences if information is not collected. If this information is not collected, the Commission will be unable to meet its statutory obligations under the TRACED Act.
Special circumstances. We do not foresee any special circumstances with this information collection.
Federal Register notice; efforts to consult with persons outside the Commission. A 60-day notice was published in the Federal Register as required by 5 CFR 1320.8(d) on December 21, 2020 (85 FR 83082). December 21, 2020. The Commission received one comment from Jean Public, a member of the public.1 The Commentor suggested that FCC documents should be written in simple language in order to be more easily understood by the public and that the Commission should take aggressive action to combat illegal robocalling. The Commentor does not suggest the Commission modify or cancel the information collection.
Payments or gifts to respondents. The Commission does not anticipate providing any payment or gifts to respondents.
Assurances of confidentiality. The Commission will consider the potential confidentiality of any information submitted, particularly where public release of such information could raise security concerns (e.g., granular location information). Respondents may request materials or information submitted to the Commission or to the Administrator be withheld from public inspection under 47 C.F.R. § 0.459 of the Commission’s rules.
Questions of a sensitive nature. There are no questions of a sensitive nature with respect to the information collection described herein.
Estimates of the hour burden of the collection to respondents. The following represents the hour burden on the collection of information:
Compliance with requirement under section 64.6303(b) that a voice service provider have documented proof that it is working towards a solution for non-IP caller ID authentication
Number of Respondents: Approximately 1,634 voice service providers.
Frequency of Response: Upon request by the Commission.
Total number of responses per respondent: 1.
Estimated time per response: 30 minutes (0.5 hours).
Total hour burden: 817 hours.
0.5 hours per response for per respondent for 1,634 voice service providers. Total annual hour burden is calculated as follows:
1,634 respondents x 1 response per respondent = 1,634 responses x 0.5 hours = 817 total hours.
Total estimate of in-house cost to respondents: $46,005.27 (817 hours x $56.31/hr.).
Explanation of calculation: We estimate that each voice service provider will take, on average, 0.5 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $56.31 per hour (equivalent to a GS-13, step 5 federal employee).
1,634 (number of responses) x 0.5 (hours to prepare response) x 1 (responses per respondent) x $56.31/hr. = $46,006.27.
Number of Respondents: Approximately 817 voice service providers.
Frequency of Response: One-time reporting requirement, and on the occasion that information in the robocall mitigation database is updated.
Total number of responses per respondent: 1.
Estimated time per response: 3 hours.
Total hour burden: 2,451 hours.
3 hours per response for 817 voice service providers. Total annual hour burden is calculated as follows:
817 respondents x 1 response per respondent = 817 responses x 3 hours = 2,451 total hours.
Total estimate of in-house cost to respondents: $138,015.81 (2,451 hours x $56.31/hr.).
Explanation of calculation: We estimate that each voice service provider will take, on average, 3 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $56.31 per hour (equivalent to a GS-13, step 5 federal employee).
817 (number of responses) x 3 (hours to prepare response) x $56.31/hr. = $138,015.81.
Number of Respondents: Approximately 4,084 voice service providers.
Frequency of Response: One-time reporting requirement, and on the occasion that information in the robocall mitigation database is updated.
Total number of responses per respondent: 1.
Estimated time per response: 3 hours.
Total hour burden: 12,252 hours.
3 hours per response for 1 response per respondent for 4,084 voice service providers. Total annual hour burden is calculated as follows:
4,084 respondents x 1 response per respondent = 4,084 responses x 3 hours = 12,252 total hours.
Total estimate of in-house cost to respondents: $689,910.12 (12,252 hours x $56.31/hr.).
Explanation of calculation: We estimate that each voice service provider will take, on average, 3 hours per response. We estimate that respondents use mid- to senior-level personnel to comply with the requirements comparable in pay to the Federal Government, approximately $56.31 per hour (equivalent to a GS-13, step 5 federal employee).
12,252 (number of responses) x 3 (hours to prepare response) x 1 (responses per respondent) x $56.31/hr. = $689,910.12.
Total Number of Respondents: 1,634 + 817 + 4,084 = 6,535 unique respondents
Total Number of Responses: 1,634 + 817 + 4,084 = 6,535 responses
Total Hourly Burden: 817 + 2,451 + 12,252 = 15,520 burden hours
Total
In-House Costs to Respondents: $873,932.20
Estimates for the cost burden of the collection to respondents. The Commission believes that voice service providers have sufficient “in-house” staff to address all the information collection requirements using their “in-house” personnel rather than having to contract out this requirement. Thus:
(a) Total annualized capital/startup costs: $0.00
(b) Total annualized costs (O&M): $0.00
(c) Total annualized cost requested: $0.00
Estimates of the cost burden to the Commission.
Compliance with requirement under section 64.6303(b) that a voice service provider have documented proof that it is working towards a solution for non-IP caller ID authentication
Costs to the Commission will potentially be $56.31/hr (GS-13, step 5 federal employee) x .5 hrs (to request documented proof from voice service providers) x 1,634 voice service providers = $46,006.27
Exemption implementation verification process under section 64.6306(e)
Costs to the Commission will be minimal because the responses will be filed in the Commission’s pre-established Electronic Comment Filing System (ECFS), which it already uses to receive other filings from third parties, e.g., comments and ex parte filings.
Robocall Mitigation Database requirement under section 64.6305(b)
Cost to Commission estimated to be $56.31/hr (GS-13, step 5 federal employee) x 480 hrs (to stand up the Robocall Mitigation Database) x 3 employees = $81,086.40
Total Cost to the Federal Government: $46,006.27 + $81,086.40 = $127,092.67
Program changes or adjustments. The Commission is reporting program changes/increases to this new information collection. These increases to the total number of respondents of +6,535, total annual responses of +6,535 and total annual burden hours of +15,520 will be added to OMB’s Active Inventory.
Collections of information whose results will be published. The Commission will publish and seek comment on the certifications voice service providers will file to verify their compliance with the exemption implementation requirements. The filings that voice service providers submit into the Robocall Mitigation Database will also be published to the public on that database. At this time, the Commission does not plan to publish to the public a voice service provider’s response to a request for documented proof that they are taking reasonable measures to implement a non-IP caller ID authentication solution.
Display of expiration date for OMB approval of information collection. There is no paper form associated with this information collection; it will be collected electronically through the Electronic Comment Filing System (ECFS), the Robocall Mitigation Database, or another electronic method. The Commission publishes a list of all OMB-approved information collections including their titles, OMB Control Numbers and OMB expiration dates in 47 CFR 0.408 of the Commission’s rules.
Exceptions to certification for Paperwork Reduction Act submissions. There are no exceptions to the Certification Statement.
Collections of Information Employing Statistical Methods:
No statistical methods are employed.
1 Public Comment at 1.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Jordan Marie Reth |
| File Modified | 0000-00-00 |
| File Created | 2021-03-04 |