Download:
pdf |
pdfFederal Communications Commission
FCC 20-42
Before the
Federal Communications Commission
Washington, D.C. 20554
In the Matter of
Call Authentication Trust Anchor
Implementation of TRACED Act Section 6(a) —
Knowledge of Customers by Entities with Access
to Numbering Resources
)
)
)
)
)
)
)
)
WC Docket No. 17-97
WC Docket No. 20-67
REPORT AND ORDER AND FURTHER NOTICE OF PROPOSED RULEMAKING
Adopted: March 31, 2020
Released: March 31, 2020
Comment Date: May 15, 2020
Reply Comment Date: May 29, 2020
By the Commission: Chairman Pai, Commissioners O'Rielly, Carr, Rosenworcel and Starks issuing
separate statements:
TABLE OF CONTENTS
I. INTRODUCTION ...................................................................................................................................1
II. BACKGROUND .....................................................................................................................................4
III. REPORT AND ORDER........................................................................................................................24
A. Mandating the STIR/SHAKEN Framework ...................................................................................25
1. STIR/SHAKEN Implementation Requirements.......................................................................32
2. Legal Authority ........................................................................................................................42
B. Summary of Costs and Benefits......................................................................................................45
1. Expected Benefits.....................................................................................................................46
2. Expected Costs .........................................................................................................................53
C. Other Issues.....................................................................................................................................54
IV. FURTHER NOTICE OF PROPOSED RULEMAKING......................................................................57
A. Caller ID Authentication Requirements Definitions and Scope .....................................................58
B. Extending the STIR/SHAKEN Implementation Mandate to Intermediate Providers ....................61
C. Assessment of Burdens or Barriers to Implementation ..................................................................72
D. Extension of Implementation Deadline ..........................................................................................75
E. Caller ID Authentication in Non-IP Networks ...............................................................................96
F. Voluntary STIR/SHAKEN Implementation Exemption ..............................................................102
G. Prohibiting Line Item Charges for Caller ID Authentication .......................................................119
H. Call Labeling.................................................................................................................................121
I. Benefits and Costs.........................................................................................................................122
J. Access to Numbering Resources ..................................................................................................123
V. PROCEDURAL MATTERS...............................................................................................................131
VI. ORDERING CLAUSES......................................................................................................................139
APPENDIX A – Final Rules
APPENDIX B – Draft Proposed Rules
APPENDIX C – Final Regulatory Flexibility Analysis
APPENDIX D – Initial Regulatory Flexibility Analysis
Federal Communications Commission
I.
FCC 20-42
INTRODUCTION
1.
Each day, Americans receive millions of unwanted phone calls.1 These include
“spoofed” calls whereby the caller falsifies caller ID information that appears on a recipient’s phone to
deceive them into thinking the call is from someone they know or can trust.2 And these spoofed calls are
not simply an annoyance—they result in billions of dollars lost to fraud,3 degrade consumer confidence in
the voice network, and harm our public safety.4
2.
The Commission, Congress, and state attorneys general all agree on the need to protect
consumers and put an end to illegal caller ID spoofing.5 Over the past three years, the Commission has
taken a multi-pronged approach to this problem—issuing hundreds of millions of dollars in fines for
violations of our Truth in Caller ID rules;6 expanding those rules to reach foreign calls and text
messages;7 enabling voice service providers to block certain clearly unlawful calls before they reach
consumers’ phones;8 and clarifying that voice service providers may offer call-blocking services by
default.9 We have also called on industry to “trace back” illegal spoofed calls and text messages to their
original sources10 and encouraged industry to develop and implement new caller ID authentication
technology.11 That technology, known as STIR/SHAKEN,12 allows voice service providers to verify that
the caller ID information transmitted with a particular call matches the caller’s number. Its widespread
implementation will reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad
actors more easily, and help voice service providers identify calls with illegally spoofed caller ID
information before those calls reach their subscribers.13
3.
Today, we build on our aggressive and multi-pronged approach to ending illegal caller ID
spoofing. First, we mandate that all voice service providers implement the STIR/SHAKEN caller ID
authentication framework in the Internet Protocol (IP) portions of their networks by June 30, 2021.14 In
establishing this requirement, we both act on our proposal to require voice service providers to implement
the STIR/SHAKEN caller ID authentication framework if major voice service providers did not
One source indicates that Americans received over 58 billion such calls in 2019 alone. YouMail, Historical
Robocalls by Time, https://www.robocallindex.com/history/time (last visited Jan. 17, 2020).
1
Spoofing has legal and illegal uses. For example, medical professionals calling patients from their mobile phones
often legally spoof the outgoing phone number to be the office phone number for privacy reasons, and businesses
often display a toll-free call-back number. Illegal spoofing, on the other hand, occurs when a caller transmits
misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of
value. See FCC, Caller ID Spoofing (last updated Jan. 6, 2020), https://www.fcc.gov/consumers/guides/spoofingand-caller-id.
2
A 2019 survey estimated that spoofing fraud affected one in six Americans and cost approximately $10.5 billion in
a single 12-month period. Kim Fai Kok, Truecaller Insights: Phone Scams Cause Americans to Lose $10.5 Billion
in Last 12 Months Alone (Apr. 17, 2019), https://truecaller.blog/2019/04/17/truecaller-insights-2019-us-spamphone-scam-report.
3
See Octavio Blanco, Mad About Robocalls?, Consumer Rep. (Apr. 2, 2019),
https://www.consumerreports.org/robocalls/mad-about-robocalls (finding that 70% of Americans do not answer
calls from unrecognized numbers); see also, e.g., Adrian Abramovich, Marketing Strategy Leaders, Inc., and
Marketing Leaders, Inc., Forfeiture Order, 33 FCC Rcd 4663, 4664, para. 5 (2018) (involving a large-scale
robocalling campaign that disrupted emergency medical communications).
4
See, e.g., Press Release, FCC, Chairman Pai Calls on Industry to Adopt Anti-Spoofing Protocols to Help
Consumers Combat Scam Robocalls (Nov. 5, 2018), https://docs.fcc.gov/public/attachments/DOC-354933A1.pdf;
Fifty-One State Attorneys General, Anti-Robocall Principles, https://ncdoj.gov/download/141/files/17821/state-agsproviderrs-antirobocall-principles-with-signatories; Pallone-Thune Telephone Robocall Abuse Criminal
Enforcement and Deterrence Act, Pub. L. No. 116-105 (2019) (TRACED Act).
5
6
See, e.g., Adrian Abramovich, Marketing Strategy Leaders, Inc., and Marketing Leaders, Inc., 33 FCC Rcd 4663.
2
Federal Communications Commission
FCC 20-42
voluntarily do so by the end of 2019,15 and implement Congress’s direction in the recently enacted
Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act to
mandate STIR/SHAKEN not later than 18 months after the date of enactment of that Act.16 Second, we
propose and seek comment on additional measures to combat illegal spoofing, including further
implementation of the TRACED Act.
II.
BACKGROUND
4.
Technological advancements and marketplace developments in IP-based telephony have
made caller ID spoofing easier and more affordable than ever before. Today, widely available Voice over
Internet Protocol (VoIP) software allows malicious callers to make spoofed calls with minimal experience
and cost.17 Taking advantage of the ability to use spoofing to mask the true identity of an incoming call,
these callers have turned to this technology as a quick and cheap way to defraud targets and avoid being
discovered.18 Driven in part by the rise of VoIP, the telecommunications industry has transitioned from a
limited number of carriers that all trusted each other to provide accurate caller origination information to a
proliferation of different voice service providers and entities originating calls,19 which allows consumers
to enjoy the benefits of far greater competition but also creates new ways for bad actors to undermine this
trust.
5.
To combat illegal spoofing, industry technologists from the Internet Engineering Task
Force (IETF) and the Alliance for Telecommunications Industry Solutions (ATIS) developed standards
for the authentication and verification of caller ID information for calls carried over an IP network using
the Session Initiation Protocol (SIP).20 The IETF formed the Secure Telephony Identity Revisited (STIR)
working group, which has produced several protocols for authenticating caller ID information.21 ATIS,
together with the SIP Forum,22 produced the Signature-based Handling of Asserted information using
toKENs (SHAKEN) specification which standardizes how the protocols produced by STIR are
implemented across the industry.23 Together, these technical standards comprise the “STIR/SHAKEN”
(Continued from previous page)
7 See generally Implementing Section 503 of the RAY BAUM’S Act; Rules and Regulation Implementing the Truth in
Caller ID Act of 2009, WC Docket Nos. 18-335 and 11-39, Second Report and Order, 34 FCC Rcd 7303 (2019).
See Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-59, Report and Order and
Further Notice of Proposed Rulemaking, 32 FCC Rcd 9706, 9709, para. 9 (2017).
8
See Advanced Methods to Target and Eliminate Unlawful Robocalls; Call Authentication Trust Anchor, CG
Docket No. 17-59, WC Docket No. 17-97, Declaratory Ruling and Third Further Notice of Proposed Rulemaking,
34 FCC Rcd 4876, 4884-90, paras. 26-42 (2019) (2019 Robocall Declaratory Ruling and Further Notice or 2019
Further Notice).
9
See Press Release, FCC, FCC Calls on Network Voice Providers to Join Effort to Combat Illegal Spoofed Scam
Robocalls (Nov. 6, 2018), https://docs.fcc.gov/public/attachments/DOC-354942A1.pdf.
10
See Press Release, FCC, Chairman Pai Calls on Industry to Adopt Anti-Spoofing Protocols to Help Consumers
Combat Scam Robocalls (Nov. 5, 2018), https://docs.fcc.gov/public/attachments/DOC-354933A1.pdf.
11
Entities variously refer to this technology as either “SHAKEN/STIR” or “STIR/SHAKEN.” In the past, the
Commission has referred to the technology as “SHAKEN/STIR.” See, e.g., 2019 Robocall Declaratory Ruling and
Further Notice, 34 FCC Rcd 4876. To ensure consistency with the TRACED Act, we use “STIR/SHAKEN” here.
12
See USTelecom Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 4-5 (rec. July 24, 2019) (US
Telecom Comments).
13
In recognition of the fact that it is caller ID information transmitted with a call that is authenticated, we use the
term “caller ID authentication” in this Report and Order and Further Notice of Proposed Rulemaking. We
understand this term to be interchangeable with the term “call authentication” as used in other contexts, including
the TRACED Act.
14
3
Federal Communications Commission
FCC 20-42
framework for caller ID authentication. The STIR/SHAKEN framework consists of two high-level
components: (1) the technical process of authenticating and verifying caller ID information; and (2) the
certificate governance process that maintains trust in the caller ID authentication information transmitted
along with a call.
6.
Authenticating and Verifying Caller ID Information Through STIR/SHAKEN. The
STIR/SHAKEN authentication and verification processes center on the transmission of encrypted
information used to attest to the accuracy of caller ID information transmitted with a call.24 Specifically,
an originating voice service provider adds a unique header to the network-level message used to initiate a
SIP call (the SIP INVITE).25 When a subscriber places a call, the originating voice service provider uses
an authentication service to create this “Identity” header,26 which contains encrypted identifying
information as well as the location of the public key that can be used to decode this information.27 When
the terminating voice service provider receives the call, it sends the SIP INVITE with the Identity header
to a verification service,28 which uses the public key that corresponds uniquely to the originating voice
service provider’s private key to decode the encrypted information and verify that it is consistent with the
information sent without encryption in the SIP INVITE.29 The verification service then sends the results
of the verification process—including whether the decoding process was successful and whether the
encrypted information is consistent with the information sent without encryption—to the terminating
voice service provider.30 STIR/SHAKEN thus establishes a chain of trust back to the originating voice
service provider.
7.
Because the STIR/SHAKEN framework relies on transmission of information in the
Identity header of the SIP INVITE, it only operates on the IP portions of a voice service provider’s
network—that is, those portions served by network technology that is able to initiate, maintain, and
terminate SIP calls.31 If a call terminates on a network or is routed at any point over an intermediate
provider network that does not support the transmission of SIP calls, the Identity header will be lost.
Because STIR/SHAKEN only operates on IP networks, some stakeholders have advocated for a solution
(Continued from previous page)
15 See 2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4877, para. 2.
See Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105, §
4(b)(1)(A), 133 Stat. 3274, 3277 (2019) (TRACED Act).
16
See First Orion, What Is Number Spoofing? (Aug. 6, 2018), https://firstorion.com/what-is-number-spoofing (“In
the past, caller ID spoofing required advanced knowledge and expensive equipment. Now, open source Voice over
IP (VoIP) software makes it easy to spoof with minimal experience and cost.”).
17
See FCC and TIGTA Warn Consumers of IRS Impersonation Phone Scam: Scam Has Cost Victims Tens of
Millions of Dollars, DA 16-1392, Enforcement Advisory, 31 FCC Rcd 13184 (EB 2016) (warning consumers of
scam callers claiming to be from the Internal Revenue Service and in which caller ID is spoofed to display an IRS
telephone number or “IRS”).
18
IETF, Secure Telephone Identity Problem Statement and Requirements, RCF 7340, at 3 (2014),
https://datatracker.ietf.org/doc/rfc7340/?include_text=1.
19
See Robocall Strike Force, Robocall Strike Force Report at 3 (2016), https://transition.fcc.gov/cgb/RobocallStrike-Force-Final-Report.pdf. The Session Initiation Protocol (SIP) is “an application-layer control (signaling)
protocol for creating, modifying, and terminating sessions” such as Internet Protocol (IP) telephony calls. IETF,
SIP: Session Initiation Protocol, RFC 3261, at 1 (2002), https://tools.ietf.org/html/rfc3261.
20
See IETF, Secure Telephone Identity Revisited (stir): About, https://datatracker.ietf.org/wg/stir/about (last visited
Jan. 17, 2020) (describing IETF STIR standards and efforts); IETF, Secure Telephone Identity Revisited (stir):
Documents, https://datatracker.ietf.org/wg/stir/documents (last visited Jan. 23, 2020) (listing standards and current
work-in-progress).
21
The SIP Forum is “an industry association with members from . . . IP communications companies,” with a mission
“[t]o advance the adoption and interoperability of IP communications products and services based on SIP.” SIP
Forum, Home, https://www.sipforum.org.
22
4
Federal Communications Commission
FCC 20-42
referred to as “out-of-band STIR,” in which caller ID authentication information is sent across the
Internet, out-of-band from the call path, allowing STIR/SHAKEN to be implemented on networks that are
not fully IP.32 Out-of-band STIR remains in the early stages of development.33
8.
The STIR/SHAKEN framework relies on the originating voice service provider attesting
to the subscriber’s identity. The SHAKEN specification allows an originating voice service provider to
provide different “levels” of attestation. Specifically, the voice service provider can indicate that (i) it can
confirm the identity of the subscriber making the call, and that the subscriber is using its associated
telephone number (“full” or “A” attestation); (ii) it can confirm the identity of the subscriber but not the
telephone number (“partial” or “B” attestation); or merely that (iii) it is the point of entry to the IP
network for a call that originated elsewhere, such as a call that originated abroad or on a domestic
network that is not STIR/SHAKEN-enabled (“gateway” or “C” attestation).34
9.
To maintain trust in the voice service providers that vouch for caller ID information, the
STIR/SHAKEN framework uses digital “certificates” issued through a neutral governance system.35 The
framework requires that each voice service provider receive its own certificate that contains, among other
components, that voice service provider’s public key, and states, in essence, that (i) the voice service
provider is that which it claims to be; (ii) the voice service provider is authorized to authenticate the caller
ID information; and (iii) the voice service provider’s claims about the caller ID information it is
authenticating can thus be trusted.36 Every time an originating voice service provider originates an
authenticated call, it transmits the location of its certificate in the Identity header,37 allowing the
(Continued from previous page)
23 See ATIS & SIP Forum, Joint ATIS/SIP Forum Standard—Signature-Based Handling of Asserted Information
Using toKENs (SHAKEN), ATIS-1000074 (2017),
https://access.atis.org/apps/group_public/download.php/46770/ATIS-1000074-E.zip (ATIS/SIP Forum Standard).
See Call Authentication Trust Anchor, WC Docket No. 17-97, Notice of Inquiry, 32 FCC Rcd 5988, 5991, para. 8
(2017) (Call Authentication NOI); see also TransNexus, Understanding STIR/SHAKEN,
https://transnexus.com/whitepapers/understanding-stir-shaken (last visited Feb. 3, 2020).
24
See Call Authentication NOI, 32 FCC Rcd at 5990, para. 6; see also TransNexus, Understanding Common Header
Fields in a SIP INVITE, https://transnexus.com/whitepapers/sip-invite-header-fields (last visited Feb. 3, 2020)
(explaining that the SIP INVITE request “invit[es] the [call] recipient for a session”). This SIP INVITE contains a
series of unencrypted headers which provides information about the message, such as a “From” header, giving
information about the calling party; a “To” header, giving information about the called party; and a “Via” header,
which “indicates the path taken by the request so far and helps in routing the responses back along the same path.”
Id. Both originating and downstream providers are technically capable of appending headers to the SIP INVITE.
25
The authentication service can be provided by the voice service provider itself, or by a third party acting under the
voice service provider’s direction. See IETF, Authenticated Identity Management in the Session Initiation Protocol
(SIP), RFC 8224, at 14-15 (2018), https://tools.ietf.org/html/rfc8224.
26
See Call Authentication NOI, 32 FCC Rcd at 5991, para. 8; see also IETF, Authenticated Identity Management in
the Session Initiation Protocol (SIP), RFC 8224, at 14 (2018), https://tools.ietf.org/html/rfc8224.
27
Like the corresponding authentication service on the originating voice service provider’s end, the terminating
voice service provider’s verification service can be performed internally or by a trusted third-party service. See Call
Authentication NOI, 32 FCC Rcd at 5991, para. 8 n.28; see also IETF, Authenticated Identity Management in the
Session Initiation Protocol (SIP), RFC 8224, at 22-23 (2018), https://tools.ietf.org/html/rfc8224.
28
See Call Authentication NOI, 32 FCC Rcd at 5991, para. 8; see also TransNexus, Understanding STIR/SHAKEN,
https://transnexus.com/whitepapers/understanding-stir-shaken (last visited Feb. 3, 2020).
29
See Call Authentication NOI, 32 FCC Rcd at 5991, para. 8; see also TransNexus, Understanding STIR/SHAKEN,
https://transnexus.com/whitepapers/understanding-stir-shaken (last visited Feb. 12, 2019) (“The verification service
returns the results to the terminating service provider’s softswitch or SBC.”).
30
31
See Call Authentication NOI, 32 FCC Rcd at 5999, para. 39; see also ATIS/SIP Forum Standard § 1.1, at 1.
5
Federal Communications Commission
FCC 20-42
verification service to acquire the public key and verify the caller ID information, and have certainty that
the public key is truly associated with the voice service provider that originated the call.
10.
The STIR/SHAKEN governance model requires several roles in order to operate: (1) a
Governance Authority, which defines the policies and procedures for which entities can issue or acquire
certificates; (2) a Policy Administrator, which applies the rules set by the governance authority, confirms
that certification authorities are authorized to issue certificates, and confirms that voice service providers
are authorized to request and receive certificates; (3) Certification Authorities, which issue the certificates
used to authenticate and verify calls; and (4) the voice service providers themselves, which, as call
initiators, select an approved certification authority from which to request a certificate, and which, as call
recipients, check with certification authorities to ensure that the certificates they receive were issued by
the correct certification authority.38
11.
Commission and North American Numbering Council Action to Promote STIR/SHAKEN
Deployment. In July 2017, the Commission released a Notice of Inquiry, launching a broad inquiry into
caller ID authentication and how to expedite its development and implementation.39 In the Notice of
Inquiry, the Commission recognized the potential of caller ID authentication to “reduc[e] the risk of fraud
and ensur[e] that callers be held accountable for their calls.”40 Among other issues, the Commission
sought comment on its role in promoting implementation of caller ID authentication technology;41 what
involvement, if any, it should have in STIR/SHAKEN governance;42 and how to address caller ID
authentication for networks that use non-IP technology.43
12.
In February 2018, the Commission directed the Call Authentication Trust Anchor
Working Group of the North American Numbering Council (NANC) to recommend “criteria by which a
[Governance Authority] should be selected” and a “reasonable timeline or set of milestones for adoption
and deployment of a SHAKEN/STIR call authentication system, including metrics by which the
industry’s progress can be measured.”44 In its May 2018 report, the NANC recommended that
(Continued from previous page)
32 Letter from Jim Dalton, CEO, TransNexus, to Marlene H. Dortch, Secretary, FCC, CG Docket No. 17-59, WC
Docket No. 17-97, at 5 (filed July 19, 2019); see also TransNexus, Out-of-Band STIR/SHAKEN Call Authentication,
https://transnexus.com/whitepapers/out-of-band-stir (last visited Feb. 16, 2020).
See IETF, STIR Out-of-Band Architecture and Use Cases, Draft (2019), https://tools.ietf.org/html/draft-ietf-stiroob-06 (draft standards for out-of-band STIR).
33
34
See ATIS/SIP Forum Standard § 5.2.3, at 8-9.
The STIR/SHAKEN credentials are based on an X.509 credential system. X.509 is a specific standard for a type
of public key infrastructure system that uses certificates to facilitate secure Internet communications. See generally
IETF, Internet x.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 5280
(2008), https://tools.ietf.org/html/rfc5280.
35
See ATIS & SIP Forum, Joint ATIS/SIP Forum Standard -Signature-Based Handling of Asserted Information
Using toKENs (SHAKEN): Governance Model and Certificate Management, ATIS-1000080 §§ 6.3.5, 6.3.6, at 1620 (2017), https://access.atis.org/apps/group_public/download.php/46769/ATIS-1000080-E.zip (explaining process
by which a voice service provider applies for a certificate).
36
37
The “location” is sent unencrypted in the form of a Uniform Resource Locator (URL).
38
Call Authentication Trust Anchor NOI, 32 FCC Rcd 5988, 5992-93, para. 11.
39
Id. at 5988, para. 1.
40
Id.
41
Id. at 5993-94, paras. 14-17.
42
Id. at 5994-96, paras. 18-27.
43
Id. at 5999, para. 39.
6
Federal Communications Commission
FCC 20-42
representatives from various industry stakeholders comprise a board overseeing the Governance
Authority,45 and that “individual companies capable of signing and validating VoIP calls using
SHAKEN/STIR should implement the standard within a period of approximately one year after
completion of the NANC CATA report.”46 Chairman Pai accepted these recommendations shortly after
they were issued by the NANC.47
13.
In November 2018, drawing on the NANC’s May 2018 recommendation that capable
voice service providers rapidly implement STIR/SHAKEN, Chairman Pai sent letters to major voice
service providers urging them to implement a robust caller ID authentication framework by the end of
2019.48 He asked these providers for specific details about their implementation plans, and encouraged
those that did not appear to have established concrete plans to promptly protect their subscribers with
STIR/SHAKEN.49 In response, the providers submitted letters detailing their implementation efforts.50
Since that time, Commission staff has closely tracked the progress of major voice service providers in
implementation of the STIR/SHAKEN framework.51
14.
In June 2019, the Commission adopted a Declaratory Ruling and Third Further Notice of
Proposed Rulemaking that proposed and sought comment on mandating implementation of
STIR/SHAKEN in the event that major voice service providers did not voluntarily implement the
framework by the end of 2019.52 We stressed that “[i]mplementation of the SHAKEN/STIR framework
across voice networks is important in the fight against unwanted, including illegal, robocalls”53 and
proposed to extend any mandate to “wireline, wireless, and Voice over Internet Protocol (VoIP)
providers”;54 sought comment on what we should require voice service providers to accomplish to meet
an implementation mandate;55 and asked for comment on how long voice service providers should be
given to comply with such a mandate.56 We further sought comment on whether we should establish
requirements regarding the display of STIR/SHAKEN attestation information, what role the Commission
should have in STIR/SHAKEN governance, and how we could encourage caller ID authentication on
(Continued from previous page)
44 Letter from Kris Anne Monteith, Chief, Wireline Competition Bureau, FCC, to Travis Kavulla, Chair, NANC at
1-2 (Dec. 7, 2017).
Call Authentication Trust Anchor Working Grp., N. Am. Numbering Council, Report on Selection of Governance
Authority and Timely Deployment of SHAKEN/STIR at 7 (2018), http://nancchair.org/docs/mtg_docs/May_18_Call_Authentication_Trust_Anchor_NANC_Final_Report.pdf (2018 NANC
CATA Working Group Report).
45
46
Id. at 17.
Press Release, FCC, Chairman Pai Welcomes Call Authentication Recommendations from the North American
Numbering Council (May 14, 2018), http://nancchair.org/docs/mtg_docs/May18_FCC_Chairman_Welcomes_CATA_Recommendations.pdf.
47
See Press Release, FCC, Chairman Pai Calls on Industry to Adopt Anti-Spoofing Protocols to Help Consumers
Combat Scam Robocalls (Nov. 5, 2018), https://docs.fcc.gov/public/attachments/DOC-354933A1.pdf.
48
49
Id.
See FCC, Combating Spoofed Robocalls with Caller ID Authentication, https://www.fcc.gov/call-authentication
(last visited Mar. 3, 2020).
50
See, e.g., Letter from Randy Clarke, Vice President, Federal Regulatory Affairs, CenturyLink, to Marlene H.
Dortch, Secretary, FCC, WC Docket No. 17-97 (filed Feb. 18, 2020) (CenturyLink Ex Parte); Letter from Jenny
Prime, Senior Director, Regulatory Affairs, Cox Enterprises, to Marlene H. Dortch, Secretary, FCC, WC Docket No.
17-97 (filed Jan. 27, 2020) (Cox Ex Parte); ); Letter from Sara Cole, Regulatory Counsel, TDS, to Marlene H.
Dortch, Secretary, FCC, WC Docket No. 17-97 (filed Jan. 30, 2020) (TDS Ex Parte); Letter from Grant B.
Spellmeyer, Vice President, Federal Affairs & Public Policy, U.S. Cellular, to Marlene H. Dortch, Secretary, FCC,
WC Docket No. 17-97 (filed Jan. 27, 2020) (U.S. Cellular Ex Parte); Letter from Brita D. Strandberg, Counsel to
(continued….)
51
7
Federal Communications Commission
FCC 20-42
non-IP networks.57
15.
In July 2019, the Commission held a summit focused on implementation of
STIR/SHAKEN.58 Summit participants included representatives from large and small voice service
providers, analytics companies, vendors, and members of the Governance Authority.59 The participants
discussed implementation progress made by major voice service providers; using STIR/SHAKEN to
improve the consumer experience; and implementation challenges faced by small voice service
providers.60
16.
Developments in STIR/SHAKEN Governance. Currently, the Secure Telephone Identity
Governance Authority (STI-GA), established by ATIS, fills the Governance Authority role.61 The STIGA’s membership was designed to provide a diverse representation of stakeholders from across the
industry.62 The STI-GA selected the Policy Administrator, iconectiv, in May 2019.63 In December 2019,
the Policy Administrator approved the first Certification Authorities,64 and announced that voice service
providers are now able to register with the Policy Administrator to obtain the credentials necessary to
receive certificates from approved Certification Authorities.65
17.
Implementation by Voice Service Providers. We recognize that a number of providers
have been working hard to implement caller ID authentication. Some voice service providers reported
that, by the end of 2019, they had completed the necessary network upgrades to support the
STIR/SHAKEN framework and that they were exchanging a limited amount of traffic with authenticated
caller ID information with other voice service providers. Others, however, reported only that they had
completed necessary network upgrades by the end of 2019, but had not begun exchanging authenticated
traffic with other voice service providers. Still others have shown little to no progress in upgrading their
networks to be STIR/SHAKEN-capable.
(Continued from previous page)
Vonage Holdings Corp., to Marlene H. Dortch, Secretary, FCC, CG Docket No. 17-59, WC Docket No. 17-97,
(filed Jan. 21, 2020) (Vonage Ex Parte).
52
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4898, para. 71.
53
Id. at 4899, para. 72.
54
Id. at 4900, para. 75.
55
Id. at 4900, para. 76.
56
Id. at 4900-01, para. 78.
Id. at 4900-01, paras. 77, 79, 80. The Declaratory Ruling and Third Further Notice of Proposed Rulemaking also
affirmed that voice service providers may, by default, block unwanted calls based on reasonable call analytics, as
long as their customers are informed and have the opportunity to opt out of the blocking; proposed to create a safe
harbor for voice service providers that block calls which fail STIR/SHAKEN verification; and sought comment on
whether we should create a safe harbor for voice service providers that block calls which do not have authenticated
caller ID information. See id. at 4886-87, 4892-96, paras. 33-34, 49-62.
57
Chairman Pai Convenes SHAKEN/STIR Robocall Summit, Public Notice, DA 19-413 (May 13, 2019); Press
Release, FCC, FCC Chairman Announces Another Step in Fight Against Spoofed Robocalls (May 13, 2019),
https://docs.fcc.gov/public/attachments/DOC-357422A1.pdf.
58
Press Release, FCC, Chairman Pai Announces Agenda for SHAKEN/STIR Robocall Summit (July 9, 2019),
https://docs.fcc.gov/public/attachments/DA-19-635A1.pdf.
59
60
Id.
8
Federal Communications Commission
FCC 20-42
18.
More specifically, as of the end of 2019, AT&T, Bandwidth, Charter, Comcast, Cox, TMobile, and Verizon announced that they had upgraded their networks to support STIR/SHAKEN.66
AT&T, for example, confirmed that it “authenticates all calls on its network that originate from [Voice
over LTE] and consumer VoIP customers” and “estimates that approximately 90 percent of its wireless
customer base (prepaid and postpaid) and more than 50 percent of its consumer wireline customer base
are SHAKEN/STIR capable.”67 Charter stated that it “fulfilled [its] commitment to complete the
implementation of the STIR/SHAKEN framework by the end of [2019].”68 Similarly, Comcast reported
that “virtually all calls originating from a Comcast residential subscriber and terminating with a Comcast
residential subscriber are fully authenticated through the STIR/SHAKEN protocol.”69 Cox reported that it
“has deployed SHAKEN/STIR to over 99% of [its] residential customers enabling Cox to sign originating
and terminating calls.”70 T-Mobile stated that it was “the first wireless provider to fully implement
STIR/SHAKEN standards on [its] network” and is “capable of signing and authenticating 100% of SIP
traffic that both originates and then terminates on [its] network.”71 According to Verizon, it “finished
deploying STIR/SHAKEN to its wireless customer base (which constitutes more than 95% of [its] total
traffic) in March 2019,” “is devoting substantial resources to deploying STIR/SHAKEN to wireline
customers that receive service on IP platforms capable of being upgraded with the STIR/SHAKEN
protocol” and expects “to achieve deployment of STIR/SHAKEN to Fios Digital customers later this
year.”72
19.
These voice service providers, however, were exchanging only a limited amount of
authenticated traffic with other voice service providers as of the end of 2019.73 For instance, Comcast has
begun to exchange authenticated calls with AT&T and T-Mobile,74 and explained that, as of December
2019, approximately 14.25% of all calls “originating on other voice providers’ networks and bound for
Comcast residential subscribers had a STIR/SHAKEN-compliant header and were verified by
Comcast.”75 T-Mobile explained that it is also authenticating some traffic exchanged with AT&T,
Comcast, and Inteliquent.76 According to AT&T, it “exchanges approximately 40 percent of its
(Continued from previous page)
61 STI Governance Authority, Secure Telephone Identity Governance Authority, https://www.atis.org/sti-ga (last
visited Jan. 17, 2019).
62
See 2018 NANC CATA Working Group Report at 5-8.
Press Release, ATIS, Mitigating Illegal Robocalling Advances with Secure Telephone Identity Governance
Authority Board’s Selection of iconectiv as Policy Administrator (May 30, 2019),
https://sites.atis.org/insights/mitigating-illegal-robocalling-advances-with-secure-telephone-identity-governanceauthority-boards-selection-of-iconectiv-as-policy-administrator; Press Release, ATIS, STI-GA Executes iconectiv
Contract as Secure Telephone Identity Policy Administrator (Aug. 27, 2019), https://sites.atis.org/insights/sti-gaexecutes-iconectiv-contract-as-secure-telephone-identity-policy-administrator.
63
See Press Release, Neustar, Neustar Approved as Initial Secure Telephone Identity Certification Authority (Dec.
12, 2019), https://www.home.neustar/about-us/news-room/press-releases/2019/neustar-approved-as-initial-securetelephone-identity-certification-authority; Press Release, TransNexus, TransNexus Approved by the STI Policy
Administrator as a SHAKEN Certification Authority (Dec. 12, 2019), https://transnexus.com/news/2019/transnexussti-ca.
64
Press Release, ATIS, Industry Solution to Detect, Mitigate, and Deter Illegal Robocalling Passes Important
Milestone (Dec. 12, 2019), https://sites.atis.org/insights/industry-solution-to-detect-mitigate-and-deter-illegalrobocalling-passes-important-milestone.
65
See Letter from Linda S. Vandeloop, Assistant Vice President, Regulatory Affairs, AT&T Services, Inc., to
Marlene H. Dortch, Secretary, FCC, WC Docket No. 17-97, at 1 (filed Feb. 5, 2020) (AT&T Ex Parte); Letter from
Greg Rogers, Head of Global Policy and Regulatory Affairs, Bandwidth, to Marlene H. Dortch, Secretary, FCC, CG
Docket No. 17-59, WC Docket No. 17-97, at 1-2 (Jan. 31, 2020) (Bandwidth Ex Parte); Letter from Audrey
Connors, Senior Director, Government Affairs, Charter Communications, to Hon. Ajit V. Pai, Chairman, FCC, WC
Docket No. 17-97, at 1 (filed Dec. 13, 2019) (Charter Ex Parte); Letter from Beth Choroser, Vice President,
(continued….)
66
9
Federal Communications Commission
FCC 20-42
SHAKEN/STIR consumer VoIP traffic with one terminating service provider.”77 Verizon stated that it
was signing “under half of [its] outbound traffic” with one provider as of the end of 2019, and that “for
the other three partners,” its production levels were under 5%.78 Cox explained that it is “exchanging
authenticated traffic with four carriers resulting in over 14% of all calls on Cox’ residential IP network
being verified.”79 Charter stated that it is “exchanging signed and authenticated customer call traffic endto-end with Comcast.”80 Bandwidth is also in early stages of exchanging traffic and “has designed, tested
and deployed the capability to exchange some of its production traffic with Verizon Wireless directly
utilizing ‘self-signed’ certifications that are in keeping with the STIR/SHAKEN framework.”81
20.
Other voice service providers—namely Frontier, Sprint, U.S. Cellular, and Vonage—
stated that they have performed necessary network upgrades, but had only begun the negotiating and
testing phase of exchanging authenticated traffic with other voice service providers as of the end of
2019.82 Frontier reported that it “established the capability to authenticate and sign calls” and is in the
negotiating and testing phase regarding authenticating traffic exchanged with other voice service
providers.83 Sprint reported that it “deployed the core STIR/SHAKEN capability in its network” and was
testing the exchange of authenticated traffic with Comcast and T-Mobile.84 In 2019, U.S. Cellular
“successfully implemented the STIR/SHAKEN technology in its network” and is currently “in various
stages of the [interconnection agreement] process with three of the four national wireless
carriers . . . including, the successful exchange of traffic on a test basis with at least one of . . . those
carriers.”85 Vonage reported that it was testing with “its two largest peering partners” and had “reached
out to twenty additional carriers to implement outbound and inbound testing schedules.”86
21.
An additional category of voice service providers—namely CenturyLink, TDS, and
Google—has indicated limited progress in making the necessary network upgrades.87 CenturyLink, for
instance, stated that as of late 2019 it had “taken the steps necessary to prepare its network for
SHAKEN/STIR deployment” and is currently conducting testing for wider deployment on its IP
networks.88 TDS, meanwhile, reported that it had completed work in 2019 to evaluate, select, and lab test
(Continued from previous page)
Regulatory Affairs, Comcast Corporation, to Marlene H. Dortch, Secretary, FCC, WC Docket No. 17-97, CG
Docket No. 17-59, at 2 (filed Jan. 31, 2020) (Comcast Ex Parte); Cox Ex Parte at 1; Letter from Cathleen A.
Massey, Vice President, Federal Regulatory Affairs, T-Mobile, to Marlene H. Dortch, Secretary, FCC, WC Docket
No. 17-97, at 1 (filed Jan. 30, 2020) (T-Mobile Ex Parte); Letter from Joe Russo, Senior Vice President, Network
Operations, Verizon, to Marlene H. Dortch, Secretary, FCC, WC Docket No. 17-97, at 1 (filed Feb. 7, 2020)
(Verizon Ex Parte).
67
AT&T Ex Parte at 1.
68
Charter Ex Parte at 1.
Comcast Ex Parte at 2 (also explaining that “virtually all calls originating from a Comcast residential subscriber
and bound for customers of other voice providers are signed with a STIR/SHAKEN-compliant header when the call
is initiated”).
69
70
Cox Ex Parte at 1.
71
T-Mobile Ex Parte at 1.
72
Verizon Ex Parte at 1.
73
See AT&T Ex Parte; Bandwidth Ex Parte; Comcast Ex Parte at 1-2; T-Mobile Ex Parte at 2; Verizon Ex Parte at
2.
74
Comcast Ex Parte at 1-2.
75
Id. at 2.
76
T-Mobile Ex Parte at 2.
77
AT&T Ex Parte at 2.
10
Federal Communications Commission
FCC 20-42
a vendor solution to allow it to integrate STIR/SHAKEN in the IP portions of its network.89 It is in the
process of developing implementation plans, but because many of its interconnection points with other
providers are not IP-enabled, it “forecast[s] that only a small percentage of traffic will be exchanged in IP
when SHAKEN/STIR is initially deployed in the TDS IP network.”90 Google provided limited detail
about the status of implementation but stated that it “remains committed to implementing SHAKEN/STIR
and . . . ha[s] taken considerable steps toward doing so.”91
22.
Congressional Direction to Require STIR/SHAKEN Implementation. On December 30,
2019, Congress enacted the TRACED Act, with the stated purpose of “helping to reduce illegal and
unwanted robocalls” through numerous mechanisms.92 Along with other provisions directed at
addressing robocalls, the TRACED Act directs the Commission to require, no later than 18 months from
enactment, all voice service providers to implement STIR/SHAKEN in the IP portions of their networks
and implement an effective caller ID authentication framework in the non-IP portions of their networks.93
The TRACED Act further creates processes by which voice service providers (1) may be exempt from
this mandate if the Commission determines they have achieved certain implementation benchmarks, and
(2) may be granted an extension for compliance based on a finding of undue hardship because of burdens
or barriers to implementation or based on a delay in development of a caller ID authentication protocol
for calls delivered over non-IP networks.94
23.
Today’s Report and Order and Further Notice is one of several steps we are taking to
implement the TRACED Act. For instance, we recently adopted a Notice of Proposed Rulemaking that
proposes rules to establish a registration process for a “single consortium that conducts private-led efforts
to trace back the origin of suspected unlawful robocalls.”95 Additionally, the Wireline Competition
Bureau (Bureau) has charged the NANC Call Authentication Trust Anchor Working Group with
providing recommendations regarding the TRACED Act’s direction that the Commission “issue best
practices that providers of voice service may use as part of the implementation of effective call
(Continued from previous page)
78 Verizon Ex Parte at 2.
79
Cox Ex Parte at 1.
80
Charter Ex Parte at 1.
81
Bandwidth Ex Parte at 1.
See Letter from Diana Eisner, Director, Federal Regulatory, Frontier Communications, to Marlene H. Dortch,
Secretary, FCC, WC Docket No 17-97, at 1 (filed Feb. 21, 2020) (Frontier Ex Parte); Letter from Charles W.
McKee, Vice President, Government Affairs, Sprint Corporation, to Marlene H. Dortch, Secretary, FCC, CG Docket
No. 17-59, WC Docket No. 17-97, at 1 (filed Feb. 13, 2019) (Sprint Ex Parte); U.S. Cellular Ex Parte at 1; Vonage
Ex Parte at 1.
82
83
Frontier Ex Parte at 1.
84
Sprint Ex Parte at 1.
85
U.S. Cellular Ex Parte at 1.
86
Vonage Ex Parte at 1.
87
See CenturyLink Ex Parte at 1-2; TDS Ex Parte at 1.
88
CenturyLink Ex Parte at 2.
89
TDS Ex Parte at 1.
90
See id.
Letter from Darah Franklin, Counsel, Google, LLC, to G. Patrick Webre, Bureau Chief, Consumer and
Government Affairs Bureau, FCC, CG Docket No. 17-59, WC Docket No. 17-97, at 2 (filed Feb. 28, 2020) (Google
(continued….)
91
11
Federal Communications Commission
FCC 20-42
authentication frameworks . . . to take steps to ensure the calling party is accurately identified.”96 We will
continue to work swiftly and carefully to implement the TRACED Act and protect Americans from illegal
robocalls.
III.
REPORT AND ORDER
24.
In this Report and Order, we require all originating and terminating voice service
providers to implement the STIR/SHAKEN framework in the IP portions of their networks by June 30,
2021. We adopt this mandate for several reasons, including that (1) widespread implementation will
result in significant benefits from American consumers; (2) the record overwhelmingly reflects support
from a broad array of stakeholders for rapid STIR/SHAKEN implementation; (3) the state of industrywide implementation at the end of 2019 demonstrates that further government action is necessary for
timely, ubiquitous implementation; and (4) the TRACED Act expressly directs us to require timely
STIR/SHAKEN implementation. Below, we discuss these reasons in more detail; describe the specific
requirements that comprise our mandate; discuss our legal authority to adopt these requirements; respond
to the limited record opposition to a mandate; and find that the benefits of STIR/SHAKEN
implementation will far exceed the costs.97
A.
Mandating the STIR/SHAKEN Framework
25.
We require all originating and terminating voice service providers to implement the
STIR/SHAKEN framework in the IP portions of their networks by June 30, 2021 for several compelling
reasons. First, ubiquitous STIR/SHAKEN implementation will yield substantial benefits for American
consumers. We estimate that the benefits of eliminating the wasted time and nuisances caused by illegal
scam robocalls will exceed $3 billion annually.98 And more importantly, we expect STIR/SHAKEN
paired with call analytics to serve as a tool to effectively protect American consumers from fraudulent
robocall schemes that cost Americans approximately $10 billion annually.99 Further, we anticipate that
implementation will increase consumer trust in caller ID information and encourage consumers to answer
(Continued from previous page)
Ex Parte) (noting that Google “began a SHAKEN/STIR implementation with Comcast in December 2019, and that
we are working toward a similar integration with another major voice service provider this year”).
S. Comm. on Com., Sci., & Transp., Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, S.
Rep. No. 116-41, at 1 (2019).
92
93
See TRACED Act § 4(b)(1)(A)-(B).
See id. §§ 4(b)(2), 4(b)(5)(A)-(B). The TRACED Act further directs us, not later than December 30, 2020, to
submit a report to Congress that includes: (1) an analysis of the extent to which voice service providers have
implemented caller ID authentication frameworks and whether the availability of necessary equipment and
equipment upgrades has impacted such implementation; and (2) an assessment of the efficacy of the call
authentication frameworks. Id. § 4(b)(3).
94
Id. § 13(d)(1); Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal
Enforcement and Deterrence Act (TRACED Act), EB Docket No. 20-22, Notice of Proposed Rulemaking, FCC 2011, at 1 (Feb. 6, 2020).
95
Letter from Kris Anne Monteith, Chief, Wireline Competition Bureau, FCC, to Jennifer K. McKee, Chair, NANC
(Feb. 27, 2020).
96
USTelecom and CTIA ask us to adopt a broad call blocking safe harbor today. See Letter from Farhan Chughtai,
Director, USTelecom, to Marlene H. Dortch, Secretary, FCC, CG Docket No. 17-59, WC Docket Nos. 17-97, 20-67,
at 5 (filed Mar. 23, 2020) (USTelecom Mar. 23 Ex Parte); Letter from Sarah K. Leggin, Director, Regulatory
Affairs, CTIA, & Matthew Gerst, Vice President, Regulatory Affairs, CTIA, to Marlene H. Dortch, Secretary, FCC,
GC Docket No. 17-59, WC Docket No. 17-97, at 3-4 (filed Mar. 20, 2020) (CTIA Ex Parte). Transaction Network
Services suggests that we require or recommend that providers pair STIR/SHAKEN with analytics. See Letter from
Steven A. Augustino, Counsel, Transaction Network Services, Inc., to Marlene H. Dortch, Secretary, FCC, WC
(continued….)
97
12
Federal Communications Commission
FCC 20-42
the phone, thereby benefitting businesses, healthcare providers, and non-profit charities.100 Widespread
implementation also benefits public safety by decreasing disruptions to healthcare and emergency
communications systems, and as a result, saving lives.101 Additional benefits include significantly
reducing costs for voice service providers by eliminating unwanted network congestion and decreasing
the number of consumer complaints about robocalls.102 Ultimately, we expect widespread
STIR/SHAKEN implementation to reduce the scourge of illegal robocalls that plague Americans every
day.103
26.
Second, the record overwhelmingly reflects support from a broad array of stakeholders
for rapid STIR/SHAKEN deployment, and many commenters support a STIR/SHAKEN mandate.104
Commenters, including the attorneys general of all fifty states and the District of Columbia, consumer
groups, and major voice service providers expressed support for Commission action if widespread
voluntary implementation did not occur.105 The unified state attorneys general argue that a mandate is
necessary “in the absence of prompt voluntary implementation” by the end of 2019 because without such
action, “[b]ad actors exploit inexpensive and ubiquitous technology to scam consumers and to intrude
upon consumers’ lives, and the problem shows no signs of abating.”106 Consumer group commenters,
including Consumer Reports, the National Consumer Law Center, Consumer Action, the Consumer
Federation of America, the National Association of Consumer Advocates, and Public Knowledge,
observe that “cross-carrier implementation has been relatively limited” and state that we “should require
phone companies to adopt effective call-authentication policies and technologies.”107 AT&T explains that
“SHAKEN/STIR must be widely deployed to be effective.”108 Verizon similarly explains that
STIR/SHAKEN only works if all voice service providers have implemented the framework in the call
path—increasing the utility of a mandate.109 Other providers, including Comcast and Transaction
Network Services, support a “measured” STIR/SHAKEN requirement that accounts for existing
implementation challenges.110 And even commenters who express hesitation about a mandate are
receptive to one that accounts for the burdens and barriers confronted by rural and small voice service
providers,111 which we proposed to address through the process established in the TRACED Act. For
(Continued from previous page)
Docket Nos. 17-97, 20-67, at 2 (filed March 23, 2020) (TNS Ex Parte). We intend to address call-blocking issues
and the role of analytics in relation to call blocking in a separate item and thus decline to address these requests here.
98
See 2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4889, para. 40.
See Fifty-One (51) State Attorneys General Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 4 (rec. Aug.
23, 2019) (Fifty-One State Attorneys General Reply) (stating that “[c]onsumer fraud often originates with an illegal
call, and robocalls regularly interrupt our daily lives”); Kim Fai Kok, Truecaller Insights: Phone Scams Cause
Americans to Lose $10.5 Billion in Last 12 Months Alone, Truecaller (Apr. 17, 2019),
https://truecaller.blog/2019/04/17/truecaller-insights-2019-us-spam-phone-scam-report/.
99
See Consumer Reports, Nat’l Consumer Law Ctr., Consumer Action, Consumer Fed’n of America, Nat’l Ass’n
of Consumer Advocates, Public Knowledge, CG Docket No. 17-59, WC Docket No. 17-97, at 1 (rec. July 24, 2019)
(Consumer Reports et al. Comments) (describing how robocalls “harass” consumers and “interfere with [their] peace
of mind”); Transaction Network Services, Inc. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 20 (rec.
July 24, 2019) (TNS Comments) (recognizing that STIR/SHAKEN will contribute to “reducing unlawful calls and
restoring trust in voice communications”); INCOMPAS Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 1
(rec. Aug. 23, 2019) (INCOMPAS Reply) (“Robocalls constitute an ongoing hazard to the public and threaten
consumer confidence in the reliability of voice networks.”); Tim Harper, Why Robocalls Are Even Worse Than You
Thought, Consumer Rep. (May 15, 2019), https://www.consumerreports.org/robocalls/why-robocalls-are-evenworse-than-you-thought/.
100
See Consumer Reports et al. Comments at 1 (describing the safety risks to consumers posed by robocalls); see
also Tony Romm, Robocalls Are Overwhelming Hospitals and Patients, Threatening a New Kind of Health Crisis,
Wash. Post (June 17, 2019), https://www.washingtonpost.com/technology/2019/06/17/robocalls-are-overwhelminghospitals-patients-threatening-new-kind-health-crisis; Nick Wingfield, Swindlers Use Telephones, with Internet’s
Tactics, N.Y. Times (Jan. 20, 2014), https://www.nytimes.com/2014/01/20/technology/swindlers-use-telephoneswith-internets-tactics.html.
101
13
Federal Communications Commission
FCC 20-42
example, the Voice of America’s Broadband Providers and Teliax are receptive to a mandate that
“focus[es] on implementation of . . . legislation Congress enacts”112 and provides for a more flexible
implementation timeframe for small and rural providers.113
27.
Third, although some major voice service providers have taken significant steps towards
STIR/SHAKEN implementation, the level of implementation by the Commission’s end of 2019 deadline
shows that, absent further governmental action, we will not have timely ubiquitous implementation. As
Verizon states, “verifying [c]aller ID for consumers using STIR/SHAKEN presents a classic collectivity
challenge that industry may not be able to overcome on its own.”114 As we have explained, some voice
service providers reported that, by the end of 2019, they completed the necessary network upgrades to
support the STIR/SHAKEN framework and that they were exchanging a limited amount of traffic with
authenticated caller ID information with other voice service providers.115 Others, however, reported only
that they had completed necessary network upgrades by the end of 2019, but had not begun exchanging
with other voice service providers.116 Still others have shown little to no progress in upgrading their
networks to be STIR/SHAKEN-capable.117 We find that the lack of common exchange among these
voice service providers—and the absence of substantial progress by several of them—demonstrate that
major voice service providers have failed to meet the goal of achieving full implementation by the end of
2019. We therefore must act to ensure faster progress to protect the public from the scourge of illegal
robocalls.
28.
Finally, confirming our decision is the recently-enacted TRACED Act, which provides
additional support for the implementation mandate we set forth today. The TRACED Act directs the
Commission to “require a provider of voice service to implement the STIR/SHAKEN authentication
framework in the [IP] networks of the provider of voice service.”118 Congress’s clear direction to require
(Continued from previous page)
102 See Sprint Corp Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 9 (rec. July 24, 2019) (Sprint
Comments) (acknowledging that like consumers, carriers do not “benefit from the surge in illegal calls”); see also
2019 Robocall Declaratory Ruling and Further Notice at 4902, para. 81.
See Fifty-One State Attorneys General Reply at 6 (stating that “State Attorneys General are on the front lines of .
. . helping people who are scammed and harassed by [illegal and unwanted robocalls]” and “[f]or this reason, [they]
support . . . the timely implementation of the STIR/SHAKEN Caller ID authentication framework”).
103
See, e.g., App Association Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 6 (rec. July 24, 2019)
(App Association Comments); AT&T Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 4 n.8 (rec. July
24, 2019) (AT&T Comments); Comcast Corp. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 10 (rec.
July 24, 2019) (Comcast Comments); Consumer Reports Comments, CG Docket No. 17-59, WC Docket No. 17-97,
at 1 (rec. July 11, 2019) (Consumer Reports July 11, 2019 Comments); Fifty-One State Attorneys General Reply at
4; Mass. Dep’t of Telecomms. & Cable Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 3, 4 (rec. July
24, 2019) (MDTC Comments); Neustar, Inc. Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 5 (rec. Aug.
23, 2019) (Neustar Reply); Sprint Comments at 6-7; TNS Comments at 15; Verizon Comments, CG Docket No. 1759, WC Docket No. 17-97, at 3 (rec. July 24, 2019) (Verizon Comments); cf. Professional Ass’n for Customer
Engagement Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 8 (rec. July 24, 2019) (PACE Comments)
(“PACE believes it would be appropriate to mandate [voice service providers] complete deployment by the end of
2021 . . . .”); USTelecom Comments at 3, 12 (“[T]he Commission should require voice service providers acting as
gateway providers . . . to implement the SHAKEN/STIR framework.”).
104
AT&T Comments at 4 n.8; MDTC Comments at 3,4; Verizon Comments at 1; Fifty-One State Attorneys General
Reply at 4-5.
105
106
Fifty-One State Attorneys General Reply at 1-2.
107
Consumer Reports et al. Comments at 3.
108
AT&T Comments at 4 n.8.
109
See Verizon Comments at 2.
14
Federal Communications Commission
FCC 20-42
timely STIR/SHAKEN implementation further encourages us to adopt the mandate in this Report and
Order.
29.
Limited Record Opposition to a STIR/SHAKEN Implementation Mandate. We disagree
with those commenters who argue that we should not move forward with a STIR/SHAKEN
implementation mandate. First, we specifically disagree with the argument that we should delay a
mandate while industry develops technical solutions to allow the STIR/SHAKEN framework to
accommodate certain more challenging scenarios.119 According to some commenters, the standards for
attestation do not fully account for the situation where an enterprise subscriber places outbound calls
through a voice service provider other than the voice service provider that assigned the telephone
number.120 In such scenarios, commenters claim, it would be difficult for an outbound call to receive
“full” or “A” attestation121 because the outbound call “will not pass through the authentication service of
the voice service provider that controls the numbering resource.”122 We are optimistic that standards
bodies, which remain engaged on the impact of STIR/SHAKEN on more challenging use cases and
business models, will be able to resolve those issues—just as they have overcome numerous other barriers
to caller ID authentication so far.123 For instance, the Internet Engineering Task Force (IETF) has
proposed a “certificate delegation” solution that would allow “the carrier who controls the numbering
resource . . . to delegate a credential that could be used to sign calls regardless of which network or
administrative domain handles the outbound routing for the call.”124 Further, granting a delay until
standards bodies address every possible issue would risk creating an incentive for some parties to draw
out standards-setting processes, to the detriment of widespread STIR/SHAKEN implementation. To the
contrary, by establishing a June 30, 2021 deadline for widespread STIR/SHAKEN implementation, we
create an incentive for standards bodies to work quickly to issue actionable standards and solutions for
enterprise calls.125 In any event, the TRACED Act requires that voice service providers implement the
STIR/SHAKEN framework in their IP networks on this timetable, with only those extensions and
exceptions specified by Congress.126
(Continued from previous page)
110 Comcast Comments at 4, 10; TNS Comments at 15. We find that our June 30, 2021 implementation date and
application of the STIR/SHAKEN mandate to only the IP portions of originating and terminating voice service
providers’ networks satisfies these commenters’ concerns.
See, e.g., ITTA Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 4 (rec. Aug. 23, 2019) (ITTA Reply);
West Telecom Services, LLC Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 2 (rec. Aug. 23, 2019) (West
Telecom Services Reply); cf. NTCA Comments, CG Docket No. 17-59, WC Docket No. 17-97, at ii (rec. July 24,
2019) (NTCA Comments) (“[T]o the extent that the Commission considers a mandate necessary, it should grant
rural carriers compliance timeframes that recognize that these providers will need additional time . . . .”); ACA
Connects Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 4 (rec. Aug. 23, 2019) (ACA Connects Reply)
(urging “the Commission not to impose a SHAKEN/STIR mandate on smaller and legacy providers at this time, but
rather give the marketplace more time to develop”); Teliax, Inc. Reply, CG Docket No. 17-59, WC Docket No. 1797, at 5 (rec. Aug. 23, 2019) (Teliax Reply) (“While Teliax supports the need for the entire industry to move to
SHAKEN/STIR, there must be flexibility for smaller operators’ adoption of SHAKEN/[STIR].”).
111
112
ITTA Reply at 3.
113
See, e.g., ITTA Reply at 4; Teliax Reply at 5.
114
See Verizon Reply at 3.
See AT&T Ex Parte at 1; Charter Ex Parte at 1; Comcast Ex Parte at 2; Cox Ex Parte at 1; T-Mobile Ex Parte at
1; Verizon Ex Parte at 1.
115
116
See Frontier Ex Parte at 1; Sprint Ex Parte at 1; U.S. Cellular Ex Parte at 1; Vonage Ex Parte at 1.
117
See CenturyLink Ex Parte at 1-2; Google Ex Parte at 2; TDS Ex Parte at 1.
118
TRACED Act § 4(b)(1)(A).
15
Federal Communications Commission
FCC 20-42
30.
Second, we disagree with Competitive Carriers Association’s argument that adopting a
STIR/SHAKEN mandate would “risk impeding development of other potential new strategies to block
robocalls.”127 The STIR/SHAKEN framework is one important solution that should be part of an arsenal
of effective remedies to combat robocalls, and its implementation does not preclude voice service
providers from pursuing additional solutions. Further, consistent with Congress’s direction in the
TRACED Act, we will plan to revisit our caller ID authentication rules periodically to ensure that they
remain up to date.128
31.
Finally, we disagree with ACA Connects’ suggestion that we limit our implementation
mandate to only those voice service providers that originate large volumes of illegal robocalls.129 ACA
Connects fails to account for the importance of network-wide implementation to the effectiveness of
STIR/SHAKEN in reducing spoofed robocalls. Moreover, it fails to explain how we would identify or
define such carriers or how such a scheme would stop malicious callers from simply using a different
voice service provider.
1.
STIR/SHAKEN Implementation Requirements
32.
We adopt our proposal in the 2019 Further Notice to require voice service providers to
implement the STIR/SHAKEN framework. Specifically, we require all originating and terminating voice
service providers to fully implement STIR/SHAKEN on the portions of their voice networks that support
the transmission of SIP calls and exchange calls with authenticated caller ID information with the
providers with which they interconnect. This STIR/SHAKEN mandate will create the trust ecosystem
necessary for effective caller ID authentication.
(Continued from previous page)
119 See, e.g., INCOMPAS Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 6, 13 (rec. July 24, 2019)
(INCOMPAS Comments) (describing attestation challenges for enterprise providers); Telnyx, LLC Comments, CG
Docket No. 17-59, WC Docket No. 17-97, at 1-2 (rec. July 24, 2019) (Telnyx Comments) (describing challenges
posed by small providers using dynamic least-cost routing).
See, e.g., Cloud Communications Alliance Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 5 (rec.
July 24, 2019) (Cloud Communications Alliance Comments) at 6-7; INCOMPAS Comments at 6, 13; Telnyx
Comments at 1-2; RingCentral, Inc. Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 2-3 (rec. Aug. 23,
2019) (RingCentral Reply).
120
See ATIS/SIP Forum Standard § 5.2.3, at 8-9. To provide “full” or “A” attestation, the voice service provider
must be able to confirm the identity of the subscriber making the call, and that the subscriber is using its associated
telephone number. See id.
121
See IETF, STIR Certificate Delegation, Draft, at 3 (2019), https://tools.ietf.org/html/draft-ietf-stir-cert-delegation01.
122
See IETF, STIR Certificate Delegation, Draft (2019), https://tools.ietf.org/html/draft-ietf-stir-cert-delegation-01
(draft standards for proposed “certificate delegation” solution for certain unique use cases); see also ATIS SIP
Forum IPNNI Joint Task Force, Study of Full Attestation Alternatives for Enterprises and Business Entities with
Multi-Homing and Other Arrangements, Draft § 8 (2019),
https://access.atis.org/apps/group_public/download.php/48148/IPNNI-2019-00071R002.docx (analyzing different
use cases); SIP Forum, SIPNOC 2019 Overview, https://www.sipforum.org/news-events/sipnoc-2019-overview (last
visited Feb. 6, 2020) (including multiple presentations and speakers on solutions to incorporate enterprise use cases
into the STIR/SHAKEN framework). We will continue to monitor industry progress towards solutions to these
issues.
123
IETF, STIR Certificate Delegation, Draft, at 4 (2019), https://tools.ietf.org/html/draft-ietf-stir-cert-delegation-01;
see also Numeracle, Inc. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 3 (rec. July 24, 2019)
(Numeracle Comments) (“Using delegated certificates in conjunction with SHAKEN/STIR not only provides
protected identity header information regarding the entity behind the call, it also creates a secure way to prevent
critical calls numbers from being spoofed.”); Telnyx Comments at 3 (“Telnyx has been working on a solution with
subject matter experts that would modify the proposed delegate certificate framework to allow large enterprises to
apply directly for certificate authorization from the STI-PA and attest to calls they or their end users originate.”).
124
16
Federal Communications Commission
FCC 20-42
33.
As part of today’s mandate, we adopt the following three requirements: (i) a voice
service provider that originates a call that exclusively transits its own network must authenticate and
verify the caller ID information consistent with the STIR/SHAKEN authentication framework; (ii) a voice
service provider originating a call that it will exchange with another voice service provider or
intermediate provider must authenticate the caller ID information in accordance with the STIR/SHAKEN
authentication framework and, to the extent technically feasible, transmit that caller ID information with
authentication to the next provider in the call path; and (iii) a voice service provider terminating a call
with authenticated caller ID information it receives from another provider must verify that caller ID
information in accordance with the STIR/SHAKEN authentication framework. We discuss these
requirements below.130
34.
First, a voice service provider must authenticate and verify, consistent with the
STIR/SHAKEN authentication framework, the caller ID information of those calls that it originates and
terminates exclusively in the IP portions of its own network. The most effective caller ID authentication
system requires the application of STIR/SHAKEN to all calls, including calls solely originating and
terminating on the same voice service provider’s network. We recognize that certain components of the
STIR/SHAKEN framework are designed to promote trust across different voice service provider networks
and so are not necessary for calls that a voice service provider originates and terminates solely on its own
network.131 A provider satisfies its obligation under this requirement so long as it authenticates and
verifies in a manner consistent with the STIR/SHAKEN framework, such as by including origination and
attestation information in the SIP INVITE used to establish the call.132
35.
Our next two requirements relate to the exchange of caller ID authentication information.
In the 2019 Further Notice, we sought comment on whether we should “require providers to sign calls on
an intercarrier basis.”133 The record demonstrated support for this approach,134 and we add specificity by
(Continued from previous page)
125 For this reason, we need not adopt a separate deadline for industry development of standards and solutions for
enterprise calls, as requested by Cloud Communications Alliance. See Letter from Joe Marion, President, Cloud
Communications Alliance, to Marlene H. Dortch, Secretary, FCC, WC Docket Nos. 17-97, 20-67, at 3 (filed Mar.
17, 2020) (Cloud Communications Alliance Ex Parte).
We decline USTelecom’s request “to remove the discussion surrounding enterprise signing from the Draft S/S
Mandate Order and to move it to the Draft S/S Mandate FNPRM to seek further comment.” USTelecom Mar. 23 Ex
Parte at 2. We find this request inconsistent with the structure of the TRACED Act, which creates a general
mandate and exceptions to that mandate, rather than limiting the scope of the mandate to non-enterprise calls in the
first instance. We also note that USTelecom has emphasized that some enterprise signing will be “possible in the
near term” and that “some voice service providers with enterprise customers are already working on providing the
ability for their enterprise customers to have certain enterprise calls signed (with A-level attestation) this year.”
Letter from Farhan Chughtai Director, Policy & Advocacy, USTelecom, to Marlene H. Dortch, Secretary, FCC, CG
Docket No. 17-59, WC Docket No. 17-97, at 2 (filed Mar. 10, 2020). We are confident that mandating, consistent
with the TRACED Act, that voice service providers implement the STIR/SHAKEN framework in their IP
networks—subject to the extensions and exceptions created by the TRACED Act—will create beneficial incentives
for industry to continue to quickly develop standards to address enterprise calls.
126
Competitive Carriers Ass’n Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 4-5 (rec. July 24, 2019)
(Competitive Carriers Ass’n Comments); see also ACA Connects Reply at 2 (stating that “a mandate would more
likely frustrate than advance the deployment of robust solutions that protect voice customers from spoofed calls”).
127
128
See TRACED Act § 4(b)(4).
129
ACA Connects Reply at 4.
17
Federal Communications Commission
FCC 20-42
outlining particular obligations on voice service providers for this requirement. More specifically, a voice
service provider that originates a call which it will exchange with another voice service provider or
intermediate provider must use an authentication service and insert the Identity header in the SIP INVITE
and thus authenticate the caller ID information in accordance with the STIR/SHAKEN authentication
framework; it further must transmit that call with authentication to the next voice service provider or
intermediate provider in the call path, to the extent technically feasible.135 Additionally, a voice service
provider that terminates a call with authenticated caller ID information it receives from another voice
service provider or intermediate provider must use a verification service, which uses a public key to
review the information stored in the Identity header to verify that caller ID information in accordance
with the STIR/SHAKEN authentication framework. These actions are at the core of an effective
STIR/SHAKEN ecosystem, and each action requires the other: A terminating voice service provider can
only verify caller ID information that has been authenticated by the originating voice service provider and
transmitted with authentication,136 while an originating voice service provider’s authentication has little
value if the terminating voice service provider fails to verify that caller ID information.
36.
Definitions and Scope. For purposes of the rules we adopt today, and consistent with the
TRACED Act, we define “STIR/SHAKEN authentication framework” as “the secure telephone identity
revisited and signature-based handling of asserted information using tokens standards.”137 For purposes
of compliance with this definition, we find that it would be sufficient to adhere to the three ATIS
standards that are the foundation of STIR/SHAKEN—ATIS-1000074, ATIS-1000080, and ATIS1000084—and all documents referenced therein.138 We recognize that industry is actively working to
improve STIR/SHAKEN. Compliance with the most current versions of these three standards as of
March 31, 2020, including any errata as of that date or earlier,139 represents the minimum requirement to
satisfy our rules. ATIS and the SIP Forum conceptualized ATIS-1000074 as “provid[ing] a baseline that
can evolve over time, incorporating more comprehensive functionality and a broader scope in a backward
compatible and forward looking manner.”140 We intend for our rules to provide this same room for
(Continued from previous page)
130 The TRACED Act states in § 4(b)(1)(A) that the Commission shall “require a provider of voice service to
implement the STIR/SHAKEN authentication framework” in its IP networks. It goes on to create an exemption,
stating that the Commission “shall not take the action” set forth in § 4(b)(1)(A) “if the Commission determines [by
December 30, 2020] that such provider of voice service” in its Internet Protocol networks meets four criteria focused
on achieving certain benchmarks prior to the full mandate going into effect. TRACED Act § 4(b)(2)(A).
USTelecom has submitted proposed interpretations of those four criteria for our consideration. See Letter from
Farhan Chughtai, Director, Policy & Advocacy, USTelecom, to Marlene Dortch, FCC, CG Docket No. 17-59, WC
Docket No. 17-97, Attach. at 2 (filed Mar. 6, 2020). Among other things, USTelecom proposes requiring a showing
that all consumer VoIP and VoLTE traffic originating on a voice service provider’s network is capable of
authentication, or will be capable of authentication, by June 30, 2021. Id. CTIA and USTelecom argue that we
should consider replacing the implementation criteria that we adopt with USTelecom’s interpretations of the four
criteria in § 4(b)(2)(A). See CTIA Ex Parte at 2; USTelecom Mar. 23 Ex Parte at 2-3. We find this request
inconsistent with the structure of the TRACED Act, which creates a general mandate to implement STIR/SHAKEN
in § 4(b)(1)(A) and a separate exemption process in § 4(b)(2)(A). Further, USTelecom’s suggested language would
not adequately address the responsibilities of voice service providers to “implement the STIR/SHAKEN
authentication framework” in accordance with § 4(b)(1)(A) because it would only require demonstration of testing
and capability rather than the details of how authentication must actually be applied.
See Letter from Joseph Weeden, Vice President, Metaswitch, to Marlene H. Dortch, Secretary, FCC, WC Docket
Nos. 17-97, 20-67, at 4-5 (filed Mar. 24, 2020) (Metaswitch Ex Parte); Letter from Michael Romano, Senior Vice
President, NTCA-The Rural Broadband Association, to Marlene H. Dortch, Secretary, FCC, CG Docket No. 17-59,
WC Docket No. 17-97, at 2 (filed Mar. 23, 2020) (NTCA Ex Parte); USTelecom Mar. 23 Ex Parte at 3.
131
See Metaswitch Ex Parte at 4-5 (proposing alternative methods for voice service providers to secure intranetwork calls that are consistent with STIR/SHAKEN).
132
18
Federal Communications Commission
FCC 20-42
innovation, while maintaining an effective caller ID authentication ecosystem. Voice service providers
may incorporate any improvements to these standards or additional standards into their respective
STIR/SHAKEN authentication frameworks, so long as any changes or additions maintain the baseline call
authentication functionality exemplified by ATIS-1000074, ATIS-1000080, and ATIS-1000084.
37.
For purposes of our rules, we also adopt a definition of “voice service” that aligns with
the TRACED Act. The TRACED Act employs a broad definition of “voice service” that includes
“without limitation, any service that enables real-time, two-way voice communications, including any
service that requires [I]nternet [P]rotocol-compatible customer premises equipment . . . and permits outbound calling, whether or not the service is one-way or two-way voice over [I]nternet [P]rotocol.”141 The
TRACED Act definition is limited, however, to service “that is interconnected with the public switched
telephone network and that furnishes voice communications to an end user.”142 Thus, the rules we adopt
today apply to originating and terminating voice service providers and exclude intermediate providers.
38.
In recognition of the fact that STIR/SHAKEN is a SIP-based solution,143 we limit
application of the rules we adopt today to only the IP portions of voice service providers’ networks—
those portions that are able to initiate, maintain, and terminate SIP calls. This approach is consistent with
section 4(b)(1)(A) of the TRACED Act, which directs us to require implementation of STIR/SHAKEN
“in the [I]nternet [P]rotocol networks of the provider of voice service.” We agree with commenters that it
would be inappropriate to simply extend the mandate we adopt to non-IP networks.144
39.
We adopt the proposal from the 2019 Further Notice that our implementation mandate
apply to all types of “voice service providers—wireline, wireless, and Voice over Internet Protocol
(VoIP) providers.”145 For STIR/SHAKEN to be successful, all voice service providers capable of
implementing the framework must participate.146 If a subset of voice service providers continue operating
on IP networks without implementing STIR/SHAKEN, it will undercut the framework’s effectiveness.147
(Continued from previous page)
133 2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4900, para. 76.
See T-Mobile USA, Inc. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 11 (rec. July 24, 2019) (TMobile Comments) (arguing that any implementation mandate should also require “complet[ing] implementation
protocols with at least one large provider”); Verizon Comments at 2 (explaining that it “can only validate the Caller
ID of an incoming call for its customer if the provider that originated the call has also implemented
STIR/SHAKEN”); Verizon Reply Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 3 (rec. Aug. 23,
2019) (Verizon Reply); see also ATIS/SIP Forum Standard § 4, at 3.
134
We recognize that the transmission of STIR/SHAKEN authentication information over a non-IP interconnection
point is not technically feasible at this time. See NTCA Ex Parte at 2.
135
See Sprint Corp. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 6 (rec. July 24, 2019) (Sprint
Comments); Verizon Reply Comments at 3.
136
137
See TRACED Act § 4(a)(1).
See ATIS/SIP Forum Standard; ATIS & SIP Forum, Joint ATIS/SIP Forum Standard -Signature-Based Handling
of Asserted Information Using toKENs (SHAKEN): Governance Model and Certificate Management, ATIS1000080 (2017), https://access.atis.org/apps/group_public/download.php/46769/ATIS-1000080-E.zip; ATIS & SIP
Forum, Joint ATIS/SIP Forum Standard -Technical Report on Operational and Management Considerations for
SHAKEN STI Certification Authorities and Policy Administrators, ATIS-1000084 (2018),
https://access.atis.org/apps/group_public/download.php/46529/ATIS-1000084-E.zip; Letter from Thomas Goode,
General Counsel, ATIS, to Marlene H. Dortch, Secretary, FCC, CG Docket No. 17-59, WC Docket Nos. 17-97, 2067 (filed Mar. 30, 2020).
138
See ATIS & SIP Forum, Joint ATIS/SIP Forum Standard -Errata on ATIS Standard on Signature-based Handling
of Asserted information using toKENs (SHAKEN), ATIS-1000074-E (2019),
https://access.atis.org/apps/group_public/download.php/46770/ATIS-1000074-E.zip; ATIS & SIP Forum, Joint
ATIS/SIP Forum Standard -Signature-Based Handling of Asserted Information Using toKENs (SHAKEN):
Governance Model and Certificate Management, ATIS-1000080.v002 (2019),
(continued….)
139
19
Federal Communications Commission
FCC 20-42
Congress demonstrated its recognition of this fact when it adopted a broad definition of “voice service” in
the TRACED Act, which includes “any service that is interconnected with the public switched telephone
network and that furnishes voice communications to an end user using resources from the North
American Numbering Plan.”148 We find that our conclusion to apply the mandate to a broad category of
voice service providers is consistent with Congress’s language in the TRACED Act.
40.
Finally, we clarify that the rules we adopt today do not apply to providers that lack
control of the network infrastructure necessary to implement STIR/SHAKEN.149
41.
Implementation Deadline. We set the implementation deadline of June 30, 2021 for two
reasons. First, it is consistent with the TRACED Act, which requires us to set a deadline for
implementation of STIR/SHAKEN that is not later than 18 months after enactment of that Act, i.e., no
later than June 30, 2021.150 Second, this deadline will provide sufficient time for us to implement, and for
voice service providers to gain, a meaningful benefit from the implementation exemption and extension
mechanisms established by the TRACED Act.151 Because we find that this implementation deadline is
necessary to accommodate the various exemption and extension mechanisms established by the TRACED
Act, we decline to adopt the suggestion of some commenters that we mandate implementation by June 1,
2020.152
2.
Legal Authority
42.
We conclude that section 251(e) of the Communications Act of 1934, as amended (the
Act), provides authority to mandate the adoption of the STIR/SHAKEN framework in the IP portions of
voice service providers’ networks. Section 251(e) provides us “exclusive jurisdiction over those portions
of the North American Numbering Plan that pertain to the United States.” 153 Pursuant to this provision,
we retain “authority to set policy with respect to all facets of numbering administration in the United
States.”154 Our exclusive jurisdiction over numbering policy enables us to act flexibly and expeditiously
with regard to important numbering matters.155 When bad actors unlawfully falsify or spoof the caller ID
(Continued from previous page)
https://access.atis.org/apps/group_public/download.php/50027/ATIS-1000080.v002.pdf; ATIS & SIP Forum, Joint
ATIS/SIP Forum Standard -Errata to ATIS Technical Report on Operational and Management Considerations for
SHAKEN STI Certification Authorities and Policy Administrators, ATIS-1000084-E (2019),
https://access.atis.org/apps/group_public/download.php/46529/ATIS-1000084-E.zip.
140
See ATIS/SIP Forum Standard § 1.2, at 1.
141
TRACED Act § 4(a)(2)(B)(ii).
142
Id. § 4(a)(2)(A) (emphasis added).
143
See ATIS/SIP Forum Standard § 1.1, at 1.
See NTCA Comments at 7-9; USTelecom Comments at 3-4; WTA –Advocates for Rural Broadband (WTA)
Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 2-3 (rec. July 24, 2019) (WTA Comments).
144
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4900, para. 75. This includes both twoway and one-way interconnected VoIP providers. See TRACED Act § 4(a)(2)(B)(ii) (extending the mandate to
VoIP providers “whether or not the service is one-way or two-way voice over [I]nternet [P]rotocol”). The Cloud
Communications Alliance has raised concerns over whether all voice service providers are able to obtain the
certificates used for the intercarrier exchange of authenticated caller ID information under the Governance
Authority’s current policies. See Cloud Communications Alliance Ex Parte at 2 (explaining that the Policy
Administrator “will only enroll providers that have an OCN and direct access to numbers”); see also Secure
Telephone Identity Governance Authority, STI-GA Policy Decisions Document at 1 (2020),
https://www.atis.org/sti-ga/resources/docs/200211%20STIGA%20Board%20Policy.pdf (establishing policy
regarding what providers need to show to be able to obtain a certificate). We look forward to working with the
Governance Authority and the Cloud Communications Alliance and its members to determine how best to resolve
these issues expeditiously going forward.
145
20
Federal Communications Commission
FCC 20-42
that appears on a subscriber’s phone, they are using numbering resources to advance an illegal scheme.
Mandating that voice service providers deploy the STIR/SHAKEN framework will help to prevent the
fraudulent exploitation of North American Numbering Plan (NANP) resources by permitting those
providers and their subscribers to identify when caller ID information has been spoofed. Section 251(e)
thus grants us authority to mandate that voice service providers implement the STIR/SHAKEN caller ID
authentication framework in order to prevent the fraudulent exploitation of numbering resources.156
Moreover, as the Commission has previously found, section 251(e) extends to “the use of . . . unallocated
and unused numbers”; it thus gives us authority to mandate that voice service providers implement the
STIR/SHAKEN framework to address the spoofing of unallocated and unused numbers.157 In the 2019
Further Notice, we proposed to rely on section 251(e) of the Act for authority to mandate implementation
of caller ID authentication technology and, specifically, the STIR/SHAKEN framework;158 no commenter
challenged that proposal.159
43.
The TRACED Act confirms our authority to mandate the adoption of the STIR/SHAKEN
framework in the IP portions of voice service providers’ networks. Indeed, the TRACED Act expressly
directs us to require voice service providers to implement the STIR/SHAKEN framework in the IP
portions of their networks no later than 18 months after the date of that Act’s enactment.160 The
TRACED Act thus provides a second clear source of authority for the rules we adopt today.
44.
Finally, we note that Congress charged us with prescribing regulations to implement the
Truth in Caller ID Act, which made unlawful the spoofing of caller ID information “in connection with
any telecommunications service or IP-enabled voice service . . . with the intent to defraud, cause harm, or
wrongfully obtain anything of value.”161 Given the constantly evolving tactics by malicious callers to use
spoofed caller ID information to commit fraud, we find that the rules we adopt today are necessary to
enable voice service providers to help prevent these unlawful acts and to protect voice service subscribers
from scammers and bad actors. Thus, section 227(e) provides additional independent authority for these
rules.162
(Continued from previous page)
146 See AT&T Comments at 4 n.8; Sprint Comments at 6-7; Verizon Comments at 1-2.
See Verizon Comments at 2; AT&T Comments at 21 (citing to the 2018 Senate testimony of Adrian Abramovich
for the idea that there are VoIP providers in the U.S. generating robocall traffic).
147
TRACED Act § 4(a)(2)(A). This includes, “without limitation, any service that enables real-time, two-way voice
communications, including any service that requires [I]nternet [P]rotocol-compatible customer premises equipment
(commonly known as ‘CPE’) and permits out-bound calling, whether or not the service is one-way or two-way voice
over [I]nternet [P]rotocol.” Id. at § 4(a)(2)(B)(ii).
148
149
See TracFone Wireless, Inc. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 1-3 (July 24, 2019).
150
TRACED Act § 4(b)(1)(A).
151
TRACED Act §§ 4(b)(2), (b)(5)(A).
See Consumer Reports et al. Comments at 3. As we note in the accompanying Further Notice, the TRACED Act
contemplates compliance extensions and exemptions for those providers that we determine meet certain criteria by
December 30, 2020. We see no way to square this statutory requirement with imposition of a mandate six months
before that date.
152
See 47 U.S.C. § 251(e); see also Call Authentication NOI, 32 FCC Rcd at 6001, para. 48; Advanced Methods to
Target and Eliminate Unlawful Robocalls, CG Docket No. 17-59, Second Notice of Inquiry, 32 FCC Rcd 6007,
6009-10, para. 7 (2017) (“Section 251(e)(1) of the [Act], gives the Commission plenary authority over that portion
of the North American Numbering Plan (NANP) that pertains to the United States and the Commission has authority
to set policy on all facets of numbering administration in the United States.”) (citing Implementation of the Local
Competition Provisions of the Telecommunications Act of 1996 et al., CC Docket No. 96-98 et al., Second Report
and Order and Memorandum Opinion and Order, 11 FCC Rcd 19392, 19512, para. 271 (1996) (Local Competition
Second Report and Order)).
153
21
Federal Communications Commission
B.
FCC 20-42
Summary of Costs and Benefits
45.
We are convinced that the benefits of requiring STIR/SHAKEN implementation far
outweigh the costs, even if adoption of the TRACED Act makes a comprehensive cost-benefit analysis of
a STIR/SHAKEN implementation mandate unnecessary. Because STIR/SHAKEN is a part of a broader
set of technological and regulatory efforts necessary to address illegal calls,163 and its limited deployment
makes it difficult to measure its full effects at this time, we compare the estimated costs of implementing
STIR/SHAKEN to the overall foreseeable range of quantifiable and non-quantifiable benefits of
eliminating illegal calls, recognizing that STIR/SHAKEN is necessary but not, alone, a solution to the
problem.164 These benefits include reduction in nuisance calls, increased protection from illegally
spoofed calls restoration of consumer confidence in incoming calls, fewer robocall-generated disruptions
of healthcare and emergency communications, reduction in regulatory enforcement costs, and reduction in
provider costs. We conclude that, based on any plausible assumption about the scope of illegal calls
deterred by STIR/SHAKEN, the foreseeable benefits of STIR/SHAKEN implementation—including
reduction in calls that cost Americans billions of dollars each year—will far exceed estimated costs,
including both recurring operating costs of between roughly $39 million and $780 million annually and
estimated up-front costs, which may be in the tens of millions of dollars for the largest voice service
providers. It is implausible that total implementation costs will come close to the expected benefits of our
actions. For example, broad industry support for deploying STIR/SHAKEN strongly indicates that the
benefits to industry alone outweigh implementation costs, even before considering the benefits to
consumers of implementation.165
1.
46.
Expected Benefits
We supplement our estimate of the benefits of eliminating illegal and unwanted robocalls
(Continued from previous page)
154 Local Competition Second Report and Order, 11 FCC Rcd at 19512, para. 271.
155
See Local Competition Second Report and Order, 11 FCC Rcd at 19512, para. 271.
The Commission has previously concluded that its numbering authority allows it to extend numbering-related
requirements to interconnected VoIP providers that use telephone numbers. See Numbering Policies for Modern
Communications et al., WC Docket Nos. 13-97 et al., Report and Order, 30 FCC Rcd 6839, 6878, para. 78 (2015)
(VoIP Direct Access Order); see also IP-Enabled Services et al., WC Docket No. 04-36, First Report and Order and
Notice of Proposed Rulemaking, 20 FCC Rcd 10245, 10265, para. 33 (2005); Telephone Number Requirements for
IP-Enabled Services Providers et al., WC Docket Nos. 07-243 et al., Report and Order, Declaratory Ruling, Order
on Remand, and Notice of Proposed Rulemaking, 22 FCC Rcd 19531, 19543, para. 22 (2007). As the Commission
has explained, “the obligation to ensure that numbers are available on an equitable basis is reasonably understood to
include not only how numbers are made available but to whom, and on what terms and conditions. Thus, we
conclude that the Commission has authority under section 251(e)(1) to extend to interconnected VoIP providers both
the rights and obligations associated with using telephone numbers.” VoIP Direct Access Order, 30 FCC Rcd at
6878, para. 78; see also id. at 6879, para. 80 (finding that “[n]othing in section 251(e) restricts the Commission’s
jurisdiction to telecommunications carriers”).
156
See 2017 Call Blocking Report and Order and Further Notice, 32 FCC Rcd at 9727, para. 62. The Commission
previously relied on this authority to make clear that voice service providers may block calls that spoof invalid,
unallocated, or unused numbers, none of which can actually be used to originate a call. See id.
157
158
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4903, para. 86.
We note, however, that because STIR/SHAKEN implementation is not a “numbering administration
arrangement,” section 251(e)(2), which provides that “[t]he cost of establishing telecommunications numbering
administration arrangements . . . shall be borne by all telecommunications carriers on a competitively neutral basis,”
does not apply here. 47 U.S.C. § 251(e)(2). Even if section 251(e)(2) did apply, we find that it is satisfied by our
requirement that each carrier bear its own costs, since each carrier’s costs will be proportional to the size and quality
of its network.
159
160
See TRACED Act § 4(b)(1)(A).
22
Federal Communications Commission
FCC 20-42
in the 2019 Further Notice with additional data. Consistent with our earlier conclusion, we find that the
deployment requirements set forth in this Report and Order will be integral to solving illegal robocall
spoofing specifically and illegal robocalling generally.
47.
Eliminating Nuisance. In the 2019 Further Notice, we estimated benefits of at least $3
billion from eliminating illegal scam robocalls. That estimate assumed a benefit of ten cents per call and
multiplied it across a figure of 30 billion illegal scam robocalls per year, derived from third-party data.166
We also sought comment on this $3 billion estimate and concluded that “most of these benefits can be
achieved . . . primarily because SHAKEN/STIR will inform providers of the call’s true origination.”167
We received no comment on this conclusion.168 We agree with commenters that STIR/SHAKEN is one
important part of a broader set of tools to solve illegal robocalls.169 We thus reaffirm our finding that the
potential benefits resulting from eliminating the wasted time and nuisances caused by illegal scam
robocalls will exceed $3 billion annually.
48.
Reducing Fraud. Fraudulent robocall schemes cost Americans an estimated $10.5 billion
annually, according to a third-party survey.170 A recent civil action filed by the U.S. Department of
Justice against five VoIP carriers identifies several examples of fraud where consumers individually lost
between $700 and $9,800 in a single instance.171 While STIR/SHAKEN will not itself stop a malicious
party from using the voice network to commit fraud, it will inform a call recipient that the caller has used
deceptive caller ID information to try to convince the called party to answer the phone. Many
commenters noted value in pairing STIR/SHAKEN with call analytics,172 and we expect this will
significantly reduce the effectiveness of spoofing fraud that costs Americans billions of dollars each year,
and similarly reduce the incidence of such fraud.
49.
Restoring Confidence in Caller ID Information. STIR/SHAKEN implementation and
other efforts to minimize illegal robocalls will begin to restore trust in caller ID information and make call
recipients more likely to answer the phone. Declines in willingness to answer incoming calls in recent
(Continued from previous page)
161 47 U.S.C. § 227(e)(1); see 47 CFR § 64.1604(a).
See also 47 U.S.C. § 154(i) (authority to make rules not inconsistent with the Act “as may be necessary in the
execution of [the Commission’s] functions”). While we sought comment in the 2019 Robocall Declaratory Ruling
and Further Notice on the applicability of sections 201(b) and 202(a) as sources of authority, we did so in the
context of adopting rules to create a safe harbor for certain call-blocking programs and requiring voice service
providers that offer call-blocking programs to maintain a Critical Calls List. See 2019 Robocall Declaratory Ruling
and Further Notice, 34 FCC Rcd at 4903, paras. 84-85. Because we did not seek comment in that item on whether
these provisions grant the Commission authority to mandate caller ID authentication, and specifically
STIR/SHAKEN, we do not rely on them here as sources of authority.
162
USTelecom Comments at 2 (stating that “[w]hile the SHAKEN/STIR framework is not a silver bullet, it is an
important tool in the robocall prevention toolbox that will help end illegal robocall campaigns by identifying the
source of illegal robocalls which will greatly assist in traceback efforts”); West Telecom Reply at 4-5 (noting that “a
successful SHAKEN/STIR framework cannot in itself be a complete solution to solving illicit robocall problems”).
163
See AT&T Comments at 15; Consumer Reports et al. Comments at 1; NTCA Comments at 12-13; TNS
Comments at 14-15; West Telecom Reply at ii.
164
See generally AT&T Comments at 4-5 (noting that “AT&T helped to developed the SHAKEN/STIR protocols”);
CTIA Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 2 (rec. July 24, 2019) (CTIA Comments)
(stating “voice service providers have led the way in developing and deploying SHAKEN/STIR”); T-Mobile
Comments at 3 (indicating it was the “first wireless provider to implement STIR/SHAKEN”).
165
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4889, para. 40. Ten cents per call was
used as a conservative estimate. See id.
166
167
See 2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4902, para. 81.
23
Federal Communications Commission
FCC 20-42
years have harmed businesses, healthcare providers, and non-profit charities.173 Such organizations likely
will benefit because recipients should be more likely to answer their phones if caller ID information is
authenticated. Furthermore, while we do not adopt any display mandates in this item, we anticipate that
voice service providers will implement voluntary efforts to restore confidence in caller ID information.
Studies conducted by Cequint indicate that including additional caller ID information (e.g., showing a
business logo along with caller ID information on a smartphone display to convey legitimacy) increased
pick up rates from 21% to 71%.174 Such information will enhance the benefits achieved by
STIR/SHAKEN implementation.
50.
Ensuring Reliable Access to Emergency and Healthcare Communications. Implementing
STIR/SHAKEN will lead to fewer disruptions of healthcare and emergency communication systems that
needlessly put lives at risk. Hospitals and 911 dispatch centers have reported that robocall surges have
disabled or disrupted their communications network, and such disruptions have the potential to impede
communications in life-or-death emergency situations. In one instance, Tufts Medical Center in Boston
received more than 4,500 robocalls in a two-hour period.175 In another, the phone lines of several 911
dispatch centers in Tarrant County, Texas, were disabled because of an hour long surge in robocalls. 176
Enabling voice service providers to more effectively identify illegal calls, including spoofed calls, to
healthcare and emergency communication systems should reduce the risk of such situations. The benefit
to public safety will be considerable.
51.
Reducing Costs to Voice Service Providers. An overall reduction in robocalls will
“greatly lower network costs by eliminating unwanted traffic and by eliminating the labor costs of
handling numerous customer complaints.”177 Illegal robocalls have led to unnecessary network
congestion with broader possible impacts than the targeted disruption of healthcare and emergency
operations described above.178 We agree with Comcast’s assessment that “the ability to identify and
address illegally spoofed robocalls using STIR/SHAKEN will help reduce network costs for voice
[service] providers.”179 Voice service providers should also realize cost savings through the reduced need
(Continued from previous page)
168 In its comments, Smithville Telephone Company states that a $3 billion benefit amounts to 55 cents per voice
line per month (calculated by dividing the $3 billion benefit by 455 million retail voice telephone service
connections based on the FCC’s Voice Telephone Services Status as of June 30, 2017), and questions whether such
benefit is enough to drive this decision. Smithville Telephone Co. Reply, CG Docket No. 17-59, WC Docket No.
17-97, at 6 (rec. Aug. 23, 2019) (Smithville Reply). The estimate of 30 billion scam calls consists of an estimated
47% of all robocalls. If the average line receives approximately 5 to 6 scam calls per month, Smithville’s
calculation is consistent with our previous estimate. Our burden is to determine that benefits exceed costs, and we
find that the benefits of implementing STIR/SHAKEN far exceed the costs.
169
USTelecom Comments at 2; West Telecom Reply at 4-5.
Kim Fai Kok, Truecaller Insights: Phone Scams Cause Americans to Lose $10.5 Billion in Last 12 Months
Alone, Truecaller (April 17, 2019), https://truecaller.blog/2019/04/17/truecaller-insights-2019-us-spam-phone-scamreport/. To reach $10.5 billion, Truecaller multiplied the 17% of survey respondents who reported losing money in a
scam during the past 12 months by the 2018 U.S. Census adult population estimate of 253 million. The estimated 43
million phone scam victims was then multiplied by the average loss of $244.
170
171
Decl. of Samuel Bracken at paras. 6-14, United States v. Palumbo, No. 20-473 (E.D.N.Y Jan. 28, 2020).
Sprint Comments at 7-8 (stating the “best use of SHAKEN/STIR information is to be a data input into a call
analytics algorithm . . . to make an informed determination whether a call is illegal or not”). See, e.g., Comcast
Comments at 7-8; Letter from Deirdre Menard, CEO, LucidTech, LLC, to Marlene H. Dortch, Secretary, FCC, CG
Docket No. 17-59, WC Docket No. 17-97, at 2 (filed June 20, 2019) (LucidTech Ex Parte).
172
For example, utility companies often call to confirm installation appointments, “[b]ut if the customer doesn’t
answer the phone for the appointment reminder and the truck shows up when they’re not there, by one estimate,
that’s a $150 cost.” Tim Harper, Why Robocalls Are Even Worse Than You Thought, Consumer Rep. (May 15,
2019), https://www.consumerreports.org/robocalls/why-robocalls-are-even-worse-than-you-thought. Similarly,
medical providers have indicated that patients often fail to answer scheduling calls from specialists’ offices and
(continued….)
173
24
Federal Communications Commission
FCC 20-42
for customer service regarding illegal calls.180 We find that the overall benefit of these anticipated cost
savings will be substantial and represent a long-term reduction in provider costs attributable to
STIR/SHAKEN. Voice service providers may pass on the cost savings to subscribers in the form of
lower prices, resulting in additional benefit to their subscribers.
52.
Reducing Spending on Enforcement Actions. Broad STIR/SHAKEN implementation will
both reduce the need for enforcement against illegally spoofed robocalls and make continued enforcement
less resource intensive. The Commission has brought at least six enforcement actions against apparently
liable actors for illegally spoofing caller ID,181 and issued 38 warning citations for violations of the
Telephone Consumer Protection Act.182 The Federal Trade Commission has taken 145 enforcement
actions against companies for Do Not Call Registry violations,183 and 25 other federal, state, and local
agencies brought 87 enforcement actions as part of a single 2019 initiative.184 By reducing overall
numbers of robocalls and providing additional information for enforcement, industry-wide implementation
of STIR/SHAKEN will save resources at federal, state, and local agencies. While we do not quantify
these savings, we believe they add to the benefits of STIR/SHAKEN implementation that will accrue.
2.
Expected Costs
53.
Implementation costs for STIR/SHAKEN will vary depending on a voice service
provider’s existing network configuration. Commenters indicated that voice service providers will incur
ongoing costs in addition to one-time implementation costs.185 Estimated one-time costs include, among
others, software licensing for authentication and verification services; hardware upgrades to network
elements such as session border controllers and hardware upgrades required for software compatibility; as
well as connectivity and network configuration changes, depending on current network configuration, and
related testing.186 One of the largest voice service providers estimates that it will face one-time
implementation costs “in the tens of millions of dollars.”187 We expect that implementation costs are
likely to vary significantly based on voice service provider size and choices as to implementation
(Continued from previous page)
eventually the office will give up after repeated attempts. Id. Donations to charities have also declined as a result of
the decreased likelihood of answering the phone. Id.
174
TNS Comments Ex. 1 at 15.
Tony Romm, Robocalls Are Overwhelming Hospitals and Patients, Threatening a New Kind of Health Crisis,
Wash. Post (June 17, 2019), https://www.washingtonpost.com/technology/2019/06/17/robocalls-are-overwhelminghospitals-patients-threatening-new-kind-health-crisis.
175
Nick Wingfield, Swindlers Use Telephones, with Internet’s Tactics, N.Y. Times (Jan. 20, 2014),
https://www.nytimes.com/2014/01/20/technology/swindlers-use-telephones-with-internets-tactics.html. In 2018, the
Commission imposed a $120 million penalty for an illegal robocall campaign that disrupted an emergency medical
paging service. See Adrian Abramovich, Marketing Strategy Leaders, Inc., and Marketing Leaders, Inc., File No.
EB-TCD-15-00020488, Forfeiture Order, 33 FCC Rcd 4663, 4663, para. 1 (2018).
176
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4902, para. 81. We treat these anticipated
reductions in cost as a benefit to providers in order to limit our analysis of expected costs to those for
implementation and operation.
177
178
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4889, para. 39.
Comcast Comments at 10. One commenter argues that this benefit may be realized by larger providers more than
smaller providers, Smithville Reply at 7, and we acknowledge that the benefits of changes in network capacity will
vary by provider.
179
180
Cf. ITTA Reply at 21; Smithville Reply at 7.
See Scott Rhodes a.k.a. Scott David Rhodes, Scott D. Rhodes, Scott Platek, Scott P. Platek, Notice of Apparent
Liability, FCC 20-9; Kenneth Moser dba Marketing Support Systems, Notice of Apparent Liability, 34 FCC Rcd
(continued….)
181
25
Federal Communications Commission
FCC 20-42
solutions.188 Recurring annual costs will include fees associated with authenticating and verifying calls,
plus certificate fees. Estimates for recurring annual operating costs discussed by panelists at the
Commission’s July 2019 SHAKEN/STIR Robocall Summit range anywhere from approximately $15,000
to $300,000.189 Our estimate regarding recurring annual operating costs reflects a range because of
variation in provider costs and the uncertainty of costs given the ongoing nature of STIR/SHAKEN
implementation. One commenter asserts that recurring annual operating costs are “likely to be on the
lower end of th[is] range.”190 On the other hand, USTelecom points out that fees paid by voice service
providers to the Governance Authority and Policy Administrator range from $825 to $240,000 per year
and states that a number of its members pay the highest annual fee.191 Based on the record, we estimate
that the approximately 2,600 voice service providers together would spend between roughly $39 million
and $780 million annually in operating costs, with up-front costs for the largest voice service providers in
the tens of millions of dollars.192 We anticipate that voice service providers may be able to streamline
their costs over time. Moreover, we recognize that smaller voice service providers may have different
costs and challenges than larger providers,193 but we are confident that benefits to all Americans far
exceed one-time implementation and recurring annual operating costs.194
C.
Other Issues
54.
Display. We are pleased by voice service providers’ efforts to incorporate
STIR/SHAKEN verification results in the information that they display to their customers.195 Voice
service providers so far are taking a variety of approaches to leveraging STIR/SHAKEN verification
result information to protect their subscribers from fraudulently spoofed calls, including through display
of that information.196 For instance, AT&T announced that it would display a green checkmark and the
words “Valid Number” to subscribers if the call has been authenticated and passed through screening.197
T-Mobile announced that it would display the words “Caller Verified,” on the end user’s device when it
(Continued from previous page)
12753 (2019); FCC Consumer and Governmental Affairs Bureau, Report on Robocalls at 11 (2019),
https://docs.fcc.gov/public/attachments/DOC-356196A1.pdf.
FCC Consumer and Governmental Affairs Bureau, Report on Robocalls at 10 (2019),
https://docs.fcc.gov/public/attachments/DOC-356196A1.pdf.
182
Press Release, FTC, FTC, Law Enforcement Partners Announce New Crackdown on Illegal Robocalls (June 25,
2019), https://www.ftc.gov/news-events/press-releases/2019/06/ftc-law-enforcement-partners-announce-newcrackdown-illegal.
183
184
Id.
185
NTCA Comments at 9; ITTA Reply at 21.
See, e.g., Letter from Randy Clarke, Vice President, Federal Regulatory Affairs, CenturyLink, to Marlene H.
Dortch, Secretary, FCC, WC Docket No. 17-97, WC Docket No. 20-67, Attach. at 2-3 (filed Mar. 25, 2020)
(CenturyLink Mar. 25 Ex Parte) (filed pursuant to 47 CFR § 1.1206(b)(2)(iv)); see also USTelecom Mar. 23 Ex
Parte at 4 (discussing categories of implementation costs for larger carriers including conducting “network
development and testing work affecting thousands of switches and other equipment”; acquiring software licenses;
and acquiring, installing, and configuring software and hardware for STIR/SHAKEN signing and verification
services”).
186
See CenturyLink Ex Parte at 2-3 (providing estimates for various categories of one-time implementation costs);
see also USTelecom Mar. 23 Ex Parte at 3 (suggesting that large USTelecom members’ implementation costs will
be in the tens of millions of dollars).
187
For example, voice service providers choosing to directly implement STIR/SHAKEN will likely face larger onetime costs than voice service providers choosing a hosted solution, which are likely to have larger recurring costs.
188
26
Federal Communications Commission
FCC 20-42
has verified that the call is authentic.198 Other voice service providers have not yet announced plans to
display STIR/SHAKEN authentication information. Because we expect voice service providers to have
marketplace incentives to make the best possible use of STIR/SHAKEN information once it is available,
and because industry practices regarding display of STIR/SHAKEN verification results are in their early
stages of development,199 we decline at this time to require voice service providers to display
STIR/SHAKEN verification results to their subscribers or mandate the specifications voice service
providers must use if they choose to display.200 We do not seek to prevent the market from determining
which form of display, if any, is most useful; instead, we seek to encourage voice service providers to
find the solutions that work best for their subscribers.201
55.
Governance. Several commenters advocate changing the governance structure. These
commenters suggest we play an adjudicatory role in disputes that may arise between voice service
providers,202 or direct the Governance Authority to take action on specific use cases,203 or change the
membership requirements of the Governance Authority.204
56.
We decline to impose new regulations on the STIR/SHAKEN governance structure.
Stakeholders met the aggressive timeline laid out in the report issued by the North American Numbering
Council (NANC),205 establishing a collaborative Governance Authority and selecting the Policy
Administrator by May 2019.206 By December 2019, the Policy Administrator approved the first
Certification Authorities,207 and voice service providers were able to register with the Policy
Administrator to obtain credentials necessary to receive certificates from approved Certificate
Authorities.208 We agree with T-Mobile that, at this time, it “is not necessary for the Commission to have
a role in STIR/SHAKEN governance.”209 STIR/SHAKEN is a flexible solution with an industry-led
governance system that can adapt and respond to new developments.210 We do not think that our
intervention in the governance structure is appropriate at this stage given that we do not know the nature
and scope of the problems that may arise and industry is already working to address specific use cases.
Additionally, because the Governance Authority is made up of a variety of stakeholders representing
(Continued from previous page)
189 See SHAKEN/STIR Robocall Summit at 3:28:35 (Jul. 11, 2019), https://www.fcc.gov/SHAKENSTIRSummit
(Panelists affirmed estimates of implementation costs in the range of “$100,000 or tens of thousands to hundreds of
thousands to upgrade and $100,000 per year to operate” in response to a question from Eric Burger, Former FCC
Chief Technologist, seeking confirmation of previously discussed estimates); Letter from John Ayers, VP Govt
Affairs, First Orion Corp., to Marlene H. Dortch, Secretary, FCC, CG Docket No. 17-59, WC Docket No. 17-97,
Attach. A (filed Feb. 13, 2020); Letter from Joseph Weeden, VP, Product Management, Metaswitch, to Marlene H.
Dortch, Secretary, FCC, GC Docket No. 17-59, WC Docket No. 17-97, at 2 (filed Feb. 14, 2020).
190
TNS Ex Parte at 2-3.
USTelecom Mar. 23 Ex Parte at 3-4; see also CTIA Ex Parte at 3 n.3 (arguing that the Commission “likely
underestimates the amount of resources industry has invested, and will need to continue to invest, in bringing
STIR/SHAKEN to customers nationwide”); SHAKEN Policy Administrator: Secure Telephone Identity (STI)
Service Provider Methods and Procedures at 4 (Feb. 2020),
https://authenticate.iconectiv.com/sites/microsites/files/202002/Service%20Provider%20Guidelines%20Issue%202.pdf.
191
Approximately 2,600 companies offered mobile voice or fixed voice service in December 2018. See FCC, Form
477 Filers by State, (Mar. 27, 2020), https://www.fcc.gov/general/form-477-filers-state-0.
192
ITTA Reply Comments at 19 and 21. One small, rural provider, using estimates from the Commission’s 2019
SHAKEN/STIR Robocall Summit, concludes that an annual recurring cost of $100,000 will result in a cost of $26
per line for its 319 customers. Smithville Reply at 4.
193
Additionally, in the Further Notice, we propose to extend the compliance deadline for smaller voice service
providers and anticipate that increased competition between vendors may result in lower prices and higher quality
solutions.
194
See Press Release, AT&T, AT&T Activates Call Validation Displays (Dec. 18, 2019),
https://about.att.com/story/2019/call_validation_displays.html (announcing that customers “will see a green
(continued….)
195
27
Federal Communications Commission
FCC 20-42
many perspectives,211 we have no reason to believe it will not operate on a neutral basis.
IV.
FURTHER NOTICE OF PROPOSED RULEMAKING
57.
Building on the important steps we take in today’s Report and Order, we offer proposals
and seek comment on further efforts to promote caller ID authentication and implement section 4 of the
TRACED Act. We also seek comment on implementing section 6(a) of the TRACED Act, which
concerns access to numbering resources.
A.
Caller ID Authentication Requirements Definitions and Scope
58.
In the accompanying Report and Order, we adopted a definition of “STIR/SHAKEN
authentication framework” that aligns with the statutory language of the TRACED Act.212 We believe the
definition we adopted of the “STIR/SHAKEN authentication framework” is sufficient for our
implementation of the TRACED Act. We seek comment on this view.
59.
We also adopted a definition of “voice service” in the Report and Order that aligns with
the statutory language of the TRACED Act.213 In section 4(a)(2) of the TRACED Act, Congress provided
a definition of “voice service” that is similar, but not identical, to the preexisting definition found in
section 64.1600(r) of our rules, which adopts the definition Congress provided in Section 503 of the RAY
BAUM’S Act.214 Both provisions define voice service as “any service that is interconnected with the
public switched telephone network and that furnishes voice communications to an end user using
resources from the North American Numbering Plan or any successor to the North American Numbering
Plan adopted by the Commission under section 251(e)(1) of the [Act].”215 In the TRACED Act, Congress
included a similar definition but added a provision that “without limitation, any service that enables realtime, two-way voice communications, including any service that requires [I]nternet [P]rotocol-compatible
customer premises equipment (commonly known as ‘CPE’) and permits out-bound calling, whether or
not the service is one-way or two-way voice over [I]nternet [P]rotocol.”216 We seek comment on how, if
(Continued from previous page)
checkmark and the words, ‘Valid Number,’” if a call is verified by using STIR/SHAKEN and AT&T’s own “Call
Protect” engine).
See Press Release, Comcast, AT&T, Comcast Announce Anti-Robocalling Fraud Milestone Believed to be
Nation’s First (Mar. 20, 2019), https://corporate.comcast.com/press/releases/att-comcast-announce-anti-robocallingfraud-milestone-believed-to-be-nations-first (“[A] call that is illegally ‘spoofed’—or shows a faked number—will
fail the SHAKEN/STIR Caller ID verification and will not be marked as verified. By contrast, verification will
confirm that a call is really coming from the identified number or entity.”); T-Mobile, T-Mobile First to Launch
Caller Verification to Help Protect Customers from Scams (Jan. 10, 2019), https://www.t-mobile.com/news/callerverified-note9 (“[C]ustomers see ‘Caller Verified’ on the incoming call screen when T-Mobile has verified that the
call is authentic and not intercepted by scammers/spammers.”).
196
See Press Release, AT&T, AT&T Activates Call Validation Displays (Dec. 18, 2019),
https://about.att.com/story/2019/call_validation_displays.html; AT&T Ex Parte at 2 (“AT&T has incorporated
SHAKEN/STIR information into the analytics powering AT&T Call Protect, as well as AT&T’s other blocking
programs that target suspected illegal calls . . . Including SHAKEN/STIR information as an additional data point
thus will benefit AT&T customers receiving AT&T Call Protect . . .”).
197
See T-Mobile, T-Mobile First to Launch Caller Verification to Help Protect Customers from Scams (Jan. 10,
2019), https://www.t-mobile.com/news/caller-verified-note9.
198
See, e.g., TNS Comments at 17 (“The industry is still experimenting with display information and display
formats, and there is much still to be learned regarding what information is meaningful to consumers.”).
199
See 2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4900, para. 77 (seeking comment on
whether we “should require [voice service] providers to adopt a uniform display showing consumers whether a call
has been authenticated”). AARP and CUNA advocate for a display requirement but do not identify a reason for a
(continued….)
200
28
Federal Communications Commission
FCC 20-42
at all, the scope of the TRACED Act definition varies from the section 64.1600(r) definition on the basis
of the foregoing language. Should we provide further guidance on the meaning of the “without
limitation” language in the TRACED Act, or is it clear as written? Looking at the two definitions as a
whole, we seek comment on whether Congress intended to create two distinct definitions with different
scopes or whether the similarity between the definitions means that we should harmonize our
interpretations of the two definitions. Additionally, we seek comment on whether the TRACED Act’s
definition of “voice service” should cause us to revisit our decision in the accompanying Report and
Order to exempt from our rules providers that lack control of the network infrastructure necessary to
implement STIR/SHAKEN.
60.
Congress directed many of the requirements in the TRACED Act to “providers of voice
service.”217 On one reading, an entity is a provider of voice service only with respect to calls that meet the
definition of “voice service,” i.e., “provider” is defined on a call-by-call basis. On another reading, an
entity that provides any voice service is always a “provider of voice service,” i.e., “provider” is defined
on an entity-by-entity basis. We propose adopting the former interpretation. Based on this interpretation,
a provider is not subject to the TRACED Act for all services simply because some fall under the
TRACED Act definition of “voice service”; instead, only those services that meet the TRACED Act
definition of “voice service” are subject to TRACED Act obligations. We propose this interpretation
because it gives meaning to Congress’s inclusion of a definition for “voice service” and appears to best
comport with the TRACED Act’s allocation of duties on the basis of call technology, e.g., differentiating
duties between calls over IP and non-IP networks. Further, we have previously used a call-by-call
understanding of intermediate providers in our rules.218 We seek comment on this interpretation. Should
(Continued from previous page)
mandate beyond merely pointing to the value of displaying verification information. See AARP Comments, CG
Docket No. 17-59, at 6-7 (rec. July 24, 2019) (AARP Comments) (“AARP believes that a uniform display for call
authentication is a good idea. Consumers may rely upon multiple voice service providers and receiving standardized
call display information would improve the effectiveness of robocall blocking technology and empower consumers
to make choices regarding calls that they are receiving.”); Credit Union Nat’l Ass’n Comments, CG Docket No. 1759, WC Docket No. 17-97, at 5 (rec. July 24, 2019) (CUNA Comments) (supporting “efforts either by industry or
through FCC guidance, to develop a uniform presentation . . . [because d]ifferent treatment of the same calls will
exacerbate the considerable consumer confusion that is likely to occur once this framework becomes more
prevalent”). While display of verification information may be valuable, we decline to adopt a mandate on that basis
because we expect the marketplace to drive display efforts, and because we anticipate that marketplace solutions
will be superior to a static regulatory mandate. In December 2019, the Consumer Advisory Committee
recommended that stakeholders “conduct studies and solicit input on what factors voice service providers should
consider for displaying caller ID information to consumers, including . . . SHAKEN/STIR verification.” FCC
Consumer Advisory Committee, Recommendation Regarding Caller ID Authentication at 3 (2019).
201
See TNS Comments at 17; CTIA Ex Parte at 3.
Am. Ass’n of Healthcare Admin. Mgmt. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 6 (rec.
July 24, 2019) (AAHAM Comments).
202
RingCentral, Inc. Comments, CG Docket No. 17-59, WC Docket No. 17-97, at 5 (rec. July 24, 2019)
(RingCentral Comments).
203
29
Federal Communications Commission
FCC 20-42
we instead read the TRACED Act to establish a status-based approach, thus capturing a provider’s entire
network if some parts of its network meet the statutory definition?
B.
Extending the STIR/SHAKEN Implementation Mandate to Intermediate Providers
61.
To further help ensure that caller ID authentication information reaches call recipients,
we propose extending our STIR/SHAKEN mandate to intermediate providers. We seek comment on this
proposal, in general, and on the specific implementing measures we propose below for authenticated and
unauthenticated calls that intermediate providers receive. In each case, we propose applying the
obligations we establish for IP calls both to calls that an intermediate provider passes to a terminating
voice service provider and to calls that it passes to a subsequent intermediate provider. We seek comment
on this proposed scope. We further propose adopting these rules pursuant to our authority under the
Communications Act. We seek comment on this proposal, as well as whether we have independent
authority under either the TRACED Act or the Truth in Caller ID Act.
62.
Authenticated Calls. We propose to require intermediate providers to pass any Identity
header they receive to the subsequent intermediate or voice service provider in the call path. Technically,
this proposal would require that the Identity header be forwarded downstream in the SIP INVITE
transmitted by the intermediate provider. This proposal is consistent with the NANC’s recommendation
“that all carriers that route calls between originating and terminating carriers, such as long-distance
providers and least-cost routers, maintain the integrity of the required SHAKEN/STIR signaling.”219 We
anticipate that imposing such a mandate on intermediate providers is necessary to ensure that calls
transmitted in IP retain authentication information across the entire call path.220 If any of the intermediate
providers in the call path are unable or unwilling to transmit the Identity header through their network, the
terminating voice service provider will be unable to verify the caller ID information.221 If fully
implemented, the STIR/SHAKEN framework creates an “end-to end” system for authenticating the
identity of the calling party.222 The component SHAKEN standard specifically addresses the reality that
call paths often involve voice service providers that do not connect directly with each other, but rather
connect indirectly through one or more third party networks.223 Indeed, a framework like STIR/SHAKEN
(Continued from previous page)
204 See Consumer Reports et al. Comments at 6.
205
2018 NANC CATA Working Group Report at 13.
See Press Release, ATIS, Mitigating Illegal Robocalling Advances with Secure Telephone Identity Governance
Authority Board’s Selection of iconectiv as Policy Administrator (May 30, 2019),
https://sites.atis.org/insights/mitigating-illegal-robocalling-advances-with-secure-telephone-identity-governanceauthority-boards-selection-of-iconectiv-as-policy-administrator.
206
See Press Release, Neustar, Neustar Approved as Initial Secure Telephone Identity Certification Authority (Dec.
12, 2019), https://www.home.neustar/about-us/news-room/press-releases/2019/neustar-approved-as-initial-securetelephone-identity-certification-authority; Press Release, TransNexus, TransNexus Approved by the STI Policy
Administrator as a SHAKEN Certification Authority (Dec. 12, 2019), https://transnexus.com/news/2019/transnexussti-ca.
207
See Press Release, ATIS, Industry Solution to Detect, Mitigate, and Deter Illegal Robocalling Passes Important
Milestone (Dec. 12, 2019), https://sites.atis.org/insights/industry-solution-to-detect-mitigate-and-deter-illegalrobocalling-passes-important-milestone.
208
209
T-Mobile Comments at 11.
See ATIS, Frequently Asked Questions on SHAKEN at 3, https://www.atis.org/sti-ga/resources/docs/shakenfaqs.pdf (last visited Feb. 10, 2020).
210
See 2018 NANC CATA Working Group Report at 7. The current STI-GA Leadership and Board of Directors is
available at https://www.atis.org/sti-ga/leadership.
211
212
See TRACED Act § 4(a)(1).
213
See TRACED Act § 4(a)(2).
30
Federal Communications Commission
FCC 20-42
that identifies the true origination of calls is expressly required because voice service providers do not
have direct peering relationships with all other voice service providers.224 We therefore anticipate that
adopting our proposal will be essential to preventing gaps that would undermine the value of
STIR/SHAKEN implementation by voice service providers that originate and terminate calls that may
transit over intermediate provider networks. We seek comment on this preliminary view. What are the
benefits or drawbacks to imposing this obligation on intermediate providers? What, if any, are the
technical barriers preventing intermediate providers from complying with this obligation? Are market
forces alone sufficient to drive intermediate providers to implement STIR/SHAKEN, making regulatory
action unnecessary? If we were to adopt our proposal, should we create any limitations or exceptions? In
addition to this proposed requirement, should we require intermediate providers to append to the SIP
INVITE their own additional Identity header to more accurately and easily support traceback to each
provider in the call path?225 Are there any other actions reasonably necessary for implementation of
STIR/SHAKEN that we should require of intermediate providers?
63.
Additionally, we propose to require intermediate providers to pass the Identity header
unaltered, thereby prohibiting the manipulation of STIR/SHAKEN Identity header information by
intermediate providers when transmitting this information along with a SIP call. This prohibition would
prevent a downstream provider from altering or stripping the caller ID authentication information in the
Identity header and ensure such providers do not tamper with authenticated calls after they leave the
originating voice service provider’s network. Based on comments filed earlier in this proceeding, we
anticipate that such a prohibition would be beneficial because it would better ensure the integrity of
authentication information that reaches the terminating voice service provider and call recipient.226 We
seek comment on our proposal. Are there legitimate reasons, technical or otherwise, for an intermediate
provider to alter or strip STIR/SHAKEN header information? Would establishing this prohibition impact
(Continued from previous page)
214 See 47 CFR § 64.1600(r) (“The term ‘voice service’: (1) [m]eans any service that is interconnected with the
public switched telephone network and that furnishes voice communications to an end user using resources from the
North American Numbering Plan or any successor to the North American Numbering Plan adopted by the
Commission under section 251(e)(1) of the [Act]; and (2) [i]ncludes transmissions from a telephone facsimile
machine, computer, or other device to a telephone facsimile machine.”); Consolidated Appropriations Act, 2018,
Pub. L. No. 115-141, Div. P, Title V, § 503, 132 Stat. 348, 1091-94 (2018) (codified as amended in 47 U.S.C. §
227(e)) (RAY BAUM’S Act).
215
TRACED Act § 4(a)(2)(A); 47 CFR § 64.1600(r).
216
TRACED Act § 4(a)(2)(B)(ii).
See, e.g., TRACED Act §§ 4(b)(1) (implementation mandate), 4(b)(2) (exemption process), 4(b)(5)(A)-(B)
(extension process).
217
See 47 CFR § 64.1600(i) (defining “intermediate provider” according to whether an entity originates or
terminates the traffic they carry).
218
219
2018 NANC CATA Working Group Report at 17.
See Verizon Comments at 11; Sprint Comments at 6-7; see also AT&T Comments at 4 n.8 (agreeing that
“SHAKEN/STIR must be widely deployed to be effective”).
220
221
See Verizon Comments at 11.
222
See ATIS/SIP Forum Standard § 4, at 3.
223
See id.
224
See id.
See, e.g., See IETF, Authenticated Identity Management in the Session Initiation Protocol (SIP), RFC 8224, at 30
(2018), https://tools.ietf.org/html/rfc8224 (addressing possibility of multiple Identity headers).
225
226
See Verizon Comments at 11; Numeracle Comments at 3.
31
Federal Communications Commission
FCC 20-42
the ability of intermediate providers to complete calls if, for instance, a terminating voice service provider
is unable to accept the STIR/SHAKEN header information for a technical reason? If so, how can we
distinguish between malicious or negligent manipulation and manipulation done for legitimate technical
reasons? In the absence of a Commission prohibition, could the practice of malicious or negligent
manipulation of the Identity header be adequately policed by participating providers or the industry
through the STI-GA? We do not propose prohibiting a terminating voice service provider from altering
or stripping the Identity header for a call that it receives before attempting to verify it. We regard this
scenario as unlikely since terminating voice service providers need to verify the Identity header
information in order for their subscribers to receive the benefits of STIR/SHAKEN, and we do not believe
our rules need to address it. Do commenters agree? Is there any reason we should extend this prohibition
to terminating voice service providers?
64.
Unauthenticated Calls. We propose that when an intermediate provider receives an
unauthenticated call that it will exchange with another intermediate or voice service provider as a SIP
call, it must authenticate such a call with a “gateway” or “C” attestation.227 Such attestation conveys that
the provider has no relationship with the initiator of the call, but it records the entry point of the call into
its IP network.228 This action is already contemplated in the industry standards.229 We propose requiring
it because, although this attestation level lacks any assertion of the calling party’s identity, we understand
from the record developed thus far that it would provide a useful data point to inform analytics and allow
for traceback of the call to the gateway source.230 We seek comment on this proposal. What are the
benefits of or drawbacks to imposing this obligation on intermediate providers? Would the widespread
use of “C” attestation negatively impact the utility of attestation information to terminating voice service
providers and their subscribers?231 What, if any, are the technical barriers preventing intermediate
providers from complying with this obligation? Should we create any limitations or exceptions to a rule
requiring gateway attestation? Are there any circumstances where an originating voice service provider
would need to be subject to this requirement? Multiple commenters support imposing STIR/SHAKEN
requirements on gateway providers as a way to identify robocalls that originate abroad and to identify
which provider served as the entry point for these calls to U.S. networks.232 Is this an effective way to use
STIR/SHAKEN to combat illegal calls originating outside the United States?233 Are there other rules
involving STIR/SHAKEN that we should consider regarding intermediate providers to further combat
illegal calls originating abroad? In response to our questions in the 2019 Robocall Declaratory Ruling
and Further Notice regarding the use of STIR/SHAKEN to combat illegally spoofed calls originating
227
See ATIS/SIP Forum Standard § 5.2.3, at 9.
228
See id.
229
See id. § 5.2.3, at 8-9.
230
See USTelecom Comments at 12-13.
231
See USTelecom Mar. 23 Ex Parte at 4-5.
See USTelecom Comments at 12-13; USTelecom Reply, CG Docket No. 17-59, WC Docket No. 17-97, at 7 (rec.
Aug. 23, 2019) (USTelecom Reply); Verizon Comments at 3.
232
ATIS has been working on technical standards intended as potential mechanisms for implementing
STIR/SHAKEN for internationals calls. The first technical report addresses how calls authenticated in one country
can be verified in a second country through bilateral arrangements between the two countries. ATIS, ATIS
Technical Report – Mechanism for Initial Cross-Border Signature-based Handling of Asserted information using
toKENs (SHAKEN), ATIS-100087 (2019), https://access.atis.org/apps/group_public/download.php/50584/ATIS1000087.pdf. A second draft technical report under current consideration addresses how the SHAKEN trust
environment could be extended to full international deployment in the absence of bilateral arrangements. ATIS &
SIP Forum, Joint ATIS/SIP Forum Technical Report – Mechanism for International Signature-base Handling of
Asserted information using toKENs (SHAKEN) (2019).
http://access.atis.org/apps/group_public/document.php?document_id=51306&wg_abbrev=ipnni. Both approaches
are intended to support caller ID authentication and traceback for cross-border calls.
233
32
Federal Communications Commission
FCC 20-42
abroad,234 Verizon suggests that we impose an obligation to use STIR/SHAKEN on any provider,
regardless of its geographic location, if it intends to allow its customers to use U.S. telephone numbers.235
And USTelecom suggests that we consider obligating gateway providers to pass international traffic only
to downstream providers that have implemented STIR/SHAKEN.236 They argue that such an obligation
would help ensure that any gateway attestation is not stripped out downstream by a provider’s network
that does not have STIR/SHAKEN capability and consequently frustrate efforts to trace calls originating
abroad back to the gateway provider. Should we consider adopting either of these ideas instead of, or in
addition to, our proposed rules? Beyond imposing obligations on gateway and intermediate providers, are
there other actions we could take to promote caller ID authentication implementation to combat robocalls
originating abroad?237
65.
Limiting Intermediate Provider Requirements to IP Networks. As with the rules adopted
in the Report and Order, we propose to limit the application of these obligations to calls that an
intermediate provider receives in SIP and will exchange with another intermediate or voice service
provider in SIP. We preliminarily believe this is an appropriate scope given that STIR/SHAKEN is
limited to SIP calls. We seek comment on this proposal. Is there any reason to require intermediate
providers to implement caller ID authentication solutions in the non-IP portions of their networks? In this
regard, we specifically invite comment on whether out-of-band STIR, a potential STIR/SHAKEN
solution for non-IP networks,238 will include a role for intermediate providers as it develops.
66.
We further seek comment on how to prevent the use of non-IP intermediate providers as
a way to circumvent our rules. How can we prevent a gateway or originating voice service provider from
concealing its identity as the source of a call by purposefully routing that call through an intermediate
provider that uses non-IP technology?239 By doing so, the provider could both fool terminating
providers—who otherwise may have seen that the caller ID verification failed—and stymie traceback
efforts. We also seek comment on the seriousness of this threat. Are there technical or economic reasons
why this is not likely to occur? Would call pattern analysis minimize the effectiveness of this conduct?
And would the ability to trace a call back to the gateway provider allow sufficient traceback to identify
the originating provider? Or is this threat credible such that we should take action to prevent it? If so,
what action should we take?
67.
Definition of Intermediate Provider. We propose using the definition of “intermediate
provider” found in section 64.1600(i) of our rules.240 This section provides that an “intermediate
provider” is “any entity that carries or processes traffic that traverses or will traverse the [PSTN] at any
234
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4902, para. 82.
See Verizon Comments at 3-4. Verizon suggests, however, that the STIR/SHAKEN rules need only apply to
calls to U.S. consumers that involve the use of numbers from the U.S. portion of the NANP. Id. at 4. According to
Verizon, U.S.-inbound international calls originating from foreign carriers only with numbers from their countries’
numbering plans do not materially contribute to the robocall problem. Id.
235
See USTelecom Comments at 14. USTelecom notes that the Commission implemented a similar framework with
respect to intermediate providers in the rural call completion context and argues that a similar approach adopted in
the SHAKEN context would ensure a heightened degree of transparency and accountability. USTelecom Comments
at 14; see also Rural Call Completion, Third Report and Order, 33 FCC Rcd 8400, 8402, para. 5 (2018).
236
237
See USTelecom Mar. 23 Ex Parte at 5.
See IETF, STIR Out-of-Band Architecture and Use Cases, Draft (2019), https://tools.ietf.org/html/draft-ietf-stiroob-06 (draft standards for out-of-band STIR); see also TransNexus, Out-of-Band STIR/SHAKEN Call
Authentication, https://transnexus.com/whitepapers/out-of-band-stir (last visited Feb. 16, 2020).
238
See USTelecom Comments at 14 (suggesting we consider obligating gateway providers to pass international
traffic only to downstream providers that have implemented STIR/SHAKEN).
239
240
47 CFR § 64.1600(i).
33
Federal Communications Commission
FCC 20-42
point insofar as that entity neither originates nor terminates that traffic.”241 The broad scope of this
definition seems well-suited to further the goal of widespread implementation of the STIR/SHAKEN
framework. We seek comment on this proposal. Are there alternative formulations to the definition of
“intermediate provider” that more accurately capture its role and characteristics for the purpose of
STIR/SHAKEN implementation? In the context of rural call completion, the Commission’s rules use a
slightly narrower definition to exclude from their scope intermediate providers that may only incidentally
transmit voice traffic, such as Internet Service Providers.242 Is this narrower definition a better fit for
STIR/SHAKEN, or does the broader definition we propose better support the goal of ubiquitous
deployment?
68.
Legal Authority. We propose relying on our authority under section 251(e) of the Act to
apply these rules to intermediate providers. We concluded in the Report and Order that our exclusive
jurisdiction over numbering policy provides authority to require voice service providers to implement
STIR/SHAKEN in order to prevent the fraudulent abuse of NANP resources. We preliminarily believe
that this same analysis extends to intermediate providers. Just as with calls displaying a falsified or
spoofed caller ID on an originating or terminating voice service provider’s network, calls with illegally
spoofed caller ID that transit intermediate providers’ networks are exploiting numbering resources to
further illegal schemes. By imposing these requirements on intermediate providers, we would protect
consumers and prevent bad actors from abusing NANP resources. We seek comment on this proposal.
Consistent with our conclusion in today’s Report and Order, we propose concluding that the section
251(e)(2) requirements do not apply in the context of our establishing STIR/SHAKEN requirements.
Alternatively, even if section 251(e)(2) does apply, we propose that competitive neutrality is satisfied in
this instance because each carrier is responsible for bearing its own implementation costs. We seek
comment on these proposals.
69.
We also seek comment on two potential additional sources of authority. First, we seek
comment on whether the TRACED Act provides us with authority to impose the obligations we propose
for intermediate providers. In the TRACED Act, Congress directs the Commission to require voice
service providers to implement STIR/SHAKEN in the IP portions of their networks.243 Section 4(a)(2)
defines “voice service” in part as any service that “that furnishes voice communications to an end user
using resources from the North American Numbering Plan.”244 We do not preliminarily read this
definition to include intermediate providers. Is this a correct interpretation, or can we rely on the
TRACED Act to reach intermediate providers? At the same time, we propose concluding that we are not
foreclosed by the limited definition of “voice service” from imposing STIR/SHAKEN requirements on
intermediate providers. We propose reaching this conclusion for two independent reasons. First, section
4(d) of the TRACED Act states that “[n]othing in this section shall preclude the Commission from
initiating a rulemaking pursuant to its existing statutory authority.”245 Second, the STIR/SHAKEN
framework creates a chain of trust between the originating and terminating voice service providers. Each
241
Id.
47 CFR § 64.2101 (“The term ‘intermediate provider’ means any entity that (1) Enters into a business
arrangement with a covered provider or other intermediate provider for the specific purpose of carrying, routing, or
transmitting voice traffic that is generated from the placement of a call placed (i) From an end user connection using
a North American Numbering Plan resource; or (ii) To an end user connection using such a numbering resource; and
(2) Does not itself, either directly or in conjunction with an affiliate, serve as a covered provider in the context of
originating or terminating a given call.”); Rural Call Completion, Third Report and Order, 33 FCC Rcd 8400, 840304, paras. 9-10 (2018) (explaining that in the context of rural call completion, the Commission adopted a slightly
different definition in accord with Congressional intent).
242
243
TRACED Act § 4(b)(1)(A).
244
TRACED Act § 4(a)(2)(A).
245
TRACED Act § 4(d).
34
Federal Communications Commission
FCC 20-42
intermediate provider operating between the originating and terminating voice service provider in the call
path must transmit the call’s Identity header unaltered in order to successfully provide end-to-end caller
ID authentication. We believe that in directing us to require providers of voice service to implement the
“STIR/SHAKEN authentication framework” as defined in the TRACED Act, Congress intended to refer
to the standards created by the information and communications technology industry. These standards are
designed to enable caller ID authentication through an end-to-end chain of trust. Intermediate providers
play a critical role in ensuring the success of such a system. We believe Congress intended for the
STIR/SHAKEN framework, as mandated in section 4 of the TRACED Act, to be an effective means of
battling unlawful robocalls,246 and we therefore propose concluding that Congress took this aspect of
STIR/SHAKEN into account in enacting the TRACED Act and allowed us latitude to impose
requirements on intermediate providers in support of its direction to require voice service providers to
implement the STIR/SHAKEN authentication framework.247 We also believe that our proposals lie within
the Commission’s statutory authority to adopt rules “necessary in the execution of its functions.”248 We
seek comment on this proposed analysis.
70.
Second, we seek comment on whether our authority under the Truth in Caller ID Act
allows us to impose the rules described above. In the Truth in Caller ID Act, Congress charged us with
prescribing rules to make unlawful the spoofing of caller ID information “in connection with any
telecommunications service or IP-enabled voice service . . . with the intent to defraud, cause harm, or
wrongfully obtain anything of value.”249 Does imposing STIR/SHAKEN implementation obligations on
intermediate providers fit within this directive? We also seek comment on what other sources of authority
we have to apply STIR/SHAKEN obligations on intermediate providers.
71.
Alternatives. To the extent that commenters believe we cannot or should not apply such
obligations to intermediate providers, we seek comment on alternative measures we could take to ensure
that STIR/SHAKEN information traverses the entire call path. In the Second Rural Call Completion
Report and Order, the Commission required larger originating long-distance providers to monitor the
performance of downstream intermediate providers with regard to call completion.250 Should we impose
a comparable requirement here? For instance, should we require originating voice service providers to
ensure, by contract and/or through periodic monitoring, that all intermediate providers in the call path
transmit STIR/SHAKEN information? Should we require originating voice service providers to take
remedial measures where necessary because of intermediate provider failures, as in the rural call
completion context? What are the benefits and drawbacks of this approach compared to our proposal?
We expect that the same sources of authority that we rely on in the Report and Order to impose direct
STIR/SHAKEN obligations on originating voice service providers would allow us to impose a monitoring
duty on them as well. We seek comment on this view and, in general, on sources of authority we may
have for any alternatives that commenters propose.
C.
Assessment of Burdens or Barriers to Implementation
72.
The TRACED Act directs the Commission, not later than December 30, 2020 “and as
appropriate thereafter,” to assess any burdens and barriers to (1) voice service providers that use timedivision multiplexing network technology (TDM), a non-IP network technology; (2) small voice service
providers; and (3) rural voice service providers.251 It further directs us to assess burdens and barriers
246
See S. Rep. No. 116-41, at 5 (“it is necessary to implement call authentication technologies to reduce robocalls.”).
247
TRACED Act § 4(b)(1)(A).
248
47 U.S.C. § 154(i).
249
47 U.S.C. § 227(e)(1); see also 47 CFR § 64.1604(a).
Rural Call Completion, Second Report and Order and Third Further Notice of Proposed Rulemaking, 33 FCC
Rcd 4199, 4204-4213, paras. 14-30 (2018).
250
251
TRACED Act § 4(b)(5)(A)(i)(I)-(II).
35
Federal Communications Commission
FCC 20-42
created by the “inability to purchase or upgrade equipment to support the call authentication frameworks
. . . or lack of availability of such equipment.”252
73.
To this end, we seek comment on the burdens and barriers to implementation for the
classes of providers identified, particularly the burdens presented by equipment availability and cost. In
comments previously filed, parties contended that small and rural providers, and operators of TDM
networks, may incur substantial costs upgrading their networks, and updating or replacing service
agreements.253 Do commenters agree with this position? What are other burdens and barriers to
implementation for such voice service providers? Does cost and/or the availability of necessary
equipment and equipment updates pose barriers to implementation for voice service providers that are not
small, rural, or operators of TDM networks?
74.
We also seek comment on how we should interpret the TRACED Act’s direction to
assess burdens and barriers to implementation “as appropriate thereafter.”254 Should we coordinate this
assessment with our revision of any granted extensions in compliance?255 Or should we do so on a
specific schedule or as-needed basis, separate from our extension review process?
D.
Extension of Implementation Deadline
75.
The TRACED Act includes two provisions for extension of the June 30, 2021
implementation date for caller ID authentication frameworks. First, in connection with an assessment of
burdens or barriers to implementation, the Commission “may, upon a public finding of undue hardship,
delay required compliance” with the June 30, 2021 date for caller ID authentication framework
implementation.256 Second, we “shall grant a delay of required compliance” with the June 30, 2021
implementation date “to the extent that . . . a provider or class of providers of voice services, or type of
voice calls, materially relies on a non-[IP] network for the provision of such service or calls.”257 Under
either provision, an extension may be provider-specific or apply to a “class of providers of voice service,
or type of voice calls.”258 We must annually reevaluate any granted extension for compliance.259 When
granting an extension of the implementation deadline under either provision, we must require that
provider to “implement an appropriate robocall mitigation program to prevent unlawful robocalls from
originating on the network of the provider.”260 Based on these directives, we propose granting a one-year
252
TRACED Act § 4(b)(5)(A)(i)(III).
See, e.g. ACA Connects Comments at 6; Cloud Communications Alliance Comments at 4-5; NTCA Comments
at ii, 7-8 (arguing that NCTA members that have not moved to IP switching facilities “will face additional,
potentially substantial costs that in some cases could threaten their ability to continue offering affordable voice and
broadband service or even to remain viable at all”); WTA Comments at 3 (stating that “small voice providers lack
the financial ability and in-house professional expertise necessary to quickly implement the SHAKEN/STIR
framework”), 4 (stating “that upgrading to an all-IP voice network is an expensive proposition for RLECs.”);
INCOMPAS Reply at 2 (“As an IP-based solution, there are barriers for legacy networks, such as cost and
professional expertise, which may delay these providers’ ability to implement SHAKEN/STIR.”); ITTA Reply at 21
(stating that “cost considerations could be further exacerbated by smaller providers, given their limited resources
and personnel, being particularly likely to rely on third-party vendor solutions, and the adoption of an
implementation mandate providing vendors with leverage to charge higher rates than they could charge otherwise in
an open market”).
253
254
TRACED Act § 4(b)(5)(A)(i).
255
See TRACED Act § 4(b)(5)(F).
256
TRACED Act § 4(b)(5)(A)(ii).
257
TRACED Act § 4(b)(5)(B).
258
TRACED Act §§ 4(b)(5)(A)(ii), 4(b)(5)(B).
259
TRACED Act § 4(b)(5)(F).
260
TRACED Act § 4(b)(5)(C).
36
Federal Communications Commission
FCC 20-42
implementation extension to small, including small rural, voice service providers due to undue hardship;
and propose granting an extension for the parts of a voice service provider’s network that rely on
technology that cannot initiate, maintain, and terminate SIP calls. We seek comment on these proposals,
whether to grant additional extensions, and related issues below.
76.
Extensions for Undue Hardship by Category of Provider. The TRACED Act grants us
the discretion to delay a provider’s obligation to comply with the June 30, 2021 call authentication
framework implementation date upon a public finding of hardship.261 It states that the extension may be
“for a reasonable period of time . . . as necessary . . . to address the identified burdens and barriers.”262
77.
The first category of voice service providers identified by the TRACED Act for a
potential extension due to undue hardship is voice service providers that use TDM network technology.
Because the TRACED Act includes a separate extension for voice service providers that “material[ly]
rely” on non-IP technology,263 we propose to grant the same extension to voice service providers that use
TDM technology under the undue hardship standard as we grant to providers that materially rely on nonIP technology. We believe that such a solution minimizes complexity and aligns the compliance
requirements for similarly-situated voice service providers. We seek comment on this proposal. To give
meaning to each provision from Congress, should we instead distinguish an undue hardship extension on
the basis of TDM technology from the extension for providers that materially rely on non-IP technology,
and if so how?
78.
The second category of voice service providers identified by the TRACED Act for a
potential extension due to undue hardship is small voice service providers. We propose granting a oneyear implementation extension for such providers and we seek comment on this proposal. According to
NTCA, small voice service providers face numerous burdens and barriers to implementation, including
the inability to “procure ready-to-install solutions on the same timeframe as the nation’s largest
carriers.”264 It contends that a delayed compliance date would allow small voice service providers to
“obtain solutions from vendors,”265 and benefit from the competition among vendors which, over time,
will likely “drive down prices and improve the quality of SHAKEN/STIR offerings for smaller
providers.”266 We tentatively conclude that granting such an extension to small voice service providers
addresses the concerns in the record, such as vendor availability, and grants sufficient time for them to
implement STIR/SHAKEN on their IP networks. Do commenters agree? Alternatively, would granting
such an extension to small voice service providers compromise the efficacy of the STIR/SHAKEN
framework unduly? Given the TRACED Act’s implementation deadline of June 30, 2021, is it necessary
to grant small voice service providers an implementation extension?267 Or does this deadline already
provide small voice service providers with sufficient time to implement STIR/SHAKEN on their IP
networks?268
261
TRACED Act § 4(b)(5)(A)(ii).
262
TRACED Act § 4(b)(5)(A)(ii).
263
TRACED Act § 4 (b)(5)(B).
264
NTCA Comments at ii; see also id. at 9-10.
265
Id.
266
ACA Connects Comments at 5.
See West Telecom Reply at 2 (“[S]hould the Commission mandate implementation of the framework by at least
all IP-based providers, the implementation deadline for smaller providers should be no earlier than January 1,
2021.”).
267
Some commenters claim that a “hosted” solution to implement STIR/SHAKEN currently exists and suggest that
providers to whom this solution is available would not need an extension to comply with the implementation
mandate. See TNS Ex Parte at 4; see also Metaswitch Ex Parte at 5.
268
37
Federal Communications Commission
FCC 20-42
79.
We propose to define “small providers of voice service”269 for the purposes of our
assessment of burdens and barriers and of our implementation extension as those that have 100,000 or
fewer voice subscriber lines (counting the total of all business and residential fixed subscriber lines and
mobile phones and aggregated over all of a provider’s affiliates). In the First Rural Call Completion
Order, the Commission determined that the 100,000-subscriber-line threshold ensured that many
subscribers would continue to benefit from our rules while also limiting the burden on smaller voice
service providers.270 We seek comment on this proposal. What are the benefits and drawbacks of
establishing an 100,000 subscriber-line threshold? Is there an alternative measure the Commission should
use to define “small providers of voice service”? How should we distinguish small providers that must
overcome significant technical challenges to implement STIR/SHAKEN from those that are able to
implement it without hardship? Do commenters agree that a class-based extension for small providers is
appropriate, or should we review each small provider seeking an implementation extension on a case-bycase basis?
80.
The third category of voice service providers identified by the TRACED Act for a
potential extension due to undue hardship is rural voice service providers. We believe it is unnecessary to
grant a separate implementation extension for rural voice service providers as the challenges faced by
these providers are already addressed by either the small voice service provider extension or the extension
for voice service providers that materially rely on a non-IP network. We seek comment on this view.
Alternatively, by using the separate terms “small” and “rural,” did Congress intend to create two distinct
extensions for rural and small voice service providers? Are there rural voice service providers that face
unique challenges not addressed by either proposed extension and, if so, what definition of “rural” should
we adopt to appropriately capture those entities?271
81.
We seek comment on whether we should grant an implementation extension for any other
voice service providers or classes of voice service providers, or types of voice calls. We specifically seek
comment on Congress’s direction to consider whether to grant an extension on the basis of “the inability
to purchase or upgrade equipment to support the call authentication frameworks under this section, or lack
of availability of such equipment.”272 Are there entities, or a class of entities, that should receive an
extension on this basis? Are there voice service providers other than small voice service providers who
face a burden due to the inability to purchase or unavailability of equipment necessary to participate in
caller ID authentication? Are there other specific voice service providers or classes of voice service
providers, or types of voice calls, for which we should grant an extension of the implementation deadline?
On what basis would we grant such an extension? What would constitute a sufficient burden or barrier to
justify a finding of undue hardship? What type of evidence should the voice service provider or class of
voice service providers be required to present to demonstrate undue hardship? And what is a reasonable
length of time to extend the deadline for such voice service providers and why?
82.
We also seek comment on whether we should grant an extension for undue hardship for
enterprise calls.273 If we were to grant such an extension, should it apply to all enterprise calling cases or
only to those that are most challenging? What types of enterprise calling cases should be considered
269
TRACED Act § 4(b)(5)(A)(i)(II).
Rural Call Completion, WC Docket No. 13-29, Report and Order and Further Notice of Proposed Rulemaking,
28 FCC Rcd 16154, 16168, para. 27 (2013) (First Rural Call Completion Order).
270
See, e.g., 47 CFR § 61.26(a)(6) (defining “rural CLEC”); id. at § 51.5 (defining “rural telephone company”); id.at
§ 153(44) (defining “rural telephone company).
271
272
TRACED Act § 4(b)(5)(A)(i)(III).
See Cloud Communications Alliance Ex Parte at 3; see also CTIA Ex Parte at 3 n.10 (“The Commission should
also consider seeking further comment on issues in implementing and using STIR/SHAKEN in challenging use
cases, such as enterprise signing, in order to grant appropriate flexibility to providers that encounter such issues.”);
USTelecom Mar. 23 Ex Parte at 2 (arguing that we should address enterprise calling issues in this Further Notice).
273
38
Federal Communications Commission
FCC 20-42
particularly challenging for purposes of any extension? Would granting an extension for enterprise calls
unduly limit the benefits offered by widespread implementation of STIR/SHAKEN? Additionally, would
granting this extension decrease incentives for voice service providers to solve existing issues with
enterprise calling quickly? Even assuming for the sake of argument that achieving “A” attestation may
remain a challenge in some circumstances, why would it be preferable to allow enterprise calls to go
unauthenticated rather than potentially receiving “B” (partial) or “C” (gateway) attestation?
83.
We do not interpret the TRACED Act’s extension provisions to extend to intermediate
providers, because its definition of “voice service” refers to “furnish[ing] voice communications to an end
user.”274 Should we nonetheless choose to provide an extension based on undue hardship for intermediate
providers? On what basis would we grant such an extension, to whom should we grant it, and how long
should any such extension last? Would granting an extension for some intermediate providers have
unique negative impacts on the operation of STIR/SHAKEN across the voice network?
84.
Furthermore, should we adopt an extension for voice service providers that have legal
obligations to maintain extensive networks in high cost areas, such as eligible telecommunications
carriers275 and carriers of last resort that bear particularly extensive obligations?276 Or would we
adequately address the burdens and barriers faced by such voice service providers by the other extensions
we propose, including the extension for non-IP network technology?
85.
Extension for Undue Hardship Due to Challenges in Interconnecting in IP. The record
developed in response to the 2019 Further Notice reflects that, for certain voice service providers, a
barrier to the exchange of authenticated calls occurs at the interconnection point.277 Specifically, voice
service providers reported that even if they were able to authenticate calls on their own network, they
could not exchange authenticated calls with another voice service provider in certain instances because
the interconnection point was not IP-enabled, even if the receiving voice service provider itself operates
on an IP network.278 We seek comment on whether we should provide an implementation extension
pursuant to TRACED Act section 4(b)(5)(A)(ii) to voice service providers that will not be able to carry
authentication information to the next intermediate or voice service provider in the call path due to an
inability to interconnect in IP. To what extent should a terminating or originating voice service provider’s
implementation extension on this basis depend on the actions of the intermediate or voice service provider
with which it is seeking IP interconnection in order to exchange authenticated calls? Although the
accompanying Report and Order requires transmission of authenticated calls by originating voice service
providers only where technically feasible, it requires authentication of all SIP calls. Under what
circumstances would challenges in interconnecting in IP constitute an “undue hardship” such that the
voice service provider should be excused from authentication? Would it be appropriate to limit any such
extension to rural local exchange carriers or some other subset of small and/or rural voice service
providers? Is such an extension an appropriate way to avoid requiring voice service providers to invest in
network upgrades that they cannot make use of? Or would such an extension discourage voice service
providers from coming to a negotiated resolution and transitioning to IP? We also seek comment on ways
to address this issue and to encourage the voluntary adoption of IP interconnection agreements between
voice service providers. We also seek comment on barriers to end-to-end STIR/SHAKEN transmission,
274
TRACED Act § 4(a)(2)(A).
An eligible telecommunications carrier must, throughout the service area for which the designation is received,
“offer the services that are supported by Federal universal service support mechanisms . . . either using its own
facilities or a combination of its own facilities and resale of another carrier’s services (including the services offered
by another eligible telecommunications carrier).” 47 U.S.C. § 214(e)(1)(A).
275
Carriers of last resort are “required to fulfill all reasonable requests for service within [their] territory.” See, e.g.,
CA PUC § 275.6.
276
277
See NTCA Comments at 3-4; Telnyx Comments at 2; WTA Comments at 2.
278
See NTCA Comments at 3-7.
39
Federal Communications Commission
FCC 20-42
including the degree to which barriers to IP interconnection hinder end-to-end caller ID authentication.279
86.
Extension for Certain Non-IP Networks. The TRACED Act specifically directs that “the
Commission shall grant a delay” “for any provider or class of providers of voice service, or type of voice
calls, only to the extent that such a provider or class of providers of voice service, or type of voice calls,
materially relies on a non-[I]nternet [P]rotocol network for the provision of such service or calls . . . until
a call authentication protocol has been developed for calls delivered over non-[IP] networks and is
reasonably available.”280 We propose to grant such an extension only for those portions of a voice service
provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls. Do
commenters agree with this approach? Under this reading of the statute, we would interpret “material[]”
to mean “important or having an important effect”;281 and, consistent with our call-by-call interpretation
of the TRACED Act, we would read “reli[ance]” with reference to the particular portion of the network in
question. Altogether, under this reading, we would treat reliance on a non-Internet Protocol network as
material if that portion of the network is incapable of using SIP. We seek comment on whether, within
the framework we propose, we should adopt a different interpretation of “non-[I]nternet [P]rotocol
network.”
87.
We also seek comment on other approaches to this statutory provision. For instance,
should we grant an extension for a voice service provider’s entire network if that voice service provider
materially relies on non-IP technology? On this view, how should we interpret “materially relies”?
Would we find that a voice service provider “materially relies on a [non-IP] network” if its network
substantially relies on non-IP technology, and on that reading what portion of a network must be non-IP
for reliance to be substantial? Would we measure that percentage by a technical measure, such as the
percentage of non-IP switches in the network? Alternatively, should we consider gauging substantial
reliance by the percentage of a voice service provider’s subscriber base served by non-IP network
technology?
88.
Additionally, we seek comment on how the Commission should determine if a caller ID
authentication protocol developed for calls delivered over non-IP networks is “reasonably available”
under section 4(b)(5)(B) such that this extension period would end. For example, should we conclude
that reasonable availability varies by voice service provider, e.g., based on size and cost, and if so, how?
Should we conclude that reasonable availability depends on whether an effective protocol can be
purchased or otherwise obtained by a certain percentage of providers with non-IP networks? While some
commenters have referred to out-of-band STIR as a framework that could potentially allow non-IP voice
service providers to participate in STIR/SHAKEN,282 it is our understanding that this framework is still in
See Letter from Michael Romano, Senior Vice President, NTCA, to Marlene H. Dortch, Secretary, FCC, CG
Docket No. 17-59, WC Docket No. 17-97, CC Docket No. 01-92, WC Docket No. 10-90, at 2 (filed Jan. 16, 2020)
(“NTCA asserted that the absence of basic ‘rules of the road’ that provide all parties a clear path and clear incentives
to enter into IP interconnection agreements for the exchange of voice traffic stands as the primary barrier to
SHAKEN/STIR implementation for wide swaths of rural America.”); Cloud Communications Alliance Ex Parte at
3-4; Metaswitch Ex Parte at 7 (“We encourage the FCC to take a proactive role to re-examine IP interconnection
policies.”); see also Parties Asked to Refresh the Record on Intercarrier Compensation Reform Related to the
Network Edge, Tandem Switching and Transport, and Transit, WC Docket No. 10-90, CC Docket No. 01-92, Public
Notice, 32 FCC Rcd 6856 (WCB 2017).
279
280
TRACED Act § 4(b)(5)(B).
Cambridge Dictionary, Material, https://dictionary.cambridge.org/us/dictionary/english/material (last visited Feb.
16, 2020).
281
TransNexus Comments at 8; TNS Comments at 16-17; see also Consumer Reports et al. Reply at 5 (“[W]e were
pleased to note that several commenters cited the existence of call authentication tools that are compatible with
traditional landline service, such as out-of-band SHAKEN/STIR and tools offered by TNS.”); Neustar Reply at 6
(“Neustar continues to support the implementation of complementary call authentication technologies, such as outof-band authentication that can be integrated into the STIR/SHAKEN authentication framework.”).
282
40
Federal Communications Commission
FCC 20-42
its infancy and is not readily available to be implemented. We seek comment on this understanding. Are
there other available technologies to enable legacy networks to participate in caller ID authentication for
which we should consider encouraging development and, ultimately, mandate implementation? If so,
what are they, how do they operate, and how might they best be implemented? What efforts, if any, are
currently underway to develop such technologies, and how near are they to viability?
89.
The TRACED Act further provides that we should limit or terminate an extension of
compliance if we determine in a future assessment that a voice service provider “is not making reasonable
efforts to develop the call authentication protocol” for non-IP networks.283 We propose to interpret the
“reasonable efforts” requirement as being satisfied so long as a voice service provider is actively working
to develop a caller ID authentication protocol for non-IP networks. We also propose that a voice service
provider satisfies this obligation if it is able to provide the Bureau upon request documented proof that it
is participating, either on its own or through a representative, as a member of a working group or
consortium that is working to develop a non-IP solution, or actively testing such a solution. We propose
that the Bureau would have authority to determine whether the provider is meeting the standard we
establish. We seek comment on this approach. Should we impose a different standard on larger voice
service providers that have more resources available to invest in technology development and network
upgrades? Should we impose a stricter standard for the steps voice service providers must take to develop
a non-IP solution? If so, what should we require as part of this more stringent standard? Should we adopt
our proposed standard initially but shift to a more stringent standard if we find that the voice service
provider in question, or industry as a whole, is not making sufficient progress toward implementation of
caller ID authentication on non-IP networks?
90.
Extensions Based on Type of Voice Call. We seek comment on Congress’s direction that
extensions may be voice service provider-specific or apply to a class of voice service providers or type of
voice calls.284 Are there any interpretive issues we should consider with respect to this provision? Would
it be practical to grant an extension based on a type of voice call, or would that be unnecessarily
complicated for voice service providers?
91.
Reevaluating Granted Extensions. We propose directing the Bureau to reevaluate any
extensions annually after the first extension is granted, as required by the TRACED Act, and revise or
extend them as necessary.285 We seek comment on this proposal. Should we direct the Bureau to
consider any specific criteria beyond the statutory criteria? We propose directing the Bureau to issue a
Public Notice seeking comment on its annual review and consider the comments it receives before issuing
a Public Notice of its decision.286 Are there other specific administrative steps that we should direct the
Bureau to include in the reevaluation process? Should the Bureau be able to expand or only contract the
scope of entities that are entitled to a class-based or other extension?
92.
Robocall Mitigation During Extension Period. The TRACED Act directs us to require
any voice service provider that has been granted an extension to, during the time of an extension,
“implement an appropriate robocall mitigation program to prevent unlawful robocalls from originating on
the network of the provider.”287 We propose interpreting this requirement to apply to both voice service
providers that receive an extension on the basis of undue hardship and voice service providers that
materially rely on a non-Internet Protocol network, and we seek comment on this proposal.288 We seek
283
TRACED Act § 4(b)(5)(D).
284
TRACED Act § 4(b)(5)(A)(ii).
285
TRACED Act § 4(b)(5)(F).
286
TRACED Act § 4(b)(5)(F)(iii).
287
TRACED Act § 4(b)(5)(C)(i).
The TRACED Act states that extensions for material reliance on a non-IP network are “grant[ed] . . . under
subparagraph (A)(ii),” and that the robocall mitigation program applies “during the time of a delay of compliance
(continued….)
288
41
Federal Communications Commission
FCC 20-42
comment on the requirements we should adopt for a robocall mitigation program. Should we prescribe
specific robocall mitigation practices for these voice service providers? If so, what practices should we
prescribe and why? Should we implement a system, proposed by Verizon, where a voice service provider
that originates traffic but does not participate in STIR/SHAKEN certifies that “it takes appropriate
measures to ensure that it is not contributing to the robocall problem”?289 Similar to Verizon, USTelecom
proposes that “[t]he Commission should require every provider of voice service to register with the
Commission and certify that all of its traffic is either (i) signed with STIR/SHAKEN or (ii) subject to a
robocall mitigation program.”290 It adds that the Commission should “establish a public database
identifying every 499 filer that has issued its certification, along with appropriate rules requiring transit
service providers to confirm that their customers have such certifications on file and are in good
standing.”291 We seek comment on USTelecom’s proposal. Would adopting a public certification
requirement meet the TRACED Act robocall mitigation program requirement? According to
USTelecom’s proposal, the certification should be “non-prescriptive” and, instead, the Commission
“should require the service provider to confirm that it (i) takes reasonable steps to avoid originating illegal
robocall traffic and (ii) that it is committed to cooperating with law enforcement and the industry
traceback consortium in investigating and stopping any illegal robocallers that it learns are using its
service to originate calls.”292 What are the benefits or drawbacks to this approach? Is this an appropriate
means to allow for some voice service provider discretion to create a program that is workable while
ensuring an effective robocall mitigation program? Conversely, does this form of certification allow too
much discretion for voice service providers to determine the scope of the robocall mitigation program? If
we require a certification, should we specify minimum standards that a certifying voice service provider
must meet, and should we require the certification to be made in a public registry?293 Further, should call
analytics be part of any robocall mitigation program?294 How could voice service providers with non-IP
networks make use of analytics when caller ID authentication is not available?295
93.
Alternative Methodologies During an Extension. The TRACED Act directs us to
“identify, in consultation with small providers of voice service, and those in rural areas, alternative
effective alternative effective methodologies to protect consumers from unauthenticated calls during any
delay of compliance.”296 Accordingly, we ask such voice service providers to share the most effective
alternative methodologies. Have small and rural voice service providers already developed any effective
(Continued from previous page)
granted under subparagraph (A)(ii).” TRACED Act §§ 4(b)(5)(B), 4(b)(5)(C)(i); see also id. 4(b)(5)(A)(ii).
Further, the TRACED Act states that extensions for material reliance on a non-IP network are “[s]ubject to
subparagraphs (C) through (F),” and paragraph (C)(i) sets forth the robocall mitigation program requirement.
TRACED Act §§ 4(b)(5)(B), 4(b)(5)(C)(i).
289
Verizon Comments at 4.
See Letter from Farhan Chughtai, Director, Policy & Advocacy, USTelecom, to Marlene H. Dortch, Secretary,
FCC, CG Docket No. 17-59, WC Docket No. 17-97, Attach. at 3 (filed Mar. 6, 2020).
290
291
Id.
292
Id. Attach. at 4.
See Letter from Farhan Chughtai, Director, Policy & Advocacy, USTelecom, to Marlene Dortch, Secretary, FCC,
CG Docket No. 17-59, WC Docket No. 17-97, at 2 (Feb. 24, 2019) (“Every provider would be required to certify
that for all traffic not signed with STIR/SHAKEN, it has a an appropriate robocall mitigation program designed to
prevent the origination of illegal calls and has measures in place to identify if its network is being used to generate
such illegal calls, and to quickly mitigate such activity once detected. Providers would be required to certify that
they have such a program in place that meets certain minimum requirements.”).
293
294
See TNS Ex Parte at 3.
295
See id.
296
TRACED Act § 4(b)(5)(E).
42
Federal Communications Commission
FCC 20-42
methods to protect their subscribers from illegal robocalls on their networks? Or are any small or rural
voice service providers in the process of developing such methodologies? If so, at what stage in
development are these potential solutions and when could they be deployed? What are the specific
challenges to such development? Is there any other information on this issue that small and rural voice
service providers would like to share? How can the Commission and other voice service providers
support the efforts of small and rural voice service providers to develop alternative effective
methodologies to protect their subscribers from unauthenticated calls? For instance, would it be helpful
for us to convene small and rural voice service providers to identify potential solutions? Alternatively,
should voice service providers that receive an extension be required to participate in industry-led
traceback efforts?297
94.
Preventing Abuse of Extension Process. We also seek comment on ways to combat
potential evasion of our caller ID authentication rules using the extension process. For instance, how can
we prevent a voice service provider from avoiding participating in STIR/SHAKEN by purposefully using
non-IP network technology to avoid our mandate for the duration of the extension granted to voice service
providers that materially rely on non-IP network technology? We seek comment on the seriousness of
this threat. Are there economic or technological reasons why this is unlikely to occur? Does the
TRACED Act’s requirement that the Commission limit an extension if it determines a voice service
provider “is not making reasonable efforts to develop” a non-IP caller ID authentication protocol give us
leverage to prevent such conduct?298 Should we take specific further action to prevent this behavior? If
so, what action should we take? And how can we distinguish between a voice service provider with
genuine reasons to use non-IP technology and a voice service provider doing so to avoid participating in
STIR/SHAKEN?
95.
Full Participation. Section 4(b)(5)(D) of the TRACED Act requires us to “take
reasonable measures” to address any issues observed in our assessment of the burdens and barriers to the
implementation of caller ID authentication frameworks, and to “enable as promptly as reasonable full
participation of all classes of providers of voice service and types of voice calls to receive the highest
level of trust.”299 According to the legislation, such measures “shall include, without limitation, as
appropriate, limiting or terminating a delay of compliance granted to a provider” under section 4(b)(5)(B)
of the TRACED Act if we determine in our assessment that the voice service provider is not making
reasonable efforts to develop the required caller ID authentication protocol for non-IP networks.300 We
seek comment on this requirement and how best to fulfill the “full participation” element of this provision
beyond the existing proposals contained herein. Are there further steps we might take, beyond those
already proposed, to enable full participation of all classes of voice service providers in a caller ID
authentication framework? If so, what are they and how would any such steps be implemented?
E.
Caller ID Authentication in Non-IP Networks
96.
Because STIR/SHAKEN is a SIP-based solution, those portions of a voice service
provider’s network that are not capable of initiating, maintaining, and terminating SIP calls cannot
authenticate or verify calls under that framework. The TRACED Act directs us, not later than June 30,
2021, to require voice service providers to take “reasonable measures” to implement an effective caller ID
authentication framework in the non-IP portions of their networks.301 We propose to interpret the
See Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and
Deterrence Act (TRACED Act), FCC 20-11, EB Docket No. 20-22 (Feb. 6, 2020) (seeking comment on establishing
a “single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls”).
297
298
TRACED Act § 4(b)(5)(D).
299
See TRACED Act § 4(b)(5)(D).
300
See TRACED Act § 4(b)(5)(D).
301
See TRACED Act § 4(b)(1)(B).
43
Federal Communications Commission
FCC 20-42
TRACED Act’s requirement that a voice service provider take “reasonable measures” to implement an
effective caller ID authentication framework in the non-IP portions of its network as being satisfied only
if the voice service provider is actively working to implement a caller ID authentication framework on
those portions of its network, either by upgrading its non-IP networks to IP so that the STIR/SHAKEN
authentication framework may be implemented, or by working to develop a non-IP authentication
solution. Consistent with our proposed approach to assessing whether a provider is making “reasonable
efforts” to develop a call authentication protocol in the context of determining whether to limit or
terminate an extension of compliance granted under section 4(b)(5)(B) for non-IP networks, we propose
that a provider satisfies the “reasonable measures” requirement under section 4(b)(1)(B) if it is able to
provide the Commission upon request documented proof that it is participating, either on its own or
through a representative, as a member of a working group or consortium that is working to develop a nonIP solution, or actively testing such a solution.
97.
Although some commenters have referred to out-of-band STIR as a framework that could
potentially allow non-IP voice service providers to participate in STIR/SHAKEN,302 our preliminary view
is that out-of-band STIR is still in its infancy and is not sufficiently widespread or readily available to be
implemented.303 Indeed, the TRACED Act itself acknowledges that no viable non-IP solution currently
exists insofar as it directs us to grant an extension for voice service providers that “materially rel[y] on a
non-[I]nternet [P]rotocol network . . . until a call authentication protocol has been developed for calls
delivered over non-[I]nternet [P]rotocol networks and is reasonably available.”304 Given this, we believe
the best approach is to continue to promote the transition to IP while simultaneously encouraging voice
service providers to develop a non-IP solution that may benefit those legacy networks that are not yet in
transition 305
98.
We seek comment on this approach. Is our proposed approach an appropriate
interpretation of the TRACED Act’s “reasonable measures” requirement? Should we implement a
different standard? If we adopt the standard we propose, do commenters agree with our proposals on how
to evaluate whether a company is “actively working” toward developing an authentication framework?
Should the standard be the same for all voice service providers, or should this standard vary according to
the size or resources of a voice service provider? If commenters believe this standard should be variable,
how should it vary across different types or classes of voice service providers? How should voice service
providers be separated out under such a variable standard—according to size, resources, cost, or some
other metric? How should the obligations of this requirement vary between the different classes of voice
service providers?
99.
We also seek comment on our preliminary view that out-of-band STIR is not yet
sufficiently developed or widespread to form the basis of a specific implementation requirement at
present. Do commenters anticipate that it will be technologically possible for voice service providers to
have the capability to implement this framework on a widespread basis by June 30, 2021? Are there
reasons we should or should not encourage its development and, in turn, implementation?
100.
We encourage voice service providers to transition their networks to IP, and one of the
many benefits of the IP transition is the ability to implement STIR/SHAKEN. We wish to ensure that the
See TransNexus Comments at 8; TNS Comments at 16-17; see also Consumer Reports et al. Reply at 5 (“[W]e
were pleased to note that several commenters cited the existence of call authentication tools that are compatible with
traditional landline service, such as out-of-band SHAKEN/STIR and tools offered by TNS.”); Neustar Reply at 6
(“Neustar continues to support the implementation of complementary call authentication technologies, such as outof-band authentication that can be integrated into the STIR/SHAKEN authentication framework.”).
302
See Metaswitch Ex Parte at 7; See Letter from Farhan Chughtai, Director, Policy & Advocacy, USTelecom, to
Marlene H. Dortch, Secretary, FCC, CG Docket No. 17-59, WC Docket No. 17-97, at 1 (filed Mar. 10, 2020).
303
304
See TRACED Act § 4(b)(5)(B).
305
See Metaswitch Ex Parte at 7.
44
Federal Communications Commission
FCC 20-42
framework we develop in this proceeding is consistent with our efforts in other proceedings to promote
the transition to IP.306 We believe that our proposed approach balances encouraging the transition to IP
with Congress’s goal of promoting an effective caller ID authentication solution for non-IP networks. Do
commenters agree with this assessment? Does our proposed approach appropriately account for the
technological limits of legacy networks and the challenges of upgrading those networks while
simultaneously encouraging the transition to IP? Is there an alternative approach or additional steps we
should take to better promote the IP transition in this case? If so, what alternative approach or steps
should we take?
101.
We further propose to revisit our approach to the TRACED Act’s “reasonable measures”
requirement for non-IP networks and the extension for non-IP networks if industry fails to make sufficient
progress in overcoming this barrier to the ubiquitous implementation of caller ID authentication through
either transitioning to IP or implementing a non-IP authentication solution. We seek comment on this
proposal. At what point should we reconsider this issue? If the Commission finds, at a later date, that
insufficient progress in developing a non-IP solution has been made, should we impose a more stringent
requirement as to the steps that voice service providers must take to develop and implement such a
solution? What kinds of stricter requirements should we impose? Should we require voice service
providers to either deploy a non-IP solution or upgrade their network technology to participate in
STIR/SHAKEN?
F.
Voluntary STIR/SHAKEN Implementation Exemption
102.
Although the TRACED Act directs us to require each voice service provider to
implement STIR/SHAKEN in its IP network,307 section 4(b)(2) of the TRACED Act frees a voice service
provider from this requirement if we determine, by December 30, 2020, that “such provider of voice
service”: (A) “in [I]nternet [P]rotocol networks”—(i) “has adopted the STIR/SHAKEN authentication
framework for calls on the [I]nternet [P]rotocol networks of the provider of voice service; (ii) has agreed
voluntarily to participate with other providers of voice service in the STIR/SHAKEN authentication
framework; (iii) has begun to implement the STIR/SHAKEN authentication framework; and (iv) will be
capable of fully implementing the STIR/SHAKEN authentication framework” not later than June 30,
2021; and (B) “in non-[I]nternet [P]rotocol networks”—(i) “has taken reasonable measures to implement
an effective call authentication framework; and (ii) will be capable of fully implementing an effective call
authentication framework” not later than June 30, 2021.308 We seek comment on the substantive
standards and appropriate processes by which to implement this forward-looking exemption.
103.
Relationship of IP Network and Non-IP Networks Provisions. We propose to read
section 4(b)(2) of the TRACED Act as creating two exemptions: one for IP calls and one for non-IP calls.
Thus, in our proposal, a provider may seek the exemption for its “IP networks” if it meets all four criteria
for all calls it originates or terminates in SIP, and a provider may seek the exemption for its “non-IP
networks” if it meets both of the criteria for all non-SIP calls it originates or terminates. We seek
See, e.g., Communications Marketplace Report et al., GN Docket No. 18-231 et al., Report, 33 FCC Rcd 12558,
12729, para. 335 (2018); Accelerating Wireline Broadband Deployment by Removing Barriers to Infrastructure
Investment et al., WC Docket No. 17-84 et al., Third Report and Order and Declaratory Ruling, 33 FCC Rcd 7705
(2018); Accelerating Wireless Broadband Deployment by Removing Barriers to Infrastructure Investment et al., WT
Docket No. 17-79 et al., Declaratory Ruling and Third Report and Order, 33 FCC Rcd 9088 (2018); Business Data
Services in an Internet Protocol Environment et al., WC Docket No. 16-143 et al., Report and Order on Remand and
Memorandum Opinion and Order, 34 FCC Rcd 5767 (2019); Petition of USTelecom for Forbearance Pursuant to 47
U.S.C. § 160(c) to Accelerate Investment in Broadband and Next-Generation Networks, WC Docket No. 18-141,
Memorandum Opinion and Order, 34 FCC Rcd 6503 (2019); Modernizing Unbundling and Resale Requirements in
an Era of Next-Generation Networks and Services, WC Docket No. 19-308, Notice of Proposed Rulemaking, 34
FCC Rcd 11290 (2019).
306
307
See TRACED Act § 4(b)(1).
308
See TRACED Act § 4(b)(2).
45
Federal Communications Commission
FCC 20-42
comment on this proposal and any alternative approaches.
104.
We believe that our proposal best implements Congress’ policy and is consistent with
principles of statutory construction when considering the statute as a whole. First, we believe our reading
better limits the portion of the exemption that is at risk of being a nullity. Given the presence of the word
“and” between the IP and non-IP networks criteria, we recognize that the exemption could potentially be
read as applying only if the provider meets both the IP and non-IP networks criteria. Yet, practically
speaking, such a reading would render the exemption an empty set or nearly so. As we have discussed,
we believe that non-IP caller ID authentication solutions are not likely to be ready for widespread
deployment in the near future. We therefore anticipate that few, if any, voice service providers will be
able to claim that they will be capable of “fully implementing” an effective non-IP caller ID
authentication framework by June 30, 2021. If we require any party seeking the exemption to attest to
this requirement, we risk rendering the exemption in its entirety a near-nullity. We believe our proposed
reading cabins the nullity risk more narrowly, thus better effectuating Congress’s goal of creating a
meaningful exemption. We seek comment on this interpretation, and again invite comment on the likely
state of development of non-IP caller ID authentication solutions in the next year and a half. Must “and”
be read as creating only one exemption, or are we correct in assuming that such a reading would
essentially nullify the exemption, thus reading it out of the statute and negating Congress’s intent?
105.
Second, we believe our proposal encourages prompt deployment of STIR/SHAKEN.
The statutory exemption rewards early progress in deployment. Therefore, by giving providers a path to
exemption solely for their IP networks, we anticipate that we would encourage faster progress in
STIR/SHAKEN deployment. We seek comment on this view.
106.
Third, our proposal here would align our interpretation of the exemption with our
proposal to read requirements in the TRACED Act applying to voice service providers as applying on a
call-by-call basis. Because networks are often mixed and capable of transmitting both in IP and non-IP,
we preliminarily believe that reading the word “networks” in the statute to refer to the transmission
technology of a particular call is the best interpretation of the statute. We thus preliminarily believe we
could distinguish the duty that applies to “such provider of voice service in [I]nternet [P]rotocol
networks” and “such provider of voice service in non-[I]nternet [P]rotocol networks” on the basis of the
call in question. We seek comment on this proposal and of our proposed reading of section 4(b)(2) as
creating two distinct exemptions.
107.
Threshold for IP Networks Exemption. To ensure that the exemption only applies where
warranted and to provide parties with adequate guidance, we propose expanding on each of the four
substantive prongs that a voice service provider must meet to obtain an exemption. With respect to prong
(A)(i), we propose interpreting the phrase “has adopted the STIR/SHAKEN authentication framework for
calls on the [I]nternet [P]rotocol networks of the provider of voice service” to mean that the voice service
provider has publicly committed, via a certification, to complete implementation of STIR/SHAKEN by
June 30, 2021.309 Because the exemption in section 4(b)(2)(A) requires a voice service provider to have
“adopted” STIR/SHAKEN for calls on the IP portions of their networks prior to obtaining an exemption,
but does not require full implementation of STIR/SHAKEN until not later than June 30, 2021,310 we
believe that the best approach is to interpret section 4(b)(2)(A) as requiring a provider, prior to obtaining
an exemption, to make a public commitment to completely implement STIR/SHAKEN by June 30, 2021.
We seek comment on this proposed interpretation. What are the potential benefits and drawbacks to this
approach? Does our proposed interpretation align with the language and intended purpose of the statute?
Are there any plausible alternative interpretations of this subsection of the TRACED Act that would
account for both the stated requirement that a voice service provider “has adopted” STIR/SHAKEN for
calls on the IP portions of its network prior to receiving an exemption, with the later “capable of fully
309
See TRACED Act § 4(b)(2)(A)(i).
310
See TRACED Act § 4(b)(1)(A).
46
Federal Communications Commission
FCC 20-42
implementing” date? For example, should we consider prong (A)(i) to be satisfied to the extent a
provider has undertaken network preparations necessary to operationalize the STIR/SHAKEN protocols
on its network, including, but not limited to, by participating in test beds and lab testing or completing the
commensurate network adjustments to enable the authentication and validation of calls on its network
consistent with the STIR/SHAKEN framework?311
108.
We propose reading the phrase “has agreed voluntarily to participate with other providers
of voice service in the STIR/SHAKEN authentication framework” in prong (A)(ii) to mean that the voice
service provider has written, signed agreements with at least two other voice service providers to
exchange calls with authenticated caller ID information.312 We seek comment on this approach. What are
the potential benefits and drawbacks attendant in this interpretation? Does our proposed interpretation
align with the language and intended purpose of the statute? Should we mandate that a voice service
provider seeking to qualify for the exemption have agreements with more than two other voice service
providers? If so, how many agreements should we require before a voice service provider may qualify for
the exemption under section 4(b)(2)(A)? Should the “other providers of voice service” be unaffiliated
with the provider seeking the exemption? Should voice service providers be required to establish such
agreements only with those voice service providers with which they interconnect directly? Must these
agreements include specific terms? Should we go further and require voice service providers to have
reached agreements with all others with which they directly interconnect? We preliminarily are
disinclined to adopt such a stringent requirement because, pursuant to the statute, voice service providers
will have time between December 30, 2020, and June 30, 2021, to complete full implementation. Are
there consortia or industry groups that would allow voice service providers to reach agreements with
numerous other voice service providers at once and, if so, should meeting prong (A)(ii) require
participation in such an entity? Should we impose specific recordkeeping requirements so that we can
verify that such agreements are in place? Should voice service providers be required to provide proof of
such agreements directly to the Commission upon request? Are there any plausible alternatives to our
proposed interpretation of prong (A)(ii)? For example, should we consider prong (A)(ii) to be satisfied if
a service provider has registered with and been approved by the Policy Administrator?313 Why or why
not?
109.
We propose interpreting the phrase “has begun to implement the STIR/SHAKEN
authentication framework” in prong (A)(iii) to mean that the voice service provider has completed the
necessary network upgrades to at least one network element (e.g., a single switch or session border
controller) to enable the authentication and verification of caller ID information consistent with the
STIR/SHAKEN standards.314 This proposal would require a voice service provider to make meaningful
progress on implementation by the time of certification, while taking into account that voice service
providers will have limited time between adoption of a Report and Order and the December 30, 2020
deadline for exemption determinations. We seek comment on this proposed interpretation and on
potential alternatives. Is this proposed standard too lenient and, if so, what standard should we adopt?
We recognize that the standard we propose may be more challenging for smaller voice service providers
than larger voice service providers. Should we vary our expectations by voice service provider size and,
if so, how? Alternatively, should we consider prong (A)(iii) to be satisfied if a provider has established
the capability to authenticate originated traffic and/or validate such traffic terminating on its network?315
110.
Lastly, we propose interpreting the phrase “will be capable of fully implementing the
311
See USTelecom Mar. 23 Ex Parte App’x at 2.
312
See TRACED Act § 4(b)(2)(A)(ii).
313
See USTelecom Mar. 23 Ex Parte App’x at 2.
314
See TRACED Act § 4(b)(2)(A)(iii).
315
See USTelecom Mar. 23 Ex Parte App’x at 2.
47
Federal Communications Commission
FCC 20-42
STIR/SHAKEN authentication framework” in prong (A)(iv) to mean that the voice service provider
reasonably foresees that it will have completed all necessary network upgrades to its network
infrastructure to be able to authenticate and verify caller ID information for all SIP calls exchanged with
STIR/SHAKEN-enabled partners, by June 30, 2021.316 We seek comment on this proposed interpretation.
Are there any plausible alternatives to our proposed interpretation of this prong of the section 4(b)(2)(A)
exemption? For example, should we interpret this prong to require only that a provider reasonably
foresees that it will have the capability to fully implement STIR/SHAKEN by June 30, 2021? How
would such a reading align with Congress’s goal of broad STIR/SHAKEN deployment? Would a
standard other than reasonable foreseeability be appropriate and, if so, how can we account for the
statute’s requirement that voice service providers must make a prediction about the future? Alternatively,
should we consider prong (A)(iv) to be satisfied if a provider certifies only that its consumer VoIP and
Voice over LTE networks are capable of authentication and verification, or will be so capable by June 30,
2021?317 What would be the benefits and drawbacks of such a narrower requirement, and one that does
not require exchange of authenticated traffic? We encourage commenters to support any alternative
interpretation of the implementation requirements in section 4(b)(2)(A) with reference not only to the
statutory language of each provision, but specific technological and marketplace realities of how voice
service providers can expect to foreseeably meet the qualifications that Congress has established.
111.
Threshold for Non-IP Networks Exemption. A voice service provider is excused from the
requirement to take reasonable measures to implement an effective caller ID authentication framework in
the non-IP portions of its network if we find that it has: (1) taken reasonable measures to implement an
effective caller ID authentication framework in the non-IP portions of its network; and (2) will be capable
of fully implementing an effective caller ID authentication framework in the non-IP portions of its
network not later than June 30, 2021.318 As we have stated, we anticipate that in the non-IP context, few
if any voice service providers will seek to take advantage of this exemption because of the difficulties in
“fully implementing” an effective caller ID authentication framework. We seek comment on this view
and whether there is an acceptable interpretation of the “fully implementing” prong that would make it
more achievable for voice service providers to qualify for the exemption. What constitutes an “effective”
call authentication framework? Must such a framework be comparable to STIR/SHAKEN? We also seek
comment on how to interpret “reasonable measures” under prong (B)(i). How do “reasonable measures”
under this prong differ from the “reasonable measures” required under section 4(b)(1)(B)?
112.
Compliance Certifications. We propose to implement the TRACED Act exemption
provision using a certification process. Specifically, we propose requiring a voice service provider that
wishes to receive an exemption to submit a certification that it meets the criteria for the IP networks
exemption that we propose to establish pursuant section 4(b)(2)(A); the criteria for the non-IP networks
exemption that we propose to establish pursuant section 4(b)(2)(B); or both. Under this proposal, each
voice service provider who wishes to qualify for the section 4(b)(2)(A) and/or (B) exemption must have
an officer, as an agent of the voice service provider, sign a compliance certificate stating that the officer
has personal knowledge that the company meets each of the stated criteria. We also propose requiring the
voice service provider to submit an accompanying statement explaining, in detail, how the company is
working to accomplish the four prongs of the exemption.319 We believe a certification process is
necessary to allow us to meet Congress’s deadline for completion of exemption determinations by
316
See TRACED Act § 4(b)(2)(A)(iv).
317
See USTelecom Mar. 23 Ex Parte App’x at 2.
318
See TRACED Act § 4(b)(2)(B).
Cf. Implementation of the Telecommunications Act of 1996: Telecommunications Carriers’ Use of Customer
Proprietary Network Information and Other Customer Information; IP-Enabled Services, CC Docket No. 96-115,
WC Docket No. 04-36, Report and Order and Further Notice of Proposed Rulemaking, 22 FCC Rcd 6927, 6953-54,
para. 52 (2007).
319
48
Federal Communications Commission
FCC 20-42
December 30, 2020.
113.
We propose requiring these certifications to be filed no later than December 1, 2020. We
propose requiring all certifications and supporting statements to be filed electronically in a new docket
established specifically for such filings in the Commission’s Electronic Comment Filing System
(ECFS).320 We propose directing the Bureau to provide additional directions and filing information
regarding the certifications in the Public Notice announcing OMB approval. And we propose directing
the Bureau to review the certifications and accompanying documents for completeness and to determine
whether the certifying party has met the standard we establish. We further propose directing the Bureau
to issue a list of parties that have filed compliant certifications and thus receive the exemption(s) on or
before December 30, 2020. Because of the limited time for review of certifications, we propose that any
voice service providers that file inadequate certifications will not receive an opportunity to cure and will,
instead, be subject to the general duty we establish in the Report and Order to implement STIR/SHAKEN
by June 30, 2021. We preliminarily view this consequence as reasonable and appropriate because the
purpose of the certification is merely to determine which voice service providers would, in the absence of
the STIR/SHAKEN obligation, nonetheless be able to implement STIR/SHAKEN in a timely manner.
114.
We seek comment on this proposed certification process. Are there ways that we can
streamline the process without sacrificing certainty that an exemption is warranted? For instance, should
we allow a less senior company official to sign the certification and, if so, who should be allowed to sign?
Should we impose any additional requirements? Is there an additional or different way for voice service
providers to demonstrate that they have met the implementation requirements in section 4(b)(2)(A) and/or
(B) of the TRACED Act that would allow us to reach the determinations required by the statute by
December 30, 2020? If so, how should we structure and implement any such process? Should we treat
any of the information that voice service providers submit in their accompanying statement as
presumptively confidential?
115.
Retrospective Review. The section 4(b)(2)(A) and (B) exemptions are, by their nature,
based on a voice service provider’s prediction of its future ability to implement STIR/SHAKEN by June
30, 2021. We preliminarily believe that Congress intended for us to verify, after the fact, that voice
service providers claiming the exemption completed full implementation in accordance with their
commitments. We believe that such a review is consistent with the TRACED Act both because the broad
structure of section 4 aims toward full implementation of caller ID authentication and because section
4(b)(2)(A)(iv) and (B)(ii) each state that a voice service provider may receive the exemption only if it
“will” be capable of “fully” implementing a call authentication framework (STIR/SHAKEN or “an
effective call authentication framework,” respectively). We seek comment on this view. We are
concerned that, absent a look back at whether voice service providers that receive the exemption later
fulfill their expectations, voice service providers may receive the exemption but later not implement
STIR/SHAKEN or a non-IP call authentication framework completely in a timely manner. This would
harm the public because it would create pockets of unauthenticated calls and give the voice service
providers that claimed the exemption but fall short a significant loophole—a circumstance that would
invite bad actors to claim the exemption without any intent of completing the obligation. We seek
comment on this view and whether there are alternatives to looking back at voice service providers
claiming the exemption after the compliance deadline that would address the risk of gaps and abusive
claims of the exemption.
116.
We specifically propose requiring a voice service provider that receives an exemption to
file a second certification after June 30, 2021, stating whether it in fact achieved the implementation goal
to which it committed. We propose requiring the certification to be filed in ECFS subject to the same
allowance for confidentiality and requirements for sworn signatures and detailed support as the initial
certifications. We propose directing the Bureau to issue a Public Notice setting a specific deadline no
320
This system is accessible at https://www.fcc.gov/ecfs.
49
Federal Communications Commission
FCC 20-42
later than three months after June 30, 2021 and providing detailed filing requirements. We propose
directing the Bureau to seek public comment on each certification and, following review of the
certifications, supporting materials, and responsive comments, to issue a Public Notice identifying which
voice service providers remain subject to the exemption. We seek comment on these proposals and on
possible alternatives.
117.
If a voice service provider cannot certify to full implementation upon retrospective
review but demonstrates to the Bureau that it filed its initial certification in good faith and made good
faith efforts to complete implementation, we propose that the consequence for such a shortcoming would
be loss of the exemption and application of the general rule requiring full STIR/SHAKEN
implementation, effective immediately. We believe an immediate effective date would be important to
ensure that certain voice service providers do not receive an extension not granted to similarly situated
providers simply because they filed a certification they later failed to meet. If the Bureau finds that a
voice service provider filed its initial certification in bad faith or failed to take good faith steps toward
implementation, we propose to require full implementation immediately and further to direct the Bureau
to refer the voice service provider to the Enforcement Bureau for possible enforcement action based on
filing a false certification and/or other possible violations. We believe we have legal authority to adopt
the foregoing proposals under the TRACED Act, and that we have independent authority to do so under
section 251(e). We seek comment on these proposals and on other possible alternatives.
118.
Providers Eligible for Exemption. We preliminarily do not interpret the TRACED Act’s
exemption process to include intermediate providers, because its definition of “voice service” refers to
“furnish[ing] voice communications to an end user.”321 We seek comment on whether and how we should
extend the exemption process to intermediate providers, in addition to originating and terminating voice
service providers. What would be the benefits and drawbacks of such an approach?
G.
Prohibiting Line Item Charges for Caller ID Authentication
119.
The TRACED Act explicitly directs us to “prohibit providers of voice service from
adding any additional line item charges to consumer or small business customer subscribers for the
effective call authentication technology” mandated by that Act.322 Accordingly, we propose prohibiting
voice service providers from imposing additional line item charges on consumer or small business
subscribers for caller ID authentication. We believe this proposal is a straightforward implementation of
Congress’s clear direction. We propose to interpret “consumer” as used in the TRACED Act to refer to
residential mass-market subscribers, and we propose to interpret “small business” to refer to business
entities that meet the Small Business Administration (SBA) definition of “small business.”323 We note
that the record developed in response to the 2019 Robocall Declaratory Ruling and Further Notice
reflects support for such a prohibition.324 We seek comment on our proposal and proposed interpretation
of this section of the TRACED Act. Should we adopt different definitions? For instance, should we
define “small business” with respect to line count, and if so, what line count limitation is appropriate?
We recognize that a line count-based definition would be easier for providers to administer, but would it
leave out small businesses that Congress intended to protect from line item charges?
120.
To provide additional clarity regarding the prohibition on line item charges, we
specifically propose to prohibit voice service providers from imposing a line-item charge on consumers or
321
TRACED Act § 4(a)(2)(A).
322
Id. § 4(b)(6).
323
13 CFR Part 121, Subpart A.
See Consumer Reports et al. Comments at 3 (“The [Commission] should require phone companies to adopt
effective call-authentication policies and technologies, at no additional line item charge to subscribers.”); Fifty-One
State Attorneys General Reply at 3-4 (“[S]ervice should also be offered to consumers for free with no line-item
charge . . . .”).
324
50
Federal Communications Commission
FCC 20-42
small businesses for the cost of upgrading network elements as necessary to implement STIR/SHAKEN,
for any recurring costs associated with the authentication and verification of calls, or for any display of
STIR/SHAKEN verification information on their subscribers’ phones. ITTA argues that
“SHAKEN/STIR implementation costs should be fully recoverable via . . . any line item that recovers
government-mandated charges . . . .”325 We disagree and propose to reject this suggestion with respect to
consumer and small business subscribers, on the basis that Congress directly addressed this issue in the
TRACED Act.326 We seek comment on whether we should extend our prohibition to other types of
subscribers. We additionally seek comment on our proposal and whether it has the correct scope. Are
there other caller ID authentication-related costs or services we should specifically address in our
prohibition? Should we list all categories of prohibited charges, or should our list merely provide
examples of the types of charges barred by the general prohibition on line-item charges? Should we
address whether voice service providers may recover caller ID authentication costs from consumers and
small businesses through rate increases, and if so how and on what legal basis?
H.
Call Labeling
121.
We seek comment on whether and how to address any risks of consumer confusion or
competitive issues stemming from call labeling. Some commenters have expressed concern that
terminating voice service providers that have implemented STIR/SHAKEN caller ID authentication may
display caller ID authentication information on their subscribers’ phones in a manner detrimental to
callers whose originating voice service provider has not yet implemented STIR/SHAKEN or is unable to
provide the caller with “full” or “A” level attestation.327 These commenters assert that displaying when
caller ID information has been successfully verified on a subscriber’s device may lead subscribers to
believe that calls which lack such a display are illegal calls, and that such a result is especially
problematic before widespread implementation of STIR/SHAKEN.328 These commenters similarly
identify the lack of a standard approach to displaying caller ID verification results—including whether to
treat all attestation levels similarly or provide special treatment for “A” level attestation—as creating the
potential for discriminatory or anticompetitive labeling.329 Commenters also express concern about
mislabeling.330 While we decline in the accompanying Report and Order to mandate at this time any
specifications that voice service providers must use if they choose to display STIR/SHAKEN verification
results, we now seek comment on whether and how to address these concerns related to call labeling.
What authority do we possess to regulate call labeling? Would section 10 of the TRACED Act, which
establishes redress mechanisms for blocking,331 provide us authority as one commenter suggests?332 One
group of commenters suggests we should require a voice service provider to provide notice to the caller
when it places a “derogatory” label on the caller’s number; require that a voice service provider offer an
effective and prompt redress mechanism for callers whose calls have been mislabeled by the provider;
obligate a voice service provider to share information about mislabeled numbers with other providers; and
325
ITTA Reply at 21.
326
See TRACED Act § 4(b)(6).
See, e.g., Letter from American Association of Healthcare Administrative Management, et al., to Marlene H.
Dortch, Secretary, FCC, WC Docket Nos. 17-97, 20-67, CG Docket No. 17-59, at 2 (filed Mar. 13, 2020) (Calling
Party Associations Mar. 13, 2020 Ex Parte); Cloud Communications Alliance Ex Parte at 3.
327
328
Calling Party Associations Mar. 13, 2020 Ex Parte at 3; Cloud Communications Alliance Ex Parte at 3.
329
See id.
See Letter from American Association of Healthcare Administrative Management, et al., to Marlene H. Dortch,
Secretary, FCC, WC Docket Nos. 17-97, 20-67, CG Docket No. 17-59, at 2 (filed Mar. 4, 2020) (Calling Party
Associations Mar. 4 Ex Parte).
330
331
See TRACED Act § 10(b).
332
See Calling Party Associations Mar. 4 Ex Parte at 4.
51
Federal Communications Commission
FCC 20-42
require voice service providers to track and report to us how many lawful calls they are mistakenly
mislabeling.333 Should we adopt any or all of these suggestions? What constitutes a derogatory label?
Do commenters have alternative proposals? Further, is existing antitrust law sufficient to address any
competitive issues, and if not why?
I.
Benefits and Costs
122.
The proposals in this Further Notice generally reflect mandates from the TRACED Act,
and we have no discretion to ignore such congressional direction. To the extent that we are seeking
comment on multiple possible options to implement any given mandate, we urge commenters, where
possible, to include an assessment of relative costs and benefits for competing options. We found in the
accompanying Report and Order that widespread deployment of STIR/SHAKEN will increase the
effectiveness of the framework for both voice service providers and their subscribers. Among the
considerable and varied benefits identified in the Report and Order are the reduction in nuisance calls,
protection from illegally spoofed calls, and restoration of confidence in incoming calls. The proposals in
this Further Notice are intended to, consistent with the TRACED Act, encourage further deployment of
this technology and thus expand these benefits. We thus propose to reaffirm our finding of considerable
benefit to widespread caller ID authentication implementation, and we propose to conclude that
implementation of the TRACED Act provisions and other proposals discussed above will make
considerable progress in unlocking those benefits, and that those benefits far exceed the costs. We seek
comment on this proposal. We further seek detailed comments on the costs of the proposals in this
Further Notice. What are the upfront and recurring costs associated with each? Will these costs vary
according to the size of the voice service provider? What costs would specifically burden intermediate
providers? We preliminarily believe that intermediate providers would be faced with similar upfront
costs as originating and terminating voice service providers, but will not have the recurring costs related
to STIR/SHAKEN authentication and verification service. Is this view accurate? Do the benefits of our
proposals outweigh the costs in each case?
J.
Access to Numbering Resources
123.
Section 6(a) of the TRACED Act directs us to examine whether and how our policies
regarding access to both toll free and non-toll free numbering resources can be modified to help reduce
access to numbers by potential perpetrators of illegal robocalls,334 and it directs us to prescribe regulations
to implement any such policy modifications.335 In addition, section 6(b) provides a forfeiture penalty,
pursuant to section 503(b) of the Act, for a knowing violation of any regulation we prescribe pursuant to
section 6(a).336
124.
Background. Currently, voice service providers that are telecommunications carriers
access non-toll free numbers through the NANP Administrator (NANPA) and the Pooling Administrator
(collectively, the “Numbering Administrators”).337 Applicants for numbering resources must comply with
Commission rules and with guidelines from the Alliance for Telecommunications Industry Solutions
333
See id. at 3-4.
334
TRACED Act § 6(a)(1); see also 47 U.S.C. 227(b).
335
TRACED Act § 6(a)(2).
Id. § 6(b). Our obligation to examine and implement policy modifications does not extend to the forfeiture
provision of section 6(b). In light of this distinction, as well as the forfeiture procedures that the Commission
already has in place, see 47 CFR § 1.80, we do not consider it necessary to seek comment on how section 6(b) of the
TRACED Act would be implemented.
336
See 47 CFR §§ 52.13, 52.15, 52.20(b), 52.20(d); see also 47 CFR § 52.15(g)(2)(i); Numbering Policies for
Modern Communications et al, Report and Order, 30 FCC Rcd 6839, 6841–42, para 4 (2015) (VoIP Direct Access to
Numbers Order).
337
52
Federal Communications Commission
FCC 20-42
(ATIS) Industry Numbering Committee (INC) and the Numbering Administrators.338 These rules and
guidelines require such voice service providers to provide contact information,339 provide Operating
Company Number information,340 disclose the primary type of business for which the numbers will be
used,341 file a NANP Numbering Resource Utilization/Forecast (NRUF) Report with the NANPA,342 and
disclose the states for which they will request numbering resources.343 Applicants for initial numbering
resources must also include evidence that the applicant is capable of providing service within 60 days of
the numbering resources activation date (facilities readiness requirement).344 Voice service providers
must also maintain internal records of numbering resources for reporting purposes.345
125.
While traditionally only telecommunications carriers were permitted to request and
receive numbers from the Numbering Administrators, in 2015 the Commission adopted rules establishing
a process for interconnected VoIP providers to request numbers directly from the Numbering
Administrators.346 To apply for Commission authorization for direct access to numbers,347 interconnected
VoIP providers must provide contact information;348 agree to comply with Commission rules, numbering
authority delegated to the states, and industry guidelines and practices regarding numbering as applicable
to telecommunications carriers;349 provide 30-day notice to relevant state commission(s) before requesting
numbering resources from Numbering Administrators;350 provide proof of facilities readiness;351 and
certify that the applicant possesses the requisite expertise to provide reliable service,352 that key personnel
are not being nor have been investigated for failure to comply with any law, rule, or order,353 that the
applicant complies with its Universal Service Fund (USF), Telecommunications Relay Services, NANP
and local number portability administration contribution obligations, its regulatory fee obligations, and its
911 obligations,354 and that no party to the application is subject to denial of Federal benefits pursuant to
section 5301 of the Anti-Drug Abuse Act.355 All voice service providers, including interconnected VoIP
providers, must comply with a number of obligations in order to maintain their authorization to access
numbers, including USF reporting and contributions,356 911 service obligations,357 and maintaining
See 47 CFR § 52.15(g)(1)-(2); ATIS, ATIS Guidelines for the Administration of Telephone Numbers, ATIS0300070 § 1.0, at 2 (2019), https://access.atis.org/apps/group_public/download.php/49754/ATIS-0300070(201910).zip (ATIS Administration Guidelines); ATIS, Thousands-Block (NPA[Numbering Plan Area]-NXX-X) &
Central Office Code (NPA-NXX) Administration Guidelines, ATIS-0300119 §§ 2.4, 7.1, 7.2, 7.3, at 3, 47-61
(2020), https://access.atis.org/apps/group_public/download.php/51936/ATIS-0300119(2020-03).zip (ATIS Pooling
and Code Guidelines). We require the Numbering Administrators to follow ATIS INC guidelines, which, in turn,
provides additional requirements for voice service providers accessing numbering resources. See 47 CFR §
52.13(b)(3).
338
NANPA, NANP Administration System (NAS) User Registration Guide § 2.1.1, at 6-17 (2019)
https://www.nationalnanpa.com/tools/trainGuides/NAS_User_Registration_Guide.pdf (NAS User Guide); Pooling
Administrator, Pooling Administration System (PAS) Service Providers (SPs) and Service Provider Consultants
(SPCs) Registration Guide, at 3, 9 (2019)
https://www.nationalpooling.com/documents/user_guides/user_guide_sp/SP_and_SPC_User_Registration.pdf (PAS
Registration Guide).
339
47 CFR § 52.15(g)(1); NAS User Guide at 2.1.1; PAS Registration Guide at 3-4, 9-10. If applicable, a voice
service provider’s company and parent company Operating Company Numbers are both required. See 47 CFR §
52.15(g)(1).
340
341
47 CFR § 52.15(g)(1).
ATIS Pooling and Code Guidelines at 4.4.1; ATIS, North American Numbering Plan Numbering Resource
Utilization/Forecast Reporting (Guidelines, ATIS-0300068 § 1.0, at 2 (2019),
https://access.atis.org/apps/group_public/download.php/49758/ATIS-0300068(2019-10).zip. The NANPA uses the
reporting data to both “project the exhaust date of the individual [Numbering Plan Areas] as well as the life span of
the [NANP]. Id.
342
343
NAS User Guide at 2.1.1; PAS Registration Guide at 3, 10-11.
53
Federal Communications Commission
FCC 20-42
sufficient and auditable data to demonstrate compliance with applicable guidelines,358 among other
obligations in the Commission’s rules and industry guidelines.359
126.
A Responsible Organization (RespOrg) obtains toll free numbers, on a toll free
subscriber’s behalf,360 by reserving and assigning a number from the SMS/800 Toll Free Number Registry
(TFN Registry).361 The Commission-designated Toll Free Numbering Administrator (TFNA) manages
the TFN Registry and certifies RespOrgs.362 To access the TFN Registry, RespOrgs must complete a
Service Establishment Application;363 obtain a logon identification code from the TFNA requiring the
disclosure of information including general contact information, type of access sought, and the
interexchange carrier providing the connection; demonstrate that one or more employees possess adequate
TFN Registry training; and pass a TFN Registry certification test.364 RespOrgs must also follow the ATIS
Toll Free Guidelines, adhere to agreements established through the ATIS industry forum process,365 and
acknowledge that the RespOrg is bound by the terms and conditions contained in TFN Registry Functions
Tariff.366 RespOrgs have sole responsibility for the accuracy of subscriber records and information in the
TFN Registry.367 Toll free numbers must be available to RespOrgs and subscribers on an equitable basis,
and typically are assigned first-come, first-served.368 In 2019, the TFNA held an auction of toll-free
numbers in the 833 code for which there were two or more requests for assignment.369 Individual bidders
and RespOrgs bid on specific numbers through a competitive bidding process and, unlike other toll free
numbers, are able to sell those numbers won at auction in a secondary market.370
127.
Discussion. We seek comment on whether and how we should modify our policies
regarding access to toll free and non-toll free numbering resources to help reduce illegal robocallers’
access to numbering resources. Specifically, we seek comment on whether any new or modified
registration and compliance obligations would be appropriate to help reduce illegal robocallers’ access to
(Continued from previous page)
344 47 CFR § 52.15(g)(2); VoIP Direct Access to Numbers Order, 30 FCC Rcd at 6850, para 24 (referring to section
52.12(g)(2) as the Commission’s facilities readiness requirement).
345
47 CFR § 52.15(f); ATIS Administration Guidelines § 1.0, at 2.
VoIP Direct Access to Numbers Order, 30 FCC Rcd at 6840–41, paras. 1, 3. Direct access to telephone numbers
by interconnected VoIP providers is restricted to only those interconnected VoIP providers that can demonstrate that
they are authorized to provide service by a state-level certification in a given area for which they are requesting
numbers or by a Commission-level authorization.
346
47 CFR § 52.15(g)(3)(ii). Applicants for direct access authorization must submit applications through the
Commission’s Electronic Comment Filing System.
347
348
47 CFR § 52.15(g)(3)(i)(A).
349
47 CFR § 52.15(g)(3)(i)(B).
350
47 CFR § 52.15(g)(3)(i)(C).
351
47 CFR § 52.15(g)(3)(i)(D).
352
47 CFR § 52.15(g)(3)(i)(F).
353
47 CFR § 52.15(g)(3)(i)(F).
354
47 CFR § 52.15(g)(3)(i)(E).
355
47 CFR § 52.15(g)(3)(i)(G). See also 21 U.S.C. § 862.
356
47 CFR § 52.15(g)(3)(i)(E); 47 CFR Part 54.
357
See 47 CFR Part 9.
358
ATIS Pooling and Code Guidelines § 8.1.1(n), at 62.
See, e.g., 47 CFR §§ 52.15(g)(3)(iv); 52.15(g)(4)(iv), 52.15(g)(5); ATIS Pooling and Code Guidelines §§ 8.1, 8.2,
8.3, at 61-75.
359
54
Federal Communications Commission
FCC 20-42
numbering resources. We ask commenters to identify specific modifications to our rules and Numbering
Administrator policies. For example, should we require applicants for numbering resources to provide a
certification that they “know their customers” through some sort of customer identity verification, perhaps
explaining the steps that they take to do so? Should we require voice service providers to provide
information about their customers to the Numbering Administrators? Should we modify our NRUF
reporting requirements concerning carriers that assign numbering resources to intermediate providers, and
if so, in what way?371 Should we impose U.S. residency requirements for access to U.S. telephone
numbers? Would imposing U.S. residency requirements reduce the likelihood of bad actors generating
large-scale robocall campaigns beyond the reach of U.S. law enforcement? Further, would U.S. residency
requirements increase accuracy and efficiency regarding attestation levels under the STIR/SHAKEN
protocols? If we did impose U.S. residency requirements, would it reduce the number of voice service
providers in the international voice market, thus reducing downward competitive pressure on international
voice calling rates?372 Would imposing residency requirements harm domestic voice communications?
Should we require minimal state contacts to obtain numbering resources in a particular state? Should we
delegate enforcement of any modifications to our policies to the states, at least in the first instance? We
invite parties to comment on these or other potential policy modifications that might limit illegal
robocalling.
128.
We seek comment on the potential costs that would be imposed by any changes that
commenters recommend to our policies regarding access to numbering resources. What costs do specific
changes impose on entities that use numbers, Numbering Administrators, and consumers? Would any
modifications to our policies unreasonably increase the difficulty for consumers and businesses (and their
voice service providers) that are not perpetrators of illegal robocalling to obtain U.S. telephone
numbers?373 We seek specific comment on the burdens of imposing potential certification requirements
on applicants for numbering resources, particularly on small businesses. Additionally, we seek comment
on how we can ensure that any “know your customer” requirements do not harm consumer privacy.
(Continued from previous page)
360 47 CFR §§ 52.101(b), 52.101(d), 52.101(e); ATIS, Industry Guidelines for Toll Free Number Administration,
ATIS-0417001-003, at 18 (2017) (ATIS Toll Free Guidelines); SOMOS, 800 Service Management System
(SMS/800) Toll-Free Number Registry (TFN Registry) Functions, at 53 (2020), https://s3.amazonaws.com/filesdrupal8-prod.somos.com/s3fspublic/media/file/SMS800%20TFN%20Registry%20Functions%20Tariff_Feb2020.pdf (Somos Tariff) (defining toll
free subscriber as “any individual, business, or government agency that has arranged with a LEC or an
[interexchange carrier] to have a toll-free service, and that has been assigned a toll-free number”).
See Toll Free Service Access Codes, Petition to Change the Composition of SMS/800, Inc., Order, 28 FCC Rcd
15328, 15328, para. 1 n.3 (2013) (Toll Free Governance Order); Somos Tariff at 53; ATIS Toll Free Guidelines at 1.
361
47 CFR § 52.101(a); Toll Free Governance Order, 28 FCC Rcd 15328 at para. 1 (establishing SMS/800, later
known as Somos, Inc. as the toll free numbering administrator, subject to a tariff); SOMOS Tariff at 32-33; FCC,
What Is a Toll-Free Number and How Does it Work, https://www.fcc.gov/consumers/guides/what-toll-free-numberand-how-does-it-work (last visited Jan. 29, 2020).
362
Somos, Service Establishment Application,
https://portal.somos.com/Controls/ONFOREG/PublicForms/PublicSMS-SE.aspx (last visited Jan. 30, 2020).
363
364
Somos Tariff at 32-33.
365
ATIS Toll Free Guidelines at 2.
Somos, How to Submit a Request – User Guides at 4-5 (2019), https://s3.amazonaws.com/files-drupal8prod.somos.com/s3fs-public/media/file/How%20to%20Submit%20a%20Request_4.pdf; see generally Somos Tariff.
366
367
Somos Tariff at 38.
47 CFR § 52.111. The Commission may use competitive bidding and/or other alternative assignment
methodologies for toll free numbers. Id.
368
55
Federal Communications Commission
FCC 20-42
129.
We also seek comment on the effects that any proposed modifications to our policies for
access to numbering resourcing could have on competition and innovation in the voice marketplace.374
Could any market-distorting differential effects on voice service providers result? We seek comment on
whether any suggested modifications could provide an unreasonable advantage to one type of technology
or business model over another.375 For example, would modifications such as “in-person presentation of
documents or identity verification tend to favor non-Internet-based companies or those with physical lines
over those who do business via the Internet or use newer technologies?”376 How could we minimize any
negative ramifications for competition377 in the voice services market?
130.
We recognize that any potential modifications to our rules and policies may need to be
uniquely tailored to particular industry segments in order to reduce access to numbers by bad actors while
avoiding undesirable consequences. How could modifications be tailored to providers of toll free service,
voice service providers that are telecommunications carriers, and interconnected VoIP providers in order
to effectively prevent bad actors from accessing numbering resources while avoiding undesirable
consequences? For example, would adding a “know your customer” certification to the application for
numbering resources work better for one industry than another (such as, for example, non-toll-free versus
toll-free service)? Should we require that subscriber information be included in the TFN Registry, as
opposed to RespOrg information alone? Should rules for any future Commission auctions of toll-free
numbers also include these requirements? Further, are there specific policy modifications that we can
adopt in the voice services wholesale market that will achieve the Commission’s goal to reduce access to
numbers by potential perpetrators of illegal robocalls?
V.
PROCEDURAL MATTERS
131.
Final Regulatory Flexibility Analysis. As required by the Regulatory Flexibility Act of
1980 (RFA),378 an Initial Regulatory Flexibility Analysis (IRFA) was incorporated into the 2019 Robocall
Declaratory Ruling and Further Notice.379 The Commission sought written public comment on the
possible significant economic impact on small entities regarding the proposals addressed in the 2019
Robocall Declaratory Ruling and Further Notice, including comments on the IRFA.380 Pursuant to the
RFA, a Final Regulatory Flexibility Analysis is set forth in Appendix C. The Commission’s Consumer
and Governmental Affairs Bureau, Reference Information Center, will send a copy of this Report and
(Continued from previous page)
369 See generally Toll Free Assignment Modernization, Toll Free Service Access Codes, Report and Order, 33 FCC
Rcd 9274 (2019) (Toll Free Assignment Modernization Order); Auction of Toll Free Numbers in the 833 Code,
Public Notice, 34 FCC Rcd 6560 (2019) (833 Auction Procedures Public Notice).
370
See Toll Free Assignment Modernization Order, 33 FCC Rcd at 9288-89, 9301, paras. 38-41, 79.
47 CFR § 52.15(f)(1)(v) (defining intermediate numbers as “numbers that are made available for use by another
telecommunications carrier or non-carrier entity for the purpose of providing telecommunications service to an end
user or customer”).
371
372
S. Rep. No. 116-41, at 18.
373
Id.
374
Id.
375
See id.
376
Id.
377
Id.
378
See 5 U.S.C. § 603.
379
2019 Robocall Declaratory Ruling and Further Notice, 34 FCC Rcd at 4916, Appx. F.
380
Id. at 4906, para. 97.
56
Federal Communications Commission
FCC 20-42
Order, including the FRFA, to the Chief Counsel for Advocacy of the Small Business Administration
(SBA).381
132.
Ex Parte Rules. This proceeding shall be treated as a “permit-but-disclose” proceeding in
accordance with the Commission’s ex parte rules.382 Persons making ex parte presentations must file a
copy of any written presentation or a memorandum summarizing any oral presentation within two
business days after the presentation (unless a different deadline applicable to the Sunshine period applies).
Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation
must (1) list all persons attending or otherwise participating in the meeting at which the ex parte
presentation was made, and (2) summarize all data presented and arguments made during the
presentation. If the presentation consisted in whole or in part of the presentation of data or arguments
already reflected in the presenter’s written comments, memoranda or other filings in the proceeding, the
presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or
other filings (specifying the relevant page or paragraph numbers where such data or arguments can be
found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission
staff during ex parte meetings are deemed to be written ex parte presentations and must be filed
consistent with Rule 1.1206(b). In proceedings governed by Rule 1.49(f) or for which the Commission
has made available a method of electronic filing, written ex parte presentations and memoranda
summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic
comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc,
.xml, .ppt, searchable .pdf). Participants in this proceeding should familiarize themselves with the
Commission’s ex parte rules.
133.
Filing of Comments and Reply Comments. Pursuant to sections 1.415 and 1.419 of the
Commission’s rules, 47 CFR §§ 1.415, 1.419, interested parties may file comments and reply comments
on or before the dates indicated on the first page of this document. Comments may be filed using the
Commission’s Electronic Comment Filing System (ECFS). See Electronic Filing of Documents in
Rulemaking Proceedings, 63 FR 24121 (1998).
Electronic Filers. Comments may be filed electronically using the Internet by accessing
the ECFS: www.fcc.gov/ecfs.
Paper Filers. Parties who choose to file by paper must file an original and one copy of
each filing. If more than one docket or rulemaking number appears in the caption of this
proceeding, filers must submit two additional copies for each additional docket or
rulemaking number.
Filings can be sent by hand or messenger delivery, by commercial overnight courier, or
by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the
Commission’s Secretary, Office of the Secretary, Federal Communications Commission.
o
If the FCC Headquarters is open to the public,383 all hand-delivered or
messenger-delivered paper filings for the Commission’s Secretary must be
delivered to FCC Headquarters at 445 12th Street, S.W., Room TW-A325,
Washington, D.C., 20554. The filing hours are 8:00 a.m. to 7:00 p.m. All hand
deliveries must be held together with rubber bands or fasteners. Any envelopes
and boxes must be disposed of before entering the building.
381
See 5 U.S.C. § 603(a).
382
47 CFR §§ 1.1200 et seq.
See FCC Announces Closure of FCC Headquarters Open Window and Change in Hand-Delivery Filing, Public
Notice, DA 20-304 (OS Mar. 19, 2020) (explaining that, due to the COVID-19 pandemic, the Commission closed
the hand-delivery and messenger-delivery filing window), https://docs.fcc.gov/public/attachments/DA-20304A1.pdf.
383
57
Federal Communications Commission
FCC 20-42
o
Commercial overnight mail (other than U.S. Postal Service Express Mail and
Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD
20701.
o
U.S. Postal Service first-class, Express, and Priority mail must be addressed to
445 12th Street, S.W., Washington, D.C., 20554.
Comments Containing Proprietary Information. Commenters that file what they consider
to be proprietary information may request confidential treatment pursuant to section
0.459 of the Commission’s rules. Commenters should file both their original comments
for which they request confidentiality and redacted comments, along with their request
for confidential treatment. Commenters should not file proprietary information
electronically. See Examination of Current Policy Concerning the Treatment of
Confidential Information Submitted to the Commission, Report and Order, 13 FCC Rcd
24816 (1998), Order on Reconsideration, 14 FCC Rcd 20128 (1999). Even if the
Commission grants confidential treatment, information that does not fall within a specific
exemption pursuant to the Freedom of Information Act (FOIA) must be publicly
disclosed pursuant to an appropriate request. See 5 U.S.C. § 552; 47 CFR § 0.461. We
note that the Commission may grant requests for confidential treatment either
conditionally or unconditionally. As such, we note that the Commission has the
discretion to release information on public interest grounds that falls within the scope of a
FOIA exemption.
People with Disabilities. To request materials in accessible formats for people with
disabilities (braille, large print, electronic files, or audio format), send an e-mail to
[email protected] or call the Consumer & Governmental Affairs Bureau at (202) 418-0530
(voice), (202) 418-0432 (tty).
Availability of Documents. Comments, reply comments, and ex parte submissions will
be available for public inspection during regular business hours in the FCC Reference
Center, Federal Communications Commission, 445 12th Street, S.W., CY-A257,
Washington, D.C., 20554. These documents will also be available via ECFS.
Documents will be available electronically in ASCII, Microsoft Word, or Portable
Document formats.
134.
Initial Regulatory Flexibility Analysis. As required by the RFA,384 the Commission has
prepared an IRFA of the possible significant economic impact on small entities of the policies and rules
proposed in this Call Authentication Further Notice of Proposed Rulemaking. The IRFA is set forth in
Appendix D. We request written public comment on this IRFA. Comments must be filed by the
deadlines for comments on the Call Authentication Further Notice of Proposed Rulemaking indicated on
the first page of this document and must have a separate and distinct heading designating them as
responses to the IRFA. The Commission’s Consumer and Governmental Affairs Bureau, Reference
Information Center, will send a copy of this Call Authentication Further Notice of Proposed Rulemaking,
including the IRFA, to the Chief Counsel for Advocacy of the Small Business Administration (SBA).385
135.
Paperwork Reduction Act. This document contains proposed new or modified
information collection requirements. The Commission, as part of its continuing effort to reduce
paperwork burdens, invites the general public and the Office of Management and Budget (OMB) to
comment on the information collection requirements contained in this document, as required by the
Paperwork Reduction Act of 1995, Public Law 104-13. In addition, pursuant to the Small Business
Paperwork Relief Act of 2002, Public Law 107-198, we seek specific comment on how we might further
384
See 5 U.S.C. § 603.
385
See 5 U.S.C. § 603(a).
58
Federal Communications Commission
FCC 20-42
reduce the information collection burden for small business concerns with fewer than 25 employees.386
136.
Congressional Review Act. The Commission has determined, and the Administrator of
the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs, that this
rule is non-major under the Congressional Review Act, 5 U.S.C. § 804(2). The Commission will send a
copy of this Report & Order and Further Notice of Proposed Rulemaking to Congress and the
Government Accountability Office pursuant to 5 U.S.C. § 801(a)(1)(A).
137.
Comment Filing Dates. In light of statutory deadlines under section 4 of the TRACED
Act requiring Commission action by December 30, 2020, we have established date-certain comment and
reply dates of May 15, 2020, and May 29, 2020, respectively. Receiving comments and replies by these
dates is necessary to provide the Commission with sufficient time to consider the record before
establishing the rules and implementing the processes necessary to fulfill Congress’s requirements by the
statutory deadlines. In particular, we find these date-certain comment deadlines necessary with respect to
the process regarding the voluntary implementation exemption that we propose. To implement that
proposal, we must review the record and adopt a Report and Order, and then the Bureau must obtain
Office of Management and Budget approval for an information collection and collect and review
certifications, all before December 30, 2020.387 Therefore, we find that good cause exists to support the
comment dates we establish necessary to meet Congress’ deadlines.388
138.
Contact person. For further information about this proceeding, please contact
Mason Shefa, FCC Wireline Competition Bureau, Competition Policy Division, 445 12th Street, S.W.,
Washington, D.C., 20554, at (202) 418-2962, or [email protected].
VI.
ORDERING CLAUSES
139.
Accordingly, IT IS ORDERED, pursuant to sections 4(i), 4(j), 227(e), 227b, 251(e), and
303(r), of the Communications Act of 1934, as amended (the Act), 47 U.S.C. §§ 154(i), 154(j), 227(e),
227b, 251(e), and 303(r), that this Report and Order IS ADOPTED.
140.
IT IS FURTHER ORDERED that Part 64 of the Commission’s rules IS AMENDED as
set forth in Appendix A.
141.
IT IS FURTHER ORDERED that, pursuant to sections 1.4(b)(1) and 1.103(a) of the
Commission’s rules, 47 CFR §§ 1.4(b)(1), 1.103(a), this Report and Order SHALL BE EFFECTIVE 30
days after publication in the Federal Register.
142.
IT IS FURTHER ORDERED that the Commission SHALL SEND a copy of this Report
and Order to Congress and to the Government Accountability Office pursuant to the Congressional
Review Act, see 5 U.S.C. § 801(a)(1)(A).
143.
IT IS FURTHER ORDERED, pursuant to sections 4(i), 4(j), 227(e), 227b, 227b-1,
251(e), and 303(r), of the Act, 47 U.S.C. §§ 154(i), 154(j), 227 (e), 227b, 227b-1, 251(e), and 303(r), that
that this Further Notice of Proposed Rulemaking IS ADOPTED.
144.
IT IS FURTHER ORDERED that the Commission’s Consumer and Governmental
Affairs Bureau, Reference Information Center, SHALL SEND a copy of this Report and Order, including
the Final Regulatory Flexibility Analysis (FRFA), and Further Notice of Proposed Rulemaking, including
the Initial Regulatory Flexibility Analysis (IRFA), to the Chief Counsel for Advocacy of the Small
Business Administration.
386
See 44 U.S.C. § 3506(c)(4).
If we were to decline to adopt a certification process, we would either (1) need to follow the same process for a
different information collection or (2) allot substantially more time for review of individualized exemption requests.
387
5 U.S.C. § 553(b)(B); see Fla. Power & Light v. United States, 846 F.2d 765, 772 (D.C. Cir. 1988) (upholding
15-day comment period where agency was facing statutory deadlines).
388
59
Federal Communications Commission
FCC 20-42
FEDERAL COMMUNICATIONS COMMISSION
Marlene H. Dortch
Secretary
60
Federal Communications Commission
FCC 20-42
APPENDIX A
Final Rules
The Federal Communications Commission amends part 64 of Title 47 of the Code of Federal Regulations
as follows:
PART 64 – MISCELLANEOUS RULES RELATING TO COMMON CARRIERS
* * * * *
1.
The authority citation for part 64 is revised to read as follows:
Authority: 47 U.S.C. 154, 201, 202, 217, 218, 220, 222, 225, 226, 227, 227b, 228, 251(a), 251(e),
254(k), 262, 403(b)(2)(B), (c), 616, 620, 1401-1473, unless otherwise noted; Pub. L. 115-141, Div. P, sec.
503, 132 Stat. 348, 1091.
2.
Amend Part 64 of Title 47 of the Code of Federal Regulations by adding a new Subpart
HH to read as follows:
Subpart HH – Caller ID Authentication
§ 64.6300 Definitions
(a) Authenticate caller identification information. The term “authenticate caller identification
information” refers to the process by which a voice service provider attests to the accuracy of caller
identification information transmitted with a call it originates.
(b) Caller identification information. The term “caller identification information” has the same meaning
given the term “caller identification information” in 47 CFR 64.1600(c) as it currently exists or may
hereafter be amended.
(c) Intermediate provider. The term “intermediate provider” means any entity that carriers or processes
traffic that traverses or will traverse the PSTN at any point insofar as that entity neither originates nor
terminates that traffic.
(d) SIP call. The term “SIP call” refers to calls initiated, maintained, and terminated using the Session
Initiation Protocol signaling protocol.
(e) STIR/SHAKEN authentication framework. The term “STIR/SHAKEN authentication framework”
means the secure telephone identity revisited and signature-based handling of asserted information using
tokens standards.
(f) Verify caller identification information. The term “verify caller identification information” refers to
the process by which a voice service provider confirms that the caller identification information
transmitted with a call it terminates was properly authenticated.
(g) Voice Service. The term “voice service”—
(1) means any service that is interconnected with the public switched telephone network and that
furnishes voice communications to an end user using resources from the North American
Numbering Plan or any successor to the North American Numbering Plan adopted by the
Commission under section 251(e)(1) of the Communications Act of 1934, as amended; and
(2) includes—
61
Federal Communications Commission
FCC 20-42
(A) transmissions from a telephone facsimile machine, computer, or other device to a
telephone facsimile machine; and
(B) without limitation, any service that enables real-time, two-way voice
communications, including any service that requires Internet Protocol-compatible
customer premises equipment and permits out-bound calling, whether or not the service
is one-way or two-way voice over Internet Protocol.
§ 64.6301 Caller ID authentication.
(a) STIR/SHAKEN Implementation by Voice Service Providers. Not later than June 30, 2021, a voice
service provider shall fully implement the STIR/SHAKEN authentication framework in its Internet
Protocol networks. To fulfill this obligation, a voice service provider shall:
(1) authenticate and verify caller identification information for all SIP calls that exclusively
transit its own network;
(2) authenticate caller identification information for all SIP calls it originates and that will
exchange with another voice service provider or intermediate provider and, to the extent
technically feasible, transmit that call with caller ID authentication information to the next
voice service provider or intermediate provider in the call path; and
(3) verify caller identification information for all SIP calls it receives from another voice
service provider or intermediate provider which it will terminate and for which the caller
identification information has been authenticated.
(b) [reserved]
62
Federal Communications Commission
FCC 20-42
APPENDIX B
Draft Proposed Rules
The Federal Communications Commission amends part 64 of Title 47 of the Code of Federal Regulations
as follows:
PART 64 – MISCELLANEOUS RULES RELATING TO COMMON CARRIERS
* * * * *
3. The authority citation for part 64 is revised to read as follows:
Authority: 47 U.S.C. 154, 201, 202, 217, 218, 220, 222, 225, 226, 227, 227b, 228, 251(a), 251(e),
254(k), 262, 403(b)(2)(B), (c), 616, 620, 1401-1473, unless otherwise noted; Pub. L. 115-141, Div. P, sec.
503, 132 Stat. 348, 1091.
4.
Amend § 64.6300 by renumbering paragraphs (b)-(g) to (c)-(h) and inserting new
paragraph (b) as follows:
§ 64.6300 Definitions
* * * * *
(b) Caller identification authentication information. The term “caller identification authentication
information” refers to the information transmitted along with a call that represents the originating voice
service provider’s attestation to the accuracy of the caller identification information.
* * * * *
5.
follows:
Amend § 64.6301 by revising paragraph (a) and inserting paragraphs (b)-(f) to read as
§ 64.6301 Caller ID authentication.
(a) STIR/SHAKEN Implementation by Voice Service Providers. Except as provided in subparagraphs (d)
and (e), not later than June 30, 2021, a voice service provider shall fully implement the STIR/SHAKEN
authentication framework in its Internet Protocol networks. To fulfill this obligation, a voice service
provider shall:
* * * * *
(b) STIR/SHAKEN Implementation by Intermediate Providers. Not later than June 30, 2021, an
intermediate provider shall fully implement the STIR/SHAKEN authentication framework in its Internet
Protocol networks. To fulfill this obligation, a voice service provider:
(1) shall pass unaltered to subsequent providers in the call path any caller identification
authentication information it receives with a SIP call; and
(2) shall authenticate caller identification information for all SIP calls it receives for which
the caller identification information has not been authenticated and which it will exchange
with another provider as a SIP call.
(c) Call Authentication in Non-IP Networks. Except as provided in subparagraph (e), not later than June
30, 2021, a voice service provider shall either:
(1) upgrade its entire network to allow for the initiation, maintenance, and termination of SIP
calls and fully implement the STIR/SHAKEN framework as required in paragraph (a) of this
section throughout its network; or
63
Federal Communications Commission
FCC 20-42
(2) maintain and be ready to provide the Commission on request documented proof that it is
participating, either on its own or through a representative, as a member of a working group
or consortium that is working to develop a non-IP call authentication solution, or actively
testing such a solution.
(d) Extension of Implementation Deadline.
(1) Small providers.
(A) Small providers are exempt from the requirements of paragraph (a) until June
30, 2022.
(B) For purposes of this paragraph, “small provider” means a provider that has
100,000 or fewer voice service subscriber lines (counting the total of all business
and residential fixed subscriber lines and mobile phones and aggregated over all
of the provider’s affiliates).
(2) The Wireline Competition Bureau may, upon a public finding of undue hardship, provide
an extension for compliance with paragraph (a), for a reasonable period of time, for a voice
service provider or class of voice service providers, or type of voice calls, as necessary for
that voice service provider or class of voice service providers or type of calls to address
identified burdens and barriers to implementation of caller ID authentication technology.
(3) The Wireline Competition Bureau shall annually review the scope of any extension and,
after notice and an opportunity for comment, may extend it or terminate it and may expand or
contract the scope of entities subject to the extension.
(4) During the period of extension, any provider subject to such extension shall implement an
appropriate robocall mitigation program to prevent unlawful robocalls from originating on the
network of the provider.
(e) Exemption.
(1) A voice service provider may seek an exemption from the requirements of paragraph (a)
of this section by, before December 1, 2020, certifying that for those portions of its network
served by technology that allows for the transmission of SIP calls, it:
(A) has adopted the STIR/SHAKEN authentication framework for calls on the
Internet Protocol networks of the voice service provider, by publicly committing
to complete implementation of the STIR/SHAKEN authentication framework by
June 30, 2021;
(B) has agreed voluntarily to participate with other voice service providers in the
STIR/SHAKEN authentication framework, by having written, signed agreements
with at least two other voice service provides to exchange SIP calls with
authenticated caller ID information;
(C) has begun to implement the STIR/SHAKEN authentication framework, by
completing the necessary network upgrades to at least one network element to
enable the authentication and verification of caller ID information for SIP calls;
and
(D) will be capable of fully implementing the STIR/SHAKEN authentication
64
Federal Communications Commission
FCC 20-42
framework not later than June 30, 2021, because it reasonably foresees that it will
have completed all necessary network upgrades to its network infrastructure to
enable the authentication and verification of caller ID information and
authenticate and verify all SIP calls exchanged with STIR/SHAKEN-enabled
partners by June 30, 2021.
(2) A voice service provider may seek an exemption from the requirements of paragraph (c)
of this section by, before December 1, 2020, certifying that for those portions of its network
that do not allow for the transmission of SIP calls, it:
(A) has taken reasonable measures to implement an effective call authentication
framework; and
(B) will be capable of fully implementing an effective call authentication
framework not later than June 30, 2021.
(3) All certifications shall be filed in ECFS in WC Docket No. 20-68, shall be signed by an
officer in conformity with section 1.16 of the Commission’s rules, and shall be accompanied
by detailed support as to the assertions in the certification.
(4) The Wireline Competition Bureau shall determine whether to grant or deny timely
requests for exemption on or before December 30, 2020.
(5) All voice service providers granted an exemption under subparagraph (1) shall file an
additional certification on or before a date specified by the Wireline Competition Bureau, and
consistent with the requirements of subparagraph (3) above, attesting to whether the voice service
provider fully implemented the STIR/SHAKEN authentication framework not later than June 30,
2021. The Wireline Competition Bureau, after notice and an opportunity for comment on the
certifications, will determine whether to revoke the exemption for each certifying voice service
provider based on whether it completed implementation.
(f) Line-Item Charges. Providers of voice service are prohibited from adding any additional line item
charges to consumer customer subscribers or small business customer subscribers for the effective call
authentication technology required by paragraphs (a) and (c) above.
(1) For purposes of this paragraph, “consumer customer subscribers” means residential massmarket subscribers.
(2) For purposes of this paragraph, “small business customer subscribers” means subscribers
that are business entities that meet the size standards established in 13 CFR Part 121, Subpart
A, as they currently exist or may hereafter be amended.
65
Federal Communications Commission
FCC 20-42
APPENDIX C
Final Regulatory Flexibility Analysis
1.
As required by the Regulatory Flexibility Act of 1980, as amended (RFA),1 an Initial
Regulatory Flexibility Analysis (IRFA) was incorporated into the Third Further Notice of Proposed
Rulemaking entitled Advanced Methods to Target and Eliminate Unlawful Robocalls, Call Authentication
Trust Anchor (Notice), released June 2019.2 The Commission sought written public comment on the
proposals in the Notice, including comment on the IRFA. No comments were filed addressing the IRFA.
This present Final Regulatory Flexibility Analysis (FRFA) conforms to the RFA.3
A.
Need for, and Objectives of, the Rules
2.
Nefarious schemes that manipulate caller ID information to deceive consumers about the
name and phone number of the party that is calling them, in order to facilitate fraudulent and other
harmful activities, continue to plague American consumers. In this Report and Order (Order), we both
act on our proposal to require voice service providers to implement the STIR/SHAKEN caller ID
authentication framework if major voice service providers did not voluntarily do so by the end of 2019,4
and implement the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence
(TRACED) Act, which directs the Commission to require all voice service providers to implement
STIR/SHAKEN in the IP portions of their networks.
B.
Summary of Significant Issues Raised by Public Comments in Response to the IRFA
3.
There were no comments filed that specifically addressed the proposed rules and policies
presented in the IRFA.
C.
Response to Comments by the Chief Counsel for Advocacy of the SBA
4.
Pursuant to the Small Business Jobs Act of 2010, which amended the RFA, the
Commission is required to respond to any comments filed by the Chief Counsel for Advocacy of the
Small Business Administration (SBA), and to provide a detailed statement of any change made to the
proposed rules as a result of those comments.5
5.
proceeding.
D.
The Chief Counsel did not file any comments in response to the proposed rules in this
Description and Estimate of the Number of Small Entities to Which the Rules Will
Apply
6.
The RFA directs agencies to provide a description and, where feasible, an estimate of the
number of small entities that may be affected by the final rules adopted pursuant to the Order.6 The RFA
generally defines the term “small entity” as having the same meaning as the terms “small business,”
See 5 U.S.C. § 603. The RFA, see 5 U.S.C. §§ 601-612, has been amended by the Small Business Regulatory
Enforcement Fairness Act of 1996 (SBREFA), Pub. L. No. 104-121, Title II, 110 Stat. 847 (1996).
1
See Advanced Methods to Target and Eliminate Unlawful Robocalls, Call Authentication Trust Anchor, CG
Docket No. 17-59, WC Docket No. 17-97, Declaratory Ruling and Third Further Notice of Proposed Rulemaking,
34 FCC Rcd 4876 (2019) (Notice).
2
3
See 5 U.S.C. § 604.
See Advanced Methods to Target and Eliminate Unlawful Robocalls; Call Authentication Trust Anchor, CG
Docket No. 17-59, WC Docket No. 17-97, Declaratory Ruling and Third Further Notice of Proposed Rulemaking,
34 FCC Rcd 4876, 4877, para. 2 (2019) (2019 Robocall Declaratory Ruling and Further Notice).
4
5
5 U.S.C. § 604(a)(3).
6
See 5 U.S.C. § 604(a)(4).
66
Federal Communications Commission
FCC 20-42
“small organization,” and “small governmental jurisdiction.”7 In addition, the term “small business” has
the same meaning as the term “small-business concern” under the Small Business Act.8 A “smallbusiness concern” is one which: (1) is independently owned and operated; (2) is not dominant in its field
of operation; and (3) satisfies any additional criteria established by the SBA.9
1.
Wireline Carriers
7.
Wired Telecommunications Carriers. The U.S. Census Bureau defines this industry as
“establishments primarily engaged in operating and/or providing access to transmission facilities and
infrastructure that they own and/or lease for the transmission of voice, data, text, sound, and video using
wired communications networks. Transmission facilities may be based on a single technology or a
combination of technologies. Establishments in this industry use the wired telecommunications network
facilities that they operate to provide a variety of services, such as wired telephony services, including
VoIP services, wired (cable) audio and video programming distribution, and wired broadband internet
services. By exception, establishments providing satellite television distribution services using facilities
and infrastructure that they operate are included in this industry.”10 The SBA has developed a small
business size standard for Wired Telecommunications Carriers, which consists of all such companies
having 1,500 or fewer employees.11 U.S. Census Bureau data for 2012 show that there were 3,117 firms
that operated that year.12 Of this total, 3,083 operated with fewer than 1,000 employees.13 Thus, under
this size standard, the majority of firms in this industry can be considered small.
8.
Local Exchange Carriers (LECs). Neither the Commission nor the SBA has developed a
size standard for small businesses applicable to local exchange services. The closest applicable NAICS
Code category is Wired Telecommunications Carriers.14 Under the applicable SBA size standard, such a
business is small if it has 1,500 or fewer employees.15 U.S. Census Bureau data for 2012 show that there
were 3,117 firms that operated for the entire year.16 Of that total, 3,083 operated with fewer than 1,000
7
See 5 U.S.C. § 601(6).
See 5 U.S.C. § 601(3) (incorporating by reference the definition of “small-business concern” in the Small Business
Act, 15 U.S.C. § 632). Pursuant to 5 U.S.C. § 601(3), the statutory definition of a small business applies “unless an
agency, after consultation with the Office of Advocacy of the Small Business Administration and after opportunity
for public comment, establishes one or more definitions of such term which are appropriate to the activities of the
agency and publishes such definition(s) in the Federal Register.”
8
9
See 15 U.S.C. § 632.
See U.S. Census Bureau, 2017 NAICS Definition, “517311 Wired Telecommunications Carriers”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
10
11
See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012. NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
12
Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for
firms with fewer than 1,500 employees is not provided.
13
See U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,” ,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
14
15
See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
16
67
Federal Communications Commission
FCC 20-42
employees.17 Thus under this category and the associated size standard, the Commission estimates that
the majority of local exchange carriers are small entities.
9.
Incumbent Local Exchange Carriers (incumbent LECs). Neither the Commission nor the
SBA has developed a small business size standard specifically for incumbent local exchange services.
The closest applicable NAICS Code category is Wired Telecommunications Carriers.18 Under the
applicable SBA size standard, such a business is small if it has 1,500 or fewer employees.19 U.S. Census
Bureau data for 2012 indicate that 3,117 firms operated the entire year.20 Of this total, 3,083 operated
with fewer than 1,000 employees.21 Consequently, the Commission estimates that most providers of
incumbent local exchange service are small businesses that may be affected by our actions. According to
Commission data, one thousand three hundred and seven (1,307) Incumbent Local Exchange Carriers
reported that they were incumbent local exchange service providers.22 Of this total, an estimated 1,006
have 1,500 or fewer employees.23 Thus, using the SBA’s size standard the majority of incumbent LECs
can be considered small entities.
10.
Competitive Local Exchange Carriers (competitive LECs), Competitive Access Providers
(CAPs), Shared-Tenant Service Providers, and Other Local Service Providers. Neither the Commission
nor the SBA has developed a small business size standard specifically for these service providers. The
appropriate NAICS Code category is Wired Telecommunications Carriers24 and under that size standard,
such a business is small if it has 1,500 or fewer employees.25 U.S. Census Bureau data for 2012 indicate
that 3,117 firms operated during that year.26 Of that number, 3,083 operated with fewer than 1,000
employees.27 Based on these data, the Commission concludes that the majority of Competitive LECS,
CAPs, Shared-Tenant Service Providers, and Other Local Service Providers, are small entities.
According to Commission data, 1,442 carriers reported that they were engaged in the provision of either
competitive local exchange services or competitive access provider services.28 Of these 1,442 carriers, an
estimated 1,256 have 1,500 or fewer employees.29 In addition, 17 carriers have reported that they are
Shared-Tenant Service Providers, and all 17 are estimated to have 1,500 or fewer employees.30 Also, 72
carriers have reported that they are Other Local Service Providers.31 Of this total, 70 have 1,500 or fewer
Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for
firms with fewer than 1,500 employees is not provided.
17
See, U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
18
19
See 13 CFR § 121.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 (517110 Wired Telecommunications Carriers).
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
20
21
Id.
See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry
Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
22
23
Id.
See U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
24
25
See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012, NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
26
Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for
firms with fewer than 1,500 employees is not provided.
27
68
Federal Communications Commission
FCC 20-42
employees.32 Consequently, based on internally researched FCC data, the Commission estimates that
most providers of competitive local exchange service, competitive access providers, Shared-Tenant
Service Providers, and Other Local Service Providers are small entities.
11.
We have included small incumbent LECs in this present RFA analysis. As noted above,
a “small business” under the RFA is one that, inter alia, meets the pertinent small-business size standard
(e.g., a telephone communications business having 1,500 or fewer employees) and “is not dominant in its
field of operation.”33 The SBA’s Office of Advocacy contends that, for RFA purposes, small incumbent
LECs are not dominant in their field of operation because any such dominance is not “national” in
scope.34 We have therefore included small incumbent LECs in this RFA analysis, although we emphasize
that this RFA action has no effect on Commission analyses and determinations in other, non-RFA
contexts.
12.
Interexchange Carriers (IXCs). Neither the Commission nor the SBA has developed a
small business size standard specifically for Interexchange Carriers. The closest applicable NAICS Code
category is Wired Telecommunications Carriers.35 The applicable size standard under SBA rules is that
such a business is small if it has 1,500 or fewer employees.36 U.S. Census Bureau data for 2012 indicate
that 3,117 firms operated for the entire year.37 Of that number, 3,083 operated with fewer than 1,000
employees.38 According to internally developed Commission data, 359 companies reported that their
primary telecommunications service activity was the provision of interexchange services.39 Of this total,
an estimated 317 have 1,500 or fewer employees.40 Consequently, the Commission estimates that the
majority of interexchange service providers are small entities.
13.
Cable System Operators (Telecom Act Standard). The Communications Act of 1934, as
amended, also contains a size standard for small cable system operators, which is “a cable operator that,
directly or through an affiliate, serves in the aggregate fewer than one percent of all subscribers in the
United States and is not affiliated with any entity or entities whose gross annual revenues in the aggregate
exceed $250,000,000.”41 As of 2018, there were approximately 50,504,624 cable video subscribers in the
(Continued from previous page)
28 See Federal Communications Commission, Wireline Competition Bureau, Industry Analysis and Technology
Division, Trends in Telephone Service at Table 5.3 (Sept. 2010) (Trends in Telephone Service),
https://apps.fcc.gov/edocs_public/attachmatch/DOC-301823A1.pdf.
29
Id.
30
Id.
31
Id.
32
Id.
33
5 U.S.C. § 601(3).
Letter from Jere W. Glover, Chief Counsel for Advocacy, SBA, to William E. Kennard, Chairman, FCC (filed
May 27, 1999). The Small Business Act contains a definition of “small business concern,” which the RFA
incorporates into its own definition of “small business.” 15 U.S.C. § 632(a); 5 U.S.C. § 601(3). SBA regulations
interpret “small business concern” to include the concept of dominance on a national basis. 13 CFR § 121.102(b).
34
35See,
U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,”
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
36
Id. Id. See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012, NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
37
Id. Id. Id. The largest category provided by the census data is “1000 employees or more” and a more precise
estimate for firms with fewer than 1,500 employees is not provided.
38
69
Federal Communications Commission
FCC 20-42
United States.42 Accordingly, an operator serving fewer than 505,046 subscribers shall be deemed a small
operator if its annual revenues, when combined with the total annual revenues of all its affiliates, do not
exceed $250 million in the aggregate.43 Based on available data, we find that all but six incumbent cable
operators are small entities under this size standard.44 We note that the Commission neither requests nor
collects information on whether cable system operators are affiliated with entities whose gross annual
revenues exceed $250 million.45 Therefore we are unable at this time to estimate with greater precision
the number of cable system operators that would qualify as small cable operators under the definition in
the Communications Act.
2.
Wireless Carriers
14.
Wireless Telecommunications Carriers (Except Satellite). This industry comprises
establishments engaged in operating and maintaining switching and transmission facilities to provide
communications via the airwaves. Establishments in this industry have spectrum licenses and provide
services using that spectrum, such as cellular services, paging services, wireless internet access, and
wireless video services.46 The appropriate size standard under SBA rules is that such a business is small
if it has 1,500 or fewer employees.47 For this industry, U.S. Census Bureau data for 2012 show that there
were 967 firms that operated for the entire year.48 Of this total, 955 firms employed fewer than 1,000
employees and 12 firms employed of 1000 employees or more.49 Thus under this category and the
associated size standard, the Commission estimates that the majority of wireless telecommunications
carriers (except satellite) are small entities.
15.
The Commission’s own data—available in its Universal Licensing System—indicate that,
as of August 31, 2018 there are 265 Cellular licensees that will be affected by our actions.50 The
Commission does not know how many of these licensees are small, as the Commission does not collect
that information for these types of entities. Similarly, according to internally developed Commission data,
413 carriers reported that they were engaged in the provision of wireless telephony, including cellular
service, Personal Communications Service (PCS), and Specialized Mobile Radio (SMR) Telephony
(Continued from previous page)
39 See Trends in Telephone Service, at Table 5.3. See Trends in Telephone Service, at Table 5.3. See Trends in
Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry Analysis and
Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
https://apps.fcc.gov/edocs_public/attachmatch/DOC-301823A1.pdf.
40
Id.
41
47 U.S.C. § 543(m)(2); see 47 CFR § 76.901(f) & n.1–3.
S&P Global Market Intelligence, U.S. Cable Subscriber Highlights, Basic Subscribers(actual) 2018, U.S. Cable
MSO Industry Total, https://platform.marketintelligence.spglobal.com/.
42
43
47 CFR § 76.901(f) and n. ff. 1, 2, and 3.
S&P Global Market Intelligence, Top Cable MSOs as of 12/2018,
https://platform.marketintelligence.spglobal.com/. The six cable operators all had more than 505,046 basic cable
subscribers.
44
The Commission does receive such information on a case-by-case basis if a cable operator appeals a local
franchise authority’s finding that the operator does not qualify as a small cable operator pursuant to § 76.901(f) of
the Commission’s rules. See 47 CFR § 76.909(b).
45
U.S. Census Bureau, 2017 NAICS Definitions, “517312 Wireless Telecommunications Carriers (Except
Satellite)” h,ttps://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517312&search=2017%20NAICS%20Search.
46
47
13 CFR § 121.201, NAICS Code 517312 (previously 517210).
U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ5, Information: Subject
Series: Estab and Firm Size: Employment Size of Firms for the U.S.: 2012, NAICS Code 517210.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517210.
48
70
Federal Communications Commission
FCC 20-42
services.51 Of this total, an estimated 261 have 1,500 or fewer employees, and 152 have more than 1,500
employees.52 Thus, using available data, we estimate that the majority of wireless firms can be
considered small.
16.
Satellite Telecommunications. This category comprises firms “primarily engaged in
providing telecommunications services to other establishments in the telecommunications and
broadcasting industries by forwarding and receiving communications signals via a system of satellites or
reselling satellite telecommunications.”53 Satellite telecommunications service providers include satellite
and earth station operators. The category has a small business size standard of $35 million or less in
average annual receipts, under SBA rules.54 For this category, U.S. Census Bureau data for 2012 show
that there were a total of 333 firms that operated for the entire year.55 Of this total, 299 firms had annual
receipts of less than $25 million.56 Consequently, we estimate that the majority of satellite
telecommunications providers are small entities.
3.
Resellers
17.
Local Resellers. The SBA has not developed a small business size standard specifically
for Local Resellers. The SBA category of Telecommunications Resellers is the closest NAICs code
category for local resellers. The Telecommunications Resellers industry comprises establishments
engaged in purchasing access and network capacity from owners and operators of telecommunications
networks and reselling wired and wireless telecommunications services (except satellite) to businesses
and households. Establishments in this industry resell telecommunications; they do not operate
transmission facilities and infrastructure. Mobile virtual network operators (MVNOs) are included in this
industry.57 Under the SBA’s size standard, such a business is small if it has 1,500 or fewer employees.58
U.S. Census Bureau data from 2012 show that 1,341 firms provided resale services during that year.59 Of
that number, all operated with fewer than 1,000 employees.60 Thus, under this category and the
associated small business size standard, the majority of these resellers can be considered small entities.
According to Commission data, 213 carriers have reported that they are engaged in the provision of local
(Continued from previous page)
49 Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees. The largest category provided is for firms with “1000 employees or more.”
See http://wireless.fcc.gov/uls. For the purposes of this FRFA, consistent with Commission practice for wireless
services, the Commission estimates the number of licensees based on the number of unique FCC Registration
Numbers.
50
See Federal Communications Commission, Wireline Competition Bureau, Industry Analysis and Technology
Division, Trends in Telephone Service at Table 5.3 (Sept. 2010) (Trends in Telephone Service),
https://apps.fcc.gov/edocs_public/attachmatch/DOC-301823A1.pdf.
51
52
See id.
U.S. Census Bureau, 2017 NAICS Definitions, “517410 Satellite Telecommunications”;
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?input=517410&search=2017+NAICS+Search&search=2017.
53
54
13 CFR § 121.201, NAICS code 517410.
U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ4, Information: Subject
Series - Estab and Firm Size: Receipts Size of Firms for the United States: 2012, NAICS Code 517410,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ4//naics~517410.
55
Id. The available U.S. Census Bureau data does not provide a more precise estimate of the number of firms that
meet the SBA size standard of annual receipts of $35 million or less.
56
U.S. Census Bureau, 2017 NAICS Definition, “517911 Telecommunications Resellers”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517911&search=2017%20NAICS%20Search.
57
58
13 CFR § 121.201, NAICS code 517911.
71
Federal Communications Commission
FCC 20-42
resale services.61 Of these, an estimated 211 have 1,500 or fewer employees and two have more than
1,500 employees.62 Consequently, the Commission estimates that the majority of local resellers are small
entities.
18.
Toll Resellers. The Commission has not developed a definition for Toll Resellers. The
closest NAICS Code Category is Telecommunications Resellers. The Telecommunications Resellers
industry comprises establishments engaged in purchasing access and network capacity from owners and
operators of telecommunications networks and reselling wired and wireless telecommunications services
(except satellite) to businesses and households. Establishments in this industry resell
telecommunications; they do not operate transmission facilities and infrastructure. MVNOs are included
in this industry.63 The SBA has developed a small business size standard for the category of
Telecommunications Resellers.64 Under that size standard, such a business is small if it has 1,500 or
fewer employees.65 2012 Census Bureau data show that 1,341 firms provided resale services during that
year.66 Of that number, 1,341 operated with fewer than 1,000 employees.67 Thus, under this category and
the associated small business size standard, the majority of these resellers can be considered small
entities. According to Commission data, 881 carriers have reported that they are engaged in the provision
of toll resale services.68 Of this total, an estimated 857 have 1,500 or fewer employees.69 Consequently,
the Commission estimates that the majority of toll resellers are small entities.
19.
Prepaid Calling Card Providers. Neither the Commission nor the SBA has developed a
small business definition specifically for prepaid calling card providers. The most appropriate NAICS
code-based category for defining prepaid calling card providers is Telecommunications Resellers.70 This
industry comprises establishments engaged in purchasing access and network capacity from owners and
operators of telecommunications networks and reselling wired and wireless telecommunications services
(except satellite) to businesses and households. Establishments in this industry resell
telecommunications; they do not operate transmission facilities and infrastructure. Mobile virtual
networks operators (MVNOs) are included in this industry.71 Under the applicable SBA size standard,
(Continued from previous page)
59 See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517911,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517911.
Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees. The largest category provided is for firms with “1000 employees or more.”
60
See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry
Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
61
62
See id.
U.S. Census Bureau, 2017 NAICS Definition, 517911 Telecommunications Resellers,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517911&search=2017%20NAICS%20Search.
63
64
13 CFR § 121.201, NAICS code 517911.
65
Id.
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517911,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517911.
66
Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees; the largest category provided is for firms with “1000 employees or more.”
67
See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry
Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
68
69
See id.
72
Federal Communications Commission
FCC 20-42
such a business is small if it has 1,500 or fewer employees.72 U.S. Census Bureau data for 2012 show that
1,341 firms provided resale services during that year.73 Of that number, 1,341 operated with fewer than
1,000 employees.74 Thus, under this category and the associated small business size standard, the
majority of these prepaid calling card providers can be considered small entities. According to
Commission data, 193 carriers have reported that they are engaged in the provision of prepaid calling
cards.75 All 193 carriers have 1,500 or fewer employees.76 Consequently, the Commission estimates that
the majority of prepaid calling card providers are small entities that may be affected by these rules.
4.
Other Entities
20.
All Other Telecommunications. The “All Other Telecommunications” category is
comprised of establishments primarily engaged in providing specialized telecommunications services,
such as satellite tracking, communications telemetry, and radar station operation.77 This industry also
includes establishments primarily engaged in providing satellite terminal stations and associated facilities
connected with one or more terrestrial systems and capable of transmitting telecommunications to, and
receiving telecommunications from, satellite systems.78 Establishments providing Internet services or
voice over Internet protocol (VoIP) services via client-supplied telecommunications connections are also
included in this industry.79 The SBA has developed a small business size standard for “All Other
Telecommunications”, which consists of all such firms with annual receipts of $35 million or less.80 For
this category, U.S. Census Bureau data for 2012 show that there were 1,442 firms that operated for the
entire year.81 Of those firms, a total of 1,400 had annual receipts less than $25 million and 15 firms had
annual receipts of $25 million to $49, 999,999.82 Thus, the Commission estimates that the majority of
“All Other Telecommunications” firms potentially affected by our action can be considered small.
E.
Description of Projected Reporting, Recordkeeping, and Other Compliance
Requirements for Small Entities
21.
This Order modifies the Commission’s rules in accordance with our proposal to require
(Continued from previous page)
70 U.S. Census Bureau, 2017 NAICS Definition, “517911 Telecommunications Resellers”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517911&search=2017%20NAICS%20Search.
71
Id.
72
13 CFR § 121.201, NAICS Code 517911.
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517911,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517911.
73
Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees. The largest category provided is for firms with “1000 employees or more.”
74
75
See Trends in Telephone Service, at tbl. 5.3.
76
Id.
See U.S. Census Bureau, 2017 NAICS Definitions, NAICS Code “517919 All Other Telecommunications,””,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?input=517919&search=2017+NAICS+Search&search=2017.
77
78
Id.
79
Id.
80
See 13 CFR § 121.201, NAICS Code 517919.
U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ4, Information: Subject
Series - Estab and Firm Size: Receipts Size of Firms for the United States: 2012, NAICS Code 517919,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ4//naics~517919.
81
82
Id.
73
Federal Communications Commission
FCC 20-42
voice service providers to implement the STIR/SHAKEN caller ID authentication framework if major
voice service providers did not voluntarily do so by the end of 2019,83 and implements Congress’s
direction in the TRACED Act to mandate STIR/SHAKEN. The amended rules adopted in the Order do
not contain reporting or recordkeeping requirements.
F.
Steps Taken to Minimize the Significant Economic Impact on Small Entities, and
Significant Alternatives Considered
22.
The RFA requires an agency to describe any significant, specifically small business,
alternatives that it has considered in reaching its approach, which may include the following four
alternatives (among others): “(1) the establishment of differing compliance or reporting requirements or
timetables that take into account the resources available to small entities; (2) the clarification,
consolidation, or simplification of compliance and reporting requirements under the rule for such small
entities; (3) the use of performance rather than design standards; and (4) an exemption from coverage of
the rule, or any part thereof for such small entities.”84
23.
While the rules enacted in today’s Order do not distinguish between small entities and
other entities and individuals, we seek comment on our proposal in the attached Further Notice to extend
the STIR/SHAKEN implementation deadline for small voice service providers to June 30, 2022; on other
ways our proposed rules would impact such voice service providers; and on proposals to lessen that
impact.
Report to Congress
The Commission will send a copy of the Order, including this FRFA, in a report to Congress
pursuant to the Congressional Review Act.85 In addition, the Commission will send a copy of the Order,
including this FRFA, to the Chief Counsel for Advocacy of the SBA. A copy of the Order and FRFA (or
summaries thereof) will also be published in the Federal Register.86
See Advanced Methods to Target and Eliminate Unlawful Robocalls; Call Authentication Trust Anchor, CG
Docket No. 17-59, WC Docket No. 17-97, Declaratory Ruling and Third Further Notice of Proposed Rulemaking,
34 FCC Rcd 4876, 4877, para. 2 (2019).
83
84
5 U.S.C. § 603(c)(1)-(4).
85
See 5 U.S.C. § 801(a)(1)(A).
86
See 5 U.S.C. § 604(b).
74
Federal Communications Commission
FCC 20-42
APPENDIX D
Initial Regulatory Flexibility Analysis
1.
As required by the Regulatory Flexibility Act of 1980, as amended (RFA),1 the
Commission has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the possible significant
economic impact on small entities by the policies and rules proposed in this Further Notice of Proposed
Rulemaking (Further Notice). The Commission requests written public comments on this IRFA.
Comments must be identified as responses to the IRFA and must be filed by the deadlines for comments
provided on the first page of the Further Notice. The Commission will send a copy of the Further Notice,
including this IRFA, to the Chief Counsel for Advocacy of the Small Business Administration (SBA).2 In
addition, the Further Notice and IRFA (or summaries thereof) will be published in the Federal Register.3
A.
Need for, and Objectives of, the Proposed Rules
2.
The Further Notice continues the Commission’s efforts to combat illegal spoofed
robocalls. Specifically, the Further Notice proposes to require intermediate providers to pass unaltered
any STIR/SHAKEN Identity header they receive to the subsequent provider in the call path., and
authenticate caller ID information for all SIP calls it receives for which the caller ID information has not
been authenticated and which it will exchange with another provider as a SIP call.4 The Further Notice
also proposes implementing provisions of section 4 of the Pallone-Thune Telephone Robocall Abuse
Criminal Enforcement and Deterrence (TRACED) Act as follows: prohibiting providers from imposing
additional line item charges on consumer and small business subscribers for caller ID authentication
technology;5 granting an exemption from our implementation mandate for providers which have certified
that they have reached certain implementation goals;6 granting an extension in compliance with our
implementation mandate for small providers;7 and requiring providers to take “reasonable measures” to
implement an effective caller ID authentication framework in their non-IP networks by either upgrading
non-IP networks to IP or by actively working to develop a non-IP authentication solution.8 The Further
Notice seeks comment on all of these proposals, and on how we should implement section 6(a) of the
TRACED Act. The proposals in the Further Notice will help promote effective caller ID authentication
and fulfill our obligations under the TRACED Act.
B.
Legal Basis
3.
The Further Notice proposes to find authority for these proposed rules under section
251(e) of the Communications Act of 1934, as amended (the Act),9 and section 4 of the TRACED Act.10
Section 251(e) gives us exclusive jurisdiction over numbering policy and the TRACED Act directs us to
make rules to ensure the implementation of caller ID authentication frameworks by all voice service
See 5 U.S.C. § 603. The RFA, see 5 U.S.C. § 601-612, has been amended by the Small Business Regulatory
Enforcement Fairness Act of 1996 (SBREFA), Pub. L. No. 104-121, Title II, 110 Stat. 857 (1996).
1
2
See 5 U.S.C. § 603(a).
3
See 5 U.S.C. § 603(a).
4
See supra paras. 61-71.
5
See supra paras. 119-20.
6
See supra paras. 102-18.
7
See supra paras. 75-84.
8
See supra paras. 96-101.
9
47 U.S.C. § 251(e).
Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105
(2019) (TRACED Act).
10
75
Federal Communications Commission
FCC 20-42
providers. We propose that section 251(e) grants us the authority to require intermediate providers to
pass STIR/SHAKEN information unaltered because such an action would prevent the fraudulent abuse of
North American Numbering Plan resources by callers making calls which transit intermediate providers’
networks. We propose that the TRACED Act authorizes the remaining proposed rules because they
implement the TRACED Act’s language. We solicit comment on these proposals, and whether section
227(e) of the Act, as amended by the Truth in Caller ID Act, 11 or the TRACED Act, would provide
additional authority for our proposal to extend our mandate to intermediate providers.
C.
Description and Estimate of the Number of Small Entities to Which the Proposed
Rules Will Apply
4.
The RFA directs agencies to provide a description of and, where feasible, an estimate of
the number of small entities that may be affected by the proposed rules and by the rule revisions on which
the Notice seeks comment, if adopted.12 The RFA generally defines the term “small entity” as having the
same meaning as the terms “small business,” “small organization,” and “small governmental
jurisdiction.”13 In addition, the term “small business” has the same meaning as the term “small-business
concern” under the Small Business Act.14 A “small-business concern” is one which: (1) is independently
owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria
established by the SBA.15
1.
Wireline Carriers
5.
Wired Telecommunications Carriers. The U.S. Census Bureau defines this industry as
“establishments primarily engaged in operating and/or providing access to transmission facilities and
infrastructure that they own and/or lease for the transmission of voice, data, text, sound, and video using
wired communications networks. Transmission facilities may be based on a single technology or a
combination of technologies. Establishments in this industry use the wired telecommunications network
facilities that they operate to provide a variety of services, such as wired telephony services, including
VoIP services, wired (cable) audio and video programming distribution, and wired broadband internet
services. By exception, establishments providing satellite television distribution services using facilities
and infrastructure that they operate are included in this industry.”16 The SBA has developed a small
business size standard for Wired Telecommunications Carriers, which consists of all such companies
having 1,500 or fewer employees.17 U.S. Census Bureau data for 2012 show that there were 3,117 firms
that operated that year.18 Of this total, 3,083 operated with fewer than 1,000 employees.19 Thus, under
this size standard, the majority of firms in this industry can be considered small.
11
Truth in Caller ID Act of 2009, Pub. L. No. 111-331, 124 Stat. 3572, 3572 (2010) (Truth in Caller ID Act).
12
See 5 U.S.C. § 603(b)(3).
13
See 5 U.S.C. § 601(6).
5 U.S.C. § 601(3) (incorporating by reference the definition of “small-business concern” in the Small Business
Act, 15 U.S.C. § 632). Pursuant to 5 U.S.C. § 601(3), the statutory definition of a small business applies “unless an
agency, after consultation with the Office of Advocacy of the Small Business Administration and after opportunity
for public comment, establishes one or more definitions of such term which are appropriate to the activities of the
agency and publishes such definition(s) in the Federal Register.”
14
15
See 15 U.S.C. § 632.
See U.S. Census Bureau, 2017 NAICS Definition, “517311 Wired Telecommunications Carriers”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
16
17
See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012. NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
18
76
Federal Communications Commission
FCC 20-42
6.
Local Exchange Carriers (LECs). Neither the Commission nor the SBA has developed a
size standard for small businesses specifically applicable to local exchange services. The closest
applicable NAICS Code category is Wired Telecommunications Carriers.20 Under the applicable SBA
size standard, such a business is small if it has 1,500 or fewer employees.21 U.S. Census Bureau data for
2012 show that there were 3,117 firms that operated for the entire year.22 Of that total, 3,083 operated
with fewer than 1,000 employees.23 Thus under this category and the associated size standard, the
Commission estimates that the majority of local exchange carriers are small entities.
7.
Incumbent LECs. Neither the Commission nor the SBA has developed a small business
size standard specifically for incumbent local exchange services. The closest applicable NAICS Code
category is Wired Telecommunications Carriers.24 Under the applicable SBA size standard, such a
business is small if it has 1,500 or fewer employees.25 U.S. Census Bureau data for 2012 indicate that
3,117 firms operated the entire year.26 Of this total, 3,083 operated with fewer than 1,000 employees.27
Consequently, the Commission estimates that most providers of incumbent local exchange service are
small businesses that may be affected by our actions. According to Commission data, one thousand three
hundred and seven (1,307) Incumbent Local Exchange Carriers reported that they were incumbent local
exchange service providers.28 Of this total, an estimated 1,006 have 1,500 or fewer employees.29 Thus,
using the SBA’s size standard the majority of incumbent LECs can be considered small entities.
8.
Competitive Local Exchange Carriers (Competitive LECs), Competitive Access Providers
(CAPs), Shared-Tenant Service Providers, and Other Local Service Providers. Neither the Commission
nor the SBA has developed a small business size standard specifically for these service providers. The
appropriate NAICS Code category is Wired Telecommunications Carriers30 and under that size standard,
such a business is small if it has 1,500 or fewer employees.31 U.S. Census Bureau data for 2012 indicate
that 3,117 firms operated during that year.32 Of that number, 3,083 operated with fewer than 1,000
employees.33 Based on these data, the Commission concludes that the majority of Competitive LECS,
(Continued from previous page)
19 Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for
firms with fewer than 1,500 employees is not provided.
See U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,” ,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
20
21
See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
22
Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for
firms with fewer than 1,500 employees is not provided.
23
See, U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
24
25
See 13 CFR § 121.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 (517110 Wired Telecommunications Carriers).
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
26
27
Id.
See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry
Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
28
29
Id.
See U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
30
77
Federal Communications Commission
FCC 20-42
CAPs, Shared-Tenant Service Providers, and Other Local Service Providers, are small entities.
According to Commission data, 1,442 carriers reported that they were engaged in the provision of either
competitive local exchange services or competitive access provider services.34 Of these 1,442 carriers, an
estimated 1,256 have 1,500 or fewer employees.35 In addition, 17 carriers have reported that they are
Shared-Tenant Service Providers, and all 17 are estimated to have 1,500 or fewer employees.36 Also, 72
carriers have reported that they are Other Local Service Providers.37 Of this total, 70 have 1,500 or fewer
employees.38 Consequently, based on internally researched FCC data, the Commission estimates that
most providers of competitive local exchange service, competitive access providers, Shared-Tenant
Service Providers, and Other Local Service Providers are small entities.
9.
We have included small incumbent LECs in this present RFA analysis. As noted above,
a “small business” under the RFA is one that, inter alia, meets the pertinent small-business size standard
(e.g., a telephone communications business having 1,500 or fewer employees) and “is not dominant in its
field of operation.”39 The SBA’s Office of Advocacy contends that, for RFA purposes, small incumbent
LECs are not dominant in their field of operation because any such dominance is not “national” in
scope.40 We have therefore included small incumbent LECs in this RFA analysis, although we emphasize
that this RFA action has no effect on Commission analyses and determinations in other, non-RFA
contexts.
10.
Interexchange Carriers (IXCs). Neither the Commission nor the SBA has developed a
small business size standard specifically for Interexchange Carriers. The closest applicable NAICS Code
category is Wired Telecommunications Carriers.41 The applicable size standard under SBA rules is that
such a business is small if it has 1,500 or fewer employees.42 U.S. Census Bureau data for 2012 indicate
that 3,117 firms operated for the entire year.43 Of that number, 3,083 operated with fewer than 1,000
employees.44 According to internally developed Commission data, 359 companies reported that their
primary telecommunications service activity was the provision of interexchange services.45 Of this total,
(Continued from previous page)
31 See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012, NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
32
Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for
firms with fewer than 1,500 employees is not provided.
33
See Federal Communications Commission, Wireline Competition Bureau, Industry Analysis and Technology
Division, Trends in Telephone Service at Table 5.3 (Sept. 2010) (Trends in Telephone Service),
https://apps.fcc.gov/edocs_public/attachmatch/DOC-301823A1.pdf.
34
35
Id.
36
Id.
37
Id.
38
Id.
39
5 U.S.C. § 601(3).
Letter from Jere W. Glover, Chief Counsel for Advocacy, SBA, to William E. Kennard, Chairman, FCC (filed
May 27, 1999). The Small Business Act contains a definition of “small business concern,” which the RFA
incorporates into its own definition of “small business.” 15 U.S.C. § 632(a); 5 U.S.C. § 601(3). SBA regulations
interpret “small business concern” to include the concept of dominance on a national basis. 13 CFR § 121.102(b).
40
See U.S. Census Bureau, 2017 NAICS Definition, NAICS Code 517311 “Wired Telecommunications Carriers,”
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017.
41
78
Federal Communications Commission
FCC 20-42
an estimated 317 have 1,500 or fewer employees.46 Consequently, the Commission estimates that the
majority of interexchange service providers are small entities.
11.
Cable System Operators (Telecom Act Standard). The Communications Act of 1934, as
amended, also contains a size standard for small cable system operators, which is “a cable operator that,
directly or through an affiliate, serves in the aggregate fewer than one percent of all subscribers in the
United States and is not affiliated with any entity or entities whose gross annual revenues in the aggregate
exceed $250,000,000.”47 As of 2018, there were approximately 50,504,624 cable video subscribers in the
United States.48 Accordingly, an operator serving fewer than 505,046 subscribers shall be deemed a small
operator if its annual revenues, when combined with the total annual revenues of all its affiliates, do not
exceed $250 million in the aggregate.49 We note that the Commission neither requests nor collects
information on whether cable system operators are affiliated with entities whose gross annual revenues
exceed $250 million.50 Therefore we are unable at this time to estimate with greater precision the number
of cable system operators that would qualify as small cable operators under the definition in the
Communications Act.
2.
Wireless Carriers
12.
Wireless Telecommunications Carriers (except Satellite). This industry comprises
establishments engaged in operating and maintaining switching and transmission facilities to provide
communications via the airwaves. Establishments in this industry have spectrum licenses and provide
services using that spectrum, such as cellular services, paging services, wireless internet access, and
wireless video services.51 The appropriate size standard under SBA rules is that such a business is small
if it has 1,500 or fewer employees.52 For this industry, U.S. Census Bureau data for 2012 show that there
were 967 firms that operated for the entire year.53 Of this total, 955 firms employed fewer than 1,000
(Continued from previous page)
42 See 13 CFR § 120.201, NAICS Code 517311 (previously 517110).
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517110.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110.
43
Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for
firms with fewer than 1,500 employees is not provided.
44
See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry
Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
https://apps.fcc.gov/edocs_public/attachmatch/DOC-301823A1.pdf.
45
46
Id.
47
47 U.S.C. § 543(m)(2); see 47 CFR § 76.901(f) & n.1–3.
S&P Global Market Intelligence, U.S. Cable Subscriber Highlights, Basic Subscribers(actual) 2018, U.S. Cable
MSO Industry Total, https://platform.marketintelligence.spglobal.com/.
48
49
47 CFR § 76.901(f) and n. ff. 1, 2, and 3.
The Commission does receive such information on a case-by-case basis if a cable operator appeals a local
franchise authority’s finding that the operator does not qualify as a small cable operator pursuant to § 76.901(f) of
the Commission’s rules. See 47 CFR § 76.909(b).
50
U.S. Census Bureau, 2017 NAICS Definitions, “517312 Wireless Telecommunications Carriers (Except
Satellite)” h,ttps://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517312&search=2017%20NAICS%20Search.
51
79
Federal Communications Commission
FCC 20-42
employees and 12 firms employed of 1000 employees or more.54 Thus under this category and the
associated size standard, the Commission estimates that the majority of wireless telecommunications
carriers (except satellite) are small entities.
13.
The Commission’s own data—available in its Universal Licensing System—indicate that,
as of August 31, 2018 there are 265 Cellular licensees that will be affected by our actions.55 The
Commission does not know how many of these licensees are small, as the Commission does not collect
that information for these types of entities. Similarly, according to internally developed Commission data,
413 carriers reported that they were engaged in the provision of wireless telephony, including cellular
service, Personal Communications Service (PCS), and Specialized Mobile Radio (SMR) Telephony
services.56 Of this total, an estimated 261 have 1,500 or fewer employees, and 152 have more than 1,500
employees.57 Thus, using available data, we estimate that the majority of wireless firms can be
considered small.
14.
Satellite Telecommunications. This category comprises firms “primarily engaged in
providing telecommunications services to other establishments in the telecommunications and
broadcasting industries by forwarding and receiving communications signals via a system of satellites or
reselling satellite telecommunications.”58 Satellite telecommunications service providers include satellite
and earth station operators. The category has a small business size standard of $35 million or less in
average annual receipts, under SBA rules.59 For this category, U.S. Census Bureau data for 2012 show
that there were a total of 333 firms that operated for the entire year.60 Of this total, 299 firms had annual
receipts of less than $25 million.61 Consequently, we estimate that the majority of satellite
telecommunications providers are small entities.
3.
Resellers
15.
Local Resellers. The SBA has not developed a small business size standard specifically
for Local Resellers. The SBA category of Telecommunications Resellers is the closest NAICs code
category for local resellers. The Telecommunications Resellers industry comprises establishments
(Continued from previous page)
52 13 CFR § 121.201, NAICS Code 517312 (previously 517210).
U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ5, Information: Subject
Series: Estab and Firm Size: Employment Size of Firms for the U.S.: 2012, NAICS Code 517210.
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517210.
53
Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees. The largest category provided is for firms with “1000 employees or more.”
54
See http://wireless.fcc.gov/uls. For the purposes of this IRFA, consistent with Commission practice for wireless
services, the Commission estimates the number of licensees based on the number of unique FCC Registration
Numbers.
55
See Federal Communications Commission, Wireline Competition Bureau, Industry Analysis and Technology
Division, Trends in Telephone Service at Table 5.3 (Sept. 2010) (Trends in Telephone Service),
https://apps.fcc.gov/edocs_public/attachmatch/DOC-301823A1.pdf.
56
57
See id.
U.S. Census Bureau, 2017 NAICS Definitions, “517410 Satellite Telecommunications”;
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?input=517410&search=2017+NAICS+Search&search=2017.
58
59
13 CFR § 121.201, NAICS code 517410.
U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ4, Information: Subject
Series - Estab and Firm Size: Receipts Size of Firms for the United States: 2012, NAICS Code 517410,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ4//naics~517410.
60
Id. The available U.S. Census Bureau data does not provide a more precise estimate of the number of firms that
meet the SBA size standard of annual receipts of $35 million or less.
61
80
Federal Communications Commission
FCC 20-42
engaged in purchasing access and network capacity from owners and operators of telecommunications
networks and reselling wired and wireless telecommunications services (except satellite) to businesses
and households. Establishments in this industry resell telecommunications; they do not operate
transmission facilities and infrastructure. Mobile virtual network operators (MVNOs) are included in this
industry.62 Under the SBA’s size standard, such a business is small if it has 1,500 or fewer employees.63
U.S. Census Bureau data from 2012 show that 1,341 firms provided resale services during that year.64 Of
that number, all operated with fewer than 1,000 employees.65 Thus, under this category and the
associated small business size standard, the majority of these resellers can be considered small entities.
According to Commission data, 213 carriers have reported that they are engaged in the provision of local
resale services.66 Of these, an estimated 211 have 1,500 or fewer employees and two have more than
1,500 employees.67 Consequently, the Commission estimates that the majority of local resellers are small
entities.
16.
Toll Resellers. The Commission has not developed a definition for Toll Resellers. The
closest NAICS Code Category is Telecommunications Resellers. The Telecommunications Resellers
industry comprises establishments engaged in purchasing access and network capacity from owners and
operators of telecommunications networks and reselling wired and wireless telecommunications services
(except satellite) to businesses and households. Establishments in this industry resell
telecommunications; they do not operate transmission facilities and infrastructure. MVNOs are included
in this industry.68 The SBA has developed a small business size standard for the category of
Telecommunications Resellers.69 Under that size standard, such a business is small if it has 1,500 or
fewer employees.70 2012 Census Bureau data show that 1,341 firms provided resale services during that
year.71 Of that number, 1,341 operated with fewer than 1,000 employees.72 Thus, under this category and
the associated small business size standard, the majority of these resellers can be considered small
entities. According to Commission data, 881 carriers have reported that they are engaged in the provision
of toll resale services.73 Of this total, an estimated 857 have 1,500 or fewer employees.74 Consequently,
U.S. Census Bureau, 2017 NAICS Definition, “517911 Telecommunications Resellers”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517911&search=2017%20NAICS%20Search.
62
63
13 CFR § 121.201, NAICS code 517911.
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517911,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517911.
64
Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees. The largest category provided is for firms with “1000 employees or more.”
65
See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry
Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
66
67
See id.
U.S. Census Bureau, 2017 NAICS Definition, 517911 Telecommunications Resellers,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517911&search=2017%20NAICS%20Search.
68
69
13 CFR § 121.201, NAICS code 517911.
70
Id.
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517911,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517911.
71
Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees; the largest category provided is for firms with “1000 employees or more.”
72
See Trends in Telephone Service, Federal Communications Commission, Wireline Competition Bureau, Industry
Analysis and Technology Division at Table 5.3 (Sept. 2010) (Trends in Telephone Service).
73
81
Federal Communications Commission
FCC 20-42
the Commission estimates that the majority of toll resellers are small entities.
17.
Prepaid Calling Card Providers. Neither the Commission nor the SBA has developed a
small business definition specifically for prepaid calling card providers. The most appropriate NAICS
code-based category for defining prepaid calling card providers is Telecommunications Resellers.75 This
industry comprises establishments engaged in purchasing access and network capacity from owners and
operators of telecommunications networks and reselling wired and wireless telecommunications services
(except satellite) to businesses and households. Establishments in this industry resell
telecommunications; they do not operate transmission facilities and infrastructure. Mobile virtual
networks operators (MVNOs) are included in this industry.76 Under the applicable SBA size standard,
such a business is small if it has 1,500 or fewer employees.77 U.S. Census Bureau data for 2012 show that
1,341 firms provided resale services during that year.78 Of that number, 1,341 operated with fewer than
1,000 employees.79 Thus, under this category and the associated small business size standard, the
majority of these prepaid calling card providers can be considered small entities. According to
Commission data, 193 carriers have reported that they are engaged in the provision of prepaid calling
cards.80 All 193 carriers have 1,500 or fewer employees.81 Consequently, the Commission estimates that
the majority of prepaid calling card providers are small entities that may be affected by these rules..
4.
Other Entities
18.
All Other Telecommunications. The “All Other Telecommunications” category is
comprised of establishments primarily engaged in providing specialized telecommunications services,
such as satellite tracking, communications telemetry, and radar station operation.82 This industry also
includes establishments primarily engaged in providing satellite terminal stations and associated facilities
connected with one or more terrestrial systems and capable of transmitting telecommunications to, and
receiving telecommunications from, satellite systems.83 Establishments providing Internet services or
voice over Internet protocol (VoIP) services via client-supplied telecommunications connections are also
included in this industry.84 The SBA has developed a small business size standard for “All Other
Telecommunications”, which consists of all such firms with annual receipts of $35 million or less.85 For
this category, U.S. Census Bureau data for 2012 show that there were 1,442 firms that operated for the
(Continued from previous page)
74 See id.
U.S. Census Bureau, 2017 NAICS Definition, “517911 Telecommunications Resellers”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517911&search=2017%20NAICS%20Search.
75
76
Id.
77
13 CFR § 121.201, NAICS Code 517911.
See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information:
Subject Series - Estab & Firm Size: Employment Size of Firms: 2012 NAICS Code 517911,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517911.
78
Id. Available census data does not provide a more precise estimate of the number of firms that have employment
of 1,500 or fewer employees. The largest category provided is for firms with “1000 employees or more.”
79
80
See Trends in Telephone Service, at tbl. 5.3.
81
Id.
See U.S. Census Bureau, 2017 NAICS Definitions, “517919 All Other Telecommunications”,
https://www.census.gov/cgi-bin/sssd/naics/naicsrch?input=517919&search=2017+NAICS+Search&search=2017.
82
83
Id.
84
Id.
85
See 13 CFR § 121.201, NAICS Code 517919.
82
Federal Communications Commission
FCC 20-42
entire year.86 Of those firms, a total of 1,400 had annual receipts less than $25 million and 15 firms had
annual receipts of $25 million to $49, 999,999.87 Thus, the Commission estimates that the majority of
“All Other Telecommunications” firms potentially affected by our action can be considered small.
D.
Description of Projected Reporting, Recordkeeping, and Other Compliance
Requirements for Small Entities
19.
The Further Notice seeks comment on a proposed requirement that, in order to receive a
voluntary exemption from our implementation mandate, a provider must file a certification reflecting that
it is in a reasonably foreseeable position to meet certain implementation goals; and that, in order to
maintain that exemption, a provider must make a later filing reflecting its achievement of those goals it
stated it was in a reasonably foreseeable position to meet. If the Commission were to move forward with
this proposal, providers would have new reporting, recordkeeping, and other compliance requirements
with regard to these certifications. Specifically, we propose that each voice service provider that wishes
to qualify for the exemption must have an officer, as an agent of the voice service provider, sign a
compliance certificate stating that the officer has personal knowledge that the company meets each of the
stated criteria. We also propose requiring the voice service provider to submit an accompanying
statement explaining, in detail, how the company is working to accomplish the four prongs of the
exemption. We also propose requiring these certifications to be filed no later than December 1, 2020.
Finally, we propose requiring all certifications and supporting statements to be filed electronically in a
new docket established specifically for such filings in the Commission’s Electronic Comment Filing
System (ECFS). We seek comment on these proposed requirements.
E.
Steps Taken to Minimize the Significant Economic Impact on Small Entities, and
Significant Alternatives Considered
20.
The RFA requires an agency to describe any significant alternatives that it has considered
in reaching its proposed approach, which may include the following four alternatives (among others): (1)
the establishment of differing compliance or reporting requirements or timetables that take into account
the resources available to small entities; (2) the clarification, consolidation, or simplification of
compliance and reporting requirements under the rules for such small entities; (3) the use of performance
rather than design standards; and (4) an exemption from coverage of the rule, or any part thereof, for such
small entities.88
21.
We seek comment on our proposal in the Further Notice to extend the STIR/SHAKEN
implementation deadline for small voice service providers to June 30, 2022 and on other ways our
proposed rules would impact such voice service providers; and on proposals to lessen that impact. We
expect to take into account the economic impact on small entities, as identified in comments filed in
response to the Further Notice and this IRFA, in reaching our final conclusions and promulgating rules in
this proceeding.
F.
Federal Rules that May Duplicate, Overlap, or Conflict with the Proposed Rules
22.
None.
U.S. Census Bureau, 2012 Economic Census of the United States, Table EC1251SSSZ4, Information: Subject
Series - Estab and Firm Size: Receipts Size of Firms for the United States: 2012, NAICS Code 517919,
https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ4//naics~517919.
86
87
Id.
88
5 U.S.C. § 603(c)(1)-(4).
83
Federal Communications Commission
FCC 20-42
STATEMENT OF
CHAIRMAN AJIT PAI
Re:
Call Authentication Trust Anchor, WC Docket No. 17-97; Implementation of TRACED Act
Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources,
WC Docket No. 20-67.
Among the hundreds of millions of unwanted phone calls that Americans receive every day are
“spoofed” calls. The caller spoofs or manipulates the caller ID information that appears on the recipient’s
phone to trick him into thinking that the call is from someone he knows or can trust. These calls aren’t
just a nuisance—they add up to billions of dollars lost to fraud, undermine consumer confidence in the
phone network, and harm public safety.
The threat posed by these calls is particularly apparent now, with phone scammers preying on
Americans’ fears during the coronavirus (COVID-19) outbreak. For example, Michigan’s Attorney
General recently warned that “scammers are spoofing phone numbers of at least one local public health
department and calling residents to offer medication” in an attempt to steal their Medicaid and Medicare
information.1 To make matters worse, because “[e]ssential local public health department phone lines are
blowing up with questions about these calls,” officials “cannot make important phone calls out or receive
incoming calls related to COVID-19.”2 And in the past two weeks, utility companies from Maryland to
California have warned about fraudsters spoofing their phone numbers and exploiting concerns about
financial uncertainty during the pandemic, threatening to shut off service if customers don’t pay up.3
With this Order, we take a critical step forward to protect consumers from these and other
spoofed robocalls: We require phone companies to implement strong, new caller ID authentication
technology. Known as STIR/SHAKEN, this technology enables voice service providers to verify that the
caller ID information transmitted with a particular call matches the caller’s number. Last year, I
demanded that major phone companies voluntarily deploy STIR/SHAKEN, and a number of them did.
But it’s clear that FCC action is needed to spur across-the-board deployment of this important technology.
In today’s Order, we therefore mandate that all originating and terminating voice service providers
implement the STIR/SHAKEN framework in the Internet Protocol (IP) portions of their network by June
30, 2021, a deadline that is consistent with the TRACED Act, which was recently passed by Congress.
Widespread implementation of STIR/SHAKEN will reduce the effectiveness of illegal spoofing,
allow law enforcement to identify bad actors more easily, and help phone companies identify—and even
block—calls with illegal spoofed caller ID information before those calls reach their subscribers. Most
importantly, it will give consumers more peace of mind when they answer the phone.
In the accompanying Further Notice of Proposed Rulemaking, we propose giving small providers
a one-year extension of our STIR/SHAKEN implementation deadline pursuant to the TRACED Act. We
Press Release, State of Michigan, AG Nessel: Scammers Are Spoofing Health Department Phone Numbers Seeking
Medicaid, Medicare Information (Mar. 19, 2020), https://www.michigan.gov/coronavirus/0,9753,7-406-98163522279--,00.html.
1
Michigan Attorney General Consumer Alert, Avoid Spoofed Calls from Local Public Health Departments (Mar.
19, 2020), https://www.michigan.gov/ag/0,4534,7-359-81903_20942-522263--,00.html.
2
See Press Release, Delmarva Power, Delmarva Power Warns Customers About Utility Scammers During COVID19 Pandemic (Mar. 26, 2020),
https://www.delmarva.com/News/Pages/DelmarvaPowerWarnsCustomersAboutUtilityScammersDuringCOVID19P
andemic.aspx; Press Release, Pacific Gas and Electric Company, PG&E to Customers: Beware of Scammers Taking
Advantage of COVID-19 Fears – Among Other Scams, Perpetrators Using “Spoofing” Technique to Simulate
PG&E Phone Numbers (Mar. 19, 2020),
https://www.pge.com/en/about/newsroom/newsdetails/index.page?title=20200319_pge_to_customers_beware_of_sc
ammers_taking_advantage_of_covid-19_fears.
3
84
Federal Communications Commission
FCC 20-42
also seek public input on implementing other aspects of the TRACED Act, including requirements that
voice service providers work toward deploying caller ID authentication in the non-IP parts of their
networks.
To be clear, there’s no silver bullet for the problem of spoofed robocalls. So we will continue our
aggressive, multi-pronged approach to combatting it. Over the past three years alone, the FCC has issued
hundreds of millions of dollars in fines for violations of our Truth in Caller ID rules; expanded those rules
to reach foreign calls and text messages; enabled voice service providers to block certain clearly unlawful
calls before they reach consumers’ phones; clarified that voice service providers may offer call-blocking
services by default; and called on the industry to “trace back” illegal spoofed calls and text messages to
their original sources.
Finally, I’d like to thank Congress for their work in passing the TRACED Act and their
leadership in the fight against malicious caller ID spoofing. And for their ongoing and outstanding work
to protect Americans from the scourge of spoofed robocalls, I’d also like to thank the following
Commission staff: Pam Arluk, Allison Baker, Annick Banoun, Matthew Collins, Lynne Engledow, Justin
Faulb, CJ Ferraro, Victoria Goldberg, Heather Hendrickson, Lisa Hone, Daniel Kahn, Ed Krachmer,
Albert Lewis, Kris Monteith, Terri Natoli, Jordan Reth, Mason Shefa, Gil Strobel, John Visclosky, and
Suzanne Yelen of the Wireline Competition Bureau; Erin Boone, Monica DeLong, Stacy Ferraro, and
Garnet Hanley of the Wireless Telecommunication Bureau; Kenneth Carlberg, Lauren Kravetz, and
Nicole McGinnis of the Public Safety and Homeland Security Bureau; Ed Bartholme, Jerusha Burnett,
Aaron Garza, Karen Schroeder, Kurt Schroeder, Mark Stone, and Kristi Thornton of the Consumer and
Governmental Affairs Bureau; Lisa Gelb and Kristi Thompson of the Enforcement Bureau; Denise Coca
and Jim Schlichting of the International Bureau; Patrick DeGraba, James Eisner, Kenneth Lynch, Chuck
Needy, and Craig Stroup of the Office of Economics and Analytics; and Mike Carlson, Rick Mallen, Bill
Richardson, and Derek Yeo of the Office of General Counsel.
85
Federal Communications Commission
FCC 20-42
STATEMENT OF
COMMISSIONER MICHAEL O’RIELLY
Re:
Call Authentication Trust Anchor, WC Docket No. 17-97; Implementation of TRACED Act
Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources,
WC Docket No. 20-67.
The Pallone-Thune TRACED Act gives the Commission clear additional authority and
responsibility to combat the menace of illegal robocalls, and I will faithfully implement its provisions,
including the directive to require all voice service providers to implement the STIR/SHAKEN framework
in the IP portions of their networks no later than 18 months after the date of the Act’s enactment. In the
past, I have expressed reservations over FCC proposals to issue technology mandates or intervene in the
administration of this private sector-developed protocol. As the TRACED Act is now the law of the land,
I support today’s requirements.
Nonetheless, today’s item seems to unnecessarily obscure the role of the TRACED Act,
suggesting that Congress is not the rightful author of the STIR/SHAKEN mandate, and that the
Commission would have had the authority to issue this Report and Order in the absence of Congress’
directive. The reason we are clearly authorized to take this action, however, is because Congress has
required it.
While I will always follow the will of Congress, I do have concerns over some parts of the item,
particularly the section analyzing the costs and benefits of the STIR/SHAKEN mandate. Specifically, the
originally circulated draft seemed to underestimate the costs of implementing and operating the protocol
and appeared to exclude significant cost categories. I was therefore appreciative of parties’ efforts to
supplement the record and encourage a more comprehensive and realistic analysis, which affirmed my
concerns that, for some providers, up-front costs could exceed tens of millions of dollars. While I am
hopeful that benefits will ultimately exceed costs, it is obvious that this undertaking will add costs to
providers, and ultimately their customers.
Speaking of the cost of implementation, we should clarify that prohibiting a line item for caller
ID authentication in no way means that the costs won’t be passed through to customers; it just means that
in many cases, carriers will ultimately build the costs of implementation into their rates, and, in the case
of rate-of-return carriers, potentially seek recovery of those costs from the Universal Service Fund, and in
turn, USF ratepayers. Therefore, we shouldn’t tout this prohibition to suggest that there won’t be rate
increases or that the mandate will accrue “at no cost to consumers.” A billing line item prohibition does
not prohibit cost recovery, despite whatever narrative is suggested by some on Capitol Hill or within the
Commission, but rather, simply buries the true cost of the service.
On a more positive note, I appreciate that the TRACED Act explicitly anticipates the potential
hardship of implementing call authentication for certain providers, including small and rural carriers, and
those that rely on legacy technology and switching facilities. Even to the extent that relief is granted to
these entities, however, some have raised the possibility of a reverse rural call completion problem for
carriers that are unable to implement call authentication—a problem that I have some sympathy toward
and one the Commission likely will need to address going forward.
Indeed, while we don’t specifically address the issue of improper call blocking and labeling
today, I likewise sympathize with the view expressed by commenters in the docket that we need to ensure
partial implementation of the STIR/SHAKEN framework doesn’t lead to legitimate calls being blocked or
mislabeled. To the extent this issue is addressed in a future item, I trust affected entities will have full
opportunity to sufficiently comment as the Commission establishes a call blocking or labeling safe harbor
for providers. At its heart, the TRACED Act is about targeting and eliminating illegal calls, not
restricting legal and legitimate ones, and we need to make sure that our implementation of the legislation
stays true to this purpose, through meaningful and expeditious redress mechanisms for such callers and
providers.
86
Federal Communications Commission
FCC 20-42
Speaking of protecting legitimate callers, in the aftermath of adopting today’s item and the
multitude of other anti-robocall actions on the Commission’s checklist, I hope we will finally have the
will to respond to the D.C. Circuit’s set-asides in ACA International v. FCC1 and clarify the TCPA’s
“automatic telephone dialing system” provision. As long as the harmful and backwards Marks v. Crunch
San Diego decision still stands,2 any efforts to enact blocking and labeling redress mechanisms for
legitimate callers will be for naught if unscrupulous class action plaintiffs are able to flock to the 9th
Circuit to serve legitimate businesses with abusive and frivolous TCPA lawsuits. Especially now that the
7th and 11th Circuits have explicitly rejected the approach in Marks,3 allowing the confusion and
uncertainty to linger any longer is tremendously unfair to those legitimate companies trying to do the right
thing. And, to the extent that the Commission isn’t prepared to do this just yet, we must act on the over
fifty petitions pending before the Commission for TCPA clarification and relief. Either way, the
Commission must stop allowing legitimate callers to be unfairly punished by statutory misinterpretation
and frivolous litigation.
Fundamentally, a main purpose behind the TRACED Act is to restore the integrity of our
telephone networks and the ability of consumers to receive beneficial and necessary information over the
phone. I look forward to seeing how our actions today further that goal, and whether voice telephony will
ultimately re-emerge as our preeminent and preferred form of communication. And, perhaps the future is
not so bleak: with the steep rise of voice calls due to the current COVID-19 pandemic, it may turn out that
voice telephony wasn’t killed off by illegal robocalling but has just been on hiatus. In the months ahead,
we’ll likely find out.
1
ACA Int’l v. FCC, 885 F.3D 687 (D.C. Cir. 2018).
2
Marks v. Crunch San Diego, LLC, 904 F.3d 1041 (9th Cir. 2018).
Gadelhak v. AT&T Services, No. 19-1738 (7th Cir. 2020); Glasser v. Hilton Grand Vacations Co., No. 18-14499
(11th Cir. 2020).
3
87
Federal Communications Commission
FCC 20-42
STATEMENT OF
COMMISSIONER BRENDAN CARR
Re:
Call Authentication Trust Anchor, WC Docket No. 17-97; Implementation of TRACED Act
Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources,
WC Docket No. 20-67.
The American people are sick and tired of illegal robocalls. And they are more than just an
intrusion on our daily lives. Scam artists, who target the American people with scare tactics, continue to
plague consumers, as it’s reported that over $10 billion was lost in 2019 due to robocall and spoofing
scams.1 I, like many others, rarely even bother to pick up my phone if the number is not already in my
contacts.
Robocalls are the number one complaint we receive at the FCC, and this Commission has made it
our number one enforcement priority. We’ve undertaken thorough investigations, issued massive fines,
and expanded our reach overseas in the pursuit of the offenders. In addition to our own actions, we have
empowered the private sector to combat these illegal calls. And while I’m happy to see the tools that
industry has developed, there is still much more work to be done to fully implement them.
Today we move the ball forward on combating the illegal robocalls that Americans demand be
stopped. We will require carriers to implement an industry-developed framework called STIR/SHAKEN
to empower consumers by letting them know that the caller really is (or isn’t) who they say they are. And
for those carriers whose networks can’t currently implement STIR/SHAKEN, we propose that they must
at a minimum implement robocall mitigation programs to identify and block these large-scale robocall
campaigns. We will not sit idly by as fraudsters exploit consumers, and our actions today will help
restore consumers’ faith in the voice network. And maybe we’ll begin answering our phones again.
I want to thank the Wireline Competition Bureau, the Consumer and Governmental Affairs
Bureau, the Enforcement Bureau, the Wireless Telecommunications Bureau, the International Bureau, the
Public Safety and Homeland Security Bureau, and the Office of Economics and Analytics as well as the
General Counsel’s Office for your dedicated work on this item. Together we can combat these calls on
multiple fronts. This item has my full support.
Techcrunch, Spam Calls Grew 18% in 2019, https://techcrunch.com/2019/12/03/truecaller-spam-call-robocallreport-2019/.
1
88
Federal Communications Commission
FCC 20-42
STATEMENT OF
COMMISSIONER JESSICA ROSENWORCEL
Re:
Call Authentication Trust Anchor, WC Docket No. 17-97; Implementation of TRACED Act
Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources,
WC Docket No. 20-67.
We are living in a devastating crisis. The coronavirus pandemic already has robbed too many of
us of our health while the rest of us are confined to our homes to do our part to prevent the further spread
of this virus. So it is good news that today the Federal Communications Commission adopts rules to
reduce robocalls through call authentication. I only wish we had done so sooner, like three years ago
when the FCC first proposed the use of STIR/SHAKEN technology. That’s because during this disaster
there is evidence that robocalls are multiplying. We are seeing alarming reports of an increase in calls
from scam artists hawking fraudulent cures and taking advantage of so many people in so many
households who are stuck at home. So let me state this as clearly as a I can: there should be swift and
harsh action holding accountable those preying on the vulnerable during this disaster.
89
Federal Communications Commission
FCC 20-42
STATEMENT OF
COMMISSIONER GEOFFREY STARKS
Re:
Call Authentication Trust Anchor, WC Docket No. 17-97; Implementation of TRACED
Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering
Resources, WC Docket No. 20-67.
The millions of illegal spoofed robocalls placed every day to Americans must be stopped.
Consumers should be able to trust caller ID information so they can make an informed decision about
whether they want to answer a call. This is especially critical in times like these, when we are in the
throes of a COVID-19 pandemic where false or misleading information about cures, treatments, and
recommendations for staying safe can mean the difference between life and death. It is unconscionable
that scammers and opportunists1 are using robocalls and text messages to prey on people’s legitimate
fears and apprehensions, especially the elderly population, known to be particularly vulnerable to robocall
schemes.2 But they are, and so today’s action gets us another step closer to rooting out and stopping these
individuals in their tracks.
I approve this item as a good start, but the record makes clear that we have much more to do.
Today we implement a mandate in the Telephone Robocall Abuse Criminal Enforcement and Deterrence
(TRACED) Act for voice service providers to implement the STIR/SHAKEN caller ID framework, but
only in the internet protocol, or IP portions of their networks. To be fully effective against this scourge,
we need all voice service providers to implement call authentication and other measures to combat illegal
spoofing in all networks as soon as possible. That means continuing to work with the industry to
implement effective methods for tracing back illegal spoofed calls and text messages to their original
sources, and following through on enforcement to the full extent of our statutory authority.
To that end, I am pleased that the Further Notice of Proposed Rulemaking seeks comment on
further implementation of the TRACED Act, and now includes additional questions to address concerns
raised by commenters, including with regard to the limits of the STIR.SHAKEN framework as an option
for use with non-IP-based networks, and barriers to STIR/SHAKEN implementation for enterprise calls,
and for small and rural voice service providers. We cannot let up on this effort, because illegal
robocallers clearly are not going to let up on their own.
My thanks to the Wireline Competition Bureau for their hard work on this important item.
See, e.g., FCC, “COVID-19 Consumer Warnings and Safety Tips,” https://www.fcc.gov/covid-scams; Department
of Justice, “COVID-19 Fraud,” https://www.justice.gov/usao-edva/covid-19-fraud.
1
AARP’s “Scams and Fraud” webpage includes multiple warnings and examples of coronavirus-related scams,
including robocall campaigns. https://www.aarp.org/money/scams-fraud/.
2
90
File Type | application/pdf |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |