The Federal Communications Commission (“Commission”) is proposing to extend some of its call authentication and blocking requirements to text messaging. On September 27, the Commission released a Notice of Proposed Rulemaking (“NPRM”) seeking comment on a proposal that would require mobile providers to block illegal text messages and apply caller ID authentication technology to text messages. In the NPRM, the Commission notes that consumers are receiving increasing numbers of unwanted and unlawful text messages. These text messages, according to the Commission, are often part of scams and include links to phishing websites, viruses, and malware, or the texts falsify the caller ID information (a technique known as spoofing) with the intent to defraud consumers that respond.
The NPRM explains that there are already a number of legal protections to help consumers avoid illegal and fraudulent text messages. Specifically, the Telephone Consumer Protection Act (“TCPA”) generally requires callers to obtain consumer consent before making calls to that number using an automated telephone dialing system. The Commission has applied similar consent requirements to text messages and has determined that, in most cases, text messages are calls for purposes of enforcing the TCPA. Similarly, the National Do-Not-Call Registry is supposed to protect consumers from unwanted text messages by prohibiting callers from sending marketing messages to numbers placed on the registry. And the Truth in Caller ID Act of 2009 makes it illegal for a caller to spoof their caller ID information with the intent to defraud, gain something of value or cause harm, which the Commission has also previously applied to text messaging. However, despite these current legal protections, the NPRM states that the Commission has received at least 14,000 consumer complaints about unwanted text messages in each of the last two years and is on pace for well over 16,000 in 2022.
In response to these findings, the NPRM asks for industry input on two proposals: first, applying the STIR/SHAKEN framework to texting, and second, the feasibility of mandatory blocking of text messages from certain suspicious numbers, for example, invalid or unused numbers, and numbers on the Do-Not-Originate list. Specifically, with regard to the application of STIR/SHAKEN to text messages, the Commission seeks comment on the progress of efforts to extend caller ID authentication to text messaging and whether the current STIR/SHAKEN governance system can accommodate text messages or, instead, a new system would be required. Further, the NPRM seeks comment on which categories of providers the proposed STIR/SHAKEN rules should apply and how the Commission should address text messages on non-IP telecommunications networks. As for its proposal to require network-level blocking of certain numbers, the Commission asks whether it should adopt the same “highly likely to be illegal” standard it already applies to telephone calls or if a different standard should apply to network blocking of text messages.
In announcing the new proceeding, Chairwoman Jessica Rosenworcel urged quick action on these proposals, stating, “The American people are fed up with scam texts, and we need to use every tool we have to do something about it.” She continued that “[m]ore can be done to address this growing problem and today we are formally starting an effort to take a serious, comprehensive, and fresh look at our policies for fighting unwanted robotexts.”
Comments on the NPRM must be submitted by November 10, 2022, and reply comments must be submitted by November 25, 2022.
As part of the Commission’s ongoing mission to eliminate illegal and unwanted robocalls, the Agency’s Robocall Response Team took steps to remove seven voice service providers from the Robocall Mitigation Database (“RMD”). In the first-of-their-kind Orders issued by the Commission’s Enforcement Bureau, the Robocall Response Team found that Akabis, Cloud4, Global UC, Horizon Technology Group, Morse Communications, Sharon Telephone Company, and SW Arkansas Telecommunications and Technology (collectively, the “Companies”) did not take the required robocall mitigation steps, including the implementation of STIR/SHAKEN on their IP networks. In each case, the Companies filed certifications in the RMD stating that while they had not implemented STIR/SHAKEN, all calls originating on their networks are subject to a robocall mitigation program. However, the Robocall Response Team found that the descriptions of these robocall mitigation programs did not meet the Commission’s RMD requirements. Further, the Companies did not respond to direct outreach from the Commission’s Wireline Competition Bureau to determine if the certifications were made in error. The Orders demand that the Companies show cause as to why they should not be removed from the RMD. Should the Companies ultimately be removed from the RMD, intermediate and terminating providers will be prohibited from accepting traffic from the Companies.
Chairwoman Roswenworcel made clear that going forward, the Commission will continue to take aggressive action to meet its robocall mitigation goals stating, “This is a new era. If a provider doesn’t meet its obligations under the law, it now faces expulsion from America’s phone networks. Fines alone aren't enough. Providers that don't follow our rules and make it easy to scam consumers will now face swift consequences.”
On October 6, the Commission released a draft Notice of Inquiry (“NOI”) for consideration at the FCC Open Meeting on October 27. The NOI, if adopted, would broadly seek comment on the non-IP technology in the nation’s phone networks and the impact this technology has on the Commission’s work toward stopping illegal robocalls.
More specifically, however, the Commission would ask industry stakeholders about the feasibility of mandating implementation of either, or both, of two proposed standards – ATIS-100096 (the Out-of-Band approach) and ATIS-100095 (the Non-IP In-Band Approach) – for caller ID authentication on non-IP networks developed by the Alliance for Telecommunications Industry Solutions (“ATIS”). In addition to asking stakeholders to weigh the pros and cons of these standards, the Commission would ask whether there are any alternative non-IP call authentication solutions the Commission should consider together with or instead of the proposed ATIS standards. The Commission would also seek information about how it could most effectively structure any rules it chooses to adopt that would mandate the implementation of one or more of the proposed, or alternative, call authentication standards.
Finally, as part of its efforts to mitigate illegal robocalling, the Commission had previously adopted rules that require voice service providers to implement the caller ID authentication framework known as STIR/SHAKEN on their IP networks. However, STIR/SHAKEN only works on IP-based telephone networks, so the Commission has had to address networks using non-IP technology separately. As a consequence, Commission rules currently require voice service providers to either upgrade their networks to IP-based networks or work to develop an authentication solution – for example, by joining a consortium or association working to create a non-IP call authentication technology. Thus, the NOI seeks comment on the progress of the transition of the country’s phone networks to all-IP. Further, to the extent the status is unsatisfactory to the Commission, it would seek comment on the actions the Agency could take to accelerate that transition, including additional mandates.