Skip to main content

Telephone and Texting Compliance News: Regulatory Update — Federal Communications Commission Proposes New Rules For Non-IP Caller ID Authentication

At its April Open Meeting, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) aimed at closing the non-IP caller ID authentication gap. The NPRM is the next step in the FCC’s efforts to stop unlawful robocalling traffic from reaching American consumers.

Background

As part of the FCC’s attempts to stop unlawful robocalls from traversing American telecommunications networks, the agency has required all voice service, intermediate, and gateway providers to implement the STIR/SHAKEN caller ID authentication framework on all IP portions of their networks. STIR/SHAKEN enables providers to verify that a caller’s number matches the caller ID information transmitted with a call. This verification helps providers block calls that are likely illegally spoofed (i.e., disguising a caller’s identity by falsifying the caller ID information), a hallmark of many illegal robocalls.

However, the STIR/SHAKEN framework only works on IP-based telecommunications networks.Thus, any non-IP portion of a call path creates a gap in the STIR/SHAKEN framework that bad actors have been able to exploit. Despite recognition of this vulnerability, when the FCC adopted rules requiring the implementation of STIR/SHAKEN, it offered providers still operating non-IP-based networks an implementation extension in accordance with provisions of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act. Under the TRACED Act, the FCC requires providers that continue to rely on non-IP technology and the STIR/SHAKEN implementation extension to “take reasonable measures to implement an effective call authentication framework in their non-IP networks.” The FCC has stated that it would continue to evaluate the continuing extension until an “effective” non-IP call authentication framework has been “developed” and becomes “reasonably available.”

The Proposed Rulemaking

The FCC now proposes to establish criteria for evaluating whether any non-IP caller ID authentication frameworks are sufficiently developed, reasonably available, and effective as to warrant repeal of the continuing extension for providers relying on non-IP technology.

Applying the criteria – that a non-IP caller ID authentication framework is “developed,” “reasonably available,” and “effective” – the FCC proposes to conclude that two existing standards meet these requirements: In-Band Authentication (ATIS-1000095.v002) and Out-of-Band Multiple STI-CPS Authentication (ATIS-1000096). The NPRM seeks comment on whether a third standard – Out-of-Band Agreed STI-CPS Authentication (ATIS-1000105) also satisfies the criteria.

Implementation and Next Steps

Given its proposed findings above, the FCC proposes repealing the continuing extension granted to providers relying on non-IP technology. This means that all voice service, intermediate, and gateway providers that have non-IP-based network segments would be required to implement one of the two non-IP caller ID authentication standards. In addition, the FCC proposes to require those providers to certify that they have implemented one of those standards in their Robocall Mitigation Database filings.

Finally, the FCC proposes a two-year compliance deadline for providers to either fully complete their IP transitions and implement STIR/SHAKEN or implement one or more of the available non-IP caller ID authentication frameworks.

All Commissioners supported the NPRM. Commissioner Gomez stated that this item takes an “important step” to close a “significant loophole” but emphasized that stopping robocalls should “continue to be one of the FCC’s top consumer protection priorities.” Similarly, Chairman Carr noted that while STIR/SHAKEN is one of the more comprehensive and effective solutions for stopping robocalls, the remaining non-IP portions of some providers’ networks create authentication gaps. He concluded that even though this item is a step in the right direction, the FCC should be looking at doing more to “accelerate” the complete transition to IP networks and “examine [other] gaps in [providers’] robocalling defenses.”

Comments and reply comments on the NPRM will be due 30 and 60 days after publication in the Federal Register.

 

Subscribe To Viewpoints

Authors

Russell H. Fox is a wireless communications attorney at Mintz. He guides clients through federal legislative, regulatory, and transactional matters. Russell also participates in FCC proceedings, negotiates spectrum agreements, and represents clients in spectrum auctions.
Jonathan Garvin is an attorney at Mintz who focuses on legal challenges facing companies in the communications and media industries. He advises clients on transactional, regulatory, and compliance issues before the FCC involving wireless, broadband, broadcast, and cable matters.