December 17, 2019
Stay in the Know
The pending Pallone-Thune TRACED ACT (Senate Bill 151) is a pending bipartisan robocall bill that is rumored to be passed to the White House for signature very soon. This bill is a combination of the Senate’s TRACED Act and the House’s STOP BAD ROBOCALLS Act. If this legislation is passed, it will provide significantly more authority to the FCC to regulate providers of voice services.
The impact of this legislation may be much greater than initially thought. It appears that Congress has granted the FCC sweeping new authority to regulate the private sector, including call centers and private enterprises, with respect to implementing Shaken/Stir-based call authentication. More so, it appears Congress has indirectly mandated the implementation of call authentication in the private sector.
An Innocuous Definition of “Voice Services”
Here is the logic. The legislation includes an innocuous definition of “voice services,” which is broadly defined as: “Voice service… means any service that is interconnected with the public switch telephone network and that furnishes voice communications to an end-user using resources from the North American Numbering Plan… and includes…(ii) without limitation, any service that enables real-time, two-way voice communications, including any service that requires internet protocol-compatible customer premises equipment…and permits outbound calling, whether or not the service is one-way or two-way voice over internet protocol.” (https://www.congress.gov/bill/116th-congress/senate-bill/151/text, Section 4(a)(2))
This is a broad definition and the term covers over-the-top voice providers and arguably private voice networks that allow outbound calls to originate to the public telephone network. This same term was recently used in a recent FCC Order 19-73, which was directed to the Commission’s implementation of the Caller ID rules for legislation called the “Ray Baum’s Act.” The Commission there expounded on the definition of that term (see paragraphs 24-30) and intended it to be “more expansive than ‘telecommunication service’ and ‘interconnected VoIP service’ as currently defined in our rules.” (Id., paragraph 25.) It is expected that the Commission would apply the same interpretation to that term in the current legislation. So, the legislation includes a deliberate directive of Congress to include private providers of voice services in the call authentication framework to the extent those providers use telephone numbers and route calls to the public switched telephone network.
The same section of the legislation also directs the Commission to “require a provider of voice service to implement the STIR/SHAKEN authentication framework in the internet protocol networks of the provider of voice service…” (reference Section 4(b)(1)(A)). So, it appears Congress has directed the FCC to mandate implementation of Shaken/Stir call authentication in providers of voice services, even if they are in the private sector. The telecommunications industry likely does not quite realize that Congress just gave the FCC this authority.
However, Congress giving the FCC regulatory power over those interfacing with the public telephone network is not unprecedented. The above referenced Ray Baum’s Act that addresses Caller ID rules and the corresponding FCC regulations prohibit “a person” from spoofing unauthorized numbers on text calls. In other words, the FCC was given the authority to regulate callers interacting with the public switched networks. Similarly, it is logical that if Congress asks the FCC to address the problem of spoofed calls, Congress intended the FCC to regulate the callers originating these calls as well.
Do you have questions about compliance? Contact us for tips on keeping pace with the latest outbound calling regulations.
Shaken/Stir Participation: the Answer to the Problem of Call Authentication
Addressing the problem of call authentication in telephone networks is best solved by requiring that all providers in the ecosystem participate in the framework. Those familiar with the Shaken/Stir framework know of the obvious problems that can occur when carrier networks using older technology — such as time-division multiplexing (“TDM”) technologies — are unable to authenticate or validate calls. Further, those defining the Shaken/Stir framework are presently addressing the “enterprise problem,” which involves private enterprises originating calls that cannot be reliably authenticated, because the enterprise is using telephone numbers provided by another carrier. The carrier receiving the call is unable to fully authenticate the number.
This problem would vanish if the enterprises were mandated to implement Shaken/Stir and could sign their own calls. But, this would require enterprises to fully participate in the call authentication framework, just like carriers. On that point, the pending bill also states the Commission shall “enable as promptly as reasonable full participation of all classes of providers of voice services and type of voice calls to receive the highest level of trust” (reference Section 4(b)(5)(D)). Thus, it appears Congress intended enterprises should participate in call authentication on the same level as the carriers.
This conclusion has some profound implications for enterprises. It also has impacts on the Shaken/Stir framework, and how certain groups need to adjust the administration and policies governing the Shaken/Stir framework. But, that is another blog for another day.
The opinions presented here are those of Karl Koster, and not necessarily those of Noble Systems. The contents should not be construed as legal advice nor as comments reflecting any regulatory position of Noble Systems.