Written by Amy Ralls | Oct 23, 2019 4:00:00 AM
With only a couple months left in 2019, FCC Chairman Ajit Pai's "end of 2019" deadline for telecom carriers to implement
industry-based solutions to help curb the scourge of unlawful and harassing robocalls and caller ID spoofing is fast approaching. Recently, the FCC has been under immense pressure from Congress to address the robocalling/call spoofing issue as the country heads into another election year; indeed, that Congress might
legislate a solution (in parallel to industry-led efforts) remains a distinct possibility. The FCC's so-called deadline is, in reality, merely a
"threat" from the FCC Chairman, which goes something like this... 'if the industry fails to implement a market-based solution to the problem, the FCC will regulate and mandate compliance by force of law.' Back in November 2018, Pai's office targeted the nation's largest "voice call terminating carriers" with letters laying out the Commission's expectations and the consequences of non-fulfillment:
- AT&T, Bandwidth.com, CenturyLink, Charter, Comcast, Cox, Frontier, Google, Sprint, TDS, T-Mobile, US Cellular, Verizon, Vonage
As we approach 2020, our firm is beginning to see increased "commercial activity" which indicates that some of the above-listed terminating carriers are actively implementing the industry-developed SHAKEN/STIR solution. But before getting to this activity, a brief primer on the industry-developed SHAKEN/STIR regime should be helpful to those of you who may not have been paying close attention:
[SHAKEN/STIR stands for Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR), and is a protocol for authenticating phone calls with the help of cryptographic certificates. The protocol was created to address the problem of call spoofing --calls that claim to come from a number or network, but don't. SHAKEN/STIR works by having the originating telecom provider (responsible for call origination) digitally "sign" the call using a certificate. The certificate authenticates and backs the legitimacy of the call. It is effectively a "Know Your Customer" regime; one that places considerable responsibility, risk and economic exposure on upstream and originating telecom carriers, who must "Know" the customer that originates call traffic, vouch for the lawful and legitimate nature of the customer's originating traffic, and be prepared to suffer consequences (such as blocked calls, as well as litigation exposure) if the terminating carrier determines the traffic is actually unlawful or illegitimate. Under SHAKEN/STIR, it is the terminating carrier's duty to verify all calls are coming from legitimate, SHAKEN/STIR authenticated sources before a call is terminated to the called party.
While SHAKEN/STIR won't stop robocalls completely, the goal is to help telecom network operators and end users spot robocalls more easily. Under the SHAKEN/STIR regime, carriers will be able to mark unverified/unauthenticated calls as suspicious and consumers will be able to act on these warnings and turn down or block calls.] Now, turning our attention to some of the commercial activity we are witnessing. Beginning a few months ago, Verizon (one of the major terminating carriers implementing SHAKEN/STIR in their network and business practices) began contacting its wholesale carrier customers requesting (no, demanding) they sign a "Robocall Traceback Amendment" to their wholesale agreements. In communicating its demands, Verizon explains: "Verizon is taking an active role in eliminating illegal robocalling and has decided to take necessary steps to identify this traffic and ensure Verizon is not, directly or indirectly, facilitating or handling this traffic, and where necessary, take steps to stop this traffic at its source. The entire ecosystem will benefit from meaningful efforts to eliminate illegal robocalls at the source because doing so can help restore consumer trust in voice calls. You may be aware that various service providers have banded together to identify bad actors by tracing back suspicious robocalls via USTelecom’s Industry Traceback Group (the “Traceback Group”), of which Verizon is a founding member. Each member of the Traceback Group has agreed that if suspicious traffic is detected as coming from its network, it will promptly investigate where the traffic is coming from and report the source of that traffic to the USTelecom traceback administrator (the “Administrator”). The Administrator then either contacts the upstream carrier that sent the traffic in order to trace it farther upstream, or in the event the traffic came from a retail customer, to coordinate with law enforcement so that the bad actor initiating the traffic can be brought to justice. Unfortunately, it is common for traceback to dead-end when an upstream carrier refuses to identify the source of the suspicious traffic. There is no valid excuse for any service provider in the call path to fail to cooperate with such industry traceback efforts.
The Federal Communication Commission has explicitly encouraged carriers to participate in traceback in good faith. Good faith participation includes responding to USTelecom, Verizon, and any applicable law enforcement or regulatory authority traceback request (emphasis added). Verizon requires your cooperation to ensure that all of the voice providers in the call path participate in good faith in industry traceback efforts. Attached is an Amendment to your underlying services agreement that will ensure this crucial step towards addressing the robocall problem is properly addressed. Please execute the Addendum and return it to Verizon within fourteen (14) days from the date of this letter. Please note that Verizon has elected to aggressively pursue and stop illegal robocalling and is taking steps to only provide services to customers who share the same commitment. Consequently, your failure to execute the amendment will be taken into account in determining Verizon’s agreement to continue providing you termination services. Additionally, if Verizon determines its IP Termination Services are being used to support illegal robocalling activity, or you fail to cooperate in addressing robocalling activity, Verizon may upon not less than thirty (30) days' prior written notice to Customer, terminate any IP Termination Services." Verizon's "notice" triggers an important observation regarding the company's approach to implementing a "traceback" program. While correctly noting that the FCC "encouraged carriers to participate... in good faith," Verizon appears to go several steps beyond a fair reading of "good faith." Mandating a change in commercial terms that grants Verizon the right to be judge, jury and executioner with regard to the ultimate determination whether to terminate or block another upstream carrier's calls, immunizes Verizon from liability for its errors and overreaches, and doing so on such short notice (14 days), under threat of termination of the underlying wholesale agreement with a wholesale carrier customer may well go beyond any reasonable interpretation of the FCC's "good faith" expectation. As the deadline for implementing SHAKEN/STIR draws near, if your company received the same or a similar notice from Verizon or any another wholesale carrier partner (particularly a "terminating carrier"), we advise caution. Before taking action, and prior to locking your company into an untenable position, be certain to: (a) conduct due diligence into SHAKEN/STIR and the industry's response to robocalling and caller ID spoofing prevention, (b) consult with knowledgeable telecom counsel, and (c) fully understand your obligations under the soon to be operative compliance regime. Attorneys at
Marashlian & Donahue, PLLC, The CommLaw Group are standing by to help your company navigate its way through these complicated times. Contact the attorney assigned to your account should you have questions or concerns regarding the contents of this Client Advisory. Or simply contact Jonathan S. Marashlian at
jsm@commlawgroup.com.