FCC Releases Two Notices of Inquiry Addressing Reassigned Numbers and Caller ID Spoofing

The FCC released two notices of inquiry (NOIs) related to TCPA issues last week: one on how to better track reassigned numbers, and another on tightening industry wide techniques to discourage Caller ID spoofing, one category of illegal robocalls. Each NOI seeks public comment.

Reassigned Numbers NOI

On July 13, 2017, the FCC released an NOI addressing the issue of identifying reassigned phone numbers. Specifically, as the FCC notes, in many cases the recipient of a reassigned number may be subject to unwanted calls that the prior holder of the number consented to; and conversely, the previous holder of the reassigned number is no longer receiving those calls for which she gave consent. According to the NOI:

Approximately 35 million telephone numbers are disconnected and aged each year, and according to one source 100,000 numbers are reassigned by wireless carriers every day. Consumers change telephone numbers for a variety of reasons, including switching wireless providers without porting numbers and getting new wireline telephone numbers when they move. Once a consumer drops a number, he or she might not update all parties who have called in the past, including robocallers to which the consumer gave prior express consent. NOI, ¶ 5.

In light of the FCC ruling in July 2015 that clarified a range of potential liabilities for calling reassigned numbers, the issue has resulted in a substantial amount of litigation and liability risk for companies that have received consent to place calls to numbers that have subsequently been reassigned. Further, the FCC notes that, despite the TCPA and FCC rules, complaints about unwanted calls, historically have been one of the FCC’s largest sources of informal complaints.

In the NOI, the FCC seeks comment on ways in which the voice service providers who have relevant information about individual number assignments could report those changes in an accurate and timely way. Specifically, the FCC asks commenters to propose types of information that service providers should report, and at what stage in the reassignment cycle.

The FCC further asks which types of service providers should be included in any new reporting regime, and how the agency might address derivative or indirect assignments, such as those by providers that obtain and resell numbers from other providers. The FCC explicitly observes that it is not proposing rules at this time, but nonetheless requested input on the potential benefits of rules standardizing reassignment reporting procedures.

The FCC also seeks comment on a range or potential reporting alternatives, including (1) an FCC-established database; (2) reporting to a third-party data aggregator or directly to robocallers; (3) requiring service providers to operate a queriable database; or (4) requiring service providers to issue public reports.

Additionally, the FCC seeks comment on how service providers might be compensated for the costs of providing reassigned number information, including potential fees for those seeking to access data about reassigned numbers. Further, the FCC asks commenters to weigh in on how frequently providers should issue updates regarding reassigned numbers, and the format in which such information should be reported on the NOI if the FCC moves forward with the proposal.

Comments on the NOI are due by August 28, 2017, and reply comments are due by September 26, 2017.

Robocalls and Spoofing NOI

On July 14, 2017, the FCC released an NOI exploring in more detail the problem of Caller ID spoofing, which is a subset of the illegal Robocall Task Force work the FCC started last year. The FCC acknowledges that there are some legitimate reasons to spoof a phone number, but concluded that the practice also carries the potential to cause significant harms to consumers by potentially allowing fraud, by circumventing blocking technologies imposed by consumers and phone companies aimed at reducing unwanted robocalls.

The FCC notes that ATIS and the SIP Forum have been working as part of the FCC’s Robocall Task Force to develop standards to verify and authenticate caller identification for calls carried over IP networks. As the FCC explains: “The ATIS and SIP Forum work consists of a three-phase approach to solving the issue of caller identification, using a digital certificate scheme to ‘verify and authenticate caller identification for calls carried over an Internet Protocol (IP) network.’”

The NOI goes on to explain that, when a subscriber places a call through a service provider under the ATIS/SIP model, the originating service provider contacts an authentication service to obtain a private key with which it can sign the call. The originating service provider then uses the key to sign the call with the subscriber’s information and the authentication service’s certificate, which can then be verified by the receiving provider.

The NOI seeks comment on what the agency can do to promote development and adoption of the ATIS/SIP framework or other authentication frameworks. In particular, the FCC seeks insight into whether there are existing market incentives sufficient for industry to adopt authentication technologies, and whether there is precedent in other successful FCC campaigns to promote adoption of socially beneficial technologies.

The FCC further seeks comment on whether an authentication framework will require a centralized governance authority or policy administrator, and if so, how such an authority might be constituted. As the FCC notes, it could serve in such a role itself, or it could be involved in constituting a committee or other entity capable of serving that function. The NOI seeks comment on what factors should be considered in developing such an authority. The FCC also seeks input into how authentication service providers might be validated—in particular, whether there is a need for the FCC to act as a certifying authority.

Finally, the NOI raises a number of technical questions about certification authorities, such as the scope of authentication efforts among calling technologies. As the FCC notes, the various networks over which calls originate pose different challenges for authentication. Additional challenges arise from the fact that many spoofed calls originate outside the FCC’s US jurisdiction.

Comments on the NOI are due on August 14, 2017, and replies are due on September 13, 2017.