Federal Communications Commission DA 20-1374 DA 20-1374 Released: November 18, 2020 STIR/SHAKEN CALLER ID AUTHENTICATION GOVERNANCE FRAMEWORK REVISED TO EXPAND PARTICIPATION Secure Telephone Identity Governance Authority Revises Token Access Policy to Eliminate Direct Access to Telephone Numbers Requirement WC Docket No. 17-97 This Public Notice serves as an informational announcement that, on November 18, 2020, the Secure Telephone Identity Governance Authority (Governance Authority) issued an update to its Service Provider Code (SPC) Token Access Policy. Press Release, ATIS, New Secure Telephone Identity Governance Authority Policies Advance Industry Illegal Robocall Mitigation Goals (Nov. 18, 2020), https://www.atis.org/press-releases/new-secure-telephone-identity-governance-authority-policies-advance-industry-illegal-robocall-mitigation-goals/ (Governance Authority Press Release). Under the revised policy, an entity will no longer need direct access to telephone numbers to participate in the STIR/SHAKEN caller ID authentication framework. The Governance Authority, managed by a board consisting of representatives from across the voice service industry, defines the policies and procedures for which entities can acquire a digital certificate necessary to participate in STIR/SHAKEN. See Call Authentication Trust Anchor, Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97 and 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241, 3246, para. 9 (2020) (First Caller ID Authentication Report and Order and Further Notice). One such policy is the SPC Token Access Policy, which establishes three requirements an entity must meet to in order to receive a certificate. In its current iteration, the SPC Token Access Policy requires an entity seeking a certificate, among other things, to “[h]ave direct access to telephone numbers from the North American Numbering Plan Administrator . . . and National Pooling Administrator.” See STI Governance Authority, STI-GA Policy Decisions Document (2020), https://sti-ga.atis.org/wp-content/uploads/sites/14/2020/11/201118-STIGA-Board-Policy.pdf. The newly revised SPC Token Access Policy removes and replaces the requirement that an entity have direct access to telephone numbers to receive a certificate. In place of that requirement, the revised policy requires that an entity must be listed in the Federal Communications Commission’s (Commission) forthcoming Robocall Mitigation Database. Governance Authority Press Release. In September, the Commission adopted rules requiring voice service providers to file certifications, maintained in a publicly accessible database, that their traffic is either “signed with STIR/SHAKEN or . . . subject to a robocall mitigation program.” Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, FCC 20-136, at 44, para. 82 (2020) (Second Caller ID Authentication Report and Order). The Governance Authority announced that the new policy will be effective upon the Commission’s Robocall Mitigation Certification filing deadline and that, until then, “the current SPC token access policy remains in effect.” Governance Authority Press Release. The Commission directed the Wireline Competition Bureau (Bureau) to issue a Public Notice announcing both when voice service providers may begin filing certifications in the Robocall Mitigation Database and establishing the deadline for filed certifications. Second Caller ID Authentication Report and Order at 44-45, para. 83. The Commission further directed the Bureau to set the filing deadline no earlier than June 30, 2021. Id. The Commission has recognized concerns raised by some stakeholders that the current SPC Token Access Policy prevents certain categories of voice service providers from participating in STIR/SHAKEN. Second Caller ID Authentication Report and Order at 24, para. 49; First Caller ID Authentication Report and Order and Further Notice, 35 FCC Rcd at 3259, para. 39 n.145. In recognition of these concerns, the Commission granted an extension to voice service providers that cannot obtain a certificate due to the SPC Token Access Policy “until it is feasible for a provider to participate in STIR/SHAKEN due either to the possibility of compliance with the Governance Authority policy or a change in the Governance Authority policy.” Second Caller ID Authentication Report and Order at 24, para. 50. The Commission further “recognize[d] that a voice service provider may not be able to immediately come into compliance with its caller ID authentication obligations after it becomes eligible to receive a certificate,” and found that it “will not consider a voice service provider that diligently pursues a certificate once it is able to receive one in violation of our rules.” Id. For further information, please contact Matthew Collins, Assistant Chief, Competition Policy Division, Wireline Competition Bureau, at (202) 418-7141 or by email at matthew.collins@fcc.gov. - FCC - 2