	Federal Communications Commission	DA 20-785
Before the
FEDERAL COMMUNICATIONS COMMISSION
WASHINGTON, DC 20554


In the Matter of

Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) 


)
)
)
)
)




EB Docket No. 20-22


REPORT AND ORDER

Adopted:  July 27, 2020	Released:  July 27, 2020

By the Chief, Enforcement Bureau:

I. INTRODUCTION
1. Unlawful prerecorded or artificial voice message calls—robocalls—plague the American public.  Such calls are frequently coupled with misleading or inaccurate telephone numbers displayed as caller ID information, an act known as spoofing, and are often intended to facilitate fraudulent or other harmful activities.  The Commission has deployed a multi-prong strategy to combat these illegal calls. Among other actions, the Commission has imposed forfeitures for violation of the Truth in Caller ID Act, such as Best Insurance Contracts, Inc., and Philip Roesel, dba Wilmington Insurance Quotes, Forfeiture Order, 33 FCC Rcd 9204 (2018) (Roesel Forfeiture Order); Adrian Abramovich, Marketing Strategy Leaders, Inc., and Marketing Leaders, Inc., Forfeiture Order, 33 FCC 4663 (2018) (Abramovich Forfeiture Order), and adopted rules enabling voice service providers to block certain clearly unlawful calls before they reach consumers.  Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-59, Report and Order and Further Notice of Proposed Rulemaking, 32 FCC Rcd 9706 (2017).
  An important prong of the Commission’s strategy is to trace the unlawful robocalls back to their origination, a process known as “traceback.”
2. Congress recognized the ongoing illegal robocall problem and, in December 2019, enacted the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) to further aid the Commission’s efforts. Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105, 133 Stat. 3274 (2019) (TRACED Act).  
  In the TRACED Act, Congress acknowledged the beneficial collaboration between the Commission and the private sector on traceback issues, and required the Commission to issue rules “for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls.” Id. § 13(d)(1).
  
3. In this Order, the Enforcement Bureau (Bureau) selects the single consortium registered to conduct private-led traceback efforts, in accordance with the TRACED Act and consistent with the registration process established in the Commission’s Report and Order and Further Notice of Proposed Rulemaking. Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), EB Docket No. 20-22, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3113 (2020) (Consortium Registration Order).
  USTelecom – the Broadband Association’s (USTelecom) Industry Traceback Group submitted the sole application for consideration for the role of consortium. Letter of Intent from Patrick Halley, Senior Vice President of Policy & Advocacy, USTelecom, and Jessica Thompson, Manager of Policy & Advocacy, USTelecom, to Marlene H. Dortch, Secretary, Federal Communications Commission, EB Docket No. 20-22 (filed May 21, 2020) (USTelecom Letter of Intent).
  The Bureau received five comments regarding the Industry Traceback Group’s candidacy, none of which specifically opposed the Industry Traceback Group’s selection as the registered consortium. See AT&T Comments at 1-2; Cloud Communications Alliance Comments at 2-3; Cellular Telecommunications Industry Association Comments at 2-3 (CTIA Comments); INCOMPAS Comments at 1-2; Verizon Comments at 1-2.  No entity filed reply comments. 
  We find that the Industry Traceback Group fulfills the statutory requirements outlined in the TRACED Act, and therefore we select the Industry Traceback Group to serve as the registered consortium.
II. BACKGROUND
4. Section 227 of the Communications Act of 1934, as amended (the Communications Act), is designed to protect consumers from unlawful robocalls. 47 U.S.C. § 227.
  Sections 227(b), (c), and (d) impose specific requirements on telemarketing and prerecorded voice message calls to give consumers the ability to know who is calling and to control the calls they receive. Id. § 227(b)-(d).  
  Section 227(e) prohibits unlawful spoofing—the transmission of misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value. Id. § 227(e). 
  Failure to comply with section 227(e) has resulted in vigorous enforcement action by the Commission. See, e.g., Roesel Forfeiture Order; Abramovich Forfeiture Order.
  
5. Robocallers that make unlawful calls frequently hide behind spoofed telephone numbers, making it difficult to determine the identity of the real caller.  Commission staff has worked with the private sector, led by the Industry Traceback Group, on tracebacks to successfully uncover the true identity of callers behind illegal robocalls using spoofed caller ID information. Traceback is the process whereby a suspected illegal robocall that used a spoofed telephone number is traced to its source.  
  The Industry Traceback Group is a collaborative group comprised of voice service providers across wireline, wireless, Voice over Internet Protocol (VoIP), and cable services.  Commission staff and the Industry Traceback Group have worked to develop an effective traceback process that significantly assists the Commission in both the evolution and continuation of the traceback process.  The Commission has received a number of referrals for investigation based on traceback information that the Industry Traceback Group was able to provide. See Letter from Rosemary C. Harold, Chief, FCC Enforcement Bureau, and Eric Burger, Chief Technology Officer, to Jonathan Spalter, President and CEO, USTelecom – The Broadband Association (Nov. 6, 2018) (on file in EB-TCD-00027981) (USTelecom Traceback Letter 2018).  
  And the Industry Traceback Group has partnered with the Commission to stem unlawful robocalls, including unlawful COVID-19 scam calls. See, e.g., John C. Spiller; Jakob A. Mears; Rising Eagle Capital Group LLC; JSquared Telecom LLC; Only Web Leads LLC; Rising Phoenix Group; Rising Phoenix Holdings; RPG Leads; and Rising Eagle Capital Group – Cayman, Notice of Apparent Liability for Forfeiture, FCC 20-74 (2020) (in which the Industry Traceback Group provided traceback summaries and correspondence logs to assist in the Commission’s investigation); Letter from Rosemary C. Harold, Chief, FCC Enforcement Bureau, to Jonathan Spalter, President and CEO, USTelecom – The Broadband Association (May 20, 2020) (thanking the Industry Traceback Group for its “prompt response to identify and mitigate fraudulent robocalls that are taking advantage of the national health crisis related to the Novel Coronavirus Disease (COVID-19)”).
  Collaboration with private-led traceback efforts is important to unmask the identities of those entities making the illegal robocalls. USTelecom Traceback Letter 2018 (stating that the information received from the work of the Industry Traceback Group “has resulted in dozens of active investigations [of illegal spoofed robocalls].”).
  
6. On March 27, 2020, pursuant to the TRACED Act, the Commission issued rules “to establish a registration process for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls.” TRACED Act § 13(d); Consortium Registration Order, 35 FCC Rcd at 3115-16, paras. 10-14.
  The Consortium Registration Order amended the Commission’s rules to establish an annual process to register a single consortium to conduct the private-led efforts to trace back suspected unlawful robocalls. Consortium Registration Order, 35 FCC Rcd at 3115, para. 9.
  An entity that plans to register as the consortium for private-led traceback efforts must submit a Letter of Intent as directed by a public notice. Id. at 3115, para. 10; Enforcement Bureau Requests Letters of Intent for Traceback Consortium, Public Notice, (EB Apr. 20, 2020).
  The Letter of Intent must include the name of the entity, a statement of its intent to conduct private-led traceback efforts, and its intent to register as the single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls. The TRACED Act requires that the Bureau renew its call for potential new registrants via a public notice every year.  See TRACED Act § 13(d)(2).  Should entities that are not currently the registered consortium apply for the consortium position, the Bureau will follow the procedures adopted in the Consortium Registration Order in making a selection.  See Consortium Registration Order, 35 FCC Rcd at 3115-16, paras. 9-14.
  In its Letter of Intent, the entity must satisfy the statutory requirements by:  
(a) demonstrating that the consortium is a neutral third-party competent to manage the private-led effort to trace back the origin of suspected unlawful robocalls; 
(b) including a copy of the consortium’s written best practices, with an explanation thereof, regarding management of its traceback efforts and regarding providers of voice services’ participation in the consortium’s efforts to trace back the origin of suspected unlawful robocalls; 
(c) certifying that, consistent with section 222(d)(2) of the Communications Act, 47 U.S.C. § 222(d)(2). 
 the consortium’s efforts will focus on fraudulent, abusive, or unlawful traffic; and
(d) certifying that the consortium has notified the Commission that it intends to conduct traceback efforts of suspected unlawful robocalls in advance of registration as the single consortium. TRACED Act § 13(d)(1)(A)-(D).
    
The Bureau evaluates any Letters of Intent based upon these statutory criteria.
7. The TRACED Act anticipates that the registered consortium will provide the Commission with a list of voice service providers that “received a request from the registered consortium  to participate in private-led efforts to trace back the origin of suspected unlawful robocalls and refused to participate . . . .” Id. § 13(b)(3). 
  The Commission may publish a list and take enforcement action against voice service providers “based on information obtained from the consortium about voice service providers that refused to participate in private-led traceback efforts.” Id. § 13(e).

8. The Commission must annually request information from the registered consortium and voice service providers about private-led traceback efforts. Id. § 13(c).
  The Commission must subsequently publish a report on the status of private-led efforts to trace back the origin of suspected unlawful robocalls. Id. § 13(a).
 Among other things, the report must include:  (1) a list of voice service providers that the registered consortium identified as participating in private-led traceback efforts, (2) a list of voice service providers that received a request from the registered consortium to participate in private-led traceback efforts and refused to participate, and (3) the reason, if any, each voice service provider provided for not participating in the private-led traceback efforts. Id. § 13(b)(2)-(4).

9. The Industry Traceback Group timely submitted its application for the role of consortium. USTelecom Letter of Intent.
  It was the only applicant.  AT&T, Cloud Communications Alliance, Cellular Telecommunications Industry Association (CTIA), INCOMPAS, and Verizon filed comments regarding the Industry Traceback Group’s candidacy for the consortium. See AT&T Comments; Cloud Communications Alliance Comments; CTIA Comments; INCOMPAS Comments; Verizon Comments.
  AT&T, CTIA, and Verizon supported the Industry Traceback Group’s application. AT&T Comments at 1-2; CTIA Comments at 2-3; Verizon Comments at 1-2.
  Although Cloud Communications Alliance and INCOMPAS did not oppose the Industry Traceback Group’s selection, they raised specific concerns about transparency and the scope of the consortium’s activities, and proposed that the Bureau impose additional requirements or constraints on the Industry Traceback Group. See generally Cloud Communications Alliance Comments at 2-3 (requesting that the Commission:  1) define the scope of activities of the consortium, 2) specify the criteria by which a voice provider is designated as non-cooperative, and 3) expand the membership of the Industry Traceback Group’s Executive Committee); INCOMPAS Comments at 1-2 (recommending that the Industry Traceback Group maintain an independent board of directors, clarify the contribution obligations of the Industry Traceback Group members, and provide transparency into its budgeting process).
  
III. DISCUSSION
10. We evaluated the Industry Traceback Group’s Letter of Intent with respect to the statutory criteria:  neutrality; competency; commitment to focus on fraudulent, abusive, or unlawful traffic; and inclusion of written best practices.  We also considered commenters’ concerns and suggested modifications or requirements.  We conclude that the Industry Traceback Group fulfills the statutory requirements enumerated in the TRACED Act and decline to adopt any of the commenters’ proposals. TRACED Act § 13(d)(1)(A)-(D) (requiring neutrality; competent management; written best practices; a concerted focus on fraudulent, abusive, or unlawful traffic; and advance notice to the Commission of an intent to conduct traceback efforts); Consortium Registration Order, 35 FCC Rcd at 3115, para. 11.
  Accordingly, the Bureau selects the Industry Traceback Group as the single registered consortium for private-led traceback efforts.
A. The Industry Traceback Group Qualifies as a Neutral Third-Party
11. The Industry Traceback Group meets the statutory requirement that the registered consortium be a neutral third-party.  In the Consortium Registration Order, the Commission found that openness is indicative of neutrality and that a neutral third-party, at a minimum, must demonstrate its openness by explaining how it will allow voice service providers to participate in traceback efforts in an unbiased, non-discriminatory, and technology-neutral manner. Consortium Registration Order, 35 FCC Rcd at 3117, para. 16.
  The Bureau finds that the Industry Traceback Group has demonstrated its neutrality and a commitment to transparent conduct.  USTelecom demonstrated that it has historically managed the Industry Traceback Group in an unbiased, nondiscriminatory, and technology-neutral manner and commits that it will continue to do so if selected as the consortium. USTelecom Letter of Intent at 4-6.
  USTelecom allows all voice service providers to participate in the traceback process. Id. at 4 (“Moreover, any provider, whether a member of the Industry Traceback Group or not, can participate in a traceback, and to date over 250 entities have supported such efforts.”).
  Additionally, any provider that demonstrates its commitment to the Industry Traceback Group Policies and Procedures is welcome to join the Industry Traceback Group. Id. at 5.
  Since 2016, USTelecom has focused on promulgating “wide-scale industry participation” in the Industry Traceback Group, including voice service providers that are not themselves members of USTelecom. Id.
  We agree with USTelecom that the Industry Traceback Group’s diversity of “voice service providers representing all sectors of the telephone calling ecosystem” demonstrates the group’s commitment to fostering broad and unbiased industry participation. Id. at 6.
  Lastly, we note that no commenter alleged that USTelecom has unfairly discriminated against any entity regarding participation in the Industry Traceback Group.  
12. The TRACED Act does not require, and we do not find it necessary to impose, a specific structure or administrative methodology to ensure neutrality. Consortium Registration Order, 35 FCC Rcd at 3118, para. 19.
  All of the Industry Traceback Group’s participants must commit to curtail unlawful robocalling and spoofing. Id.
  Although none of the commenters contended that the Industry Traceback Group was not neutral, they urged us to require certain modifications to the Industry Traceback Group’s leadership to provide broader representation. Cloud Communications Alliance Comments at 10-11 (“The Commission should require USTelecom to open its governance apparatus to other trade associations or voice service providers, without requiring a voluntary contribution.”); INCOMPAS Comments at 3-4 (“[T]he Industry Traceback Group should have an independent board of directors composed of representatives from different sectors that govern the management and operations of the group.”).
  Cloud Communications Alliance alleges that the Industry Traceback Group’s Executive Committee The 13 members of the Executive Committee currently include AT&T, Bell Canada, CenturyLink, Charter, Comcast, Consolidated, Cox, Frontier, Sprint/T-Mobile, Twilio, US Cellular, Verizon, and Windstream.  USTelecom Letter of Intent, Appx. C.  These companies represent a diverse group of providers within the voice service industry, including carriers and VoIP providers.
 is comprised of “only the largest voice service providers” and that USTelecom is the sole trade association with a voice in the development of the Industry Traceback Group’s policies and procedures. Cloud Communications Alliance Comments at 10-11.
  It also notes that Executive Committee membership is limited to members that voluntarily contribute to covering the costs of the Industry Traceback Group. Id.
  INCOMPAS recommends that the Bureau require the Industry Traceback Group to establish “an independent board of directors composed of representatives from different sectors that govern the management and operations of the group” in order to “pursue priorities that do not have the support of USTelecom’s advocacy organization.” INCOMPAS Comments at 3-4.
  INCOMPAS admits, however, that the Industry Traceback Group has an Executive Committee designed to oversee traceback efforts in an “unbiased, non-discriminatory and neutral manner that prohibits bias in favor of, or against any industry segment.” Id. at 4; USTelecom Letter of Intent at 8. 
  
13. We decline to require that the Industry Traceback Group modify the composition of its Executive Board or create a new governance structure.  First, we do not find evidence that the current structure is prejudicial to voice service providers that are not members of the Executive Committee.  No commenter alleges that the Industry Traceback Group’s management structure has led to a harm or that its structure contradicts any of the statutory criteria by which we must judge applicants.  In addition, although we want the registered consortium to represent a wide array of industry perspectives, we note that the Industry Traceback Group is self-funded.  Thus, it is reasonable that the governing policies are set by those entities that are covering the Industry Traceback Group’s operating costs.  Second, we do not find that an additional board or governing entity is necessary to ensure neutrality.  Six out of 13 members of the Executive Committee are non-USTelecom members, which significantly addresses any hypothetical bias.  If and when INCOMPAS or any other interested party has a specific complaint that the Traceback Group is acting other than in accordance with its neutrality requirement, the Commission is in a position to address and resolve such a complaint. “In order to ensure that the incumbent registered consortium continues to perform its duties in compliance with the statute and to address commenters’ concerns about Commission oversight, the Commission also added certain requirements to help the Commission verify that the registered consortium continues to comply with the statute.  Specifically, in the Letter of Intent, an entity seeking registration must certify that it will (1) remain in compliance throughout the time period that it is the registered consortium; (2) conduct an annual review to ensure its compliance with the statutory requirements; and (3) promptly notify the Commission of any changes that reasonably bear on its certification, including, for example, material changes to its best practices.  We reserve the right to revisit these requirements or impose additional commitments if necessary.”  Consortium Registration Order, 35 FCC Rcd at 3116, para. 13 (footnotes omitted).  
    
14. INCOMPAS raises several concerns about the Industry Traceback Group’s contribution requirements, and a lack of transparency thereof.  INCOMPAS asks the Bureau to direct the Industry Traceback Group to specify how membership fees for the Steering Committee Whereas the Executive Committee “sets the overall direction of the ITG and provides guidance on major ITG decisions,” the members of the Steering Committee “implement the Policies and Procedures governing the operational aspects of the ITG and industry Tracebacks.”  USTelecom Letter of Intent at 5-6, Appx. B.  Steering Committee membership is currently comprised of each member of the Executive Committee as well as ANI Network, Bandwidth, BrightLink, Inteliquent, O1 Communications, Peerless Network, West Telecom Services, and YMax.  USTelecom Letter of Intent, Appx. C.
 are determined and whether a voluntary contribution is necessary to become a member. INCOMPAS Comments at 4-5.
  Additionally, INCOMPAS claims that “voice service providers have had participation fees determined by Industry Traceback Group without having significant input or transparency into how the contribution was developed.” Id. at 5.
  INCOMPAS also alleges that USTelecom’s Letter of Intent is inconsistent with the Industry Traceback Group’s Practices and Procedures.  Specifically, INCOMPAS states that USTelecom’s letter indicates that “a voluntary contribution to cover the costs of Industry Traceback Group” is necessary for an Affiliate Member to become a Steering Committee Member, but those contribution requirements are not mentioned in Industry Traceback Group’s Practices and Procedures. Id.
  
15. We disagree with INCOMPAS’s assertion that USTelecom’s Letter of Intent is not consistent with the Industry Traceback Group’s Practices and Procedures.  Both state that membership in the Industry Traceback Group does not require a payment, but does require compliance with the Industry Traceback Group’s Policies and Procedures. USTelecom Letter of Intent at 3 (“[T]he ITG is open at no cost to any voice service provider that is committed to ending the illegal robocall challenge in compliance with the Policies and Procedures of the ITG.”); id. at 5-6, Appx. B (stating in the Industry Traceback Group’s Policies that both Steering Committee and Affiliate members must “fully comply with the ITG Policies and Procedures”).
  The Letter of Intent clarifies that, in addition to membership in the Industry Traceback Group, which is free, Id. at 6 (“[A]ny voice provider can become a member of the Industry Traceback Group, regardless of whether they provide financial support, and any voice service provider can participate in a traceback – and is encouraged to do so – regardless of whether they are an Industry Traceback Group member.  Ultimately, participation in the Industry Traceback Group is open to all manner of voice service providers, regardless of their underlying technology or industry, and irrespective of their level of contribution to the costs of the effort.”).
 a member who wishes to secure a role on the “Steering Committee” may do so by both demonstrating “consistent compliance with the Industry Traceback Group Practices and Procedures and provid[ing] a voluntary contribution to cover the costs of the Industry Traceback Group.” Id.
  As noted above, we find that requiring service providers that want a governance role to contribute financially does not defeat the neutrality requirement, and the Industry Traceback Group has made this contribution requirement clear.  
16. Finally, although INCOMPAS contends that fees are determined without “significant input or transparency,” INCOMPAS does not provide specific examples in which USTelecom was unresponsive to Industry Traceback Group members’ inquiries nor does INCOMPAS allege that the fees have had a detrimental impact on any industry segment’s ability to participate in the Industry Traceback Group.  In the absence of any evidence of a negative effect on the ability of the Industry Traceback Group to fulfill the statutory requirements, we decline to override USTelecom’s judgment concerning how best to structure the Industry Traceback Group governance.
17. In short, the Industry Traceback Group has sufficiently demonstrated a commitment to neutrality, consistent with our objective openness principle, and we have no authority to require more than that.  The evidence shows that, as far back as May 2016, USTelecom sought participation and membership in the Industry Traceback Group from voice service providers that were not USTelecom members. Id. at 3, 5.
  By October 2016, the Industry Traceback Group expanded to include 11 companies. Id. at 3.
  Over the past four years, the Industry Traceback Group has “evolved into a voluntary consortium of 39 members from across the communications landscape, including wireline, wireless, cable, VoIP, and wholesale providers.” Id.
  We find that these actions demonstrate sufficient inclusivity to meet the letter and spirit of the TRACED Act’s neutrality requirement See TRACED Act § 13(d)(1)(A); Consortium Registration Order, 35 FCC Rcd at 3117-18, paras. 16-18.  The Commission also finds that there is no competitive incentive to discriminate or use the consortium for anticompetitive purposes.  Anticompetitive behavior would diminish the effectiveness of robocall prevention efforts that are in the best interest of all industry segments and may cause the Commission to select a new consortium to lead the private traceback efforts.
 and that INCOMPAS has failed to provide any evidence to indicate that the Industry Traceback Group will not lead the private traceback effort in an unbiased and neutral manner.  
B. The Industry Traceback Group Qualifies as a Competent Manager of the Private-Led Efforts to Trace Back the Origin of Suspected Unlawful Robocalls
18. The TRACED Act requires that the registered consortium be a “competent manager” of privately led traceback efforts. TRACED Act § 13(d)(1)(A).
  The Commission explained that the term requires that the entity is able to effectively and efficiently manage the traceback process of suspected unlawful robocalls for the benefit of those who use the traceback information and, ultimately, consumers. Consortium Registration Order, 35 FCC Rcd at 3119, para. 21.
  Competent management of the traceback process also includes working collaboratively with industry and responding promptly to state and federal law enforcement efforts. Id.
  Congress specifically afforded the Commission discretion to determine a consortium’s competence to manage private-led traceback efforts. TRACED Act § 13(d)(1)(A).
  Evidence of expertise and success in managing and improving traceback processes address a consortium’s competence, and therefore, is rooted in statutory authority. Consortium Registration Order, 35 FCC Rcd at 3119, para. 22 (“As we state in the NPRM, it is reasonable to weigh that expertise and success when selecting between or among consortia to ensure that private-led efforts result in effective traceback.  We note, however, that while a consortium's expertise in managing traceback processes is particularly relevant, such experience is not a prerequisite.”).
  
19. The Bureau finds that the Industry Traceback Group is competent to manage private-led traceback efforts as the registered consortium.  First, the Industry Traceback Group has longstanding expertise in conducting traceback initiatives and has developed a comprehensive set of policies (referred to as the Industry Traceback Group Policies and Procedures) to document and promote consistent application of its methods. USTelecom Letter of Intent at 2-4.
  Second, the Industry Traceback Group executes tracebacks in a timely and efficient manner, as demonstrated by the rapid increase in the number of tracebacks successfully completed per month—from 20 per month in 2018 to 800 in just the first four months of 2020. Id. at 4.
  The Bureau notes its own experience and finds that the Industry Traceback Group has established an outstanding track record of conducting tracebacks in partnership with the Commission.  Additionally, no party contested the Industry Traceback Group’s competency.  Third, USTelecom and the Industry Traceback Group work cooperatively and effectively with a broad array of industry and government stakeholders, including entities outside of the communications industry. Id. at 12-13.
  We recognize and encourage these vital partnerships.  As evidence of the Industry Traceback Group’s effectiveness, the National Association of Attorneys General (NAAG) called for “continued and expanded collaboration” with the Industry Traceback Group and remarked that the state attorneys general have “received valuable information” from this “crucial” relationship. Id. at 13; Letter from Tim Fox, President, National Association of Attorneys General, to Jonathan Spalter, President and CEO, USTelecom – The Broadband Association (May 4, 2020).

C. Maintenance of and Conformity with Written Best Practices 
20. The registered consortium must maintain, and conform its actions to, written best practices regarding the management of private-led efforts to trace back the origin of suspected unlawful robocalls and regarding voice service providers’ participation in such efforts. TRACED Act § 13(d)(1)(B); see also Consortium Registration Order, 35 FCC Rcd at 3119-20, para. 24.
  Written best practices, at a minimum, must address the consortium’s compliance with statutory requirements, TRACED Act § 13(d)(1)(A)-(D).
 consistent with the principles the Commission set forth in the Commission’s Consortium Registration Order. Consortium Registration Order, 35 FCC Rcd at 3117-22, paras. 15-29 (discussing the Commission’s interpretation of section 13(d) of the TRACED Act).
  The registered consortium’s written best practices must establish processes and criteria for determining how voice service providers will participate in traceback efforts, Id. at 3119-20, para. 24.
 and those processes and criteria must be fair and reasonable. Id.
  Best practices evolve over time to reflect empirical knowledge and practical experience.  This is particularly true for technology-dependent activities such as combatting caller ID spoofing.  Therefore, the Commission declined to mandate specific best practices that would necessarily be based on current experience and might not accurately encompass concerns or reflect best practices that may develop in the future. Id. at 3120, para. 25. 
 
21. The Bureau finds that the Industry Traceback Group, through the Industry Traceback Group Policies and Procedures provided by USTelecom, fulfills its requirement to present fair and reasonable best practices. USTelecom Letter of Intent at 8-11, Appx. B.
  The Industry Traceback Group’s best practices address its compliance with relevant statutory requirements and establish processes and criteria regarding how voice service providers should participate in traceback efforts. Id. at 6-11, Appx. B.
  The Industry Traceback Group’s traceback process covers traceback initiation and tracking, the consortium’s communications with voice service providers, “problem zone” messages, and non-cooperative service provider messages. See id.  The Industry Traceback Group’s Policies and Procedures define voice service providers who enter the “problem zone” as those that originate or are the point of entry for suspicious traffic.  Voice service providers who enter the problem zone “will be notified by USTelecom’s Traceback team that they are in danger of being labeled a Non-Cooperative Voice Service Provider unless action is taken to halt the flow of the Suspicious Traffic.  Such providers shall be notified of their status and provided with access to reference materials with information on potential mitigation steps that can be taken to stop illegal calling activity and avoid a non-cooperative designation going forward.”  Id. at 7, Appx. B.
  The Industry Traceback Group’s best practices also provide guidance to voice service providers regarding implementation of dedicated points of contact, ongoing coordination, prompt response times, mitigation of traffic and investigation of upstream sources, referral to enforcement authorities, identification of voice service providers, transmission of voice traffic, and privacy of call traceback information. Id. at 8-11, Appx. B.
  In addition, the Industry Traceback Group has demonstrated a proven track record of frequent communication with state and federal law enforcement See id. at 11 (“USTelecom’s effective management of the ITG has been acknowledged in multiple federal and state enforcement actions, including those executed by the Federal Trade Commission (“FTC”), the Department of Justice (“DOJ”) and the Ohio Attorney General. . . . just last month, the FCC and FTC jointly sent letters to several voice service providers facilitating COVID-19-related scam robocalls originating overseas stating that they must cut off these calls or face serious consequences.  The Commissions also wrote to USTelecom, on behalf of the ITG, expressing gratitude for the ITG’s prompt response to identify and mitigate fraudulent robocalls that are taking advantage of the COVID-19 pandemic.  They stated that ‘the work of the USTelecom Industry Traceback Group is essential to combatting the deluge of unlawful robocalls and protecting consumers and is particularly vital in swiftly identifying scammers who attempt to defraud consumers during the COVID-19 disease outbreak.’  Much of the information on which all of the above actions relied came as a direct result of ITG tracebacks.”).
 that is further reflected in its best practices. See id. at 9, Appx. B (“In instances where a voice service provider is determined to be a Non-Cooperative Voice Service Provider, relevant information may be forwarded to appropriate federal and state enforcement authorities, including, but not limited to, the Federal Communications Commission, the Federal Trade Commission, the Department of Justice, and state Attorneys General. Cooperative Voice Service Providers may provide such information to enforcement agencies directly or through coordination with USTelecom.”).
  In determining which acts or omissions satisfy the Industry Traceback Group’s best practices, the consortium must adhere to the principles enumerated in the Consortium Registration Order, which we promulgated to “encourage, not hinder, a responsive, dynamic traceback process” designed to provide both clarity and flexibility as business models adapt, new technology develops, and networks update over time. See Consortium Registration Order, 35 FCC Rcd at 3117, para. 15 (discussing the Commission’s goal of ensuring both dynamic and nimble processes as well as statutory compliance).

22. Although no commenter expressly opposed the Industry Traceback Group’s selection as the registered consortium, two commenters assert that the Industry Traceback Group’s Policies and Procedures exceed the scope of the consortium’s authority and that the best practices lack transparency.  Cloud Communications Alliance argues that the Industry Traceback Group Policies and Procedures assert broader powers than those contemplated by the TRACED Act. Cloud Communications Alliance Comments at 2-4.
  Specifically, Cloud Communications Alliance opposes the Industry Traceback Group’s stated policy of requiring voice service providers to take mitigating actions in order to avoid designation as non-cooperative voice service providers.  Cloud Communications Alliance also objects to the Industry Traceback Group’s statement that it might publicly identify non-cooperative voice service providers on its website.  Cloud Communications Alliance also contends that the Industry Traceback Group failed to provide sufficient information about how it would determine that a voice service provider is non-cooperative. See generally id. (arguing that the Industry Traceback Group’s Policies and Procedures fall short of implementing the private-led traceback process in a neutral, transparent, and non-discriminatory manner).
  Cloud Communications Alliance is concerned in particular that the Industry Traceback Group’s practices do not adequately take into account that contractual provisions may prevent the voice service provider from disclosing the names and contact information of entities originating suspicious traffic. Id. at 7.
  
23. Mitigating Actions.  Cloud Communications Alliance recommends that the Commission “bar the Consortium from requiring mitigation as a condition for avoiding non-cooperative designation at least until the Commission adopts mitigation standards[.]” Id. at 6.
  We decline this request.  Cloud Communications Alliance’s recommendation would stymie the Industry Traceback Group’s efforts to effectuate an adaptive industry response to the present and future scourge of unlawful robocalls.  Section 13 of the TRACED Act is intended to facilitate federal law enforcement and industry partners’ efforts to identify and prevent further transmission of unlawful traffic.  Effective traceback processes, including mitigation measures, are a critical component in achieving the Commission’s statutory directive.  The Industry Traceback Group Policies and Procedures state that designation as a non-cooperative provider will occur only after repeated instances of inaction and/or non-compliance and only after the Industry Traceback Group provides notice to the provider that the conduct at issue falls outside the scope of its best practices and provides the designated non-cooperative provider an opportunity to respond. USTelecom Letter of Intent at 8, Appx. B (“If sufficient mitigation steps are not taken and a provider meets the definition of a Non-Cooperative Voice Service Provider, USTelecom’s Traceback team will notify the provider through an automated alert of their status and ask that they take the necessary steps to stop the illegal calling activity.”).
  Contrary to Cloud Communications Alliance’s contention, the Industry Traceback Group’s requirement that voice service providers mitigate suspicious traffic is not an adverse enforcement action against such a provider. We note that while the Industry Traceback Group may recommend mitigation practices to providers it deems “non-cooperative,” the Commission retains and will continue to exercise full statutory authority to take actions to combat unlawful robocalls.  See, e.g., TRACED Act § 13(d) (referring to the “judgement of the Commission” in selecting the consortium); 47 U.S.C. §§ 227, 503.  The registered consortium’s determination that a voice service provider is non-cooperative does not automatically trigger enforcement action, and any enforcement action that the agency initiates will include due process provided by law.
  For these reasons, we decline to enjoin the private consortium from requiring mitigation efforts and decline to dictate the particulars of its best practices so long as those practices are applied in a transparent and neutral manner.
24. Public Identification of Non-Cooperative Actors.  In section 13 of the TRACED Act, Congress codified the role of private-led tracebacks in the Commission’s enforcement process.  The statute recognized that the Commission may publicize the names of, and take enforcement action against, “voice service providers that refuse to participate in private-led [traceback] efforts” as well as “voice service providers that are found to originate or transmit substantial amounts of unlawful robocalls.” TRACED Act § 13(e) (“The Commission may publish a list of voice service providers and take appropriate enforcement action based on information obtained from the consortium about voice service providers that refuse to participate in private-led efforts to trace back the origin of suspected unlawful robocalls, and other information the Commission may collect about voice service providers that are found to originate or transmit substantial amounts of unlawful robocalls.”).
  Congress expected the Commission and the registered consortium to work together to encourage—at the point of an Commission enforcement sword, if necessary—all voice service providers to cooperate with traceback efforts and cease carrying unlawful robocalls on their networks.  Accordingly, section 13(e) of the TRACED Act specifically recognizes that the Commission may publish and use information about non-compliant entities gathered by the registered consortium—and says nothing about whether or not any other entity may publish this information. The statement that the Commission may publish the names of non-participating voice service providers is a recognition rather than a grant of authority.  Prior to the TRACED Act, the Commission had and used that authority. See 47 CFR § 0.111; see, e.g., Letter from Rosemary C. Harold, Chief, FCC Enforcement Bureau, and Eric Burger, Chief Technology Officer, to Daniel Koch, CEO, 382 Communications Corporation (Nov. 6, 2018) (one of eight letters that the Commission sent to voice service providers encouraging their cooperation “with efforts to combat illegal robocalling and unlawful Caller ID spoofing”).

25. USTelecom’s Letter of Intent discloses that USTelecom may elect in the future to “publish the identity of and share information about Non-Cooperative Voice Service Providers,” and that such actions may include sharing the names of providers who refuse to comply with traceback efforts with “government enforcement agencies, [] other voice service providers, and with the public.” USTelecom Letter of Intent at 3.
  Cloud Communications Alliance argues that “the TRACED Act reserves to the Commission the authority to . . . publicize non-cooperative voice service providers” Cloud Communications Alliance Comments at 6. 
 and that the Industry Traceback Group overstepped when it reserved the right to publish the identities of allegedly non-cooperative actors. Cloud Communications Alliance Comments at 4.
  We disagree.  The plain language of section 13(e) does not foreclose publication of that same information by others.  Therefore, we find that the Industry Traceback Group is not prohibited by the TRACED Act from publishing the identities of non-cooperative voice service providers. The Cloud Communications Alliance does not allege, and we accordingly do not address, whether the publication by the Industry Traceback Group of a list of non-cooperative providers would be prohibited by any other state or federal law. 
  
26. Voice Service Provider Contractual Provisions and “Non-Cooperative” Designation.  The TRACED Act requires that the Commission publish an annual report on the status of robocall enforcement, including, among other details, a list of each voice service provider from whom the registered consortium requested traceback information but that “refused to participate, as identified by the registered consortium.” TRACED Act § 13(a)-(b).  Cloud Communications Alliance also complains that USTelecom and the Industry Traceback Group “redact key criteria [from their Letter of Intent] that inform voice service providers when they run afoul” of the Industry Traceback Group’s best practices.  Cloud Communications Alliance Comments at 8.  We note that the Commission explicitly declined to mandate specific best practices.  See Consortium Registration Order, 35 FCC Rcd at 3120, para. 25.  Additionally, the unredacted version of the best practices shall be freely available to any member of the Industry Traceback Group.  To the extent that the Industry Traceback Group chose to redact certain passages so as to not provide a roadmap for evading compliance by malicious entities, we support the Industry Traceback Group’s decision to redact these passages from its publicly-available Letter of Intent.
  Prior to the annual report, the Commission must seek information from the registered consortium and voice service providers about private-led traceback efforts. TRACED Act § 13(c).
  The TRACED Act does not specify a method or basis for determining that a voice service provider’s actions (or lack thereof) constitute a refusal “to participate in private-led efforts to trace back the origin of suspected unlawful robocalls” Id. § 13(e).
 but contemplates that the registered consortium will make that determination as part of its requisite submission to the Commission.  USTelecom’s Letter of Intent discusses the criteria for designating a voice service provider as “non-cooperative.” See USTelecom Letter of Intent at 2-4, Appx. B (providing specific actions that will result in designation as a “non-cooperative” voice service provider); id. at 8-11, Appx. B (discussing the “best practices” expected of cooperative voice service providers).

27. Cloud Communications Alliance notes that, under the Industry Traceback Group’s policies and procedures, a “[f]ailure to identify the name of an end user customer originating suspicious traffic or to identify an upstream carrier delivering such traffic can result in a provider being designated as non-cooperative.” Cloud Communications Alliance Comments at 7.
  Cloud Communications Alliance raises concern about situations where a voice service provider desires to cooperate with the Industry Traceback Group but is reluctant to do so because it has contractual obligations that prohibit sharing identifying information about the source of the traffic.  Cloud Communications Alliance argues that voice service providers or the Industry Traceback Group “should have the right to . . . contact the Commission” for a subpoena in such a situation. Id. at 8.
  
28. We find that it is reasonable to characterize as “non-cooperative” a voice service provider that refuses to identify the source of unlawful traffic.  First, the fact that the registered consortium identified an entity as non-cooperative is not a legal determination and does not have any direct legal implication.  Second, the registered consortium must also submit to the Commission, and the Commission must include in its annual report, the reasons identified by voice service providers for not participating in traceback efforts. TRACED Act § 13(b)(4).
  To the extent that the voice service provider contends that it is legally barred from providing information, that information will be included in the annual report.  Third, voice service providers have an opportunity to submit information to the Commission prior to the annual report. Id. § 13(c).
  This provides another venue by which a voice service provider may attempt to justify its failure to participate.  Fourth, voice service providers are in a position to draft their contracts, including nondisclosure provisions, as they choose.  We do not wish to sanction or incent nondisclosure provisions that may ultimately impair our ability to take enforcement action against unlawful robocalls.  Contractual provisions that prohibit, delay, or otherwise interfere with a voice service provider’s cooperation with private-led traceback efforts are contrary to the spirit and goals of the TRACED Act. We reject the proposal that the Commission should issue a subpoena to a voice service as a precondition for the voice service provider giving the registered consortium information critical to the traceback process.  A subpoena requirement would undermine Congress’s goal of an industry-led traceback process.
  Therefore, we encourage voice service providers to review their contracts and eliminate such contract provisions as soon as possible.
D. Focus on “Fraudulent, Abusive, or Unlawful” Traffic
29. The TRACED Act mandates that the registered consortium’s private-led traceback of suspected unlawful robocalls focus on “fraudulent, abusive, or unlawful” traffic. TRACED Act § 13(d)(1)(C).  The effort must be consistent with section 222 of the Communications Act, which governs the privacy of customer information.  Section 222(d)(2) allows telecommunications carriers to use, disclose, or permit access to customer proprietary network information “to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services[.]”  47 U.S.C. § 222(d)(2).
  No commenter raised concerns that the Industry Traceback Group proposal did not satisfy this requirement.  
30. The Industry Traceback Group maintains a comprehensive sourcing policy, whose goal is to ensure that “any tracebacks launched by USTelecom are initiated in good faith for the purpose of identifying the source of illegal and/or fraudulent traffic and providing information to industry and government traceback participants to mitigate fraudulent and unlawful robocalls, thereby satisfying the requirements of section 222(d)(2) of the Act.” USTelecom Letter of Intent at 9. 
  Based on the Bureau’s experience combating unlawful robocalls, a traceback process that, at a minimum, considers scope, scale, and harm should lead to a focus on “fraudulent, abusive, and unlawful” traffic.  The Industry Traceback Group meets this standard.  USTelecom will only share a traceback request with the Industry Traceback Group if:  (1) a credible and verifiable source is providing information regarding the traceback candidate; (2) USTelecom staff determines that the traffic associated with any traceback appears to be fraudulent, abusive, or unlawful; and (3) the request warrants utilization of Industry Traceback Group’s valuable resources. Id.
  We find that these provisions in USTelecom’s Letter of Intent, in addition to the Bureau’s prior experience working with the Industry Traceback Group, demonstrate sufficient focus on preventing “fraudulent, abusive, or unlawful” traffic.  
IV. PROCEDURAL MATTERS
31. People with Disabilities. To request material in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (tty).
32. Further Information. For further information about the Report and Order, contact Brandon Thompson, Attorney Advisor, Telecommunications Consumers Division, Enforcement Bureau, at (202) 418-2985 or brandon.thompson@fcc.gov.
V. ORDERING CLAUSES
33. Accordingly, IT IS ORDERED, pursuant to sections 4(i) and 4(j), of the Communications Act of 1934, as amended, 47 U.S.C. §§ 154(i) and 154(j), and section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. 116-105, 133 Stat. 3274, this Report and Order IS ADOPTED.
34. IT IS FURTHER ORDERED that, pursuant to section 1.102(b)(1) of the Commission’s rules, 47 CFR § 1.102(b)(1), this Report and Order SHALL BE EFFECTIVE immediately upon release.

FEDERAL COMMUNICATIONS COMMISSION




Rosemary C. Harold				
Chief
Enforcement Bureau
13