Federal Communications Commission DA 21-454 DA 21-454 Released: April 20, 2021 WIRELINE COMPETITION BUREAU ANNOUNCES OPENING OF ROBOCALL MITIGATION DATABASE AND PROVIDES FILING INSTRUCTIONS AND DEADLINES WC Docket No. 17-97 In this Public Notice, the Wireline Competition Bureau (Bureau) announces the immediate opening of the Robocall Mitigation Database, provides detailed filing instructions, and establishes a June 30, 2021 deadline for voice service providers to submit required information in the Database. Based on this deadline, intermediate providers and terminating voice service providers will be prohibited from accepting traffic from voice service providers not listed in the Robocall Mitigation Database beginning September 28, 2021. In March 2020, acting pursuant to the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105 (2019) (TRACED Act). the Commission adopted rules requiring voice service providers to implement STIR/SHAKEN caller ID authentication technology in the Internet Protocol (IP) portions of their networks. Call Authentication Trust Anchor; Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97 and 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241, 3257-58, paras. 32-35 (2020) (First Caller ID Authentication Report and Order and Further Notice); 47 CFR § 64.6301. Thereafter, in accordance with the TRACED Act, the Commission granted extensions for compliance with this deadline to certain classes of providers, Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, FCC 20-136, at 18, para. 38 (Sept. 29, 2020) (Second STIR/SHAKEN Order) (explaining that the Commission granted the following extensions from implementation of caller ID authentication: “(1) a two-year extension to small, including small rural, voice service providers; (2) an extension to voice service providers that cannot obtain a certificate due to the Governance Authority’s token access policy until such provider is able to obtain a certificate; (3) a one-year extension to services scheduled for section 214 discontinuance; and (4) as required by the TRACED Act, an extension for the parts of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls until a solution for such calls is reasonably available”). and required those voice service providers with an extension to implement robocall mitigation programs to combat the origination of illegal robocalls on their networks. Second STIR/SHAKEN Order at 39-40, para. 74. The TRACED Act directs the Commission to require all voice service providers with an extension to “implement an appropriate robocall mitigation program to prevent unlawful robocalls from originating on the network of the provider.” TRACED Act § 4(b)(5)(C). The Commission required voice service providers subject to an extension to certify what methods they are using to combat the origination of illegal robocalls and announced that it would establish a database for these certifications. Second STIR/SHAKEN Order at 44-46, paras. 82-85. The Commission stated that a robocall mitigation program is sufficient if the detailed practices that the voice service provider submits can “reasonably be expected to significantly reduce the origination of illegal robocalls” Second STIR/SHAKEN Order at 43, para. 78. and the voice service provider complies with the practices it describes in its filings. Second STIR/SHAKEN Order at 43, para. 78. The Commission also found that it would consider a mitigation program to be insufficient if a provider “knowingly or through negligence serves as the originator for unlawful robocall campaigns.” Second STIR/SHAKEN Order at 43, para. 78. Furthermore, the Second STIR/SHAKEN Order clarified that if any voice service provider submits a certification that is found to be deficient in some manner, it will be subject to appropriate enforcement action, which may include the removal of its defective certification from the database after notice and an opportunity to cure. Second STIR/SHAKEN Order at 45-46, para. 83. The Commission required that all voice service providers participate in traceback as part of their robocall mitigation programs. Second STIR/SHAKEN Order at 43, para. 79 (“The record also convinces us that participation in industry traceback efforts is of utmost importance in the absence of STIR/SHAKEN implementation. To that end, we require voice service providers, as part of their robocall mitigation programs, to commit to cooperating with the Commission, law enforcement, and the industry traceback consortium in investigating and stopping any illegal robocallers that it learns are using its service to originate calls. We find that this baseline requirement to participate in traceback efforts is a necessary aspect of any attempt to mitigate illegal robocalls, as it permits voice service providers and enforcement agencies to identify illegal robocallers and prevent them from further abusing the voice network.”). The Commission also required “all voice service providers—not only those granted an extension—to file certifications with the Commission regarding their efforts to stem the origination of illegal robocalls on their networks.” Second STIR/SHAKEN Order at 44-45, para. 82. Specifically, the Commission: (1) required all voice service providers to certify that their traffic is either fully, partially, or not yet signed with STIR/SHAKEN; Second STIR/SHAKEN Order at 45, para. 82; 47 CFR § 64.6305(b)(1)(i)-(iii). (2) required voice service providers that certify that some or all of the calls they originate are subject to a robocall mitigation program to submit additional information with their certifications, including the type of extension or extensions received under section 64.6304 of the Commission’s rules, specific reasonable steps taken under a program to avoid originating illegal robocalls, and a commitment to respond to traceback requests and to cooperate with investigating and stopping illegal robocalls; Second STIR/SHAKEN Order at 45, para. 82; 47 CFR § 64.6305(b)(2)(i)-(iii). and (3) required that all certifications must be signed by an officer in conformity with section 1.16. 47 CFR § 64.6305(b)(3)(ii); 47 CFR § 1.16. The Commission also adopted provisions directing voice service providers to submit contact and identification information when filing their certifications. Second STIR/SHAKEN Order at 46, para. 84. Such information must include: (1) the business name(s) and primary address of the voice service provider; (2) other business names in use by the voice service provider; (3) all business names previously used by the voice service provider; (4) whether the voice service provider is a foreign voice service provider; and (5) the name, title, department, business address, telephone number, and email address of one person within the company responsible for addressing robocall mitigation-related issues. Second STIR/SHAKEN Order at 46, para. 84; 47 CFR § 64.6305(b)(4)(i)-(v). Obligations on Intermediate Providers and Terminating Voice Service Providers. Intermediate providers and terminating voice service providers will be prohibited from accepting traffic from voice service providers not listed in the Robocall Mitigation Database beginning September 28, 2021. In the Second STIR/SHAKEN Order, the Commission adopted a rule prohibiting “intermediate providers and terminating voice service providers from accepting voice traffic from any voice service provider that does not appear in the [Robocall Mitigation Database].” Second STIR/SHAKEN Order at 46-47, para. 86. The Commission stated that this rule would be effective “90 days after the deadline for robocall mitigation program certifications set forth” by the Bureau in this Public Notice. Second STIR/SHAKEN Order at 46-47, para. 86. With the filing deadline now established for June 30, 2021, this prohibition will go into effect on September 28, 2021. As of that day, intermediate providers and voice service providers will be prohibited from accepting calls directly from a voice service provider, including a foreign voice service provider that uses North American Numbering Plan resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States, if that voice service provider’s filing does not appear in the Robocall Mitigation Database. Second STIR/SHAKEN Order at 46-47, paras. 86-87; 47 CFR § 64.6305(c). Certification Filing Instructions. Certifications, identification information, and contact information must be submitted via a portal on the Commission’s website at https://fccprod.servicenowservices.com/rmd?id=rmd_welcome on or before June 30, 2021. Second STIR/SHAKEN Order at 45, para. 83 (“We direct the Bureau to establish this portal and database, provide appropriate filing instructions and training materials, and release a Public Notice when voice service providers may begin filing certifications. We direct the Bureau to release this Public Notice no earlier than March 30, 2021, and to establish a deadline for the filing of certifications no earlier than June 30, 2021.”). Instructions for submitting a certification and this information can be found at https://www.fcc.gov/files/rmd-instructions. Voice service providers must submit any necessary updates because of changes to their certification, identification information, or contact information to the Commission within 10 business days of the change. Second STIR/SHAKEN Order at 46, para. 85; 47 CFR § 64.6305(b)(5). All intermediate provider entries will be imported from the Intermediate Provider Registry to the Robocall Mitigation Database on a rolling basis. Second STIR/SHAKEN Order at 47, para. 87 & n.340 (“We take this action because by affirmatively adding [intermediate] providers, we give intermediate and terminating voice service providers confidence that any provider not listed in the Robocall Mitigation Database is out of compliance with our rules, rather than leaving the potential for uncertainty about whether a provider is noncompliant or simply not required to be included in the database because it does not originate traffic. Additionally, we note that a provider that serves as both an intermediate provider and originating voice service provider must file a certification with respect to the traffic for which it serves as an originating voice service provider, even if its listing has been imported from the Intermediate Provider Registry.”). Database Location. The Robocall Mitigation Database is publicly available on the Commission’s website at https://fccprod.servicenowservices.com/rmd?id=rmd_listings. Second STIR/SHAKEN Order at 45, para. 83. A list of voice service providers that have submitted certifications, published as a .csv file, may be downloaded at any time at https://fccprod.servicenowservices.com/rmd?id=rmd_welcome. Confidential Submissions. Filers will be able to request that any materials or information submitted to the Commission in their certifications be withheld from public inspection. To do so, a voice service provider must first submit a confidentiality request in WC Docket No. 17-97 through the Commission’s Electronic Comment Filing System (ECFS). 47 CFR § 0.459. Due to the Covid-19 pandemic the Commission cannot accept hand delivered filings. See FCC Provides Further Instructions Regarding Submission of Confidential Materials, Public Notice, 35 FCC Rcd 2973, 2973 (2020). The voice service provider will then be able to submit redacted (i.e., public) and unredacted (i.e., non-public) copies of its robocall mitigation program description via the Commission’s portal. Comprehensive instructions for submitting confidential filings via the portal are available at https://www.fcc.gov/files/rmd-instructions. Finally, consistent with the Second STIR/SHAKEN Order, Second STIR/SHAKEN Order at 45, para. 83. the Bureau plans to release another Public Notice seeking comment on the contents of the protective order it will adopt in this context. OMB Approval. The Commission must obtain Office of Management and Budget (OMB) approval for the process by which voice service providers must certify how they are combating the origination of illegal robocall traffic on their networks, and is in the process of doing so. Second STIR/SHAKEN Order at 77, paras. 163-64. The Bureau will publish a notice of OMB approval in the Federal Register and the rules regarding robocall mitigation certifications will become effective upon publication of that notice. For further information, please contact Michael Nemcik, Wireline Competition Bureau, Competition Policy Division, at (202) 418-2343 or by email at Michael.Nemcik@fcc.gov. - FCC - 2