Federal Communications Commission DA 22-831 DA 22-831 Released: August 5, 2022 WIRELINE COMPETITION BUREAU SEEKS COMMENT ON TWO PERIODIC TRACED ACT OBLIGATIONS REGARDING CALLER ID AUTHENTICATION WC Docket No. 17-97 Comments Due: (30 days after the date of publication in the Federal Register) Reply Comments Due: (50 days after the date of publication in the Federal Register) The STIR/SHAKEN caller ID authentication framework is a key part of the Commission’s efforts to combat illegal robocalls. The framework allows an originating voice service provider to share what it knows about the caller ID information transmitted with a call. This information allows terminating providers to block or label illegal robocalls before they reach their subscribers; promotes enforcement by including information about the source of a call into the metadata of the call itself; and restores trust in caller ID information. See Call Authentication Trust Anchor, WC Docket No. 17-97, Fourth Report and Order, FCC 21-122, at 2 para. 4 (rel. Dec. 10, 2021) (Fourth Caller ID Authentication Report and Order). Pursuant to Congressional direction, the Commission required providers to implement this technology in their IP networks beginning June 30, 2021, unless the provider was subject to an extension or exemption. See Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, 36 FCC Rcd 1859 (2020) (Second Caller ID Authentication Report and Order); Call Authentication Trust Anchor, WC Docket No. 17-97, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241 (2020). Since establishing that original mandate, the Commission has taken steps to bolster its caller ID authentication scheme, including recent actions to shorten the extension granted to certain small voice service providers identified as most likely to be the source of illegal robocalls; Fourth Caller ID Authentication Report and Order. and extending the implementation mandate to providers who bring foreign calls onto the U.S. network. Call Authentication Trust Anchor, CG Docket No. 17-59, WC Docket No. 17-97, Sixth Report and Order in CG Docket No. 17-59 et al., FC 22-37 (rel. May 20, 2022) (Gateway Provider Order and Further Notice). By this Public Notice, the Wireline Competition Bureau (Bureau) addresses two recurring statutory obligations under the TRACED Act relating to the Commission’s caller ID authentication rules. First, the Bureau seeks comment for its annual reevaluation of the STIR/SHAKEN implementation extensions granted by the Commission for implementation of the STIR/SHAKEN call authentication framework. TRACED Act § 4(b)(5)(F). Specifically, we seek comment on the implementation extensions applicable to facilities-based small providers and voice service providers that cannot obtain the Service Provider Code (SPC) token necessary to participate in STIR/SHAKEN and whether those extensions should be revised or extended. Second, the Bureau seeks comment for its first triennial assessment of the efficacy of STIR/SHAKEN call authentication framework as a tool in our work combating illegal robocalls. I. COMMENTS SOUGHT ON STIR/SHAKEN IMPLEMENTATION EXTENSIONS FOR ANNUAL REVIEW, PURSUANT TO SECTION 4(B)(5) OF THE TRACED ACT When Congress directed the Commission to mandate implementation of STIR/SHAKEN in the TRACED Act, it also required the Commission to assess burdens and barriers to implementation, and it gave the Commission discretion to extend compliance with the implementation mandate upon a public finding of undue hardship. Id. § 4(b)(5)(A). The Commission performed this assessment and granted three categorical extensions of the STIR/SHAKEN mandate on the basis of undue hardship: (1) small voice service providers; (2) voice service providers unable to obtain the “token” necessary to participate in STIR/SHAKEN; and (3) services scheduled for section 214 discontinuance. Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1876, para. 38; 47 CFR § 64.6304(a)–(c). As directed by a separate provision of the TRACED Act, TRACED Act § 4(b)(5)(B), the Commission also granted an extension for those portions of the network that rely on technology that cannot initiate, maintain, and terminate SIP calls. Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1892–96, paras. 66–70; 47 CFR § 64.6304(d). Because this extension was not granted on the basis of undue hardship, we do not seek comment on it in this Public Notice. See TRACED Act § 4(b)(5)(F). The TRACED Act further requires the Commission to assess burdens and barriers to implementation “as appropriate” after that initial assessment, TRACED Act § 4(b)(5)(A)(i). and directs the Commission to, “not less frequently than annually after the first [extension] is granted,” reevaluate and potentially revise any extensions granted on the basis of undue hardship. Id. § 4(b)(5)(F)(i). It requires the Commission to issue a public notice explaining “why such [extension] remains necessary” and “when the Commission expects to achieve the goal of full participation” in caller ID authentication. Id. § 4(b)(5)(F)(iii). To comply with these obligations, the Commission directed the Bureau to annually reevaluate the Commission’s granted extensions for undue hardship and revise or extend those extensions as necessary. Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1896, para. 71. The Commission determined that the Bureau is in the best position to undertake this fact-intensive, case-by-case evaluation. Id. In its directions to the Bureau, the Commission permitted the Bureau to further extend an extension to which voice service providers are already subject, but prohibited the Bureau from terminating an extension prior to the extension’s originally set end date. Id. at 1897, para. 72. The Commission did not permit the Bureau to grant extensions to any voice service providers or services not already subject to one. Should we further extend a granted extension, we are permitted to decrease, but not expand, the scope of entities entitled to that extension based on our assessment of burdens and barriers. Id. In September 2021, we released a Public Notice seeking comment on the Commission’s three granted extensions and any associated burdens and barriers to the implementation of STIR/SHAKEN. Wireline Competition Bureau Seeks Comment on Two TRACED Act Obligations Regarding Caller ID Authentication, WC Docket Nos. 17-97, 20-68, Public Notice, DA 21-1103 (WCB Sept. 3, 2021) (TRACED Act Obligations Public Notice). In December 2021, we issued our first annual reevaluation and declined to modify any of the existing extensions. Wireline Competition Bureau Reevaluates STIR/SHAKEN Extensions Pursuant to Section 4(b)(5) of the TRACED Act, WC Docket No. 17-97, Order, DA 21-1593 (WCB Dec. 16, 2021) (Reevaluation of STIR/SHAKEN Extensions). The extension for services scheduled for section 214 discontinuance ended on June 30, 2022. See 47 CFR § 64.6304(c). We now seek comment to enable our second annual reevaluation of the two remaining STIR/SHAKEN implementation extensions—for small voice service providers and for providers unable to obtain the required token—granted based on undue hardship. Small Voice Service Provider Extension. We seek comment on the Commission’s extension for facilities-based small voice service providers. In September 2020, the Commission granted a two-year extension for all small voice service providers, defined as “a provider that has 100,000 or fewer voice service subscriber lines.” 47 CFR § 64.6304(a); see also Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1877–82, paras. 40–48. Under this extension, small voice service providers were given until June 30, 2023 to implement STIR/SHAKEN. The Commission found that this extension was appropriate because small voice service providers may face substantial costs—in addition to resource constraints—to implement STIR/SHAKEN and confront unique equipment availability issues. Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1877, paras. 41–42. In December 2021, the Commission shortened the extension for a subset of small voice service providers likely to be the source of illegal robocalls. See Fourth Caller ID Authentication Report and Order. It shortened the extension to one year—until June 30, 2022—for non-facilities-based small voice service providers based on overwhelming record support and available evidence showing that this subset of providers were originating a large and disproportionate amount of robocalls. Id. at para. 9. It also required small voice service providers suspected of originating illegal robocalls to implement STIR/SHAKEN on an accelerated timeline. Id. The Commission maintained the two-year extension for facilities-based small voice service providers because it found they were less likely to be the source of illegal robocalls. See id. at 8–9, 12, paras. 16–18, 23. When we considered this remaining extension in the 2021 annual reevaluation, we declined to lengthen it beyond June 30, 2023, noting that the Commission’s guiding principle in establishing the extension was “to achieve ubiquitous STIR/SHAKEN implementation to combat the scourge of illegal caller ID spoofing as quickly as possible.” Reevaluation of STIR/SHAKEN Extensions at 2. We seek comment on the burdens and barriers to facilities-based small voice service provider implementation and whether we should revise their STIR/SHAKEN extension. Have the burdens or barriers affecting small providers originally discussed in the Second Caller ID Authentication Report and Order changed since last year’s evaluation and, if so, how? Should any Commission actions in the previous year inform or impact our reevaluation of the small voice service provider extension? Have any new burdens or barriers emerged that the Commission did not consider or could not have been aware of when it initially gave small voice service providers a two-year extension? If so, do these burdens or barriers warrant an extension beyond the current June 30, 2023 date, and if so, how long of an extension is necessary and appropriate? How would any additional extension be consistent with the Commission’s goal of ubiquitous STIR/SHAKEN implementation? Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1877, paras. 41–42. In response to our Public Notice seeking comment for the 2021 annual extension reevaluation, the Satellite Industry Association (SIA) requested an “indefinite” extension for satellite voice service providers” in light of the “challenging circumstances facing small satellite VSPs, combined with their unique economic, operational, and technical characteristics.” Satellite Industry Association Comments, WC Docket Nos. 17-97 and 20-68, at 3, 4–9 (rec. Nov. 12, 2021) (SIA Comments) (claiming the unique challenges faced by small satellite voice service providers included an inability to authenticate the caller ID for many calls they originate and the need to establish an “entirely separate international SHAKEN architecture” to accommodate their use case; further explaining that small satellite voice service providers assign U.S. North American Numbering Plan resources on a “de minimis” basis). The Bureau determined that the record was insufficient to evaluate SIA’s request at that time, but stated it would seek further comment on the request as part of the instant 2022 reevaluation. Reevaluation of STIR/SHAKEN Extensions at 3 (noting that SIA’s comments represented the first time SIA had raised these concerns even though the Commission granted these extensions more than a year ago). In the interim, as part of its May 2022 Further Notice of Proposed Rulemaking, the Commission sought comment on the larger questions of the applicability of the TRACED Act to small satellite providers and whether it should grant such providers an extension for implementing STIR/SHAKEN. Gateway Provider Order and Further Notice at 83-84, paras. 216–17 (rel. May 20, 2022) (Gateway Provider Order). Should the Bureau further extend the small provider implementation extension just for small satellite voice service providers as part of this inquiry or should we leave this issue to the full Commission to consider more generally? Do small satellite voice service providers face unique challenges in implementing STIR/SHAKEN? What are these challenges? How do they impact this subset of providers’ ability to implement STIR/SHAKEN? What is a realistic time frame for any extension we grant? What impact would an extension for small satellite voice service providers have on other providers or the public? What impact would such an extension have on the Commission’s longstanding goal of ubiquitous deployment of STIR/SHAKEN? Extension for Voice Service Providers That Cannot Obtain a SPC Token. We seek comment on the Commission’s extension for voice service providers that cannot obtain the Service Provider Code (SPC) token necessary to participate in STIR/SHAKEN. The Commission granted voice service providers that are incapable of obtaining a SPC token due to Governance Authority policy an extension until they are capable of obtaining said token. 47 CFR § 64.6304(b); Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1882, paras. 49–50. Recognizing that “a voice service provider may not be able to immediately come into compliance with its caller ID authentication obligations after it becomes eligible to receive” a SPC token, the Commission stated that it “will not consider a voice service provider that diligently pursues a certificate once it is able to receive one in violation of [its] rules.” Id. at 1883, para. 50. In May 2021, the Governance Authority revised the STI-GA Token Access Policy to enable token access by some voice service providers previously unable to receive a token. STI-GA Press Release; Caller ID Authentication Governance Framework Revised to Enable Earlier Participation by Providers Without Direct Access to Telephone Numbers, WC Docket Nos. 13-97, 17-97, Public Notice, DA 21-549 (WCB May 10, 2021). In the 2021 annual reevaluation, we found that this policy revision had resolved the main practical concern underlying this extension and that token access no longer stood as a significant barrier to full participation in STIR/SHAKEN. Reevaluation of STIR/SHAKEN Extensions at 4. We nonetheless declined to revise this extension on the basis that it remains necessary for the reason the Commission previously identified: “[A]n entity that meets the definition of a provider of ‘voice service’ cannot comply with the STIR/SHAKEN rules if it is unable to receive a token.” Id. We seek comment on this extension and whether it remains necessary. Is it still true that a provider cannot comply with the STIR/SHAKEN rules if it is unable to receive a token? Has anything changed that has made a token unnecessary to participate in STIR/SHAKEN, making this extension no longer needed? Even if it remains theoretically necessary, are all practical impediments presented by token access resolved, such that we should consider recommending terminating this extension? If we did recommend terminating this extension, when is an appropriate end date? If the extension remains necessary, is token access an impediment to ubiquitous STIR/SHAKEN? Are there steps the Commission or the Governance Authority could take regarding token access to better promote full participation in STIR/SHAKEN? II. COMMENTS SOUGHT ON STIR/SHAKEN EFFICACY, PURSUANT TO SECTION 4(B)(4) OF THE TRACED ACT When Congress mandated that the Commission require voice service providers to implement STIR/SHAKEN in the TRACED Act, it also directed the Commission to “assess the efficacy of the technologies used for [the] call authentication frameworks” no later than three years after the December 30, 2019 enactment date of the Act. TRACED Act § 4(b)(4)(A). The Commission was also directed to “revise or replace the call authentication frameworks” if the Commission determines it is in the public interest to do so based on the assessment Id. § 4(b)(4)(B). and to submit a report to Congress “on the findings of the assessment . . . and on any actions to revise or replace the call authentication frameworks.” Id. § 4(b)(4)(C). Pursuant to this Congressional mandate, we seek comment to inform our analysis of the efficacy of the STIR/SHAKEN caller ID authentication framework that the Commission required voice service providers to implement on their IP networks. We do not, in this Public Notice, seek comment on caller ID authentication in non-IP networks. In the September 2020 Second Caller ID Authentication Report and Order, the Commission determined that no standardized framework for non-IP networks existed and consequently required providers to work to develop a solution rather than implement a framework. Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1870–74 at paras. 24–32, Appx. A. The Commission recently sought comment on whether we should require providers to implement a non-IP caller ID authentication solution. Gateway Provider Order and Further Notice at para. 173. Because the Commission has not yet mandated providers implement any particular non-IP caller ID authentication technology, there is no implemented technology to assess in this required reevaluation. We start by seeking comment on the standard by which we should assess the efficacy of STIR/SHAKEN. We propose to assess the efficacy of STIR/SHAKEN based on how well it effectuates the authentication of caller ID information. We believe this is the best standard because it evaluates the effectiveness of the STIR/SHAKEN framework at executing the function of the technology mandated under section 4: performing caller ID authentication. TRACED Act § 4(b)(4)(A). We seek comment on this proposal. Is there another way to interpret this statutory language and assess the STIR/SHAKEN framework? For example, should we measure the impact of STIR/SHAKEN on preventing illegally spoofed robocalls, or preventing all illegal robocalls, to determine its efficacy? How would such an approach be consistent with the text of the statute? Would it be an appropriate measure of STIR/SHAKEN’s effectiveness as a caller ID authentication framework? Or would such an approach only measure the impact and limitations of caller ID authentication generally, regardless of “the technologies used”? Could different caller ID authentication frameworks more or less effectively combat illegally spoofed or all illegal robocalls? We next seek comment on the efficacy of the STIR/SHAKEN framework under this standard. Has STIR/SHAKEN proven to effectively authenticate caller ID information? Are there ways it could be more effective at that task and, if so, how? Do any specific factors limit its efficacy, and what solutions might resolve those issues? Will any identified concerns be addressed by further deployment across the voice network? In the Bureau’s December 2020 Report to Congress, we stated that, without widespread implementation, it was “premature to assess the efficacy of STIR/SHAKEN in practice” at that time. See FCC Wireline Competition Bureau, Report to Congress on Caller ID Authentication Implementation Progress at 13 (Dec. 29, 2020) (2020 Report to Congress). The TRACED Act required the Commission to submit that report “not later than 12 months after” enactment. TRACED Act § 4(b)(3). Since that date, many voice service providers have been required to implement, and have implemented, STIR/SHAKEN. Is it still premature to evaluate the efficacy of STIR/SHAKEN in practice? If so, we seek comment on whether commenters continue to believe that the framework is effective as designed. Report to Congress at 14 (“While it may be premature to asset the efficacy of STIR/SHAKEN in practice, we can report on the efficacy of its design. . . . There is broad industry consensus that STIR/SHAKEN is well-designed.”). And if commenters believe we should evaluate STIR/SHAKEN under a different or additional standard, we seek comment on the efficacy of STIR/SHAKEN under any alternative standards proposed. Under any standard, we seek comment on whether the efficacy of STIR/SHAKEN would improve when the framework is paired with other tools See id. at 14 (suggesting there may be tools that, paired with STIR/SHAKEN, could make the framework more effective). Recognizing the benefits of pairing caller ID authentication with call analytics, the Commission adopted a safe harbor enabling voice service providers to block unwanted calls by default based on reasonable analytics that incorporate caller ID authentication information, so long as consumers are given the opportunity to opt out. Advanced Methods to Target and Eliminate Unlawful Robocalls et al., CG Docket No. 17-59, Third Report and Order et al., 35 FCC Rcd 7614, 7625, para. 25 (2020). or if there are additional steps that the Bureau, Commission, or stakeholders such as voice service providers or the Governance Authority could take to improve the efficacy of STIR/SHAKEN. Should the Commission consider whether it is in the public interest to revise or replace the STIR/SHAKEN framework? See TRACED Act § 4(b)(4)(B). Would revising or replacing the framework at this time be premature, as providers continue to take steps to implement the technology consistent with the Commission’s efforts to bolster its caller ID authentication rule scheme? How would the costs of such revision or replacement compare to the benefits? We ask that any comments indicating that the STIR/SHAKEN framework is ineffective at authenticating caller ID information identify alternatives that would more effectively authenticate caller ID information. III. PROCEDURAL MATTERS Pursuant to section 1.415 and 1.419 of the Commission’s rules, 47 CFR §§ 1.415, 1.419, interested parties may file comments and reply comments on or before the dates indicated on the first page of this document. Filing Requirements. All filings must refer to WC Docket No. 17-97. Comments may be filed using ECFS. See Electronic Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1998). § Electronic Filers: Comments may be filed electronically using the Internet by accessing ECFS: https://www.fcc.gov/ecfs/. § Paper Filers: Parties who choose to file by paper must file an original and one copy of each filing. § Filings can be sent by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission’s Secretary, Office of the Secretary, Federal Communications Commission. § Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701. U.S. Postal Service first-class, Express, and Priority mail must be addressed to 45 L Street, NE, Washington DC 20554. § Effective March 19, 2020, and until further notice, the Commission no longer accepts any hand or messenger delivered filings. This is a temporary measure taken to help protect the health and safety of individuals, and to mitigate the transmission of COVID-19. See FCC Announces Closure of FCC Headquarters Open Window and Change in Hand-Delivery Policy, Public Notice, 35 FCC Rcd 2788 (Mar. 19, 2020), https://www.fcc.gov/document/fcc-closes-headquarters-open-windowand-changes-hand-delivery-policy. People with Disabilities. To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Government Affairs Bureau at (202) 418-0530. Ex Parte Rules. This proceeding shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission’s ex parte rules. See 47 CFR §§ 1.1200 et seq. Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must: (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made; and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenters written comments, memoranda, or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with section 1.1206(b) of the Commission’s rules. In proceedings governed by section 1.49(f) of the rules or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc, .xml., .ppt, searchable .pdf). Id. § 1.1206(b). Participants in this proceeding should familiarize themselves with the Commission’s ex parte rules. Contact Information. For further information, please contact Jonathan Lechter, Attorney Advisor, Competition Policy Division, Wireline Competition Bureau at (202) 418-0984 or by email at Jonathan.Lechter@fcc.gov. -FCC- 2