Federal Communications Commission DA 22-870 Before the FEDERAL COMMUNICATIONS COMMISSION WASHINGTON, D.C. 20554 In the Matter of Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) ) ) ) ) ) EB Docket No. 20-22 REPORT AND ORDER Adopted: August 22, 2022 Released: August 22, 2022 By the Acting Chief, Enforcement Bureau: TABLE OF CONTENTS Heading Paragraph # I. INTRODUCTION 1 II. BACKGROUND 2 III. DISCUSSION 7 A. The Traceback Group is a Neutral Third Party 8 B. The Traceback Group is a Competent Manager of the Traceback Process 24 C. The Traceback Group Has Written Best Practices 31 D. The Traceback Group Will Focus on “Fraudulent, Abusive, or Unlawful” Traffic 36 IV. CONCLUSION 40 V. PROCEDURAL MATTERS 41 VI. ORDERING CLAUSES 43 I. INTRODUCTION 1. Congress enacted the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) to combat unlawful calls, including calls that unlawfully contain false or misleading caller ID, known as “spoofing.” Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105, 133 Stat. 3274 (2019) (TRACED Act). The TRACED Act required the Commission to issue rules “for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls.” TRACED Act § 13(d); Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), EB Docket No. 20-22, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3113, 3115-16 (2020) (Consortium Registration Order), paras. 10-14. Because many unlawful calls include spoofed caller ID, the source of the call must be detected through a process known as traceback. The TRACED Act also required the Commission to issue an annual public notice to solicit applicants to serve as the registered consortium. TRACED Act § 13(d)(2). In this Order, the Enforcement Bureau (Bureau) selects the incumbent, USTelecom’s Industry Traceback Group (Traceback Group), to continue as the registered consortium for private-led traceback efforts. II. BACKGROUND 2. Section 227 of the Communications Act of 1934, as amended (the Communications Act), is designed to protect consumers from unlawful calls. 47 U.S.C. § 227. Section 227(b), (c), and (d) impose specific requirements on telemarketing and prerecorded voice message calls to give consumers the ability to know who is calling and to control the calls they receive. Id. § 227(b)-(d). Section 227(e) prohibits unlawful spoofing—the transmission of misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value. Id. § 227(e). 3. On March 27, 2020, pursuant to the TRACED Act, the Commission issued rules “to establish a registration process for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls.” TRACED Act § 13(d); Consortium Registration Order, 35 FCC Rcd at 3114-16, paras. 6, 10-14. In the Consortium Registration Order, the Commission adopted rules to establish an annual process to register a single consortium to conduct the private-led efforts to trace back suspected unlawful robocalls. See 47 CFR § 64.1203; Consortium Registration Order, 35 FCC Rcd at 3115, para. 9. An entity that wishes to serve as the consortium for private-led traceback efforts must submit a Letter of Intent as directed by a public notice. 47 CFR § 64.1203(b); Consortium Registration Order, 35 FCC Rcd at 3115, para. 10; Enforcement Bureau Requests Letters of Intent to Become the Registered Industry Consortium for Tracebacks, Public Notice, 36 FCC Rcd 7526 (EB 2021). The deadline to submit Letters of Intent was May 27, 2021. Id. The Letter of Intent must include the name of the entity, a statement of its intent to conduct private-led traceback efforts, and its intent to register as the single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls. See Consortium Registration Order, 35 FCC Rcd at 3115, para. 10.  Should entities that are not currently the registered consortium apply for the consortium position, the Bureau will follow the procedures adopted in the Consortium Registration Order in making a selection.  See id. at 3115-16, paras. 9-14. In its Letter of Intent, the entity must satisfy the statutory requirements by: (a) demonstrating that the consortium is a neutral third party competent to manage the private-led effort to trace back the origin of suspected unlawful robocalls; (b) including a copy of the consortium’s written best practices, with an explanation thereof, regarding management of its traceback efforts and regarding providers of voice services’ participation in the consortium’s efforts to trace back the origin of suspected unlawful robocalls; (c) certifying that, consistent with section 222(d)(2) of the Communications Act, 47 U.S.C. § 222(d)(2). the consortium’s efforts will focus on fraudulent, abusive, or unlawful traffic; (d) certifying that the consortium has notified the Commission that it intends to conduct traceback efforts of suspected unlawful robocalls in advance of registration as the single consortium; TRACED Act § 13(d)(1)(A)-(D); 47 CFR § 64.1203(b)(1)-(4); Consortium Registration Order, 35 FCC Rcd at 3115, para. 11. and (e) certifying that, if selected to be the registered consortium, it will remain in compliance with the requirements set forth in paragraphs (b)(1) through (4) section 64.1203; conduct an annual review to ensure compliance with such requirements; and promptly notify the Commission of any changes that reasonably bear on its certification. 47 CFR § 64.1203(b)(5); see also Consortium Registration Order, at 3115, para 13. 4. The Commission delegated to the Bureau the responsibility for annually selecting the registered traceback consortium. Consortium Registration Order, 35 FCC Rcd at 3116, para. 12. On July 27, 2020, the Bureau selected the Industry Traceback Group (the Traceback Group) as the registered traceback consortium to conduct private-led traceback efforts. Implementing Section 13(d) of the Pallone-Thune Robocall Abuse Criminal Enforcement and Deterrence Act, Report and Order, 35 FCC Rcd 7886, 7886, para. 3 (EB 2020) (2020 Consortium Selection Order). The Traceback Group is a private collaborative group comprised of providers across wireline, wireless, Voice over Internet Protocol, and cable services that traces and identifies the source of illegal robocalls. See Letter of Intent from Patrick Halley, Senior Vice President, Policy & Advocacy, USTelecom, to Marlene H. Dortch, Secretary, FCC, EB Docket 20-22, at 2 (filed May 21, 2020). (Traceback Group Letter of Intent). In August 2021, the Bureau chose the Traceback Group to continue as the registered traceback consortium. Implementing Section 13(d) of the Pallone-Thune Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), EB Docket No. 20-22, Report and Order, 36 FCC Rcd 12782 (EB 2021) (2021 Consortium Selection Order). 5. The Bureau must publish a public notice every year, seeking registration (i.e., applications) to be the registered traceback consortium. 47 CFR § 64.1203(a). The incumbent registered traceback consortium is not required to submit an application. 47 CFR § 64.1203(c). The incumbent’s certifications “will continue for the duration of each subsequent year unless the registered consortium notifies the Commission otherwise in writing . . . .” Id.   On April 20, 2022, the Bureau issued a Public Notice seeking Letters of Intent. Enforcement Bureau Requests Letters of Intent to Become the Registered Industry Consortium for Tracebacks, Public Notice, DA-22-433, 2022 WL 1201882 (EB Apr. 20, 2022). The deadline to submit Letters of Intent was May 20, 2022. On May 20, 2022, ZipDX LLC submitted a letter and supporting documents seeking to be designated as the registered consortium; however, it withdrew its letter of intent on July 25, 2022. Letter of Intent from David Frankel, CEO, ZipDX LLC, to Marlene H. Dortch, Secretary, FCC, EB Docket 20-22, (filed May 20, 2022) (ZipDX Letter of Intent II). ZipDX explained that it had reached an agreement with the Traceback Group to provide robocall surveillance information to the Traceback Group using its RRAPTOR tool. Notice of Withdrawal of Letter of Intent from David Frankel, CEO, ZipDX LLC, to Marlene H. Dortch, Secretary, FCC, EB Docket 20-22, (filed July 25, 2022) (ZipDX Withdrawal Notice). RRAPTOR incorporates STIR/SHAKEN information to analyze robocall activity and provide actionable data to providers. Id. ZipDX stated that through collaboration with the Traceback Group, both organizations “hope to enhance each other’s respective initiatives in ways that will best protect American consumers from illegal robocalls.” Id. 6. The Traceback Group filed an ex parte on June 22, 2022, asserting its desire to continue as the registered traceback consortium. Notice of Ex Parte Presentation - Enforcement Bureau Requests Comments on Selection of Registered Traceback Consortium to Marlene H. Dortch, Secretary, FCC, EB Docket No. 20-22 (filed June 22, 2022) (Traceback Group Ex Parte). USTelecom – The Broadband Association (USTelecom), the Internet & Television Association (NCTA), and the Cellular Telecommunications and Internet Association – The Wireless Association (CTIA) all voiced support to keep the Traceback Group as the registered traceback consortium. See USTelecom, June 2022, Comments at 1-6; NCTA, June 2022, Comments at 1-2; CTIA, June 2022, Comments at 1-4. A joint comment by AT&T Services, Inc. (AT&T), Charter Communications, Comcast Corporation, Consolidated Communications, Cox Communications, Frontier Communications, Intrado Communications, LLC., Lumen, Telnyx, LLC., Twilio, Verizon, and Windstream (collectively, Joint Providers) also voiced its support for selecting the incumbent to remain as registered traceback consortium. AT&T Services, Inc., Charter Communications, Comcast Corporation, Consolidated Communications, Cox Communications, Frontier Communications, Intrado Communications, LLC., Lumen, Telnyx, LLC., Twilio, Verizon, Windstream, July 2022, Comments at 1-2 (AT&T et al.). The National Consumer Law Center and the Electronic Privacy Information Center (collectively NCLC/EPIC) submitted a joint comment urging the Bureau to focus on principles of neutrality, transparency, and accountability when selecting the next registered consortium without stating a preference for a particular applicant. EPIC and NCLC, June 2022, Comments at 1-4 III. DISCUSSION 7. The TRACED Act’s implementing regulation “direct(s) the Bureau to review the Letters of Intent and to select the single registered consortium no later than 90 days after the deadline for the submission of Letters of Intent.” Consortium Registration Order, 35 FCC Rcd at 3116, para. 12. Under both the TRACED Act and the Commission’s rules, there is no explicit requirement for the Bureau to issue a Report and Order reappointing the incumbent when the application pool is uncontested. See TRACED Act § 13(d); 47 CFR § 64.1203; Consortium Registration Order, 35 FCC Rcd at 3116, paras 12-13. Nonetheless, the registered traceback consortium is required to conduct an annual review to certify that it remains in compliance with the statutory requirements. Id. at 3116, para. 13. Recognizing this, and considering the several comments, ex parte filings, and reply comments submitted since our April notice, the Bureau believes it is prudent to detail why we should retain the Traceback Group as the registered consortium. In adherence to the Consortium Registration Order, we will solicit Letters of Intent to register as the Consortium for the following year by April 27, 2023. See Consortium Registration Order, 35 FCC Rcd at 3115, para. 9. Our selection in this Order will be effective until that 2023 process is complete. A. The Traceback Group is a Neutral Third Party 8. Under the TRACED Act and our rules, the registered consortium must be “a neutral third party competent to manage the private-led effort to trace back the origin of suspected unlawful robocalls.” TRACED Act § 13(d)(1)(A); 47 CFR § 64.1203(b)(1); see also Consortium Registration Order, 35 FCC Rcd at 3117, para. 16. In the Consortium Registration Order, the Commission determined that the neutrality of a third party is demonstrated by openness, which the third party may show—at the very least—by explaining how voice service providers will engage in traceback efforts in a manner that is unbiased, non-discriminatory, and technology-neutral. Consortium Registration Order, 35 FCC Rcd at 3117, para. 16. Further, an applicant’s openness should allow for and encourage the broad participation of voice service providers, as the collaboration and cooperation of voice service providers is “necessary to fulfill the fundamental purpose of traceback—timely and successfully finding the origin of suspected unlawful robocalls that traverse multiple voice service providers’ networks.” Id. A consortium’s neutrality may also be demonstrated by showing that no industry segment is subject to bias within the consortium’s participation structure. Id. at 3117, para 17. 9. Traceback Group’s Assertions of Neutrality. The Traceback Group asserts that it has demonstrated its neutrality by encouraging and obtaining “wide-scale industry participation,” and contends that its Practices and Procedures have exemplified the principles of unbiased, nondiscriminatory, and technology-neutral governance.Traceback Group Letter of Intent at 4-5. The Traceback Group emphasizes that its membership consists of a diverse coalition of industries, including wireline, wireless, Voice over Internet Protocol (VoIP), cable, and wholesale industries. Traceback Group Letter of Intent, Appx. B at 17. A list of ITG members is available at https://www.ustelecom.org/the-ustelecom-industry-traceback-group-itg. Under the Traceback Group’s Participation Framework, any voice provider may participate in tracebacks regardless of membership, Traceback Group Letter of Intent at 5. and any voice provider may become a Traceback Group affiliate member, regardless of financial contribution, by satisfying four straightforward eligibility criteria: 1) be a Cooperative Voice Service Provider; 2) participate in quarterly scheduled ITG Member calls; 3) fully comply with the ITG Policies and Procedures; and 4) sign a statement of intent to adopt and follow the best practices listed in the sections below. Traceback Group Letter of Intent at 3 (“Participation in the [Traceback Group] is open at no cost to any voice service provider that is committed to ending the illegal robocall challenge in compliance with the Policies and Procedures of the [Traceback Group].”); id. at Appx. B (stating the four criteria); id. (stating in the Traceback Group’s Policies that both Steering Committee and Affiliate members must “fully comply with the [Traceback Group] Policies and Procedures”). 10. All affiliate members of the Traceback Group may become members of the Traceback Group’s Steering Committee by “demonstrat[ing] consistent compliance with the ITG Practices and Procedures and provid[ing] a voluntary contribution to cover the costs of the ITG.” Id. at 5. Further, the Traceback Group’s Executive Committee oversees the operation and overall direction of the Traceback Group, and is composed of a “wide cross-section” of members who represent numerous technologies, industry segments, and associations. Id. at 8. Nine of the 16 companies on the Executive Committee are not members of USTelecom. Supporting Partners, Industry Traceback Group, https://tracebacks.org/supporting-partners/ (last visited July 1, 2022). The Traceback Group asserts that the Executive Committee “provides direction to USTelecom to ensure that the governance and operation of the Traceback Group are conducted in an unbiased, nondiscriminatory and neutral manner that prohibits bias in favor of, or against, any industry segment.” Traceback Group Letter of Intent at 8. 11. In July 2021, the Traceback Group announced that USTelecom had established a new corporate entity for the Traceback Group to provide additional independence from USTelecom. See USTelecom, July 2021, Comments at 3, n.5. The Traceback Group has also created its own website to distinguish itself further as a separate entity from USTelecom. Industry Traceback Group, https://tracebacks.org/ (last visited June 17, 2022). The Traceback Group states that it has engaged various stakeholders and outside counsel to review its policies and procedures and internal operations to ensure sustainability and how best to adapt to current laws. See USTelecom, July 2022, Comments at 4. Moreover, the Traceback Group has seen sizable growth in membership and participants since its inception—it began with three members in 2015, and now hosts over 40 active members and has close to 500 providers cooperating with Traceback Group tracebacks. For Providers, Industry Traceback Group, https://tracebacks.org/for-providers/ (last visited Aug. 5, 2022); see USTelecom, July 2022, Comments at 5, Comments at 2. 12. Comments. NCLC/EPIC’s comments suggest that the Traceback Group is inseparable from USTelecom, and that the Traceback Group may have “divided loyalties” given its roles in both combatting robocalls and serving the needs of USTelecom members. NCLC and EPIC, June 2022, Comments at 3-4. NCLC/EPIC raises concerns about voice service providers involved with the Traceback Group that allegedly have been complicit in illegal robocalls in the past. NCLC/EPIC identifies three members of the Traceback Group that, they allege, have been caught enabling and profiting from illegal robocalls and received cease-and-desist letters from the Commission. NCLC/EPIC contends that the Traceback Group’s failure to remove these companies from participation in the Traceback Group demonstrates a tension between combatting robocalls and serving the needs of provider members. NCLC and EPIC, June 2022, Comments at 3-4 (stating “[i]n August 2021, the ITG listed All Access Telecom, IntelePeer, Piratel, and ThinQ among its “Supporting Partners” . . . the ITG removed ThinQ but kept All Access Telecom, IntelePeer, and Piratel. . . since February 2020, each of these providers has received at least one cease and desist order from the FCC for their role in enabling illegal robocalls.”). 13. NCLC/EPIC recommends that the advisory group for the selected consortium should include state enforcement authorities and representatives of consumer and privacy groups to ensure greater openness with the Traceback process and better policing of Traceback Group’s own membership. See NCLC and EPIC, June 2022, Comments at 4. 14. ZipDX raises concerns in its Letter of Intent that the Traceback Group has potential for bias given its “allegiances” to USTelecom. Frankel Ex Parte at 5-6. However, ZipDX acknowledges that the Traceback Group's past performance has not demonstrated bias. Id. at 6. 15. CTIA commends the Traceback Group for having promoted “transparency” and “broad participation,” and asserts that “the broader industry participation in robocall mitigation efforts, the more effective these actions will be.” CTIA, June 2022, Comments at 2. CTIA also maintains that the Traceback Group is “an effective and neutral manager of the traceback process throughout the industry and government,” while also praising the Traceback Group for its “instrumental” support of law enforcement investigations. Id. at 3. 16. The Joint Providers praise the Traceback Group for creating “a collaborative environment where a diverse group of voice service providers,” and commends the Traceback Group’s “unbiased and impartial approach” for engaging all sections of the industry as well as law enforcement and other enterprises. AT&T et al., July 2022, Comments at 1-2. The Joint Providers disagree that industry participants are incentivized to ignore robocalls, asserting that “[p]articipating service providers … have invested significant time and resources combatting robocalls by implementing tools such as STIR/SHAKEN, offering free consumer analytics tools, implementing detailed data analytics, and providing funding to the ITG itself.” Id. at 2. 17. Analysis. We find that the Traceback Group continues to meet the statutory requirement of neutrality. The multi-member structure of the Traceback Group, and its widespread industry support, encourages neutrality and openness. Consortium Registration Order, 35 FCC Rcd at 3117-18, paras. 16-18. The Traceback Group’s diversity of “voice service providers representing all sectors of the telephone calling ecosystem” allows for a broad cross-section of industry involvement and protects against operational bias. Traceback Group Letter of Intent at 6. By ensuring participation from a variety of industry segments, the Traceback Group has signaled its commitment to unbiased, non-discriminatory, and technology-neutral administration of the consortium. The Traceback Group’s membership and the number of cooperating providers continues to expand, further evidencing its commitment to broad representation of industry. For Providers, Industry Traceback Group, https://tracebacks.org/for-providers/ (last visited Aug. 5, 2022); see USTelecom, July 2022, Comments at 5, Comments at 2. 18. The Traceback Group has also established safeguards to ensure that its membership behaves in accordance with best practices. For example, in April 2022, the Traceback Group updated its policies and procedures to mandate that any member subject to a pending government enforcement action would be automatically suspended from the Traceback Group until the pending action is resolved. See Membership Termination and Suspension, ITG Policies and Procedures at 7 (revised Apr. 2022), https://tracebacks.org/wp-content/uploads/2022/04/ITG-Policies-and-Procedures-Updated-Apr-2022.pdf. The Traceback Group refuses to permit companies that “have been identified as the originating voice service provider or the U.S. point of entry for multiple illegal calling campaigns” into the consortium unless/until they have “sufficiently demonstrate[d] compliance with ITG Policies and Procedures.” Traceback Group Letter of Intent at 6. Further, the Traceback Group seeks to exclude providers that profit from unlawful robocalls. See id. at 6, n.24. 19. NCLC/EPIC’s comments do not persuade us that the Traceback Group has divided loyalties or is biased in favor of USTelecom members. As a preliminary matter, two of the providers that NCLC/EPIC mentions (All Access Telecom and Piratel) did not receive cease-and-desist letters from the Commission. Rather, they received letters inquiring into their robocall mitigation practices. See Official Correspondence from the Federal Communications Commission to Lamar Carter, Chief Executive Officer, All Access Telecom, Inc. at 1 (Feb. 4, 2020) (the Commission notified All Access that it has “found that All Access Telecom is uniquely situated to assist government and industry efforts to combat apparently illegal robocalls that originate overseas,” and writes that it wants to “encourage All Access Telecom to assist the Federal Communications Commission in stopping the flow of malicious robocalls.” The letter can hardly be construed as a warning.); see also Official Correspondence from the Federal Communications Commission to Karl Douthit, Chief Executive Officer, Piratel, LLC at 1 (Feb. 4, 2020) (using identical language as All Access Telecom letter). The third provider that NCLC/EPIC mentions (thinQ) was suspended from the Traceback Group after the Bureau sent a cease-and-desist letter. See Official Correspondence from the Federal Communications Commission to Aaron Leon, Co-Founder & CEO, thinQ Technologies, Inc. (Mar. 22, 2022) https://www.fcc.gov/document/fcc-issues-robocall-cease-and-desist-letter-thinq (last visited July 18, 2022) (thinQ Cease-and-Desist Letter). ZipDX raised a similar concern, that the Traceback Group’s affiliation with USTelecom could tend to make the Traceback Group biased in favor of USTelecom’s members. But allegations of potential bias are not sufficient for us to find that the Traceback Group is not a neutral entity, particularly because, as ZipDX appears to recognize, the Traceback Group’s past performance has not given rise to concerns about bias or lack of neutrality. Frankel Ex Parte at 5-6. 20. The Traceback Group has evinced a commitment to ensuring that its members are not the source of substantial amounts of unlawful robocalls. For example, All Access Telecom joined the Traceback Group after the Michigan Attorney General required it to do so as part of a case settlement. See Nessel v. All Access Telecom Inc., Assurance of Voluntary Compliance, No. 20-39-CP at 22 (Sep. 11, 2020) https://www.michigan.gov/-/media/Project/Websites/AG/robocalls/Assurance_of_Voluntary_Compliance_-_All_Access_Telecom_FINAL_9-11-20.pdf?rev=319c81f4d9504346968c8301e3a07f27. The Traceback Group asserts that it exercised great caution prior to admitting All Access Telecom and prohibited the company from participating in private-led traceback efforts until it “no longer appeared negatively in tracebacks.” Traceback Group Ex Parte at 3. In addition, USTelecom states that many of the Traceback Group members that NCLC/EPIC mention were not admitted as members until “[a]fter they substantially cleaned up their traffic such that they no longer appeared in tracebacks in the same ways and in the same quantities.” Id. The Traceback Group’s policy states that providers are not admitted as members until they have “sufficiently demonstrate[d] compliance with ITG Policies and Procedures.” Traceback Group Letter of Intent at 6. The Traceback Group asserts that seeing providers change their practices “is evidence of the system working, where providers that may have once been a key conduit for bad traffic have taken corrective actions to prevent and mitigate it on a going forward basis.” Traceback Group Ex Parte at 3. Moreover, the Traceback Group’s recent policy update mandating the automatic suspension of companies that are subject to a pending government enforcement action—which includes “a formal complaint, Notice of Apparent Liability, or cease and desist from a federal or state government agency” evidences the Traceback Group’s continuing effort to penalize members that may be profiting off of illegal robocall traffic. ITG Policies and Procedures at 7. 21. We also decline to require the registered consortium to include law enforcement and consumer advocates in its advisory group. First, Congress specified that the Commission establish “a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls,” and defines “private-led effort to trace back” as “an effort made by the registered consortium of voice service providers to establish a methodology for determining the origin of a suspected unlawful robocall.” TRACED Act at § 13(d)(1), (f)(1) (emphasis added). We thus find that a registered consortium consisting of private industry best reflects Congress’s intent. In contrast, Congress provided for broader participation when it called on the Commission to create a multistakeholder Hospital Robocall Protection Group. See TRACED Act § 14(b)(1) (requiring an equal number of representatives from voice service providers, companies that focus on mitigating unlawful robocalls, consumer advocacy organizations, providers of one-way VoIP, hospitals, and state government officials). 22. Second, the Traceback Group, in its tenure as the incumbent registered traceback consortium, has collaborated with outside stakeholders, including frequent collaboration with federal and state government authorities. See Traceback Group Ex Parte at 2 (noting that it had recently briefed State Attorneys General). See also USTelecom, June 2022, Comments at 2-3 (describing other initiatives to assist law enforcement working to pursue unlawful robocallers). The Traceback Group has briefed congressional staff on traceback efforts, met with organizations combatting telecommunications fraud, such as the Communications Fraud Control Association, and has communicated with consumer and public interest organizations, including the American Association of Retired Persons (AARP) and NCLC to build awareness of the Traceback Group’s work and identify opportunities for partnership. Traceback Group Ex Parte at 2-3. Thus we find that the Traceback Group has taken significant steps to understand the concerns of law enforcement and consumers regarding the traceback process. 23. We conclude that the incumbent continues to make clear its commitment to openness, and has a demonstrated plan for ensuring an unbiased, non-discriminatory, and technology-neutral administration of the registered traceback consortium. B. The Traceback Group is a Competent Manager of the Traceback Process 24. The TRACED Act mandates that the registered consortium be “a competent manager of the private-led efforts to trace back the origin of suspected unlawful robocalls.” TRACED Act § 13(d)(1)(A). This requires the consortium to have the capacity to “effectively and efficiently manage a traceback process of suspected unlawful robocalls,” which includes “timely and successfully” identifying the origins of suspected illegal robocalls that travel across multiple voice service providers’ networks. Consortium Registration Order, 35 FCC Rcd at 3119, para. 21. Competent management also necessitates cooperation and collaboration with industry participants, as well as the prompt exchange of information in response to state and federal enforcement efforts. Id. Further, the consortium must comply with applicable legal requirements including those pertaining to legal procedure and confidentiality. Id. The Commission has the discretion to determine an applicant’s competence, TRACED Act § 13(d)(1)(A). and demonstrated expertise and success of the applicant is “particularly relevant” when making this evaluation. Consortium Registration Order, 35 FCC Rcd at 3119, para. 22 (“As we state in the NPRM, it is reasonable to weigh that expertise and success when selecting between or among consortia to ensure that private-led efforts result in effective traceback. We note, however, that while a consortium's expertise in managing traceback processes is particularly relevant, such experience is not a prerequisite”). 25. Traceback Group’s Assertion of Competence. In the past two years that is has served as the registered traceback consortium, the Traceback Group has conducted nearly 10,000 tracebacks, which have addressed hundreds of different illegal robocalling campaigns affecting millions of consumers. USTelecom, June 2022, Comments at 5. Between January and November 2021, the Traceback Group conducted 2,900 tracebacks, addressing hundreds of millions of robocalls. Letter from Joshua M. Bercu, Vice President, Policy & Advocacy, USTelecom to Marlene Dortch, Secretary, FCC, EB Docket No. 20-195, at 1 (filed Nov. 15, 2021). At the time of last year’s reporting, more than 300 domestic and foreign providers had cooperated with the Traceback Group’s traceback efforts. USTelecom, July 2021, Comments at 1. This year, nearly 500 domestic and foreign providers have supported these efforts—the Traceback Group contends that this is evidence of the Traceback Group’s continued efforts to engage with industry participants, and its success in garnering greater industry collaboration and cooperation. USTelecom, June 2022, Comments at 5. The Traceback Group asserts that it has worked closely with state and federal enforcement authorities by responding promptly to civil investigative demands and nearly 250 subpoenas, providing frequent reports on the consortium’s work, and delivering traceback data that has supported numerous federal and state enforcement actions (including those conducted by the Commission). Id. The Traceback Group contends that illegal and unwanted robocalls are declining as a result of the Traceback Group’s collaboration with state and federal enforcement efforts. Id. at 2; see also Octavio Blanco, Robocalls Decline, but FCC’s Efforts Still Have a Long Way to Go, Consumer Reports (May 24, 2022; updated on May 25, 2022), https://www.consumerreports.org/robocalls/robocalls-decline-but-fcc-efforts-still-have-long-way-togo-a3207179545/; TNS Survey: Robocall Volume Was Down In 2021, But Consumers Didn’t Feel The Drop, Transaction Network Services (Apr. 5, 2022), https://www.businesswire.com/news/home/20220405005204/en/TNS-Survey-Robocall-Volume-Was-Down-In-2021-But-Consumers-Didn%E2%80%99t-Feel-The-Drop; 2022 Robocall Investigation Report, Eighth Edition, Transaction Network Services (last visited Aug. 11, 2022), https://tnsi.com/media-center/robocall-scam-of-the-month/ (robocalls down 26% from 2019 peak). There also is some evidence that illegal robocallers are transitioning to alternative channels, which may indicate reduced success from robocalls. The Traceback Group notes that more than half of originating providers have terminated services to customers engaged in robocalling, and states that government enforcers have been able to pursue robocallers in a much more swift, exacting manner. USTelecom, June 2022, Comments at 2. 26. The Traceback Group reports taking on new initiatives and actions to further improve the traceback process and overall consortium. First, the Traceback Group states that it has taken several actions to improve its Traceback Portal and traceback technology. See id. at 2-3. This includes creating and deploying a new platform for law enforcement that will enable authorities to review traceback data and traceback trends, expanding available summary information for providers (including email alerts and monthly summaries), automating traceback for providers by encouraging providers to implement the Traceback Group’s application programming interface (API), collecting STIR/SHAKEN Information, and integrating information from the Robocall Mitigation Database. See id. Second, the Traceback Group illustrates its initiatives to enhance provider accountability and impact. See id. at 3-4. This includes implementation of its STI-Governance Authority partnership to trace back improperly signed calls, its expansion of data sets for different kinds of robocall campaigns (including campaigns targeting Mandarin and Spanish speakers), automatic notifications to providers when upstream providers fail to respond to traceback requests, trace forward initiatives, and data analytics investments. See id. Third, the Traceback Group describes its work to implement data security protections for the portal, and its ongoing review of its policies and procedures, in keeping with the Commission’s principle of “conform[ing] to applicable legal requirements, such as requirements regarding confidentiality and legal processes.” See id. at 4. 27. Comments. Several commenters praise the Traceback Group for its competent management of private-led traceback efforts. NCTA commends “USTelecom’s successful management of the registered consortium over the last two years,” noting the Traceback Group’s due diligence efforts, acceleration of the robocall investigation process, and its work to develop a portal that gives federal and state enforcement authorities direct access to traceback data. NCTA, June 2022,Comments at 1-2. CTIA notes that the Traceback Group has improved the capacity for industry and government authorities to address the scourge of robocalls and “demonstrated the benefit of its years of experience conducting tracebacks.” CTIA, June 2022,Comments at 1-4. CTIA asserts that the Traceback Group has demonstrably satisfied the four statutory requirements for the registered consortium. See id. at 1-2. 28. The Joint Providers laud the Traceback Group for its competence, noting that the Traceback Group has “developed technical expertise, hired specialized staff, and developed industry-specific resources to automate and improve the process of tracebacks and is continually enhancing its processes.” See AT&T, et. al, July 2022, Comments at 1. The Joint Providers note that the Traceback Group has added new data sources and has developed useful ways for helping service providers “identify and address their unique issues with mechanization.” See id.. The Joint Providers’ comments states that the Traceback Group’s effective management of the registered traceback consortium, and its technological advancements in the traceback process, succeeded in a 36% increase in completed tracebacks during 2021. See id. 29. ZipDX criticizes the Traceback Group’s slow pace in developing and deploying technical solutions, asserting that the Traceback Group was slow to implement an array of traceback functions that ZipDX had developed. Notice of Ex Parte and Reply Comments from David Frankel, CEO, ZipDX LLC to Marlene H. Dortch, Secretary, FCC, EB Docket No. 20-22, (filed June 10, 2022) (Frankel Ex Parte). 30. Analysis. We find that the Traceback Group is competent in managing the traceback process. The Traceback Group has developed and deployed new functions that have augmented the traceback process, and indicates that it will continue to develop and implement more improvements. See USTelecom, June 2022, Comments at 1-6. Notwithstanding ZipDX’s claims the Traceback Group was slow to implement improvements, there is no evidence to suggest that the Traceback Group was needlessly dilatory in its implementation of new tools to conduct tracebacks. We find that the Traceback Group has demonstrated its ability to accomplish tracebacks efficiently and promptly, in large quantities, and for myriad complex schemes and traceback categories. The Traceback Group has demonstrated that it has sufficient staff and technical competency to handle a wide array and large volume of tracebacks. Additionally, the Traceback Group has a solid track record of cooperating with industry to facilitate traceback operations, as well as responding promptly to law enforcement traceback requests. Our experience, and that of the overwhelming majority of commenters, clearly reflects that the Traceback Group has the knowledge, competency, resources, and commitment to conduct tracebacks on a large scale and in a timely manner. Accordingly, we find that the Traceback Group meets the statutory requirement that it will competently manage the private-led traceback process. C. The Traceback Group Has Written Best Practices 31. The registered consortium must maintain, and conform its actions to, written best practices regarding the management of private-led efforts to trace back the origin of suspected unlawful robocalls. TRACED Act § 13(d)(1)(B); see also Consortium Registration Order, 35 FCC Rcd at 3119-20, para. 24. Written best practices, at a minimum, must address the consortium’s compliance with statutory requirements, Consortium Registration Order, 35 FCC Rcd at 3119-20, para. 24; see also TRACED Act § 13(d)(1)(A)-(D); 47 CFR § 64.1203(b)(2). consistent with the principles the Commission set forth in the Commission’s Consortium Registration Order. Consortium Registration Order, 35 FCC Rcd at 3117-22, paras. 15-29 (discussing the Commission’s interpretation of section 13(d) of the TRACED Act). The registered consortium’s written best practices must establish processes and criteria for determining how voice service providers will participate in traceback efforts, 47 CFR § 64.1203(b)(2); Consortium Registration Order, 35 FCC Rcd at 3119-20, para. 24. and those processes and criteria must be fair and reasonable. Consortium Registration Order, 35 FCC Rcd at 3120, para. 24. Best practices evolve over time to reflect empirical knowledge and practical experience, as with technology-dependent activities such as combatting caller ID spoofing. Call Authentication Trust Anchor, Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97 and 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241 (WCB 2020) (First Caller ID Authentication Report and Order and Further Notice). 32. Traceback Group’s Written Best Practices. The Bureau previously determined that the Traceback Group’s policies and procedures, submitted in 2020, fulfilled the requirement to present fair and reasonable best practices. See 2020 Consortium Selection Order, 35 FCC Rcd at 7893-98, paras 20-28. The Traceback Group states that its policies and procedures and internal processes are routinely reviewed by both stakeholders and outside counsel, updated as necessary to ensure that they are adequately accounting for applicable legal and policy considerations, and accurately describing the Traceback Group’s operations. See USTelecom Comments, June 2022, at 3. 33. Comments. No commenters expressed concerns about the Traceback Group’s best practices. NCLC/EPIC asserts, however, that whoever is selected as the registered traceback consortium should make its tracebacks entirely public, and that its advisory group should include state enforcement authorities and representatives of consumer and privacy groups to ensure greater openness with the traceback process and better policing of the registered consortium’s membership. NCLC and EPIC, June 2022, Comments at 2-4 34. Analysis. The Traceback Group has a proven track record of compliance with its best practices, and no commenter has expressed concerns regarding this statutory criterion. Thus, we conclude that the Traceback Group maintains and conforms to written best practices. 35. We decline to require the registered consortium to make the traceback process more public. We find that such a requirement is beyond the scope of this proceeding, which is to select the registered traceback consortium. We note, however, that traceback data is readily available to law enforcement and voice service providers. USTelecom, June 2022, Comments at 2. Moreover, the Traceback Group launched a new government portal this year that allows law enforcement agencies to review aggregate traceback data that can be used to identify bad actors. Id. D. The Traceback Group Will Focus on “Fraudulent, Abusive, or Unlawful” Traffic 36. In accordance with section 222(d)(2) of the TRACED Act, the registered consortium’s traceback efforts must focus on “fraudulent, abusive, or unlawful” traffic. TRACED Act § 13(d)(1)(C) (stating the effort must be consistent with section 222(d)(2) of the Communications Act, which governs the privacy of customer information). Section 222(d)(2) allows telecommunications carriers to use, disclose, or permit access to customer proprietary network information “to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services[.]” 47 U.S.C. § 222(d)(2). Telecommunications carriers may use, disclose, or permit access to customer proprietary network information “to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services[.]” 47 U.S.C. 222(d)(2). A traceback process that at the very least considers scope, scale, and harm should lead to a focus on “fraudulent, abusive, and unlawful” traffic. Consortium Registration Order, 35 FCC Rcd at 3121, para. 29. 37. Traceback Group’s Commitment to Focus on Fraudulent, Abusive, and Unlawful Traffic. The Traceback Group states that it maintains a comprehensive sourcing policy, consistent with section 222(d)(2), assuring that private-led efforts to trace back the origin of suspected unlawful robocalls conducted by the Traceback Group focus on “fraudulent, abusive, or unlawful” traffic. The Traceback Group’s policies and procedures include detailed information regarding sourcing of suspected illegal robocalls for traceback to satisfy the requirements of section 222(d)(2). USTelecom Letter of Intent, Appx. B. The Traceback Group only shares a traceback request if: (1) a credible and verifiable source is providing information regarding the Traceback Candidate; (2) the nature of the traffic associated with any traceback is deemed by Traceback Group staff to be fraudulent, abusive, or unlawful; and, (3) initiation of the traceback warrants utilization of Traceback Group resources. Id. at 11. The Traceback Group asserts that these procedures prevent it from engaging in problematic overreach that might infringe upon the privacy of telecommunications users, while remaining swift enough to provide information in a timely manner. Id. 38. Comments. No commenter raised concerns about the Traceback Group’s ability to satisfy this requirement. 39. Analysis. We find that the Traceback Group is committed to focusing on conducting tracebacks of fraudulent, abusive, or unlawful traffic. The Traceback Group has a proven track record of focusing its activities on the most egregious, disruptive, or voluminous calling campaigns. Accordingly, we find that the Traceback Group continues to meet the statutory requirement to focus on fraudulent, abusive, or unlawful traffic. IV. CONCLUSION 40. We determine that the incumbent Traceback Group satisfies the statutory requirements of the TRACED Act. In addition to the qualities and policies it presented initially, the Traceback Group has modified its policies and procedures to better oversee members, and has demonstrated an ability to handle a large volume and diverse array of traceback activities, in a timely manner. Thus, we retain the Traceback Group as the registered traceback consortium. V. PROCEDURAL MATTERS 41. People with Disabilities. To request material in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (tty). 42. Further Information. For further information about the Report and Order, contact Monica Echevarria, Attorney Advisor, Telecommunications Consumers Division, Enforcement Bureau, at (202) 418-1334 or Monica.Echevarria@fcc.gov. VI. ORDERING CLAUSES 43. Accordingly, IT IS ORDERED, pursuant to sections 4(i) and 4(j), of the Communications Act of 1934, as amended, 47 U.S.C. §§ 154(i) and 154(j), and section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. 116-105, 133 Stat. 3274, this Report and Order IS ADOPTED. 44. IT IS FURTHER ORDERED that, pursuant to section 1.102(b)(1) of the Commission’s rules, 47 CFR § 1.102(b)(1), this Report and Order SHALL BE EFFECTIVE immediately upon release. FEDERAL COMMUNICATIONS COMMISSION Loyaan A. Egal Acting Chief Enforcement Bureau 2