September 9, 2021 FCC FACT SHEET* Establishment of a Public Safety Answering Point Do-Not-Call Registry Further Notice of Proposed Rulemaking - CG Docket No. 12-129; PS Docket No. 21-343 Background: In 2012, pursuant to section 6507 of the Middle Class Tax Relief and Job Creation Act (Tax Relief Act), the Commission adopted rules establishing a Do-Not-Call registry for telephone numbers used by Public Safety Answering Points (PSAPs) and prohibiting the use of autodialers to contact those registered numbers. Autodialer equipment can generate large numbers of unwanted calls to emergency lines, thus interfering with public safety communications systems, diverting critical responder resources, and impeding the public’s access to emergency services. In adopting these rules, the Commission made clear that operational details remained to be resolved, such as the method for PSAPs to add numbers to the registry and how the registry can be accessed by callers to facilitate compliance with the rules. As Commission staff moved forward to create the registry, including consulting with Federal Trade Commission staff, the public safety community, and others, security concerns emerged. For example, granting callers access to a potential trove of PSAP telephone numbers as the method to prevent autodialed calls to those numbers, without thorough vetting of registry users, could make disruptive robocalling to PSAPs easier, not harder. In light of concerns about the possible security threat of granting access to the registered PSAP numbers to a potentially broad range of entities that claim to be autodialer operators, new threats that may have emerged since 2012, and changes in technology and law, this Further Notice of Proposed Rulemaking proposes that the Commission reassess its earlier approach to protect PSAPs from unwanted autodialed calls by limiting access to registered PSAP telephone numbers to voice service providers that would block autodialed calls made to those telephone numbers. What the Further Notice of Proposed Rulemaking Would Do: • Propose that voice service providers be required to block autodialed calls made to PSAP telephone numbers registered on the PSAP Do-Not-Call registry. • Seek comment on the extent to which autodialed calls and text messages continue to be a problem for PSAPs, including whether the number of such unwanted calls has significantly changed in response to technological evolutions since 2012. • Seek comment on the seriousness of the security risks associated with housing registered PSAP telephone numbers in a centralized database and granting access to those numbers to callers purporting to need them to comply with our rules. • Seek comment on whether and how to develop stronger security controls for a PSAP Do-Not-Call registry as well as on whether there are new technological controls that could effectively prevent autodialed calls to PSAP numbers that should be considered. • Seek comment more broadly on ways to protect PSAPs from cyberattacks and disruptions other than those conducted with robocalls. * This document is being released as part of a "permit-but-disclose" proceeding. Any presentations or views on the subject expressed to the Commission or its staff, including by email, must be filed in CG Docket No. 12-129 and PS 21-343, which may be accessed via the Electronic Comment Filing System (https://www.fcc.gov/ecfs/). Before filing, participants should familiarize themselves with the Commission’s ex parte rules, including the general prohibition on presentations (written and oral) on matters listed on the Sunshine Agenda, which is typically released a week prior to the Commission’s meeting. See 47 CFR § 1.1200 et seq. Federal Communications Commission FCC-CIRC2109-05 Before the Federal Communications Commission Washington, D.C. 20554 In the Matter of ) ) Implementation of the Middle Class Tax Relief ) CG Docket No. 12-129 and Job Creation Act of 2012 ) ) Establishment of a Public Safety Answering Point ) Do-Not-Call Registry ) ) Enhancing Security of Public Safety Answering ) PS Docket No. 21-343 Point Communications ) FURTHER NOTICE OF PROPOSED RULEMAKING* Adopted: _, 2021 Released: , 2021 Comment Date: (30 days after date of publication in the Federal Register) Reply Comment Date: (45 days after date of publication in the Federal Register) By the Commission: I. INTRODUCTION 1. As part of its longstanding mission to “promot[e] safety of life and property through the use of wire and radio communications,”1 the Commission has taken a number of important steps to protect the integrity and availability of our nation’s emergency communications systems, including the security of our nation’s 911 system. In 2012, Congress attempted to address a potential public safety threat by adopting section 6507 of the “Middle Class Tax Relief and Job Creation Act” (Tax Relief Act).2 That provision required the Commission to “initiate a proceeding to create a specialized Do-Not-Call registry” for Public Safety Answering Points (PSAPs)3 to protect them from unwanted or illegal robocalls * This document has been circulated for tentative consideration by the Commission at its September 30, 2021 open meeting. The issues referenced in this document and the Commission’s ultimate resolution of those issues remain under consideration and subject to change. This document does not constitute any official action by the Commission. However, the Acting Chairwoman has determined that, in the interest of promoting the public’s ability to understand the nature and scope of issues under consideration, the public interest would be served by making this document publicly available. The FCC’s ex parte rules apply and presentations are subject to “permit-but-disclose” ex parte rules. See, e.g., 47 C.F.R. §§ 1.1206, 1.1200(a). Participants in this proceeding should familiarize themselves with the Commission’s ex parte rules, including the general prohibition on presentations (written and oral) on matters listed on the Sunshine Agenda, which is typically released a week prior to the Commission’s meeting. See 47 CFR §§ 1.1200(a), 1.1203. 1 47 U.S.C. § 151. 2 Middle Class Tax Relief and Job Creation Act of 2012, Pub. L. No. 112-96 § 6507 (2012) (Tax Relief Act) codified in relevant part at 47 U.S.C. § 1473. 3 See 47 U.S.C. § 1473(a). Federal Communications Commission FCC-CIRC2109-05 and to issue associated regulations after providing the public with notice and an opportunity to comment.4 2. The Commission took steps in 2012 to implement section 6507 and protect PSAPs from calls that originate with “automatic telephone dialing system” equipment used to generate large numbers of unwanted calls to emergency lines, thus interfering with public safety communications systems, diverting critical responder resources, and impeding the public’s access to emergency services.5 3. To fulfill this mandate, the Commission adopted rules to establish a Do-Not-Call registry for telephone numbers used by PSAPs and to prohibit the use of “automatic dialing equipment” to contact those registered numbers for non-emergency purposes. The registry has never been fully implemented. In light of concerns about the possible security threat it might pose to grant access to the registered PSAP numbers to a potentially broad range of entities that claim to be autodialer operators as the means to facilitate compliance with a PSAP Do-Not-Call registry, and new threats that may have emerged since 2012, we propose that voice service providers6 be required to block autodialed calls made to PSAP telephone numbers registered on the PSAP Do-Not-Call registry. We believe this approach best satisfies the requirements of the Tax Relief Act as well as Congress’ goal of protecting PSAPs from unwanted calls without subjecting our nation’s emergency call centers to unnecessary security risks. We also seek comment on this approach and on ways that we can protect PSAPs from attacks and disruption other than those conducted with robocalls. II. BACKGROUND 4. In 2012, Congress passed the Tax Relief Act.7 Section 6507 of the Tax Relief Act required the Commission to “initiate a proceeding to create a specialized Do-Not-Call registry” for PSAPs.8 It requires the Commission to issue regulations permitting verified PSAP administrators or managers to register telephone numbers of all 911 trunks and other lines used for the provision of emergency services, provide a process for verifying registered numbers, provide a process for granting and tracking access to the registry by operators of automatic dialing equipment, protect the list of registered numbers from disclosure or dissemination, and prohibit the use of autodialer equipment to establish contact with registered numbers.9 The Tax Relief Act further directed the Commission to establish substantial monetary penalties for automatically dialing registered numbers as well as for 4 This is consistent with the Commission’s ongoing efforts to protect PSAPs from robocalls. See, e.g., 47 U.S.C. § 227(b)(1)(A) (prohibiting the use of an autodialer to make any call to an “emergency telephone line” including a “911 line” absent prior express consent or an emergency purpose); see also 47 CFR § 64.1200(a)(1); 47 CFR § 64.1202. 5 See Implementation of the Middle Class Tax Relief and Job Creation Act of 2012, Establishment of a Public Safety Answering Point Do-Not-Call Registry, CG Docket No. 12-129, Report and Order, 27 FCC Rcd 13615 (2012) (PSAP DNC Order). Because the Tax Relief Act did not define “automatic dialing” or “robocall” equipment, the Commission concluded that these terms are equivalent to “automatic telephone dialing system” as defined in the Telephone Consumer Protection Act (TCPA). PSAP DNC Order, 27 FCC Rcd at 13629, para. 29. In relevant part, the TCPA prohibits the use of “automatic telephone dialing systems” to make non-emergency calls to emergency telephone lines, including 911 lines and those of fire protection and law enforcement agencies, among other recipients. 47 U.S.C. § 227(b)(1)(A)(i). In this FNPRM, we use the terms “autodialer” and “autodialed” to refer to callers and calls that use an “automatic telephone dialing system” as defined in the TCPA. 6 For purposes of this Further Notice of Proposed Rulemaking, a “voice service provider” is any entity originating, carrying, or terminating voice calls through time-division multiplexing (TDM), VoIP, or commercial mobile radio service (CMRS). See Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-59, Third Report and Order, Order on Reconsideration, and Fourth Further Notice of Proposed Rulemaking, 35 FCC Rcd 7614, 7615 n.3 (2020). 7 47 U.S.C. § 1473. 8 Id. at § 1473(a). 9 Id. at § 1473(b). 2 Federal Communications Commission FCC-CIRC2109-05 disclosure or dissemination of numbers by parties granted access to the registry.10 5. In October 2012, the Commission adopted rules to implement section 6507.11 The rules established processes for PSAPs to add numbers to the registry and for granting and tracking access to operators of automatic dialing equipment.12 And the Commission limited operators’ access to the registry to ensure compliance with the statute and the Commission’s rules regarding autodialed calls to numbers in the PSAP Do-Not-Call registry.13 To obtain access to the numbers, operators must furnish certain contact information and certify that they are accessing the registry solely to prevent autodialed calls to PSAP numbers on the registry.14 In accordance with section 6507, the Commission adopted significant monetary penalties for unauthorized disclosure or dissemination of registered PSAP numbers and use of an autodialer to contact any registered PSAP number for a non-emergency purpose.15 In developing rules to establish the PSAP Do-Not-Call registry, the Commission explained that it relied on the experience gained from the operation of the National Do-Not-Call Registry for residential telephone subscribers and adopted rules largely consistent with those that have proven effective and efficient for compliance with that registry.16 6. Even as it adopted these rules, the Commission made clear that operational details remained to be resolved, such as the method for PSAPs to add numbers to the registry and how the registry can be accessed by callers to facilitate compliance with the rules.17 The Commission delegated authority to the Consumer and Governmental Affairs Bureau (CGB) and Office of Managing Director (OMD) to take the relevant actions necessary to resolve these details and perform any ongoing role in this respect.18 7. As Commission staff moved forward to create the registry, including consulting with 10 Id. at § 1473(c). 11 See PSAP DNC Order; see also 47 CFR § 64.1202. Section 6507 of the Tax Relief Act requires that the Commission’s regulations: (1) permit verified public safety answering point administrators or managers to register the telephone numbers of all 911 trunks and other lines used for the provision of emergency services to the public or for communications between public safety agencies; (2) provide a process for verifying, no less frequently than once every 7 years, that registered numbers should continue to appear upon the registry; (3) provide a process for granting and tracking access to the registry by the operators of automatic dialing equipment; (4) protect the list of registered numbers from disclosure or dissemination by parties granted access to the registry; and (5) prohibit the use of automatic dialing or “robocall” equipment to establish contact with registered numbers. 47 U.S.C. § 1473(b). 12 See generally PSAP DNC Order. 13 47 CFR § 64.1202(f). See also 47 C.F.R. § 64.1202(c). This prohibition encompasses both autodialed voice and text calls. See 47 CFR § 64.1202(c); PSAP DNC Order, 27 FCC Rcd at 13627, para. 25. 14 47 CFR § 64.1202(d). To further facilitate compliance with the prohibition on using an autodialer to call any registered PSAP number, the Commission required an operator of automatic calling equipment to “access and employ a version of the PSAP Do-Not-Call registry obtained from the registry administrator no more than 31 days prior to the date that any call is made.” Id. at § 64.1202(e). 15 See PSAP DNC Order, 27 FCC Rcd at 13629-30, para. 30; 47 CFR § 1.80(b)(7)-(8); see also 47 U.S.C. § 1473(c). For unauthorized disclosure or dissemination of registered numbers, the Commission established monetary penalties that are “not less than $100,000 per incident nor more than $1,000,000 per incident.” For use of automatic dialing equipment to contact numbers on the registry, the Commission established monetary penalties that are “not less than $10,000 per call nor more than $100,000 per call.” These forfeitures have since been adjusted for inflation. See Amendment of Section 1.80(b) of the Commission’s Rules, Adjustment of Civil Monetary Penalties to Reflect Inflation, Order, DA 20-1540 (EB 2020); Annual Adjustment of Civil Monetary Forfeiture Penalties to Reflect Inflation, 86 Fed. Reg. 3830 (Jan. 15, 2021). 16 PSAP DNC Order, 27 FCC Rcd at 13616, para. 2. 17 Id. at 13620-21, para. 11. 18 Id. 3 Federal Communications Commission FCC-CIRC2109-05 Federal Trade Commission (FTC) staff, the public safety community, and others, security concerns emerged.19 For example, granting callers access to a potential trove of PSAP telephone numbers as the method to prevent autodialed calls to those numbers, without thorough vetting, could make disruptive robocalling to PSAPs easier, not harder. Further, changes in technology and the legal framework in the years since the passage of the Tax Relief Act and the adoption of our rules may have reduced the efficacy of the rules, and the rules may not address new types of threats that have emerged and may fail to incorporate newly available techniques for safeguarding the security of databases containing sensitive information. In addition, changes in call blocking technologies and regulatory efforts afford new protections from autodialed calls.20 With this Further Notice of Proposed Rulemaking, we seek comment on proposed revisions to our rules as well as ways to address these issues to achieve Congress’ goal of protecting PSAPs from unwanted autodialed calls in the most efficient and secure manner. III. DISCUSSION A. PSAP Do-Not-Call Registry 8. As part of our broader work to strengthen the nation’s 911 system, and given the near decade that has passed since the Commission adopted rules to create the PSAP Do-Not-Call registry, we take this opportunity to gather updated information and propose how best to fulfill Congress’ goal of protecting PSAPs from disruptive robocalls in a manner that avoids the potential security risks of making registered PSAP numbers available to those claiming to be autodialer operators. 9. Specifically, we are concerned that the registry’s design, as set forth in the rules adopted in 2012, does not enable the Commission to: (1) verify whether a party seeking access to registered PSAP numbers is a good faith autodialer operator seeking to comply with our rules; (2) prevent misuse of registry data; or (3) ensure registry data is secure. As a result, without a design change, malicious actors may be able to exploit the registry as originally conceived to obtain public safety phone numbers and numbers associated with 911 trunks and use them to launch distributed denial-of-service attacks or other measures that could threaten the nation’s emergency call system. 10. We therefore propose to reassess the Commission’s earlier approach to protect PSAPs from unwanted autodialed calls while seeking comment on other possible actions we might take to address those security concerns in a manner that most efficiently satisfies Congress’ goal of protecting PSAPs from unwanted calls. Specifically, we propose that voice service providers be required to block autodialed calls made to PSAP telephone numbers on the PSAP Do-Not-Call registry. Should this proposal not prove feasible, we seek comment on whether and how to develop stronger security controls for a PSAP Do-Not-Call registry that, in other respects, functions in the manner contemplated in our 2012 rules, as well as on whether other technological controls or regulatory solutions could effectively prevent autodialed calls to PSAP numbers in a way that does not require granting certain entities direct access to lists of those numbers. In addition, we invite comment on how best to reconcile any approach under consideration with our statutory obligations under section 6507. In each instance, we request comment on the costs and time frames required to implement the various solutions discussed herein, including how to mitigate the impact on small businesses. 11. We also seek comment on what legal authorities are relevant to the Commission’s role in protecting PSAPs from unauthorized access and disclosure of their data, and this request should inform comments on each of the proposals described below. 1. Extent of the Problem 12. We begin by seeking updated information about the magnitude of the problem that the 19 The PSAP Do-Not-Call registry has not become operational as yet, primarily due to the security concerns we describe in this item. 20 See, e.g., Call Authentication Trust Anchor, WC Docket No. 17-97, Second Report and Order, 36 FCC Rcd 1859 (2020) (Call Authentication Second Report and Order). 4 Federal Communications Commission FCC-CIRC2109-05 registry is intended to address—i.e., the frequency of autodialer-initiated calls to PSAPs’ telephone lines and the extent of the disruption and other harms that these calls cause. As noted above, section 6507 is designed to address concerns about the use of “automatic dialing equipment” that can generate large numbers of phone calls to PSAPs in a short period of time.21 In adopting the registry rules, the Commission noted that autodialers “can tie up public safety lines, divert critical responder resources from emergency services, and impede the public’s access to emergency lines.”22 13. We seek comment on the extent to which autodialed calls continue to be a problem for PSAPs. Has the number of such unwanted calls changed in any significant way since 2012? For example, have technological changes resulted in more unwanted autodialed calls being made to PSAPs or have any new technological or regulatory solutions, such as blocking technologies, arisen that allow PSAPs to better protect themselves from unwanted calls? Does the extent of this problem vary depending on whether the autodialed calls are voice calls or texts? Are there situations in which entities that intended to disrupt PSAP operations used autodialers or similar technologies in denial-of-service attacks to disrupt the provision of emergency services? How do those incidents shed light on the risk and potential harms that might result from the misuse of registered PSAP numbers? Have such incidents increased since 2012, as technology has changed? Are there new or evolving robocall threats to PSAPs that the registry is not designed for or otherwise cannot address? If so, are there ways to adapt the registry to such threats? 14. To what extent does the recent Supreme Court decision addressing the TCPA’s definition of “automatic telephone dialing system” impact the efficacy of the PSAP Do-Not-Call registry? For example, does the Supreme Court’s decision potentially narrow the types of equipment that fall within that definition, and thus limit the number of callers subject to the prohibition on autodialing registered PSAP numbers?23 If fewer callers are deemed “autodialers” under the ruling than previously, does that have implications for our assessment of the security risk by potentially reducing the number of callers that will need to access the registry? Correspondingly, does it change the protections afforded to PSAPs by narrowing the types of callers that are prohibited from calling registered telephone numbers? 2. Call Blocking Proposal 15. In light of potential security concerns involved with granting access to the registered PSAP numbers to a broad range of autodialer operators as the means to facilitate compliance with the PSAP Do-Not-Call registry as contemplated in 2012, we propose that the Commission consider a 21 47 U.S.C. § 1473(b). The statute refers to such equipment in one instance as “robocall” equipment. See id. § 1473(b)(5) (the Commission shall issue rules that “prohibit the use of automatic dialing or ‘robocall’ equipment to establish contact with registered numbers.”). Although the Commission has used “robocalls” to refer both to calls placed using an automatic telephone dialing system and to calls that contain prerecorded voice messages, the Tax Relief Act makes no reference to prerecorded voice calls. As a result, the Commission interpreted the term “robocall” as used therein to have the same meaning as calls made using “automatic dialing equipment” and not to encompass prerecorded voice calls unless they are made with an autodialer. See PSAP DNC Order, 27 FCC Rcd at 13629, para. 29. We seek comment on whether to revisit this definition. 22 PSAP DNC Order, 27 FCC Rcd at 13616, para. 2. 23 See Facebook, Inc. v. Duguid, 141 S.Ct. 1163, at 1168-73 (2021) (holding that to qualify as an “automatic telephone dialing system” under the TCPA, a device must have the capacity either to store a telephone number using a random or sequential number generator, or to produce a telephone number using a random or sequential number generator). While the determination of what specific types of equipment fall within the TCPA’s definition of an autodialer bears on exactly which callers are prohibited under section 6507 from calling registered PSAP numbers, that issue is beyond the scope of this proceeding. The Commission has opened proceedings to consider the autodialer definition. See, e.g., Consumer and Governmental Affairs Bureau Seeks Comments on Interpretation of the Telephone Consumer Protection Act in Light of the D.C. Circuit’s ACA International Decision, CG Docket Nos. 18-152 and 02-278, Public Notice, 33 FCC Rcd 4864 (2018); Consumer and Governmental Affairs Bureau Seeks Further Comment on Interpretation of the Telephone Consumer Protection Act in Light of the Ninth Circuit’s Marks v. Crunch San Diego, LLC Decision, CG Docket Nos. 18-152 and 02-278, Public Notice, 33 FCC Rcd 9429 (2018). 5 Federal Communications Commission FCC-CIRC2109-05 different approach to create a PSAP Do-Not-Call registry. Specifically, we propose that voice service providers block autodialed calls made to registered PSAP telephone numbers on the PSAP Do-Not-Call registry. As the means to identify the calls to be blocked, we note that our rules already require autodialer operators seeking access to the registry to provide certain information including “all outbound telephone numbers used to place autodialed calls, including both actual originating numbers and numbers that are displayed on caller identification services.”24 We propose that such registered “outbound” telephone numbers used to make autodialed calls be provided to voice service providers as the means to identify those autodialed calls that should be blocked when made to registered PSAP numbers. We believe this call blocking approach will encourage registration by both autodialer operators and PSAPs on the PSAP Do-Not-Call registry by providing a cost effective and secure means to facilitate compliance with the statutory obligation to protect PSAPs from unwanted autodialed calls. 16. We propose to give voice service providers access to the PSAP telephone numbers and outbound autodialer telephone numbers registered on the PSAP Do-Not-Call registry. We further propose to require voice service providers to block any calls that originate from a registered autodialer number when made to a registered PSAP telephone number. We believe this call blocking approach to implement the PSAP Do-Not-Call registry is more efficient and more secure than granting autodialer operators access to a centralized database of PSAP numbers and relying on them to comply with our rules. Under this approach, access to the registered PSAP telephone numbers is restricted to more easily verified voice service providers that can ensure compliance by blocking calls made to the PSAP telephone numbers rather than entrusting compliance to an unknown number of robocallers whose identity and intentions in seeking access to the database may be difficult to confirm. Specifically, we seek comment on whether such an approach would alleviate the security risks associated with allowing access to a centralized database of PSAP numbers to all autodialer users who register. Does granting voice service providers access to registered PSAP telephone numbers create any new security issues? If so, how should we minimize those concerns? How can the Commission ensure the security of the PSAP Do-Not-Call registry database from malicious actors? 17. Responsible Voice Service Providers. We seek comment on which voice service providers should be subject to the blocking requirement. Should one voice service provider in the call path be responsible for blocking calls from registered autodialer telephone numbers to registered PSAP telephone numbers? Are certain voice service providers, such as those originating or terminating calls or those voice service providers that are also covered 911 service providers,25 better suited to carry out this obligation? 18. Emergency Autodialed Calls. We seek comment on whether to limit our blocking requirement only to non-emergency autodialed calls. Our current rules prohibit operators of robocalling equipment from using such equipment to contact registered PSAP numbers “other than for an emergency purpose.”26 Should we retain this distinction or should we instruct voice service providers to block any calls from a registered autodialer number to a registered PSAP number? Are there situations when autodialer users may use autodialing equipment to make an emergency call? If so, how should the Commission account for such a possibility? Should we grant access to the registry only to those autodialer numbers that are used solely for non-emergency purposes? Should we adopt rules that establish a presumption that all calls from registered autodialer telephone numbers are non-emergency calls, and if so, what steps should we take to ensure emergency calls to PSAPs are not inadvertently blocked? Are there any other barriers, costs, or considerations we should take into account in adopting rules that require voice service providers to block non-emergency calls from registered autodialer 24 47 CFR § 64.1202(d). 25 See 47 CFR § 9.19(a)(4). 26 47 CFR § 64.1202(c). Our rules define “emergency purpose” as “a call made necessary in any situation affecting the health and safety of any person.” 47 CFR § 64.1202(a)(3). 6 Federal Communications Commission FCC-CIRC2109-05 telephone numbers to registered PSAP numbers? 19. Preventing Unauthorized Disclosure of Registered Numbers. We propose and seek comment on extending our existing restrictions on disclosure and dissemination of registered numbers to voice service providers that might be granted access to the registry under our proposed approach.27 Are our current restrictions sufficient or should we adopt new or different restrictions to prevent the unauthorized disclosure of registered numbers? 20. Erroneous Blocking. We believe that our call blocking proposal to create the PSAP Do- Not-Call registry is consistent with the Commission’s broader call blocking efforts.28 For example, the Commission has now empowered terminating voice service providers to block calls they identify as highly likely to be illegal based on reasonable call analytics.29 We believe that blocking autodialed calls to PSAPs, as required by section 6507, naturally fits into this scheme. Is such a blocking requirement technically feasible for voice service providers? If so, can those programs ensure that calls PSAPs wish to receive are not blocked? Should the Commission consider a safe harbor from liability for good faith blocking of phone calls to PSAPs from originating numbers that are erroneously entered into the registry? Should autodialer operators be afforded a safe harbor from liability when they have submitted an outbound telephone number to the PSAP registry, but the call is not blocked through the fault of the voice service provider or registry administrator? 21. Verifying and Updating the Registry. Are there other safeguards the Commission should adopt to ensure that emergency phone calls are not affected by our call blocking proposal to avoid inadvertently blocking legitimate emergency calls? Our current rules require that all contact information provided by an autodialer operator to gain access to the registry, including the outbound telephone numbers used to place autodialed calls, be updated within 30 days of any change to this information.30 Is this requirement sufficient to ensure that the database of telephone numbers used to identify those autodialed calls to be blocked remains updated to remove telephone numbers that are no longer used to make autodialed calls and add new telephone numbers that are used to make autodialed calls? Or should we consider any new or different requirements to ensure that the database of registered telephone numbers used to make autodialed calls remains accurate over time? Are there alternative methods and sources that should be employed by the voice service provider or registry administrator to ensure that only non-emergency calls are blocked to registered PSAP telephone numbers? Is there a cost-effective means for voice service providers to track the use of such telephone numbers to determine if they have been recently ported to non-autodialer users? Should we require voice service providers to report to the Commission the number of blocked autodialer calls to PSAPs in order to help the Commission assess how frequently such calls occur and whether the registry is effective? 22. Security Risks. Would such a call blocking requirement raise the risk that a malicious actor could reverse-engineer a list of PSAP numbers by determining what calls have been blocked? Would that create any additional security risk for PSAPs? If there is such a risk, would this allow bad- actor callers to spoof the PSAP number and avoid all blocking under our existing rule limiting blocking 27 See 47 CFR § 64.1202(f); see also 47 U.S.C. § 1473(c)(1). 28 See, e.g., Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-59, WC Docket No. 17-97, Report and Order and Further Notice of Proposed Rulemaking, 32 FCC Rcd 9706 (2017) (Call Blocking First Report and Order). 29 Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-69, Fourth Report and Order, 35 FCC Rcd 15221, 15234-15238, paras. 39-47 (2020) (Call Blocking Fourth Report and Order); see also Advanced Methods to Target and Eliminate Unlawful Robocalls; Call Authentication Trust Anchor, CG Docket No. 17-59; WC Docket No. 17-97, Fifth & Fourth Further Notice of Proposed Rulemaking, FCC 21-[xxx], paras. [xxxx], (re1. [xxx]) (Gateway Provider FNPRM) (proposing that gateway providers must block calls under certain circumstances); 47 CFR § 64.1200(k)(3). 30 See 47 CFR § 64.1202(d). 7 Federal Communications Commission FCC-CIRC2109-05 emergency calls from PSAPs?31 If so, what could the Commission do to address this concern? Should the Commission’s transparency and redress requirements for blocked calls apply to blocking done pursuant to a PSAP Do-Not-Call registry?32 Are there other factual, legal, or policy factors that we should consider before allowing voice service providers to block calls to PSAP numbers that are used for emergency purposes? 23. Alternatively, would such a requirement raise the risk that a malicious actor may purposely register non-autodialing outgoing numbers into the registry in order to prevent legitimate emergency callers from contacting PSAPs? If so, how can the Commission address such a concern? Are there any other potential security concerns the Commission may need to address? 24. Costs and Impact on Small Business. Finally, we seek comment on the impact of such a proposal on small businesses and any potential alternatives that may reduce the impact of autodialed calls on PSAPs without imposing burdens on such small businesses. We tentatively conclude that the benefits associated with our proposal exceed the costs and seek comment on this tentative conclusion. We seek comment on any specific cost concerns associated with our proposal. Are there ways to mitigate any costs or burdens on smaller voice providers associated with implementing a call blocking approach to satisfy the statutory obligation to create a PSAP Do-Not-Call registry? 25. Statutory Authority. We believe that our proposed approach satisfies our statutory obligation to “create a specialized Do-Not-Call registry” for PSAPs.33 Specifically, this proposal permits PSAPs to register their telephone numbers on the registry; protects the list of registered PSAP numbers from disclosure or dissemination by limiting distribution to voice service providers; and prohibits the use of autodialers to contact those registered telephone numbers by blocking such calls when made to a registered PSAP telephone number.34 Consistent with our existing rules, PSAPs will be afforded a process for verifying, on an annual basis, that registered PSAP numbers should continue to appear upon the registry.35 In addition, we believe that this approach satisfies our statutory requirement to “provide a process for granting and tracking access to the registry by the operators of automatic dialing equipment.”36 Our proposal allows operators of autodialing equipment to “access” the registry by allowing them to upload their numbers into the database to avoid the monetary fines associated with calling a PSAP number on the registry. We seek comment on this analysis of the statutory requirements contained in section 6507(b) as applied to the call blocking proposal in this Further Notice, including the extent to which the Commission’s current rules must be amended to implement this proposal. 3. Do-Not-Call Registry 2012 Security Concerns 26. We seek comment on our assessment of the seriousness of the security risks associated with housing registered PSAP telephone numbers in a centralized database and granting access to those numbers to callers purporting to need them to comply with our rules as contemplated in 2012. We are particularly interested in comments from PSAPs, law enforcement agencies, and national security agencies on these risks. To what extent, if any, would granting access to a list of PSAP numbers enhance 31 See 47 CFR § 64.1200(k)(6) (“A provider may not block a voice call under paragraph (k)(1) through (4) or (11) of this section unless that provider makes all reasonable efforts to ensure that calls from public safety answering points and government emergency numbers are not blocked.”); Gateway Provider FNPRM, para. [xxxxx] (reiterating this rule). 32 See 47 CFR § 64.1200(k)(8); Call Blocking Fourth Report and Order 35 FCC Rcd at 15238-47, paras. 48-78; Call Blocking Third Report and Order, 35 FCC Rcd at 7633-36, paras. 51-59. 33 47 U.S.C. § 1473. 34 Id. § 1473(b). 35 47 CFR § 64.1202(b). 36 47 U.S.C. § 1473(b)(3). 8 Federal Communications Commission FCC-CIRC2109-05 the ability of bad actors to initiate a denial-of-service attack on a PSAP?37 Are there other comprehensive sources of PSAP telephone numbers already available, such that incremental risks added by the registry would be minimal?38 Even if some individual PSAP numbers are obtainable from alternative sources, to what extent would access to a single centralized database of such numbers increase the security risks of misuse of such numbers? On balance, do these security concerns outweigh the potential protections a registry affords from unwanted autodialed calls? How might we best address the security concerns posed by a centralized database of PSAP telephone numbers that would allow us to move forward with the creation of a PSAP Do-Not-Call registry, as contemplated in 2012, in a manner that does not jeopardize PSAPs and emergency callers that rely on PSAPs? 27. To what extent do the significant potential monetary penalties for PSAP Do-Not-Call violations and for unauthorized dissemination or distribution of the registered PSAP numbers impact our analysis of the risks of potential abuse? To what extent are the effectiveness of such monetary penalties undermined when dealing with individuals or entities who seek to intentionally disrupt the provision of emergency services and make efforts to conceal their identity, or who are foreign actors against whom it may be difficult or impossible to enforce such penalties? Does the implementation of STIR/SHAKEN caller ID authentication technology,39 or the efforts of the registered traceback consortium to trace calls back to their source,40 make it less likely that callers initiate denial-of-service attacks on PSAPs by making it easier to determine the source of a call? 4. Alternative Solutions to the Do-Not-Call Registry Security Issues 28. Enhanced Caller Vetting. If the call blocking proposal to protect PSAPs from unwanted autodialed calls proves unworkable, are there other mechanisms or safeguards that the Commission could implement to effectively vet the identity of users who seek access to registered PSAP numbers to reduce the likelihood of providing access to those telephone numbers to bad actors that might misuse these numbers, and if so, what are they? We note that our rules already require that entities seeking access to the registry provide certain contact information including, for example, the names under which the registrant operates, a business address, a telephone number, an email address, and a contact person.41 Is this information sufficient to confirm the identity and intent of the party seeking access to the registry or should we impose additional or different requirements? How could we prevent parties that seek access to the registry for malicious purposes from submitting false information to circumvent our review and gain access to the registry under false pretenses? Would any such measures be consistent with section 6507(b)(3), which directs the Commission to “provide a process for granting and tracking access to the registry by the operators of automatic dialing equipment?” For instance, do we have discretion under that provision to limit access only to certain operators? Is our discretion in that regard supported by the fact that section 6507(b)(4) directs the Commission to “protect the list of registered numbers from disclosure or dissemination by parties granted access to the registry?” Is there any level of cost-effective vetting we could do that would sufficiently guard against improper use of the registry? We ask commenters to provide cost information on any suggested mechanisms or safeguards. 29. Improved Data Security Requirements. Even with sufficient vetting of registry users, 37 In contrast to nuisance calls that can disrupt PSAP service inadvertently by tying up lines, a denial-of-service attack is the result of an intentional act with the malicious intent to disrupt the provision of emergency services. 38 If malicious parties can obtain PSAP numbers from sources other than the PSAP Do-Not-Call registry, then making these numbers available through the registry may not significantly increase the risk of misuse of those numbers. 39 See generally Call Authentication Second Report and Order. 40 See Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), EB Docket No 20-22, Report and Order, 35 FCC Rcd 7886 (EB 2020). 41 47 CFR § 64.1202(d). In addition, parties seeking access to the PSAP Do-Not-Call registry must certify, under penalty of law, that they are accessing the registry solely to prevent autodialed calls to numbers on the registry. Id. 9 Federal Communications Commission FCC-CIRC2109-05 would there remain significant risks that PSAP telephone numbers could be disseminated, either intentionally or unintentionally, as part of that process (e.g., through carelessness or malicious hacking)? What security measures should the Commission consider to ensure that parties that obtain such sensitive data institute appropriate measures to prevent data breaches? What types of data security requirements might be appropriate? Should any such mechanisms relied upon to protect PSAP telephone numbers from unauthorized access or disclosure be adaptable to address data security issues? If so, would they need to be adaptable in real time or near-real time? How would such adaptation be effectuated as a practical matter? 30. We note that, consistent with section 6507(b)(1), our rules “permit,” but do not require, PSAPs to register “any PSAP telephone numbers associated with the provision of emergency services or communications with other public safety agencies.”42 Does the discretion afforded to PSAPs to decide which, if any, of their telephone numbers that they wish to place on the registry allow PSAPs to decide for themselves whether the benefits outweigh the risks of submitting numbers to the registry? How should this impact our review of the security risks of a PSAP Do-Not-Call registry? Can PSAPs, for example, decide to register only those numbers for which they determine that the protections from unwanted calls outweigh the potential harms from denial-of-service attacks? Do PSAPs have sufficient information to understand the protections and risks afforded by the PSAP Do-Not-Call registry, including an understanding of the types of dialing equipment that would be prohibited from calling those numbers under the TCPA’s definition of an “autodialer?” Should the Commission conduct outreach to ensure that PSAPs are aware of the potential benefits and risks of submitting their numbers for inclusion on the registry? Conversely, if PSAPs decline to register their numbers due to the security risk, would that undermine the effectiveness of the PSAP Do-Not-Call registry? What security protections, if any, would be necessary to reassure PSAPs that the benefits of participating in the registry outweigh the risks? We invite commenters to provide information on the costs and benefits of any proposed security protections. 5. Alternative Technical and Regulatory Solutions 31. Other Technological Solutions. Are there other technological solutions beyond our call blocking proposal that may have emerged in the near decade since section 6507 became law that the Commission might explore to protect PSAPs from unwanted calls while fulfilling the statute’s requirements? For example, could we require callers to filter their autodialed calls through a hardware or software platform that would house an encrypted list of registered PSAP numbers and would be able to block autodialing equipment from making calls to these numbers? Do such technologies exist, and would it be cost effective and technologically feasible to implement such a solution? If such a technological solution does not currently exist, what steps would be needed to develop such technology and what entity or entities might be best suited to do so? What costs in terms of time and money to develop such a technological fix?” 32. How long might it take to identify, develop, and implement any such alternative solution to a PSAP Do-Not-Call registry? What would it cost to create such a solution? Who would maintain the list of telephone numbers housed in such a technological solution, and how often would the technology be updated or would callers be required to install updates? Are there risks that legitimate emergency calls might be blocked if such a system were implemented? Are there other viable alternative technological options that we should consider that satisfy the specific statutory requirements and objectives of section 6507? Alternatively, should we consider certain options—even if they do not satisfy 6507 in and of themselves—that we could adopt in addition to measures that do satisfy 6507? 33. Security solutions exist today that can block calls to PSAPs that are determined to be 42 Id. § 64.1202(b). 10 Federal Communications Commission FCC-CIRC2109-05 fraudulent.43 These solutions become more effective when used in combination with STIR/SHAKEN. Is call blocking at the PSAP a more effective solution? Can PSAPs deploy the same blocking solutions that are used for consumers, or are more specialized solutions required? If blocking is to be based, at least in part, on information produced by STIR/SHAKEN, what information should the terminating provider disseminate to the PSAP to make this determination? If more specialized solutions are required, how do these tools differ from consumer blocking tools? Would the need for PSAPs to deploy this solution place additional technical complexity and/or additional financial burden on PSAPs and if so, how could this be mitigated?44 Which type of solutions can be deployed on a wide scale? 34. Apart from provider blocking, do PSAPs themselves have an ability to effectively block unwanted calls? If not, how long would it take and how much would it cost to implement such a blocking solution? Would requiring every autodialed call to identify itself as an automated call using the caller ID information allow PSAPs to block these calls more effectively? As discussed in further detail below, are there any “best practices” that PSAPs might implement to protect themselves from robocalls? We note, for example, that the Hospital Robocall Protection Group has issued a report outlining best practices that hospitals can use to protect hospitals against robocalls.45 Should the Commission consider outlining similar best practices for PSAPs? If so, what is the best method for doing so? For instance, should the Commission seek input from an existing or new advisory committee? 35. National Do-Not-Call Registry. Could we utilize the existing National Do-Not-Call Registry, working in conjunction with the FTC, to protect PSAPs from unwanted calls?46 The National Do-Not-Call Registry has been operational for almost two decades and currently protects over 240 million telephone numbers from telemarketing sales calls, or “telephone solicitations.”47 We note that the protections for consumers whose numbers are listed in the National Do-Not-Call Registry are both broader than those in section 6507, as the National Do-Not-Call Registry’s prohibition is not limited to just autodialed calls, and narrower, as the National Do-Not-Call Registry is limited to only those calls that 43 See DHS S&T Expands Pilot of Cybersecurity Tech for Emergency Communications Centers, News Release (April 8, 2021), https://www.dhs.gov/science-and-technology/news/2021/04/08/news-release-dhs-st-expands-pilot- cybersecurity-tech-emergency-communications-centers. 44 In the Commission’s most recent 911 Fee Report, only 15 of 50 states expended funds for cybersecurity programs for PSAPs. See, Twelfth Annual Report to Congress on State Collection and Distribution of 911 and Enhanced 911 Fees and Charges, para. 49 (Dec. 8, 2020) https://www.fcc.gov/files/12thannual911feereport2020pdf. 45 See Hospital Robocall Protection Group Report at https://www.fcc.gov/sites/default/files/hrpg_report.pdf (last visited Aug. 19, 2021). 46 In 2003, citing consumer dissatisfaction with increasing numbers of unwanted telemarketing calls, Congress enacted the Do-Not-Call Implementation Act, authorizing the FTC to adopt regulations establishing fees sufficient to implement and enforce a National Do-Not-Call Registry, and directing the Commission to promulgate rules addressing a do-not-call registry in coordination with the FTC. See Do-Not-Call Implementation Act, Pub. L. No. 108-10, 117 Stat. 557 (2003), codified at 15 U.S.C. § 6101; Rules and Regulations Implementing the Telephone Consumer Protection Act, CG Docket No. 02-278, Report and Order, 18 FCC Rcd 14014, 14028-65, paras. 16-85 (2003) (2003 TCPA Order), subsequent history omitted; 47 CFR § 64.1200(c) (same); Federal Trade Commission, Telemarketing Sales Rule, Final Rule, 68 Fed. Reg. 4580 (Jan. 29, 2003). The National Do-Not-Call Registry is administered by the FTC. We note that the PSAP DNC Order specifically contemplated working with the FTC to find the most efficient means to administer the PSAP Do-Not-Call registry. See PSAP DNC Order, 27 FCC Rcd at 13620, para. 11. 47 See FTC National Do-Not-Call Registry Data Book 2020 at 3, https://www.ftc.gov/system/files/documents/reports/national-do-not-call-registry-data-book-fiscal-year- 2020/dnc_data_book_2020.pdf (last visited Aug. 4, 2021). The TCPA defines a “telephone solicitation” as “the initiation of a telephone call or message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services, which is transmitted to any person” but not including calls or messages made with prior express invitation or permission, to any person with whom the caller has as established business relationship, or by a tax exempt nonprofit organization. 47 U.S.C. § 227(a)(3). 11 Federal Communications Commission FCC-CIRC2109-05 constitute telephone solicitations.48 In addition, the prohibition on calls made to telephone numbers in the National Do-Not-Call Registry contains certain exemptions not recognized in the Tax Relief Act.49 36. Nevertheless, would allowing PSAPs to register their telephone numbers on the National Do-Not-Call Registry afford them a more timely, cost-effective, and secure solution to stop many unwanted calls while shielding the identity of the relatively small number of PSAP numbers by including them among the hundreds of millions of other telephone numbers already contained in that registry? Could this approach, in conjunction with the TCPA’s existing protection from autodialed calls to “emergency telephone lines,”50 satisfy the goals of section 6507 while providing reasonable security safeguards that preclude parties from identifying those telephone numbers associated with PSAPs and using them for malicious purposes? Could the Commission work with the FTC to ensure this solution could be implemented in a timely manner? 37. Would this approach require Congress to revisit the statutory language associated with the Tax Relief Act and the TCPA to permit the Commission to implement this solution? This might include authorizing the inclusion of PSAP telephone numbers on a registry currently reserved for “residential telephone subscribers,” and used by callers making telephone solicitations rather than callers making autodialed calls.51 It might also include harmonizing the statutory monetary penalties associated with calling PSAP telephone numbers with those for violations of the TCPA.52 Alternatively, could the Commission work in conjunction with public safety organizations or their representatives to utilize any existing or planned databases of public safety numbers, rather than creating a new registry, to satisfy our obligations under the statute? If it is deemed not possible to implement section 6507 without creating significant new security risks to PSAPs, what should be done at that point? 38. We seek comment on these and any other potential solutions that allow us to protect registered PSAP numbers from unauthorized dissemination in a timely and cost-effective manner, while fulfilling Congress’ goal of stopping unwanted calls to PSAPs, including the costs and benefits of each approach. B. Other Security Threats to PSAPs 39. PSAPs can often be desirable targets for robocall and cyberattacks due to their public importance and the high degree of availability needed for these systems.53 For example, a recent TDOS attack reportedly affected 911 call centers in 12 states.54 In addition, PSAPs have been frequent targets of 48 The TCPA offers protections from autodialed calls to emergency lines even if they do not include a telephone solicitation. See 47 U.S.C. § 227(b)(1)(A); 47 CFR § 64.1200(a)(1); see also 47 CFR § 64.1200(c)(2) (prohibiting telephone solicitation calls to residential telephone numbers on the National Do-Not-Call Registry). 49 47 CFR § 64.1200(c). Exemptions from the prohibitions on calling numbers in the National Do-Not-Call Registry include calls made with prior express invitation or permission, by any person with whom the caller has an established business relationship, or by a tax-exempt nonprofit organization. Id. 50 See 47 U.S.C. § 227(b)(1)(A). 51 See id. § 227(c). We note that section 227(c)(1)(D) permits the Commission to “consider whether there is a need for additional Commission authority to further restrict telephone solicitations . . . and, if such a finding is made and supported by the record, propose specific restrictions to the Congress.” See also 47 U.S.C. § 1473(b)(5) (directing the Commission to adopt rules prohibiting autodialed calls made to numbers on a do-not-call registry for PSAPs). 52 Compare 47 U.S.C. § 1473(c) (establishing penalties of $10,000-$100,000 for autodialed calls to numbers on the PSAP do-not-call registry), with 47 U.S.C. § 227(b)(4) (prescribing forfeitures for TCPA violations according to section 503(b) of the Act). 53 See John Schuppe, Hackers have taken down dozens of 911 centers. Why is it so hard to stop them? (April 3, 2018), https://www.nbcnews.com/news/us-news/hackers-have-taken-down-dozens-911-centers-why-it-so-n862206. 54 See, e.g., SOS Musings #49 - 911: We Have a Cybersecurity Emergency (May 26, 2021), https://cps- vo.org/node/76327. 12 Federal Communications Commission FCC-CIRC2109-05 ransomware attacks,55 which leverage PSAPs’ administrative broadband connections to shut down or hamper PSAP operations by encrypting their information until a ransom is paid. While training and some mitigation and preventative solutions exist today,56 cybersecurity events continue to affect the ability of PSAPs to respond to 911 calls, locate 911 callers, and dispatch assistance. How can the Commission aid in securing PSAPs against these types of attacks? 40. As 911 services evolve, the ability to reach PSAPs by text, video and data transmissions create additional vulnerabilities that may be exploited. As states and local jurisdictions have deployed text-to-911 capabilities, have PSAPs experienced attacks using text messaging as an attack vector? Have PSAPs transitioning to Next Generation 911 (NG911) systems experienced an increase in such incidents? If so, are those risks specific to NG911’s technical implementation? Can the proposed Do- Not-Call registry for PSAPs mitigate risks associated with NG911 services? Can solutions used to prevent cyberattacks through the PSAPs administrative broadband connections also prevent attacks through NG911? What is needed to ensure NG911 communications with PSAPs are legitimate traffic? 41. In 2020, the Communications Security, Reliability and Interoperability Council (CSRIC) submitted a report to the Commission regarding security risks and best practices for mitigation in 911 systems.57 For example, the report recommended that redundancy and resiliency, including elements of physical and logical diversity, be included in any NG911 cyber architecture plan;58 that basic security controls (such as basic cyber hygiene and education) be implemented in legacy 911 environments, regardless of organization size;59 and security controls should be implemented in their entirety where possible, and in phases where necessary.60 Is the report complete in its identification of security risks and best practices? What challenges, in addition to those discussed in the report, do PSAPs face in securing their operations? Are there additional best practices that PSAPs should consider adopting? What steps should the Commission take to aid in implementing best practices for PSAPs or otherwise promote cybersecurity in the PSAP environment? 42. And focusing on calls to PSAPs, should the Commission consider caller ID authentication methods such as STIR/SHAKEN as a means to enhance the security of PSAP operations or promote greater trust for calls to PSAPs and those associated with 911? Providers using STIR/SHAKEN assign calls an “attestation level” that signifies what they know about the calling party and its right to use the number shown in the caller ID.61 Does STIR/SHAKEN sufficiently mitigate the robocall threat to PSAPs by allowing service providers to screen illegitimate 911 calls, including 911 calls to PSAPs from 55 See, e.g., Cyberattack on Capital Region 911 concerns local officials, Adirondack Daily Enterprise (Aug. 19, 2021), https://www.adirondackdailyenterprise.com/news/local-news/2021/03/cyberattack-on-capital-region-911- concerns-local-officials/; Hackers Threaten to Release Police Records, Knock 911 Offline, PEW Stateline Article, Jenni Bergal (May 14, 2021), https://www.pewtrusts.org/en/research-and- analysis/blogs/stateline/2021/05/14/hackers-threaten-to-release-police-records-knock-911-offline; Hack of Baltimore's 911 dispatch system was ransomware attack, city officials say, Baltimore Sun, Kevin Rector (Mar. 28, 2018), https://www.baltimoresun.com/news/crime/bs-md-ci-hack-folo-20180328-story.html. 56 See, e.g., CISA, Protect your Center from Ransomware, https://www.cisa.gov/sites/default/files/publications/PSAP_Ransomware_Poster_template_v3%206.10.20%20%285 08%20Version%29.pdf (last visited Aug. 19, 2021). 57 See Communications Security, Reliability, And Interoperability Council VII, Report on Security Risks and Best Practices for Mitigation in 9-1-1in Legacy, Transitional, and NG 9-1-1 Implementations (Sept. 16, 2020), https://www.fcc.gov/files/csric7reportsecuirtyrisk-bestpracticesmitigation-legacytransitionalng911pdf. 58 Id. at 36. 59 Id. at 75-77. 60 Id. at 83. 61 See Second Caller ID Authentication Report and Order, 36 FCC Rcd at 1863-64, para. 10. 13 Federal Communications Commission FCC-CIRC2109-05 callers seeking to disguise their phone number or location information, more effectively?62 Can PSAPs use existing analytics, such as caller ID authentication, to help evaluate the trustworthiness of a call and caller? Do such analytics help PSAPs combat robocalling attacks better than a centralized database of PSAP numbers? If not, could additional STIR/SHAKEN standards, such as a unique attestation level, help distinguish between legitimate 911 calls and illegitimate calls from bad actors? Should we encourage standards bodies to define such standards to be deployed by providers? Should such an attestation framework distinguish 911 calls originated by non-service initialized devices, which bypass the typical authorization conducted by originating providers, from service-initialized 911 calls? 43. We recognize that legitimate calls may receive lower attestation levels and, at this stage of implementation progress across the voice network, legitimate calls may not be authenticated or the initial attestation may not reach the terminating provider. Can STIR/SHAKEN standards account for this issue and ensure that PSAPs using caller ID authentication do not negatively impact legitimate calls? Are there other technology developments or regulatory changes that would be required to facilitate the use of caller ID authentication technologies to support PSAP operations? 44. Digital Equity and Inclusion. Finally, the Commission, as part of its continuing effort to advance digital equity for all,63 including people of color and others who have been historically underserved, marginalized, and adversely affected by persistent poverty and inequality, invites comment on any equity-related considerations64 and benefits (if any) that may be associated with the proposals and issues discussed herein. Specifically, we seek comment on how our proposals may promote or inhibit advances in diversity, equity, inclusion, and accessibility. IV. PROCEDURAL MATTERS 45. Initial Regulatory Flexibility Certification. As required by the Regulatory Flexibility Act of 1980 (RFA),65 the Commission has prepared an Initial Regulatory Flexibility Analysis (IRFA) relating to this Further Notice of Proposed Rulemaking. The IRFA is contained in Appendix A. 46. Ex Parte Presentations—Permit-But-Disclose. This proceeding shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission’s ex parte rules.66 Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte was made, and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments 62 See STIR/SHAKEN Broadly Implemented Today (June 30, 2021), https://www.fcc.gov/document/stirshaken- broadly-implemented-starting-today. 63 Section 1 of the Communications Act of 1934 as amended provides that the FCC “regulat[es] interstate and foreign commerce in communication by wire and radio so as to make [such service] available, so far as possible, to all the people of the United States, without discrimination on the basis of race, color, religion, national origin, or sex.” 47 U.S.C. § 151. 64 We define the term “equity” consistent with Executive Order 13985 as the consistent and systematic fair, just, and impartial treatment of all individuals, including individuals who belong to underserved communities that have been denied such treatment, such as Black, Latino, and Indigenous and Native American persons, Asian Americans and Pacific Islanders and other persons of color; members of religious minorities; lesbian, gay, bisexual, transgender, and queer (LGBTQ+) persons; persons with disabilities; persons who live in rural areas; and persons otherwise adversely affected by persistent poverty or inequality. See Exec. Order No. 13985, 86 Fed. Reg. 7009, Executive Order on Advancing Racial Equity and Support for Underserved Communities Through the Federal Government (January 20, 2021). 65 5 U.S.C. § 603. 66 47 CFR §§ 1.1200 et seq. 14 Federal Communications Commission FCC-CIRC2109-05 already reflected in the presenter’s written comments, memoranda, or other filing in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with section 1.1206(b) of the Commission’s rules. In proceedings governed by section 1.49(f) of the Commission’s rules or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc, .xml, .ppt, searchable.pdf). Participants in this proceeding should familiarize themselves with the Commission’s ex parte rules. 47. Paperwork Reduction Act. This document contains proposed new or modified information collection requirements. The Commission, as part of its continuing effort to reduce paperwork burdens, invites the general public and the Office of Management and Budget (OMB) to comment on the information collection requirements contained in this document, as required by the Paperwork Reduction Act of 1995, Public Law 104-13. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), we seek specific comment on how we might further reduce the information collection burden for small business concerns with fewer than 25 employees. 48. Comment Filing Instructions. Pursuant to sections 1.415 and 1.419 of the Commission’s rules, 47 CFR §§ 1.415, 1.419, interested parties may file comments on or before the dates indicated on the first page of this document in CG Docket No. 12-129 and PS Docket No. 21-343. Comments may be filed using the Commission’s Electronic Comment Filing System (ECFS).67 . Electronic Filers: Comments may be filed electronically using the Internet by accessing the ECFS: http://apps.fcc.gov/ecfs/. . Paper Filers: Parties who choose to file by paper must file an original and one copy of each filing. If more than one docket or rulemaking number appears in the caption of this proceeding, filers must submit two additional copies for each additional docket or rulemaking number. . Filings can be sent by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission’s Secretary, Office of the Secretary, Federal Communications Commission. . Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701. U.S. Postal Service first-class, Express, and Priority mail must be addressed to 45 L Street NE, Washington, D.C. 20554. . Effective March 19, 2020, and until further notice, the Commission no longer accepts any hand or messenger delivered filings. This is a temporary measure taken to help protect the health and safety of individuals, and to mitigate the transmission of COVID-19. See FCC Announces Closure of FCC Headquarters Open Window and Change in Hand- Delivery Policy, Public Notice, DA 20-304 (March 19, 2020), https://www.fcc.gov/document/fcc-closes-headquarters-open-window-and-changes-hand- delivery-policy. 67 Electronic Filing of Documents in Rulemaking Proceedings, 63 Fed. Reg. 24121 (1998). 15 Federal Communications Commission FCC-CIRC2109-05 49. People with Disabilities. To request materials in accessible formats for people with disabilities (Braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer and Governmental Affairs Bureau at 202-418-0530 (voice). 50. Availability of Documents. Comments, reply comments, and ex parte submissions will be available via ECFS. Documents will be available electronically in ASCII, Microsoft Word, and/or Adobe Acrobat. When the FCC Headquarters reopens to the public, these documents will also be available for public inspection during regular business hours in the FCC Reference Center, Federal Communications Commission, 45 L Street NE, Washington, D.C. 20554. 51. Additional Information. For additional information on this proceeding, contact Richard D. Smith, Richard.Smith@fcc.gov or (717) 338-2797, of the Consumer and Governmental Affairs Bureau, Consumer Policy Division. V. ORDERING CLAUSES 52. Accordingly, IT IS ORDERED, pursuant to sections 4(i), 4(j), and 227 of the Communications Act of 1934, as amended, 47 U.S.C. §§ 154(i), 154(j), 227, and Section 6507 of the Middle Class Tax Relief and Job Creation Act of 2012, 47 U.S.C. § 1473, that this Further Notice of Proposed Rulemaking is hereby ADOPTED. 53. IT IS FURTHER ORDERED that, pursuant to applicable procedures set forth in sections 1.415 and 1.419 of the Commission’s Rules, 47 CFR §§ 1.415, 1.419, interested parties may file comments on the Further Notice of Proposed Rulemaking on or before 30 days after publication in the Federal Register, and reply comments on or before 45 days after publication in the Federal Register. 54. IT IS FURTHER ORDERED that the Commission’s Consumer and Governmental Affairs Bureau, Reference Information Center, SHALL SEND a copy of this Further Notice of Proposed Rulemaking, including the Initial Regulatory Flexibility Certification, to the Chief Counsel for Advocacy of the Small Business Administration. FEDERAL COMMUNICATIONS COMMISSION Marlene H. Dortch Secretary 16 Federal Communications Commission FCC-CIRC2109-05 APPENDIX A Initial Regulatory Flexibility Analysis 1. As required by the Regulatory Flexibility Act of 1980, as amended (RFA),1 the Commission has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the possible significant economic impact on a substantial number of small entities by the policies and rules proposed in this Further Notice of Proposed Rulemaking (FNPRM). Written public comments are requested on this IRFA. Comments must be identified as responses to the IRFA and must be filed by the deadlines for comments on the FNPRM provided on the first page of this document. The Commission will send a copy of the FNPRM, including this IRFA, to the Chief Counsel for Advocacy of the Small Business Administration.2 In addition, the FNPRM and IRFA (or summaries thereof) will be published in the Federal Register.3 A. Need for, and Objectives of, the Proposed Rules 2. Section 6507 of the “Middle Class Tax Relief and Job Creation Act” (Tax Relief Act)4 required the Commission to “initiate a proceeding to create a specialized Do-Not-Call registry” for Public Safety Answering Points (PSAPs)5 to protect them from unwanted or illegal robocalls and to issue associated regulations after providing the public with notice and an opportunity to comment. To fulfill this mandate, in 2012 the Commission adopted rules to establish a Do-Not-Call registry for telephone numbers used by PSAPs and to prohibit the use of “automatic dialing equipment” to contact those registered numbers for non-emergency purposes.6 B. Legal Basis 3. The proposed rules are authorized under sections 4(i), 4(j), and 227 of the Communications Act of 1934, as amended, 47 U.S.C. §§ 154(i), 154(j), 227, and section 6507 of the Middle Class Tax Relief and Job Creation Act of 2012, Pub. L. No. 112-96, 47 U.S.C. § 1473, 47 U.S.C. § 6507. C. Description and Estimate of the Number of Small Entities to Which the Proposed Rules Will Apply 4. The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that may be affected by the rules adopted herein.7 The RFA generally defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “small governmental jurisdiction.”8 In addition, the term “small business” has the 1 5 U.S.C. § 603. The RFA, see 5 U.S.C. § 601-612, has been amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA), Pub. L. No. 104-121, Title II, 110 Stat. 857 (1996). 2 5 U.S.C. § 603(a). 3 Id. 4 Middle Class Tax Relief and Job Creation Act of 2012, Pub. L. No. 112-96 § 6507 (2012) (Tax Relief Act) codified in relevant part at 47 U.S.C. § 1473. 5 See 47 U.S.C. § 1473(a). 6 See Implementation of the Middle Class Tax Relief and Job Creation Act of 2012, Establishment of a Public Safety Answering Point Do-Not-Call Registry, CG Docket No. 12-129, Report and Order, 27 FCC Rcd 13615 (2012) (PSAP DNC Order). 7 See 5 U.S.C. § 603(b)(3). 8 See id. § 601(6). 17 Federal Communications Commission FCC-CIRC2109-05 same meaning as the term “small-business concern” under the Small Business Act.9 A “small-business concern” is one which: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the SBA.10 5. In general, the Commission’s proposal to effectively prevent autodialed calls to PSAP numbers in a way that does not require granting certain entities direct access to lists of those numbers applies to a wide range of entities. The proposal would apply to all operators of automatic dialing equipment. Therefore, the Commission expects that the proposal in this proceeding, if adopted, could have a significant economic impact on a substantial number of small entities. Determining the precise number of small entities that would be subject to the proposal in this FNPRM, however, is not readily feasible. Below is a description of current data that are helpful in describing the number of small entities that might be affected by these proposed actions, if adopted. 6. Small Businesses, Small Organizations, Small Governmental Jurisdictions. Our actions, over time, may affect small entities that are not easily categorized at present. We therefore describe here, at the outset, three broad groups of small entities that could be directly affected herein.11 First, there are industry-specific size standards for small businesses that are used in the regulatory context. These types of small businesses represent 99.9% of all businesses in the United States, which translates to flexibility analysis, according to data from the Small Business Administration’s (SBA) Office of Advocacy. In general, a small business is an independent business having fewer than 500 employees.12 There are 30.7 million such businesses.13 7. Next, the type of small entity described as a “small organization” is generally “any not- for-profit enterprise which is independently owned and operated and is not dominant in its field.”14 The Internal Revenue Service (IRS) uses a revenue benchmark of $50,000 or less to delineate its annual electronic filing requirements for small exempt organizations.15 Nationwide, for tax year 2018, there were approximately 571,709 small exempt organizations in the U.S. reporting revenues of $50,000 or less according to the registration and tax data for exempt organizations available from the IRS.16 9 See id. § 601(3) (incorporating by reference the definition of “small-business concern” in the Small Business Act, 15 U.S.C. § 632). Pursuant to 5 U.S.C. § 601(3), the statutory definition of a small business applies “unless an agency, after consultation with the Office of Advocacy of the Small Business Administration and after opportunity for public comment, establishes one or more definitions of such term which are appropriate to the activities of the agency and publishes such definition(s) in the Federal Register.” 10 See 15 U.S.C. § 632. 11 See 5 U.S.C. § 601(3)-(6). 12 See SBA, Office of Advocacy, “What’s New With Small Business?”, https://cdn.advocacy.sba.gov/wp- content/uploads/2019/09/23172859/Whats-New-With-Small-Business-2019.pdf (Sept 2019). 13 Id. 14 5 U.S.C. § 601(4). 15 The IRS benchmark is similar to the population of less than 50,000 benchmark in 5 U.S.C § 601(5) that is used to define a small governmental jurisdiction. Therefore, the IRS benchmark has been used to estimate the number small organizations in this small entity description. See Annual Electronic Filing Requirement for Small Exempt Organizations — Form 990-N (e-Postcard), "Who must file," https://www.irs.gov/charities-non-profits/annual- electronic-filing-requirement-for-small-exempt-organizations-form-990-n-e-postcard. We note that the IRS data does not provide information on whether a small exempt organization is independently owned and operated or dominant in its field. 16 See Exempt Organizations Business Master File Extract (EO BMF), “CSV Files by Region,” https://www.irs.gov/charities-non-profits/exempt-organizations-business-master-file-extract-eo-bmf. The IRS Exempt Organization Business Master File (EO BMF) Extract provides information on all registered tax- exempt/non-profit organizations. The data utilized for purposes of this description was extracted from the IRS EO (continued….) 18 Federal Communications Commission FCC-CIRC2109-05 8. Finally, the small entity described as a “small governmental jurisdiction” is defined generally as “governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.”17 U.S. Census Bureau data from the 2017 Census of Governments18 indicate that there were 90,075 local governmental jurisdictions consisting of general purpose governments and special purpose governments in the United States.19 Of this number there were 36,931 general purpose governments (county,20 municipal, and town or township21) with populations of less than 50,000 and 12,040 special purpose governments - independent school districts22 with enrollment populations of less than 50,000.23 Accordingly, based on the 2017 U.S. Census of Governments data, we estimate that at least 48,971 entities fall into the category of “small governmental jurisdictions.”24 9. Telemarketing Bureaus and Other Contact Centers. This U.S. industry comprises establishments primarily engaged in operating call centers that initiate or receive communications for others—via telephone, facsimile, email, or other communication modes—for purposes such as (1) promoting clients’ products or services; (2) taking orders for clients; (3) soliciting contributions for a client; and (4) providing information or assistance regarding a client's products or services. These establishments do not own the product or provide the services they are representing on behalf of clients.25 BMF data for Region 1-Northeast Area (76,886), Region 2-Mid-Atlantic and Great Lakes Areas (221,121), and Region 3-Gulf Coast and Pacific Coast Areas (273,702) which includes the continental U.S., Alaska, and Hawaii. This data does not include information for Puerto Rico. 17 5 U.S.C. § 601(5). 18 See 13 U.S.C. § 161. The Census of Governments survey is conducted every five (5) years, compiling data for years ending with “2” and “7.” See also Census of Governments, https://www.census.gov/programs- surveys/cog/about.html. 19 See U.S. Census Bureau, 2017 Census of Governments – Organization Table 2. Local Governments by Type and State: 2017 [CG1700ORG02]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. Local governmental jurisdictions are made up of general purpose governments (county, municipal and town or township) and special purpose governments (special districts and independent school districts). See also Table 2. CG1700ORG02 Table Notes_Local Governments by Type and State_2017. 20 See id. at Table 5. County Governments by Population-Size Group and State: 2017 [CG1700ORG05]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. There were 2,105 county governments with populations less than 50,000. This category does not include subcounty (municipal and township) governments. 21 See id. at Table 6. Subcounty General-Purpose Governments by Population-Size Group and State: 2017 [CG1700ORG06]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. There were 18,729 municipal and 16,097 town and township governments with populations less than 50,000. 22 See id. at Table 10. Elementary and Secondary School Systems by Enrollment-Size Group and State: 2017 [CG1700ORG10]. https://www.census.gov/data/tables/2017/econ/gus/2017-governments.html. There were 12,040 independent school districts with enrollment populations less than 50,000. See also Table 4. Special-Purpose Local Governments by State Census Years 1942 to 2017 [CG1700ORG04], CG1700ORG04 Table Notes_Special Purpose Local Governments by State_Census Years 1942 to 2017. 23 While the special purpose governments category also includes local special district governments, the 2017 Census of Governments data does not provide data aggregated based on population size for the special purpose governments category. Therefore, only data from independent school districts is included in the special purpose governments category. 24 This total is derived from the sum of the number of general purpose governments (county, municipal and town or township) with populations of less than 50,000 (36,931) and the number of special purpose governments - independent school districts with enrollment populations of less than 50,000 (12,040), from the 2017 Census of Governments - Organizations Tables 5, 6, and 10. 25 U.S. Census Bureau, 2012 NAICS Definitions, 561422 Telemarketing Bureaus and Other Contact Centers, http://www.census.gov/cgi-bin/sssd/naics/naicsrch (last visited July 6, 2016). 19 Federal Communications Commission FCC-CIRC2109-05 The SBA has determined that Telemarketing Bureaus and other Contact Centers with $16.5 million or less in annual receipts qualify as small businesses.26 U.S. Census data for 2012 indicate that 2,251 firms in this category operated throughout that year. Of those, 2,014 operated with annual receipts of less than $10 million.27 We conclude that a substantial majority of businesses in this category are small under the SBA standard. 10. Wireless Telecommunications Carriers (except Satellite). This industry comprises establishments engaged in operating and maintaining switching and transmission facilities to provide communications via the airwaves. Establishments in this industry have spectrum licenses and provide services using that spectrum, such as cellular services, paging services, wireless internet access, and wireless video services.28 The appropriate size standard under SBA rules is that such a business is small if it has 1,500 or fewer employees.29 For this industry, U.S. Census Bureau data for 2012 show that there were 967 firms that operated for the entire year.30 Of this total, 955 firms employed fewer than 1,000 employees and 12 firms employed 1000 employees or more.31 Thus, under this category and the associated size standard, the Commission estimates that the majority of Wireless Telecommunications Carriers (except Satellite) are small entities. 11. Wired Telecommunications Carriers. The U.S. Census Bureau defines this industry as “establishments primarily engaged in operating and/or providing access to transmission facilities and infrastructure that they own and/or lease for the transmission of voice, data, text, sound, and video using wired communications networks. Transmission facilities may be based on a single technology or a combination of technologies. Establishments in this industry use the wired telecommunications network facilities that they operate to provide a variety of services, such as wired telephony services, including VoIP services, wired (cable) audio and video programming distribution, and wired broadband internet services. By exception, establishments providing satellite television distribution services using facilities and infrastructure that they operate are included in this industry.”32 The SBA has developed a small business size standard for Wired Telecommunications Carriers, which consists of all such companies having 1,500 or fewer employees.33 U.S. Census Bureau data for 2012 show that there were 3,117 firms 26 13 CFR § 121.201; 2012 NAICS code 561422. 27 2007 U.S. Economic Census, NAICs Code 561422, at http://factfinder.census.gov/faces/tableservices/jsf/pages/productview.xhtml?pid=ECN_2007_US_56SSSZ4&prodT ype=table. 28 See U.S. Census Bureau, 2017 NAICS Definition, “517312 Wireless Telecommunications Carriers (except Satellite)”, https://www.census.gov/cgi- bin/sssd/naics/naicsrch?input=517312&search=2017+NAICS+Search&search=2017. 29 See 13 CFR § 121.201, NAICS Code 517312 (previously 517210). 30 See U.S. Census Bureau, 2012 Economic Census of the United States, Table ID: EC1251SSSZ5, Information: Subject Series: Estab and Firm Size: Employment Size of Firms for the U.S.: 2012, NAICS Code 517210, https://data.census.gov/cedsci/table?text=EC1251SSSZ5&n=517210&tid=ECNSIZE2012.EC1251SSSZ5&hidePrev iew=false&vintage=2012. 31 Id. The available U.S. Census Bureau data does not provide a more precise estimate of the number of firms that meet the SBA size standard of employment of 1,500 or fewer employees. 32 See U.S. Census Bureau, 2017 NAICS Definition, “517311 Wired Telecommunications Carriers”, https://www.census.gov/cgi-bin/sssd/naics/naicsrch?code=517311&search=2017. 33 See 13 CFR § 120.201, NAICS Code 517311 (previously 517110). 20 Federal Communications Commission FCC-CIRC2109-05 that operated that year.34 Of this total, 3,083 operated with fewer than 1,000 employees.35 Thus, under this size standard, the majority of firms in this industry can be considered small. D. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements 12. The FNPRM proposes that registered PSAP telephone numbers be made available to voice service providers that will be required to block autodialed calls made to those numbers. Under this proposal, PSAPs will be permitted to register their telephone numbers on the PSAP Do-Not-Call registry. This will necessitate some administrative functions for those PSAPs, such as designating a representative to review, update, and upload their current telephone numbers to the registry. Such PSAPs will need to develop a process to verify on an annual basis that the registered numbers should continue to appear on the registry. 13. In addition, our rules already require autodialer operators seeking access to the PSAP registry to provide certain information, including “all outbound telephone numbers used to place autodialed calls.”36 The FNPRM proposes that autodialer operators continue to upload such numbers into the PSAP registry and update them regularly. 14. The FNPRM proposes that voice service providers will be provided with the registered PSAP and autodialer telephone numbers contained on the PSAP Do-Not-Call registry and will be required to block any calls that originate from a registered autodialer number when made to a registered PSAP telephone number. This will require voice service providers to develop, if they have not already done so, call blocking programs to ensure that any autodialed calls to PSAP numbers are blocked. E. Steps Taken to Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered 15. The RFA requires an agency to describe any significant alternatives that it has considered in reaching its proposed approach, which may include the following four alternatives (among others): (1) the establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance or reporting requirements under the rule for small entities; (3) the use of performance, rather than design, standards; and (4) an exemption from coverage of the rule, or any part thereof, for small entities.37 16. In the FNPRM, the Commission stated that it believes a call blocking approach to implementing the PSAP Do-Not-Call registry—one involving voice service providers—is more efficient, more secure, and less costly than granting autodialer operators with access to a centralized database of PSAP numbers and relying upon them to comply with the Commission’s rules. 17. Nevertheless, the FNPRM considers alternatives to requiring voice service providers to block autodialed calls and, for each alternative, the Commission requested comment on the costs and time frames required to implement the solutions discussed, including how to mitigate the impact on small businesses.38 18. Specifically, the FNPRM seeks comment on whether PSAPs themselves can deploy call 34 See U.S. Census Bureau, 2012 Economic Census of the United States, Table No. EC1251SSSZ5, Information: Subject Series - Estab & Firm Size: Employment Size of Firms: 2012. NAICS Code 517110. https://factfinder.census.gov/bkmk/table/1.0/en/ECN/2012_US/51SSSZ5//naics~517110. 35 Id. The largest category provided by the census data is “1000 employees or more” and a more precise estimate for firms with fewer than 1,500 employees is not provided. 36 47 CFR § 64.1202(d). 37 5 U.S.C. § 603(c). 38 FNPRM at para. 10. 21 Federal Communications Commission FCC-CIRC2109-05 blocking solutions and effectively block unwanted autodialed calls. It also considers whether requiring every autodialed caller to identify itself as an automated call using the Caller-ID information would allow PSAPs to block these calls more effectively. 19. In addition, the FNPRM considers allowing operators of autodialed calls to continue to access registered PSAP numbers. In that case, however, the Commission considers adopting more robust mechanisms or safeguards to effectively vet the identity of users who seek access to registered PSAP numbers to reduce the likelihood of providing access to those telephone numbers to bad actors that might misuse the numbers. The FNPRM also considers requiring callers to filter their autodialed calls through an app or software platform that would block autodialer equipment from making calls to registered PSAP numbers. 20. Finally, the FNPRM proposes as an alternative solution the use of the existing National Do-Not-Call Registry to protect PSAPs from unwanted calls.39 The FNPRM seeks comment on whether allowing PSAPs to register their telephone numbers on the National Do-Not-Call Registry would afford them a more timely, cost-effective, and secure solution to stop many unwanted calls while shielding the identity of the relatively small number of PSAP numbers by including them among the hundreds of millions of other telephone numbers already contained in that registry. 21. The Commission expects to consider the economic impact of these proposals on small entities, as identified in comments filed in response to the FNPRM and this IRFA, in reaching its final conclusions and taking action in this proceeding. F. Federal Rules that May Duplicate, Overlap, or Conflict with the Proposed Rules 22. None. 39 See Do-Not-Call Implementation Act, Pub. L. No. 108-10, 117 Stat. 557 (2003), codified at 15 U.S.C. § 6101; Rules and Regulations Implementing the Telephone Consumer Protection Act, CG Docket No. 02-278, Report and Order, 18 FCC Rcd 14014, 14028-65, paras. 16-85 (2003) (2003 TCPA Order), subsequent history omitted; 47 CFR § 64.1200(c) (same); Federal Trade Commission, Telemarketing Sales Rule, Final Rule, 68 Fed. Reg. 4580 (Jan. 29, 2003); see also PSAP DNC Order, 27 FCC Rcd at 13620, para. 11. 22