May 21, 2020 Ex Parte Ms. Marlene H. Dortch Secretary Federal Communications Commission 445 Twelfth Street, S.W. Washington, D.C. 20554 Re: Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), EB Docket No. 20-22 Dear Ms. Dortch: Protecting consumers from illegal robocalls is a top priority for USTelecom – The Broadband Association (“USTelecom”). Therefore, in response to the Public Notice (“Notice”) released by the Enforcement Bureau on April 20, 2020,1 USTelecom, in its role as the administrator of the Industry Traceback Group (“ITG”), is pleased to submit this Letter of Intent to the Enforcement Bureau (“Bureau”) to serve as the Registered Traceback Consortium (“Consortium”). As described in greater detail below, USTelecom satisfies the statutory requirements established in the TRACED Act,2 and the requirements adopted by the Federal Communications Commission (“Commission”) in its order establishing rules for the selection of the Consortium (“Consortium Order”).3 Specifically, USTelecom: 1) is a neutral third party; 2) is competent to manage private-led efforts to trace back the origin of suspected unlawful robocalls; and 3) maintains detailed written best practices in its ITG Policies and Procedures which also provide details on the management of the traceback process and participation in the ITG and tracebacks generally.4 1 Public Notice, Enforcement Bureau Requests Letters of Intent for Traceback Consortium, DA 20-430 (April 20, 2020) (“Notice”). 2 Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105, 133 Stat. 3274, § 13(d)(1), 133 Stat at 3287 (2019) (“TRACED Act”). 3 Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), Report and Order and Further Notice of Proposed Rulemaking, FCC 20-34 (released March 27, 2020) (“Consortium Order”). 4 See, Consortium Order, ¶¶ 11, 13; Notice, p. 2. A copy of the ITG’s policies and procedures are attached hereto as Appendix B. In accordance with the Notice, this Letter of Intent also includes an explanation of the management of the ITG (Section II), and an explanation of voice services’ participation in the ITG’s traceback efforts (Section III). See Notice, p. 2 (stating that a Consortium’s Letter of Intent must “include its written best practices, and an explanation By this Letter of Intent, USTelecom also certifies that, consistent with the requirements of the TRACED Act, the Consortium Order and the Notice: 1) USTelecom and the ITG’s efforts do and will focus on fraudulent, abusive or unlawful traffic consistent with Section 222(d) of the Communications Act of 1934, as amended (“the Act”);5 and 2) USTelecom will remain in compliance with the statutory requirements, conduct an annual review for compliance, and promptly notify the Commission of any changes that reasonably bear on its certification.6 A signed certification regarding each of these components is attached hereto as Appendix A. This Letter of Intent is organized in the manner set forth in the Notice and the Consortium Order. Section I provides an overview and history of USTelecom’s creation and management of the ITG; Section II discusses USTelecom’s operation of the ITG in a neutral manner; and Section III demonstrates USTelecom’s effective and competent management of the traceback process. Related attachments are also attached in an accompanying Appendix. I. Overview and History of the Industry Traceback Group USTelecom administers the ITG, which is a collaborative effort of voice service providers from across the wireline, wireless, voice over Internet protocol (VoIP) and cable industries that actively and dynamically trace and identify the source of illegal robocalls. The ITG currently has 39 voice service provider members whose operations are guided by detailed written policies and procedures (“ITG Policies and Procedures”).7 A copy of the ITG Policies and Procedures are attached hereto as Appendix B. The ITG’s mission is to identify the source of illegal and unwanted robocalls, and to provide this information to voice providers and government agencies, each of which can take different and tailored actions to mitigate illegal robocalls. Ultimately, the ITG’s main objective is to identify the origin of illegal robocall campaigns and stop their origination at the source – the most effective way to prevent such calls from ever being received by consumers. Through its administration of the ITG, USTelecom also seeks to educate voice service providers by arming them with important information about illegal robocalls. This educational outreach enables voice providers to prevent such calls from originating on their networks, or from transiting their networks if the calls are coming into the United States via their network. USTelecom has long sought to operate the ITG in a results-driven process. USTelecom seeks to thereof, regarding management of its traceback efforts and regarding providers of voice services’ participation in the consortium’s traceback efforts.”). 5 47 U.S.C. § 222(d)(2). 6 Notice, p. 2. 7 USTelecom’s Industry Traceback Group, Policies and Procedures, January, 2020 (available at https://www.ustelecom.org/wp-content/uploads/2020/02/USTelecom_ITG-Policies-and- Procedures_Jan-2020.pdf) (visited May 19, 2020) (“ITG Policies and Procedures”). 2 educate industry stakeholders so that a broad range of voice providers can take necessary actions as appropriate to mitigate illegal robocall campaigns. USTelecom also assists enforcement agencies at the federal and state level by sharing traceback data with these agencies who rely on the information and mitigate illegal robocall campaigns through enforcement actions. While the ITG regularly shares information with the government as appropriate, the ITG’s actions are industry-led. The ITG is not an agent of the government. The concept of the ITG started in June of 2015, when USTelecom formed a Robocall Engineering Working Group (“Working Group”).8 USTelecom invited its voice service provider members to participate in this Working Group with the goal of easing and simplifying the process of tracing the origins of robocalls. The Working Group built its efforts on the Act’s statutory mechanism under Section 222(d)(2) that permits the sharing of certain network intelligence among carriers to “protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to” such services.9 Recognizing that the sharing of information about fraudulent, abusive, or unlawful robocalls among its participants is permitted by the Act and could lead to the successful thwarting and mitigation of unwanted and illegal phone traffic, the Working Group got to work. In May of 2016, USTelecom felt it would be beneficial for wide-scale industry participation, and to include a diverse coalition of service providers from outside of USTelecom’s membership in these robocall mitigation efforts. USTelecom therefore developed a framework for participation and governance and began to invite numerous service providers to participate in traceback efforts. By October, 2016, the membership in the ITG increased to 11 companies, and USTelecom subsequently met its publicly stated goal of doubling ITG membership from 11 to 22 by July 31, 2017.10 Today, the ITG has grown and evolved into a voluntary consortium of 39 members from across the communications landscape, including wireline, wireless, cable, VoIP, and wholesale providers. Participation in the ITG is open at no cost to any voice service provider that is committed to ending the illegal robocall challenge in compliance with the Policies and Procedures of the ITG. A full listing of its members is attached to this Letter of Intent as 8 See, Industry Robocall Strike Force Report, April 28, 2017, p. 19 (available at https://www.fcc.gov/file/12311/download) (visited May 19, 2020) (“2017 Strike Force Report”). 9 47 U.S.C § 222(d)(2). 10 See, Robocall Strike Force Report, October 26, 2016, p. 33 (available at https://transition.fcc.gov/cgb/Robocall-Strike-Force-Final-Report.pdf) (visited May 19, 2020) (“2016 Strike Force Report”). 3 Appendix C.11 Moreover, any provider, whether a member of the ITG or not, can participate in a traceback, and to date over 250 entities have supported such efforts. As a result of the growing recognition of the effectiveness of tracebacks and the ITG in particular, and advancements in the methods and technology used by the ITG, the number of tracebacks conducted has steadily increased. In 2018 the ITG conducted approximately 20 tracebacks per month, but by 2019, the average number of tracebacks increased substantially to approximately 110 per month. By April 2020, the ITG has already conducted more than 800 tracebacks. With additional technology investments in the ITG’s traceback platform, and regular improvements being made to ITG information sharing capabilities, the traceback process continues to advance. II. USTelecom Satisfies the Criteria for the Consortium to be a Neutral Third Party The Commission outlines several principles it will use to determine the neutrality of an applicant to serve as the Consortium. In general, as explained by the Commission, a Consortium’s neutrality could be demonstrated by: 1) an explanation of how it will allow voice service providers to participate in an unbiased, nondiscriminatory, and technology-neutral manner;12 and 2) ensuring that its participation framework prohibits bias in favor or against any industry segment.13 As discussed in greater detail below, USTelecom operates the ITG in a neutral manner, and therefore satisfies the neutrality requirement for the Consortium. A. USTelecom Manages the ITG in an Unbiased, Nondiscriminatory, and Technology- Neutral Manner by Allowing All Voice Service Provider to Participate in the Traceback Process. Long before the Consortium’s neutrality was enshrined by Congress in the TRACED Act, USTelecom administered the ITG in an unbiased, non-discriminatory, and technology-neutral manner, and will continue to do so.14 Then, as now, USTelecom recognized ridding consumers of the scourge of illegal robocalls required an ‘all hands on deck’ approach that could only succeed through broad industry participation. In addition to its established practice of neutrality, USTelecom’s ITG Policies and Procedures are structured to enshrine these critical components in its governance framework. USTelecom agrees with the Commission’s conclusion in the Consortium Order that openness and neutrality “will encourage broad voice service provider participation,” which is “necessary to fulfill the fundamental purpose of traceback—timely and successfully finding the 11 A listing of the ITGA members is also available at USTelecom’s website. See, USTelecom website, The USTelecom Industry Traceback Group (ITG) (available at https://www.ustelecom.org/the-ustelecom-industry-traceback-group-itg/) (visited May 19, 2020). 12 Consortium Order, ¶ 16. 13 Id., ¶ 17. 14 2017 Strike Force Report, p. 19. 4 origin of suspected unlawful robocalls that traverse multiple voice service providers’ networks.”15 Recognizing the importance of broad support, USTelecom in May, 2016, “felt it would be beneficial for wide-scale industry participation, and to include service providers from outside of USTelecom’s membership in these robocall mitigation efforts.”16 To further this important goal, USTelecom “therefore developed a framework for participation and governance and began to invite numerous service providers to participate in traceback efforts.”17 Despite the significant expansion of the ITG beyond its association members, requiring the daily engagement of several USTelecom professional staff members, USTelecom solely funded the ITG operations between 2016 and 2019, and did not seek external funding from other industry participants. Although USTelecom fully funded these efforts, it operated the ITG in an entirely neutral manner, as evidenced by the substantial growth in ITG membership – nearly all of which was from non-USTelecom members – during that time. Even when the growing costs to operate the ITG at the scale necessary to meet industry and government demands necessitated external funding this year, USTelecom only sought voluntary contributions from ITG members. USTelecom’s ITG Practices and Procedures also clearly delineate the non-discriminatory and technology neutral manner in which membership in the ITG is determined.18 As a threshold matter, any company that will commit to adhere to the ITG Policies and Procedures is able to join the ITG. The ITG is further comprised of two membership groups consisting of ITG Steering Committee Members and ITG Affiliate Members.19 In addition to these two general membership categories, an Executive Committee is responsible for determining the overall direction and activities of the ITG as described below.20 ITG Steering Committee Members implement the policies and procedures governing the operational aspects of the ITG and industry tracebacks.21 Any ITG Affiliate Member can become an ITG Steering Committee Member if they demonstrate consistent compliance with the ITG Practices and Procedures and provide a voluntary contribution to cover the costs of the ITG.22 As more and more companies sought to join the ITG over time, founding ITG members determined it was necessary to establish a second affiliate category of membership to ensure that these newcomers, many of whom are not companies that existing ITG members have a 15 Consortium Order, ¶ 16. 16 2017 Strike Force Report, p. 19 (emphasis added). 17 Id. 18 ITG Policies and Procedures, pp. 5 – 6. 19 Id. 20 Id., p. 6. 21 Id., p. 5. 22 Id. 5 relationship with, are committed to complying with the policies of the ITG. Indeed, some companies that have been identified as the originating voice service provider or the U.S. point of entry for multiple illegal calling campaigns have sought to join the ITG. The ITG does not permit such companies to join the ITG unless and until they sufficiently demonstrate compliance with ITG Policies and Procedures.23 The Commission recognizes the importance of this flexibility, finding that “the consortium should have flexibility to control participation when appropriate” and that while the Registered Consortium “must allow voice service providers’ participation in an unbiased, non-discriminatory, and technology-neutral manner…it does not require that the consortium permit indiscriminate participation by any entity, nor prohibit the consortium from denying or restricting participation where there is a valid reason to do so.”24 Moreover, any voice provider can become a member of the ITG, regardless of whether they provide financial support, and any voice service provider can participate in a traceback – and is encouraged to do so – regardless of whether they are an ITG member. Ultimately, participation in the ITG is open to all manner of voice service providers, regardless of their underlying technology or industry, and irrespective of their level of contribution to the costs of the effort. USTelecom’s neutrality in operating the ITG is evident through the diversity of its membership. Notably, many voice service providers representing all sectors of the telephone calling ecosystem have been long-standing members of the ITG, which further underscores USTelecom’s adherence to neutrality principles. B. USTelecom’s Participation Framework for the ITG Prohibits Bias in Favor of, or Against, Any Industry Segment. USTelecom has structured the participation framework for the ITG to prevent bias in favor of, or against any particular industry segment.25 The ITG Policies and Procedures are explicit in establishing a participation framework that is both technology neutral and industry agnostic. In its Consortium Order, the Commission interpreted the statutory requirement that the Consortium be neutral “to mean that it must allow voice service providers’ participation in an unbiased, non-discriminatory, and technology-neutral manner, thereby prohibiting bias in 23 While the ITG will deny membership to an applicant that is unwilling or unable to follow its policies and procedures in good faith, ITG membership alone is not a certification that a service provider is a “good actor” and should not create a presumption that a service provider has sufficient procedures in place to prevent or mitigate illegal robocalls. 24 Consortium Order, ¶ 17 (“For example, a voice service provider that carries voluminous suspected unlawful robocalls might attempt to join the consortium to gain insight into ways to evade traceback efforts. Allowing such an entity access to the consortium could undermine or even defeat the consortium’s traceback efforts—and defeat Congress’s purpose in enacting the statute”). 25 The ITG periodically examines the framework in which it operates to ensure the most effective structure is in place to meet its objectives. 6 favor or against any industry segment.”26 At a minimum, USTelecom meets this standard since any voice service provider can participate in call tracebacks under the ITG framework.27 Moreover, any voice service provider can become an ITG Affiliate Member by satisfying four basic criteria that are technology and industry agnostic.28 Although designation as an ITG Steering Committee Member includes more requirements, the criteria are similarly technology and industry agnostic. Moreover, the fact that current ITG members include voice service providers from every major industry sector is testament to USTelecom’s established framework allowing “participation in an unbiased, non-discriminatory, and technology neutral manner.”29 As reflected in Appendix C, ITG members include representatives from a diverse range of industries, including the wireline, wireless, cable and wholesale industries. Consistent with the Consortium Order, the ITG Policies and Procedures adequately demonstrate “internal structural, procedural, and administrative mechanisms, as well as other operational criteria” that “do not result in an overall lack of neutrality.”30 For example, USTelecom’s neutrality is evident in the fact that ITG Steering Committee and Affiliate members, and the ITG Executive Committee, each include representatives from a diverse range of industries. USTelecom established the two membership tiers and the Executive Committee to ensure process integrity to the ITG’s overall traceback efforts. The continued membership growth in the ITG, along with USTelecom’s ongoing development of, and innovations to, the evolving traceback process, necessitated a flexible and responsive management structure. USTelecom’s funding mechanisms also have always been structured in such a way as to avoid bias in favor or against any industry sector. For example, even when USTelecom solely funded the ITG operations between 2016 and 2019, it nevertheless operated the ITG in a fully open, transparent and neutral manner. Such neutrality was readily apparent from the rapid and diverse growth in ITG membership during that time. Moreover, even when USTelecom sought financial contributions to help cover the costs of the ITG in 2020 in order to operate the 26 Id. 27 ITG Policies and Procedures, p. 6. 28 Specifically, any voice service provider can become an ITG Affiliate Member by meeting each of the following four criteria: 1) be a Cooperative Voice Service Provider; 2) participate in quarterly scheduled ITG Member calls; 3) fully comply with the ITG Policies and Procedures; and 4) sign a statement of intent to adopt and follow the best practices listed in the sections below. ITG Policies and Procedures, p. 6. The ITG Policies and Procedures also define a “Cooperative Voice Service Provider” as a “voice service provider committed to protecting networks and consumers from fraudulent and abusive robocall traffic,” and one that “must agree to, and abide by, [the ITG Policies and Procedures].” Id., p. 2. 29 Consortium Order, ¶ 17. 30 Consortium Order, ¶ 18. 7 ITG at the scale necessary to meet industry and government demands, USTelecom only sought voluntary contributions from ITG members. Based on this contribution mechanism, USTelecom also established an Executive Committee which includes a wide cross-section of participants representing a variety of technologies, industry segments, and associational memberships.31 Notably, of the 13 companies on the ITG Executive Committee, six are not members of USTelecom. The Executive Committee meets monthly and provides direction to USTelecom to ensure that the governance and operation of the ITG are conducted in an unbiased, non- discriminatory and neutral manner that prohibits bias in favor of, or against any industry segment. For these reasons, USTelecom’s management of the ITG satisfies the Commission’s neutrality requirement. III. USTelecom is Competent to Manage the Private-led Traceback Efforts of the Consortium In its Consortium Order, the Commission outlined several criteria it would use to determine the competence of an applicant to act as the Consortium. The Commission concluded that the Consortium must be able to: 1) effectively and efficiently manage a traceback process; 2) successfully identify the origin of suspected unlawful robocalls that traverse multiple voice service providers’ networks in a timely manner; 3) work cooperatively and collaboratively with industry and government agencies; and 4) conform to applicable legal requirements, such as requirements regarding confidentiality and legal processes.32 As discussed in greater detail below, USTelecom amply satisfies each of these criteria. A. USTelecom Effectively and Efficiently Manages the ITG Traceback Process. USTelecom administers the private-led traceback efforts of the ITG in an effective and efficient manner. In addition to its longstanding expertise in such activities, USTelecom also achieves this through adherence to its comprehensive ITG Policies and Procedures. Earlier versions of the Policies and Procedures, including a fairly significant update in 2019, were available to all ITG members. The current version of the ITG Policies and Procedures, which are attached hereto as Exhibit B were published on the USTelecom website in January 2020. Regular updates to the Policies and Procedures are necessary as the industry and USTelecom learn more about the practices of those making and enabling illegal robocalls and how industry can most effectively mitigate such practices. The ITG Policies and Procedures address a broad range of issues essential to the effective execution of private-led traceback efforts. They include detailed information regarding membership categories, traceback processes and best practices, and sourcing policies for initiating tracebacks. In addition, given the nature of the information involved with the traceback process, the ITG Policies and Procedures also include detailed information regarding the privacy of call traceback information, the ITG’s record retention policy, and the procedures for handing off traceback 31 The ITG Executive Committee consists of Steering Committee members that support the ITG as Platinum, Gold or Silver-level supporters or USTelecom members that support the ITG as Platinum, Gold, Silver or Bronze-level supporters. 32 Id., ¶ 21. 8 information to federal and state enforcement agencies. Some of the more relevant policies and procedures are discussed in greater detail below. Details on each of the topics can be found in the attached Policies and Procedures. The ITG’s Diverse Membership. The makeup of the ITG membership and the ability and desire for every voice service provider (regardless of their status as an ITG member) to participate in tracebacks, is described in detail above for purposes of demonstrating neutrality. It is also important to note that the growing and diverse membership of the ITG, and the expanding number of companies participating in tracebacks, is essential for ensuring the ITG’s competence in managing private-led traceback efforts. This neutrality, openness, and diversity are core reasons for our continuing success. The ITG Maintains a Comprehensive Sourcing Policy. The ITG Policies and Procedures also include detailed information regarding the sourcing of suspected illegal robocalls for traceback by the ITG.33 The principal goal of this sourcing policy is to ensure that any tracebacks launched by USTelecom are initiated in good faith for the purpose of identifying the source of illegal and/or fraudulent traffic and providing information to industry and government traceback participants to mitigate fraudulent and unlawful robocalls, thereby satisfying the requirements of Section 222(d)(2) of the Act. USTelecom’s sourcing for traceback efforts are guided by the following principles established for the ITG. USTelecom will only share a traceback request with the ITG if: 1) a credible and verifiable source is providing information regarding the Traceback Candidate; 2) the nature of the traffic associated with any traceback is deemed by USTelecom staff to be fraudulent, abusive, or unlawful; and 3) initiation of the traceback warrants utilization of the ITG’s valuable resources.34 Provided that such information is in compliance with the exemption under Section 222(d)(2) of the Act, the ITG Policies and Procedures sourcing policy permits the referral of traceback candidates from four general areas: 1) ITG Steering Committee Members; 2) analytics providers; 3) federal and state enforcement authorities; and 4) entities whose identities are being illegally used in robocall campaigns. Prior to initiating any traceback, due diligence is conducted by USTelecom staff. The ITG Operates Efficiently Through a Secure Traceback Portal to Manage Tracebacks. USTelecom manages a secure online portal to facilitate tracebacks and the identification of illegal robocall originators. The portal can be accessed by any ITG member and other voice service providers that register through the system. Data contained in the portal is 33 Id., pp. 11 – 12. 34 ITG Policies and Procedures, p. 11. Recognizing that there are billions of illegal robocalls made every month, the ITG does not traceback every single suspected robocall of which it is made aware. Instead, the ITG focuses on calls that are representative of the highest-volume on-going illegal calling campaigns or representative of on-going serious fraud or threat to life or property. 9 highly compartmentalized such that each individual voice service provider accessing the portal can only access call data information specifically associated with their particular company. The portal is designed to send automated messages to each voice service provider that falls within the call path of any given traceback, starting with the terminating voice service provider. The message includes the call details from downstream voice service providers, and a secure link that logs the user into the portal where they add specific details on the upstream voice service provider that transited the call. The link included in the traceback request leads directly to a form where the identity of the next upstream voice service provider, or the source of the party making the calls, is entered. The Portal maintains information on illegal campaigns (i.e. social security impersonation scams, credit card scams, healthcare scams), with information divided into individual traceback incidents and information on each “hop” associated with individual incidents. B. USTelecom Executes Tracebacks in a Timely and Accurate Manner. USTelecom’s management of the ITG over the last several years has consistently demonstrated its ability to execute private-led tracebacks in a timely and accurate manner. Since establishing the ITG in 2016, USTelecom has dramatically increased the volume, speed and accuracy of its traceback process. In 2018, the ITG conducted approximately 20 tracebacks per month, but by 2019, the average number of tracebacks increased substantially to approximately 110 per month – representing over 1,000 individual traceback efforts over the course of a single year.35 By April, 2020, the ITG has already conducted more than 800 tracebacks, with a record number resulting in the identification of the party responsible for placing the traced call. Each of these individual tracebacks reflect robocall campaigns responsible for tens of millions of illegal calls. Beyond the sheer volume of the ITG’s traceback efforts, the overall process has consistently worked effectively, and has substantially improved over the years. As early as 2018, the Commission’s Enforcement Bureau and Chief Technology Officer stated that “USTelecom’s creation and continued operation of the [ITG] has been instrumental in helping the Commission to achieve” its goal of “taking swift action” against those who engage in illegal robocalls and illegal spoofed calls.36 The Enforcement Bureau further stated that over the “course of the two years that the [ITG] has been in operation, the amount of time necessary to conduct a traceback investigation from start to finish has shrunk from months to weeks.”37 Today, the ITG is regularly able to identify the source of illegal calls, including international 35 USTelecom Industry Traceback Group, 2019 Progress Report, p. 5, January 28, 2020 (available at https://www.ustelecom.org/wp- content/uploads/2020/01/USTelecom_ITG_2019_Progress_Report.pdf) (visited May 19, 2020). 36 See, Letter from Rosemary C. Harold, Chief, Enforcement Bureau, FCC, and Eric Burger, Chief Technology Officer, FCC, to Jonathan Spalter, President & CEO, USTelecom – The Broadband Association, p. 1 (Nov. 6, 2018) (available at https://docs.fcc.gov/public/attachments/DOC- 354942A2.pdf) (visited May 19, 2020). 37 Id. 10 entities, within hours thanks to the growing cooperation and timely responsiveness of all traceback participants, increased resources devoted to the issue by USTelecom and ITG members, and the technology upgrades and enhancements that continue to be made. More recently, USTelecom’s effective management of the ITG has been acknowledged in multiple federal and state enforcement actions, including those executed by the Federal Trade Commission (“FTC”), the Department of Justice (“DOJ”) and the Ohio Attorney General. In one notable example, USTelecom played an instrumental role in the DOJ’s securing a preliminary injunction against a gateway provider that “carried astronomical numbers of robocalls.” Specifically, the DOJ alleged that the defendants “carried 720 million calls during a sample 23-day period,” and that many of those calls “were fraudulent and used spoofed (i.e., fake) caller ID numbers.”38 Finally, just last month, the FCC and FTC jointly sent letters to several voice service providers facilitating COVID-19-related scam robocalls originating overseas stating that they must cut off these calls or face serious consequences.39 The Commissions also wrote to USTelecom, on behalf of the ITG, expressing gratitude for the ITG’s prompt response to identify and mitigate fraudulent robocalls that are taking advantage of the COVID- 19 pandemic. They stated that “the work of the USTelecom Industry Traceback Group is essential to combatting the deluge of unlawful robocalls and protecting consumers and is particularly vital in swiftly identifying scammers who attempt to defraud consumers during the COVID-19 disease outbreak.”40 Much of the information on which all of the above actions relied came as a direct result of ITG tracebacks. Due to ITG tracebacks, major outlets and threat vectors for illegal callers are being dismantled. This is consistent with USTelecom’s longstanding philosophy on robocalls that “while a holistic approach is essential to broadly address the issue of robocalls, robust enforcement efforts targeting illegal robocallers are most effective since they address the activity at the source . . . root-cause removal stops millions of calls from ever being sent.”41 A 38 See Department of Justice Press Release, The Department of Justice Files Actions to Stop Telecom Carriers Who Facilitated Hundreds of Millions of Fraudulent Robocalls to American Consumers, January 28, 2020 (available at https://www.justice.gov/opa/pr/department-justice- files-actions-stop-telecom-carriers-who-facilitated-hundreds-millions) (visited May 19, 2020). 39 See Federal Communications Commission Press Release, FCC, FTC Demand Gateway Providers Cut Off Robocallers Perpetrating Coronavirus-Related Scams From United States Telephone Network, April 30, 2020 (available at https://www.fcc.gov/document/fcc-ftc-demand-gateway- providers-cut-covid-19-robocall-scammers) (visited May 19, 2020). 40 See, Letter from Rosemary C. Harold, Chief, Enforcement Bureau, FCC, and Lois Greisman, Associate Director, Division of Marketing Practices, FTC, to Jonathan Spalter, President & CEO, USTelecom – The Broadband Association, p. 1 (Apr. 3, 2020) (available at https://docs.fcc.gov/public/attachments/DOC-363522A2.pdf) (visited May 19, 2020). 41 Testimony of Kevin Rupy, Vice President, Law and Policy, USTelecom, before The U.S. Senate Committee on Commerce, Science, and Transportation, Hearing, Abusive Robocalls and How We Can Stop Them, pp. 4 – 5, April 18, 2018 (available at 11 summary of state and federal enforcement actions supported by the ITG is included in Appendix D. Equally, if not more important than these enforcement actions, is the fact that voice service providers who become aware through the ITG traceback process that their network or platform is being used to originate or serve as a gateway for illegal robocalls are increasingly shutting off access to the illegal callers. Whether through enforcement actions or the direct actions of voice service providers responding to tracebacks, the process is working. C. USTelecom and the ITG Work Cooperatively and Effectively with Other Industries and Government Stakeholders. Consistent with the criteria established in the Consortium Order, USTelecom also works cooperatively and effectively with multiple industry and government stakeholders. In addition to its diverse ITG membership, USTelecom’s industry collaboration extends well beyond the communications industry. In just one example, USTelecom recognized early on the unique role that the ITG could play in combatting fraud. In 2017, USTelecom therefore partnered with the Utilities United Against Scams (UUAS) organization to combat utilities related fraud. Working through this partnership with other industry stakeholders, USTelecom assisted in shutting down more than 500 toll-free numbers set up by criminals to impersonate utility customer care centers.42 USTelecom conducts regular outreach to other consumer-oriented organizations as well to provide information on industry efforts to combat illegal robocalls and to find potential areas for collaboration. In the government context, USTelecom and the ITG have a long and well-established track record of working cooperatively with multiple federal and state agencies to combat illegal robocalls. For example, FCC Chairman Ajit Pai publicly acknowledged that the ITG “has been particularly helpful in making sure that we quickly trace scam robocalls to their originating source” and referred to the ITG as an “important ally in promoting broad industry participation in these traceback efforts.”43 In addition to working with the Commission, the FTC, and DOJ, USTelecom and ITG members have also worked collaboratively and effectively with a broad range of other federal and state government agencies, including the Treasury Inspector General for Tax Administration (“TIGTA”), the Internal Revenue Service (“IRS”), the Social Security Administration and numerous state Attorneys General. In 2017, the ITG coordinated with both the IRS and TIGTA to implement a do not originate (“DNO”) initiative that substantially reduced the ability of illegal robocallers to spoof https://www.commerce.senate.gov/services/files/322B302A-8077-4BEE-8913-EDAB23CB9E0A) (visited May 19, 2020). 42 Duke Energy website, How utilities united to fight scammers, November 10, 2017 (available at https://illumination.duke-energy.com/articles/how-utilities-united-to-fight-scammers) (visited May 19, 2020). 43 See Remarks from Ajit Pai, Chairman, FCC, USTelecom Forum: Turning the Tide on Illegal Robocalls (June 11. 2019) (available at https://docs.fcc.gov/public/attachments/DOC- 357911A1.pdf) (visited May 19, 2020). 12 outbound numbers associated with the IRS. At the state level, in August, 2019, USTelecom and numerous ITG members coordinated with state Attorneys General in establishing eight anti- robocall principles for voice service providers.44 Every state Attorney General in the United States signed on to the principles, including principles that specifically recognize the importance of the traceback process and explicitly call for cooperation with the ITG. More recently, on behalf of 52 state Attorneys General, the National Association of Attorneys General (“NAAG”) sent a letter to USTelecom and the ITG asking for continued and expanded collaboration with state Attorneys General.45 The letter highlights that “to date, multiple state Attorneys General have issued subpoenas or civil investigative demands to the ITG and received valuable information for their investigations. In short, the partnership between the ITG and the state Attorneys General is a crucial one, and we endeavor to strengthen it.”46 The state Attorneys General make clear that they “contemplate increases in our issuances of subpoenas or civil investigative demands directly to the ITG for tracebacks” and call on the ITG to “continue to expand its capabilities related to tracebacks...” USTelecom welcomes these cooperative initiatives. USTelecom has also organized and hosted collaborative workshops focused on the topic of preventing illegal robocalls, including events where government enforcement agencies at the state and federal level meet with industry stakeholders to share critical information and to discuss increased cooperation. Many federal and state agencies have publicly acknowledged the crucial role that the ITG has played in various enforcement efforts, and several of these acknowledgements are attached hereto as Exhibit E. D. USTelecom Ensures that the ITG Conforms to Legal Requirements Finally, USTelecom is well versed in the various legal requirements associated with the operation of the Consortium. The ITG Policies and Procedures have detailed guidelines regarding several aspects related to conformance with legal requirements, including the privacy of call traceback information, record retention policies, and detailed instructions regarding enforcement agency handoffs. For example, the ITG Policies and Procedures provide specific details regarding how the ITG exchanges varying degrees of information with state and federal enforcement agencies 44 Anti-Robocall Principles (available at https://ncdoj.gov/download/141/files/19699/state-ags- providers-antirobocall-principles-feb-2020-with-signatories) (visited May 19, 2020). 45 National Association of Attorneys General website, 52 Attorneys General Join Effort to Expand Illegal Robocall Response, May 4, 2020 (available at https://www.naag.org/naag/media/naag- news/52-Attorneyes-general-join-effort-to-expand-illegal-robocall-response.php) (visited May 19, 2020) (“NAAG Letter”). 46 NAAG Letter at 1-2. 13 subject to certain protocols.47 At the most basic level, USTelecom maintains and operates an information sharing ListServ resource for federal and state government agencies responsible for robocall enforcement. Participating agencies receive information pertaining to illegal robocall campaigns for which calls have been traced back by the ITG. The ListServ provides information on active robocall campaigns for which tracebacks are being conducted by the ITG and serves as a resource to ensure coordination among government agencies. USTelecom sends notifications of summary reports as robocall tracebacks are completed or come to a dead-end. USTelecom will only turn over more detailed information (including customer proprietary network information (“CPNI”) and call detail records) subject to a subpoena, or similar legal process.48 The seriousness with which USTelecom treats this information is further evident in its processing of government subpoenas and Civil Investigative Demands (“CIDs”). USTelecom has been pleased to work directly with numerous state Attorneys General and has responded to multiple subpoenas and CIDs related to ITG tracebacks. In 2019, USTelecom responded to over 20 subpoenas and CIDs from federal and state enforcement agencies. As of April 2020, USTelecom has already responded to 37 subpoenas and CIDs. IV. Conclusion USTelecom appreciates this opportunity to be considered for the role of the Consortium, and to continue its work advancing innovative solutions and partnerships in the global fight against illegal robocall scams. Protecting consumers is a top priority for USTelecom and the members of the ITG, which is why USTelecom launched, and we are so proud to administer, the ITG. USTelecom satisfies each of the criteria identified by the Commission in its Consortium Order and Notice, and it stands prepared to fulfill this critical role in the ongoing battle against illegal and unwanted robocalls. 47 ITG Policies and Procedures, pp. 12 – 13. 48 Id., p. 16, Appendix A. 14 Please let us know if you have any questions or need additional information. Sincerely, ________________________ Patrick Halley Senior Vice President, Policy & Advocacy Jessica Thompson Manager, Policy & Advocacy cc: Kristi Thompson (via email) Attachments/Appendix Appendix A: USTelecom Certifications Appendix B: Industry Traceback Group Policies and Procedures Appendix C: Industry Traceback Group Members Appendix D: Summary of Federal and State Enforcement Actions Supported by Traceback Information from the Industry Traceback Group 15 Appendix A USTelecom Certifications CERTIFICATION FOR TRACEBACK CONSORTIUM The following certifications are submitted to the Federal Communications Commission (“Commission”) consistent with the requirements established in the Report and Order and Further Notice of Proposed Rulemaking (FCC 20-34) released by the Commission on March 27, 2020 (“Report and Order”); and the Public Notice released by the Commission’s Enforcement Bureau (DA 20-340) on April 20, 2020 (“Public Notice”). The Report and Order set forth the Commission’s rules for the registration process for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls (“Consortium”). As set forth in the Report and Order and the Public Notice, the undersigned, an authorized representative of USTelecom – the Broadband Association (“USTelecom”), hereby certifies the following: A. consistent with section 222(d)(2) of the Communications Act of 1934, as amended, USTelecom’s traceback efforts will focus on fraudulent, abusive, or unlawful traffic; and B. USTelecom has notified the Commission that it intends to conduct traceback efforts of suspected unlawful robocalls in advance of its registration as the single Consortium; and C. if selected to be the registered Consortium, USTelecom will remain in compliance with the statutory requirements; conduct an annual review to ensure its compliance with the statutory requirements; and promptly notify the Commission of any changes that reasonably bear on its certification. Consortium: USTelecom – the Broadband Association Signature: ________________________________ Printed Name: ________________________________Jonathan Spalter Title: _______________________________President & CEO Date: _______________________________May 21, 2020 Appendix B USTelecom Industry Traceback Group Policies and Procedures USTELECOM’S INDUSTRY TRACEBACK GROUP Policies and Procedures January 2020 Table of Contents Industry Traceback Group Overview ....................................................................................................... 2 Definitions ........................................................................................................................................... 2 ITG Membership Categories................................................................................................................. 5 Traceback Process and Best Practices .................................................................................................. 6 Privacy of Call Traceback Information ................................................................................................ 10 Robocall Sourcing Policy ....................................................................................................................... 11 Sources to be Utilized for Identifying Calls or Calling Campaigns for Traceback .................................. 11 Enforcement Agency ListServ................................................................................................................ 12 ITG Record Retention Policy ................................................................................................................. 13 Do Not Originate Policy ........................................................................................................................ 13 DNO Policies from Government Entities ............................................................................................. 14 DNO Policies for Private Enterprises .................................................................................................. 14 Maintaining the Integrity of DNO Implementation ............................................................................ 15 Effectiveness Linked to Scale of Implementation ............................................................................... 15 APPENDIX A – Enforcement Agency Handoff ........................................................................................ 16 APPENDIX B – 47 USC 222 ..................................................................................................................... 17 APPENDIX C – Sample Email Templates Sent via Portal ........................................................................ 18 APPENDIX D – Sample ITG Escalation Letters ........................................................................................ 23 1 Industry Traceback Group Overview These Industry Traceback Group (ITG) Policies and Procedures provide information on the criteria for membership in the ITG and the policies and procedures governing ITG activities. Adherence to the Policies and Procedures will help foster cooperation by a broad range of supportive industry participants (including incumbent local exchange carriers, competitive local exchange carriers, wireless carriers, VoIP providers, long distance companies, and wholesale providers) to enhance the robust protection of voice networks and users of voice services from fraudulent, abusive, and/or unlawful robocalls and to reduce the number of illegal robocalls by helping to identify the source of such calls. The origination, delivery and termination of robocalls involves numerous voice service providers in a complex ecosystem. Over 100 entities have participated in ITG Traceback of suspected illegal robocalls to date. As described and defined below, voice service providers fall into three broad categories: Cooperative Voice Service Providers (those who are fully cooperative with Tracebacks and meet numerous requirements described herein), Non- Cooperative Voice Service Providers and Call Path Voice Service Providers (those providers in the call path who don’t meet the many requirements necessary to be labeled Cooperative Voice Service Provider but who participate in Tracebacks and have not been labeled Non- Cooperative Voice Service Provider). Definitions The following definitions are used throughout the ITG Policies and Procedures: • Cooperative Voice Service Provider. A voice service provider committed to protecting networks and consumers from fraudulent and abusive robocall traffic. A Cooperative Voice Service Provider must agree to, and abide by, all the policies and procedures set forth in this document. • Non-Cooperative Voice Service Provider. A voice service provider that does not follow the best practices contained herein (pages 8-11) and does not cooperate with Cooperative Voice Service Provider(s) or USTelecom on Tracebacks of Suspicious Traffic. Specific actions that will result in designation as “non-cooperative” include the following: Non-Responsive • When a voice service provider that fails to respond within [BEGIN REDACTED] [END REDACTED] business days to [BEGIN REDACTED] [END REDACTED] separate consecutive traceback requests from the ITG despite reasonable efforts to ensure appropriate contact information for the provider and reasonable attempts to reach the provider via email and phone. 2 Ongoing Illegal Origination • An Originator is the last (farthest upstream) voice service provider in a Traceback sequence. The Originator may have placed the call itself, or received the call from its customer. A. Single Campaign • When a voice service provider that, [BEGIN REDACTED] [END REDACTED] or more days after identification by the ITG as an Originator for a particular Campaign, originates calls for that same Campaign. B. Multiple Campaigns • When a voice service provider that has been identified by the ITG as an Originator for multiple high-volume Campaigns. United States (U.S.) Point of Entry • The U.S. Point of Entry is the first downstream voice service provider routing traffic that was originated outside the United States on to the United States Public Switched Telephone Network. A. Single Campaign • When a voice service provider that, [BEGIN REDACTED] [END REDACTED] or more days after identification by the ITG as the U.S. Point of Entry for a particular Campaign, passes calls for that same Campaign. B. Multiple Campaigns • When a voice service provider that has been identified by the ITG as the U.S. Point of Entry for multiple high-volume Campaigns. Not Found • When a voice service provider whose responses to Traceback requests are entered as “Not Found” for more than [BEGIN REDACTED] [END REDACTED] percent of all responses, absent reasonable explanation. Note: merely responding to Tracebacks, without taking reasonable steps to eliminate the origination of illegal calls after notification of such calls, is not sufficient to avoid being labeled a Non-Responsive Voice Service Provider. USTelecom reserves the right to publish the identity of and share information about Non- Cooperative Voice Service Providers. This sharing can be with government enforcement agencies, with other voice service providers, and with the public. A voice service provider’s classification as “non-cooperative” will be removed if the voice service provider is no longer engaged in any of the above activities in a [BEGIN REDACTED] 3 [END REDACTED] day period after the ITG has deemed the provider as non-cooperative. Resumption of non-cooperative behavior will result in reclassification as non-cooperative. • Call Path Voice Service Provider. A voice service provider in a call stream path that is neither a Cooperative Voice Service Provider nor a Non-Cooperative Voice Service Provider. • Affiliates. With respect to a specified voice service provider, any other entity that, directly or indirectly through one or more intermediaries, controls, is controlled by or is under common control with the voice service provider specified. For purposes of these principles, the term “control” (including its correlative meanings, “controlled by” and “under common control with”) shall mean possession, directly or indirectly, of the power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests, by contract or otherwise). • Campaign. A group of calls with identical or nearly identical messaging believed to be coming from the same source(s) as determined by the content and calling patterns of the caller. A single Campaign often represents hundreds of thousands or millions of calls. • Suspicious Traffic. Suspicious Traffic is identifiable by a pattern of voice calls that: (1) transit one or more Cooperative Voice Service Provider networks and that (2) have characteristics associated with abusive, unlawful, or fraudulent practices (including, but not limited to, lack of header information, volumetric anomalies, calling or called party information modification, complaints received from called parties, law enforcement, 3rd party aggregators, or call transcripts). Cooperative Voice Service Providers shall work collaboratively to further develop this definition on an as-needed basis. • Incident Data. Data sent between Cooperative Voice Service Providers and/or USTelecom relating to Suspicious Traffic that includes the following (where applicable), information: (1) originating telephone number; (2) originating IP address; (3) called telephone number; (4) called IP address; (5) Session Initiation Protocol (SIP) header anomalies; (6) evidence of Caller ID, Automatic Number Identification (ANI), telephone number spoofing; (7) volume of calls, including call detail record (CDR) file(s) information (as applicable); and (8) date and time of calls. • Traceback. A network-based process that begins with the terminating Cooperative Voice Service Provider (or a set of terminating providers) possessing evidence of illegal call activity, seeking out the source of the originating Suspicious Traffic that is coming from a third party network, non-native to their own terminating network. The call is then systematically traced through the non-native networks that chronologically 4 precede the terminating network(s) until a Non-Cooperative Voice Service Provider and/or the Originator and/or originating customer is identified. • Trace Forward. Trace Forward is intended to address a scam that solicits a victim to call back to complete an attempted scam or fraud. In the Trace Forward process the networks used to initiate the malicious/fraudulent call to the end user are not traced, but rather the network serving the call back telephone number is identified. To trace forward, the ITG administrator contacts the voice service provider that owns the Direct Inward Dial (DID) number and requests information about the customer the number is associated with (name, e-mail, contact information, payment information). The Trace Forward process is repeated until the voice service provider conducting the Trace Forward finds the source/destination. • Secure Traceback Portal (STP). An online portal managed by USTelecom to facilitate Tracebacks and identification of illegal robocall Originators. Call Path Voice Service Providers, Cooperative Voice Service Providers, and Non-Cooperative Voice Service Providers that fall within the call path receive a Traceback request via email. The message includes the call details from the downstream Call Path Voice Service Provider or Cooperative Voice Service Provider and a secure link that logs the user into the portal where they add specific details on the upstream Call Path Voice Service Provider. The link included in the traceback request leads directly to a form where the identity of the next upstream voice service provider is entered. ITG Membership Categories The ITG is comprised of two membership groups consisting of ITG Steering Committee Members and ITG Affiliate Members as described below.1 In addition to these two broad membership categories, an Executive Committee is responsible for determining the overall direction and activities of the ITG as described below. ITG Steering Committee Members ITG Steering Committee Members implement the Policies and Procedures governing the operational aspects of the ITG and industry Tracebacks. ITG Steering Committee Members must: (1) be Cooperative Voice Service Providers that show a continuous commitment to the Traceback process, including support for Traceback investigations through the use of the STP and participation in regularly scheduled ITG Member calls; (2) fully comply with the ITG Policies and Procedures contained herein; (3) sign a statement of intent to adopt and follow the Best Practices listed on pages 8-11; and (4) agree to adhere to the principles contained in the State Attorneys General Anti-Robocall Principles available at https://www.ustelecom.org/wp- 1 A list of ITG members is available at https://www.ustelecom.org/the-ustelecom-industry-traceback-group-itg. 5 content/uploads/2019/08/State-AGs-Providers-AntiRobocall-Principles-With-Signatories.pdf;2 and (5) ensure that the ITG Member and all of its Affiliates adhere to the State AG Anti-Robocall Principles. Any members of the ITG that joined prior to 2019 and who have acted in good faith to implement Tracebacks are eligible to be ITG Steering Committee Members. Subsequent designation is contingent upon a demonstrated adherence to the ITG Policies and Procedures for a prior period of one year. Designation as an ITG Steering Committee Member is subject to the sole discretion of USTelecom, and the one year period may be waived upon approval of the Executive Committee. Membership in the ITG Steering Committee is contingent upon continuous compliance with the requirements above. USTelecom may terminate ITG Steering Committee membership in at any time, and for any reason, in conjunction with the advice of the Executive Committee. ITG Affiliate Members ITG Affiliate Members are members of the ITG who participate in industry Tracebacks but are not ITG Steering Committee Members. Any voice service provider may participate in call Tracebacks, and all voice service providers are encouraged to do so, but to be considered an ITG Affiliate Member, an entity must be a Cooperative Voice Service Provider and: (1) participate in quarterly scheduled ITG Member calls; (2) fully comply with the ITG Policies and Procedures; and (3) sign a statement of intent to adopt and follow the best practices listed in the sections below. Categorization as an ITG Affiliate Member is subject to approval by USTelecom in conjunction with the advice of the Executive Committee. Membership in the ITG is contingent upon compliance with the requirements above. USTelecom may terminate ITG Affiliate Membership in the ITG at any time, and for any reason, in conjunction with the advice of the Executive Committee. ITG Executive Committee Members The ITG Executive Committee consists of Steering Committee members that support the ITG as Platinum, Gold or Silver-level supporters or USTelecom members that support the ITG as Platinum, Gold, Silver or Bronze-level supporters.3 The Executive Committee sets the overall direction of the ITG and provides guidance on major ITG decisions. Traceback Process and Best Practices Traceback Initiation and Tracking. USTelecom initiates the Traceback process in order to identify the origin of an individual call or a Campaign using a source consistent with its Sourcing Policy as described on pages 10-11. A Traceback is initiated by the USTelecom Traceback team 2 Note: For those providers who offer wholesale voice services but do not offer retail service to end-use customers, it is understood that some principles may not apply, including Principle # 1 (Offer Free Call Blocking and Labeling) and Principle #5 (Confirm the Identity of Commercial Customers). To the extent any Principle is inapplicable to an ITG member’s business, such information can be provided in the statement of intent required for ITG membership that otherwise acknowledges and endorses the State Attorneys General Principles. 3 ITG support levels are determined on an annual basis. Participation in the Executive Committee reflects a commitment to the ITG in the form of financial contributions to cover ITG costs. 6 who enters the minimum information required for a Traceback into the STP. Once the information has been entered, a notification is sent to the terminating voice service provider(s) whose customer(s) received the Suspicious Traffic. That voice service provider then investigates the identity of the upstream voice service provider from whom it received the Suspicious Traffic and enters the information into the STP. If the upstream voice service provider has previously participated in a Traceback, its contact information will be in the STP and can be selected from a drop-down menu. If the upstream provider has not previously participated in a Traceback, contact information for that provider will not be available in the STP. In that case, the downstream voice service provider should provide contact information for the upstream provider, so that the STP can be appropriately updated. If contact information is not available, the USTelecom Traceback team seeks out information to avoid a dead end in the Traceback. This process is repeated for each voice service provider in the call path until the Originator is identified or a dead end is reached. All communications from upstream and downstream voice service providers concerning a Traceback are automatically logged in the STP. ITG Communications with Voice Service Providers. As a call is systematically traced through networks, semi-automated email messages are sent via the STP to voice service providers in the call path. Such messages are standardized but may differ based on the identity and status of the receiving voice service provider, ie., whether a voice service provider is an ITG Member familiar with the process, a new provider who has not previously participated in a Traceback, or a provider that has been unresponsive to prior requests. For examples of each message see Appendix C. A service provider who has been identified as meeting the criteria associated with being “non- cooperative” under any of the criteria contained in the definition of a Non-Cooperative Voice Service Provider will be sent an email notification via the STP. Different messages are sent depending on whether the provider is non-responsive or has been identified as an Originator or as a provider that is the U.S. Point of Entry for Suspicious Traffic. See Appendix D for escalation letters that are sent to such providers. “Problem Zone” Message A voice service provider identified as an Originator and/or as the U.S. Point of Entry for Suspicious Traffic, will be notified by USTelecom’s Traceback team that they are in danger of being labeled a Non-Cooperative Voice Service Provider unless action is taken to halt the flow of the Suspicious Traffic. Such providers shall be notified of their status and provided with access to reference materials with information on potential mitigation steps that can be taken to stop illegal calling activity and avoid a non-cooperative designation going forward. The STP may be configured in a manner that provides an identifier for such providers, thus putting other voice service providers on alert that an individual voice service provider has been notified that it is in danger of being labeled a Non-Cooperative Voice Service Provider if mitigation steps are not taken. 7 Non-Cooperative Service Provider Message If sufficient mitigation steps are not taken and a provider meets the definition of a Non- Cooperative Voice Service Provider, USTelecom’s Traceback team will notify the provider through an automated alert of their status and ask that they take the necessary steps to stop the illegal calling activity. Subsequently, the Traceback Team will initiate additional Traceback requests to monitor whether or not Suspicious Traffic has ceased. When an upstream provider has been notified that they have been labeled as non-cooperative, their downstream providers should be notified within 48 hours of their status. The STP may be configured in a manner that provides an identifier for such providers, thus putting other voice service providers on alert that an individual voice service provider has been notified that it is a Non-Cooperative Voice Service Provider. Best Practices 1. Dedicated Point of Contact. Each Cooperative Voice Service Provider will designate an individual or internal organization as a dedicated point of contact for addressing requests from other Cooperative Voice Service Providers or USTelecom related to Suspicious Traffic as well as a back-up person or internal organization. Each Cooperative Voice Service Provider will provide other Cooperative Voice Service Providers and USTelecom with the full name, title, phone number and e-mail address, and normal business hours of operation for each of their respective points of contact. USTelecom will, upon reasonable request, provide such contact information to enforcement authorities. 2. Ongoing Coordination. Cooperative Voice Service Providers and/or USTelecom will engage in collective coordination regarding instances of Suspicious Traffic, including through the STP. Such coordination between Cooperative Voice Service Providers and/or USTelecom may include electronically exchanging information related to Suspicious Traffic (e.g., through the STP and e-mails), conference calls, or individual outreach between Cooperative Voice Service Providers. 3. Prompt Response. Cooperative Voice Service Providers and/or USTelecom may initiate Traceback investigations into Suspicious Traffic based on reports from a wide range of sources, including end users and other voice service providers, provided that they have a bona fide basis to believe that the traffic is Suspicious Traffic. Each Cooperative Voice Service Provider should acknowledge that the Traceback request has been received and is being worked within one business day if received from another Cooperative Voice Service Provider and/or USTelecom relating to Suspicious Traffic, and endeavor to initiate investigation of the source of Suspicious Traffic request within four (4) business hours of acknowledgement as resources permit. The Cooperative Voice Service Provider should strive to complete the investigation and return results within 72 hours from initiation. The reasonableness of a Cooperative Voice Service Provider’s response will depend on the context, including whether the Cooperative Voice Service Provider or USTelecom initiating the request identifies such request as urgent to protect consumers from fraud, the complexity of the traffic analysis associated with the request, and the number of outstanding requests received by the Cooperative Voice Service Provider. The 8 Cooperative Voice Service Provider and/or USTelecom initiating the request has responsibility for following up on the request and ensuring that it is closed out. If a Cooperative Voice Service Provider notifies another Cooperative Voice Service Provider that it sent Suspicious Traffic, it should provide the notified Cooperative Voice Service Provider with the appropriate Incident Data. At a minimum a Cooperative Voice Service Provider investigating Suspicious Traffic originating on, or transiting through its network, should provide USTelecom and all Cooperative Voice Service Provider(s) impacted by and/or involved in the investigation of a specific case (e.g., upstream and downstream parties) with: (1) updates on the status of any investigation into Suspicious Traffic; (2) as-required updates on substantive developments into any investigation into Suspicious Traffic; and (3) resolution of the Suspicious Traffic investigation as outlined in Sections 3(a) and 3(b) below. USTelecom will distribute such information via the STP. 3(a). Mitigate Traffic Source. If, after investigation, the notified Cooperative Voice Service Provider learns its own systems and/or end users are generating the Suspicious Traffic, it will (consistent with the terms of its contract with that customer and other relevant legal considerations) take steps to investigate and mitigate calls that are found to be unlawful. If a Traceback investigation results in a finding that that the traffic was lawfully originated, the voice service provider originating the lawful traffic may provide information to Cooperative Voice Service Providers and USTelecom to avoid future investigations into the same customer’s traffic. A Cooperative Voice Service Provider that originates traffic from legitimate customers that use autodialers, or that itself initiates autodialed traffic, has the option of informing the rest of the Cooperative Voice Service Providers of the associated traffic patterns so that the others can avoid initiating investigations into that traffic. 3(b). Investigate Upstream Source. If, after investigation, the Cooperative Voice Service Provider learns it received the Suspicious Traffic from another Cooperative Voice Service Provider, it should request that the upstream Cooperative Voice Service Provider investigate the Suspicious Traffic. The upstream Cooperative Voice Service Provider should respond promptly to that Traceback request as outlined above in Section 3(a). 4. Referral to Enforcement Authorities. In instances where a voice service provider is determined to be a Non-Cooperative Voice Service Provider, relevant information may be forwarded to appropriate federal and state enforcement authorities, including, but not limited to, the Federal Communications Commission, the Federal Trade Commission, the Department of Justice, and state Attorneys General. Cooperative Voice Service Providers may provide such information to enforcement agencies directly or through coordination with USTelecom. Such information should include: (1) the name of the Call Path Voice Service Provider or Non- Cooperative Voice Service Provider; and (2) the circumstances surrounding outreach by the Cooperative Voice Service Provider(s) and/or USTelecom (e.g., date of contact(s); nature of communication from Call Path Voice Service Provider or Non-Cooperative Voice Service Provider). For specific instructions see Appendix A for Enforcement Agency handoff. 9 4(a). Special Circumstances. In instances where a private enterprise and/or enforcement agency sends a Cooperative Voice Service Provider and/or USTelecom a subpoena requesting full call records and data related to their Traceback investigation, a Cooperative Voice Service Provider and/or USTelecom will comply with the subpoena. 5. Identification of Voice Service Providers. In addition to law enforcement referrals, USTelecom may also choose to publicly summarize the results of Traceback results for ongoing illegal robocall Campaigns, including the identification of Cooperative Voice Service Providers, Non-Cooperative Voice Service Providers (with sufficient information describing why they have been labeled as such), and Call Path Voice Service Providers. Such identification may be provided to ITG Members and may also include the publication of a dynamic list on a publicly available website, a periodic electronic or written publication, or some other form of tangible publication. Any provider who has been identified as a Non-Cooperative Voice Service Provider will be immediately removed from any such list if information is provided demonstrating they do not or no longer meet the requirements to be labeled “non-cooperative.” 6. Transmission of Voice Traffic. Cooperative Voice Service Providers abiding by these best practices may choose to accept voice traffic only from other Cooperative Voice Service Providers and Call Path Voice Service Providers. To ensure that consumers, businesses and voice service providers are protected from illegal and potentially fraudulent actions, and consistent with contractual limitations and legal considerations, Cooperative Voice Service Providers should consider taking appropriate steps to eliminate acceptance of Suspicious Traffic from Non-Cooperative Voice Service Providers. While ITG members are expected to adhere to the best practices above at ALL times, call traffic, networks, systems, processes, training, and capabilities vary among service providers, as do the potentially illegal calling situations. Therefore, USTelecom acknowledges that these best practices may not apply for every individual Traceback. Any provider who is unable to respond to an individual Traceback should provide sufficient information in the STP as to why it is unable to respond. Privacy of Call Trace-Back Information. No Cooperative Voice Service Provider will share information about a Campaign under investigation provided by another party with any external entity except (i) USTelecom via the STP, (ii) those Call Path Voice Service Providers contacted as part of the Traceback investigation, or (iii) pursuant to a valid legal process, provided however that any individual Cooperative Voice Service Provider that receives any subpoena or other legal mandate seeking information received from another voice service provider shall, to the extent not prohibited by law, promptly inform the voice service provider from which it received information and provide that voice service provider an opportunity to resist providing the requested information. Information gathered by Cooperative Voice Service Providers during such investigations, including customer proprietary network information (CPNI), shall be used solely for the purpose of conducting Suspicious Traffic investigations. Nothing in this privacy section prohibits a Cooperative Voice Service Provider from proactively telling an enforcement agency, consistent with the law and with its own privacy policy, that it has information about a 10 Campaign that may be of interest to the agency, provided that that Cooperative Voice Service Provider has information about the Campaign learned through its own operations and that it does not disclose information received from other voice service providers or USTelecom absent permission. In the context of Traceback investigations, USTelecom will share with each downstream Cooperative Voice Service Provider where the investigation ended, including the identity of any Non-Cooperative Voice Service Provider. Nothing in this section shall limit the ability of USTelecom to publicly summarize the results of Traceback results for ongoing illegal robocall Campaigns as described in Section 5 above. Robocall Traceback Sourcing Policy The following section outlines the process utilized by USTelecom on behalf of the ITG to identify calls and/or calling Campaigns that are selected for initiation of Tracebacks (“Traceback Candidate”). The principal goal of this effort is to ensure that any Tracebacks initiated by USTelecom are initiated in good faith for the purpose of identifying the source of illegal and/or fraudulent traffic, thereby satisfying the requirements of 47 USC 222(d)(2) (See Appendix B). Specifically, USTelecom’s good faith efforts will ensure that any Traceback undertaken by the ITG is initiated to “protect the rights or property of the voice service provider, or to protect users of those services and other voice service providers from fraudulent, abusive, or unlawful use of, or subscription to, such services.” Sources to be Utilized for Identifying Calls or Calling Campaigns for Traceback. To best ensure that only actionable Traceback Candidates are pursued by the ITG for Traceback, USTelecom is guided by established principles that introduce reasonable due diligence, integrity and transparency into the Traceback process. The principles established by USTelecom dictate that Traceback Candidates will only be shared with the ITG if: 1) A credible and verifiable source is providing information regarding the Traceback Candidate; 2) The nature of the traffic associated with the Traceback Candidate is deemed by USTelecom staff to be fraudulent, abusive, or unlawful; and 3) Initiation of the Traceback warrants utilization of the ITG’s valuable resources. Prior to initiating a Traceback, USTelecom will conduct due diligence to warrant utilization of the Traceback process. Traceback Candidates shall be validated by USTelecom and the ITG generally through the following resources, although USTelecom may also independently initiate Tracebacks that satisfy the above referenced criteria. • ITG Steering Committee Member Referrals. Designated ITG Steering Committee Members may identify Traceback Candidates. Any ITG Steering Committee Member identifying such Traceback Candidates shall use good faith efforts to ensure that the 11 Traceback Candidate satisfies the requirements of 47 USC 222(d)(2) (e.g., calls to an ITG Steering Committee Member’s subscribers have been identified as suspected fraud). • Analytics Providers. Many analytic providers (e.g., Nomorobo, YouMail) utilize scoring algorithms to identify suspected fraudulent traffic to their subscribers. USTelecom, on behalf of the ITG, may partner with such analytics providers to help identify Traceback Candidates. • Enforcement Authorities. USTelecom seeks to cooperate with enforcement authorities at the local, state and federal level with the goal of providing such agencies with actionable leads on active Suspicious Traffic campaigns. This cooperation may also include Traceback Candidates identified by appropriate enforcement authorities for whom USTelecom may initiate a Traceback. • Enterprises Subject to Scams. Businesses whose brands are being illegally used in Campaigns without authorization by the business (including, but not limited to, healthcare providers, financial institutions, utilities, technology companies) may request that USTelecom initiate a Traceback on their behalf, subject to conditions and limitations on the use of the Traceback results as established by the ITG. USTelecom may require a fee for such Tracebacks. Enforcement Agency Listserv USTelecom will maintain and operate an information sharing resource for federal and state government agencies responsible for enforcement of laws and regulations to prevent illegal Campaigns. Participating agencies will receive information pertaining to illegal Campaigns initiated by the ITG. The ListServ provides information on active Campaigns under investigation by the ITG and serves as a resource to ensure coordination among government agencies. Eligibility. Federal and state government agencies that actively investigate illegal and fraudulent robocalls and who are responsible for enforcement of laws and regulations to prevent illegal robocalls may access the Listserv. USTelecom will coordinate the ListServ, including adding and removing contacts as necessary. It is the responsibility of federal and state government agencies and law enforcement officials to make sure contact information is up to date. Eligible agencies include, but are not limited to: • Federal Communications Commission (FCC) • Federal Trade Commission (FTC) • Social Security Administration (SSA) • State Attorneys General • Treasury Inspector General for Tax Administration (TIGTA) Participating on the Listserv will require the use of an official government email address. 12 The Listserv will only be available to appropriate government officials and USTelecom, who will coordinate with ITG members as necessary. Listserv Process. USTelecom will send notifications of summary reports in real time as Tracebacks are completed or come to a dead-end. Process: 1. Notifications will be sent out with a summary report capturing: a. Description of Campaign b. Campaign ID c. Audio (where available) d. Transcript (where available) e. Call Origin Location f. Start Date of Campaign g. Initial Traceback Report Date h. Volume of calls 2. In order to receive the full summary report with all details, a subpoena, CID, or other formal request for details is required. A full report will include: a. Full Call Detail Records as available b. Originator with full details (location, contact information, etc.) c. Additional information related to campaign or the identified Non-Cooperative Voice Service Provider determined to be relevant by USTelecom. ITG Record Retention Policy The ITG Record Retention Policy (“the Policy”) is designed to ensure that CDRs associated with any ITG Traceback investigation are retained to assist federal and state enforcement agencies with subsequent investigations and civil or criminal enforcement actions. Individual ITG Steering Committee Members and ITG Affiliate Members have their own internal policies that establish the timeframes for retaining CDRs. The Policy only applies to CDRs associated with Traceback investigations initiated through the USTelecom STP (“Traceback CDRs”). Under the ITG Record Retention Policy, ITG Steering Committee Members and ITG Affiliate Members’ Traceback CDRs shall be retained by the STP administrator for a period of no less than two years in the STP. For purposes of the ITG Record Retention Policy, the term “retain” shall mean the possession or storage by any method and in any medium, of any record at any location. 13 Do Not Originate Policy This section of the ITG Group Policies and Procedures outlines the policies and procedures to be utilized by USTelecom on behalf of the ITG to implement Do Not Originate (DNO) requests. DNO is a process whereby certain telephone numbers are identified at VoIP gateways or interconnection points, and prevented from terminating to the end user based upon the originating telephone number. A measured and tightly controlled DNO process can be instituted by some or many voice service providers on a voluntary basis. An entity for which a DNO has been instituted (whether a governmental or private entity) shall be referred to hereafter as a DNO Recipient. DNO Policies for Governmental Entities Historically, USTelecom has instituted DNOs on behalf of government agencies at the federal and state level. To qualify to be considered for DNO treatment, a number must: (1) be inbound-only; (2) be currently spoofed by a robocaller to perpetrate impersonation-focused fraud; (3) be the source of a substantial volume of calls (e.g. [BEGIN REDACTED] [END REDACTED] or more during a one month period); (4) be authorized for participation in the DNO effort by the party to which the telephone number is assigned; and (5) be recognized by consumers as belonging to a legitimate entity, lending credence to the impersonators and influencing successful execution of the scam. ITG Steering Committee Members, at the direction of USTelecom, shall undertake a volume count of spoofed calls for the previous [BEGIN REDACTED] [END REDACTED] day period. In instances where the volume of spoofed calls exceeds [BEGIN REDACTED] [END REDACTED] during that period, USTelecom may request initiation of the DNO. In consultation with ITG Steering Committee Members, USTelecom may initiate a DNO for a number not meeting the thresholds established for governmental entities if unique and exigent circumstance warrant such action. • DNO Implementation is Voluntary. In an instance where a government agency gains authorization for a DNO, implementation of the DNO by ITG Members is encouraged, but remains voluntary. In an instance where an ITG member chooses to implement a DNO requested by USTelecom, they shall affirmatively report to USTelecom staff that the DNO has been implemented, and its date of implementation. DNO Policies for Private Enterprises In addition to the DNO Policies for governmental entities listed above, the following additional principles shall be applied to private enterprises seeking a DNO from the ITG. • Trial Basis; Administrative Charge. Implementation of DNOs for private enterprises shall only be conducted on a trial basis. USTelecom and ITG Steering Committee Members shall not advertise or promote the availability of such DNOs during this trial period. In addition, USTelecom has the discretion to charge an administrative fee to any private enterprise seeking a DNO. 14 • Thorough Vetting. Both USTelecom and ITG Steering Committee Members shall carefully vet the private enterprise seeking a DNO. Where the private enterprise is a customer of an ITG Steering Committee Member, the ITG Steering Committee Member shall ensure that: (1) the entity requesting the DNO is assigned the number being vetted for a DNO and (2) the private enterprise is a legitimate company active in commerce. Where the private enterprise is not a customer of an ITG Steering Committee Member, USTelecom shall undertake similar vetting. • Active Event – Volume Thresholds. A DNO shall only be implemented when the private enterprise is experiencing active and significant fraudulent activity caused by the spoofing of its number. In consultation with the ITG Steering Committee Members, USTelecom may initiate a DNO for a number not meeting the thresholds established for governmental entities if unique and exigent circumstance warrant such action. Maintaining the Integrity of DNO Implementation. No less than twice per year, USTelecom will confirm in writing with each DNO Recipient that the conditions associated with their DNO request (e.g., inbound only number, the number remains assigned to the DNO Recipient) remain in place. Absent written confirmation from the DNO Recipient, USTelecom shall instruct the ITG Steering Committee Members to remove the DNO. USTelecom shall also maintain a registry of all DNOs that have been implemented (whether for private or governmental entities) by the ITG (“USTelecom DNO Registry”). For each DNO that has been implemented, the USTelecom DNO Registry shall include, at a minimum, the following information: (1) the name of the entity requesting the DNO; (2) the number(s) associated with the DNO; (3) the date of the authorization letter from each DNO Recipient; (4) the names of the ITG Steering Committee Members that have implemented the DNO request; and (5) the date on which the ITG Steering Committee Member implemented the DNO. ITG Steering Committee Members may request from USTelecom a copy of the USTelecom DNO Registry. In addition, USTelecom at its sole discretion, may share copies of the USTelecom DNO Registry with analytics providers (e.g., First Orion, Hiya, TNS, YouMail, Nomorobo) for implementation in their services. Implementation of DNOs by any such analytics providers shall be reflected in the DNO Registry, in accordance with the above guidelines. Effectiveness Linked to Scale of Implementation. Administratively, it is not feasible to implement DNO for a large group of numbers. Currently DNO is limited to Government agencies (IRS, SSA, etc). Private industry DNOs must be considered only in extreme cases. In order to implement DNO on large quantities of TNs, automated systems and established industry processes are needed to properly manage and implement DNO. Absent these, numbers should remain limited to government agencies. 15 APPENDIX A ENFORCEMENT AGENCY HANDOFF A Cooperative Voice Service Provider and/or USTelecom can assist enforcement authorities and take several actions to prevent fraudulent and abusive robocalls. Outline below is the process for Traceback handoff to specific enforcement agencies that have partnered with the ITG. 1. Federal Communications Commission (FCC). A Cooperative Voice Service Provider and/or USTelecom shall send a written referral on official letterhead containing a brief summary of the Traceback investigation (“Referral Letter”). Such a letter can be in the form of an email communication. The Referral Letter shall not include any CPNI, but may include the names of Non-Cooperative Voice Service Providers. If the FCC sends a Cooperative Voice Service Provider and/or USTelecom a subpoena requesting full CDRs and data specific to the Traceback investigation, the Cooperative Voice Service Provider and/or USTelecom shall comply with such requests. 2. Federal Trade Commission (FTC). A Cooperative Voice Service Provider and/or USTelecom shall send a written referral on official letterhead containing a brief summary of the Traceback investigation (“Referral Letter”). Such a letter can be in the form of an email communication. The Referral Letter shall not include any CPNI, but may include the names of Non-Cooperative Voice Service Providers. If the FTC sends a Cooperative Voice Service Provider and/or USTelecom a Letter of Inquiry requesting full CDRs and data specific to the Traceback investigation, the Cooperative Voice Service Provider and/or USTelecom shall comply with such requests. Agencies other than the FCC and FTC. A Cooperative Voice Service Provider and/or USTelecom may handoff Traceback information to a federal or state enforcement authority. When an enforcement agency requests information pertaining to a specific Traceback investigation, a Cooperative Voice Service Provider and/or USTelecom will send a referral on official letterhead providing a brief summary of the Traceback investigation. (“Referral Letter”). Such a letter can be in the form of an email communication. If the enforcement agency sends a Cooperative Voice Service Provider or USTelecom a subpoena or Letter of Inquiry requesting full CDRs and data specific to the Traceback investigation, the Cooperative Voice Service Provider or USTelecom shall comply with such requests. To the extent that any federal or state agency has a different or unique process than that described above, this Appendix will be updated accordingly. Note: The Enforcement Agency ListServ operated by USTelecom as described in these Policies and Procedures serves as a method by which USTelecom will submit referrals. 16 APPENDIX B 47 USC 222. 47 U.S.C. § 222 -Telecommunications § 222: Privacy of Customer Information (a) In general Every telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier. (b) Confidentiality of carrier information A telecommunications carrier that receives or obtains proprietary information from another carrier for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts. (c) Confidentiality of customer proprietary network information (1) Privacy requirements for telecommunications carriers Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories. (2) Disclosure on request by customers A telecommunications carrier shall disclose customer proprietary network information, upon affirmative written request by the customer, to any person designated by the customer. (3) Aggregate customer information A telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information other than for the purposes described in paragraph (1). A local exchange carrier may use, disclose, or permit access to aggregate customer information other than for purposes described in paragraph (1) only if it provides such aggregate information to other carriers or persons on reasonable and nondiscriminatory terms and conditions upon reasonable request therefor. (d) Exceptions Nothing in this section prohibits a telecommunications carrier from using, disclosing, or permitting access to customer proprietary network information obtained from its customers, either directly or indirectly through its agents-- (1) to initiate, render, bill, and collect for telecommunications services; (2) to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services. 17 APPENDIX C SAMPLE EMAIL TEMPLATES SENT VIA PORTAL FORMAL EMAIL TO NEW PROVIDERS WHO HAVE NEVER PARTICIPATED IN A TRACEBACK To Whom It May Concern: By way of introduction, my name is XXX, and I coordinate the efforts of USTelecom’s Industry Traceback Group (ITG). We are writing to request your assistance with industry efforts to protect consumers from fraudulent, abusive or potentially unlawful robocalls. My contact information is listed below, and I would be more than happy to discuss this request with you over the phone. A member of USTelecom’s ITG recently received traffic from your network that has been deemed suspicious, and we are seeking your assistance in order to identify its origin (call details with date(s) are listed below). We request that you assist industry stakeholders who are engaging in traceback efforts in order to help identify the source of this potentially fraudulent, abusive or unlawful network traffic. To assist us in our efforts, we are asking that you respond to this traceback inquiry as soon as possible, but no later than three business days from now. USTelecom, a 501(c)(6) trade association that represents service providers and suppliers for the telecommunications industry, leads the ITG, a collaborative effort of companies from across the wireline, wireless, VoIP and cable industries that actively trace and identify the source of illegal robocalls. The ITG coordinates with carriers at all levels within the call path seeking to identify the source of and eliminate illegal robocall traffic. The ITG also coordinates with federal and state law enforcement agencies to identify non-cooperative providers so they can take enforcement action, as appropriate. For more information about the ITG or a list of the current members, see https://www.ustelecom.org/the-ustelecom-industry-traceback-group-itg. The ITG operates under the auspices of the Communications Act which permits telecommunications carriers to disclose and/or permit access to Customer Proprietary Network Information. Section 222(d)(2) of the Communications Act permits telecommunications carriers to share such information in order to “protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services.” In addition, Section 2702(c)(3) of the Electronic Communications Privacy Act (ECPA) permits providers to divulge a record or other information pertaining to a subscriber to or customer of a service, “as may be necessarily incident to . . . the protection of the rights or property of the provider of that service.” Given the negative impact of these calls on the rights and property of the members of the ITG, disclosure of information responsive to call tracebacks fits within that exception. The Federal Communications Commission’s (FCC) Enforcement Bureau has sent letters to carriers that have been non-responsive to ITG traceback requests. The letters “urge” carriers to “to cooperate with the USTelecom Industry Traceback Group's program aimed at identifying 18 the source of illegal robocalls and harmful spoofed calls.” The ITG has received recognition at all levels of government, including the FCC, the Federal Trade Commission (FTC) and all 50 State Attorneys General. We are asking that you submit your response to this inquiry via our secure on-line portal, where you can see additional detail about all traceback requests involving your network. With respect to the call details below, please provide us with the following: 1. Please investigate the source of this traffic and respond with the identity of the upstream carrier(s) that sent the traffic into your network, or if one of your end users originated the traffic, please identify that end user. We ask that you use the link below to access the portal and use the drop-down selector to provide this information. 2. If, in investigating this traffic, the end user(s) originating the traffic are able to demonstrate to you that the traffic complies with applicable United States laws and regulations, please respond via email to me with the description of the traffic, the identity of the customer, and the customer’s explanation. 3. As you investigate this matter, please take appropriate action on your network to ensure compliance with applicable United States laws and regulations, and inform me of the action you have taken. To the extent that our industry effort identifies the originator of these suspicious robocalls, we first ask that mitigation efforts be taken at that source. For illegal traffic that goes unmitigated, USTelecom will provide information to downstream carriers to advise them that suspected illegals on your network continue to be allowed notwithstanding the identification of such calls via the traceback process. Similarly, USTelecom may advise the appropriate law enforcement agencies of such information so that they can take appropriate action, should they elect to do so. Similarly, if this industry effort fails to trace these calls to their origin, USTelecom may inform the appropriate agencies about the suspicious robocalls and the point in the call path where the investigation ends. Please feel free to consult with your counsel on this request, and do not hesitate to contact me should you have any questions, or would like to discuss. Best Regards, XXX, XXX, USTelecom – The Broadband Association Submit your response via our secure on-line portal: https://traceback.ustelecom.org/Form/Login/r;REDACTED?t=Hddj6k (URL is a private login; do not share.) Call Details for Incident #123(3d18h ago) Date/Time: 2019-00-00 00:00:00 UTC To: +15555555555 19 From: +15555555555 Campaign: XXX ITG MEMBER EMAIL This is a request for call detail information from the USTelecom Industry Traceback Group regarding a suspected illegal robocall. Please use the link below to access the Traceback Secure Web Portal and fill in the requested information regarding the source of the call(s). We would appreciate a response as quickly as possible; ideally in 4 hours or less and no longer than one business day. This notice was sent to 3 email addresses, including this one. For help or questions, email traceback-notice@ustelecom.org or call 202-326-7273. Best Regards, XXX, XXX, USTelecom – The Broadband Association Submit your response via our secure on-line portal: https://traceback.ustelecom.org/Form/Login/r;REDACTED?t=Hddj6k (URL is a private login; do not share.) Call Details for Incident #123(3d18h ago) Date/Time: 2019-00-00 00:00:00 UTC To: +15555555555 From: +15555555555 Campaign: XXX Summary of campaign NON-ITG MEMBER COOPERATING CALL PATH PROVIDER EMAIL TEMPLATE Dear Voice Service Provider: Given your past support of the Industry Traceback Group (ITG), we are writing to inform you that a member of USTelecom’s ITG received traffic deemed suspicious from your network (call details with date(s) are listed below). We request that you assist industry stakeholders who are engaging in traceback efforts in order to help identify the source of this potentially fraudulent, abusive or unlawful network traffic. We would appreciate a response to this traceback inquiry in three business days or sooner, but please let us know if you need additional time. 20 You can respond by clicking the link below, which will take you to our secure traceback portal. There, you can indicate who sourced the call(s) to you. Feel free to give us a call or reach out to us with any questions, and we appreciate your continued support of ITG efforts. Best Regards, XXX, XXX, USTelecom – The Broadband Association 601 New Jersey Avenue NW, Suite 600 Washington, DC 20001 Submit your response via our secure on-line portal: https://traceback.ustelecom.org/Form/Login/r;REDACTED?t=Hddj6k (URL is a private login; do not share.) Call Details for Incident #123(3d18h ago) Date/Time: 2019-00-00 00:00:00 UTC To: +15555555555 From: +15555555555 Campaign: XXX Summary of campaign NON-RESPONSIVE PROVIDER EMAIL TEMPLATE To Whom It May Concern: We are writing to alert you to problematic telephone calls that have been traced back to your network. We have notified you multiple times about suspected illegal robocall activity on your network, but we have not received the information we requested with respect to previous call examples. Therefore, we have marked you as a non-responsive voice service provider in our database. This means that we will terminate traceback efforts at your network and mark you as the originator for each traceback to which you have been non-responsive. However, we will continue to send you these notices as new call examples appear to make sure you are aware of the traffic. We have included a link below so that you can access details about the call(s). Our expectation is that you will determine the source of the traffic and take effective steps to mitigate it. If you 21 would like to participate in the traceback process, please let us know by responding to this email. We will adjust your designation in our system so that you can provide call source details. As we have previously indicated, for illegal traffic that goes unmitigated, USTelecom advises downstream providers to whom you send calls and the appropriate law enforcement agencies so they can take appropriate action, should they elect to do so. Best regards, XXX, XXX, USTelecom – The Broadband Association 601 New Jersey Avenue NW, Suite 600 Washington, DC 20001 Submit your response via our secure on-line portal: https://traceback.ustelecom.org/Form/Login/r;REDACTED?t=c03YHQG (URL is a private login; do not share.) Submit your response via our secure on-line portal: https://traceback.ustelecom.org/Form/Login/r;REDACTED?t=Hddj6k (URL is a private login; do not share.) Call Details for Incident #123(3d18h ago) Date/Time: 2019-00-00 00:00:00 UTC To: +15555555555 From: +15555555555 Campaign: XXX 22 APPENDIX D SAMPLE ESCALATION LETTERS NON-RESPONSIVE ESCALATION TEMPLATE • Message sent when a provider has failed to respond within [BEGIN REDACTED] [END REDACTED] business days to [BEGIN REDACTED] [END REDACTED] consecutive traceback requests. Date Dear XXX, As a result of your non-responsiveness to our repeated written traceback requests, USTelecom – The Broadband Association (USTelecom) is prepared to send a copy of this notice to your downstream providers (as identified in our tracebacks) and appropriate federal and state enforcement authorities to make them aware of your non-cooperation with the Industry Traceback Group (ITG) traceback requests. We also reserve the right to publicly identify your company as non-responsive to industry traceback requests as a resource to other voice service providers and federal and state enforcement agencies. If you believe our traceback requests were in error, or if you have any information to share with us concerning the traceback requests, please respond to this letter within 48 hours of receipt. I can be reached at the address, email or phone number listed below. As you should be aware from our previous written correspondence, USTelecom4 manages and operates the ITG, a nationally recognized industry group that was formed to identify the origin of suspected illegal robocalls through cooperative traceback efforts. The ITG includes a broad range of industry participants5 who work collaboratively to reduce the number of fraudulent and illegal robocalls consumers receive by: 1) identifying the origin of such calls; 2) working with voice service providers to eliminate illegal calls from originating on or traversing their networks where possible; and 3) notifying enforcement authorities of the source of illegal robocalling campaigns. The Federal Communications Commission (FCC) has encouraged all providers to join this industry initiative and to participate in the traceback efforts of the ITG. The FCC’s Enforcement 4 USTelecom, a 501(c)(6) trade association, represents service providers and suppliers for the telecommunications industry (available at www.ustelecom.org). 5 ITG members include ILECs, CLECs, wireless carriers, VoIP providers, long distance companies, and wholesale providers. (available at https://www.ustelecom.org/the-ustelecom-industry-traceback-group-itg/). 23 Bureau has sent letters to carriers that have been non-responsive to ITG traceback requests.6 The letters “urge” carriers to “to cooperate with the USTelecom Industry Traceback Group's program aimed at identifying the source of illegal robocalls and harmful spoofed calls.” Some of those letters were sent pursuant to the FCC’s authority under Section 403 of the Communications Act, which permits it to institute an enforcement inquiry on its own motion.7 The FCC’s exercise of its Section 403 authority in the context of these letters indicates that the agency may be closely investigating the activities of voice providers suspected of generating illegal robocalls, and whether enforcement actions may be necessary. Every day, the ITG traces back individual call examples from the most prolific illegal calling campaigns. Through that process we have notified you of your company’s handling traffic associated with numerous of these campaigns in an effort to prevent the origination of illegal calls. Our objective analysis8 has identified your company as originating or transiting a high volume of suspected illegal robocall calls. In our prior correspondence to you identifying suspected illegal robocall traffic, for each traceback request, we provided you with: 1) the date and exact time of the call; 2) the called number; 3) the calling number (likely spoofed); 4) the downstream carrier to whom you passed your traffic; 5) a description of the illegal campaign associated with the call; 6) a link to our secure, easy to use online portal; 7) the provider serving the called party; 8) whether the called number is on the national do-not-call-list; and 9) in most cases a link to an audio recording capturing what the caller said via an automated or pre-recorded voice. To date, despite your possession of this detailed and ample information,9 you have never responded to any of these legitimate and reasonable traceback requests. This is both alarming and inconsistent with the 6 See, Letter from Rosemary C. Harold, Chief, Enforcement Bureau, FCC, and Eric Burger, Chief Technology Officer, FCC, to Jonathan Spalter, President & CEO, USTelecom – The Broadband Association (Nov. 6, 2018), available at https://docs.fcc.gov/public/attachments/DOC-354942A2.pdf (last visited August 13, 2019). 7 See e.g., Letter from Rosemary C. Harold, Chief, Enforcement Bureau, FCC, and Eric Burger, Chief Technology Officer, FCC, to Ryan Brosnahan, CEO, R Squared (Nov. 6, 2018), available at https://docs.fcc.gov/public/attachments/DOC-354942A2.pdf (last visited August 13, 2019). 8 Because the ITG commences its traceback investigations starting at the termination point of any given call, it has no indication as to the specific upstream carriers that will be involved in any given call path. As such, ITG investigations are entirely premised on the facts and conditions associated with each particular traceback and are not influenced by subjective criteria. 9 The numerous categories of data referenced above, which were provided to you on multiple occasions, include sufficient information for your company to quickly and efficiently trace back the call in question, and to confirm the illegal nature of the call. As we noted in our correspondence to you, Section 222(d)(2) of the Communications Act permits a telecommunications carrier to disclose CPNI in order to “protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services.” 47 U.S.C. § 222(d)(2). Despite the ample information we provided, and the legal authority provided to you to share such information, you have declined to do so. 24 FCC’s clear guidance to carriers to support the efforts of the ITG. By our statistical analysis, each of these call examples is indicative of one to two million similar calls. Our strong desire is to work cooperatively with all voice service providers by providing them with actionable information so they can address suspected illegal calls originating on, or transiting their networks. The ITG’s goal is to shut down illegal robocalling campaigns, but this requires a collaborative effort among all industry participants, including your company. We expect your collaboration and assistance on this important issue, but will proceed accordingly should we not hear back from you within the timeframes identified above. Sincerely, XXX, XXX, USTelecom – The Broadband Association 601 New Jersey Avenue NW, Suite 600 Washington, DC 20001 NON-COOPERATIVE DANGER ZONE MESSAGE (YELLOW IDENTIFIER IN STP) • Message sent to voice service provider that has bene identified as a call originator and/or U.S Point of Entry but has not yet met the criteria as a Non-Cooperative Voice Service Provider. To Whom It May Concern: This is an automatically generated notice alerting you to your change in status as reflected in our Industry Traceback Group on-line portal. Your status is now YELLOW. A provider in this status has, within the past [BEGIN REDACTED] [END REDACTED] days, been identified as: A. An Originator: the last (furthest upstream) voice service provider in a traceback sequence for an illegal robocall. The originator may have placed the call itself, or received the call from its customer, OR B. The US Point of Entry: the first downstream voice service provider routing an illegal robocall that was originated outside the US to the US Public Switched Telephone Network (PSTN). Call details are viewable in our on-line portal at this URL: http://traceback.ustelecom.org/unique-link-details-here. You previously received a traceback notice about this traffic; we ask that you immediately follow up with the source to take effective mitigation steps. 25 Other service providers will be able to view your status in our on-line traceback portal and in email alerts. There are two conditions that could advance you to the RED status and cause you to be designated as a Non-Cooperative Voice Service Provider: 1. Serving as the Originator or US Point-of-Entry for another illegal call associated with a different calling campaign, OR 2. Serving as the Originator or US Point-of-Entry for the SAME campaign, [BEGIN REDACTED] [END REDACTED] or more days subsequent to notification of the first call for that campaign. USTelecom reserves the right to publish the identity of and share information about Non- Cooperative Voice Service Providers. This sharing can be with government enforcement agencies, with other voice service providers, and with the public. Do not hesitate to contact me should you have any questions or would like to discuss. You can respond via reply email or call [BEGIN REDACTED] [END REDACTED]. Best Regards, XXX, XXX, USTelecom – The Broadband Association 601 New Jersey Avenue NW, Suite 600 Washington, DC 20001 NON-COOPERATIVE VOICE SERVICE PROVIDER MESSAGE (RED IDENTIFER IN STP) To Whom It May Concern: This is an automatically generated notice alerting you to your change in status as reflected in our Industry Traceback Group on-line portal. You have been designated a Non-Cooperative Voice Service Provider and your status is now RED. A provider in this status has, within the past [BEGIN REDACTED] [END REDACTED] days, been identified as: A. Serving as the Originator or US Point-of-Entry for illegal calls associated with two different calling campaigns, OR B. Serving as the Originator or US Point-of-Entry for a given illegal robocall campaign, [BEGIN REDACTED] [END REDACTED] or more days subsequent to notification of the first call for that campaign. 26 Call details are viewable in our on-line portal at this URL: http://traceback.ustelecom.org/unique-link-details-here. You previously received a traceback notice about this traffic; we ask that you immediately follow up with the source to take effective mitigation steps. Other service providers will be able to view your status in our on-line traceback portal and in email alerts. USTelecom reserves the right to publish the identity of and share information about Non- Cooperative Voice Service Providers. This sharing can be with government enforcement agencies, with other voice service providers, and with the public. You can provide additional information that you would like to share regarding this matter in the online portal or with USTelecom staff. Do not hesitate to contact me should you have any questions or would like to discuss. You can respond via reply email or call [BEGIN REDACTED] [END REDACTED]. Best Regards, XXX, XXX, USTelecom – The Broadband Association 601 New Jersey Avenue NW, Suite 600 Washington, DC 20001 27 CHANGE IN STATUS MESSAGE • Message generated to downstream providers identified as exchanging traffic with an upstream provider who has been identified as a Non-Cooperative Voice Service Provider (Red) or a provider that has been identified as exhibiting behavior that may lead to a formal designation as a Non-Cooperative Voice Service Provider (Yellow) To Whom It May Concern: This is an automatically generated notice alerting you to a change in status for one of the upstream providers from whom you have recently accepted illegal robocall traffic. ABC Telecom status has changed to YELLOW. (or ABC Telecom has been designated a Non-Cooperative Voice Service Provider and now is in RED status) Details regarding your upstream providers are viewable in our on-line portal at this URL: http://traceback.ustelecom.org/unique-link-details-here. We have sent a separate notice to the provider alerting them to their status change. We ask that you work with the provider to take effective mitigation steps. Do not hesitate to contact me should you have any questions or would like to discuss. You can respond via reply email or call [BEGIN REDACTED] [END REDACTED]. Best Regards, XXX, XXX, USTelecom – The Broadband Association, 601 New Jersey Avenue NW, Suite 600, Washington, DC 20001 28 Appendix C USTelecom Industry Traceback Group Members Appendix C Industry Traceback Group Members Executive Committee Members • AT&T • Frontier • Bell Canada • Sprint/T-Mobile • CenturyLink • Twilio • Charter • US Cellular • Comcast • Verizon • Consolidated • Windstream • Cox Steering Committee Members • ANI Networks • Inteliquent • AT&T • O1 Communications • Bandwidth • Peerless Network • Bell Canada • T-Mobile • BrightLink • Twilio • CenturyLink • US Cellular • Charter • Verizon • Comcast • West Telecom Services • Consolidated • Windstream • Cox • YMax • Frontier Affiliate Committee Members • Alliance Group Services • Piratel • Broadband Dynamics • Silver Star Communications • Business Telecommunications • Talkie Fiber Services • Telnet • Cincinnati Bell • Telnyx • G4 Telecom • ThinQ/Voxterm • Google • Third Base International Telecom • HD Tandem • Voxology • IDT Telecom • XCast Labs • Impact Telecom Appendix D Federal and State Enforcement Actions Supported by Traceback Information from the Industry Traceback Group Appendix D Federal and State Enforcement Actions Supported by Traceback Information from the Industry Traceback Group Date Agency/Agencies Proceeding Enforcement Bureau Letters to USTelecom and 8 Non-Cooperative November 6, 2018 Federal Communications Commission Voice Providers. United States of America, Plaintiff, v. Derek Jason Bartoli, a/k/a Derek June 21, 2019 Federal Trade Commission Bartoli, individually and also d/b/a Phoenix Innovative Solutions LLC, Marketing Consultation Solutions LLC, and KimRain Marketing LL Federal Trade Commission, and Ohio Federal Trade Commission, and State of Ohio ex rel. Attorney General December, 2019 Attorney General Dave Yost, v. Educare Centre Services, Inc., et al. United States of America, v. Jon Kahen, A/K/A Jon Kaen, Global; January, 2020 Department of Justice Voicecom, Inc., Global Telecommunication Services Inc., And Kat Telecom, INC. United States of America, v. Nicholas Palumbo, Natasha Palumbo, January, 2020 Department of Justice ECommerce National, LLC d/b/a/ Tollfreedeals.com and SIP Retail d/b/a sipretail.com, March 27, 2020 Federal Trade Commission FTC Letters to 9 VoIP Gateway Providers Federal Trade Commission, and FTC Letters to 3 VoIP Gateway Providers Regarding COVID-19 April 3, 2020 Federal Communications Commission Robocalls Federal Trade Commission, and FTC Letters to 3 VoIP Gateway Providers Regarding COVID-19 May 20, 2020 Federal Communications Commission Robocalls * * *