7. Suspicious Traffic. Suspicious Traffic is identifiable by a pattern of voice calls that: (1) transit one or more Voice Service Provider networks and (2) have characteristics associated with abusive, unlawful, or fraudulent practices (including, but not limited to, lack of header information, volumetric anomalies, calling or called party information modification, complaints received from called parties, law enforcement, third-party aggregators, or call transcripts). 8. Incident Data. Data sent between Voice Service Providers and/or the ITG relating to Suspicious Traffic that can include but is not limited to the following information: • originating telephone number; • originating IP address or Originating and Destination Point Codes; • called telephone number; • called IP address; • Session Initiation Protocol (SIP) header anomalies; • evidence of Caller ID, Automatic Number Identification (ANI), telephone number spoofing; • volume of calls, including call detail record (CDR) file information; • date and time of calls; and • Information about Voice Service Providers in the call path. 9. Traceback. A network-based process that seeks out the source of Suspicious Traffic. Beginning at a terminating Voice Service Provider, a call is systematically traced from one Voice Service Provider to the preceding Voice Service Provider networks until a Non-Cooperative Voice Service Provider and/or the originating Voice Service Provider or originating customer is identified. 10. Trace Forward. Trace Forward is intended to address a scam that solicits a victim to call back to complete an attempted scam or fraud. In the Trace Forward process, the networks used to initiate the malicious/fraudulent call to the end user are not traced, but rather the network serving the call back telephone number is identified. To Trace Forward, the ITG administrator contacts the Voice Service Provider that owns the Direct Inward Dial (DID) number and requests information about the customer the number is associated with (such as name, e-mail, contact information, and payment information). The Trace Forward process is repeated until the Voice Service Provider conducting the Trace Forward finds the source/destination. 11. Secure Traceback Portal (STP). An online portal managed by the ITG to facilitate Tracebacks and identification of illegal robocall originators. 5 INDUSTRY TRACEBACK GROUP POLICIES AND PROCEDURES completed a 60 day period in which it is not the originating Voice Service Provider or U.S. POE for any Tracebacks in the STP. The ITG also may consider additional Traceback‐ related information in its consideration, including the provider’s close proximity to originating Voice Service Providers, U.S. POEs, and Non‐Cooperative Providers in Tracebacks. ITG Executive Committee Members The ITG Executive Committee consists of Steering Committee members that financially support the ITG at specified levels. In conjunction with ITG staff, the Executive Committee sets the overall direction of the ITG and provides guidance on major ITG decisions. Membership Termination and Suspension Membership in the ITG is a privilege, not part of any regulatory requirement. ITG members have a responsibility to be models in the fight against illegal robocalls. Accordingly, the ITG, with the advice of the Executive Committee, may terminate the membership of any ITG member for cause. Cause includes, but is not limited to, the member’s failure to adhere to these Policies and Procedures or routinely appearing as the originating Voice Service Provider or U.S. POE for Tracebacks. Should the ITG move to remove a member, that member shall have the opportunity to present to the ITG staff and the Executive Committee reasons why it should be allowed to remain a member of the ITG. Termination does not foreclose later reinstatement as a member of the ITG. In addition, any ITG member that has been alleged to be responsible for illegal robocalls in a government enforcement action, including but not limited to a formal complaint, Notice of Apparent Liability, or cease‐and‐desist from a federal or state government agency, will be automatically suspended from ITG business. Suspension includes removal of that provider from of all references on the ITG’s websites and other public materials, ITG member meetings, and ITG member communications and distribution lists. Upon resolution of the enforcement action, such member may request to end the suspension by presenting to the ITG staff and the Executive Committee reasons why it should be reinstated. The ITG, with the advice of the Executive Committee, then will decide whether to reinstate the provider’s membership. Membership that is suspended for more than one year will be automatically terminated, though nothing forecloses the provider from seeking membership again in the future after the resolution of the enforcement action. 7 INDUSTRY TRACEBACK GROUP POLICIES AND PROCEDURES Voice Service Provider will be removed from any such list if information is provided demonstrating that it does not meet, or no longer meets, the Non-Cooperative Voice Service Provider definition. Traceback Confidentiality The ITG typically will only share with each downstream Voice Service Provider where the investigation ended, including the identity of any Non-Cooperative Voice Service Provider. Nevertheless, nothing in this section shall limit the ability of the ITG to refer Tracebacks to enforcement authorities and publicly summarize the aggregate results of Tracebacks of illegal robocall Campaigns. The ITG also reserves the right to publish the identity of and share information about Non-Cooperative Voice Service Providers. This sharing can be with but is not limited to government enforcement agencies, other Voice Service Providers, and the public. Organization Traceback Requests The ITG may, at times, initiate a Traceback at the request of a non-governmental organization, including an ITG Member. Such Tracebacks may be for the reactive purpose of protecting the organization from illegal or abusive calls that are directly impacting it or its customers or that otherwise damage its reputation. In the case of ITG Members, the purpose of such Tracebacks can include the protection of the Voice Service Provider’s rights or property, or to protect users of voice services and other Voice Service Providers from fraudulent, abusive, or unlawful use of, or subscription to, such services. Information regarding a Traceback will be made available to the organization that requested the Traceback investigation in a limited manner and in compliance with applicable law. The ITG will make information available to the organization regarding the caller and originating provider; based on the ITG’s discretion, the ITG will only share additional information about the call path where necessary to address the illegal or abusive calls. The recipient of such information may use and share the information only for the purpose of stopping the harmful traffic, including, as appropriate, making referrals to law enforcement agencies. As further described below, except in the case of exigent circumstances, appropriate legal process is required before the ITG discloses specific customer or call records to law enforcement agencies. All requests to provide information for Traceback investigations requested by an organization will include a certification of customer consent to the disclosure of information or information about why such disclosure is necessary to protect the rights or property of an organization, including a Voice Service Provider, or to protect users of telecommunications services and other Voice Service Providers from fraudulent, abusive, or unlawful use of, or subscription to, such services.4 Neither the ITG nor its representatives may disclose information obtained from a Traceback initiated at the request of a private organization to any outside entity without the authorization of the organization that initiated the Traceback investigation, except as necessary to perform the Traceback or as required by law. The Traceback results, however, may be included in aggregated information the ITG provides. 9 INDUSTRY TRACEBACK GROUP POLICIES AND PROCEDURES ▶ Organizations Subject to Abusive Calling and Scams. The ITG will partner with private and public organizations to help stop abusive and illegal calls targeting the organizations and their customers. These calls can include robocalls and other spoofed calls targeting an organization’s call centers or employees, as well as calls in a Campaign that, without authorization, trade on the brand and reputation of the organization to defraud consumers. The ITG may require a reasonable fee for such Tracebacks. 11 INDUSTRY TRACEBACK GROUP POLICIES AND PROCEDURES Eligible agencies include, but are not limited to: ▶ Federal Communications Commission (FCC) ▶ Federal Trade Commission (FTC) ▶ Social Security Administration (SSA) ▶ State Attorneys General ▶ Treasury Inspector General for Tax Administration (TIGTA) ▶ Federal Bureau of Investigation (FBI) ▶ Department of Homeland Security (DHS) It is the responsibility of federal and state government agencies and law enforcement officials to make sure contact information is up to date. Only official government email addresses will be permitted on the listserv. 13 INDUSTRY TRACEBACK GROUP POLICIES AND PROCEDURES 6. Analyze and Monitor Network Traffic. Each Voice Service Provider should analyze high-volume voice network traffic to identify and monitor patterns consistent with illegal robocalls. For example, each Voice Service Provider should employ tools to detect and act on such patterns. 7. Investigate and Mitigate Suspicious Calls and Calling Patterns. If a Voice Service Provider detects a pattern consistent with or specific to illegal robocalls, or if it otherwise has good reason to suspect illegal robocalling or illegal spoofing is taking place over its network, the Voice Service Provider should seek to identify the party that is using its network to originate, route, or terminate these calls and take appropriate action. Appropriate actions may include, but are not limited to, initiating a Traceback investigation; verifying that the originating commercial customer owns or is authorized to use the Caller ID number; determining whether the Caller ID name sent to a receiving party matches the customer’s corporate name, trademark, or d/b/a name; reviewing complaints; terminating the party’s ability to originate, route, or terminate calls on its network; and notifying law enforcement authorities. Foreign- originating traffic that uses +1 USA Caller-ID values requires special scrutiny. 8. Privacy of Call Traceback Information. No Voice Service Provider will share information about a Campaign under investigation provided by another party with any third-party entity except (i) the ITG via the STP, (ii) Voice Service Providers in the call path with the immediate Voice Service Providers to whom they sent or received the call, or (iii) pursuant to a valid legal process, provided however that any individual Voice Service Provider that receives any subpoena or other legal mandate seeking information received from another Voice Service Provider shall, to the extent not prohibited by law, promptly inform the Voice Service Provider from which it received information and provide that Voice Service Provider an opportunity to challenge the legal process. Information gathered by Voice Service Providers during such investigations, including CPNI, shall be used solely for the purpose of conducting Suspicious Traffic investigations and mitigating that Suspicious Traffic. Nothing in this privacy section prohibits a Voice Service Provider from independently disclosing to an enforcement agency information it has obtained outside of the ITG Traceback process, consistent with the law and with its own privacy policy 16 INDUSTRY TRACEBACK GROUP POLICIES AND PROCEDURES Maintaining the Integrity of DNO Implementation No less than twice per year, the ITG will confirm in writing with each DNO Recipient that the conditions associated with their DNO request (e.g., inbound only number, the number remains assigned to the DNO Recipient) remain in place. Absent written confirmation from the DNO Recipient, the ITG may instruct the ITG Steering Committee Members to remove the DNO. The ITG shall also maintain a registry of all DNOs that have been implemented (whether for private or governmental entities) by the ITG (“DNO Registry”). For each DNO that has been implemented, the DNO Registry shall include, at a minimum, the following information: (1) the name of the entity requesting the DNO; (2) the number(s) associated with the DNO; (3) the date of the authorization letter from each DNO Recipient; (4) the names of the ITG Steering Committee Members that have implemented the DNO request; and (5) the date on which the ITG Steering Committee Member implemented the DNO. ITG Steering Committee Members may request from the ITG a copy of the DNO Registry. In addition, the ITG at its sole discretion, may share copies of the DNO Registry with analytics providers for implementation in their services. Implementation of DNOs by any such analytics providers shall be reflected in the DNO Registry, in accordance with the above guidelines. DNO Implementation is Voluntary and Subject to Provider Discretion Implementation of the DNO by ITG Members is encouraged but remains voluntary. In an instance where an ITG Member chooses to implement a DNO requested by the ITG, the ITG Member shall affirmatively report to ITG staff that the DNO has been implemented, as well as the date of implementation. Administratively, it may not be feasible for Voice Service Providers to implement DNO for a large group of telephone numbers. Accordingly, in the event the DNO Registry includes more DNOs than a given ITG Member can implement, the ITG Member should implement DNOs as it believes appropriate, prioritizing the DNOs that will most effectively protect its customers. In particular, ITG Members generally should prioritize government-requested DNOs, as well as DNOs associated with high call volume in the areas served by the ITG Member. The ITG may make information available to ITG Members regarding suggested priority DNOs. 18 INDUSTRY TRACEBACK GROUP POLICIES AND PROCEDURES