Federal Communications Commission Enforcement Bureau Telecommunications Consumers Division 45 L Street, NE Washington, DC 20554 June 11, 2026 VIA ELECTRONIC DELIVERY AND CERTIFIED MAIL - RETURN RECEIPT REQUESTED To: Callsto, LLC1 Henry A. Sickler Vice President 1621 Central Ave # 9747 Cheyenne WY 82001 support@callsto.net Re: Notification of Suspected Illegal Traffic & Additional Notification of Robocall Mitigation Database Certification Deficiency Dear Henry A. Sickler, Callsto (Callsto or Company) is apparently originating illegal robocall traffic to Public Safety Answering Points (PSAPs) in Georgia and Kentucky as well as to consumer wireless telephone numbers. PSAPs provide critical emergency services and any disruption presents a serious threat to public health and safety.2 The Commission has made stopping unlawful robocalls its highest consumer protection priority to combat disruptive calls that tie up emergency medical communications and put lives at risk.3 The Enforcement Bureau (Bureau) of the Federal Communications Commission (FCC or Commission) provides this letter as notice of important legal obligations and steps Callsto must take to address this apparently illegal traffic. Failure to comply with the steps outlined in this letter may result in downstream providers permanently blocking all of Callsto’s traffic. The Bureau also provides this letter as additional notice to Callsto that its Robocall Mitigation Database (RMD) certification is deficient in several respects and outlines the steps Callsto must take to cure the deficiencies. Failure to cure these deficiencies may result in the removal of Callsto’s certification from the RMD, which would then require all downstream providers to cease accepting traffic directly from the Company. 1 The Company appears as “Callsto, LLC” in its Articles of Organization filed with the Wyoming Secretary of State, but the Company is listed as “Callsto” in its filing in the Robocall Mitigation Database. See Callsto (No. RMD0012703), Fed. Commc’ns Comm’n, Robocall Mitigation Database (filed Feb. 20, 2026), https://wyobiz.wyo.gov/business/FilingDetails.aspx?eFNum=15312102517819802815816823219616 5056199175099201 (available under the “History” tab) (Callsto RMD Certification). For purposes of this Notice, the Enforcement Bureau will refer to the Company’s full name as listed in its state registration. 2 See Call Authentication Trust Anchor, Implementation of TRACED Act Section 6(a)—Knowledge of Customers by Entities with Access to Numbering Resources, WC Docket Nos. 17-97, 20-67, Report and Order and Further Notice of Proposed Rulemaking, 35 FCC Rcd 3241, 3264 para. 50 (2020). 3 FCC, Call Blocking Tools Now Substantially Available to Consumers: Report on Call Blocking at 6 (2020), https://docs.fcc.gov/public/attachments/DOC-365152A1.pdf. I. Background A. The Nature of the Identified Traffic USTelecom’s Industry Traceback Group (ITG)4 traced the sources of 32 robocalls, identified in Attachment A, placed to emergency telephone lines5 and wireless numbers between January 27, 2025 and November 5, 2025, without the prior express consent of the called parties.6 The calls consisted of three apparently illegal robocall campaigns: one of which delivered artificial or prerecorded voice messages to emergency telephone lines and two that involved Medicare-related robocalls to wireless numbers.7 i. Robocalls to Emergency Telephone Lines The ITG identified Callsto as the originating provider for 10 robocalls, listed in Attachment A, that were placed to two PSAPs between April 21, 2025 and September 5, 2025 without prior express consent.8 The 911 operators received prerecorded calls on their emergency lines that contained non- emergency messages.9 The calls reached an emergency ambulatory line in Marion County, Kentucky, and an emergency line in White County, Georgia.10 The Marion County emergency ambulance line received eight calls within a 24-hour span originating from eight different numbers.11 The customer who placed these calls identified by Callsto is based in Mumbai, India.12 ii. Medicare-Related Robocalls to Wireless Telephone Numbers The ITG also identified Callsto as the originating provider for 22 Medicare-related prerecorded voice message robocalls that were made to wireless telephone numbers of consumers without the prior express consent of the called party.13 Some of the 22 identified calls contained messages claiming that “the new Trump administration has changed the Medicare policies” for the call recipient’s state14 or that there is an “updated plan for Medicare [that] has just been released” asking call recipients if they “have a 4 The ITG is the registered industry consortium selected pursuant to the TRACED Act to conduct tracebacks. See Implementing Section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), EB Docket No. 20-22, Report and Order, 38 FCC Rcd 7561, 7561, para. 1 (2023). 5 See 47 CFR 64.1200(a)(1)(i) (“No person or entity may (1) Except as provided in paragraph (a)(2) of this section, initiate any telephone call (other than a call made for emergency purposes or is made with the prior express consent of the called party) using an automatic telephone dialing system or an artificial or prerecorded voice; (i) [t]o any emergency telephone line, including any 911 line and any emergency line of a hospital, medical physician or service office, health care facility, poison control center, or fire protection or law enforcement agency.”). 6 See ITG Subpoena Response, Traceback Report (Feb. 10, 2026) (on file at EB-TCD-26-00040720) (ITG Traceback Report). 7 Id. 8 Id.; see FCC Complaint #7786965 (Apr. 17, 2025) (complaint from the Marion County EMS director in Lebanon, Kentucky stating that “[t]hey are getting over 100 robocalls per day.”) (Marion County Complaint) (on file at EB- TCD-26-00040720); E-mail from FCC Operations Center, FCC Public Safety and Homeland Security Bureau, to FCC Enforcement Bureau (May 19, 2025 9:45 AM EDT) (complaint from White County 911 reporting “[e]xcessive amount of unwanted, scam, false, and spoofed phone calls received on our 911 lines, alarm lines, and admin lines.”) (White County Complaint) (on file at EB-TCD-26-00040720). 9 ITG Traceback Report. 10 Marion County Complaint; White County Complaint. 11 See ITG Traceback Report; see also Attachment A (showing that the terminating number {[ ]} was called from eight different numbers between April 21, 2025, and April 22, 2025). 12 See ITG Traceback Report, supra note 6. 13 Id. 14 Id. (traceback no. 28820, recording of robocall received on June 26, 2025). 2 minute to check what additional benefits [they] can qualify for.”15 Other robocalls told recipients that “Medicare has released many advanced benefits” such as food stamps and cash back “of up to 270 dollars” if they have Medicare parts A and B.16 Some calls contained the following message, with minor variations:17 Hello. . . Good Afternoon, my name is Lindsey. To ensure that the American citizens are getting what they deserve in this annual enrollment, Medicare has released many advanced benefits such as flex and food card and now you can also get cash back of up to 270 dollars. So, do you have Medicare parts A and B? The call campaign entices Medicare recipients to provide personal information so that they can obtain allegedly unclaimed Medicare benefits. Some voice messages tell call recipients that the caller is “with the Medicare department,”18 or the “Med Health center.”19 The calls sometimes prompt recipients to stay on the line while they get transferred,20 and once transferred, call recipients are asked for their personal information to verify their eligibility.21 One consumer reported being transferred to a call center that asked for their name, address, and Medicare number.22 Medicare benefit calls are a common scam campaign that target older adults to trick them into providing sensitive personal information such as their Medicare number.23 For the 22 Medicare-related robocalls that are identified in Attachment A, the Company identified a foreign-based customer for each call; all six customers are located in India.24 B. Callsto About Callsto. Callsto registered as a limited liability company in Wyoming in September 2022 but was administratively dissolved on November 9, 2025 for being delinquent in paying state taxes.25 According to its RMD certification, its primary address is in Cheyenne, Wyoming,26 although the Company’s filings with the State of Wyoming list its principal office as being in Denver, Colorado. State records show that the Company’s founder and president is based in Pakistan.27 Callsto routed most of the identified traffic directly downstream to apparently related companies. Callsto routed the calls identified in Attachment A to six downstream providers: INFINITYSIP LLC, The Telecom Solution, Conveytel, 15 Id. (traceback no. 22538, recording of robocall received on Jan. 27, 2025). 16 Id. (traceback nos. 33987-89, recordings of robocalls received on Nov. 5, 2025). 17 Id. (traceback no. 33989, recording of robocall received on Nov. 5, 2025). 18 Id. (traceback no. 33599, recording of robocall received on Oct. 24, 2025). 19 Id. (traceback no. 31008, recording of robocall received on Aug. 13, 2025). 20 FCC Complaint #7110279 (June 21, 2024) (on file at EB-TCD-26-00040720). 21 FTC Complaint #197159212 (Jan. 30, 2026) (on file at EB-TCD-26-00040720). 22 Id. 23 National Council on Aging, 5 Warning Signs of a Medicare Scam and How to Protect Yourself (Feb. 24, 2025), https://www.ncoa.org/article/5-warning-signs-of-a-medicare-scam-and-how-to-protect-yourself/; Federal Commc’ns Comm’n, Older Americans and Medicare Call Scams, https://www.fcc.gov/older-americans-and-medicare-scams (last visited Apr. 7, 2026). 24 See ITG Traceback Report, supra note 6. 25 See Wyoming Sec’y of State Business Center, https://wyobiz.wyo.gov/business/FilingDetails.aspx?eFNum= 153121025178198028158168232196165056199175099201 (last visited Apr. 21, 2026). This is not the first time that this has happened: Callsto was administratively dissolved for non-payment of taxes on November 9, 2023 but was reinstated on July 14, 2025. The Company is only registered in Wyoming. 26 Callsto RMD Certification. 27 See Callsto, LLC, Articles of Organization, Wyoming Secretary of State (Sept. 2, 2022) (Callsto Wyoming Registration) (where the Company’s founder, Zeeshan Ahmed, listed an address in Pakistan). 3 LLC, Telcast Network, LLC, Voipedia, and Noxxservices LLC.28 The evidence suggests that Callsto may be related to five of the six downstream providers. First, Callsto and Noxxservices LLC have originated calls for the same Medicare-related calling campaign.29 Second, Callsto and five of the six downstream providers shared unique information from October 2025 to January 2026.30 In addition, these companies conducted some of their operations from Pakistan between November 2025 and January 2026.31 Given that Callsto and five of the six downstream providers shared unique information, the evidence suggests that the companies may be related. Exposing companies that collaborate with each other to facilitate illegal robocalls can alert industry to potential bad actors— including bad actor calling parties and originating providers that transmit their traffic.32 Prior Enforcement Actions. Before it originated the identified traffic, Callsto received an order from the Bureau identifying deficiencies in its RMD certification. On March 29, 2024, the Wireline Competition Bureau notified the Company that it had failed to submit an updated RMD certification and updated robocall mitigation plan by the February 26, 2024 deadline for providers to recertify in the RMD and provided a second deadline of April 29, 2024 to correct its deficiencies.33 On December 10, 2024, the Bureau issued a show cause order to 2,411 providers, including Callsto, for failure to cure the RMD deficiencies by the second deadline.34 Callsto attempted to cure its deficiencies approximately eight months after the release of the show cause order. In July 2025, Callsto revised its RMD certification and certified, under penalty of perjury, to having completed STIR/SHAKEN implementation and to taking reasonable steps to avoid originating, carrying or processing illegal robocall traffic. Callsto made additional revisions in August 2025, including uploading a robocall mitigation plan. Approximately five months after Callsto attempted to cure its RMD deficiencies, the Company originated the first of the apparently illegal robocalls identified in Attachment A.35 28 See ITG Subpoena Response, Traceback Report (Feb. 10, 2026) (on file at EB-TCD-26-00040720) (ITG Second Report); ITG Subpoena Response, Traceback Report (Feb. 10, 2026) (on file at EB-TCD-26-00040720). 29 Id. (showing that Callsto and Noxxservices LLC both originated calls for the calling campaign identified by the ITG as “Medicare-Calls-P3”). 30 See ITG Subpoena Response, First Report (Feb. 10, 2026) (on file at EB-TCD-26-00040720). 31 Id. (showing evidence that Callsto and the five downstream providers shared identifiable information and located in Pakistan during this period, and that Callsto, Conveytel, INFINITYSIP LLC, and Telcast Network LLC also were located in Pakistan during this same period). 32 See generally Letter from Patrick Webre, Chief, FCC Enforcement Bureau, to Christopher Anderson, Senior Manager, Aspireistic Inc. (June 11, 2026) (on file in EB-TCD-26-00040126) (where Aspireistic has transmitted apparently illegal robocall traffic immediately downstream to Callsto) (Aspireistic CDL). 33 See 2,411 Robocall Mitigation Database Filers, Order, 39 FCC Rcd 13318, 13320, para. 5 (EB 2024) (Show Cause Order). 34 Id. 35 ITG Traceback Report, supra note 6. The Bureau had not completed its evaluation as to whether Callsto had in fact cured its RMD deficiencies by the time the Company had originated the apparently illegal robocalls. 4 C. The Company Originated the Identified Traffic The ITG investigated the calls identified in Attachment A and determined that Callsto originated the apparently illegal robocalls.36 The ITG notified Callsto of these calls and provided the Company with supporting data identifying each call, explaining that the 10 identified calls to emergency telephone lines were “[p]rerecorded high-volume telemarketing calls causing harm to called parties, including hospitals and emergency lines by tying up phone lines and resources through the unwanted calls,”37 and that the 22 Medicare-related calls were “[p]rerecorded or AI calls to recipients regarding Medicare services, updates, benefits or options available”38 or “[p]rerecorded or AI unsolicited telemarketing calls, including to wireless numbers, with offers of additional benefits available to Medicare recipients.”39 The traceback requests relating to the 22 Medicare-related calls also specifically included “[e]vidence of lack of consent for prerecorded message – called party confirmation.”40 The traceback requests directed Callsto to investigate the suspected illegal traffic and “[i]f, in investigating the call, the end user originating the traffic claims that the traffic complies with applicable U.S. laws and regulations, provide the identity of the end user, a description of the traffic, and the basis of the claim that the traffic complies with U.S. laws and regulations.”41 Callsto’s traceback responses identified the end user customer responsible for each of the identified calls, thus acknowledging Callsto’s role as the originating provider for all of the calls. Callsto identified seven customers located in India as the sources of all the calls.42 Callsto informed the ITG that it had terminated all seven of those customers’ accounts and did not contest that those customers lacked consent for the identified calls.43 However, traceback records show that Callsto continued to originate traffic from three of the customers after it had claimed to have terminated them.44 36 Id. 37 Id. (e.g., traceback request no. 25888 sent to Callsto on Apr. 24, 2025). 38 Id. (e.g., traceback request no. 29991 sent to Callsto on July 24, 2025). This description was included in traceback requests relating to the “Medicare-Calls-P3” calling campaign. 39 Id. (e.g., traceback request no. 22538 sent to Callsto on Jan. 31, 2025). This description was included in traceback requests relating to the “Medicare-AddlBenefits-P7” calling campaign. 40 Id. (e.g., traceback request no. 22538 sent to Callsto on Jan. 31, 2025). 41 Id. 42 Id. 43 Id. (identifying the seven customers as AB Infotech Ltd, Trutel Infotech, HighSky Infotech, Harliv Global Solutions Pvt Ltd, Edgewise Insight Pvt Ltd, Rudrax Telecommunications, and RP Lead Solutions, all of which are based in India). 44 See id. In responding to traceback no. 25887, Callsto informed the ITG on April 24, 2025 that it had terminated the customer who had made a robocall to a Kentucky PSAP (Trutel Infotech), but subsequent tracebacks show that Callsto originated two robocalls to another PSAP for Trutel Infotech on May 17, 2025. See id. (traceback nos. 25887, 27156, and 27160). On July 3, 2025, Callsto informed the ITG that it had terminated HighSky Infotech, the customer who had made a Medicare-related robocall on June 26, 2025, but a later traceback shows that it originated a robocall for HighSky Infotech in that same calling campaign on July 21, 2025. See id. (traceback nos. 28820 and 29991). A similar pattern exists with regard to another customer, Rudrax Telecommunications. Callsto informed the ITG on August 15, 2025 that it had terminated Rudrax, but traceback records show that it originated three robocalls for Rudrax in a similar Medicare-related calling campaign on November 5, 2025. See id. (traceback nos. 31008, 33987, 33988, and 33989). 5 II. Apparent Violations A. Suspected Illegal Traffic It is unlawful to place calls to emergency telephone lines and to cellphones using artificial or prerecorded voice messages absent an emergency purpose or prior express consent.45 Here, 10 of the identified calls in Attachment A used artificial or prerecorded voice messages and were placed to emergency telephone lines without the consent of the PSAPs.46 ITG tracebacks identified Callsto as the originating provider for the calls.47 Additionally, the ITG identified the calls as “high-volume telemarketing calls causing harm to called parties, including hospitals and emergency lines.”48 Therefore, the robocalls were made without an emergency purpose and there was no prior express consent because the PSAPs did not consent to receive telemarketing robocalls. The remaining 22 calls identified in Attachment A used artificial or prerecord voice messages related to Medicare and were placed to cell phones without the prior express consent of the called parties.49 ITG tracebacks identified Callsto as the originating provider for each of the calls.50 Additionally, the record shows that the calls were placed without prior express consent. First, all of the calls were placed to wireless numbers that are not assigned to any end user customer.51 Accordingly, there was no end user customer to provide consent for calls to these numbers. Second, the Company terminated all its customers’ services upon receiving the traceback requests and did not contest that the customer lacked consent for the identified calls.52 Third, the content of the prerecorded voice messages makes clear that the calls were not made for emergency purposes.53 Accordingly, we find that the identified calls in Attachment A were apparently illegal.54 B. RMD Certification Deficiencies Voice service providers and intermediate providers, including gateway providers, are required to fully implement the STIR/SHAKEN authentication framework in their Internet protocol networks unless they are subject to an extension or exemption under the Commission’s rules.55 In addition, every provider must certify in the RMD as to whether it (i) has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it originates are compliant with section 64.6301 or 64.6302, as applicable, (ii) has implemented the STIR/SHAKEN authentication framework on a portion of its network and all calls it originates on that portion of its network are compliant with section 64.6301(a) and (b), or 64.6302, as applicable, or (iii) has not implemented the STIR/SHAKEN authentication framework on any portion of its network.56 If the voice service provider certifies to less than full STIR/SHAKEN implementation, it must identify the type of extension(s) received under section 45 47 U.S.C. § 227(b)(1)(A); 47 CFR § 64.1200(a)(1). 46 ITG Traceback Report, supra note 6 47 Id. (where Callsto identified itself as the originating provider for all calls identified in Attachment A). 48 Id. (traceback request no. 25888 sent to Callsto on Apr. 24, 2025). 49 Id. 50 Id. (where Callsto identified itself as the originating provider for all calls identified in Attachment A). 51 See id.; e-mail from Jessica Thompson, Senior Director, Policy & ITG Operations, USTelecom, to Genesis Monserrate, Attorney Advisor, Telecommunications Consumers Division, FCC Enforcement Bureau (Mar. 4, 2026, 7:54 PM EDT) (showing that the calls reached honeypot numbers). 52 Id. 53 See 47 CFR § 64.1200(a)(1). 54 47 U.S.C. § 227(b)(1)(A); 47 CFR § 64.1200(a)(1). 55 47 CFR §§ 64.6301(a), 64.6302(a)-(d). 56 See id. § 64.6305(d)(1)(i)-(iii), (e)(1)(i)-(iii), (f)(1)(i)-(iii). 6 64.6304 and the basis for the extension(s), or explain why it is unable to implement STIR/SHAKEN due to a lack of control over the network infrastructure necessary to implement STIR/SHAKEN.57 A provider must include in its RMD certification a description of the specific reasonable steps the provider has taken to avoid originating, carrying, or processing illegal robocall traffic as part of its robocall mitigation program, including a description of how it complies with its obligations to know its customers and upstream providers pursuant to sections 64.1200(n)(4) and (n)(5), and the analytics system(s) it uses to identify and block illegal traffic, including whether it uses any third-party analytics vendor(s) and the name(s) of such vendor(s).58 In addition, a provider must state whether, at any time in the prior two years, the filing entity (and/or any entity for which the filing entity shares common ownership, management, directors, or control) has been the subject of a formal Commission, law enforcement, or regulatory agency action or investigation with accompanying findings of actual or suspected wrongdoing due to the filing entity transmitting, encouraging, assisting, or otherwise facilitating illegal robocalls or spoofing, or a deficient RMD certification or mitigation program description; and, if so, provide a description of any such action or investigation, including all law enforcement or regulatory agencies involved, the date that any action or investigation was commenced, the current status of the action or investigation, a summary of the findings of wrongdoing made in connection with the action or investigation, and whether any final determinations have been issued.59 Callsto certified in the RMD that it is a voice service provider and a gateway provider, that “it has fully implemented the STIR/SHAKEN authentication framework across its entire network and all calls it originates are compliant with 47 CFR § 64.6301,” and that “all calls it carries or processes” are compliant with 47 CFR § 64.6302.60 However, the Company indicates in its mitigation plan that there are portions of its network that are non-IP, and that it has not implemented STIR/SHAKEN across those non-IP portions.61 The Company did not identify or claim an applicable extension of the STIR/SHAKEN implementation obligation in its RMD filing for the non-IP portions of its network. In addition, Callsto’s mitigation plan fails to describe any procedures in place to know its upstream providers.62 Finally, the Company indicates in its mitigation plan that it uses an “industry-standard call analytics and robocall scoring tools to assess traffic risk in real time,” but the Company does not identify whether it uses any third-party analytics vendor(s) for the assessment63 or the name(s) of such vendor(s) if it does.64 Callsto also failed to disclose in its RMD filing that it had been named in the Bureau’s Show Cause Order and to provide the required description of that agency action, which included findings of a deficient RMD certification. III. Potential Consequences As a result of originating apparently illegal robocalls, the Company potentially faces permissive blocking under section 64.1200(k)(4)65 of the Commission’s rules, mandatory blocking under section 57 See id. §§ 64.6305(d)(2)(i), (e)(2)(i), (f)(2)(i); 64.6304. 58 Id. § 64.6305(d)(2)(ii), (e)(2)(ii), (f)(2)(ii). 59 Id. § 64.6305(d)(2)(iv), (e)(2)(iv), (f)(2)(iv). 60 Callsto RMD Certification. 61 Id., Attach. at 1 (where the Company’s mitigation plan states that “Callsto LLC has not yet fully implemented STIR/SHAKEN due to existing non-IP portions of our voice network”). 62 See id., Attach. at 1-2. 63 Id., Attach. at 2. 64 47 CFR § 64.6305(d)(2)(ii), (e)(2)(ii). 65 47 CFR § 64.1200(k)(4). 7 64.1200(n)66 of the Commission’s rules, and removal from the RMD for violations of section 64.630567 of the Commission’s rules. A. The Company Faces Permissive Blocking Under Section 64.1200(k)(4) Under the safe harbor set forth in section 64.1200(k)(4) of the Commission’s rules, any downstream provider may (without any liability under the Communications Act of 1934, as amended, or the Commission’s rules) block all traffic from an upstream originating or intermediate provider that, when notified by the Commission, fails to either (a) effectively mitigate illegal traffic within 48 hours or (b) implement effective measures to prevent new and renewing customers from using its network to originate illegal calls.68 Prior to initiating blocking, the downstream provider shall provide the Commission with notice and a brief summary of the basis for its determination that the originating or intermediate provider meets one or more of these two conditions for blocking.69 This letter provides notice, pursuant to section 64.1200(k)(4), that Callsto should effectively mitigate illegal traffic within 48 hours and implement effective measures to prevent new and renewing customers from using its network to originate illegal calls within 14 days of this letter in order to avoid having its traffic blocked by downstream providers.70 The Company should inform the Commission and the ITG, within 48 hours of the electronic delivery date of this letter, of the specific steps it has taken to mitigate illegal traffic on its network.71 B. The Company Faces Mandatory Blocking Under Section 64.1200(n)(2) and (n)(3) The Commission may order all providers that are immediately downstream to block all traffic from an upstream provider that does not comply with the obligations identified in section 64.1200(n)(2) of the Commission’s rules.72 This letter serves as a Notification of Suspected Illegal Traffic (Notice) under section 64.1200(n)(2) of the Commission’s rules.73 The Company must take the following actions in response to this Notice: 1. Promptly investigate the traffic identified in Attachment A for which the Company served as the originating provider;74 2. If the Company’s investigation determines that the Company served as the originating or gateway provider for the identified traffic, block or cease accepting all of the identified traffic within 14 days of the date of this Notice and continue to block or cease accepting the identified traffic, as well as substantially similar traffic, on an ongoing basis (unless the Company determines that the identified traffic is not illegal);75 66 Id. § 64.1200(n). 67 Id. § 64.6305(g). 68 Id. § 64.1200(k)(4). 69 Id. 70 See id.; see also id. § 64.1200(n)(2)(i)(A) (requiring a minimum of 14 days to comply with the notice). 71 See Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-59, Third Report and Order, Order on Reconsideration, and Fourth Further Notice of Proposed Rulemaking, 35 FCC Rcd 7614, 7630, para. 42 (2020). 72 47 CFR § 64.1200(n)(3). 73 Id. § 64.1200(n)(2). 74 Id. § 64.1200(n)(2)(i)(A). 75 Id. § 64.1200(n)(2)(i)(A)-(B). 8 3. Report the results of the Company’s investigation to the Bureau within 14 days of the date of this Notice.76 Depending on the outcome of the investigation, the report must contain certain details as described below:77 1. If the Company determines it is the originating or gateway provider for the identified traffic and does not conclude the traffic is legal, the report must include: (i) a certification that the Company is blocking the identified traffic and will continue to do so, and (ii) a description of the Company’s plan to identify and block or cease accepting substantially similar traffic on an ongoing basis;78 2. If the Company determines that the identified traffic is not illegal, the report must provide: (i) an explanation as to why the Company reasonably concluded that the identified traffic is not illegal, and (ii) what steps it took to reach that conclusion;79 and 3. If the Company determines that it did not serve as the originating or gateway provider for any of the identified traffic, the report must: (i) provide an explanation as to how the Company reached that conclusion, and (ii) if it is a non-gateway intermediate or terminating provider for the identified traffic, identify the upstream provider(s) from which the Company received the identified traffic and, if possible, take steps to mitigate the traffic.80 1. Initial Determination Order The Bureau may issue an initial determination order stating the Bureau’s initial determination that Callsto is not in compliance with section 64.1200 of the Commission’s rules if: (a) the Company fails to respond to this Notice; (b) the Company provides an insufficient response; (c) the Company continues to originate substantially similar traffic or allow substantially similar traffic onto the U.S. network after the 14-day period identified above; or (d) the Bureau determines the traffic is illegal despite the Company’s assertions to the contrary.81 If the Bureau issues an initial determination order, the Company will have an opportunity to respond.82 2. Final Determination Order The Bureau may issue a final determination order in EB Docket No. 22-174 concluding that the Company is not in compliance with section 64.1200 of the Commission’s rules and directing all downstream providers both to block and cease accepting all traffic from Callsto beginning 30 days from the release of the final determination order if: (a) the Company does not provide an adequate response to the initial determination order within the timeframe specified in the initial determination order; or (b) the 76 Id. § 64.1200(n)(2)(i)(A). 77 Id. § 64.1200(n)(2)(i)(A). 78 See id. 79 Id. § 64.1200(n)(2)(i)(B). 80 Id. 81 Id. § 64.1200(n)(2)(ii). 82 Id. 9 Company continues to originate or allow substantially similar traffic onto the U.S. network.83 A final determination order may be issued up to one year after the release date of the initial determination order.84 C. The Company Faces Removal from the RMD and Mandatory Blocking Pursuant to Violations of Section 64.6305(g) The Bureau may remove a provider’s deficient certification from the RMD for violations of section 64.6305 pursuant to the following three-step procedure: (1) the Bureau contacts the provider, notifying it that its filing is deficient, explaining the nature of the deficiency, and providing 14 days for the provider to cure the deficiency; (2) if the provider fails to rectify the deficiency, the Bureau releases an order concluding that a provider’s filing is deficient based on the available evidence and directing the provider to explain, within 14 days, why the Bureau should not remove the company’s certification from the RMD and giving the provider a further opportunity to cure the deficiencies in its filing; and (3) if the provider fails to rectify the deficiency or provide a sufficient explanation why its filing is not deficient within that 14-day period, the Bureau releases an order removing the provider from the RMD.85 This letter serves as notification to Callsto of deficiencies in its RMD certification and the action that Callsto must take to cure the deficiencies. As detailed above, the Company has the following deficiencies: (1) the Company certified that it has fully implemented STIR/SHAKEN across its entire network, but its robocall mitigation plan indicates that it has not implemented STIR/SHAKEN on a portion of its network; (2) the Company fails to describe in its robocall mitigation plan how it complies with its obligation to know its upstream providers pursuant to section 64.1200(n)(5); (3) the Company fails to describe in its robocall mitigation plan whether it uses any third-party analytics vendor(s), and if so, the name(s) of those vendor(s); and (4) the Company failed to disclose that it had been the subject of a prior agency action or investigation related to a deficient RMD certification, and to provide the required description of such action or investigation.86 To cure these deficiencies, we direct Callsto to, within 14 days, (a) correct the discrepancy between the Company’s RMD certification and statements in its Robocall Mitigation Program Description regarding the level of STIR/SHAKEN implementation across its network, and update its certification and mitigation plan accordingly; (b) update its mitigation plan with a description of the measures the Company has in place to know its upstream providers; (c) identify whether the Company uses any third-party analytics vendor(s) and the name(s) of such vendor(s); and (d) disclose that the Company was the subject of the Bureau’s Show Cause Order and provide the required description of that formal agency action as it relates to the Company.87 83 Id. § 64.1200(n)(2)(iii), (3); Advanced Methods to Target and Eliminate Unlawful Robocalls, Call Authentication Trust Anchor, CG Docket No. 17-59, WC Docket No. 17-97, Seventh Report and Order in CG Docket 17-59 and WC Docket 17-97, Eighth Further Notice of Proposed Rulemaking in CG Docket 17-59, and Third Notice of Inquiry in CG Docket 17-59, 38 FCC Rcd 5404, 5417-18, para. 37 (2023). 84 47 CFR § 64.1200(n)(2)(iii). 85 See Call Authentication Trust Anchor, WC Docket No. 17-97, Sixth Report and Order and Further Notice of Proposed Rulemaking, 38 FCC Rcd 2573, 2604, para. 60 (2023). 86 See Callsto RMD Certification. 87 We note that, in addition to the requirements described above, RMD filers are also required to identify all principals, affiliates, subsidiaries, and parent companies of the filing entity, see Sixth Caller ID Authentication Report and Order, 38 FCC Rcd at 2597, para. 46. As explained in the Aspireistic Letter, Callsto appears to be related to Aspireistic Inc. and possibly other entities suspected of routing apparently illegal traffic. See Aspireistic CDL. Accordingly, if Callsto shares common ownership, management, or control with Aspireistic or any other entity, Callsto must disclose Aspireistic and any other related entity as a principal, affiliate, subsidiary, or parent company, as applicable, in its RMD filing. 10 ***** Finally, Callsto certified in its RMD filing, under penalty of perjury, that it would cooperate with the FCC in investigating and stopping any illegal robocallers that use its service to originate, carry, or process illegal robocalls.88 Failure to respond to this letter may be used as evidence that the Company’s certification is also deficient with respect to its commitment to cooperate with the Commission. If the Company’s certification is removed from the RMD for any reason, all intermediate providers and terminating voice service providers must cease accepting traffic directly from the Company.89 Please direct any inquiries regarding this letter to Genesis Monserrate, Attorney Advisor, Telecommunications Consumers Division, Enforcement Bureau, FCC, at Genesis.Monserrate@fcc.gov and cc to Daniel Stepanicich, Division Chief, Telecommunications Consumers Division, Enforcement Bureau, FCC, at Daniel.Stepanicich@fcc.gov. A copy of this letter has been sent to the ITG. Sincerely, Patrick Webre Chief Enforcement Bureau Federal Communications Commission 88 See Callsto RMD Certification; 47 CFR § 64.6305(d)(2)(iii), (e)(2)(iii). 89 See 47 CFR § 64.6305(g). 11