The Federal Communication Commission’s deadline to certify caller ID standards and register in a robocall mitigation database passed earlier this week, meaning phone companies now need to block calls from voice service providers that haven’t taken the steps.
Major U.S. carriers implemented the STIR/SHAKEN protocol under an earlier June deadline, while smaller providers (less than 100,000 subscribers) have an extended timeframe to put the technology in place. It applies to voice service providers with IP networks.
The Robocall Mitigation Database (RMD) is where providers file certifications to show they’ve implemented STIR/SHAKEN, or for some what efforts they’re making to ensure robocalls don’t originate on their networks.
The STIR/SHAKEN protocol and framework helps authenticate that a call is indeed coming from the number that shows up on caller ID – with interoperability among carriers so calls to and from a providers’ network are verified on both ends – before reaching consumers.
FCC Acting Chairwoman Jessica Rosenworcel cheered Tuesday’s deadline as an important step.
“The FCC is using every tool we can to combat malicious robocalls and spoofing – from substantial fines on bad actors to policy changes to technical innovations like STIR/SHAKEN,” said Rosenworcel in a statement earlier this week. “Today’s deadline establishes a very powerful tool for blocking unlawful robocalls. We will continue to do everything in our power to protect consumers against scammers who flood our homes and businesses with spoofed robocalls.”
If voice service providers haven’t filed in the database, intermediate and other providers are prohibited from directly accepting the non-compliant provider’s calls. In 2019 the FCC authorized telcos to automatically identify and block illegal robocalls and in 2020 voted to mandate STIR/SHAKEN.
As of Tuesday, just under 4,800 companies had filed in the RMD.
However, ahead of the deadline some in the industry raised concerns over a provision that also prohibits accepting traffic from foreign service providers that aren’t in the database. International providers may be handling legitimate calls but not be aware of or familiar with U.S. regulations or filing requirements.
AT&T is one company that had said despite “extraordinary efforts” to educate foreign service provider partners, as of June 23 only about 20% were registered in the RMD. But by this week it looks like that percentage has increased substantially.
The FCC held its open meeting Thursday where the agency moved forward on a proposal to include gateway providers in applying STIR/SHAKEN authentication to all foreign originated calls with U.S. numbers, certification with the robocall mitigation database, and proactive blocking of illegal robocalls.
In a statement released shortly after, AT&T EVP of Federal Regulatory Relations Joan Marsh said nearly all of AT&T’s international traffic is certified in the FCC database.
“Our commitment to protect our customers from unwanted and fraudulent robocalls spans not just nationwide, but globally as well, and we have worked hard to get 99% of our international traffic certified in the FCC’s robocall database,” Marsh said. “We commend the Commission on its efforts to establish additional steps that further prevents internationally originated robocalls from reaching U.S. consumers.”
In a letter (PDF) to the FCC last week, the Voice on Net (VON) Coalition, Cloud Communications Alliance, and Incompas didn’t take a stance on the now adopted Notice of Proposed Rulemaking (NPRM) but were happy about a provision in the draft notice that the FCC wouldn’t enforce the so-called foreign service provider prohibition on gateway providers while the proceeding was pending.
“Our organizations have sought reconsideration of this prohibition on foreign service provider traffic given our concerns that legitimate international originated calls may not be terminated in the United States by U.S. gateway or terminating service providers,” wrote the parties in the September 23 filing. “Despite the best efforts of domestic voice service providers to educate their overseas partners about the prohibition, many foreign service providers are not aware of the requirement to register in the RMD.”
According the the groups, the rules also don’t account for situations where foreign originating service providers hand off calls to intermediate providers that aren’t required to register in the RMD – “increasing the likelihood that legitimate calls may not be completed if the rule was to go into effect as written.”
The VON Coalition counts Google, Microsoft, RingCentral, and Twilio among members. The Cloud Communications Alliance says it has 150 members including Intrado, Vonage, YouMail, Cisco, Juniper, NEC, Ribbon.