FCC Adopts New Safe Harbor Rules for Blocking Robocalls
Continuing its efforts to prevent illegal and unwanted robocalls, the Federal Communications Commission (FCC) has adopted a Third Report and Order (Third R&O) further encouraging voice service providers to block illegal and unwanted calls before they reach consumers, primarily in the form of two safe harbors from liability for unintended or inadvertent blocking of lawful calls. The first protects providers that use a combination of caller ID authentication information and reasonable analytics to identify and block calls that the provider determines are illegal or unwanted, and the second protects providers that block call traffic from upstream voice service providers that fail to take actions to mitigate illegal calls.
The Third R&O in the FCC's docket entitled Advanced Methods to Target and Eliminate Unlawful Robocalls is another step in its implementation of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), adopted in late 2019 to bolster the Commission's ability to address unwanted robocalls by providing additional rulemaking and enforcement powers.
The Third R&O was accompanied by a Fourth Further Notice of Proposed Rulemaking (Fourth FNPRM) seeking comment on how the FCC can further assist providers in detecting and deterring unwanted robocalls. Among the issues on which the Fourth FNPRM seeks comment are whether to establish an affirmative obligation for providers to respond to traceback requests, mitigate bad traffic, and take affirmative measures to prevent customers from originating illegal calls, and whether failure to comply with any such obligations should be deemed "unjust and unreasonable" under Section 201(b) of the Communications Act. The Commission also proposes requiring terminating voice service providers that block calls to provide a list of blocked calls to their customers on demand and cost-free.
Background
As explained in our advisories and posts tracking the TRACED Act's implementation, in March 2020, the Commission began adopting and implementing certain robocall enforcement rules and mechanisms, including the establishment of a consortium dedicated to identifying and tracing illegal robocalls (the Traceback Consortium) and the adoption of a new rule requiring all originating and terminating voice service providers to implement the STIR/SHAKEN caller ID authentication framework in the IP portions of their networks by June 30, 2020.
Safe Harbor for Blocking Calls Based on Caller ID Information and Reasonable Analytics
The Third R&O implements the TRACED ACT's directives to promulgate rules adopting a safe harbor for voice service providers with respect to call blocking. The Commission first adopts a safe harbor for the unintended or inadvertent blocking of wanted calls where terminating voice service providers block calls based on reasonable analytics that include caller ID authentication information and where the consumer is given the opportunity to opt out. At this time the only caller ID authentication framework that the Commission has approved is STIR/SHAKEN, which is only available on IP networks. Consequently, terminating voice service providers with exclusively non-IP based networks will not be able to avail themselves of this safe harbor until additional caller ID authentication frameworks that work on non-IP based networks are approved.
Importantly, though, terminating providers who operate IP networks but who receive calls from upstream voice service providers with non-IP networks may still take advantage of the safe harbor provided that STIR/SHAKEN and reasonable analytics are used to verify those calls. The Commission deemed such an extension as necessary because "[l]imiting the safe harbor to authenticated calls [originating or traversing solely on IP networks] could encourage bad actors to ensure that their calls originate or transit on non-IP networks, undermining the value of the safe harbor."
To take advantage of the safe harbor, terminating providers must "incorporate caller ID authentication information into its analytics wherever possible," and use such information alongside "reasonable" analytics that help detect illegal calls. The Commission does not specify what analytics the provider must use or how a provider must apply those analytics in its blocking methodology. Provided the analytics are "non-discriminatory" and "competitively neutral," they may be based on any technological or descriptive information the provider deems reasonable, including but not limited to "large bursts of calls in a short time frame; low average call duration; a large volume of complaints related to a suspect line; and neighbor spoofing patters."
Safe Harbor for Blocking of "Bad Actor" Providers
The other new safe harbor permits terminating providers to block calls from a "bad-actor upstream voice service provider" that, after being notified by the Commission it is carrying bad traffic, fails to effectively mitigate such traffic or implement effective measures to prevent new and renewing customers from using its network to originate illegal calls. Unlike the first safe harbor, which operates call-by-call, this safe harbor is provider-based, permitting the terminating provider to block all traffic coming from an upstream provider after:
- (1) receiving a Commission notification that the upstream provider is carrying illegal traffic';
- (2) conducting its own investigation of the upstream provider; and
- (3) notifying the Commission and upstream provider that it intends to block all traffic coming from the upstream provider.
To the extent an upstream provider is notified by either the Commission or a terminating provider that its traffic includes suspected illegal traffic and it wishes to ensure its traffic is not blocked, the upstream provider must "effectively mitigate" the identified traffic by determining and cutting off the source and implementing "effective safeguards" to prevent the same and renewing customers from using the upstream provider's network to originate illegal calls. A terminating provider's showing that the upstream provider has failed to meet either of these qualifications is deemed a sufficient basis for the terminating provider to block all of the upstream provider's traffic.
Protections Against Erroneous Blocking
In addition to the requirements laid out above, the Commission notes that to take advantage of either safe harbor, any terminating provider that blocks calls must designate a single point of contact for callers and other voice service providers to report blocking errors at no charge. While providers may accept such reports via a web portal, chat bot, or other electronic means, they must maintain a single point of contact to retain safe harbor protection. Such providers must also investigate and resolve reports received within a "reasonable amount of time" and at no cost to the caller.
Additionally, providers are required to make all reasonable efforts to ensure that calls from Public Safety Answering Points (PSAPs) and government outbound emergency numbers are not blocked, "unless the voice service provider knows without a doubt that the calls are unlawful." Similarly, voice service providers should never block 911 calls unless the provider knows "without a doubt" that the call is unlawful and should let the 911 call centers determine how to handle the calls they receive.
Further Notice of Proposed Rulemaking
The Fourth FNPRM seeks comment on additional robocall deterrence and mitigation strategies, including whether to:
- (1) permit additional types of call blocking based in whole or part on caller ID authentication information;
- (2) require providers to respond to traceback requests, mitigate bad traffic, and take affirmative measures to prevent customers from originating illegal calls;
- (3) extend the caller-ID/reasonable-analytics safe harbor to cover other types of blocking based on caller ID authentication;
- (4) establish a process for a calling party adversely affected by caller ID authentication information (possibly including consumer complaints or suspect call patterns) to verify the authenticity of their calls; and
- (5) adopt additional steps to ensure voice service providers operating non-IP networks are not unreasonably blocked due to authentication issues.
The Commission also seeks comment on various blocked-call redress mechanisms, such as requiring voice service providers to provide to customers at no charge a list of individually blocked calls that were placed to their number, and/or to address and resolve blocked call disputes within a specified period of time.
Further, in response to several industry trade associations, the Commission seeks comment on a proposal to provide an additional safe harbor for network-based call blocking. Pursuant to this safe harbor, voice service providers would be permitted to block calls on behalf of their customers without those customers having to opt in or opt out of the program.
As with the first safe harbor adopted in the Commission's order, this safe harbor would be contingent on the voice service provider's use of caller ID authentication information and reasonable analytics to block calls that are highly likely to be illegal. Additionally, though, for providers to take advantage of this safe harbor, they would need to manage this call-blocking program with sufficient human oversight and network monitoring to ensure the blocking is working properly.
The Commission's new rules take effect 30 days after the Third R&O appears in the Federal Register, which has not yet occurred, and comments and replies on the Fourth FNPRM are due August 31 and September 29, respectively.