A Look at Communications Industry New Year’s Resolutions: Reduce Illegal Robocalls

Earlier this year, we were asked to suggest 2021 resolutions for clients in the telecommunications, media, and technology industries. We developed several that should guide industry participants to improve their compliance and services to customers. Research suggests that February typically is the month when New Year’s resolutions fail, so we decided to take a look at our resolutions and offer some suggestions for making these stick.

To start, here is the first resolution we suggested for the industry:

Resolution for Voice Service Providers: Resolve to reduce illegal robocalls. Voice service providers long have supported the FCC’s ongoing efforts to target bad actors sending illegal and fraudulent robocalls, but in 2021, each carrier should resolve to do its part individually in the battle to stop illegal calls. All voice service providers must implement the STIR/SHAKEN call authentication framework by June 30, 2021 and should develop an effective robocall mitigation program to prevent their customers from originating illegal robocalls. These changes are necessary to stay on the right side of the anti-robocall battle. Each voice service provider should resolve to make reducing illegal robocalls a top priority.

Background: 2020 marked a turning point in the number of requirements that voice service providers have in the battle against illegal robocalls. These include:

STIR/SHAKEN is an industry-developed framework designed to allow communications service providers to distinguish legitimate calls from illegally spoofed calls so that they can take steps to mitigate the illegal calls. STIR/SHAKEN utilizes an encrypted authentication and verification process that establishes a chain of trust between the calling party and the called party. In March 2020, the FCC required “voice service providers” (including intermediate providers) to implement STIR/SHAKEN in the IP portions of their network by June 30, 2021, while in October creating with some exceptions, most notably for small carriers (fewer than 100,000 voice lines), who receive a two-year extension of the deadline.

On December 30, the FCC released an Order requiring voice service providers to meet certain affirmative obligations and to better police their networks against illegal calls. These requirements include an obligation to notify callers when calls are blocked, to provide customers upon request with a list of calls that were blocked, and to implement processes for addressing claims that calls were improperly blocked. Further, regardless of whether a provider blocks calls, every provider has certain obligations to “prevent and avoid” originating illegal robocalls, including an obligation to conduct due diligence on new and renewing customers.

On February 8, the FCC announced via Public Notice the compliance date for the remaining rule requiring service providers to report information to the Reassigned Numbers Database Administrator. Beginning April 15, 2021 and recurring on the 15th day of each month thereafter, service providers must report permanent disconnections of their subscribers.

  • Development and submission of Robocall Mitigation Plans

The FCC will soon require voice service providers that have not fully implemented STIR/SHAKEN in their networks to submit a Robocall Mitigation Plan detailing their efforts to prevent and avoid originating illegal robocalls. A provider must include three things in its robocall mitigation program:

    • the provider must take reasonable steps to avoid originating illegal robocall traffic (the FCC recommends the use of reasonable analytics);
    • the provider must commit to respond to requests from the Industry Traceback Group to trace suspect calls for mitigation efforts; and
    • the provider must cooperate in investigating and stopping any illegal robocallers (meaning that the provider must block calls or callers that are believed to be illegal).
By the end of the summer, most likely, voice service providers will be required to file their Robocall Mitigation Plans in an FCC database and certify that they are following the plan. One of several potential consequences of failing to file a Robocall Mitigation Plan is that downstream carriers will be prohibited from receiving traffic from providers that do not submit a plan, so this requirement has a pretty big stick associated with it.

Keeping the Resolution

So how can a voice service provider keep this resolution? We have several suggestions.

First, if it has not already begun the work, a provider should begin ASAP to implement STIR/SHAKEN in the IP portions of its network. For the time being, implementation requires a provider to have direct access to telephone numbers or else it cannot obtain an SPC token from the STIR/SHAKEN Governance Authority. (Sometime later in the year, merely filing a Robocall Mitigation Plan will be sufficient.) Those that have direct access to numbers should obtain their token authority and obtain a technological solution for implementing STIR/SHAKEN. Those that do not, including resellers, should work with their underlying carriers to determine how STIR/SHAKEN will be implemented and, most importantly, what attestation level will be assigned to the provider’s outbound calls.

Second, every provider should begin to develop its Robocall Mitigation Plan. These plans will be highly individualized, depending on the service provider’s customer base, technologies, and position in the call flow. Nevertheless, we expect the FCC to hold providers to their stated plans, so both an insufficient plan and an overly ambitious plan pose risks to the service provider. KDW is working with several providers already to develop their plans.

Third, service providers must develop compliance mechanisms to address the new anti-robocall obligations that have been implemented. These include processes for receiving and promptly responding to Industry Traceback Group requests, processes for responding to Enforcement Bureau notices of customers that are violating the robocall rules, and “know your customer” due diligence when provisioning or renewing service to a customer. Finally, compliance will also include reporting service reassignments to fuel the FCC’s new Reassigned Number Database. These are not the only requirements that will be adopted, so we recommend that a service provider implement a process for receiving compliance updates regularly as well.

2021 will be a big year for anti-robocall efforts. Voice service providers will want to keep this resolution in order to stay on the right side of the illegal robocall battle.

Follow the Communications group for ongoing coverage of TCPA/Robocall news, including:

  • Kelley Drye at the 2021 INCOMPAS Policy Summit On February 9, Partner Steve Augustino moderated a two-part Robocall Compliance panel at the 2021 INCOMPAS Summit. Watch both panels here.
  • Effectively Mitigating Illegal Robocalls: What Service Providers Need to Do On March 3, join Partner Steve Augustino for a Telestrategies webinar that will help service providers understand the STIR/SHAKEN framework, informing service providers of their new obligations, how to respond to investigation requests, and how to develop an effective robocall mitigation program.
  • TCPA Tracker The TCPA Tracker Newsletter is produced as a collaborative effort between Kelley Drye’s Litigation, Advertising/Privacy, and Communications practices to help you stay current on TCPA (and related) matters, including case developments, and provide an updated comprehensive summary of TCPA petitions pending before the FCC. Subscribe here.
  • Kelley Drye’s Full Spectrum Kelley Drye’s Full Spectrum podcast features smart, informative conversations about the latest issues in the technology, telecommunications, and media industries. Bringing together thought leaders in business, government, and enterprise, Full Spectrum offers an in-depth exploration of current legal, regulatory, and business issues. Our “Inside the TCPA” series offers a deeper focus on TCPA issues and petitions pending before the FCC.