So we’re still getting those annoying (and illegal) robocall spam phone calls. Where are these calls still coming from? Will they ever stop?
Well, despite the ongoing robocall mitigation efforts to stop and prevent illegal calls from transmitting across the voice network, the Industry Traceback Group has reported1 that in 2021, 65% of the voice service providers (VSPs) identified as “transmitting illegal robocalls that were either foreign-based or gateway providers,” meaning the robocall traffic you’re still getting could be originating from outside the United States.
“Robocall scams are an international problem. People all over the world can be victims of these bad faith campaigns to defraud and trick consumers. And we know that many of these calls cross international borders before entering domestic phone networks” — FCC Chairwoman Jessica Rosenworcal on signing the latest robocall cooperation agreement2 with the CRTC in Canada
With the first implementation waves of STIR/SHAKEN targeting larger domestic VSPs, the FCC now has its sights set on the intermediate, or gateway providers. They act as on-ramps for international voice traffic that could potentially be entry points for illegal voice traffic to enter the US voice network. But will these new efforts actually stop and prevent the illegal traffic that is being targeted or will this simply shift the traffic around?
FCC Action: New Rules for Gateway Providers
To clarify previous confusion, the FCC put out an official definition of what constitutes a Gateway Provider and therefore subject to the new rules approved last month:
A gateway provider is a US-based provider that receives a call directly from a foreign provider, whether it is an intermediate or an originating provider. Any US-based provider receiving a call with US North American Numbering Plan (NANP) calling from a foreign provider is subject to the new rules approved by the FCC.
The approved Report and Order4 will require gateway providers to take a much more active role in combatting foreign-originated robocalls by participating in the following:
Develop and file a certification and robocall mitigation plan in the Robocall Mitigation Database Gateway providers were originally automatically registered in the RMD as intermediate providers; new rules clarify that they must now register and certify separately as gateway providers
Implement the STIR/SHAKEN caller ID authentication framework to all unauthenticated foreign-originated SIP calls with US North American Numbering Plan (NANP) and follow ATIS standards
Respond to traceback requests within 24 hours and cooperate with other FCC enforcement requirements
Implement a new ‘Know Your Upstream Provider’ obligation to ensure that immediate upstream foreign providers are not pushing illegal voice traffic through gateway providers
Participate in mandatory call blocking requirements: (1) When notified by the FCC if they’re suspected of transmitting illegal traffic on their networks (2)As an ongoing requirement to block calls on Do Not Originate (DNO) Lists
Take responsibility for any illegal voice activity on their networks and comply with the practices of their certified robocall mitigation plans
Gateway providers who are found to be non-compliant with these new rules may be removed from the RMD and could be subject to mandatory call blocking which would render them unable to operate or pass traffic on their networks.
Initial Responses from Gateway Providers
On the surface, it seems that this is a positive step towards ending illegal robocalls, but what do gateway providers actually think about it? We spoke to several providers and the consensus seems to be that gateways feel wary of the new regulations and now have added amount of pressure after already following basic robocall mitigation practices anyway. In other words, they’ve been put in the hot seat and they may struggle to keep up with the demands being placed on them.
Gateway providers are now being seen in a negative light as the source of these ongoing illegal robocalls and are being pinned as the latest ‘culprit’ by the FCC. Most small carriers, including gateways, have already been doing everything they can to ensure they’re interacting with legitimate companies, including Know Your Customer practices, implementing analytics, reputation monitoring, and customer vetting in order to avoid bad traffic on their networks, but are voicing that the responsibility to vet has become so great that it almost seems an impossible financial task to live up to.
Regulations drafted with larger carriers in mind can potentially negatively impact smaller VoIP businesses with fewer resources and whose margins are already thin and are now being hindered from taking on new customers due to the scrutiny it takes to vet potential new customers. Gateway providers have not been given a safe harbor even when most already do what they can to remain compliant. The volume of traceback requests hasn’t declined and many feel they are being made an example of in order to prove that the FCC is successfully tackling the illegal robocall issue.
Future Regulatory Action
The FCC is seeking further public comment on a number of steps they seek to take in order to continue their efforts against illegal robocalls and growing robocall mitigation requirements. Some of these comments include questions on anti-robocall and spoofing efforts, expanding STIR/SHAKEN requirements for a broader range of providers such as intermediates with a 6-month implementation deadline, placing limits on the use of US NANP numbers for foreign-originated calls, expanding the FCC’s enforcement rules, and more.
“The FNPRM considers a broad range of proposed rules, including expanding the gateway provider rules to include all intermediate providers. Among other things, the proposed rules would require all intermediate providers to authenticate caller ID information using STIR/SHAKEN, and the FNPRM seeks comment on a six-month implementation deadline.” — Kevin Rupy, Partner at Wiley Law
Leadership & Advocacy
When the FCC first sought comments on how to address and handle gateway providers, the Enterprise Communications Advocacy Coalition filed comments6 that were footnoted in the rulings approved on May 19th4 with much of their feedback reflected in the final decisions. Rebekah Johnson, Founder and CEO of Numeracle, functions as the Chair of the ECAC and co-author of those reply comments. The Enterprise Communications Advocacy Coalition (“ECAC”) is a coalition of companies and organizations striving to ensure that lawful communications are not impeded by efforts to combat illegal robocalls. “
"The ECAC strongly supports the Commission’s efforts to extend the STIR/SHAKEN mandate and other obligations to mitigate illegal robocalls to gateway providers. But some of the proposals that require blocking and ‘know your customer’ procedures will be both burdensome and ineffective. Finally, C-level attestation has a place in the call signing and traceback process.”
Of concern to the ECAC and others in the industry is the issue of widespread call blocking, which could complicate industry-wide efforts to address improper call blocking of legal calls. With vague language on how gateway providers are to differentiate between legal and illegal calls, there is cause for concern that the improper call blocking and labeling issues we’ve been helping to tackle, will indeed continue.
This is an ever-shifting landscape and there is no magic silver bullet solution but as gateway providers begin registering and certifying in the Robocall Mitigation Database, and potentially start blocking traffic, we’ll be closely monitoring implementation status and call blocking news in our upcoming Implementation Report.