Rebekah Johnson: Welcome to Tuesday Talks, a live discussion series where we shed light and bring truth to emerging topics in the communications industry. I'm Rebekah Johnson, Founder and CEO of Numeracle, and I'll be co-hosting today's session with Mitch Roth, Founding Member of Roth Jackson and our subject matter expert for the Enterprise Communications Advocacy Coalition (ECAC) on FTC, FTC, state, and federal direct marketing legal matters. Welcome Mitch!
Mitch Roth: Thanks Rebekah, it’s great to be here. I appreciate the invitation to be here with you.
Rebekah Johnson: I’m also a part of the Enterprise Communications Advocacy Coalition, so I'm not sure what hat I'm wearing today, but I’ll probably jump back and forth.
I want to thank you for joining us on our last Tuesday Talks podcast episode in our Cross-Border Call Delivery Challenges Series in which we are now going to turn and look back at the U.S. and discuss the recent Further Notice of Proposed Rulemaking (FNPRM) from the FCC, which was published on October 26th.
Before we dive into the FNPRM, I want to highlight some exciting and interesting news. Last week, President Biden finally nominated Acting Chairwoman Jessica Rosenworcel as the Permanent Chair of the FCC. For those who aren't following, Chairwoman Rosenworcel’s term lapsed in 2020 so she must be confirmed to her new term by the Senate before the end of the year. I also want to note that President Biden also nominated Gigi Sohn, a distinguished fellow at the Georgetown Law Institute for Technology, Law & Policy to fill the other Democratic vacancy. If both Chairwoman Rosenworcel and Sohn are confirmed the Democrats will hold a 3-2 majority. Mitch, there's one last thing that I must highlight with regards to Rosenworcel and that is that President Biden has designated Rosenworcel as chair of the FCC, which makes her the first woman in history to serve in this capacity, and for that I'm very excited.
Mitch Roth: And very long overdue. Jessica Rosenworcel has had a very long and distinguished history with the Commission (FCC). She's not a stranger to the FCC and she has a very impressive track record of being very pro-consumer, and pro-free use of the internet. She was instrumental in pushing through the net neutrality laws and, obviously, she’s been a strong advocate for the control of robocalls and the elimination of the illegal robocalls.
Rebekah Johnson: Absolutely. On the topic of the elimination of illegal robocalls, let's get back to the topic of discussion today, which is FNPRM. In this particular proposed rulemaking, the FCC is seeking comments on a number of actions aimed at stopping illegal robocalls from entering the U.S. networks. There is now a focus on eliminating illegal robocalls that originate abroad, which is one of the most vexing challenges that the FCC faces in eliminating the scourge of robocalling because of the difficulties presented by foreign-based robocallers. Today we are going to discuss the rules proposed which place new obligations on the gateway providers that are the point of entry for foreign calls into the U.S.
The FCC is essentially requiring gateway providers to lend a hand in the fight against illegal robocalls originating abroad. Mitch, I think that it’s a little bit more than just lending a hand. Up until now, the focus for the FCC has been on the originating and terminating voice service providers in the U.S. so this FNPRM tales a shift and focuses on gateway providers.
Mitch Roth: Absolutely, Rebekah, you nailed it. The gateway providers weren’t getting much attention nor were any of the intermediate voice providers in the call flow. But the FCC, in one rulemaking, has pretty much promoted them to be their top enforcement mechanism when it comes to keeping illegal robocalls out of the United States. It’s probably worthwhile noting who they consider gateway providers to be.
They consider a gateway provider to be the first U.S.-based intermediate provider in the call path of a foreign originated call that transmits the call directly to either another intermediate voice provider or to a terminating voice service provider in the U.S. It’s like you said, it’s that first connection into the U.S., that first party that’s going to receive that call and then transmit that call, ultimately, to its final destination in the U.S.
Rebekah Johnson: One interesting point with regards to defining a gateway provider, the FCC is actually seeking comments on finally giving a definition. So if you find yourself in the position of a gateway provider, you might want to be a part of defining who you are and what you do.
For the sake of time in our podcast, although we may feel like 20-25 minutes is a long time, it goes by so fast. What I want to focus on are the things that, to me and from my viewpoint, are the most important not only from a gateway provider perspective but from enterprises. We know there are a lot of call centers, BPOs, and enterprises who leverage international call centers to deliver calls into the U.S.
Three key areas that I think are important that we’re going to cover are authentication, robocall mitigation, and mandatory blocking. That’s right, I said mandatory. What do you think?
Mitch Roth: It's scary. The FCC's proposing to have gateway providers have obligations to block calls. This is new territory for all intermediate service providers. Their obligation has really been to just take the call from point A and pass it on to point B and get out of the way and let the traffic go through. But for the first time, there are affirmative obligations for these gateway providers to perform robocall mitigation but also to actually block calls.
One of the big comment or issue areas of comment is, should that blocking take place before or after some type of reasonable investigation takes place? The fact that the FCC would even consider requiring gateway providers to block calls without any type of investigation is pretty groundbreaking.
Rebekah Johnson: The FCC has used the word, and I think it makes sense, is a permissive approach on call blocking. They are spelling it out that they’ll make it mandatory for the gateway providers to block calls. When you read the comments you can understand what the FCC is trying to achieve here.
Instead of leaving it on the terminating carrier, which is ultimately the closest you can get to the subscriber, they're looking at this as a huge win, not only for the subscriber but for our network infrastructure in the U.S., for the gateway provider to do the blocking. We know that the reasonable analytics that are used to identify what to block or not to block have issues and they’re not accurate, even within our little world that we look at. Making this mandatory, and it even goes to, what to me it's egregious, it goes to the level of not having to investigate. If it feels like it’s fraud or illegal then you should be doing the blocking.
There is something you brought up when we were discussing this earlier, about what they would do if, in fact, they find out that it's not an illegal call that they did put blocking on.
Mitch Roth: Then the obligation is, basically, to hurry up and quickly turn this around as quickly as you can. Because then the obligation comes onto the gateway providers to unblock those calls and allow those calls to ultimately go through. All it's going to take is a letter from the Enforcement Bureau, which is going to trigger these requirements. It remains to be seen what level of confidence causes those letters to go out in the first place.
Suffice it to say, if you got a letter from an Enforcement Bureau and you’re a gateway provider you're at the very least going to have to be under an obligation to conduct an investigation into those calls. If not, actually block them before you conduct an investigation. The latter is certainly a very scary proposition.
Rebekah Johnson: Speaking of responding to those letters of investigation, here we go again, the requirements are more restrictive on the gateway providers and with traceback requests, they have to respond within 24 hours. Whereas with terminating providers, it's whatever is a likely reasonable time.
Mitch Roth: If a gateway provider does not follow all these obligations then they are subject to be called a bad actor. And if they are labeled as a bad actor, then the FCC is threatening to require all downstream carriers to block all traffic from that bad actor/gateway provider, which would include both the international calls and the domestic calls. It really is very problematic for the gateway providers if they don’t follow those rules.
Rebekah Johnson: On the robocall mitigation, on our Tuesday Talks we’ve covered the Robocall Mitigation Plans and Database, and that was put in place because the FCC cannot regulate foreign providers but they are able to impose rules on U.S.-based carriers. A creative way was to tell terminating voice service providers here in the U.S. that you cannot accept traffic from a provider who is not registered within the Robocall Mitigation Database. You make an identification of those who have implemented STIR/SHAKEN fully, partially, or if neither of those two things have been done they can have a mitigation plan or program that includes a KYC solution and has some analytics because they haven’t implemented STIR/SHAKEN yet.
There's only one word that we change between voice service providers and gateway providers and it’s “or to and.” Within this proposed rulemaking, the FCC caller ID authentication rules require the voice service providers to implement STIR/SHAKEN or if they are subject to an extension to implement an appropriate robocall mitigation plan.
But here, they're saying we propose requiring gateway providers to apply both of these protections. We just take what the FCC has done with our voice service providers, and everything is getting cranked up one more notch.
Mitch Roth: That's exactly right, you hit the nail right on the head. We went from a regulatory environment where there was no or little regulation on these gateway providers to holding them to a much higher standard than what we are holding the voice service providers to. Under this proposed rulemaking you’re right, they’re going to have to both implement STIR/SHAKEN and assign authentication to their calls, and engage in a robocall mitigation program that would take or develop steps that would reasonably expect to significantly reduce robocalls on their network.
Rebekah Johnson: Whenever you read it, there is a tone that is taken with these proposed rules and there's an element of frustration or desperation. It’s because we’ve put in all these deadlines, the carriers have implemented STIR/SHAKEN, a lot of them have and we can see the numbers when we're tracking the Robocall Mitigation Database and those who are registering, we're implementing Know Your Customer, we have attestation levels, we have reasonable analytics, but the illegal robocalls are still making their way in. We really haven't done much of a dent in stopping that.
When I read this proposed rulemaking, I think with the gateway providers it’s the last straw. That is pushing the requirements all the way out as far as the FCC can reach before they hop over into another land and have no authority in. We're almost getting to that point. I was thinking as a mom as I'm reading this, I know when I ask child one, because I have two kids, child one, “Go clean your room. Can you please clean your room?” I’m being pretty nice and I’m giving them some time. If I come back and it hasn’t been done, I have to say it a bit more aggressively, “Alright you have to clean your room or else you’re not going out Friday night.” If they still haven’t done anything, I have to up the ante and say what’s going to happen if they don’t clean their room. Unfortunately, child number two walks in late and then I'm straight-up full-blown screaming, “Clean your room!” Poor child number two doesn’t know what’s going on, they just showed up to this gig.
I feel like that is sort of what’s going on with the FCC: they’ve just lost it, it’s the last straw, so they're going to crank up the rules on the gateway providers. The poor gateway providers are going, “Wait a minute, what? When did we just show up to this party and why is it our responsibility? I just thought I had to sign calls with a C-Level attestation and that was it.”
Mitch Roth: Yes but don't count the FCC out, they may jump over the other borders and try to enforce laws in foreign lands. But they’re getting as close as they possibly can and they’re also entering into the stream of commerce. One of the comments they want to have and are seeking is requiring certain contractual provisions that gateway providers have with their clients and comments on the likelihood and how reasonable it is for gateway providers to basically interview and get KYCs directly from the call initiator.
Rebekah, as you know in this world, the gateway provider could be five or six hops away from the call initiator. But again, I think desperation is a very reasonable word to use and I think that accurately summarizes where the Commission is. This is the Fifth Notice of Proposed Rulemaking so there’s been four others just under this issue. STIR/SHAKEN has been put into effect and it’s been planned for several years and the problem of illegal robocalls has not waned at all. So yes, I’m sure there is a sense of desperation over at the FCC.
Rebekah Johnson: I know we’ve mentioned C-Level Attestation and you mentioned Know Your Customer, and between those we’ve discovered a relationship depending on what you know about the customer and their authorization for use of numbers. Those two elements come together and allow a service provider to assign an A or a B. Right here in the U.S., we know it's either going to be A or B, nobody's really paid attention to C-Level because we haven't been dealing with gateway providers.
But now, gateway providers are going to be looking to add in the Know Your Customer and contractual requirements which puts them in that space of having to think about having to assign an A or a B to an unauthenticated call and then having to authenticate it. Sometimes I think we’re missing the point of STIR/SHAKEN and what we’re trying to do here versus stopping illegal robocalls. Because STIR/SHAKEN doesn’t stop anything, it’s a framework for identification. We can apply identification where we can but pressuring the gateway providers to have to implement the panacea version of STIR/SHAKEN, I think, is asking way too much. There was another comment asking if this was costly, and the answer is yes. I think this is going to be far more costly for the gateway providers than it was for the service providers.
Mitch Roth: I think it’s going to result in a lot more calls being labeled as Spam or Scam Likely. At the end of the day, the gateway providers are still going to authenticate with a C, probably, basically meaning that they know where they received the call but that really comment on the authentication of it. They’re just going to just pass that through and the terminating voice service companies are going to very possibly just sign them as C and it’ll result in more and more calls being labeled as Scam Likely or Spam, but it could have that effect even on the legal calls.
They spend a lot of their time talking about illegal robocalls, but you and I have many conversations about the fact that in certain ways illegal calls, illegal robocalls, and legal robocalls look and present themselves in exactly the same way. There's a significant risk of throwing the baby out with the bathwater and instead of really having a surgical approach to locating, finding, and labeling the illegal calls, it’s going to wind up labeling more of the calls and more of the legal calls as Scam and Spam Likely, which is just going to result in the brand's being unable to reach their customers.
Rebekah Johnson: This brings us right back to why you’re here, Mitch. From the enterprise perspective, which is why we set up this Coalition which includes Stuart Discount who’s also been a guest on Tuesday Talks. These rules, even though their focused on the gateway providers, they have a direct impact on enterprises and how enterprises leverage the communication infrastructure, whether it’s voice or text or whatever it may be.
When we put these types of requirements where there's mandatory blocking, that scares me. Especially at a point where there is the least amount of information typically known about the call. It's really important to have a voice and have a say in what the FCC is proposing and the types of rules. I will say, every time I've met with any of the Commission's offices they are very welcoming to the feedback and input from the industry as a whole.
I really hope gateway providers are responding to this Notice for Proposed Rulemaking, especially from the enterprises. As the chair of the ECAC, one of the things we're doing is we’re absolutely watching this and I think our best approach is to look at the comments that have been filed. I'm hoping to see gateway providers filing comments and I'm also expecting to hear from voice service providers as well.
Then taking in that information to see who is aware and supportive of the enterprises and how the rules will impact them. Everybody's doing business because legal people are leveraging this network to deliver communications. We're all involved and we're all impacted, not just the gateway providers. I know you have some thoughts too, Mitch, on the role that ECAC plays with this and also you have some messages for the gateway providers as well.
Mitch Roth: I think the gateway providers need to and should be all over this. They need to participate and they need to make their concerns known to the FCC. The burdens that are being placed on the gateway providers as spelled out in the Notice of Proposed Rulemaking are significant. We’ve said before, several times before, that they are game-changing, forget about the monetary costs. It’s the effort that’s going to be required for them to implement these requirements and the prospect of having to block calls or have your calls downstream would have a devastating effect on gateway providers.
Now is the time to tell the Commission and make your voice heard. The comment period is open. I believe you have the deadlines in front of you, Rebekah.
Rebekah Johnson: It’s like an early Christmas gift. What more do I want to do than file comments the day after Thanksgiving. November 26th is the deadline for the first round of comments. I can't think of a better way to spend Christmas than to file reply comments on December 27th. That is your Christmas gift and holiday gift from the FCC. And that’s not the first time they’ve done that.
Mitch Roth: I think it was last year they had a comment that was right around New Years, if I remember correctly.
Rebekah Johnson: It was! I still made the deadline because I’ve got a really exciting life.
So, Molly, I think we have some questions that we need some time to answer.
Mitch Roth: Rebekah, while Molly queues that up, to further your point on ECAC, I know you and I have talked about the fact that ECAC will be exploring the comments that it would file. I've been asked by several clients to discuss potentially filing comments on their behalf as well. At least in my practice, it's getting a lot of attention and in some of the practices of my partners here at the law firm it’s getting a lot of attention island we expect to play a big part in the comment period.
Rebekah Johnson: On that note, if anyone would like to know how to become a member or how to participate in the ECAC, and if you do become a member you have to be active, that’s the whole point here, you can email me at email@example.com or visit the ECAC website.
Molly Weis: I’m going to start with the first question that we have: Is this proposed rulemaking focus on providers from any particular geographic region or country?
Rebekah Johnson: I can take this question first. What’s really being focused on is numbers that meet the NANPA (North American Numbering Plan Administrator) format. If there is a call coming from France and it's in their format, this isn't targeting those types of phone calls. It's the ones that are being, what I will call “spoofed,” that are presenting as a U.S. number, then these rules will be applied to that.
It's not so much a particular country although, the FCC has an enforcement section which you should probably read where they cover FTC and FCC enforcement to justify why they're doing what they're doing. They do call out a few countries within that group but it isn't country-specific it's just any call coming in through the gateway provider that isn't NANPA format, which is why this is a concern for legal enterprises.
Mitch Roth: Right. It’s certainly very reasonable for a brand that has a call center, let’s say in India for example, to initiate a call in to the United States using a U.S.-based numbering format as the caller ID signal, especially assuming that brand is going to be answering the call that comes back on that number. It certainly isn’t far-fetched, the thought that an international robocall, which would be legal, of course, which is initiated by a brand or on behalf of a brand, would have a caller ID signal which conforms with an American Numbering Plan.
Rebekah Johnson: If only there was a way for enterprises to be able to attest to their number and their identity and have a gateway provider attach a delegated certificate. I don't know, maybe call me crazy, but I think there might be a way for us to be able to do this. That, by the way, I'm expecting to get more progress on in 2022, but that definitely is a path that we can help gateway providers on.
Molly Weis: Our second one is: What's your top recommendation for gateway providers in terms of proactive activities to do their part in stopping illegal robocalls while staying out of the FCC's spotlight?
Rebekah Johnson: Mitch is the expert on that one.
Mitch Roth: I think each gateway provider has to figure out what works for them. If the gateway provider is also the initiating carrier, that gets them one step closer to the company that's going to be initiating to call. THe FCC talks about Know Your Customer requirements and extending Know Your Customer requirements on gateway providers. At the end of the day, I think it all comes down to having as good of an idea about the traffic that you're carrying as possible and being as close to the end user, as you as you possibly can, who will allow you to have an idea of what that traffic is.
I know it's easier said than done, it's easy for me to say that in my ivory tower without having to be involved on the business side. When you're six or seven hops away from the end-user or from the initiating party, it’s just going to make it real hard to know what that traffic is, certainly beforehand. After the fact, there are steps that gateway providers can take to monitor their calls and monitor the traffic and use switches, for example, that are going to block the calls that are transmitting unassigned numbers or transmitting cell phone numbers. There's no reason for those numbers to be DIDs or CID numbers on those calls.
Gateway providers can leverage technology downstream in their switching services to block those calls. Even if they are going to receive bad traffic on one end, then, hopefully, that traffic won’t be dispersed into the telecommunications network through the switching platform.
Rebekah Johnson: That is very well said. I was basically just going to say “Have good business practices. That would be a good start. Know who you are doing business with.” And I do think it’s good, from a contractual perspective, I like to approach business from a contract and I appreciate contractual terms because it sets a real clear understanding of what's expected of each party. I do think that's a good practice and have that regardless of the FCC coming down on you. At Numeracle we have strong contractual terms to protect us and our abilities to kick you off if you're not following the rules that we’ve set forth.
Molly Weis: Last question: Do you think calls are actually going to start being blocked?
Rebekah Johnson: I’m going to answer this one because I’m constantly talking about how the calls will not be blocked or are not going to be blocked. This proposed rulemaking changes that perspective because it includes mandatory blocking. My fear is of the intelligence that is leveraged to make the decision for blocking. So, yes, I do believe we will see blocking. Will there be a mechanism for remediation? I don't know. What are the data points that will be used to determine what will be blocked? I don't know.
This one actually causes concern for me with regards to blocking. It's not even blocking on STIR/SHAKEN data. Think about it. These calls are coming in unauthenticated so it's not like the terminating carriers where we’ve had the discussions on call blocking if it’s an A or B or C? No there's nothing. These are unauthenticated calls and the gateway provider has to pick it up and add some authentication to it. But before they do that, they should make a decision of whether or not to block it. I think this is unrealistic to ask for this but if they do implement that then yes, blocking is a very real concern.
With that last question, Mitch, I want to thank you for being a part of today's Tuesday Talk. This has been a really important conversation and I hope everyone has gotten the message that you need to have a voice and you need to respond to this Notice for Proposed Rulemaking.
We'd like to thank everyone for joining us for another episode of Tuesday Talks. Our next episode on Tuesday, November 16th, will be our final episode of our first season before Tuesday Talks goes on a little winter break. In this last episode of this year I'll be back with Anis to discuss emerging communication channels which includes messaging, RCS, 10DLC, and more. We hope to see you there!