Robocalling Wars: Battling the Bad Guys Through Laws, Collaboration, Technology and Enforcement Robert W. McCausland V.P. Regulatory and Government Affairs December 3, 2018
See: https://www.ftc.gov/news-events/press-releases/2018/06/ftc-sues-stop-two-operations-responsible-making-billions-illegal 2
Problem Statement: Illicit robocalling is pervasive. • Over a billion illegal robocalls are placed annually.* • Do-Not-Call Lists are ineffective against illicit robocallers. • Whac-A- Mole™: Regulator, Law Enforcement, and Industry efforts are frustrated by nimble behaviors of the bad guys. • Widely-available low-cost technology and high-speed Internet access enable the bad guys to operate from both within and outside the U.S.A. * Source: https://www.ftc.gov/news-events/press-releases/2018/06/ftc-sues-stop-two-operations-responsible-making-billions-illegal 3
Congressional Testimony April 18, 2018 “…the technology is easy to obtain and can be used by anyone. Anyone can start a large autodial campaign from a home office.” Link: https://www.commerce.senate.gov/public/_cache/files/1d5345f4-392c-438c-9ddc-f6c3ad9929e0/72703224B3462DF05B4F1D061AF48FAC.senate-committee-testimony-adrian-abramovich-4-18-18-.pdf 4 4
Background: Not all robocalling and robotexting are illicit, illegal, or unwanted, complicating the battle: • School Notifications to Parents • Prescription Pick-Up Calls/Texts • Authorized Telemarketing or Debt Collection • Local Community Emergency Communications West provides and enables certain robocalling and texting services desired by the public. 5
Background (cont’d): Not all Caller-ID spoofing is illicit, illegal, or unwanted, further complicating the battle: • Battered Women’s Shelters • Business Service Centers Using One Outbound Caller-ID Number for Callback Purposes • Authorized Law Enforcement Investigations 6
Background (cont’d): Fraudulent calls and texts come in different forms, and result from different motivations: • Telephone Number Spoofing and Robocalling (e.g., Rachel at Card Services) • Neighbor Spoofing • Access Stimulation Schemes • Telephony Denial of Service (“TDoS”) Attacks 7
Background (cont’d): “The underlying enabler for TDoS attacks is the ability to use automation to cheaply and easily generate hundreds or thousands of simultaneous calls.” See DHS Science and Technology Directorate, “Telephony Denial of Service,” https://www.dhs.gov/sites/default/files/publications/508_FactSheet_DDoSD_TDoS%20One%20Pager- Final_June%202016_0.pdf 8
Background (cont’d): “Reasons for TDoS attacks range from extortion to disruptive pranks. These attacks pose significant risks to banks, schools, hospitals and even government agencies.” See “Partnering to Prevent TDoS Attacks,” (Jul. 9, 2018), https://www.dhs.gov/science-and- technology/blog/2018/07/09/partnering-prevent-tdos-attacks 9
Switched Access Primer – Bell System Monopoly to Now • 1968: Carterfone Decision • 1969: FCC Grants Licensing to • 1974: MCI Filed Antitrust Suit Against AT&T • 1978: Advent of Exchange Network Facilities for Interstate Access (“ENFIA”) • 1980: Jury Ruled for MCI • 1982: Judge Harold Greene Oversaw Case Resulting in AT&T Consent Decree, Later Amended into Modified Final Judgment (“MFJ”) • January 1, 1984: AT&T Divestiture • ≈June 13, 1984: First Switched Access Tariffs Took Effect (replacing ENFIA) • February 8, 1996: Telecommunications Act of 1996 Enabled Local Competition Nationally • Today: Switched access revenues still fund LEC network deployments/operations, but networks require management to prevent arbitrage (“access stimulation” or “traffic pumping”) and zero-rating would enable other types of fraud. 10
Examples of Relevant Laws, Rules, and Actions • State PUCs: - Rules - Complaint Submissions (e.g., Texas No-Call) - More • State Attorneys General* • FTC*: - Telemarketing Sales Rule - Possibly-Expanded Future Role * See, for example, https://www.texasattorneygeneral.gov/consumer-protection/phone-mail-and-fax-scams , 11 https://www.consumer.ftc.gov/features/feature-0025-robocalls and “Other Useful Notes and Resources” below.
Examples of Relevant Laws, Rules, and Actions (Cont’d) • FCC: - Do-Not-Call Regulations - Robocalling Strike Force - North American Numbering Council (“NANC”) Call Authentication Trust Anchor (“CATA”) Working Group - STIR and SHAKEN See “Other Useful Notes and Resources” below. 12
Examples of Relevant Laws, Rules, and Actions (Cont’d) “Combatting robocalls is our top consumer protection priority….” - FCC Chairman Pai* FCC December 12, 2018 Open Meeting Agenda* Includes: - Reassigned Numbers Database (primarily TCPA- oriented; different from Unassigned Number Database) - Text Messaging Classification * See https://docs.fcc.gov/public/attachments/DOC-355188A1.pdf , https://www.fcc.gov/news-events/events/2018/12/december-2018-open- 13 commission-meeting , and “Other Useful Notes and Resources” below.
Examples of Relevant Laws, Rules, and Actions (Cont’d) • U.S. Congress: - Telephone Consumer Protection Act of 1991 (“TCPA” - December 20, 1991) - Do-Not-Call Implementation Act (March 11, 2003) - Truth in Caller-ID Act of 2009 (December 22, 2010) - Federal Wire Fraud Statute - Senate Commerce FTC Oversight Hearings* - Most-Recent: Proposed Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (“TRACED Act”) * See https://www.commerce.senate.gov/public/index.cfm/2018/11/oversight-of-the-federal-trade-commission and “Other Useful Notes and 14 Resources” below.
Examples of Relevant Laws, Rules, and Actions (Cont’d) Proposed TRACED Act, S. 3655 Purpose: To amend the Communications Act in order to deter criminal robocall violations and improve enforcement. As currently drafted, the TRACED Act would: • increase per-call fines, • extend statute of limitations to three years, • mandate SHAKEN or similar mechanism (applicable to both legacy and VoIP providers), • establish a conditional safe harbor for providers, • permit verification of call authenticity, • permit certain obligations and restrictions associated with number assignments, • p ermit rules to empower subscribers to restrict “unwanted” calls or texts, as well as calls or texts from unauthenticated numbers, • align various federal agencies to prosecute illegal robocallers & report to Congress, and • take other steps to combat illegal and unwanted calls/texts. See “Other Useful Notes and Resources” below. 15
Examples of Actions and Efforts in Other Countries • Canada: Canadian Radio-television and Telecommunications Commission (“CRTC”) Actions Include STIR/SHAKEN Mandate by March 2019 - Traceback Definition Component - Industry Progress Reports - SIP (IP) Mandate; Viewed as N/A to Time Division Multiplexing (“TDM”) Network Components and Interconnection • United Kingdom : Ofcom “Guidance on the provision of Calling Line Identification facilities and other related services” (“Guidance on CLI Facilities” – published July 30, 2018) See “Other Useful Notes and Resources” below. 16
Slowly-Reducing Tension Between U.S. Rules and Remedies • Call Blocking Traditionally Allowed “Only Under Rare and Limited Circumstances” : FCC Declaratory Ruling and Order Released June 28, 2007 ( https://docs.fcc.gov/public/attachments/DA-07-2863A1.pdf ) • FCC Affirmed Consumers’ Rights to Control Received Calls and Assured Providers That They Face No Legal Barriers to Allowing Consumer Use of Robocall-Blocking Technology: FCC Declaratory Ruling and Order Released July 10, 2015 ( https://docs.fcc.gov/public/attachments/DOC-333993A1.pdf and https://docs.fcc.gov/public/attachments/FCC-15-72A1.pdf ) • Carrier Blocking Subsequently Deemed Permissive for Legitimate Subscriber Inbound-Call-Blocking Requests and for Certain Do-Not- Originate (“DNO”) Requests: FCC Robocall Blocking Order and FNPRM Released November 17, 2017 ( https://docs.fcc.gov/public/attachments/FCC-17-151A1.pdf ) 17
Examples of U.S. Industry’s Investigative Evolution • Customer Proprietary Network Information (“CPNI”) Privacy Concerns Inhibited Industry Collaboration for Fraud-Call Investigations • FCC Provided Guidance on the Limited CPNI Exception of 47 U.S. Code Section 222(d)(2) • Robocalling Strike Force • USTelecom Created the Industry Traceback (“ITB”) Group* • Structured Collaboration is Producing Results * See the separate note and link in the “Other Useful Notes and Resources” below. 18
U.S. Industry’s Investigative Evolution (cont’d) Section 222(d)(2) CPNI Exception for Fraud Investigations Among Carriers: (d) Exceptions. Nothing in this section prohibits a telecommunications carrier from using, disclosing, or permitting access to customer proprietary network information obtained from its customers, either directly or indirectly through its agents — [. . . .] (2) to protect the rights or property of the carrier , or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services [.] 19
STIR (Secure Telephony Identity Revisited) SHAKEN (Signature-based Handling of Asserted information using toKENs) These are the frameworks created to identify illegally-spoofed Caller-IDs and to help prevent the completion of illicit robocalls. 20
Recommend
More recommend