The Federal Communications Commission (“FCC”) is proposing to amend its STIR/SHAKEN1 requirements to address the gaps created in the call path by networks using non-IP technology, which illegal robocallers continue to exploit. The FCC’s rules currently provide an exemption for any non-IP portion included in providers’ networks, but require providers to work toward developing an alternative caller ID authentication for non-IP networks. The FCC has raised concerns, however, about how the loss of STIR/SHAKEN information for calls that traverse non-IP networks undermines the value of the whole STIR/SHAKEN framework.

This FCC rulemaking will evaluate: (1) whether any of the current non-IP caller ID authentication frameworks meet the requirements of the TRACED Act and (2) whether providers that have not completed the transition to an IP network should be required to implement one or more of these frameworks in their non-IP networks by a date certain. The FCC seeks comment on the following:

(1) The FCC proposes to conclude that effective non-IP caller ID authentication frameworks have been developed and are reasonably available.

(2) The FCC proposes to conclude that certain non-IP caller ID authentication standards – specifically the In-Band Authentication (ATIS-1000095.v002), which can be found at https://access.atis.org/higherlogic/ws/public/download/67542, and the Out-of-Band Multiple STI-CPS Authentication (ATIS-1000096), which can be found at https://access.atis.org/higherlogic/ws/public/download/60535 – meet the TRACED Act’s requirements. The FCC seeks comment on whether the newest standard, the Out-of-Band Agreed STI-CPS Authentication (ATIS-1000105), which can be found at https://access.atis.org/higherlogic/ws/public/download/79509/ATIS-1000105.pdf, also satisfies the TRACED Act’s requirements.

(3) The FCC proposes to conclude that the frameworks using the In-Band Authentication and Out-of-Band Multiple STI-CPS Authentication standards are effective and satisfy the requirement for providers to take reasonable measures to implement effective non-IP caller ID authentication. The FCC seeks comment on whether the framework using the Out-of-Band Agreed STI-CPS Authentication standard is similarly effective under the TRACED Act.

(4) The FCC seeks comment on whether there are any other non-IP frameworks, including ratified standards or standards in development, that it should evaluate to determine if they meet the TRACED Act requirements.

(5) The FCC proposes to repeal the continuing extension from robocall mitigation obligations granted to providers that rely on non-IP technology and to mandate that voice service providers, gateway providers, and non-gateway providers that have not upgraded their networks to IP must implement one or more non-IP caller ID authentication frameworks in their non-IP networks by a date certain and that such providers must certify they have implemented a non-IP caller ID authentication framework in their non-IP networks.

(6) The FCC proposes a two-year timeline (from the effective date of any implementing rules adopted) for providers that continue to maintain non-IP infrastructure to either complete the IP transition of their networks or fully implement one or more of the available non-IP caller ID authentication frameworks in their non-IP networks.

Please contact Robin Tuttle at [email protected] or Dee Herman at [email protected] if you have questions related to the non-IP caller ID authentication rulemaking or would like to file comments in the proceeding.
___________________________________________________________

[1] Congress required the use of STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs), a caller ID authentication framework for IP networks pursuant to the 2019 Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (“TRACE”) Act.