TCPA Regulatory Update — Busy End of 2020, Early 2021 as FCC Continues Traced Act Implementation & Takes Other Actions on Robocalls and Spoofing
Busy End of 2020 and Early 2021 as FCC Continues to Combat Robocalls with Traced Act Implementation
Ending 2020, the Federal Communications Commission (“FCC” or “Commission”) raced to implement several of the Congressionally imposed TRACED Act (“Act”) deadlines to combat illegal robocalls.
First, on December 29, the FCC adopted a Report and Order implementing Section 8 of the Act, which directs the Commission to ensure that any statutorily permitted exemption of calls from the prior express consent requirement of the Telephone Consumer Protection Act (“TCPA”) meets certain criteria and codifies certain other exemptions that comply with Section 8. Notably, the FCC chose not to alter the exemption that permitted wireless companies to text their own subscribers without prior express consent. The FCC also reviewed, among others, exemptions on non-telemarketing robocalls made to residential phones from non-commercial, commercial, and tax-exempt nonprofit organizations. It amended its rules to limit the number of exempted calls to three calls to any residential phone from any caller within any consecutive 30-day period, and required an opt-out mechanism.
The same day, the FCC also adopted a Fourth Report and Order implementing Section 10 of the Act. The Fourth Report and Order imposed a number of new obligations on voice service providers, requiring them to, among other things:
- Respond to traceback requests from the FCC, civil and criminal law enforcement, and the USTelecom-led private traceback consortium, generally in less than 24 hours.
- Take steps to mitigate illegal traffic when notified by the FCC’s Enforcement Bureau. This can include ending customer relationships, limiting access to high-volume origination services, or any other steps that have the effect of stopping and preventing similarly illegal traffic.
- Implement measures to prevent new and renewing customers from originating illegal calls on a provider’s network. The FCC does not prescribe any specific steps for meeting this obligation other than the requirement that providers “know their customers” and exercise due diligence in ensuring that their services are not used to originate illegal traffic.
This Fourth Report and Order also expanded the safe harbor to permit network-based blocking without the need to offer customer opt-in or opt-out. To be eligible for the new safe harbor, the blocking must be based on reasonable analytics, make use of caller ID authentication information, target calls highly likely to be illegal, and be managed with human oversight. The Order also imposed on voice service providers additional requirements designed to redress improperly blocked calls, such as immediately notifying callers when their calls are blocked, providing subscribers a list of blocked calls intended for the subscriber’s number, and requiring providers to give calling parties status updates on blocking disputes within 24 hours.
The FCC also published a Public Notice announcing January 13, 2021 as the effective date for the rules adopted in its late-November One-Ring Scam Report and Order, which implemented Section 12 of the Act. We summarized the rules proposed in the one-ring scam proceeding in our May 2020 TCPA Digest.
On January 14, 2021, the FCC released its Second Further Notice of Proposed Rulemaking, which seeks comment on rule changes that would give the FCC a greater, albeit limited, role in Service Provider Code (“SPC”) token revocation decisions by the STIR/SHAKEN Governance Authority. The FCC’s action is important because the FCC previously adopted rules requiring voice service providers to implement the STIR/SHAKEN caller ID authentication framework on their networks by June 30, 2021. To learn more about those rules, read our March TCPA Digest. A key element of this framework is the inclusion of a digital certificate with each phone call that enables providers to verify that the caller ID information attached to the call matches the originating caller’s phone number. Since providers must apply for an SPC token from the STIR/SHAKEN Governance Authority before they receive the required digital certificate, the FCC believes that due process demands the agency have some oversight role in revocation decisions, since SPC revocation would have the effect of forcing a service provider out of compliance with FCC rules. Thus, the FNPRM proposes to add the procedural safeguard of allowing the Wireline Competition Bureau, or in cases of novel factual, legal or policy questions, the full Commission, to review revocation decisions on appeal from providers who have had their SPC tokens revoked by the Governance Authority. Additional rule changes would establish and govern the FCC review process. These proposals include, among others, the requirement to exhaust all Governance Authority review processes before appealing to the FCC; a 60-day deadline for providers to appeal adverse decisions, and the requirement that review requests include the basis of the appeal, a full statement of material facts, and the legal or policy questions the provider is submitting for review.
Comments and replies on these proposals will be due 30 and 60 days after publication in the Federal Register, respectively.
Finally, the FCC released several reports to Congress to meet end of the year TRACED Act obligations. On December 23, the Enforcement Bureau, Consumer and Governmental Affairs Bureau, and Wireline Competition Bureau released a Report to Congress on Robocalls and the Transmission of Misleading and Inaccurate Caller ID Information pursuant to Sections 3, 11, and 13 of the TRACED Act. And, on December 29, 2020, pursuant to Section 4 of the TRACED Act, the Wireline Competition Bureau released a Report to Congress on Caller ID Authentication Implementation Progress.
The FCC Takes Other Actions on Robocalls and Spoofing
In December, we reported on the adoption of the Commission’s Order on Reconsideration in response to the FCC’s 2016 Broadnet Declaratory Ruling. Broadnet Teleservices, LLC filed a Petition for Reconsideration on January 13 asking the Commission to reconsider its decision not to grant local governments the same TCPA protection as it granted the federal and state governments in its December 2020 Order. The Commission has not yet released a Public Notice on the Petition.
Also in December, the Consumer and Governmental Affairs Bureau released a Declaratory Ruling and Order declaring that “soundboard technology” constitutes the use of an “artificial or prerecorded voice” under the TCPA. While the Declaratory Ruling only discussed residential calls, the wording the Commission relied on for its ruling – “artificial or prerecorded voice” – is also the wording used to prohibit wireless calls. According to the Ruling, the fact that a human must select the audio or voice clips from the soundboard does not negate the fact that calls use prerecorded voice messages, and therefore, violate the TCPA. Accordingly, the Commission denied NorthStar and Yodel’s requests.
Last, the Commission’s Enforcement Bureau levied a $9.9 million dollar fine in a Forfeiture Order released on January 14, 2021. In its Order, the Commission found that an individual, Scott Rhodes, made nearly 5,000 illegal robocalls with the intent to harm using caller ID spoofing. The Commission also found that Rhodes, through the use of a technique known as “neighbor spoofing,” specifically targeted his messages to several communities across the U.S., including messages to residents of Brooklyn, Iowa that used racist and xenophobic language to refer to the arrest of an undocumented immigrant accused of murdering a local college student, as well as a message to residents of Charlottesville, Virginia that sought to influence a potential jury pool in a murder trial. The Commission will refer the matter to the U.S. Department of Justice for further action should the individual fail to pay the forfeiture. Although this is not the first FCC forfeiture order against an individual in the robocall or spoofing context, it highlights the Commission’s willingness to go after individuals – not just companies – when they commit particularly egregious violations of its anti-spoofing rules.