Pallone-Thune TRACED Act text released
Committees in the House and Senate have released the text of the Pallone-Thune TRACED Act, proposed legislation to combat unwanted robocalls with tougher penalties and a mandate for call authentication in both VoIP and non-VoIP networks. Let’s take a look.
Six legislative leaders announced an agreement in principle on November 15, 2019 to merge elements of the TRACED Act, the Senate version and the Stopping Bad Robocalls Act, the House version.
The text for the merged legislation was released on November 26, 2019, and there’s a lot to take in. Here’s a summary overview of the entire legislation, followed by a few details about the STIR/SHAKEN and robocall provisions.
The Pallone-Thune TRACED Act is comprised of fifteen sections, as follows:
- Provides a short title, the “Pallone-Thune TRACED Act”;
- Defines “Commission” as the Federal Communications Commission;
- Updates forfeiture penalties and extends the statute of limitations to four years in the Communications Act of 1934;
- Mandates call authentication using STIR/SHAKEN in IP networks and reasonable measures in non-IP networks within 18 months after enactment if service providers haven’t voluntarily implemented call authentication within 12 months of enactment;
- Establishes an interagency working group to study prosecution of violations;
- Instructs the FCC to determine how policies regarding access to number resources could be modified so voice service providers know the identity of customers;
- Instructs the FCC to establish rulemaking to help protect subscribers from receiving unwanted calls or text messages from a caller using an unauthenticated number;
- Amend the Communications Act of 1934 to provide consumer protections for exemptions;
- Instructs the FCC to report on the status of the Reassigned Number Database;
- Amend the Communications Act of 1934 to instruct the FCC to report on robocall prevention rulemaking results for unwanted robocalls and text messages;
- Instructs the FCC to report to Congress on referrals made to the Attorney General for possible prosecution;
- Instructs the FCC to initiate a proceeding to protect consumers from one-ring scams;
- Instructs the FCC to issue an Annual Robocall Report;
- Instructs the FCC to establish an Hospital Robocall Protection Group to develop best practices for voice service providers and hospitals to protect themselves from disruptive robocalls;
- Separability clause stating that, if any provision of this Act is held invalid, the remainder shall not be affected.
The TRACED Act had specified STIR/SHAKEN by name, while the Stopping Bad Robocalls Act had referred to a generic call authentication framework. In this new version, STIR/SHAKEN is called out by name and mandated for call authentication in internet protocol networks.
Call authentication is mandated for non-internet protocol networks too. This is a new provision that had not appeared in previous legislation. It’s worth listing the exact language for this provision:
The Commission shall require a provider of voice service to take reasonable measures to implement an effective call authentication framework in the non-internet protocol networks of the provider of voice service.
How would this be done? The legislation does not say. Any “reasonable measure” would do.
We know of one technique that would work: Out-of-Band STIR is an extension of STIR/SHAKEN whereby the Identity token, i.e., the PASSporT, is sent from the originating authentication service to the terminating verification service across the internet, or “out-of-band,” rather than within the SIP signaling.
Out-of-Band STIR makes call authentication possible with calls that transit TDM networks. It also remedies problems found in some SIP networks that prevents STIR/SHAKEN from working, such as:
- Older SIP network equipment or software that strips the Identity token from the call
- SIP networks that use UDP technology, which is prone to packet fragmentation and packet loss, which can break STIR/SHAKEN and even cause calls to fail completely.
STIR/SHAKEN mandate timeline
The mandate timeline is a bit confusing, so let’s clear it up here. The legislation would instruct the FCC to make the following determinations within 12 months after enactment:
- That voice service providers have implemented STIR/SHAKEN in their internet protocol networks or will be capable of fully implementing STIR/SHAKEN within 18 months after enactment and have agreed voluntarily to participate with other providers of voice services in the STIR/SHAKEN authentication framework
- That voice service providers have taken reasonable measures to implement an effective call authentication framework or will be capable of fully implementing a effective call authentication framework in their non-internet protocall networks within 18 months after enactment.
If the FCC determines that these goals are on track to being met and will work effectively, then the legislation says that the Commission shall not require voice service providers to do these things.
If the FCC determines that these goals are either not on track or will not work effectively, then the legislation says that the Commission shall require voice service providers to meet these goals within 18 months after enactment.
So, no mandate if the requirements are met voluntarily within 12 months. If the requirements are not met voluntarily, then a mandate will be issued to be met within 18 months.
Either way, this is a mandate. It starts off as an implicit mandate, then becomes explicit if not met voluntarily.
The legislation instructs the FCC to take final agency action to ensure that the robocall blocking measures authorized in the FCC Declaratory Ruling issued on June 6, 2019 meet the following requirements:
- Are provided with transparency and effective redress options for both consumers and callers
- Are provided with no additional line item charge
- Make all reasonable efforts to avoid blocking emergency public safety calls.
This legislation is a long document, 44 pages, that’s tightly packed with lots of information and provisions. It’s worth a closer look.
TransNexus software solutions
We have STIR/SHAKEN and robocall prevention services available in our ClearIP and NexOSS software products. Over two dozen voice service providers are using these software products to perform STIR/SHAKEN services in their production networks today.
Contact us to learn how quickly and easily we can help you deploy STIR/SHAKEN and robocall prevention in your network.
This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.