Comments on FCC proposed rules for gateway providers
Fifteen organizations have filed comments on FCC proposed rules to require gateway providers to implement SHAKEN and robocall mitigation. Here’s a recap of the comments filed.
The FCC requested comments in their Fifth Further Notice f Proposed Rulemaking in CG Docket No. 17-59 & Fourth Further Notice Of Proposed Rulemaking in WC Docket No. 17-97. In this article, we’ll refer to this document as the FNPRM.
Here’s a list of the commentors, with links to their comment summaries.
Recurring themes
FIfteen comments documents filed. 194 pages. Lots of interesting discussion. Here are some overarching themes we found:
- Gateway providers don’t know the call originator. Know your customer requirements can only apply to the next upstream provider.
- Several filers commented that the FNPRM would create two sets of rules. However, many providers fulfill different roles. They may not even know which role they’re fulfilling for any call. For these reasons, it would be better to have one simple, consistent, effective set of rules for all providers regardless of role.
- Many commented that gateway providers would have to sign unsigned calls with C-attestation. Most who mentioned this questioned the benefit. Is it worth it? Do we really need it for traceback?
- Several suggested that robocall mitigation should be required of all providers. SHAKEN only provides information about the authentication of caller ID. This is helpful when used with call analytics for robocall mitigation, but SHAKEN isn’t robocall mitigation.
- A few commenters urged the Commission to support non-IP call authentication, since ATIS has finalized standards for SHAKEN involving TDM networks.
- Most mentioned Out-of-Band SHAKEN, although there are two SHAKEN for TDM methods available (in addition to conversion to IP, when feasible).
- It should be noted that SHAKEN for TDM methods would only be used by providers that rely on TDM networks. All-IP providers would continue to use their SHAKEN system as is. They wouldn’t have to do anything to support SHAKEN for TDM, and they would never know that it had been used on calls they receive.
Comments
You can click each filer name to view their comments.
Comcast
- Strongly supports proposal to extend SHAKEN implementation requirements to gateway providers.
- No end-to-end caller ID authentication for non-IP callers has been deployed in the real world. The Commission should not require SHAKEN-compliant providers to accommodate alternative approaches such as out-of-band STIR.
- Supports a requirement for gateway providers to file in the Robocall Mitigation Database (RMD).
- Some gateway providers also transit domestic call traffic. Blocking all traffic from such a gateway provider could result in blocking lawful domestic traffic.
- Most gateway providers are multiple hops from the originating caller and have little visibility of their identity. Instead, gateway providers should be required to know the upstream providers from which they directly receive traffic.
CTIA
- The Commission should require all operators—including intermediate providers—to implement robocall mitigation programs.
- Foreign intermediate providers should be required to implement robocall mitigation and register in the RMD, but they should be allowed more time to do so before enforcing the foreign provider prohibition.
- Domestic intermediate providers should also be required to implement robocall mitigation and file in the RMD.
- The Commission should reach out to their counterparts in other countries to promote foreign provider participation in robocall mitigation.
- Gateway providers likely do not know the call originator of foreign calls with U.S. calling numbers.
- The Commission doesn’t need to prescribe special rules for gateway providers regarding traceback participation, call blocking, know your customer/interconnection partner, and so forth. The existing rules are sufficient.
i3forum
- Gateway providers often are several steps from the call originator and lack the information necessary to successfully mitigation foreign-originated robocalls. This gives them limited ability to meet certain proposed obligations.
- The Commission should consider alternative strategies, such as requiring gateway providers to impose an additional charge for receiving calls that meet parameters associated with illegal robocalls.
- Gateway providers in almost all situations could only provide a C-level attestation, which fails to provide any useful or meaningful assistance for blocking illegal robocalls.
- Gateway providers should not be required to do SHAKEN but should have the option to use SHAKEN when it has access to information that would enable it to provide an A or B attestation.
- There’s no reason to mandate call blocking for gateway providers when such blocking is voluntary in the rest of the industry.
- Gateway providers need 3 days to do traceback, not 24 hours. They should not be expected to provide information that is restricted from disclosure by foreign law.
iBASIS
- Gateway providers do not know who originated the call and may not have a direct relationship with the originating service provider.
- Most foreign originated calls with U.S. calling numbers are roaming wireless customers traveling abroad.
- Gateway providers would likely only be able to assign a C-level attestation, which is of limited use. Requiring gateway providers to sign unsigned calls would impose significant cost with little benefit.
- Gateway providers should have the option to sign calls. They may want to do this in cases where they can comfortably give an A or B attestation, which could prove useful to analytics and called parties.
- Gateway providers are intermediate providers and are already subject to robocall mitigation obligations and authorized actions. Mandates should not be uniquely applied to gateway providers.
- It is not possible in many cases to reply to traceback requests in 24 hours. Gateway providers need 3 days.
- Gateway providers should register in the RMD.
iconectiv
- There’s no reason to arbitrarily limit the attestation level that gateway providers can use. They should follow industry standards.
- The FNPRM asks about Out-of-Band STIR without reference to Out-of-Band SHAKEN, the approved standard. There is a considerable amount of TDM interconnection used in cross-border calls. Support of Out-of-Band SHAKEN by gateway providers would enable authentication of this large volume of calls and not require SIP-based U.S. service providers to invest in additional call authentication for legacy technologies.
- Gateway providers usually have no direct relationship with call originators. This makes extremely challenging to confirm that a foreign originator is authorized to use a number. This issue is addressed with both domestic and international calls by using a combination of SHAKEN, appropriate trust policies, traceback processes, and call blocking rules.
INCOMPAS
- The Commission should apply call authentication and robocall mitigation obligations in a neutral and symmetric manner. Gateway providers should be brought to the same obligations as other intermediate providers.
- Gateway provider definition should be refined to include “U.S. based and receives traffic at a U.S. located point of presence.”
- Gateway providers should be required to sign unsigned calls using SHAKEN within 18 months.
- Gateway providers generally do not know call originators.
- The Commission should eliminate the foreign provider prohibition, given new requirements on gateway providers.
SipNav
- The FNPRM imposes significant obligations on gateway providers who have no involvement in the initiation of illegal robocalls.
- The Commission should consider a mechanism that leverages the media IP address of the servers that initiate scam calls. Use that to block spam calls.
Somos
- If the Commission requires gateway providers to block calls with calling numbers that are on Do Not Originate (DNO) lists, it should not limit the DNO list to a small list, such as the USTelecom list. Instead, a large DNO list. Somos provides such a list.
T-Mobile
- Imposing additional obligations on providers already engaged in preventing unwanted and illegal calls from reaching customers is unnecessary.
- The Commission should impose obligations on gateway providers that already apply to other carriers. The Commission can determine on a case-by-case basis whether additional carrier-specific measures are required for particular gateway providers.
- Even signing calls with C-level attestation would speed up traceback.
- The proposed rules would create two sets of regulations to be applied on a call-by-call basis. A single provider might be required to treat some calls one way and other calls a different way.
- Terminating providers are in the best position to make blocking decisions. A customer’s blocking decision should not be frustrated by blocking requirements imposed on upstream providers.
- Gateway providers often do not know the call originator. Know your customer requirements would be difficult.
- Providers who are not in the RMD should be required to file, but providers who have already filed should not be required to add more data.
Transaction Network Services
- TNS doesn’t take a position on mandating call blocking by gateway providers. However, if this mandate is made, then gateway providers should have safe harbor protection for blocking.
- The Commission should decline to provide further guidance on what constitutes “reasonable analytics” for identifying unlawful calls.
TransNexus
- The Commission should require gateway providers to implement non-IP call authentication and phase out the non-IP SHAKEN extension.
- The non-IP SHAKEN extension incentivizes the use of non-IP technology, delays SHAKEN adoption, and undermines efforts to foster widespread use of call authentication and robocall mitigation to combat illegal robocalls.
Twilio
- Gateway providers should be subject to the same obligations as other voice service providers and intermediate providers.
- All gateway providers should file in the RMD.
- Gateway providers should be required to know their customer, and their customer should be defined as the immediate upstream provider(s).
- Gateway providers should meet industry standards for tracebacks.
- The Commission should encourage IP interconnections.
- The Commission should encourage non-IP providers to implement SHAKEN in light of ATIS’s adoption of a standard for out-of-band PASSporT transmission involving TDM networks.
- The Commission should define “reasonable analytics” with more specificity.
USTelecom
- The Commission should require all providers to implement a robocall mitigation program, regardless of their role in the call path and whether they have implemented SHAKEN.
- The Commission should close the intermediate provider loophole, which allows a provider to accept traffic from an unregistered upstream provider that did not originate the call.
- The Commission should not require new filings from providers that have already submitted robocall mitigation program filings. Instead, all providers should be required to update their plans as necessary.
- RMD filings should include information about the role(s) that providers play (originating, intermediate) and whether they directly accept traffic from foreign providers.
- The FNPRM’s focus on gateway providers may create more confusion and loopholes. Instead, the Commission should use a straightforward consistent approach that applies to all providers.
- The Commission should rapidly enforce its regime. For example, it should not allow over-redacted robocall mitigation plans in the RMD.
- C-level attestations don’t help traceback very much.
- Call blocking mandates are unnecessary and may cause unintended consequences.
- There is no reason to require providers to block calls from numbers on a DNO list. Enough providers are already using DNO lists that calls with DNO calling numbers will likely get blocked.
YouMail
- The Commission must find a reasonable balance that will enable VSPs to use analytics and know your customer practices to increase the likelihood that unlawful robocalls can be separated from legitimate calls.
- The Commission should adopt safe harbor for blocking robocalls. Safe harbor should incorporate know your customer practices that occur after contracting and before service begins. Safe harbor should incorporate an index generated by robocall activity.
ZipDX
- Simple rules are best. Overly targeted, specific rules create loopholes, which bad actors exploit.
- Providers may not know which role they’re fulfilling for a call. Role-based rules are problematic.
- Many RMD filers claim a complete SHAKEN implementation yet have not been authorized to do SHAKEN.
- Robocalls are being signed with SHAKEN, even A-level attestation, which makes their calls appear authentic. Bad actors are gaming the system.
The ZipDX document addresses many of the questions raised by the FNPRM. We won’t try to list them all here—instead, we encourage you to browse their filing. The overall theme of keep-it-simple, make-it-effective runs throughout the document.
TransNexus solutions
We offer STIR/SHAKEN and robocall mitigation solutions in our ClearIP and NexOSS software platforms. We can make your STIR/SHAKEN deployment a smooth process.
We provide an STI-CPS, the TransNexus CPS, which is available to any SHAKEN-authorized service provider, free of charge, to use when they want to send or receive STI PASSporTs out of band.
Contact us today to learn more.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy