Pending robocall rules raise concern
There has been a flurry of last-minute filings on proposed rules for gateway providers to implement SHAKEN and robocall mitigation. We’ve summarized the discussion for you.
Recurring themes
- Large carriers say the cost and effort to implement SHAKEN in their gateways would be considerable, yet C-level attestations are not useful. The cost/benefit doesn’t make sense.
- Several commenters mentioned a report from the CATA Working Group on international SHAKEN due in June 2022. As foreign originating service providers begin signing calls, there will be fewer unsigned calls entering the U.S. and less need for gateway providers to sign unsigned calls.
- Several parties asked for clarification of “gateway provider” out of concern that clever robocallers will find ways to game the system.
- There were some surprising requests related to DNO blocking:
- A few filers asked that the ITG DNO list be considered reasonable and sufficient to satisfy the DNO blocking requirement. They are concerned that some equipment cannot handle many DNO numbers.
- Others said that they’re already doing DNO blocking across their domestic network. Do they have to do it at their gateways too?
There are several other interesting points raised. We encourage you to scan the highlights below. We’ve provided links to the complete filings in the filer name or filing dates.
AT&T Services, Inc.
- AT&T supports many provisions in the draft sixth report and order but is concerned with requiring gateway providers to sign unsigned international calls at the gateway.
- AT&T estimates its costs would exceed $10 million and would take more than two years to be able to sign unsigned international calls.
- They would sign calls at the gateway with C attestation, which provides little value.
- The work necessary to sign unsigned calls at the gateway would prove unnecessary as foreign originating service providers begin signing their calls. Gateway providers would then simply relay authentication information.
- The NANC CATA working group is developing a report on international adoption of STIR/SHAKEN. This report is due June 15, 2022. It would be premature for the Commission to act on gateway provider signing requirements while this report is imminent.
Cloud Communications Alliance
- Requested clarification of “substantially similar traffic.” Does that mean traffic from the same upstream provider that triggered the notification? If not, this requirement would mandate comprehensive analytics-based blocking.
- Commission should adopt a safe harbor for blocking substantially similar traffic.
- Requested that the robocall mitigation filing deadline should be the same as the SHAKEN implementation deadline so gateway providers must refile just once.
CTIA
- Requested safe harbor for inadvertent errors in call blocking. CTIA feels this is necessary because of the new requirement to block calls with calling numbers on reasonable DNO lists.
- 24-hour traceback response requirement should be business hours, not weekends and holidays.
- Gateway providers should be allowed to block calls to 911 in case of a denial-of-service attack.
INCOMPAS
INCOMPAS urges the Commission to:
- Clarify definition of gateway provider as the first intermediate provider that receives foreign traffic at its U.S.-based facilities before transmitting the call directly to another intermediate or terminating provider in the U.S.
- Apply existing requirements to gateway providers.
- Seek additional comment on conversational/dialer traffic proposals.
- Preserve providers’ flexible use decisions and consider additional safe harbor protection.
INCOMPAS, VON Coalition, USTelecom
Several aspects of the draft order should be clarified:
- DNO blocking requirement. Some equipment and switches have limits on the total amount of numbers that can be blocked based on a DNO. The party that manages the DNO list should be allowed to impose reasonable requirements on including numbers on the DNO list, e.g., requiring the number is currently being spoofed at substantial volume.
- Providers that use DNO list in other portions of their network, even if not the gateway, should be considered compliant with the DNO requirement.
- Occasional illegal robocalls should not inherently make a provider’s robocall mitigation practice considered ineffective.
- 24-hour traceback response requirement should be business hours, not weekends and holidays.
- Gateway providers should be allowed to block calls to 911 in case of a denial-of-service attack.
Lumen
- Gateway providers should have flexibility to determine where to perform DNO blocking in their network.
- DNO capacity is limited. DNO lists should focus on active, large-scale campaigns.
- Gateway providers should not be required to authenticate unauthenticated traffic.
NCTA – The Internet and Television Association
- The Commission should find that the Industry Traceback Group’s DNO list is sufficient to satisfy the DNO list blocking requirement.
- The 24-hour traceback response requirement should pertain to business hours to account for weekends and holidays.
Transaction Network Services
- Gateway provider definition should clarify that “U.S.-based facilities” will include SIP calls handed off to an IP address of a U.S.-based carrier and will include foreign hubs if the gateway provider or its affiliates receives the call at that location. This will close a loophole in the current definition.
- The Commission should postpone the requirement for gateway providers to sign unsigned calls pending additional information, including the CATA working group report.
- C level attestations provide little benefit. Requiring gateway providers to sign unsigned calls would impose significant cost.
- TNS has observed signed calls with attestation levels inconsistent with the standards, e.g., A attestations on calls with calling numbers that were malformed, invalid, or on a DNO list. If this were repeated among gateway providers, the result could be an influx of illegal robocalls with A attestation.
USTelecom - The Broadband Association
- USTelecom members say it would take tens of millions of dollars and years to sign unsigned calls at gateways. The benefits would be minimal.
- It is questionable whether the Commission has the authority to require gateway providers to sign unsigned calls since C-level attestations are untethered to the call authentication goal.
- The Commission should wait for the CATA working group report on international SHAKEN.
- If the Commission continues with this requirement, it should target only those providers most responsible for illegal robocalls: non-facilities-based providers and others identified by the Enforcement Bureau.
Verizon
- Gateway providers should not be required to sign unsigned calls.
- Existing traceback processes are efficient and effective.
- There would be greater benefit in requiring all providers to automate traceback than signing unsigned calls at gateways. It would be less expensive for the entire industry to automate traceback than the cost for Verizon or another single large gateway provider to implement the C attestation mandate.
- Traceback identifies all providers along the call path. C attestations would not.
- The Commission should wait for the CATA working group report due in June.
- If the Commission wants to mandate gateway providers sign unsigned calls, it should focus on non-facilities-based VoIP providers, who are more likely to be contributing to the illegal robocall problem.
- The Commission should not require providers to implement DNO blocking at its gateways if they are already using DNO across its domestic network.
ZipDX LLC
ZipDX filed ex parte notices with the Commission on April 13, April 19, May 2 and May 9
- Robocall mitigation regulations should distinguish conversational traffic from dialer traffic.
- Providers that want to carry dialer traffic must vet, pre-approve, and monitor upstream providers that send dialer traffic. Providers that carry dialer traffic will be held strictly responsible for illegal robocalls.
- This way, the compliance burden falls those few that choose to carry dialer traffic. They must have expertise to monitor such traffic and deal with illegal calls.
- Large providers such as Verizon and AT&T should be allowed to apply for an exception to allow more time to implement SHAKEN at their gateways.
- C level attestation is not as good as higher-level attestation but informs the rest of the call path who put the call on the network. This is far more valuable than no signature.
TransNexus solutions
TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.
Contact us today to learn more.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy