Should robocall mitigation requirements be more specific?

The FCC proposed a rule change to strengthen robocall mitigation by making the requirements more specific—something they’ve carefully avoided in the past. This article reviews why they proposed this change and what the new requirements could be.

Proposed rules

On May 20, the FCC issued a Further Notice of Proposed Rulemaking (FNPRM), which contains many proposed rules and questions about robocall mitigation and STIR/SHAKEN. Paragraphs 191 and 203 ask if the FCC should strengthen the definition of “reasonable steps” providers should take in their robocall mitigation program.

Suggestions from stakeholders

The Commission has been encouraged to require more of all providers in their robocall mitigation efforts. Here are two examples.

National Consumer Law Center and Electronic Privacy Information Center:

A provider can identify likely illegal calls by examining the percentage of calls answered, the ratio of different Caller-ID information (referred to as Automated Numbering Information, or ANI) to the number of total calls, and the average duration of calls[…] Almost all illegal robocalls are short duration averaging less than 20 seconds (because the called party hangs up). 99% of such calls last less than a minute. Less than 1% of such calls last more than 2 minutes.

Verizon:

Our provider rating methodology continuously measures wholesaler and direct peer calling patterns over time and considers factors such as call duration, percentage of calls declined by the recipient, number of calls made using invalid numbers, calls originating from industry or government identified problematic providers, and illegal calls made to our expansive honeypot.

Robocall mitigation claims by alleged bad actors

Let’s look at the robocall mitigation programs claimed in Robocall Mitigation Database (RMD) filings by providers recently blocked for participating in transmission of auto warranty robocalls and failure to respond to traceback and enforcement:

Most of these providers were not required to have or certify a robocall mitigation plan. That’s why the Commission wants to require plans from all providers.

Our thoughts

Effective robocall mitigation requires providers to:

1. Know their customers and/or upstream providers (KYC). This means vetting them before providing service.
2. Monitor traffic they originate for customers and/or transit from upstream providers.

Robocall mitigation plans should include KYC and monitoring. In their RMD filings, providers should specifically certify that they are doing these things.

Monitoring traffic will also help providers manage their legal risks. State attorneys general are suing providers for carrying illegal robocalls. The key phrase used in these lawsuits is that the provider “knew or should have known” that they were originating or transiting illegal robocalls.

We believe the Commission should require robocall mitigation plans to confirm that providers vet their customers/upstream providers and monitor traffic.

Would bad actors still make dishonest claims about their alleged robocall mitigation programs? Sure. And they will get caught.

Other providers, however, will be more responsive. If they must have processes for KYC and monitoring, then they will. They won’t want to get in trouble with regulatory compliance or face the legal risks of inadequate vetting and monitoring.

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.