Robocall mitigation tested by robocall enforcement action

Last week, the FCC issued an enforcement notice to all U.S.-based voice service providers to mitigate apparently illegal traffic from a particular source. This situation is testing the robocall mitigation and know-your-customer responsibilities of parties in the telecom ecosystem. Are you ready for this?

Robocalls targeting homeowners

Here are the entities involved in this case:

• MV Realty is the caller. Their operators initiated robocalls to consumers, picked up calls that were answered, and left prerecorded voicemails with calls that went to voicemail.
• PhoneBurner provides the calling platform that MV Realty telemarketers used to place these calls.
• Twilio is the service provider that originates calls for the PhoneBurner platform.

The calls in question were placed from May 1, 2022, through December 6, 2022. These calls offered consumers one-time cash payments in exchange for the homeowner granting MV Realty 40-year exclusive listing rights.

What happened

• MV Realty’s calling activity was brought to the attention of the Industry Traceback Group (ITG) by YouMail, whose users reported these calls as unwanted scam robocalls.
• Some of the called homeowners reported that their phone number is on the Do-Not-Call List. The FCC Enforcement Bureau identified almost 12 million calls made to DNC registered numbers by MV Reality using the PhoneBurner platform.
• Homeowner complaints also indicated that they did not have a business relationship with MV Realty and did not give consent to be called.
• Twilio told the ITG that PhoneBurner had obtained called parties’ consent for the calls. However, neither Twilio nor PhoneBurner provided the ITG with evidence of consent.

Enforcement actions

• U.S. service providers were instructed to take steps to effectively mitigate apparently illegal traffic from PhoneBurner and MV Realty. The notice indicated that the Enforcement Bureau considers blocking the traffic to be an example of effective mitigation.
• Twilio was instructed to take immediate actions to address the apparently illegal traffic to prevent downstream providers from blocking all of Twilio’s traffic.

More questions

There’s a lot we still don’t know about this case. Even with these few details, however, the situation raises other questions about accountability and expectations for mitigating apparently illegal robocalls.

Voice service providers and enterprise callers should be asking themselves these questions about their operations too. Are you ready for this level of scrutiny?

Who needs to see consent, and when?

We checked PhoneBurner’s Terms and Conditions of Service and found that they hold their client, the caller, responsible for how they use the platform and prohibit any unauthorized use of the site.

Twilio’s Acceptable Use Policy also prohibits customers from violating laws. Neither requires customers to provide evidence that they are complying with laws.

This approach seems to be bumping into the FCC’s affirmative obligations for voice service providers described in the Fourth Report and Order on Unlawful Robocalls. Should a provider request evidence of consent during a Know-Your-Customer (KYC) review, or when contacted by the ITG about alleged illegal calls?

How should originating service providers monitor suspicious traffic?

MV Realty allegedly made almost 12 million calls to numbers on the Do-Not-Call list. Should a voice service provider be looking for such traffic? How would they know if calls to numbers on the DNC were solicitations? How would they know about prior consent?

Who is the originating voice service provider?

The Enforcement Notice identified Twilio as the originating service provider in this case. However, the TRACED Act defines a voice service provider as an entity that provides voice communication services to end users. MV Reality and its calling agents are the end users in this situation. Therefore, could one argue that PhoneBurner is the voice service provider, not Twilio?

Were these calls signed with STIR/SHAKEN? If so, by whom, and what was the attestation level?

PhoneBurner’s website says that they support STIR/SHAKEN and provide A-level attestation on purchased numbers.

The STIR/SHAKEN standards indicate that an A-level attestation requires that the signer is responsible for the origination of the call, has a direct authenticated relationship with the customer and can identify the customer, and has established a verified association with the telephone number used for the call.

Were these calls signed by PhoneBurner or Twilio? Were these attestation conditions met?

The Robocall Enforcement Notice requires other providers to identify and mitigate this traffic. How do they identify traffic from Twilio/PhoneBurner/MV Realty?

Some providers stopped accepting all traffic from PhoneBurner, including calls from other customers, and therefore outside of the scope of the FCC’s enforcement notice. That seems too broad. How can other providers comply with the robocall enforcement order and identify this subset of calls?

How would your organization respond to a similar investigation by the ITG and FCC Enforcement Bureau?

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.