Robocalling Wars: Battling the Bad Guys Through Laws, - - PowerPoint PPT Presentation

Robocalling Wars: Battling the Bad Guys Through Laws, Collaboration, Technology and Enforcement

Robert W. McCausland V.P. Regulatory and Government Affairs

December 3, 2018

2

See: https://www.ftc.gov/news-events/press-releases/2018/06/ftc-sues-stop-two-operations-responsible-making-billions-illegal

Problem Statement: Illicit robocalling is pervasive.

• Over a billion illegal robocalls are placed annually.*
• Do-Not-Call Lists are ineffective against illicit robocallers.
• Whac-A-Mole™: Regulator, Law Enforcement, and Industry

efforts are frustrated by nimble behaviors of the bad guys.

• Widely-available low-cost technology and high-speed

Internet access enable the bad guys to operate from both within and outside the U.S.A.

* Source: https://www.ftc.gov/news-events/press-releases/2018/06/ftc-sues-stop-two-operations-responsible-making-billions-illegal

3

4

“…the technology is easy to obtain and can be used by anyone. Anyone can start a large autodial campaign from a home office.”

Congressional Testimony April 18, 2018

Link: https://www.commerce.senate.gov/public/_cache/files/1d5345f4-392c-438c-9ddc-f6c3ad9929e0/72703224B3462DF05B4F1D061AF48FAC.senate-committee-testimony-adrian-abramovich-4-18-18-.pdf

4

Not all robocalling and robotexting are illicit, illegal, or unwanted, complicating the battle:

• School Notifications to Parents
• Prescription Pick-Up Calls/Texts
• Authorized Telemarketing or Debt Collection
• Local Community Emergency Communications

5

West provides and enables certain robocalling and texting services desired by the public.

Background:

Not all Caller-ID spoofing is illicit, illegal, or unwanted, further complicating the battle:

• Battered Women’s Shelters
• Business Service Centers Using One Outbound

Caller-ID Number for Callback Purposes

• Authorized Law Enforcement Investigations

6

Background (cont’d):

Fraudulent calls and texts come in different forms, and result from different motivations:

• Telephone Number Spoofing and Robocalling

(e.g., Rachel at Card Services)

• Neighbor Spoofing
• Access Stimulation Schemes
• Telephony Denial of Service (“TDoS”) Attacks

7

Background (cont’d):

“The underlying enabler for TDoS attacks is the ability to use automation to cheaply and easily generate hundreds

• r thousands of simultaneous calls.”

8

See DHS Science and Technology Directorate, “Telephony Denial of Service,” https://www.dhs.gov/sites/default/files/publications/508_FactSheet_DDoSD_TDoS%20One%20Pager- Final_June%202016_0.pdf

Background (cont’d):

“Reasons for TDoS attacks range from extortion to disruptive pranks. These attacks pose significant risks to banks, schools, hospitals and even government agencies.”

9

See “Partnering to Prevent TDoS Attacks,” (Jul. 9, 2018), https://www.dhs.gov/science-and- technology/blog/2018/07/09/partnering-prevent-tdos-attacks

Background (cont’d):

10

• 1968: Carterfone Decision
• 1969: FCC Grants Licensing to
• 1974: MCI Filed Antitrust Suit Against AT&T
• 1978: Advent of Exchange Network Facilities for Interstate Access (“ENFIA”)
• 1980: Jury Ruled for MCI
• 1982: Judge Harold Greene Oversaw Case Resulting in AT&T Consent Decree, Later

Amended into Modified Final Judgment (“MFJ”)

• January 1, 1984: AT&T Divestiture
• ≈June 13, 1984: First Switched Access Tariffs Took Effect (replacing ENFIA)
• February 8, 1996: Telecommunications Act of 1996 Enabled Local Competition Nationally
• Today: Switched access revenues still fund LEC network deployments/operations, but

networks require management to prevent arbitrage (“access stimulation” or “traffic pumping”) and zero-rating would enable other types of fraud.

Switched Access Primer – Bell System Monopoly to Now

• State PUCs:
• Rules
• Complaint Submissions (e.g., Texas No-Call)
• More
• State Attorneys General*
• FTC*:
• Telemarketing Sales Rule
• Possibly-Expanded Future Role

11

* See, for example, https://www.texasattorneygeneral.gov/consumer-protection/phone-mail-and-fax-scams , https://www.consumer.ftc.gov/features/feature-0025-robocalls and “Other Useful Notes and Resources” below.

Examples of Relevant Laws, Rules, and Actions

• FCC:
• Do-Not-Call Regulations
• Robocalling Strike Force
• North American Numbering Council (“NANC”) Call

Authentication Trust Anchor (“CATA”) Working Group

• STIR and SHAKEN

12

See “Other Useful Notes and Resources” below.

Examples of Relevant Laws, Rules, and Actions (Cont’d)

“Combatting robocalls is our top consumer protection priority….” - FCC Chairman Pai*

FCC December 12, 2018 Open Meeting Agenda* Includes:

• Reassigned Numbers Database (primarily TCPA-
• riented; different from Unassigned Number Database)
• Text Messaging Classification

13

* See https://docs.fcc.gov/public/attachments/DOC-355188A1.pdf , https://www.fcc.gov/news-events/events/2018/12/december-2018-open- commission-meeting , and “Other Useful Notes and Resources” below.

Examples of Relevant Laws, Rules, and Actions (Cont’d)

• U.S. Congress:
• Telephone Consumer Protection Act of 1991

(“TCPA” - December 20, 1991)

• Do-Not-Call Implementation Act (March 11, 2003)
• Truth in Caller-ID Act of 2009 (December 22, 2010)
• Federal Wire Fraud Statute
• Senate Commerce FTC Oversight Hearings*
• Most-Recent: Proposed Telephone Robocall Abuse Criminal

Enforcement and Deterrence Act (“TRACED Act”)

14

* See https://www.commerce.senate.gov/public/index.cfm/2018/11/oversight-of-the-federal-trade-commission and “Other Useful Notes and Resources” below.

Examples of Relevant Laws, Rules, and Actions (Cont’d)

Purpose: To amend the Communications Act in order to deter criminal robocall violations and improve enforcement. As currently drafted, the TRACED Act would:

• increase per-call fines,
• extend statute of limitations to three years,
• mandate SHAKEN or similar mechanism (applicable to both legacy and VoIP providers),
• establish a conditional safe harbor for providers,
• permit verification of call authenticity,
• permit certain obligations and restrictions associated with number assignments,
• permit rules to empower subscribers to restrict “unwanted” calls or texts, as well as calls
• r texts from unauthenticated numbers,
• align various federal agencies to prosecute illegal robocallers & report to Congress, and
• take other steps to combat illegal and unwanted calls/texts.

15

Proposed TRACED Act, S. 3655

See “Other Useful Notes and Resources” below.

Examples of Relevant Laws, Rules, and Actions (Cont’d)

• Canada: Canadian Radio-television and Telecommunications

Commission (“CRTC”) Actions Include STIR/SHAKEN Mandate by March 2019

• Traceback Definition Component
• Industry Progress Reports
• SIP (IP) Mandate; Viewed as N/A to Time Division Multiplexing

(“TDM”) Network Components and Interconnection

• United Kingdom: Ofcom “Guidance on the provision of Calling Line

Identification facilities and other related services” (“Guidance on CLI Facilities” – published July 30, 2018)

16

Examples of Actions and Efforts in Other Countries

See “Other Useful Notes and Resources” below.

• Call Blocking Traditionally Allowed “Only Under Rare and Limited

Circumstances”: FCC Declaratory Ruling and Order Released June 28, 2007

( https://docs.fcc.gov/public/attachments/DA-07-2863A1.pdf )

• FCC Affirmed Consumers’ Rights to Control Received Calls and Assured

Providers That They Face No Legal Barriers to Allowing Consumer Use of Robocall-Blocking Technology: FCC Declaratory Ruling and Order Released July 10, 2015

( https://docs.fcc.gov/public/attachments/DOC-333993A1.pdf and https://docs.fcc.gov/public/attachments/FCC-15-72A1.pdf )

• Carrier Blocking Subsequently Deemed Permissive for Legitimate Subscriber

Inbound-Call-Blocking Requests and for Certain Do-Not-Originate (“DNO”) Requests: FCC Robocall Blocking Order and FNPRM Released November 17, 2017

( https://docs.fcc.gov/public/attachments/FCC-17-151A1.pdf )

17

Slowly-Reducing Tension Between U.S. Rules and Remedies

• Customer Proprietary Network Information (“CPNI”)

Privacy Concerns Inhibited Industry Collaboration for Fraud-Call Investigations

• FCC Provided Guidance on the Limited CPNI Exception of

47 U.S. Code Section 222(d)(2)

• Robocalling Strike Force
• USTelecom Created the Industry Traceback (“ITB”) Group*
• Structured Collaboration is Producing Results

18

Examples of U.S. Industry’s Investigative Evolution

* See the separate note and link in the “Other Useful Notes and Resources” below.

Section 222(d)(2) CPNI Exception for Fraud Investigations Among Carriers:

19

U.S. Industry’s Investigative Evolution (cont’d)

(d) Exceptions. Nothing in this section prohibits a telecommunications carrier from using, disclosing, or permitting access to customer proprietary network information obtained from its customers, either directly or indirectly through its agents— [. . . .] (2) to protect the rights

• r property of the carrier, or to protect users of those services and
• ther carriers from fraudulent, abusive, or unlawful use of, or

subscription to, such services[.]

20

These are the frameworks created to identify illegally-spoofed Caller-IDs and to help prevent the completion of illicit robocalls.

STIR

(Secure Telephony Identity Revisited)

SHAKEN

(Signature-based Handling of Asserted information using toKENs)

Use Digital Certificates (obtained by service providers on both ends of a call from the trusted Certificate Authorities used by those service providers) and Common Public Key Cryptography to assure the called party that Caller-ID is not illicitly spoofed and accurately reflects the authorized caller.

• Caller-ID is authenticated by the originating service

provider, then verified by the terminating service provider.

• Limitations exist.

21

STIR and SHAKEN

See “Other Useful Notes and Resources” below.

• Secure Telephone Identity Governance Authority (“GA” or

“STI-GA”): Establishes and governs the rules for the Policy Administrator to apply in selecting Certificate Authorities.

• Policy Administrator (“PA” or “STI-PA”): Determines which

entities qualify to be Certificate Authorities.

• Certificate Authorities: Issue valid certificates to providers.

22

Primary Functions of Key STIR and SHAKEN Entities

23

“Know Your Customer” “Know Your Customer”

SHAKEN Combined with Other Steps (Like “Know Your Customer”) Can Help Beat the Bad Guys

Caller-ID will be:

• authenticated by the originating service provider, then
• verified by the terminating service provider.*

SHAKEN S H

* See “Other Useful Notes and Resources” below.

24

SHAKEN

SHAKEN

Caller-ID Authentication

• r Verification

(depending on the call’s direction)

Authentication Service

(when originating)

Verification Service

(when terminating)

Certificate Repository Certificate Repository

Authentication Service

(when originating)

Verification Service

(when terminating)

SHAKEN Will Better-Enable Other Industry Efforts

25

• Enhanced Call Analytics
• Adaptive Analytics Combined with

Specific Actions

• Post-Analytic Processes
• Expanded Collaboration
• “Know Your Customer”
• User-Equipment Displays

New Caller-ID Display Opportunities

26

• Character Length Capped at 15 on Traditional

CNAM/SS7/Analog-Based Networks and Devices

• IP-Based Networks Provide for 35-Character NAME

and Additional Caller Information (“eCNAM”)

• ATIS-1000067 Expands Call-Information Delivery

and Display Options

27

ATIS-1000081 Expands Display Possibilities

28

Other Useful Notes and Resources

29

• West Telecom is committed to deploy STIR/SHAKEN within its network as quickly as the vendor software can be finalized, fully tested, and made

commercially available for wide-scale deployment (likely in the first half of 2019). – see https://ecfsapi.fcc.gov/file/10913838520006/9-13- 18%20WestTelecom%20Services%2C%20LLC%20Notice%20of%20Ex%20Parte%20Meeting%20-%209-12-18%20(00128263xC33F1).pdf

• The National (https://www.donotcall.gov/) and Texas (https://www.texasnocall.com/) Do-Not-Call registries apply to sales calls. Note that there are

limited exceptions for charity, debt collector, survey and political calls. For example, the FCC places certain restrictions on auto-dialed political campaign calls and robo-text messages – see https://www.fcc.gov/political-campaign-robocalls-robotexts, https://www.fcc.gov/fcc-rules-political- robocalls-and-robotexts-explained, https://docs.fcc.gov/public/attachments/DA-12-1476A1.pdf, and also https://www.fcc.gov/consumers/guides/stop-unwanted-robocalls-and-texts (here, click on the “Political Calls and Texts” tab in the center of the website page).

• Do-Not-Call Exceptions Coverage: https://thehill.com/policy/technology/286628-entire-federal-government-exempt-from-robocall-laws-fcc-rules
• Relevant FTC resources include: https://www.ftc.gov/news-events/media-resources/do-not-call-registry/robocalls, https://www.ftc.gov/news-

events/media-resources/do-not-call-registry, https://www.consumer.ftc.gov/articles/0198-telemarketing-sales-rule, https://www.ftc.gov/tips- advice/business-center/guidance/complying-telemarketing-sales-rule, https://www.consumer.ftc.gov/features/feature-0025-robocalls , and https://www.ftc.gov/news-events/media-resources/do-not-call-registry/enforcement .

• FCC Enforcement-Action Example - Abramovich Citation and Order: https://www.fcc.gov/document/abramovich-citation-and-order
• NANC Correspondence: https://www.fcc.gov/about-fcc/advisory-committees/north-american-numbering-council/general/nanc-

correspondence#block-menu-block-4. (view CATA, STIR/SHAKEN and related materials)

• FCC Chairman CATA Letter: https://www.fcc.gov/document/chairman-pai-welcomes-call-authentication-framework

Other Useful Notes and Resources (Cont’d)

30

• National Association of Attorneys General Letter dated September 9, 2014: http://law.alaska.gov/pdf/consumer/090914Robocalling.pdf
• Reply Comments of 35 State Attorneys General as submitted to the FCC on October 8, 2018: https://ag.ny.gov/sites/default/files/refresh-robocall-

record-reply-comment-of-35-state-ags.pdf

• Senate Commerce Chairman John Thune (R-S.D.), Sen. Ed Markey (D-Mass.) and Sen. Roger Wicker (R-Miss.) introduced the TRACED Ace, S. 3655:

https://www.commerce.senate.gov/public/_cache/files/55b9b4e2-848f-4ef6-bb1f- 1d32f5063183/731A22D0AB4E8FFC00019CD2C5B9DBBB.s.3655-as-introduced.pdf ; Senate News Release: https://www.commerce.senate.gov/public/index.cfm/pressreleases?ID=91889B92-62FE-4AF1-A6A4-D26E7E2F296F

• H.R.6943 - CEASE Robocalls Act – introduced September 27, 2018 to permit the Federal Trade Commission to implement and enforce the

Telemarketing and Consumer Fraud and Abuse Prevention Act with respect to certain common carriers, and for other purposes: https://www.congress.gov/bill/115th-congress/house-bill/6943?q=%7B%22search%22%3A%5B%22hr+6943%22%5D%7D&r=1

• CRTC 2018-32: https://crtc.gc.ca/eng/archive/2018/2018-32.htm
• UK’s Communications Regulator Ofcom Guidelines for Calling Line Identification Facilities: https://www.ofcom.org.uk/consultations-and-

statements/category-2/guidelines-for-cli-facilities

• Letter from the FCC’s Enforcement Bureau Chief Rosemary Harold and the FCC’s CTO Eric Burger that acknowledges successes of the USTelecom-

led Industry Traceback (“ITB”) Group of which West is a part. (Note that separate letters included within the FCC’s PDF are to companies that seem to have not been viewed by the FCC as highly-collaborative in efforts to combat illicit spoofing and robocalling.): https://docs.fcc.gov/public/attachments/DOC-354942A2.pdf

• 2019 FCC Target for STIR/SHAKEN Implementation: https://docs.fcc.gov/public/attachments/DOC-354933A1.pdf

Other Useful Notes and Resources (Cont’d)

31

• Representative FCC Letter to certain providers that have committed to deploy STIR/SHAKEN: https://docs.fcc.gov/public/attachments/DOC-

354933A2.pdf

• Representative FCC Letter to certain providers that have not yet publicly committed to deploy STIR/SHAKEN:

https://docs.fcc.gov/public/attachments/DOC-354933A4.pdf

• U.S. Telecom History and Industry Nostalgia: https://beatriceco.com/bti/porticus/bell/pdf/the_bell_system.pdf ;

http://www.pirp.harvard.edu/pubs_pdf/borchar/borchar-p79-4.pdf ; http://www.telephonetribute.com/glostele.htm

• SHAKEN Framework (ATIS): https://www.atis.org/docstore/product.aspx?id=28297
• SHAKEN Overview: https://transnexus.com/whitepapers/stir-and-shaken-overview/
• SHAKEN White Paper: https://transnexus.com/whitepapers/stir-shaken-cms-solutions/
• TNS FCC Ex Parte and Presentation Dated 11/14/18: https://prodnet.www.neca.org/publicationsdocs/wwpdf/111518tns.pdf
• Depictions potentially relevant to the “Limitations exist.” point on Slide 18: 1) For Traditional TDM Networks: https://goo.gl/images/Hiwytu 2) For

Certain IP/VoIP/SIP-Based Networks: https://goo.gl/images/rNRy3J and https://goo.gl/images/Z6Rt6C and https://goo.gl/images/p3pyZT and https://goo.gl/images/jw5W8v . Note that the broader presentations are available at these links by clicking on the “Visit” icons.

• ATIS Letter of November 15, 2018 Announcing Issuance of the Policy Administrator RFP:

https://prodnet.www.neca.org/publicationsdocs/wwpdf/111518atis.pdf . See also: http://www.atis.org/sti-ga/rfp/

Robert.McCausland@west.com

December 3, 2018