Reversing the Trend of Deregulation, FCC Tackles Caller ID Spoofing Head-on
The Federal Communications Commission ("FCC" or the "Commission") continued its long-running fight against unwanted robocalls earlier this month, but the steps the Commission proposed may not make a significant impact immediately. On Friday, February 15th, the FCC released a notice of proposed rulemaking ("NPRM") seeking comment on issues associated with implementing new caller ID spoofing rules adopted by Congress as part of the 2018 RAY BAUM'S Act ("RB Act"). The proposals are part of a broader set of Commission actions targeting the scourge of robocalls.
While these recent actions focused on caller ID spoofing as part of the broader robocalling epidemic, the Commission has taken a number of other steps to fight unwanted robocalls in the last year and a half. This includes: creating a reassigned number database to prevent legitimate callers from calling a reassigned number, allowing carriers to block suspected fraudulent calls under certain circumstances, and continuing to make Telephone Consumer Protection Act ("TCPA") compliance an enforcement priority. Despite these efforts, unwanted robocalls remain the single largest complaint received by the Commission, and several commissioners argued the Commission should be doing even more.
In 2009, Congress passed the Truth in Caller ID Act ("TICA"), which made it illegal to transmit inaccurate caller ID information "with the intent to defraud, cause harm, or wrongfully obtain anything of value." The TICA also gave the Commission the authority to adopt rules to implement the TICA. Last year, Congress expanded the FCC's ability to crack down on caller ID spoofing as part of the RB Act by adopting three recommendations made in a 2011 FCC report to Congress. The NPRM is the Commission's first step in adding the RB Act's statutory changes to the FCC's rules.
First, the RB Act expands the FCC's jurisdiction for caller ID spoofing enforcement. The TCPA applies to calls made within the United States or to a person in the United States. In other words, for robocalls, the FCC has jurisdiction over international calls that terminate in the U.S. Before the RB Act passed last year, the FCC's jurisdiction for caller ID spoofing violations was limited to persons in the United States. Consistent with the RB Act, the NPRM proposes to extend the reach of the caller ID spoofing rules to include communications originating outside the United States to recipients within the United States.
Theoretically, this expanded authority will allow the FCC to focus enforcement internationally where many scam robocall operations - which often rely on caller ID spoofing to increase answer rates - originate. However, the Commission has struggled to use its broader robocalling jurisdiction to limit unwanted robocalls because international cooperation among law enforcement is challenging. It is particularly difficult when scammers operate in countries with less well-established public institutions than the U.S. Therefore, it seems unlikely that allowing the FCC to enforce caller ID spoofing restrictions on international calls to the U.S. will significantly reduce the number of robocall scammers using caller ID spoofing.
Second, the RB Act clarifies that the FCC can take action against caller ID spoofing in text messages. The Commission has historically treated the term 'call' in the TCPA as inclusive of both voice calls and text messages. However, in the caller ID spoofing context, the FCC's authority was limited to telecommunications services or IP-enabled voice service, which the FCC defined as telecommunications services or interconnected Voice over Internet Protocol ("VoIP") services. As regular blog readers will know, the FCC recently classified text messaging as an information (as opposed to telecommunications) service, and before that, it was not clear what regulatory classification text messaging would fall under. Therefore, while the Commission could have attempted to exercise authority over caller ID spoofing in text messages, enforcement would have required the FCC to provide notice of the rule change and likely would have been challenged in court. The FCC may have eschewed this approach because, historically, carriers have taken more steps to block spam text messages, so robocalling (and caller ID spoofing) have not been as big a problem for text messaging in the past. That said, the added authority will give the FCC another tool to use when caller ID spoofing occurs via text message.
Third, the RB Act expands the FCC's caller ID spoofing jurisdiction to voice services generally, which is defined as a service that interconnects with the public switched telephone network ("PTSN") and uses North American Numbering Plan resources. The definition also includes transmission to a telephone facsimile machine. Previously, only telecommunications carriers (traditional phone service) and IP-enabled voice services (which the Commission defined as interconnected VoIP) providers were subject to the FCC's caller ID spoofing rules. The primary impact of this change will likely be to expand the FCC's caller ID spoofing rules to voice services that touch the PTSN but haven't traditionally been considered interconnected, which could cover non-interconnected VoIP services that reach the PTSN (one-way - often inbound only or outbound only - calling services for example). The NPRM interprets the Act as expanding the Commission's prior jurisdiction and asks for comment on whether the definition of voice service should include non-interconnected VoIP and other services that would not previously have been subject to FCC jurisdiction for caller ID spoofing purposes.
It is worth noting that the Commission's 2011 report to Congress recommended giving the FCC authority to regulate spoofing services offered by third parties. The RB Act did not adopt this recommendation, so the Commission does not have explicit authority to regulate or enforce its rules against the companies that enable caller ID spoofing through software or calling platforms. The FCC certainly could interpret its authority as allowing it to pursue third-party spoofing services, as it has for robocalling platform providers in certain circumstances under the TCPA. However, third-party caller ID spoofing providers may argue that since Congress considered the FCC's recommendation to expand its authority and refused to do so, it undermines future FCC arguments that the statute authorizes it to regulate caller ID spoofing providers.
Finally, on February 13th, Chairman Pai urged carriers to implement strong caller ID authentication. Specifically, the Chairman is pushing major carriers to adopt what's called the SHAKEN/STIR framework by the end of this year. Caller ID authentication would make it harder to spoof caller IDs by creating an authentication chain back to the originating carrier. Pai said the FCC will "consider regulatory intervention" if major carriers do not meet his deadline. At this point, the statement amounts to finger-wagging from the Chairman, but it warrants mention because Pai's Commission has generally taken a deregulatory approach. The threat to regulate illustrates the seriousness with which Pai and the Commission are approaching robocalling issues, including caller ID spoofing.
Comments on the NPRM will be due 30 days after publication of the NPRM in the Federal Register, and Reply Comments will be due 60 days after publication in the Federal Register. Keep an eye on CommLawBlog for more updates about the NPRM and the FCC's ongoing fight against unwanted robocalls.