AGENCY:

Federal Communications Commission.

ACTION:

Final rule.

SUMMARY:

In this document, the Commission adopts final rules, as required by the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), to establish a registration process for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls.

DATES:

Effective May 20, 2020.

FOR FURTHER INFORMATION CONTACT:

For additional information on this proceeding, contact Daniel Stepanicich of the Telecommunications Consumers Division, Enforcement Bureau, at Daniel.Stepanicich@fcc.gov or (202) 418-7451.

SUPPLEMENTARY INFORMATION:

This is a summary of the Commission's Report and Order, FCC 20-34, EB Docket No. 20-22, adopted on March 27, 2020 and released on March 27, 2020, which is the subject of this rulemaking. The full text of this document is available for public inspection during regular business hours in the FCC Reference Center, 445 12th Street SW, Room CY-A257, Washington, DC 20554, or online at https://docs.fcc.gov/​public/​attachments/​FCC-20-34A1.pdf. To request this document in accessible formats for people with disabilities (e.g., Braille, large print, electronic files, audio format, etc.) or to request reasonable accommodations (e.g., accessible format documents, sign language interpreters, CART, etc.), send an email to fcc504@fcc.gov or call the FCC's Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY).

Synopsis

1. In this Report and Order, the Federal Communications Commission adopts final rules to implement section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) to establish a registration process for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls. Unlawful prerecorded or artificial voice message calls—robocalls—plague the American public. Despite the Commission's efforts to combat unlawful robocalls, which includes efforts to trace unlawful spoofed robocalls to their origination—a process known as traceback—these calls persist. Congress recognized the continued problem and enacted the TRACED Act to further aid the Commission's efforts. Congress acknowledged the beneficial collaboration between the Commission and the private sector on traceback issues and, in section 13(d) of the TRACED Act, required the Commission to issue rules for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls.

2. The Commission released a Notice of Proposed Rulemaking (NPRM) on February 6, 2020, at 85 FR 8531, proposing to establish a process to designate a registered consortium as contemplated by section 13(d) of the TRACED Act. ACA International, INCOMPAS, NCTA-The internet & Television Association (NCTA), USTelecom-The Broadband Association (USTelecom), and ZipDX, LLC (ZipDX) filed comments, and Cloud Communications Alliance (CCA), NCTA, and USTelecom filed reply comments in this proceeding.

3. In this Report and Order, we amend our rules to establish a process to register a single consortium under section 13(d) of the TRACED Act. We generally adopt our rules as proposed, with limited modifications to ensure that we satisfy the statutory requirements and to address commenters' concerns.

Registration Process

4. We revise our rules to require the Enforcement Bureau (Bureau) to issue, no later than April 28th of each year, an annual public notice seeking registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls. This is consistent with the statute and our proposed rule. The notice will set forth a deadline by which an entity that plans to register as the consortium for private-led traceback efforts must submit in the docket a letter of notice of its intent to conduct private-led traceback efforts and its intent to register as a single consortium.

5. Letter of Intent. We require an entity that plans to register as the consortium for private-led traceback efforts to submit a Letter of Intent as directed by the Bureau's public notice. Consistent with the statute, we proposed that the Letter of Intent include the name of the entity and a statement of its intent to conduct private-led traceback efforts and its intent to register with the Commission as the single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls. We adopt this proposal.

6. In its Letter of Intent, the entity must satisfy the statutory requirements by:

(a) Demonstrating that the consortium is a neutral third party competent to manage the private-led effort to trace back the origin of suspected unlawful robocalls;

(b) Including a copy of the consortium's written best practices, with an explanation thereof, regarding management of its traceback efforts and regarding providers of voice services' participation in the consortium's efforts to trace back the origin of suspected unlawful robocalls;

(c) Certifying that, consistent with section 222(d)(2) of the Communications Act, the consortium's efforts will focus on fraudulent, abusive, or unlawful traffic; and

(d) Certifying that the consortium has notified the Commission that it intends to conduct traceback efforts of suspected unlawful robocalls in advance of registration as the single consortium.

7. We direct the Bureau to review the Letters of Intent and to select the single registered consortium no later than 90 days after the deadline for the submission of Letters of Intent. As we proposed, we will not require the incumbent registered consortium to submit a Letter of Intent after its initial selection as the registered consortium. Instead, the certifications contained in the registered consortium's initial Letter of Intent will continue in effect for each subsequent year the incumbent registered consortium serves unless the incumbent consortium notifies the Commission otherwise in writing on or before the date for the filing of such letters set forth in the annual public notice. This approach will allow us to fulfill our statutory mandate while minimizing the burdens of the registration process. In the event of any delays in our annual selection process, the incumbent consortium is authorized to continue its traceback efforts until the effective date of the selection of any new registered consortium.

8. In order to ensure that the incumbent registered consortium continues to perform its duties in compliance with the statute and to address commenters' concerns about Commission oversight, we also add certain requirements to help the Commission verify that the registered consortium continues to comply with the statute. Specifically, in the Letter of Intent, an entity seeking registration must certify that it will (1) remain in compliance throughout the time period that it is the registered consortium; (2) conduct an annual review to ensure its compliance with the statutory requirements; and (3) promptly notify the Commission of any changes that reasonably bear on its certification, including, for example, material changes to its best practices. We reserve the right to revisit these requirements or impose additional commitments if necessary.

9. 2020 Registration Process. Because this is a new process, we direct the Bureau to provide an opportunity for public comment on any Letter of Intent in response to the first annual notice. We also direct the Bureau to set the filing date for Letters of Intent no sooner than 30 days after the rules are published in the Federal Register. We will not impose additional process requirements, but the Bureau shall have appropriate flexibility to determine what, if any, additional processes may be necessary to ensure that it receives sufficient information to select the registered consortium, including providing an opportunity for public comment on any Letters of Intent in future years.

Selection of the Registered Consortium

10. An entity that seeks to become the registered consortium must sufficiently and meaningfully fulfill the statutory requirements. Based on our experience, we expect the traceback process to evolve in response to new unlawful robocalling schemes, new technologies, and the needs of interested parties, such as the Commission, the Department of Justice, state Attorneys General, and other agencies. Accordingly, we wish to encourage, not hinder, a responsive, dynamic traceback process. We must, however, ensure that the registered consortium is accountable for compliance with the statutory requirements. We will set forth a set of principles, rather than prescriptive directives, for the Bureau to use to select the registered consortium and ensure that it complies with section 13(d)(1)(A) through (D) of the TRACED Act. This approach will ensure a reasonable balance between ensuring statutory compliance with the need for a nimble and dynamic traceback process.

11. First, the registered consortium must be a neutral third party. As we stated in the NPRM, openness is indicative of the level of neutrality we would expect in order to accept a consortium's registration. We find that a neutral third party, at a minimum, must demonstrate its openness by explaining how it will allow voice service providers to participate in an unbiased, non-discriminatory, and technology-neutral manner. Commenters generally recognize that openness is an indicator of neutrality, and we find that objective criteria of openness will encourage broad voice service provider participation. Broad participation and cooperation are necessary to fulfill the fundamental purpose of traceback—timely and successfully finding the origin of suspected unlawful robocalls that traverse multiple voice service providers' networks.

12. We also agree with USTelecom that, so long as participation criteria are objectively neutral as we describe, the consortium should have flexibility to control participation when appropriate. For example, a voice service provider that carries voluminous suspected unlawful robocalls might attempt to join the consortium to gain insight into ways to evade traceback efforts. Allowing such an entity access to the consortium could undermine or even defeat the consortium's traceback efforts—and defeat Congress's purpose in enacting the statute. Thus, we interpret the statutory requirement that the consortium be neutral to mean that it must allow voice service providers' participation in an unbiased, non-discriminatory, and technology-neutral manner, thereby prohibiting bias in favor or against any industry segment. It does not require that the consortium permit indiscriminate participation by any entity, nor prohibit the consortium from denying or restricting participation where there is a valid reason to do so. We encourage any entity that believes that the designated consortium has unfairly discriminated against any entity regarding participation to alert the Bureau promptly of such concerns.

13. In order to ensure that the registered consortium fulfills the statutory obligation of neutrality, applicants will need to demonstrate in their Letters of Intent that they meet that requirement. Consistent with the openness principle, consortia should provide information to demonstrate that their internal structural, procedural, and administrative mechanisms, as well as other operational criteria do not result in an overall lack of neutrality. The Bureau must fully consider and evaluate each Letter of Intent to ensure that it meets the neutrality requirements, consistent with our objective openness principle, as well as the other statutory requirements. The Bureau will select as the registered consortium the entity that best meets these requirements. As we have stated, however, we are willing to entertain public input regarding the consortium's neutrality, and we will evaluate each such Letter of Intent in light of a consortium's showings of compliance with the neutrality and other requirements of section 13(d).

14. Both NCTA and INCOMPAS propose that the Commission mandate specific neutrality requirements, such as requiring the registered consortium to establish and maintain an executive committee, or something comparable, comprised of different industry sectors with an equal voice in the management of the consortium, or requiring structural separation from any advocacy entity. We acknowledge that, in other instances, we have adopted more detailed neutrality criteria, such as in the context of number administration. The primary purpose of entities like the North American Numbering Plan Administrator, however, is to oversee resources for the communications industry, which may have competing goals. Here, in contrast, there is a shared goal among the vast majority of participants to curtail unlawful robocalling and spoofing. Although NCTA and INCOMPAS's proposals provide examples of what a consortium could include to demonstrate its openness, we decline to mandate these specific requirements. The statute does not require, and we do not find it necessary to impose, a single, specific structure or administrative methodology to ensure neutrality.

15. INCOMPAS also suggests that the Industry Traceback Group is the Commission's predetermined registered consortium, and expresses concern about that group's neutrality. We acknowledge our experience with the Industry Traceback Group, but the Commission has not reached a determination as to which entity may be selected as the registered consortium. Moreover, the statute contemplates an annual evaluation process by the Bureau to ensure that the registered consortium continues to (or in the case of a new applicant, shall) fulfill the statutory obligation for neutrality. Accordingly, we are open to receiving comments now and in future application cycles to ensure that the registered consortium, throughout its tenure, performs its traceback activities in a fair and neutral manner. We note that specific examples have the most probative value.

16. Second, the registered consortium must be a competent manager of the private-led efforts to trace back the origin of suspected unlawful robocalls. We find that a competent manager of the private-led traceback efforts must be able to effectively and efficiently manage a traceback process of suspected unlawful robocalls for the benefit of those who use the traceback information and ultimately, consumers. An effective and efficient traceback process includes timely and successfully finding the origin of suspected unlawful robocalls that traverse multiple voice service providers' networks. Competent management requires that the consortium work cooperatively and collaboratively across the industry and provide prompt and comprehensive information to the Bureau and others who have a legitimate need for, and a legal right to, the information. The registered consortium also must be aware of and conform to applicable legal requirements, such as requirements regarding confidentiality and legal processes.

17. Congress specifically afforded the Commission discretion to determine a consortium's competence to manage private-led traceback efforts, “in the judgement of the Commission.” Evidence of expertise and success in managing and improving traceback processes address a consortium's competence, and therefore, is rooted in statutory authority. As we state in the NPRM, it is reasonable to weigh that expertise and success when selecting between or among consortia to ensure that private-led efforts result in effective traceback. We note, however, that while a consortium's expertise in managing traceback processes is particularly relevant, such experience is not a prerequisite.

18. We disagree with INCOMPAS's assertion that we are foreclosed from weighting a consortium's expertise and success in managing and improving traceback processes. Giving weight to expertise and success in managing and improving traceback processes does not foreclose consortia that develop innovative traceback processes, and we encourage all qualified interested entities to apply.

19. Third, the registered consortium must maintain, and conform its actions to, written best practices regarding the management of private-led efforts to trace back the origin of suspected unlawful robocalls and regarding providers of voice services' participation in such efforts. We find that written best practices, at a minimum, would address the consortium's compliance with statutory requirements, consistent with the principles we set forth in this Order. We also find that the registered consortium's written best practices must establish processes and criteria for determining how providers of voice services will participate in traceback efforts, and those processes and criteria must be fair and reasonable.

20. By their nature, best practices evolve over time to reflect empirical knowledge and practical experience. This is particularly true for technology-dependent activities such as combatting caller ID spoofing. Therefore, we decline to mandate specific best practices that would necessarily be based on our experience today and might not accurately encompass concerns or reflect best practices that may develop in the future. It is incumbent upon a consortium, however, to explain how its written policy demonstrates best practices. For example, written best practices that address the openness of the consortium and the competency of the consortium would likely include a number of commenters' specific suggestions, e.g., provisions governing (a) voice service providers' participation in private-led traceback efforts, (b) how specific calls are selected for traceback, (c) traceback information sharing, (d) consortium governance, and (e) budget transparency, including voice service provider participation fees or costs. Our evaluation of consortium proposals will also include a review of such explanations.

21. Fourth, consistent with section 222(d)(2), the registered consortium's private-led traceback of suspected unlawful robocalls must focus on fraudulent, abusive, or unlawful traffic. Commenters offered no specific suggestions for interpreting this particular provision. Based on our experience regarding unlawful robocalls, a traceback process that, at a minimum, considers scope, scale, and harm, should lead to a focus on fraudulent, abusive, and unlawful traffic. For example, large scale unlawful robocalling and/or unlawful spoofing campaigns may be abusive because they add unauthorized burdens to telecommunications networks and potentially threaten the integrity of the nation's telecommunications infrastructure. A consortium could demonstrate compliance by adopting criteria, consistent with the considerations enumerated here, that govern how calls are selected for traceback.

22. CCA suggests that the definition of suspected unlawful robocalls that trigger a traceback request should be limited to calls that seek to perpetrate fraud or result in massive unlawful activity, such as mass calling to numbers on the do not call registry. We find that a written best practice that uses CCA's proposed interpretation of the definition of suspected unlawful robocalls that trigger a traceback request to be too narrow. Suspected unlawful robocalls are defined, for example, to include calls that the Commission or a voice service provider reasonably believes to be unlawful spoofed calls; not all unlawful spoofed calls seek to perpetrate fraud or result in massive unlawful activity. Indeed, fraud is only one of three elements in the statute that determines whether the act of spoofing violates the law.

23. In the event that more than one consortium submits a Letter of Intent, meets the statutory requirements of section 13(d)(1)(A) through (D), and fulfills the rules that we adopt today, the Bureau must select only one. The Bureau should fully evaluate each applicant to determine which most fully satisfies the statutory requirements and the principles that the Commission has identified.

24. ACA International suggests that, if more than one consortium seeks to be the registered consortium, the Bureau should heavily weight applicants whose members include a representative sampling of lawful legitimate callers and applicants whose procedures and policies seek to minimize the likelihood of false positives that would negatively impact lawful, legitimate calls. Other commenters assert that ACA International's comments arise from concerns about voice service providers' call blocking and are better addressed through other FCC proceedings that specifically address the call blocking issue. We agree that protecting legitimate calls is better addressed through call blocking proceedings rather than the selection of the consortium selected to conduct tracebacks. Our openness principle for demonstrating neutrality focuses on allowing voice service providers to participate but does not exclude a consortium from addressing ACA International's concern.

25. Paperwork Reduction Act of 1995 Analysis. The Report and Order does not contain proposed information collection(s) subject to the Paperwork Reduction Act of 1995, Public Law 104-13. In addition, therefore, the Report and Order does not contain any new or modified information collection burden for small business concerns with fewer than 25 employees, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4).

26. Congressional Review Act. The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs that this rule is non-major under the Congressional Review Act, 5 U.S.C. 804(2). The Commission will send a copy of the Report and Order to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).

27. Final Regulatory Flexibility Certification. The Regulatory Flexibility Act, as amended (RFA), requires a regulatory flexibility analysis be prepared for notice-and-comment rule making proceedings, unless the agency certifies that the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities. The RFA generally defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “small governmental jurisdiction.” In addition, the term “small business” has the same meaning as the term “small business concern” under the Small Business Act. A “small business concern” is one which: (1) Is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the Small Business Administration (SBA).

28. An Initial Regulatory Flexibility Certification (IRFC) was incorporated in the Notice of Proposed Rulemaking (Notice) in this proceeding. The proceeding was established to fulfill the Commission's statutory obligation under the TRACED Act, no later than March 29, 2020, to issue rules to establish a registration process for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls. The scope of the proposals in the Notice were limited to the creation of a registration with the Commission of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls as required by section 13 of the TRACED Act. As such the Commission did not anticipate that there would be a significant economic impact on a substantial number of small entities because very few entities would likely apply to serve as the consortium and only a single entity will be chosen. Moreover, the Commission believed that for any entity that has the resources to perform the private-led traceback efforts, both the registration burdens and the economic impact of the proposals in the Notice would be negligible.

29. In the Report and Order, the Commission generally adopts the rules as proposed in the February 6, 2020 rulemaking, subject to a few modifications to ensure that we satisfy statutory requirements and address concerns raised in comments filed in the proceeding. Based on our experience, the Commission continues to reasonably expect that no more than a few entities, and perhaps only one, will apply to serve as the consortium, and the rules we adopt herein impose minimal registration burdens such that they will have no more than a de minimis economic impact on any entity that has the resources to perform the private-led traceback efforts. Accordingly, we make this Final Regulatory Flexibility Certification certifying that the rules adopted in the Report and Order will not have a significant economic impact on a substantial number of small entities.

30. Accordingly, it is ordered, pursuant to sections 4(i) and 4(j), of the Communications Act of 1934, as amended, 47 U.S.C. 154(i) and 154(j), and section 13(d) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Public Law 116-105, 133 Stat. 3274, this Report and Order is adopted.

31. It is further ordered that parts 0 and 64 of the Commission's rules are amended as set forth in Appendix A.

32. It is further ordered, that, pursuant to sections 1.4(b)(1) and 1.103(a) of the Commission's rules, 47 CFR 1.4(b)(1), 1.103(a), this Report and Order and the amendments to parts 0 and 64 of the Commission's rules, as set forth in Appendix A, shall be effective 30 days after publication in the Federal Register.

33. It is further ordered, that the Commission's Consumer and Governmental Affairs Bureau, Reference Information Center, shall send a copy of this Report and Order, including the Final Regulatory Flexibility Certification, in a report to Congress and the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. 801(a)(1)(A).

34. It is further ordered, that the Commission's Consumer and Governmental Affairs Bureau, Reference Information Center, shall send a copy of this Report and Order, including the Final Regulatory Flexibility Certification, to the Chief Counsel for Advocacy of the Small Business Administration and be published in the Federal Register.

List of Subjects in Parts 0 and 64

• Telecommunications

Final Rules

For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR part 0 and 64 as follows:

PART 0—COMMISSION ORGANIZATION

1. The authority citation for part 1 continues to read as follows:

Authority: 47 U.S.C. 155, 225, unless otherwise noted.

2. Amend § 0.111 by redesignating paragraph (i) as paragraph (j) and adding a new paragraph (i) to read as follows::

PART 64—MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

3. The authority citation for part 64 continues to read as follows:

Authority: 47 U.S.C. 154, 201, 202, 217, 218, 220, 225, 226, 227, 228, 251(e), 254(k), 262, 403(b), (2)(B), (c), 616, 620, 1401-1473, unless otherwise noted. sec. 503, Pub. L. 115-141, 132 Stat. 348.

4. Add § 64.1203 to read as follows: