US Adopts Anti-Robocall Law With Global Implications

US President Donald Trump likes to keep himself busy, sometimes by trolling his rivals on Twitter, and other times by ordering the execution of foreign military leaders, but on the penultimate day of 2019 he made time to sign a law designed to reduce the number of nuisance robocalls received by Americans. The official White House statement on the signing of the Pallone-Thune TRACED Act reads:

This historic legislation will provide American consumers with even greater protection against annoying unsolicited robocalls. American families deserve control over their communications, and this legislation will update our laws and regulations to stiffen penalties, increase transparency, and enhance government collaboration to stop unwanted solicitation. President Donald J. Trump is proud to have worked with Congress to get this bipartisan legislation to his desk, and even prouder to sign it into law today.

Senate Majority Leader Chuck Schumer, one of the Democrats that Trump most likes to antagonize via Twitter, took to the social media platform to affirm his support for the TRACED Act.

Ajit Pai, Chairman of the Federal Communications Commission (FCC), the US comms regulator, also emphasized that the TRACED Act had support from both major parties in his official statement.

I applaud Congress for working in a bipartisan manner to combat illegal robocalls and malicious caller ID spoofing. And I thank the President and Congress for the additional tools and flexibility that this law affords us. Specifically, I am glad that the agency now has a longer statute of limitations during which we can pursue scammers and I welcome the removal of a previously-required warning we had to give to unlawful robocallers before imposing tough penalties.

These are the most important provisions of the TRACED Act.

  • Increases fines for robocall offenders
  • Increases the time the FCC has to pursue offenders to four years
  • Makes the adoption of the STIR/SHAKEN framework for call authentication mandatory for IP networks
  • Mandates an unspecified form of call authentication for non-IP networks too
  • Prohibits telcos from charging consumers and small businesses for call authentication
  • Tells the FCC to produce annual reports on robocalls and to formally propose rules for preventing spam calls and messages
  • Tells the FCC to decide how numbering resources will be modified so telcos know the identity of customers
  • Tells the Attorney General to convene an interagency task force to examine how to prosecute offenders, which may include doing deals with foreign governments
  • Tells the FCC to initiate a ‘proceeding’ that will consider how to address wangiri

Whilst STIR/SHAKEN is explicitly mandated for the first time, this technology only works with IP networks. So the new law also requires that ‘reasonable measures’ be adopted to authenticate calls across TDM networks.

The Commission shall require a provider of voice service to take reasonable measures to implement an effective call authentication framework in the non-internet protocol networks of the provider of voice service.

I have heard of several different ways this might be achieved, each with their own strengths and weaknesses. Hence I will refrain from making any predictions about how US telcos will approach this particular challenge. However, telcos around the world should keep a close eye on developments in the US because of the likelihood that they will be pressured to support the same methods.

Although most press attention focused on the domestic problem of robocalls, the section of the TRACED Act that addresses wangiri may have even more far-reaching consequences for how telecoms fraud is tackled globally. It is worth reproducing the key clauses, which refer to the FCC as ‘the Commission’ and to wangiri as ‘one-ring scams’.

…the Commission shall consider how the Commission can —

(1) work with Federal and State law enforcement agencies to address one-ring scams;

(2) work with the governments of foreign countries to address one-ring scams;

(3) in consultation with the Federal Trade Commission, better educate consumers about how to avoid one-ring scams;

(4) incentivize voice service providers to stop calls made to perpetrate one-ring scams from being received by called parties, including consideration of adding identified one-ring scam type numbers to the Commission’s existing list of permissible categories for carrier-initiated blocking;

(5) work with entities that provide call-blocking services to address one-ring scams; and

(6) establish obligations on international gateway providers that are the first point of entry for these calls into the United States, including potential requirements that such providers verify with the foreign originator the nature or purpose of calls before initiating service.

The FCC is obliged to initiate its anti-wangiri proceeding within 120 days of the TRACED Act being signed into law i.e. by 28th April. They must report on the status of their anti-wangiri proceeding by the first anniversary of the act i.e. by 30th December 2020.

The TRACED Act will likely have consequences for telcos outside of the USA, but it is difficult to predict what those consequences will be. The technology required to implement STIR/SHAKEN is not cheap, and the approach depends on centralized authority. This creates a risk that the TRACED Act will simply drive American robocallers offshore, where they will continue to phone US consumers like they did before. Hence it is important to understand how foreign powers might cooperate with US authorities. The upgrade to IP networks will not happen at the same pace everywhere, so there is also the potential that foreign telcos would prefer to support a cost-effective alternative form of call authentication that works across both IP and TDM networks. Wangiri is clearly a global phenomenon, but some telcos are reluctant to consider cooperative solutions, believing they can identify the relevant inbound calls without needing external help. Making international gateway providers work with foreign originators to confirm that inbound calls are not wangiri would force the issue of cooperation to the top of the industry agenda.

Whilst US politicians are evidently motivated by a desire to please their voters, the TRACED Act raises many questions about the extent to which decisions made by American regulators and telcos will come to influence the telecoms industry globally.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.