On December 10, 2024, the US Federal Communications Commission (FCC) issued an order which said over a quarter of the telcos listed on their Robocall Mitigation Database (RMD) could be struck from the register, and hence denied the ability to carry calls that terminate in the USA, unless their filings were amended before December 31. There was a predictable response on mainstream media and social media.
FCC Threatens to Block 2,400 Voice Providers Over Lax Robocall Enforcement
FCC Cracks Down: Are You Ready for the Robocall Mitigation Compliance Blitz?
FCC threatens to disconnect 2,400 phone companies enabling illegal robocalls
Cited Providers Must Respond to Mitigation Database Deficiencies by December 31, 2024
The FCC just dropped a bombshell on robocall fraudsters.
Over 2,400 voice service providers are facing removal for failing to comply with the Robocall Mitigation Database filing requirements… This is huge.
These were headlines and excerpts from such varied sources as Boing Boing, PCMag, social media influencers and legal firms. The scale of this kind of action would have been unprecedented. Many of the 2,411 registrations that were named by the order have been on the database since it was first created in 2021. So what happened in practice? A very small number of businesses voluntarily de-registered since the announcement of the FCC’s deadline and a greater number has joined the database, leading to an overall rise in the number of telcos listed.
Commsrisk automatically monitors all changes to the RMD. As you can see from this graph, far fewer than 2,411 registrations have been deleted or amended, either by the December 31 deadline or since.
What is the FCC waiting for? With so much old data in the RMD it is inevitable that dozens of the listings they highlighted will relate to entities that have gone out of business since they were registered. Others have had years to amend their record and chosen not to do so, despite this latest order. For all the hoo-ha about the FCC getting tough with illegal robocallers, this exercise is actually another example of the FCC’s unwillingness to enforce its own rules. The American public should be pressuring the FCC to do more, but they have been misinformed by a legion of intermediaries who repeat everything the FCC says whilst remaining ignorant of what the FCC does.
One comical outcome shows how few people understand the RMD registration rules anyway. Hiya describes itself as the “trusted global leader in delivering secure, engaging phone connections while protecting businesses, carriers, and consumers from spam and fraud”. Their business model involves providing telcos in the USA and other countries with the ability to discriminate between good and bad traffic so the latter can be blocked. They have repeatedly said they use STIR/SHAKEN to assist their analytics. So you might think Hiya would know the rules about whether they should be listed in the RMD. However, Hiya was one of the businesses included in the FCC’s December 10 purge list. They voluntarily deregistered just before the December 31 deadline. And they were right to deregister because their entry was obviously wrong. Their registration had claimed they had a “complete STIR/SHAKEN implementation” although that is impossible because they are not a telco. And if they were a telco with a complete STIR/SHAKEN implementation then they should still be registered now!
The December 10 press release included the following quote from the woman who oversaw the introduction of the RMD, former FCC Chairwoman Jessica Rosenworcel.
Providers must be active partners in the fight against unwanted and illegal robocalls. If they are not, they should not be allowed to participate in our phone networks. Full stop.
The irony is that many businesses are going to retain an illegitimate RMD listing longer than Rosenworcel held on to the top job at the FCC. Donald Trump’s return as US President spelled the end of her reign as a Democrat appointee and her replacement with Brendan Carr, a Republican. But that does not mean there is likely to be a change in the US strategy for tackling illegal calls. Rosenworcel’s FCC delivered a muddled approach where IP networks had to implement STIR/SHAKEN on the premise that it authenticates traffic, although it does not, and networks without STIR/SHAKEN had to file robocall mitigation plans in the RMD, which they did not. STIR/SHAKEN does not authenticate traffic because the FCC failed to specify any enforceable KYC requirements. The robocall mitigation plans in the RMD are mostly garbage because the FCC failed to specify what they should contain.
Effective news reporters would hold the US government and its agencies to account, highlighting their failures and pushing them to do better. What we have instead is a chorus of sycophants who repeat the FCC’s propaganda. They never challenge the FCC over an obvious lack of results. They take the easier option of repeatedly blaming all telcos en masse, even though there is nothing that a good telco can do to prevent bad telcos misbehaving. The existence of bad businesses is the reason governments create specialized regulators who can understand and tackle the detail. The RMD exists to discriminate good from bad. Both the FCC and the RMD have utterly failed to obtain the detailed knowledge required to fulfill their respective roles. This hurts good telcos as well as the public.
Actions should speak louder than words, and a recurring pattern of ineffective FCC activity should speak volumes. Sadly, the FCC’s cronies have ensured words are always louder than actions. They deserve a share of the blame for the extent to which ordinary phone users continue to suffer from illegal calls.




