What Is the US Regulator Really Doing With Its Robocall Mitigation Database?

This is one of those rare articles where I will admit to bias at the outset. I have no love for paper-pushing bureaucrats, even if digitalization means that progressively fewer trees must die to justify their employment status. Their efforts invariably make fruitless work for others, and their lack of understanding serves as an obstacle to anyone searching for real solutions to intractable problems. Having admitted my bias, I still feel entitled to wonder what the Federal Communications Commission (FCC), the US regulator, is really seeking to accomplish by effectively mandating that telcos domiciled outside of the USA must also sign up to its Robocall Mitigation Database? No matter how honorable their intentions, the FCC has no authority over businesses outside of their own country. But the way the FCC’s rules have been structured, US telcos cannot receive voice calls from US customers who are roaming on a foreign network unless the US telco has received that call from a telco that has registered their details in the FCC’s Robocall Mitigation Database.

I am not going to argue about the rules, although I will observe that the many lawyers employed by the FCC keep finding different ways to describe those rules, seemingly because they cannot tell when a new description conflicts with a previous one. Here is the most complete expression of the relevant rule; the following sentences are key.

With the filing deadline now established for June 30, 2021, this prohibition will go into effect on September 28, 2021. As of that day, intermediate providers and voice service providers will be prohibited from accepting calls directly from a voice service provider, including a foreign voice service provider that uses North American Numbering Plan resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States, if that voice service provider’s filing does not appear in the Robocall Mitigation Database.

The problem here is that an American roaming on a foreign network is still going to be using the ‘North American Numbering Plan resource’ that is their own phone number. So this clause literally becomes a catch-all for any mobile network that allows Americans to roam on it. That will be every mobile network, apart from a few exceptions in North Korea and Cuba. A workaround could involve blanking the phone number of any roamer from the USA, but the FCC probably does not want that, because the result would make calls from ordinary Americans look much like the robocalls that the FCC is seeking to reduce. However, as you may have noticed, there is a more important limitation on the FCC’s rule: US providers cannot accept calls if they come directly from an unlisted telco, which presumably means they can accept calls that come indirectly from unlisted telcos. So this rule applies to the first-order connections of US telcos, but not to telcos whose connection is second-order or higher. But if that really is the correct interpretation of this rule, how does this support a genuine solution to US problems?

Suppose you work for the US regulator. You want to check that US telcos are doing everything they should to stop pesky robocalls. So you have a list of US telcos, and now you know who to check. You also know you can shut down a US business if they refused to add their details to the list. You also want to stop pesky robocalls from overseas that pretend to look like they come from a US phone. So you have a list of telcos that are directly connected to US telcos and which might convey that traffic, and you might start checking them and threatening them with disconnection from the US market too. But what are you doing about the next telco in the chain, and the one after that? Is the listed non-US telco that is directly connected to a US telco also obliged to impose anti-robocall sanctions on telcos that provide them with traffic that terminates in the USA? Does that include scenarios where some tiny little international carrier is conveying traffic from the state-controlled former monopoly provider in a country where Americans go on holiday but which is not so bothered about appeasing US politicians? Would that mean the FCC is prepared to see a curtailing in roaming services for US consumers in order to pursue their goal of decreased exposure to robocalls?

The problem with national governments and their regulators trying to boss around businesses in other countries is that they lack the authority to enforce precise rules, and anyone working in international telecoms should be telling the FCC about how difficult it is to impose rules on international traffic even under the best of circumstances. National bodies can use various methods to punish foreign businesses economically, but the downside in this instance is that you cannot selectively block traffic from a foreign mobile operator that also wants to feed robocalls into the US phone system. Unless the FCC goes to a lot of trouble to monitor where Americans are roaming (and this would normally be considered an invasion of privacy, even by lax American standards) then any foreign mobile network – or any telco that sits between that network and the telcos listed in the Robocall Mitigation Database – could potentially make robocalls look like roaming calls from US consumers.

Part of the reason that the database is already accumulating an excessive number of registrations from foreign telcos is that terminating operators in the USA lack the ability to distinguish calls generated by US outbound roamers from any international traffic, even if the traffic has nothing to do with American roamers. They cannot tell the difference between an inbound call from an American roamer and a phone call whose originating number falls outside the North American Numbering Plan, so there is no way they will effectively be able to distinguish between genuine outbound roamers from a US operator and calls that look like they come from subscribers of a US operator.

So what really is the purpose of the database? One possible purpose is to make useful information available to any fool who wants to download the database. I can confirm any fool is capable of downloading the database because this fool did it half an hour ago. The downloaded file presented me with the names, telephone numbers, email addresses and business addresses of 3,220 separate entities that have registered their details. Cynics might observe this makes the database a great resource for unscrupulous marketeers wanting to spam businesses about solutions to reduce spam. On the other hand, the most cursory check leads me to question the quality of the data in the database. For example, Telecom Italia Sparkle S.p.A. is listed in the database, but minus any of the other mandatory data. Their entry even omits to state which country Telecom Italia is in, though many telecoms professionals will instinctively fill the blank.

There were a total of 290 entries in the database from telcos that listed themselves as belonging to a different country than the USA. The range of the foreign entries stretches from two telcos based in Albania to two telcos based in Vietnam, though my guess is that many more foreign telcos will need to be added before September 28. That makes it unlikely any will be punished for missing the June 30 deadline, and it is minor infractions like missing deadlines which show how toothless regulators are when dealing with foreign businesses. It is possible to imagine all of a telco’s traffic being blocked if they provide a conduit for tremendous amounts of spam, but what punishment can realistically be levied if a deadline is missed, or the information in a database is wrong?

Even if the database listed all the telcos that should be included, I question whether the FCC has any serious plan to check the data. This is important because the people who do not answer honestly are the ones most likely to be spreading the spam that this database is supposedly going to be used to inhibit. If an office worker spent just 15 minutes on confirming each of the current entries in the database then it would take them 805 hours to complete the task, which is approximately half a working year for a typical public sector employee. Allowing just 15 minutes to validate each phone number would be optimistic; Americans have plenty of different time zones, the world has even more, and nothing in the rules says listed contacts may not miss a call whilst having a toilet break. And what punishment would be handed out if the phone number is wrong, or if the telco forgets to update the details of their contact when they switch jobs?

The Robocall Mitigation Database is what you get when bureaucrats want to make it seem like they are compiling a really really really useful list but the truth is that the bureaucrats are just making work for themselves by making work for others. With no useful control over the quality of data in the database, no proportionate punishment for foreign telcos that commit misdemeanors but have added themselves to the list, and no real idea how to impose any obligations on any telcos that sit beyond the first-order connection of US telcos, marketeers are going to make more effective use of the data than anyone else. It is ironic that a program supposed to reduce the nuisance of unwanted calls is going to encourage more cold-calling by salesmen.

Click here if you want to download the US Robocall Mitigation Database in CSV format.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.