Re: Third Further Notice of Proposed Rulemaking, Advanced Methods to Target andEliminate Unlawful Robocalls, CG Docket No. 17-59, WC Docket No. 17-97, 84 Fed.Reg. 29,478 (June 24, 2019)
Dear Ms. Dortch:
The undersigned representatives of health care providers, pharmacies, electric utility companies, grocers, retailers, banks, credit unions, and other financial services providers(the Associations) appreciate the opportunity to comment on the Federal Communications Commission’s (Commission) Third Further Notice of Proposed Rulemaking (Notice).
The Commission has historically prohibited call blocking, because companies that providetelephone service (Voice Service Providers, or Providers) are required, with limited exceptions,to connect calls that pass through their networks (call completion rules). In the Notice, theCommission seeks to encourage implementation of a framework for authenticating calls(SHAKEN/STIR framework) by proposing a safe harbor from liability under the call completionrules for Voice Service Providers that choose to block calls, or a subset of calls, that are not authenticated under that framework. The Commission also proposes to mandate adoption ofSHAKEN/STIR if major Voice Service Providers do not do so voluntarily by December 2019, and to create a mechanism to provide information to consumers about the effectiveness of Providers’ “robocall solutions."
The Associations support the Commission’s goal to eliminate illegal automated calls and agreethat implementation of the SHAKEN/STIR framework is an important step toward achieving thatgoal. Under this framework, a call is “signed,” or attested, by the Voice Service Provider thatoriginates the call, and the call is validated by a validation service at the terminating end of thecall. The framework also establishes a mechanism to transmit with the signed call informationthat the originating Voice Service Provider has about the entity that placed the call. Thisframework facilitates Voice Service Providers’ evaluation of whether the calling party isauthorized to use the number appearing in the recipient’s Caller ID, which in turn, will helpprotect consumers from fraud.
The SHAKEN/STIR framework must be designed to ensure that important, and often time-sensitive, calls that Association members and other organizations place to their customers are notblocked. These calls include alerts from a child’s school (e.g., regarding unplanned closures oremergencies), updates about electric utility outages, public safety notifications, healthcare andprescription reminders, data breach and fraud alerts, service disruption notifications, urgentproduct safety recall notifications, and loan servicing and collections-related calls. It is criticalthat these calls be completed without delay.
To minimize the blocking of these calls, we recommend that the Commission direct VoiceService Providers not to block unsigned calls until the SHAKEN/STIR framework has been fullyimplemented. Moreover, once the framework has been fully implemented, the Commissionshould permit Providers to block only calls that have not been properly authenticated under theframework or those that have been authenticated, but where the Provider has concluded with ahigh degree of certainty that the call was placed illegally. In addition, for a Voice ServiceProvider to be protected by the safe harbor, the Commission should require Providers that blockcalls to notify the calling party and to remove erroneous blocks within 24 hours of learning of theblock.
The Commission also has proposed a requirement for Voice Service Providers that block calls tomaintain a “Critical Calls List” of numbers that the Provider may not block. However, we urgethe Commission to expand the categories of calls that should be included on a Critical Calls List.In addition to emergency service numbers, the list should include numbers from which thefollowing categories of calls are initiated: fraud alerts, data breach notifications, remediationmessages, electric utility outage notifications, product safety recall notices, healthcare remindersand prescription notices, and mortgage servicing calls required by Federal or State law.
We also recommend that the Commission, in assessing the effectiveness of Voice ServiceProviders’ solutions to the problem of illegal automated calls, measure and report annually onthe number of calls that Providers have blocked erroneously, including (but not limited to) thenumber of calls erroneously blocked under the SHAKEN/STIR framework.
As the Commission has observed, only a few Voice Service Providers have implemented theSHAKEN/STIR framework. Most Voice Service Providers, particularly smaller Providers, havenot begun implementing this framework. In addition, the governance authority overseeing theSHAKEN/STIR framework is still under development. The telecommunications solutionscompany “iconectiv” was selected in late May to be the administrator of the SHAKEN/STIRframework, but key aspects of the framework remain under review by iconectiv and industrystakeholders. For example, there is no consensus or uniform approach regarding how a call’sauthentication status should be presented when a call is delivered to its recipient.
One result of the still-incipient nature of the SHAKEN/STIR framework is that a call that hasbeen signed by the originating Voice Service Provider may be routed through another Providerthat has not adopted SHAKEN/STIR. Once the call passes through the non-adopting Provider, itwill not be recognized as signed.
In addition, companies that place large volumes of calls may utilize a number of Voice ServiceProviders, and for any particular call, may use the Provider that can transport the call for the leastcost (an arrangement called “least cost routing”). Under this arrangement, one Voice ServiceProvider will obtain from the United States’ number administrator access to the phone number(or phone numbers) used to place outbound calls for the company, and other Providers will carrycalls placed from those numbers. Under the SHAKEN/STIR framework as it currently exists, theProvider carrying the call is not able to validate the origin of the call, which may result in the callbeing blocked. Industry is working on potential solutions that allow the Provider carrying the callto validate the call’s origin, but no standards are currently in place.
We urge the Commission to direct Voice Service Providers not to block unsigned calls prior tofull implementation of the SHAKEN/STIR framework. “Full implementation” should beconsidered met only when all Voice Service Providers are able to authenticate calls. Assuggested in the Notice, when a call is placed but the originating or terminating Provider has notyet implemented the SHAKEN/STIR framework, a Provider that blocks the call should not beprotected by a safe harbor. If unsigned calls are blocked prior to full implementation of the SHAKEN/STIR framework, then calls that are signed — but not recognized as signed — couldbe blocked, depriving consumers of important information from legitimate businesses.
Once the SHAKEN/STIR framework has been fully implemented, Voice Service Providersshould be permitted to block only those calls (1) that have not been properly authenticated underSHAKEN/STIR; or (2) where the Provider can determine with a high degree of certainty that thecall was placed illegally through application of objective, defined criteria. For example, theCommission could permit Voice Service Providers to block an authenticated call that is tracedback to a caller that has illegally spoofed its outbound calls in the past or otherwise placed callsillegally.
It is critical that Voice Service Providers apply objective, defined criteria to determine whetherto block an authenticated call. Providers should not be permitted to block an authenticated callthat, in the Provider’s subjective view, may be “unwanted.” In its June 2019 Declaratory Ruling,the Commission authorized Voice Service Providers to block calls “based on any reasonableanalytics designed to identify unwanted calls.” As the Associations explained previously in ourletter of May 30, 2019, to the Commission, the blocking of allegedly unwanted calls could resultin the erroneous blocking of lawful and important calls from legitimate businesses to theircustomers. As described above, these include alerts from a child’s school, information aboututility outages and service disruption notifications, public safety notifications, healthcare andprescription reminders, data breach and fraud alerts, product safety recall notifications, andservicing and collections-related calls. For each of these categories of calls, a company initiates alarge volume of outbound calls from a number in a short period of time, which is one analyticalfactor used by Voice Service Providers and third-party services to determine whether a call islabeled as “Potential Spam,” “Suspected Spam,” “Spam Number,” “Nuisance Label,” or “DebtCollector.” Voice Service Providers should not block an authenticated call in reliance on suchanalytical factors, absent a high degree of certainty that the call was placed illegally.
The Commission also should discourage Voice Service Providers from labeling calls as “debtcollector.” Unlike the call labels of “spam” and “nuisance” — which should describe illegallyplaced calls — servicing and collections-related calls are lawful and beneficial to consumers. Itis well-established that the earlier a creditor is able to communicate with a financially distressedborrower, the more likely that the creditor will be able to offer the borrower a loan modification,interest rate reduction, or forbearance on interest and fees, which will help limit avoidable late fees and negative credit reports. Moreover, the Bureau of Consumer Financial Protection (theexpert agency on this matter) has proposed a rule under the Federal Debt Collection PracticesAct (FDCPA) that would impose restrictions on the number and frequency of calls that third-party collectors may place to consumers. In addition, the label of “debt collector” may pose arisk that the caller is disclosing the existence of a debt to third parties in violation of the FDCPA.In sum, labeling a call as “debt collector” is unnecessary, provides no benefit to consumers,presents risks to consumers’ privacy, and may harm consumers if calls are not answered as aresult of the label. We encourage the Commission to consult with the Bureau as the Commissionconsiders rules regarding the labeling and blocking of calls.
The Commission has proposed a safe harbor from liability under the Commission’s callcompletion rules for Voice Service Providers that choose to block calls that are not authenticatedunder the SHAKEN/STIR framework. The Commission also has recognized that the blockingof calls under this framework may result in the erroneous blocking of legitimate calls placed bythe Associations’ members, despite the best efforts of Voice Service Providers. We agree with the Commission’s suggestion that Voice Service Providers should establish procedures to enablecallers to correct erroneous blocks. This requirement would implement congressional directioncontained in Senate-passed legislation that the Commission not “support blocking or mislabelingcalls from legitimate businesses” and that the Commission “should require voice serviceproviders to unblock improperly blocked calls in as timely and efficient a manner asreasonable.” The requirement also would be consistent with legislation that the U.S. House ofRepresentatives passed today (by a 429-3 vote) that would require the Commission to ensure thatcall-blocking services provided to consumers have “effective redress options” for erroneouslyblocked calls that resolve such blocks with “no additional charge to callers.”
To receive protection under the safe harbor, the Commission should require Voice ServiceProviders to implement procedures to notify callers and call recipients of blocked calls and toremove those blocks expeditiously and without charging a fee to the calling party. Voice ServiceProviders should be required to notify callers of any call block, regardless of whether theblocking is imposed under the SHAKEN/STIR framework. Specifically, Providers should givenotice of the block to the caller and to the call recipient. Notification could be made through useof an intercept message or special information tone that conveys that the call has been blocked.These notifications should include a phone number or website address for the caller to seekinformation about why the call was blocked and how to prevent such blocking in the future. Theintercept process also should identify the Voice Service Provider that has blocked the call andprovide a means for the caller to contact that Provider. Voice Service Providers also shouldremove an erroneous block within 24 hours of learning of the block, at no charge to the caller.
These procedures will mitigate the harm caused to our members by an erroneous block — andthe harm caused to our members’ customers who would miss important and often time-sensitiveinformational calls if the block were not removed.
The Commission has proposed requiring Voice Service Providers that block calls to maintain a“Critical Calls List” of numbers that the Provider may not block. We agree that consumers areharmed when they do not receive important calls from legitimate businesses and that VoiceService Providers should facilitate these lawful calls. Congress has expressed its unequivocalintent that the Telephone Consumer Protection Act (TCPA) should not “be a barrier to thenormal, expected or desired communications between businesses and their customers.”
The Commission has proposed that the Critical Calls List include numbers from whichemergency calls are placed and has requested comment on whether the List should be expandedto include other categories of numbers. We urge the Commission to expand the Critical CallsList to include the categories of numbers described below. In addition, we ask that theCommission clarify the procedure for businesses to submit (and update) qualifying outboundnumbers for this List.
The creation of a list of numbers from which outbound calls may not be blocked would protectimportant, time-critical, non-telemarketing communications between businesses and theircustomers, including those discussed below—
Financial institutions continuously work to identify suspicious activities and transactions and torespond with timely messages to customers that might be at risk. In 2015, the Commission recognized the value provided by these messages and exempted them from the TCPA’s consentrequirements, subject to certain conditions. Among the activities and risk factors institutionsmonitor for these purposes are: (1) customer purchases that are unusual in kind for the customer,such as purchases in amounts or in geographic areas or at types of merchants that depart from thecustomer’s established buying patterns; (2) sizes and types of transaction authorization requeststhat present a high likelihood of fraud, such as high-dollar transactions, ATM withdrawals, andpurchases of goods that can readily be converted to cash; (3) transaction requests involvinggeographic areas, merchants, or merchant types that recently have experienced unusual levels offraud; and (4) suspicious non-monetary activities, such as changes of address closelyaccompanied by requests for new payment cards, and requests for new online credentials,coupled with evidence of malware or phishing attacks.
Financial institutions also are required, under the Fair Credit Reporting Act, to verify acustomer’s identity before authorizing the establishment of any new credit plan or extension ofcredit where a fraud alert has been placed on the customer’s credit reporting agency file.
Section 501(b) of the Gramm-Leach-Bliley Act, as well as the data security breach notificationstatutes of the 50 states and the District of Columbia, require the Associations’ members toestablish response and customer notification programs to be implemented following anyunauthorized access to customers’ personal information. Accordingly, upon learning of anydata breach, our members immediately seek to contact customers to notify them of the breachand of any remedial action to be taken.
As with fraud alerts, the Commission has recognized the value provided by data security breachnotifications and exempted them from the TCPA’s consent requirements.
Closely related to data security breach notification messages are notices to customers concerningmeasures they may take to prevent identity theft resulting from a breach, such as placing fraudalerts on their credit reports and subscribing to credit monitoring services. In many notablesecurity breach cases, affected institutions have offered to cover the costs of such services forconsumers. The Commission also has exempted these messages from the TCPA’s consentrequirements.
It is imperative that electric utility companies quickly disseminate information regarding serviceinterruptions or other potential public safety hazards. Electric companies place calls to addressthe wide range of potential risks to public health and safety presented by an interruption ofelectric service due to extreme weather conditions or needed repair and maintenance work.Examples of these calls include calls that warn about planned or unplanned service outages;provide updates about service outages or service restoration; ask for confirmation of servicerestoration or information about lack of service; provide notification of meter work, treetrimming, or other field work that directly affects the customer’s electric service; and provideinformation about potential brown-outs due to heavy energy usage.
Following the 2008 financial crisis, federal and state regulators have required mortgage servicersto place outbound telephone calls to borrowers that fall behind on their mortgage payments toadvise the borrower about options to avoid foreclosure and the potential loss of their home.Failure to place such calls can result in significant liability for the mortgage servicer. Theserequirements were borne out of research that was conducted following the financial crisis, whichstrongly validates that early outreach to a distressed borrower can provide the borrower withgreater opportunity to obtain a loan modification, interest rate reduction, or forbearance oninterest and fees. Early outreach also can help the borrower limit avoidable late fees, negativecredit reports, and prolonged delinquencies from which the borrower may have difficultyrecovering. These calls are informational in nature and are usually placed by live customerservice agents.
Retailers, manufacturers, and other supply chain companies subject to the jurisdiction of theConsumer Product Safety Commission (CPSC) enter into voluntary corrective action plans(typically known as “product safety recalls”), and are occasionally subject to mandatory recallorders of the CSPC, with respect to consumer products that potentially pose a hazard toconsumers. The four bases for both voluntary and mandatory recalls listed under Section 15(b) ofthe Consumer Product Safety Act (CSPA), which incorporates by reference other statutesgranting recall authority to the CPSC, are that the consumer product: 1. “fails to comply with anapplicable consumer product safety rule or with a voluntary consumer product safety standardupon which the Commission has relied . . .”; 2. “fails to comply with any other rule, regulation,standard or ban under this Act or any other Act enforced by the Commission;” 3. “contains adefect which could create a substantial product hazard . . . .”; or 4. “creates an unreasonable riskof serious injury or death.” If a product is recalled, either voluntarily by the recalling companyor via a mandatory recall order of the CPSC, the recalling company often will contact knownaffected consumers directly to notify them of the recall, either by telephone, text messaging, oremail. In cases where a call, as defined by the TCPA, is made to a consumer, it is criticallyimportant for the consumer to be reached as soon as possible to avoid the hazard or risk ofserious injury or death presented by the product or products.
Additionally, the Food and Drug Administration, Bureau of Alcohol, Tobacco, Firearms andExplosives, U.S. Department of Agriculture, U.S. Department of Transportation, U.S.Environmental Protection Agency, and U.S. Federal Aviation Administration, among otherfederal agencies, have jurisdiction over certain consumer products in addition to the CPSC’sjurisdiction. The Associations’ members with products subject to these agencies’ jurisdictionmay make critically important and time-sensitive calls to customers known to have purchased aproduct or to be using a service that may present a risk of harm to consumers. Such productrecall notices and related consumer safety calls are time-critical calls that should not be blockedby Voice Service Providers, as this could result in the serious injury or death of the consumer ifnot timely notified of the recall or other corrective action due to erroneous blocking. Therefore,such calls should be placed on the Critical Calls List and no safe harbor for Voice ServiceProviders should apply to the blocking of such calls.
Hospitals, pharmacies, and other healthcare organizations place time-sensitive, non-telemarketing calls to provide important healthcare information to consumers. These callsinclude appointment and exam confirmations and reminders, wellness checkups, hospital preregistration instructions, pre-operative instructions, lab results, post-discharge follow-upintended to prevent readmission, prescription notifications, home healthcare instructions, and“health care messages” as defined by HIPAA
Several of these messages are required by law. For example, an insurance exchange must make a“reasonable effort” to contact all applicants who provide information to the exchange that isinconsistent with the information maintained in official records. Federal law also permits federal and state health and human services programs to communicate with patients (and clients)by phone regarding program eligibility and recertification. In addition, federal law requireshospitals and outpatient clinics to perform post-discharge follow-up with patients to reduce therate of readmission.
In the Notice, the Commission proposes to establish a process to provide information to thepublic about the “effectiveness” of Voice Service Providers’ “robocall solutions.” If theCommission creates this mechanism, we recommend that the Commission measure and reportannually on the number of calls that Voice Service Providers have blocked erroneously. Thesewould include (but not be limited to) the number of calls erroneously blocked under theSHAKEN/STIR framework. We believe that Providers will be able to track the number oferroneous blocks, particularly if Providers are required to notify callers of blocked calls and toimplement a formal mechanism to remove erroneous blocks. Data on the number of erroneouslyblocked calls will assist the Commission in determining whether the SHAKEN/STIR frameworkaccurately distinguishes between calls that are legitimate and those that are not.
In addition, the June 2019 Declaratory Ruling authorizes Voice Service Providers to offerconsumers call-blocking programs that block any call not in the consumer’s list of contacts.The Commission should measure and report annually on the number of calls blocked by VoiceService Providers under such call-blocking programs, including the number of calls that areoriginated by legitimate businesses.
The Associations support the Commission’s goal to eliminate illegal automated calls and supportthe implementation of the SHAKEN/STIR framework as a means to help achieve that goal. Toensure that calls placed by legitimate businesses are not blocked, we urge the Commission toprohibit the blocking by Voice Service Providers of “unsigned” calls until the SHAKEN/STIRframework is fully implemented. Once the framework has been implemented, the Commissionshould permit Voice Service Providers to block only calls that are not authenticated or, ifauthenticated, those calls that the Provider has determined, with a high degree of certainty, areillegal calls.
We also urge the Commission to expand its proposed Critical Calls List to include numbers usedto place fraud alerts, data breach notifications, remediation messages, electric servicenotifications, product safety recall notices, healthcare reminders and prescription notices, andmortgage servicing calls required by Federal or State law. We also recommend that theCommission, in assessing the effectiveness of Voice Service Providers’ solutions to the problem of illegal automated calls, measure and report annually on the number of calls that Voice ServiceProviders have blocked erroneously.
Sincerely,
Download Comment Letter to see full list of signatories