Introduction
Robocalls are the top complaint received by the Federal Communications Commission (FCC) and a consistent congressional concern. A robocall, also known as "voice broadcasting," is any telephone call that delivers a pre-recorded message using an automatic (computerized) telephone dialing system, more commonly referred to as an automatic dialer or "autodialer."
The Telephone Consumer Protection Act of 1991 (TCPA)1 regulates robocalls. Legal robocalls are used by legitimate call originators for political, public service, and emergency messages, which are legal. Other legitimate uses can be, for example, to announce school closures or to remind consumers of medical appointments. Illegal robocalls are usually associated with fraudulent telemarketing campaigns, but an illegal robocall under the TCPA does not necessarily mean that the robocall is fraudulent.2 Illegal, fraudulent calls usually include misleading or inaccurate Caller ID information to disguise the identity of the calling party and trick called parties, which is called "spoofing." Scammers sometimes use "neighbor spoofing" so it will appear that an incoming call is coming from a local number. They may also spoof a number from a legitimate company or a government agency that consumers know and trust.3 Like robocalls more generally, spoofing can also be used for legitimate purposes, such as to hide the number of a domestic violence shelter or an individual employee extension at a business or government agency. This report addresses robocalls that are both illegal under the TCPA as well as intended to defraud, not robocalls that are defined only as illegal.
The number of robocalls continues to grow in the United States, and the figures tend to fluctuate based on the introduction of new government and industry attempts to stop them and robocallers' changing tactics to thwart those attempts (see Figure 1). In 2019, U.S. consumers received 58.5 billion robocalls, an increase of 22% from the 47.8 billion received in 2018, according to the YouMail Robocall Index.4 In 2016, the full first year the Robocall Index was tabulated, that figure was 29.1 billion calls—half the number of calls in 2019.5 Further, the FCC states that robocalls make up its biggest consumer complaint category, with over 200,000 complaints each year—around 60% of all the complaints it receives.
Over the past three years, the FCC has pursued a multi-part strategy for combatting spoofed robocalls. The agency has
- issued hundreds of millions of dollars in fines for violations of its Truth in Caller ID rules;6
- expanded its rules to reach foreign calls and text messages;
- enabled voice service providers to block certain clearly unlawful calls before they reach consumers' phones;
- clarified that voice service providers may offer call-blocking services by default; and
- called on the industry to "trace back" illegal spoofed calls and text messages to their original sources.
The FCC estimates that eliminating illegal scam robocalls would provide a public benefit of $3 billion annually.7 A survey by Truecaller, a company that tracks and blocks robocalls, puts that figure as high as $10.5 billion.8
The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act
The Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) empowered the FCC to take specific actions to fight illegal robocalls; it was signed into law on December 30, 2019 (P.L. 116-105). The law requires the FCC to
- administer a forfeiture penalty for violations (with or without intent) of the prohibition on certain robocalls;
- promulgate rules establishing when a provider may block a voice call based on information provided by the call authentication framework, called Secure Telephony Identity Revisited (STIR) and Signature-based Handling of Asserted information using toKENs (SHAKEN) (together known as "STIR/SHAKEN"), and establish a process to permit a calling party adversely affected by the framework to verify the authenticity of its calls;
- initiate a rulemaking to help protect subscribers from receiving unwanted calls or texts from a caller using an unauthenticated number;
- assemble, in conjunction with the Department of Justice, an interagency working group to study and report to Congress on the enforcement of the prohibition of certain robocalls; and
- initiate a proceeding to determine whether its policies regarding access to number resources could be modified to help reduce access to numbers by potential robocall violators.
STIR/SHAKEN is seen by many, including the FCC, as a particularly important part of achieving the projected cost savings associated with eliminating illegal robocalls. STIR/SHAKEN must be implemented by June 30, 2021.9
Ongoing Efforts to Combat Robocalls
Both the telecommunications industry and the FCC are taking steps to counter illegal robocalls. The telecommunications industry has developed new technologies and other tools to detect and block illegal robocalls. The FCC has taken steps to create a policy environment in which those tools can be implemented. The FCC has also expanded the scope of some existing rules and continues to target and fine illegal robocallers.
Call Blocking Initiatives
In November 2017, the FCC authorized telecommunications providers to block calls originating from numbers that should not originate calls, or that are invalid, unallocated, or unused, without violating call completion rules. In December 2018, the FCC adopted a declaratory ruling clarifying that wireless providers are authorized to take measures to stop unwanted text messaging as well as unwanted calls. The FCC has also encouraged companies that block calls to establish an appeals process for erroneously blocked callers.
Do Not Originate Registry and Other Call Blocking
The telecommunications industry has now widely implemented the blocking of numbers that should not originate calls, called the "Do Not Originate" (DNO) Registry. In November 2017, the FCC promulgated rules on the creation and use of the DNO Registry. The rules explicitly allow service providers to block calls from two categories of number: (1) numbers that the subscriber has asked to be blocked, such as "in-bound only" numbers (numbers that should not ever originate a call); and (2) unassigned numbers, as the use of such a number indicates that the calling party is intending to defraud a consumer.
USTelecom, a trade association representing telecommunications-related businesses in the United States, maintains this registry and works with industry to implement DNO call blocking for in-bound numbers associated with government agencies.
2020 FCC Report on Call Blocking
On December 20, 2019, the FCC released a public notice seeking comments for its first of two staff reports on call blocking issues mandated by the TRACED Act.10 The agency asked for comments on
- the availability and effectiveness of call blocking tools offered to consumers;
- the impact of the FCC's actions on illegal calls;
- the impact of call blocking on 911 services and public safety; and
- any other issues parties would like to see addressed.
Comments were due January 29, 2020, and reply comments were due February 28, 2020.11
Caller ID Authentication
Illegitimate robocallers nearly always spoof their originating number. That is, they deliberately falsify the Caller ID information they are transmitting to disguise their identity. One way to help consumers recognize spoofing and identify scams is to verify who is calling through Caller ID authentication. Over the past few years, the telecommunications industry developed a set of protocols, the STIR/SHAKEN framework that enables phone companies to verify that the Caller ID information transmitted with a call matches the caller's phone number. Once fully implemented, STIR/SHAKEN is expected to reduce the effectiveness of illegal spoofing and enable the identification of illegal robocallers. The FCC mandated the adoption of STIR/SHAKEN on March 31, 2020. These steps are discussed in detail in the section of this report, "FCC Order and Further Notice of Proposed Rulemaking, March 2020."
Call Traceback
More than 30 voice service providers participate in the USTelecom Industry Traceback Group (ITG), which was formally established in May 2016. The ITG is a collaborative effort of companies across the wireline, wireless, voice over internet protocol, and cable industries that actively trace and identify the source of illegal robocalls. The ITG coordinates with federal and state law enforcement agencies to identify non-cooperative providers so those agencies can take enforcement action, as appropriate.
During 2019, ITG members conducted more than 1,000 tracebacks, associated with more than 10 million illegal robocalls. This activity has resulted in more than 20 subpoenas and/or civil investigative demands from federal and state enforcement agencies.12 The ITG published its first status report in January 2020.13
Reassigned Numbers Database
When a consumer cancels service with a voice provider, the provider may reassign the number to a new consumer. If callers are unaware of the reassignment, they can make unwanted calls to the new consumer, unintentionally violating the Telephone Consumer Protection Act.
In March 2018, the FCC proposed that one or more databases be created to provide callers with the comprehensive and timely information they need to discover potential number reassignments before making a call. In December 2018, the commission authorized the creation of a reassigned numbers database to enable callers to verify whether a telephone number has been permanently disconnected and is therefore eligible for reassignment—before calling that number—thereby helping to protect consumers with reassigned numbers from receiving unwanted calls. On January 24, 2020, the FCC requested public comment on the technical requirements developed for the database by the North American Numbering Council (NANC).14 Comments were due February 24, 2020, and reply comments were due March 9, 2020.
FCC Declaratory Ruling and Third Further Notice of Proposed Rulemaking, June 2019
On June 6, 2019, the FCC adopted a declaratory ruling and third further notice of proposed rulemaking (FNPRM), "Advanced Methods to Target and Eliminate Unlawful Robocalls and Call Authentication Trust Anchor."15
Declaratory Ruling
The declaratory ruling empowers phone companies to block suspected illegal robocalls by default (customers may opt out) and asserts the FCC's view that carriers can allow consumers to opt in to more aggressive call-blocking tools, known as white-listing. Both blocking by default and opt-in white-listing tools seek to stop unwanted calls on the voice provider's network before calls reach the consumer's phone.16
Call-Blocking Programs (Opt Out)
Call-blocking programs have become more popular and effective in the past few years. There are numerous blocking tools for different platforms, and the number of available tools is growing. Many service providers only offer these programs on an opt-in basis, limiting their potential impact. Providing a call-blocking program as the default option can significantly increase consumer participation while maintaining consumer choice.
White-List Programs (Opt In)
White-list programs require consumers to specify the telephone numbers from which they wish to receive calls—all other calls are blocked. Smartphones have provided a new way to implement white-list programs, because they store the consumer's contact list. When the consumer's contacts change, the white list can be updated. The declaratory ruling asserts the FCC's view that nothing in the Communications Act of 1934 or the FCC's rules prohibits a service provider from offering opt-in white-list programs.
Third Further Notice of Proposed Rulemaking
The FNPRM requested feedback on several proposals: a safe harbor for providers that implement blocking of calls that fail caller authentication under STIR/SHAKEN, protections for critical calls, mandating Caller ID authentication, and measuring the effectiveness of robocall solutions. Comments were due on July 24, 2019, and reply comments were due on August 23, 2019.17
Safe Harbor for Call-Blocking Programs Based on Potentially Spoofed Calls
The FCC proposed a narrow safe harbor for voice service providers that offer call-blocking programs that take into account (1) whether a call has been properly authenticated under the SHAKEN/STIR framework and (2) may potentially be spoofed. The safe harbor limits liability for voice service providers if they block a legal robocall. Among other elements, the FCC proposed a safe harbor for voice service providers that choose to block calls that fail SHAKEN/STIR authentication and asked whether there might be other instances where authentication would fail. The FCC also asked how it could ensure that wanted calls are not blocked and sought comment as to how to identify and remedy the blocking of wanted calls.
Protections for Critical Calls
The FCC requested comments on whether it should require voice providers offering call-blocking to maintain a "critical calls list" of emergency numbers that must not be blocked. Such lists would include, for example, the outbound numbers of 911 call centers and other government emergency services. The blocking prohibition would apply only to STIR/SHAKEN-authenticated calls.
Mandating Caller ID Authentication
The FCC requested comments on its proposal to mandate implementation of the STIR/SHAKEN authentication framework, if major voice providers fail to meet the end-of-2019 deadline for voluntary implementation. This is the topic of the FCC order issued on March 31, 2020, and is discussed in detail in the next section of this report, "FCC Order and Further Notice of Proposed Rulemaking, March 2020."
Measuring the Effectiveness of Robocall Solutions
The FCC requested feedback on whether it should create a mechanism to provide information to consumers about the effectiveness of voice providers' robocall solutions and, if so, how it should define and evaluate that effectiveness. The FCC also asked how it could obtain the information needed for such an evaluation.
FCC Order and Further Notice of Proposed Rulemaking, March 2020
The FCC published its latest guidance and proposals on March 31, 2020, in a new order and FNPRM.18
Order
The new rules require implementation of Caller ID authentication using STIR/SHAKEN. Specifically, the rules require "all originating and terminating voice service providers to implement STIR/SHAKEN in the Internet Protocol (IP) portions of their networks by June 30, 2021, a deadline that is consistent with Congress's direction in the recently-enacted TRACED Act," described earlier in, "The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act." Most experts say that widespread deployment of STIR/SHAKEN will reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help phone companies to identify calls with illegally spoofed Caller ID information before those calls reach their subscribers.
Further Notice of Proposed Rulemaking
The FNPRM requests public comments on
- expanding the STIR/SHAKEN implementation mandate to cover intermediate voice service providers;
- extending the implementation deadline by one year for small voice service providers pursuant to the TRACED Act;
- adopting requirements to promote caller ID authentication on voice networks that do not rely on IP technology; and
- implementing other aspects of the TRACED Act.
Comments to the FNPRM are due on May 15, 2020, and reply comments are due on May 29, 2020.19
Other FCC Actions Related to Robocalls
Other FCC actions to fight illegal robocallers include ongoing enforcement actions, an extension of a robocall ban to international callers, and the establishment of a hospital robocall protection group.
Ongoing Enforcement Actions
Since January 2017, the FCC has imposed or proposed about $240 million in forfeitures against robocallers. One case involved an individual who made more than 96 million illegal robocalls over the course of three months. Another involved an individual who conducted a large-scale robocalling campaign that marketed health insurance to vulnerable populations. In both cases, the illegal calls disrupted an emergency medical paging service.20
Extension of Robocall Ban to International Callers
In 2018, Congress amended the Communications Act of 1934 to prohibit spoofing activities directed at U.S. consumers from callers outside the United States and Caller ID spoofing using alternative voice and text messaging services. To implement these amendments, the FCC issued rules in July 2019 that expanded the act's prohibition on the use of misleading and inaccurate Caller ID information.21
Hospital Robocall Protection Group
The TRACED Act of 2019 required the FCC to establish a Hospital Robocall Protection Group. For most consumers, robocalls are a potentially fraudulent nuisance. For hospitals, though, the robocalls can present challenges that are increasingly threatening doctors and patients:
At Tufts Medical Center, administrators registered more than 4,500 calls between about 9:30 and 11:30 a.m. on April 30, 2018, said Taylor Lehmann, the center's chief information security officer. Many of the messages seemed to be the same: Speaking in Mandarin, an unknown voice threatened deportation unless the person who picked up the phone provided their personal information.22
The FCC began soliciting nominations for the group in March 2020. Once established, the group is to be charged to develop and issue best practices regarding (1) how voice service providers can better combat unlawful robocalls made to hospitals; (2) how hospitals can better protect themselves from such calls; and (3) how the federal government and state governments can help combat such calls.23
Outlook
The FCC has taken wide-ranging steps to stop illegal robocalls, including imposing fines on law breakers; mandating the implementation of call authentication technologies by the telecommunications industry; creating databases of numbers that should not be called; and providing regulatory permission to implement call blocking. Although these steps appear to be having some impact, scammers remain determined to continue their attempts to defraud consumers using robocalls. Historically, decreases in the number of robocalls are sometimes followed shortly thereafter by spikes in those numbers, illustrating how robocallers continue to overcome measures to stop them (e.g., by changing their originating numbers). Most of the tools being used against robocalls have been developed recently, while some are still under development. Therefore, it may take telecommunications providers some time to fully implement them, and it may be some time before a long-term and ongoing decrease in robocall numbers will be realized. The positive impacts of FCC initiatives on fraudulent robocalls, as well as potential negative impacts on the telemarketing industry due to blocking legitimate calls, may be the subject of continued oversight by Congress.
