Call Authentication Trust Anchor; Implementation of TRACED Act-Knowledge of Customers by Entities with Access to Numbering Resources, 22099-22118 [2020-07629]

Agencies

• FEDERAL COMMUNICATIONS COMMISSION

[Federal Register Volume 85, Number 77 (Tuesday, April 21, 2020)]
[Proposed Rules]
[Pages 22099-22118]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-07629]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 64

[WC Docket Nos. 17-97, 20-67; FCC 20-42; FRS 16632]


Call Authentication Trust Anchor; Implementation of TRACED Act--
Knowledge of Customers by Entities with Access to Numbering Resources

AGENCY: Federal Communications Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In this document, the Commission seeks comment on proposals to 
further efforts to promote caller ID authentication and implement 
Section 4 of the Pallone-Thune Telephone Robocall Abuse Criminal 
Enforcement and Deterrence (TRACED) Act. In addition, the Commission 
also seeks comment in this document on implementing section 6(a) of the 
TRACED Act, which concerns access to numbering resources. The 
Commission concurrently adopted a Report and Order mandating that all 
originating and terminating voice service providers implement the STIR/
SHAKEN caller ID authentication framework in the internet Protocol (IP) 
portions of their networks by June 30, 2021.

DATES: Comments are due on or before May 15, 2020. Reply Comments are 
due on or before May 29, 2020.

ADDRESSES: Comments and reply comments may be filed using the 
Commission's Electronic Comment Filing System (ECFS). See Electronic 
Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1998). 
Interested parties may file comments or reply comments, identified by 
WC Docket Nos. 17-97, 20-67, by any of the following methods:
     Electronic Filers: Comments may be filed electronically 
using the internet by accessing the ECFS: https://www.fcc.gov/ecfs/
     Paper Filers: Parties who choose to file by paper must 
file an original and one copy of each filing.
    Filings can be sent by commercial overnight courier, or by first-
class or overnight U.S. Postal Service mail. All filings must be 
addressed to the Commission's Secretary, Office of the Secretary, 
Federal Communications Commission.
     Commercial overnight mail (other than U.S. Postal Service 
Express Mail and Priority Mail) must be sent to 9050 Junction Drive, 
Annapolis Junction, MD 20701.
     U.S. Postal Service first-class, Express, and Priority 
mail must be

[[Page 22100]]

addressed to 445 12th Street, SW, Washington, DC 20554.
    Effective March 19, 2020, and until further notice, the Commission 
no longer accepts any hand or messenger delivered filings. This is a 
temporary measure taken to help protect the health and safety of 
individuals, and to mitigate the transmission of COVID-19. See FCC 
Announces Closure of FCC Headquarters Open Window and Change in Hand-
Delivery Policy, Public Notice, DA 20-304 (March 19, 2020). https://www.fcc.gov/document/fcc-closes-headquarters-open-window-and-changes-hand-delivery-policy.
    During the time the Commission's building is closed to the general 
public and until further notice, if more than one docket or rulemaking 
number appears in the caption of a proceeding, paper filers need not 
submit two additional copies for each additional docket or rulemaking 
number; an original and one copy are sufficient.
    In addition to filing comments with the Secretary, a copy of any 
comments on the Paperwork Reduction Act information collection 
requirements contained herein should be submitted to the Federal 
Communications Commission via email to [email protected] and to Nicholas A. 
Fraser, Office of Management and Budget, via email to 
[email protected] or via fax at 202-395-5167.

FOR FURTHER INFORMATION CONTACT: For further information, please 
contact Mason Shefa, Competition Policy Division, Wireline Competition 
Bureau, at [email protected]. For additional information concerning 
the Paperwork Reduction Act information collection requirements 
contained in this document, send an email to [email protected] or contact 
Nicole Ongele at (202) 418-2991.

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's 
Further Notice of Proposed Rulemaking in WC Docket Nos. 17-97, 20-67; 
FCC 20-42, adopted and released on March 31, 2020. The full text of 
this document is available for public inspection during regular 
business hours, when FCC Headquarters is open to the public, in the FCC 
Reference Information Center, Portals II, 445 12th Street, SW, Room CY-
A257, Washington, DC 20554 or at the following internet address: 
https://docs.fcc.gov/public/attachments/FCC-20-42A1.pdf. The Report and 
Order that was adopted concurrently with this Further Notice of 
Proposed Rulemaking is published elsewhere in the Federal Register. To 
request materials in accessible formats for people with disabilities 
(e.g., braille, large print, electronic files, audio format, etc.) or 
to request reasonable accommodations (e.g., accessible format 
documents, sign language interpreters, CART, etc.), send an email to 
[email protected] or call the Consumer & Governmental Affairs Bureau at 
(202) 418-0530 (voice) or (202) 418-0432 (TTY).

Synopsis

I. Further Notice of Proposed Rulemaking

    1. Building on the important steps we take in the concurrently 
adopted Report and Order, we offer proposals and seek comment on 
further efforts to promote caller ID authentication and implement 
section 4 of the TRACED Act. We also seek comment on implementing 
section 6(a) of the TRACED Act, which concerns access to numbering 
resources.

A. Caller ID Authentication Requirements Definitions and Scope

    2. In the accompanying Report and Order, we adopted a definition of 
``STIR/SHAKEN authentication framework'' that aligns with the statutory 
language of the TRACED Act. We believe the definition we adopted of the 
``STIR/SHAKEN authentication framework'' is sufficient for our 
implementation of the TRACED Act. We seek comment on this view.
    3. We also adopted a definition of ``voice service'' in the Report 
and Order that aligns with the statutory language of the TRACED Act. In 
section 4(a)(2) of the TRACED Act, Congress provided a definition of 
``voice service'' that is similar, but not identical, to the 
preexisting definition found in section 64.1600(r) of our rules, which 
adopts the definition Congress provided in Section 503 of the RAY 
BAUM'S Act. Both provisions define voice service as ``any service that 
is interconnected with the public switched telephone network and that 
furnishes voice communications to an end user using resources from the 
North American Numbering Plan or any successor to the North American 
Numbering Plan adopted by the Commission under section 251(e)(1) of the 
[Act].'' In the TRACED Act, Congress included a similar definition but 
added a provision that ``without limitation, any service that enables 
real-time, two-way voice communications, including any service that 
requires [I]nternet [P]rotocol-compatible customer premises equipment 
(commonly known as `CPE') and permits out-bound calling, whether or not 
the service is one-way or two-way voice over [I]nternet [P]rotocol.'' 
We seek comment on how, if at all, the scope of the TRACED Act 
definition varies from the section 64.1600(r) definition on the basis 
of the foregoing language. Should we provide further guidance on the 
meaning of the ``without limitation'' language in the TRACED Act, or is 
it clear as written? Looking at the two definitions as a whole, we seek 
comment on whether Congress intended to create two distinct definitions 
with different scopes or whether the similarity between the definitions 
means that we should harmonize our interpretations of the two 
definitions. Additionally, we seek comment on whether the TRACED Act's 
definition of ``voice service'' should cause us to revisit our decision 
in the accompanying Report and Order to exempt from our rules providers 
that lack control of the network infrastructure necessary to implement 
STIR/SHAKEN.
    4. Congress directed many of the requirements in the TRACED Act to 
``providers of voice service.'' On one reading, an entity is a provider 
of voice service only with respect to calls that meet the definition of 
``voice service,'' i.e., ``provider'' is defined on a call-by-call 
basis. On another reading, an entity that provides any voice service is 
always a ``provider of voice service,'' i.e., ``provider'' is defined 
on an entity-by-entity basis. We propose adopting the former 
interpretation. Based on this interpretation, a provider is not subject 
to the TRACED Act for all services simply because some fall under the 
TRACED Act definition of ``voice service''; instead, only those 
services that meet the TRACED Act definition of ``voice service'' are 
subject to TRACED Act obligations. We propose this interpretation 
because it gives meaning to Congress's inclusion of a definition for 
``voice service'' and appears to best comport with the TRACED Act's 
allocation of duties on the basis of call technology, e.g., 
differentiating duties between calls over IP and non-IP networks. 
Further, we have previously used a call-by-call understanding of 
intermediate providers in our rules. We seek comment on this 
interpretation. Should we instead read the TRACED Act to establish a 
status-based approach, thus capturing a provider's entire network if 
some parts of its network meet the statutory definition?

B. Extending the STIR/SHAKEN Implementation Mandate to Intermediate 
Providers

    5. To further help ensure that caller ID authentication information 
reaches call recipients, we propose extending our STIR/SHAKEN mandate 
to intermediate providers. We seek comment on this proposal, in 
general, and on the specific

[[Page 22101]]

implementing measures we propose below for authenticated and 
unauthenticated calls that intermediate providers receive. In each 
case, we propose applying the obligations we establish for IP calls 
both to calls that an intermediate provider passes to a terminating 
voice service provider and to calls that it passes to a subsequent 
intermediate provider. We seek comment on this proposed scope. We 
further propose adopting these rules pursuant to our authority under 
the Communications Act. We seek comment on this proposal, as well as 
whether we have independent authority under either the TRACED Act or 
the Truth in Caller ID Act.
    6. Authenticated Calls. We propose to require intermediate 
providers to pass any Identity header they receive to the subsequent 
intermediate or voice service provider in the call path. Technically, 
this proposal would require that the Identity header be forwarded 
downstream in the SIP INVITE transmitted by the intermediate provider. 
This proposal is consistent with the NANC's recommendation ``that all 
carriers that route calls between originating and terminating carriers, 
such as long-distance providers and least-cost routers, maintain the 
integrity of the required SHAKEN/STIR signaling.'' We anticipate that 
imposing such a mandate on intermediate providers is necessary to 
ensure that calls transmitted in IP retain authentication information 
across the entire call path. If any of the intermediate providers in 
the call path are unable or unwilling to transmit the Identity header 
through their network, the terminating voice service provider will be 
unable to verify the caller ID information. If fully implemented, the 
STIR/SHAKEN framework creates an ``end-to end'' system for 
authenticating the identity of the calling party. The component SHAKEN 
standard specifically addresses the reality that call paths often 
involve voice service providers that do not connect directly with each 
other, but rather connect indirectly through one or more third party 
networks. Indeed, a framework like STIR/SHAKEN that identifies the true 
origination of calls is expressly required because voice service 
providers do not have direct peering relationships with all other voice 
service providers. We therefore anticipate that adopting our proposal 
will be essential to preventing gaps that would undermine the value of 
STIR/SHAKEN implementation by voice service providers that originate 
and terminate calls that may transit over intermediate provider 
networks. We seek comment on this preliminary view. What are the 
benefits or drawbacks to imposing this obligation on intermediate 
providers? What, if any, are the technical barriers preventing 
intermediate providers from complying with this obligation? Are market 
forces alone sufficient to drive intermediate providers to implement 
STIR/SHAKEN, making regulatory action unnecessary? If we were to adopt 
our proposal, should we create any limitations or exceptions? In 
addition to this proposed requirement, should we require intermediate 
providers to append to the SIP INVITE their own additional Identity 
header to more accurately and easily support traceback to each provider 
in the call path? Are there any other actions reasonably necessary for 
implementation of STIR/SHAKEN that we should require of intermediate 
providers?
    7. Additionally, we propose to require intermediate providers to 
pass the Identity header unaltered, thereby prohibiting the 
manipulation of STIR/SHAKEN Identity header information by intermediate 
providers when transmitting this information along with a SIP call. 
This prohibition would prevent a downstream provider from altering or 
stripping the caller ID authentication information in the Identity 
header and ensure such providers do not tamper with authenticated calls 
after they leave the originating voice service provider's network. 
Based on comments filed earlier in this proceeding, we anticipate that 
such a prohibition would be beneficial because it would better ensure 
the integrity of authentication information that reaches the 
terminating voice service provider and call recipient. We seek comment 
on our proposal. Are there legitimate reasons, technical or otherwise, 
for an intermediate provider to alter or strip STIR/SHAKEN header 
information? Would establishing this prohibition impact the ability of 
intermediate providers to complete calls if, for instance, a 
terminating voice service provider is unable to accept the STIR/SHAKEN 
header information for a technical reason? If so, how can we 
distinguish between malicious or negligent manipulation and 
manipulation done for legitimate technical reasons? In the absence of a 
Commission prohibition, could the practice of malicious or negligent 
manipulation of the Identity header be adequately policed by 
participating providers or the industry through the STI-GA? We do not 
propose prohibiting a terminating voice service provider from altering 
or stripping the Identity header for a call that it receives before 
attempting to verify it. We regard this scenario as unlikely since 
terminating voice service providers need to verify the Identity header 
information in order for their subscribers to receive the benefits of 
STIR/SHAKEN, and we do not believe our rules need to address it. Do 
commenters agree? Is there any reason we should extend this prohibition 
to terminating voice service providers?
    8. Unauthenticated Calls. We propose that when an intermediate 
provider receives an unauthenticated call that it will exchange with 
another intermediate or voice service provider as a SIP call, it must 
authenticate such a call with a ``gateway'' or ``C'' attestation. Such 
attestation conveys that the provider has no relationship with the 
initiator of the call, but it records the entry point of the call into 
its IP network. This action is already contemplated in the industry 
standards. We propose requiring it because, although this attestation 
level lacks any assertion of the calling party's identity, we 
understand from the record developed thus far that it would provide a 
useful data point to inform analytics and allow for traceback of the 
call to the gateway source. We seek comment on this proposal. What are 
the benefits of or drawbacks to imposing this obligation on 
intermediate providers? Would the widespread use of ``C'' attestation 
negatively impact the utility of attestation information to terminating 
voice service providers and their subscribers? What, if any, are the 
technical barriers preventing intermediate providers from complying 
with this obligation? Should we create any limitations or exceptions to 
a rule requiring gateway attestation? Are there any circumstances where 
an originating voice service provider would need to be subject to this 
requirement? Multiple commenters support imposing STIR/SHAKEN 
requirements on gateway providers as a way to identify robocalls that 
originate abroad and to identify which provider served as the entry 
point for these calls to U.S. networks. Is this an effective way to use 
STIR/SHAKEN to combat illegal calls originating outside the United 
States? ATIS has been working on technical standards intended as 
potential mechanisms for implementing STIR/SHAKEN for internationals 
calls. The first technical report addresses how calls authenticated in 
one country can be verified in a second country through bilateral 
arrangements between the two countries. A second draft technical report 
under current consideration

[[Page 22102]]

addresses how the SHAKEN trust environment could be extended to full 
international deployment in the absence of bilateral arrangements. Both 
approaches are intended to support caller ID authentication and 
traceback for cross-border calls. Are there other rules involving STIR/
SHAKEN that we should consider regarding intermediate providers to 
further combat illegal calls originating abroad? In response to our 
questions in the 2019 Robocall Declaratory Ruling and Further Notice 
regarding the use of STIR/SHAKEN to combat illegally spoofed calls 
originating abroad, Verizon suggests that we impose an obligation to 
use STIR/SHAKEN on any provider, regardless of its geographic location, 
if it intends to allow its customers to use U.S. telephone numbers. 
Verizon suggests, however, that the STIR/SHAKEN rules need only apply 
to calls to U.S. consumers that involve the use of numbers from the 
U.S. portion of the NANP. According to Verizon, U.S.-inbound 
international calls originating from foreign carriers only with numbers 
from their countries' numbering plans do not materially contribute to 
the robocall problem. And USTelecom suggests that we consider 
obligating gateway providers to pass international traffic only to 
downstream providers that have implemented STIR/SHAKEN. USTelecom notes 
that the Commission implemented a similar framework with respect to 
intermediate providers in the rural call completion context and argues 
that a similar approach adopted in the SHAKEN context would ensure a 
heightened degree of transparency and accountability. They argue that 
such an obligation would help ensure that any gateway attestation is 
not stripped out downstream by a provider's network that does not have 
STIR/SHAKEN capability and consequently frustrate efforts to trace 
calls originating abroad back to the gateway provider. Should we 
consider adopting either of these ideas instead of, or in addition to, 
our proposed rules? Beyond imposing obligations on gateway and 
intermediate providers, are there other actions we could take to 
promote caller ID authentication implementation to combat robocalls 
originating abroad?
    9. Limiting Intermediate Provider Requirements to IP Networks. As 
with the rules adopted in the Report and Order, we propose to limit the 
application of these obligations to calls that an intermediate provider 
receives in SIP and will exchange with another intermediate or voice 
service provider in SIP. We preliminarily believe this is an 
appropriate scope given that STIR/SHAKEN is limited to SIP calls. We 
seek comment on this proposal. Is there any reason to require 
intermediate providers to implement caller ID authentication solutions 
in the non-IP portions of their networks? In this regard, we 
specifically invite comment on whether out-of-band STIR, a potential 
STIR/SHAKEN solution for non-IP networks, will include a role for 
intermediate providers as it develops.
    10. We further seek comment on how to prevent the use of non-IP 
intermediate providers as a way to circumvent our rules. How can we 
prevent a gateway or originating voice service provider from concealing 
its identity as the source of a call by purposefully routing that call 
through an intermediate provider that uses non-IP technology? By doing 
so, the provider could both fool terminating providers--who otherwise 
may have seen that the caller ID verification failed--and stymie 
traceback efforts. We also seek comment on the seriousness of this 
threat. Are there technical or economic reasons why this is not likely 
to occur? Would call pattern analysis minimize the effectiveness of 
this conduct? And would the ability to trace a call back to the gateway 
provider allow sufficient traceback to identify the originating 
provider? Or is this threat credible such that we should take action to 
prevent it? If so, what action should we take?
    11. Definition of Intermediate Provider. We propose using the 
definition of ``intermediate provider'' found in section 64.1600(i) of 
our rules. This section provides that an ``intermediate provider'' is 
``any entity that carries or processes traffic that traverses or will 
traverse the [PSTN] at any point insofar as that entity neither 
originates nor terminates that traffic.'' The broad scope of this 
definition seems well-suited to further the goal of widespread 
implementation of the STIR/SHAKEN framework. We seek comment on this 
proposal. Are there alternative formulations to the definition of 
``intermediate provider'' that more accurately capture its role and 
characteristics for the purpose of STIR/SHAKEN implementation? In the 
context of rural call completion, the Commission's rules use a slightly 
narrower definition to exclude from their scope intermediate providers 
that may only incidentally transmit voice traffic, such as internet 
Service Providers. Is this narrower definition a better fit for STIR/
SHAKEN, or does the broader definition we propose better support the 
goal of ubiquitous deployment?
    12. Legal Authority. We propose relying on our authority under 
section 251(e) of the Act to apply these rules to intermediate 
providers. We concluded in the Report and Order that our exclusive 
jurisdiction over numbering policy provides authority to require voice 
service providers to implement STIR/SHAKEN in order to prevent the 
fraudulent abuse of NANP resources. We preliminarily believe that this 
same analysis extends to intermediate providers. Just as with calls 
displaying a falsified or spoofed caller ID on an originating or 
terminating voice service provider's network, calls with illegally 
spoofed caller ID that transit intermediate providers' networks are 
exploiting numbering resources to further illegal schemes. By imposing 
these requirements on intermediate providers, we would protect 
consumers and prevent bad actors from abusing NANP resources. We seek 
comment on this proposal. Consistent with our conclusion in this 
document's Report and Order, we propose concluding that the section 
251(e)(2) requirements do not apply in the context of our establishing 
STIR/SHAKEN requirements. Alternatively, even if section 251(e)(2) does 
apply, we propose that competitive neutrality is satisfied in this 
instance because each carrier is responsible for bearing its own 
implementation costs. We seek comment on these proposals.
    13. We also seek comment on two potential additional sources of 
authority. First, we seek comment on whether the TRACED Act provides us 
with authority to impose the obligations we propose for intermediate 
providers. In the TRACED Act, Congress directs the Commission to 
require voice service providers to implement STIR/SHAKEN in the IP 
portions of their networks. Section 4(a)(2) defines ``voice service'' 
in part as any service that ``that furnishes voice communications to an 
end user using resources from the North American Numbering Plan.'' We 
do not preliminarily read this definition to include intermediate 
providers. Is this a correct interpretation, or can we rely on the 
TRACED Act to reach intermediate providers? At the same time, we 
propose concluding that we are not foreclosed by the limited definition 
of ``voice service'' from imposing STIR/SHAKEN requirements on 
intermediate providers. We propose reaching this conclusion for two 
independent reasons. First, section 4(d) of the TRACED Act states that 
``[n]othing in this section shall preclude the Commission from 
initiating a rulemaking pursuant to its existing statutory authority.'' 
Second, the STIR/SHAKEN framework creates a chain of

[[Page 22103]]

trust between the originating and terminating voice service providers. 
Each intermediate provider operating between the originating and 
terminating voice service provider in the call path must transmit the 
call's Identity header unaltered in order to successfully provide end-
to-end caller ID authentication. We believe that in directing us to 
require providers of voice service to implement the ``STIR/SHAKEN 
authentication framework'' as defined in the TRACED Act, Congress 
intended to refer to the standards created by the information and 
communications technology industry. These standards are designed to 
enable caller ID authentication through an end-to-end chain of trust. 
Intermediate providers play a critical role in ensuring the success of 
such a system. We believe Congress intended for the STIR/SHAKEN 
framework, as mandated in section 4 of the TRACED Act, to be an 
effective means of battling unlawful robocalls, and we therefore 
propose concluding that Congress took this aspect of STIR/SHAKEN into 
account in enacting the TRACED Act and allowed us latitude to impose 
requirements on intermediate providers in support of its direction to 
require voice service providers to implement the STIR/SHAKEN 
authentication framework. We also believe that our proposals lie within 
the Commission's statutory authority to adopt rules ``necessary in the 
execution of its functions.'' We seek comment on this proposed 
analysis.
    14. Second, we seek comment on whether our authority under the 
Truth in Caller ID Act allows us to impose the rules described above. 
In the Truth in Caller ID Act, Congress charged us with prescribing 
rules to make unlawful the spoofing of caller ID information ``in 
connection with any telecommunications service or IP-enabled voice 
service . . . with the intent to defraud, cause harm, or wrongfully 
obtain anything of value.'' Does imposing STIR/SHAKEN implementation 
obligations on intermediate providers fit within this directive? We 
also seek comment on what other sources of authority we have to apply 
STIR/SHAKEN obligations on intermediate providers.
    15. Alternatives. To the extent that commenters believe we cannot 
or should not apply such obligations to intermediate providers, we seek 
comment on alternative measures we could take to ensure that STIR/
SHAKEN information traverses the entire call path. In the Second Rural 
Call Completion Report and Order, the Commission required larger 
originating long-distance providers to monitor the performance of 
downstream intermediate providers with regard to call completion. 
Should we impose a comparable requirement here? For instance, should we 
require originating voice service providers to ensure, by contract and/
or through periodic monitoring, that all intermediate providers in the 
call path transmit STIR/SHAKEN information? Should we require 
originating voice service providers to take remedial measures where 
necessary because of intermediate provider failures, as in the rural 
call completion context? What are the benefits and drawbacks of this 
approach compared to our proposal? We expect that the same sources of 
authority that we rely on in the Report and Order to impose direct 
STIR/SHAKEN obligations on originating voice service providers would 
allow us to impose a monitoring duty on them as well. We seek comment 
on this view and, in general, on sources of authority we may have for 
any alternatives that commenters propose.

C. Assessment of Burdens or Barriers to Implementation

    16. The TRACED Act directs the Commission, not later than December 
30, 2020 ``and as appropriate thereafter,'' to assess any burdens and 
barriers to (1) voice service providers that use time-division 
multiplexing network technology (TDM), a non-IP network technology; (2) 
small voice service providers; and (3) rural voice service providers. 
It further directs us to assess burdens and barriers created by the 
``inability to purchase or upgrade equipment to support the call 
authentication frameworks . . . or lack of availability of such 
equipment.''
    17. To this end, we seek comment on the burdens and barriers to 
implementation for the classes of providers identified, particularly 
the burdens presented by equipment availability and cost. In comments 
previously filed, parties contended that small and rural providers, and 
operators of TDM networks, may incur substantial costs upgrading their 
networks, and updating or replacing service agreements. Do commenters 
agree with this position? What are other burdens and barriers to 
implementation for such voice service providers? Does cost and/or the 
availability of necessary equipment and equipment updates pose barriers 
to implementation for voice service providers that are not small, 
rural, or operators of TDM networks?
    18. We also seek comment on how we should interpret the TRACED 
Act's direction to assess burdens and barriers to implementation ``as 
appropriate thereafter.'' Should we coordinate this assessment with our 
revision of any granted extensions in compliance? Or should we do so on 
a specific schedule or as-needed basis, separate from our extension 
review process?

D. Extension of Implementation Deadline

    19. The TRACED Act includes two provisions for extension of the 
June 30, 2021 implementation date for caller ID authentication 
frameworks. First, in connection with an assessment of burdens or 
barriers to implementation, the Commission ``may, upon a public finding 
of undue hardship, delay required compliance'' with the June 30, 2021 
date for caller ID authentication framework implementation. Second, we 
``shall grant a delay of required compliance'' with the June 30, 2021 
implementation date ``to the extent that . . . a provider or class of 
providers of voice services, or type of voice calls, materially relies 
on a non-[IP] network for the provision of such service or calls.'' 
Under either provision, an extension may be provider-specific or apply 
to a ``class of providers of voice service, or type of voice calls.'' 
We must annually reevaluate any granted extension for compliance. When 
granting an extension of the implementation deadline under either 
provision, we must require that provider to ``implement an appropriate 
robocall mitigation program to prevent unlawful robocalls from 
originating on the network of the provider.'' Based on these 
directives, we propose granting a one-year implementation extension to 
small, including small rural, voice service providers due to undue 
hardship; and propose granting an extension for the parts of a voice 
service provider's network that rely on technology that cannot 
initiate, maintain, and terminate SIP calls. We seek comment on these 
proposals, whether to grant additional extensions, and related issues 
below.
    20. Extensions for Undue Hardship by Category of Provider. The 
TRACED Act grants us the discretion to delay a provider's obligation to 
comply with the June 30, 2021 call authentication framework 
implementation date upon a public finding of hardship. It states that 
the extension may be ``for a reasonable period of time . . . as 
necessary . . . to address the identified burdens and barriers.''
    21. The first category of voice service providers identified by the 
TRACED Act for a potential extension due to undue hardship is voice 
service providers that use TDM network technology. Because the TRACED 
Act includes a separate

[[Page 22104]]

extension for voice service providers that ``material[ly] rely'' on 
non-IP technology, we propose to grant the same extension to voice 
service providers that use TDM technology under the undue hardship 
standard as we grant to providers that materially rely on non-IP 
technology. We believe that such a solution minimizes complexity and 
aligns the compliance requirements for similarly-situated voice service 
providers. We seek comment on this proposal. To give meaning to each 
provision from Congress, should we instead distinguish an undue 
hardship extension on the basis of TDM technology from the extension 
for providers that materially rely on non-IP technology, and if so how?
    22. The second category of voice service providers identified by 
the TRACED Act for a potential extension due to undue hardship is small 
voice service providers. We propose granting a one-year implementation 
extension for such providers and we seek comment on this proposal. 
According to NTCA, small voice service providers face numerous burdens 
and barriers to implementation, including the inability to ``procure 
ready-to-install solutions on the same timeframe as the nation's 
largest carriers.'' It contends that a delayed compliance date would 
allow small voice service providers to ``obtain solutions from 
vendors,'' and benefit from the competition among vendors which, over 
time, will likely ``drive down prices and improve the quality of 
SHAKEN/STIR offerings for smaller providers.'' We tentatively conclude 
that granting such an extension to small voice service providers 
addresses the concerns in the record, such as vendor availability, and 
grants sufficient time for them to implement STIR/SHAKEN on their IP 
networks. Do commenters agree? Alternatively, would granting such an 
extension to small voice service providers compromise the efficacy of 
the STIR/SHAKEN framework unduly? Given the TRACED Act's implementation 
deadline of June 30, 2021, is it necessary to grant small voice service 
providers an implementation extension? Or does this deadline already 
provide small voice service providers with sufficient time to implement 
STIR/SHAKEN on their IP networks? Some commenters claim that a 
``hosted'' solution to implement STIR/SHAKEN currently exists and 
suggest that providers to whom this solution is available would not 
need an extension to comply with the implementation mandate.
    23. We propose to define ``small providers of voice service'' for 
the purposes of our assessment of burdens and barriers and of our 
implementation extension as those that have 100,000 or fewer voice 
subscriber lines (counting the total of all business and residential 
fixed subscriber lines and mobile phones and aggregated over all of a 
provider's affiliates). In the First Rural Call Completion Order, the 
Commission determined that the 100,000-subscriber-line threshold 
ensured that many subscribers would continue to benefit from our rules 
while also limiting the burden on smaller voice service providers. We 
seek comment on this proposal. What are the benefits and drawbacks of 
establishing an 100,000 subscriber-line threshold? Is there an 
alternative measure the Commission should use to define ``small 
providers of voice service''? How should we distinguish small providers 
that must overcome significant technical challenges to implement STIR/
SHAKEN from those that are able to implement it without hardship? Do 
commenters agree that a class-based extension for small providers is 
appropriate, or should we review each small provider seeking an 
implementation extension on a case-by-case basis?
    24. The third category of voice service providers identified by the 
TRACED Act for a potential extension due to undue hardship is rural 
voice service providers. We believe it is unnecessary to grant a 
separate implementation extension for rural voice service providers as 
the challenges faced by these providers are already addressed by either 
the small voice service provider extension or the extension for voice 
service providers that materially rely on a non-IP network. We seek 
comment on this view. Alternatively, by using the separate terms 
``small'' and ``rural,'' did Congress intend to create two distinct 
extensions for rural and small voice service providers? Are there rural 
voice service providers that face unique challenges not addressed by 
either proposed extension and, if so, what definition of ``rural'' 
should we adopt to appropriately capture those entities?
    25. We seek comment on whether we should grant an implementation 
extension for any other voice service providers or classes of voice 
service providers, or types of voice calls. We specifically seek 
comment on Congress's direction to consider whether to grant an 
extension on the basis of ``the inability to purchase or upgrade 
equipment to support the call authentication frameworks under this 
section, or lack of availability of such equipment.'' Are there 
entities, or a class of entities, that should receive an extension on 
this basis? Are there voice service providers other than small voice 
service providers who face a burden due to the inability to purchase or 
unavailability of equipment necessary to participate in caller ID 
authentication? Are there other specific voice service providers or 
classes of voice service providers, or types of voice calls, for which 
we should grant an extension of the implementation deadline? On what 
basis would we grant such an extension? What would constitute a 
sufficient burden or barrier to justify a finding of undue hardship? 
What type of evidence should the voice service provider or class of 
voice service providers be required to present to demonstrate undue 
hardship? And what is a reasonable length of time to extend the 
deadline for such voice service providers and why?
    26. We also seek comment on whether we should grant an extension 
for undue hardship for enterprise calls. If we were to grant such an 
extension, should it apply to all enterprise calling cases or only to 
those that are most challenging? What types of enterprise calling cases 
should be considered particularly challenging for purposes of any 
extension? Would granting an extension for enterprise calls unduly 
limit the benefits offered by widespread implementation of STIR/SHAKEN? 
Additionally, would granting this extension decrease incentives for 
voice service providers to solve existing issues with enterprise 
calling quickly? Even assuming for the sake of argument that achieving 
``A'' attestation may remain a challenge in some circumstances, why 
would it be preferable to allow enterprise calls to go unauthenticated 
rather than potentially receiving ``B'' (partial) or ``C'' (gateway) 
attestation?
    27. We do not interpret the TRACED Act's extension provisions to 
extend to intermediate providers, because its definition of ``voice 
service'' refers to ``furnish[ing] voice communications to an end 
user.'' Should we nonetheless choose to provide an extension based on 
undue hardship for intermediate providers? On what basis would we grant 
such an extension, to whom should we grant it, and how long should any 
such extension last? Would granting an extension for some intermediate 
providers have unique negative impacts on the operation of STIR/SHAKEN 
across the voice network?
    28. Furthermore, should we adopt an extension for voice service 
providers that have legal obligations to maintain extensive networks in 
high cost areas, such as eligible telecommunications carriers and 
carriers of last resort that bear particularly extensive obligations? 
An eligible telecommunications carrier

[[Page 22105]]

must, throughout the service area for which the designation is 
received, ``offer the services that are supported by Federal universal 
service support mechanisms . . . either using its own facilities or a 
combination of its own facilities and resale of another carrier's 
services (including the services offered by another eligible 
telecommunications carrier).'' 47 U.S.C. 214(e)(1)(A). Carriers of last 
resort are ``required to fulfill all reasonable requests for service 
within [their] territory.'' See, e.g., CA PUC 275.6. Or would we 
adequately address the burdens and barriers faced by such voice service 
providers by the other extensions we propose, including the extension 
for non-IP network technology?
    29. Extension for Undue Hardship Due to Challenges in 
Interconnecting in IP. The record developed in response to the 2019 
Further Notice reflects that, for certain voice service providers, a 
barrier to the exchange of authenticated calls occurs at the 
interconnection point. Specifically, voice service providers reported 
that even if they were able to authenticate calls on their own network, 
they could not exchange authenticated calls with another voice service 
provider in certain instances because the interconnection point was not 
IP-enabled, even if the receiving voice service provider itself 
operates on an IP network. We seek comment on whether we should provide 
an implementation extension pursuant to TRACED Act section 
4(b)(5)(A)(ii) to voice service providers that will not be able to 
carry authentication information to the next intermediate or voice 
service provider in the call path due to an inability to interconnect 
in IP. To what extent should a terminating or originating voice service 
provider's implementation extension on this basis depend on the actions 
of the intermediate or voice service provider with which it is seeking 
IP interconnection in order to exchange authenticated calls? Although 
the accompanying Report and Order requires transmission of 
authenticated calls by originating voice service providers only where 
technically feasible, it requires authentication of all SIP calls. 
Under what circumstances would challenges in interconnecting in IP 
constitute an ``undue hardship'' such that the voice service provider 
should be excused from authentication? Would it be appropriate to limit 
any such extension to rural local exchange carriers or some other 
subset of small and/or rural voice service providers? Is such an 
extension an appropriate way to avoid requiring voice service providers 
to invest in network upgrades that they cannot make use of? Or would 
such an extension discourage voice service providers from coming to a 
negotiated resolution and transitioning to IP? We also seek comment on 
ways to address this issue and to encourage the voluntary adoption of 
IP interconnection agreements between voice service providers. We also 
seek comment on barriers to end-to-end STIR/SHAKEN transmission, 
including the degree to which barriers to IP interconnection hinder 
end-to-end caller ID authentication.
    30. Extension for Certain Non-IP Networks. The TRACED Act 
specifically directs that ``the Commission shall grant a delay'' ``for 
any provider or class of providers of voice service, or type of voice 
calls, only to the extent that such a provider or class of providers of 
voice service, or type of voice calls, materially relies on a non-
[I]nternet [P]rotocol network for the provision of such service or 
calls . . . until a call authentication protocol has been developed for 
calls delivered over non-[IP] networks and is reasonably available.'' 
We propose to grant such an extension only for those portions of a 
voice service provider's network that rely on technology that cannot 
initiate, maintain, and terminate SIP calls. Do commenters agree with 
this approach? Under this reading of the statute, we would interpret 
``material[]'' to mean ``important or having an important effect''; 
and, consistent with our call-by-call interpretation of the TRACED Act, 
we would read ``reli[ance]'' with reference to the particular portion 
of the network in question. Altogether, under this reading, we would 
treat reliance on a non-internet Protocol network as material if that 
portion of the network is incapable of using SIP. We seek comment on 
whether, within the framework we propose, we should adopt a different 
interpretation of ``non-[I]nternet [P]rotocol network.''
    31. We also seek comment on other approaches to this statutory 
provision. For instance, should we grant an extension for a voice 
service provider's entire network if that voice service provider 
materially relies on non-IP technology? On this view, how should we 
interpret ``materially relies''? Would we find that a voice service 
provider ``materially relies on a [non-IP] network'' if its network 
substantially relies on non-IP technology, and on that reading what 
portion of a network must be non-IP for reliance to be substantial? 
Would we measure that percentage by a technical measure, such as the 
percentage of non-IP switches in the network? Alternatively, should we 
consider gauging substantial reliance by the percentage of a voice 
service provider's subscriber base served by non-IP network technology?
    32. Additionally, we seek comment on how the Commission should 
determine if a caller ID authentication protocol developed for calls 
delivered over non-IP networks is ``reasonably available'' under 
section 4(b)(5)(B) such that this extension period would end. For 
example, should we conclude that reasonable availability varies by 
voice service provider, e.g., based on size and cost, and if so, how? 
Should we conclude that reasonable availability depends on whether an 
effective protocol can be purchased or otherwise obtained by a certain 
percentage of providers with non-IP networks? While some commenters 
have referred to out-of-band STIR as a framework that could potentially 
allow non-IP voice service providers to participate in STIR/SHAKEN, it 
is our understanding that this framework is still in its infancy and is 
not readily available to be implemented. We seek comment on this 
understanding. Are there other available technologies to enable legacy 
networks to participate in caller ID authentication for which we should 
consider encouraging development and, ultimately, mandate 
implementation? If so, what are they, how do they operate, and how 
might they best be implemented? What efforts, if any, are currently 
underway to develop such technologies, and how near are they to 
viability?
    33. The TRACED Act further provides that we should limit or 
terminate an extension of compliance if we determine in a future 
assessment that a voice service provider ``is not making reasonable 
efforts to develop the call authentication protocol'' for non-IP 
networks. We propose to interpret the ``reasonable efforts'' 
requirement as being satisfied so long as a voice service provider is 
actively working to develop a caller ID authentication protocol for 
non-IP networks. We also propose that a voice service provider 
satisfies this obligation if it is able to provide the Bureau upon 
request documented proof that it is participating, either on its own or 
through a representative, as a member of a working group or consortium 
that is working to develop a non-IP solution, or actively testing such 
a solution. We propose that the Bureau would have authority to 
determine whether the provider is meeting the standard we establish. We 
seek comment on this approach. Should we impose a different standard on 
larger voice service providers that have more resources available to 
invest in technology development and network upgrades?

[[Page 22106]]

Should we impose a stricter standard for the steps voice service 
providers must take to develop a non-IP solution? If so, what should we 
require as part of this more stringent standard? Should we adopt our 
proposed standard initially but shift to a more stringent standard if 
we find that the voice service provider in question, or industry as a 
whole, is not making sufficient progress toward implementation of 
caller ID authentication on non-IP networks?
    34. Extensions Based on Type of Voice Call. We seek comment on 
Congress's direction that extensions may be voice service provider-
specific or apply to a class of voice service providers or type of 
voice calls. Are there any interpretive issues we should consider with 
respect to this provision? Would it be practical to grant an extension 
based on a type of voice call, or would that be unnecessarily 
complicated for voice service providers?
    35. Reevaluating Granted Extensions. We propose directing the 
Bureau to reevaluate any extensions annually after the first extension 
is granted, as required by the TRACED Act, and revise or extend them as 
necessary. We seek comment on this proposal. Should we direct the 
Bureau to consider any specific criteria beyond the statutory criteria? 
We propose directing the Bureau to issue a Public Notice seeking 
comment on its annual review and consider the comments it receives 
before issuing a Public Notice of its decision. Are there other 
specific administrative steps that we should direct the Bureau to 
include in the reevaluation process? Should the Bureau be able to 
expand or only contract the scope of entities that are entitled to a 
class-based or other extension?
    36. Robocall Mitigation During Extension Period. The TRACED Act 
directs us to require any voice service provider that has been granted 
an extension to, during the time of an extension, ``implement an 
appropriate robocall mitigation program to prevent unlawful robocalls 
from originating on the network of the provider.'' We propose 
interpreting this requirement to apply to both voice service providers 
that receive an extension on the basis of undue hardship and voice 
service providers that materially rely on a non-internet Protocol 
network, and we seek comment on this proposal. The TRACED Act states 
that extensions for material reliance on a non-IP network are 
``grant[ed] . . . under subparagraph (A)(ii),'' and that the robocall 
mitigation program applies ``during the time of a delay of compliance 
granted under subparagraph (A)(ii).'' TRACED Act 4(b)(5)(B), 
4(b)(5)(C)(i). Further, the TRACED Act states that extensions for 
material reliance on a non-IP network are ``[s]ubject to subparagraphs 
(C) through (F),'' and paragraph (C)(i) sets forth the robocall 
mitigation program requirement. TRACED Act 4(b)(5)(B), 4(b)(5)(C)(i). 
We seek comment on the requirements we should adopt for a robocall 
mitigation program. Should we prescribe specific robocall mitigation 
practices for these voice service providers? If so, what practices 
should we prescribe and why? Should we implement a system, proposed by 
Verizon, where a voice service provider that originates traffic but 
does not participate in STIR/SHAKEN certifies that ``it takes 
appropriate measures to ensure that it is not contributing to the 
robocall problem''? Similar to Verizon, USTelecom proposes that ``[t]he 
Commission should require every provider of voice service to register 
with the Commission and certify that all of its traffic is either (i) 
signed with STIR/SHAKEN or (ii) subject to a robocall mitigation 
program.'' It adds that the Commission should ``establish a public 
database identifying every 499 filer that has issued its certification, 
along with appropriate rules requiring transit service providers to 
confirm that their customers have such certifications on file and are 
in good standing.'' We seek comment on USTelecom's proposal. Would 
adopting a public certification requirement meet the TRACED Act 
robocall mitigation program requirement? According to USTelecom's 
proposal, the certification should be ``non-prescriptive'' and, 
instead, the Commission ``should require the service provider to 
confirm that it (i) takes reasonable steps to avoid originating illegal 
robocall traffic and (ii) that it is committed to cooperating with law 
enforcement and the industry traceback consortium in investigating and 
stopping any illegal robocallers that it learns are using its service 
to originate calls.'' What are the benefits or drawbacks to this 
approach? Is this an appropriate means to allow for some voice service 
provider discretion to create a program that is workable while ensuring 
an effective robocall mitigation program? Conversely, does this form of 
certification allow too much discretion for voice service providers to 
determine the scope of the robocall mitigation program? If we require a 
certification, should we specify minimum standards that a certifying 
voice service provider must meet, and should we require the 
certification to be made in a public registry? Further, should call 
analytics be part of any robocall mitigation program? How could voice 
service providers with non-IP networks make use of analytics when 
caller ID authentication is not available?
    37. Alternative Methodologies During an Extension. The TRACED Act 
directs us to ``identify, in consultation with small providers of voice 
service, and those in rural areas, alternative effective alternative 
effective methodologies to protect consumers from unauthenticated calls 
during any delay of compliance.'' Accordingly, we ask such voice 
service providers to share the most effective alternative 
methodologies. Have small and rural voice service providers already 
developed any effective methods to protect their subscribers from 
illegal robocalls on their networks? Or are any small or rural voice 
service providers in the process of developing such methodologies? If 
so, at what stage in development are these potential solutions and when 
could they be deployed? What are the specific challenges to such 
development? Is there any other information on this issue that small 
and rural voice service providers would like to share? How can the 
Commission and other voice service providers support the efforts of 
small and rural voice service providers to develop alternative 
effective methodologies to protect their subscribers from 
unauthenticated calls? For instance, would it be helpful for us to 
convene small and rural voice service providers to identify potential 
solutions? Alternatively, should voice service providers that receive 
an extension be required to participate in industry-led traceback 
efforts?
    38. Preventing Abuse of Extension Process. We also seek comment on 
ways to combat potential evasion of our caller ID authentication rules 
using the extension process. For instance, how can we prevent a voice 
service provider from avoiding participating in STIR/SHAKEN by 
purposefully using non-IP network technology to avoid our mandate for 
the duration of the extension granted to voice service providers that 
materially rely on non-IP network technology? We seek comment on the 
seriousness of this threat. Are there economic or technological reasons 
why this is unlikely to occur? Does the TRACED Act's requirement that 
the Commission limit an extension if it determines a voice service 
provider ``is not making reasonable efforts to develop'' a non-IP 
caller ID authentication protocol give us leverage to prevent such 
conduct? Should we take specific further action to prevent this 
behavior? If so, what action should we take? And how can we distinguish 
between a voice service provider with

[[Page 22107]]

genuine reasons to use non-IP technology and a voice service provider 
doing so to avoid participating in STIR/SHAKEN?
    39. Full Participation. Section 4(b)(5)(D) of the TRACED Act 
requires us to ``take reasonable measures'' to address any issues 
observed in our assessment of the burdens and barriers to the 
implementation of caller ID authentication frameworks, and to ``enable 
as promptly as reasonable full participation of all classes of 
providers of voice service and types of voice calls to receive the 
highest level of trust.'' According to the legislation, such measures 
``shall include, without limitation, as appropriate, limiting or 
terminating a delay of compliance granted to a provider'' under section 
4(b)(5)(B) of the TRACED Act if we determine in our assessment that the 
voice service provider is not making reasonable efforts to develop the 
required caller ID authentication protocol for non-IP networks. We seek 
comment on this requirement and how best to fulfill the ``full 
participation'' element of this provision beyond the existing proposals 
contained herein. Are there further steps we might take, beyond those 
already proposed, to enable full participation of all classes of voice 
service providers in a caller ID authentication framework? If so, what 
are they and how would any such steps be implemented?

E. Caller ID Authentication in Non-IP Networks

    40. Because STIR/SHAKEN is a SIP-based solution, those portions of 
a voice service provider's network that are not capable of initiating, 
maintaining, and terminating SIP calls cannot authenticate or verify 
calls under that framework. The TRACED Act directs us, not later than 
June 30, 2021, to require voice service providers to take ``reasonable 
measures'' to implement an effective caller ID authentication framework 
in the non-IP portions of their networks. We propose to interpret the 
TRACED Act's requirement that a voice service provider take 
``reasonable measures'' to implement an effective caller ID 
authentication framework in the non-IP portions of its network as being 
satisfied only if the voice service provider is actively working to 
implement a caller ID authentication framework on those portions of its 
network, either by upgrading its non-IP networks to IP so that the 
STIR/SHAKEN authentication framework may be implemented, or by working 
to develop a non-IP authentication solution. Consistent with our 
proposed approach to assessing whether a provider is making 
``reasonable efforts'' to develop a call authentication protocol in the 
context of determining whether to limit or terminate an extension of 
compliance granted under section 4(b)(5)(B) for non-IP networks, we 
propose that a provider satisfies the ``reasonable measures'' 
requirement under section 4(b)(1)(B) if it is able to provide the 
Commission upon request documented proof that it is participating, 
either on its own or through a representative, as a member of a working 
group or consortium that is working to develop a non-IP solution, or 
actively testing such a solution.
    41. Although some commenters have referred to out-of-band STIR as a 
framework that could potentially allow non-IP voice service providers 
to participate in STIR/SHAKEN, our preliminary view is that out-of-band 
STIR is still in its infancy and is not sufficiently widespread or 
readily available to be implemented. Indeed, the TRACED Act itself 
acknowledges that no viable non-IP solution currently exists insofar as 
it directs us to grant an extension for voice service providers that 
``materially rel[y] on a non-[I]nternet [P]rotocol network . . . until 
a call authentication protocol has been developed for calls delivered 
over non-[I]nternet [P]rotocol networks and is reasonably available.'' 
Given this, we believe the best approach is to continue to promote the 
transition to IP while simultaneously encouraging voice service 
providers to develop a non-IP solution that may benefit those legacy 
networks that are not yet in transition
    42. We seek comment on this approach. Is our proposed approach an 
appropriate interpretation of the TRACED Act's ``reasonable measures'' 
requirement? Should we implement a different standard? If we adopt the 
standard we propose, do commenters agree with our proposals on how to 
evaluate whether a company is ``actively working'' toward developing an 
authentication framework? Should the standard be the same for all voice 
service providers, or should this standard vary according to the size 
or resources of a voice service provider? If commenters believe this 
standard should be variable, how should it vary across different types 
or classes of voice service providers? How should voice service 
providers be separated out under such a variable standard--according to 
size, resources, cost, or some other metric? How should the obligations 
of this requirement vary between the different classes of voice service 
providers?
    43. We also seek comment on our preliminary view that out-of-band 
STIR is not yet sufficiently developed or widespread to form the basis 
of a specific implementation requirement at present. Do commenters 
anticipate that it will be technologically possible for voice service 
providers to have the capability to implement this framework on a 
widespread basis by June 30, 2021? Are there reasons we should or 
should not encourage its development and, in turn, implementation?
    44. We encourage voice service providers to transition their 
networks to IP, and one of the many benefits of the IP transition is 
the ability to implement STIR/SHAKEN. We wish to ensure that the 
framework we develop in this proceeding is consistent with our efforts 
in other proceedings to promote the transition to IP. We believe that 
our proposed approach balances encouraging the transition to IP with 
Congress's goal of promoting an effective caller ID authentication 
solution for non-IP networks. Do commenters agree with this assessment? 
Does our proposed approach appropriately account for the technological 
limits of legacy networks and the challenges of upgrading those 
networks while simultaneously encouraging the transition to IP? Is 
there an alternative approach or additional steps we should take to 
better promote the IP transition in this case? If so, what alternative 
approach or steps should we take?
    45. We further propose to revisit our approach to the TRACED Act's 
``reasonable measures'' requirement for non-IP networks and the 
extension for non-IP networks if industry fails to make sufficient 
progress in overcoming this barrier to the ubiquitous implementation of 
caller ID authentication through either transitioning to IP or 
implementing a non-IP authentication solution. We seek comment on this 
proposal. At what point should we reconsider this issue? If the 
Commission finds, at a later date, that insufficient progress in 
developing a non-IP solution has been made, should we impose a more 
stringent requirement as to the steps that voice service providers must 
take to develop and implement such a solution? What kinds of stricter 
requirements should we impose? Should we require voice service 
providers to either deploy a non-IP solution or upgrade their network 
technology to participate in STIR/SHAKEN?

F. Voluntary STIR/SHAKEN Implementation Exemption

    46. Although the TRACED Act directs us to require each voice 
service provider to implement STIR/SHAKEN in its IP

[[Page 22108]]

network, section 4(b)(2) of the TRACED Act frees a voice service 
provider from this requirement if we determine, by December 30, 2020, 
that ``such provider of voice service'': (A) ``in [I]nternet [P]rotocol 
networks''--(i) ``has adopted the STIR/SHAKEN authentication framework 
for calls on the [I]nternet [P]rotocol networks of the provider of 
voice service; (ii) has agreed voluntarily to participate with other 
providers of voice service in the STIR/SHAKEN authentication framework; 
(iii) has begun to implement the STIR/SHAKEN authentication framework; 
and (iv) will be capable of fully implementing the STIR/SHAKEN 
authentication framework'' not later than June 30, 2021; and (B) ``in 
non-[I]nternet [P]rotocol networks''--(i) ``has taken reasonable 
measures to implement an effective call authentication framework; and 
(ii) will be capable of fully implementing an effective call 
authentication framework'' not later than June 30, 2021. We seek 
comment on the substantive standards and appropriate processes by which 
to implement this forward-looking exemption.
    47. Relationship of IP Network and Non-IP Networks Provisions. We 
propose to read section 4(b)(2) of the TRACED Act as creating two 
exemptions: One for IP calls and one for non-IP calls. Thus, in our 
proposal, a provider may seek the exemption for its ``IP networks'' if 
it meets all four criteria for all calls it originates or terminates in 
SIP, and a provider may seek the exemption for its ``non-IP networks'' 
if it meets both of the criteria for all non-SIP calls it originates or 
terminates. We seek comment on this proposal and any alternative 
approaches.
    48. We believe that our proposal best implements Congress' policy 
and is consistent with principles of statutory construction when 
considering the statute as a whole. First, we believe our reading 
better limits the portion of the exemption that is at risk of being a 
nullity. Given the presence of the word ``and'' between the IP and non-
IP networks criteria, we recognize that the exemption could potentially 
be read as applying only if the provider meets both the IP and non-IP 
networks criteria. Yet, practically speaking, such a reading would 
render the exemption an empty set or nearly so. As we have discussed, 
we believe that non-IP caller ID authentication solutions are not 
likely to be ready for widespread deployment in the near future. We 
therefore anticipate that few, if any, voice service providers will be 
able to claim that they will be capable of ``fully implementing'' an 
effective non-IP caller ID authentication framework by June 30, 2021. 
If we require any party seeking the exemption to attest to this 
requirement, we risk rendering the exemption in its entirety a near-
nullity. We believe our proposed reading cabins the nullity risk more 
narrowly, thus better effectuating Congress's goal of creating a 
meaningful exemption. We seek comment on this interpretation, and again 
invite comment on the likely state of development of non-IP caller ID 
authentication solutions in the next year and a half. Must ``and'' be 
read as creating only one exemption, or are we correct in assuming that 
such a reading would essentially nullify the exemption, thus reading it 
out of the statute and negating Congress's intent?
    49. Second, we believe our proposal encourages prompt deployment of 
STIR/SHAKEN. The statutory exemption rewards early progress in 
deployment. Therefore, by giving providers a path to exemption solely 
for their IP networks, we anticipate that we would encourage faster 
progress in STIR/SHAKEN deployment. We seek comment on this view.
    50. Third, our proposal here would align our interpretation of the 
exemption with our proposal to read requirements in the TRACED Act 
applying to voice service providers as applying on a call-by-call 
basis. Because networks are often mixed and capable of transmitting 
both in IP and non-IP, we preliminarily believe that reading the word 
``networks'' in the statute to refer to the transmission technology of 
a particular call is the best interpretation of the statute. We thus 
preliminarily believe we could distinguish the duty that applies to 
``such provider of voice service in [I]nternet [P]rotocol networks'' 
and ``such provider of voice service in non-[I]nternet [P]rotocol 
networks'' on the basis of the call in question. We seek comment on 
this proposal and of our proposed reading of section 4(b)(2) as 
creating two distinct exemptions.
    51. Threshold for IP Networks Exemption. To ensure that the 
exemption only applies where warranted and to provide parties with 
adequate guidance, we propose expanding on each of the four substantive 
prongs that a voice service provider must meet to obtain an exemption. 
With respect to prong (A)(i), we propose interpreting the phrase ``has 
adopted the STIR/SHAKEN authentication framework for calls on the 
[I]nternet [P]rotocol networks of the provider of voice service'' to 
mean that the voice service provider has publicly committed, via a 
certification, to complete implementation of STIR/SHAKEN by June 30, 
2021. Because the exemption in section 4(b)(2)(A) requires a voice 
service provider to have ``adopted'' STIR/SHAKEN for calls on the IP 
portions of their networks prior to obtaining an exemption, but does 
not require full implementation of STIR/SHAKEN until not later than 
June 30, 2021, we believe that the best approach is to interpret 
section 4(b)(2)(A) as requiring a provider, prior to obtaining an 
exemption, to make a public commitment to completely implement STIR/
SHAKEN by June 30, 2021. We seek comment on this proposed 
interpretation. What are the potential benefits and drawbacks to this 
approach? Does our proposed interpretation align with the language and 
intended purpose of the statute? Are there any plausible alternative 
interpretations of this subsection of the TRACED Act that would account 
for both the stated requirement that a voice service provider ``has 
adopted'' STIR/SHAKEN for calls on the IP portions of its network prior 
to receiving an exemption, with the later ``capable of fully 
implementing'' date? For example, should we consider prong (A)(i) to be 
satisfied to the extent a provider has undertaken network preparations 
necessary to operationalize the STIR/SHAKEN protocols on its network, 
including, but not limited to, by participating in test beds and lab 
testing or completing the commensurate network adjustments to enable 
the authentication and validation of calls on its network consistent 
with the STIR/SHAKEN framework?
    52. We propose reading the phrase ``has agreed voluntarily to 
participate with other providers of voice service in the STIR/SHAKEN 
authentication framework'' in prong (A)(ii) to mean that the voice 
service provider has written, signed agreements with at least two other 
voice service providers to exchange calls with authenticated caller ID 
information. We seek comment on this approach. What are the potential 
benefits and drawbacks attendant in this interpretation? Does our 
proposed interpretation align with the language and intended purpose of 
the statute? Should we mandate that a voice service provider seeking to 
qualify for the exemption have agreements with more than two other 
voice service providers? If so, how many agreements should we require 
before a voice service provider may qualify for the exemption under 
section 4(b)(2)(A)? Should the ``other providers of voice service'' be 
unaffiliated with the provider seeking the exemption? Should voice 
service providers be required to establish such

[[Page 22109]]

agreements only with those voice service providers with which they 
interconnect directly? Must these agreements include specific terms? 
Should we go further and require voice service providers to have 
reached agreements with all others with which they directly 
interconnect? We preliminarily are disinclined to adopt such a 
stringent requirement because, pursuant to the statute, voice service 
providers will have time between December 30, 2020, and June 30, 2021, 
to complete full implementation. Are there consortia or industry groups 
that would allow voice service providers to reach agreements with 
numerous other voice service providers at once and, if so, should 
meeting prong (A)(ii) require participation in such an entity? Should 
we impose specific recordkeeping requirements so that we can verify 
that such agreements are in place? Should voice service providers be 
required to provide proof of such agreements directly to the Commission 
upon request? Are there any plausible alternatives to our proposed 
interpretation of prong (A)(ii)? For example, should we consider prong 
(A)(ii) to be satisfied if a service provider has registered with and 
been approved by the Policy Administrator? Why or why not?
    53. We propose interpreting the phrase ``has begun to implement the 
STIR/SHAKEN authentication framework'' in prong (A)(iii) to mean that 
the voice service provider has completed the necessary network upgrades 
to at least one network element (e.g., a single switch or session 
border controller) to enable the authentication and verification of 
caller ID information consistent with the STIR/SHAKEN standards. This 
proposal would require a voice service provider to make meaningful 
progress on implementation by the time of certification, while taking 
into account that voice service providers will have limited time 
between adoption of a Report and Order and the December 30, 2020 
deadline for exemption determinations. We seek comment on this proposed 
interpretation and on potential alternatives. Is this proposed standard 
too lenient and, if so, what standard should we adopt? We recognize 
that the standard we propose may be more challenging for smaller voice 
service providers than larger voice service providers. Should we vary 
our expectations by voice service provider size and, if so, how? 
Alternatively, should we consider prong (A)(iii) to be satisfied if a 
provider has established the capability to authenticate originated 
traffic and/or validate such traffic terminating on its network?
    54. Lastly, we propose interpreting the phrase ``will be capable of 
fully implementing the STIR/SHAKEN authentication framework'' in prong 
(A)(iv) to mean that the voice service provider reasonably foresees 
that it will have completed all necessary network upgrades to its 
network infrastructure to be able to authenticate and verify caller ID 
information for all SIP calls exchanged with STIR/SHAKEN-enabled 
partners, by June 30, 2021. We seek comment on this proposed 
interpretation. Are there any plausible alternatives to our proposed 
interpretation of this prong of the section 4(b)(2)(A) exemption? For 
example, should we interpret this prong to require only that a provider 
reasonably foresees that it will have the capability to fully implement 
STIR/SHAKEN by June 30, 2021? How would such a reading align with 
Congress's goal of broad STIR/SHAKEN deployment? Would a standard other 
than reasonable foreseeability be appropriate and, if so, how can we 
account for the statute's requirement that voice service providers must 
make a prediction about the future? Alternatively, should we consider 
prong (A)(iv) to be satisfied if a provider certifies only that its 
consumer VoIP and Voice over LTE networks are capable of authentication 
and verification, or will be so capable by June 30, 2021? What would be 
the benefits and drawbacks of such a narrower requirement, and one that 
does not require exchange of authenticated traffic? We encourage 
commenters to support any alternative interpretation of the 
implementation requirements in section 4(b)(2)(A) with reference not 
only to the statutory language of each provision, but specific 
technological and marketplace realities of how voice service providers 
can expect to foreseeably meet the qualifications that Congress has 
established.
    55. Threshold for Non-IP Networks Exemption. A voice service 
provider is excused from the requirement to take reasonable measures to 
implement an effective caller ID authentication framework in the non-IP 
portions of its network if we find that it has: (1) Taken reasonable 
measures to implement an effective caller ID authentication framework 
in the non-IP portions of its network; and (2) will be capable of fully 
implementing an effective caller ID authentication framework in the 
non-IP portions of its network not later than June 30, 2021. As we have 
stated, we anticipate that in the non-IP context, few if any voice 
service providers will seek to take advantage of this exemption because 
of the difficulties in ``fully implementing'' an effective caller ID 
authentication framework. We seek comment on this view and whether 
there is an acceptable interpretation of the ``fully implementing'' 
prong that would make it more achievable for voice service providers to 
qualify for the exemption. What constitutes an ``effective'' call 
authentication framework? Must such a framework be comparable to STIR/
SHAKEN? We also seek comment on how to interpret ``reasonable 
measures'' under prong (B)(i). How do ``reasonable measures'' under 
this prong differ from the ``reasonable measures'' required under 
section 4(b)(1)(B)?
    56. Compliance Certifications. We propose to implement the TRACED 
Act exemption provision using a certification process. Specifically, we 
propose requiring a voice service provider that wishes to receive an 
exemption to submit a certification that it meets the criteria for the 
IP networks exemption that we propose to establish pursuant section 
4(b)(2)(A); the criteria for the non-IP networks exemption that we 
propose to establish pursuant section 4(b)(2)(B); or both. Under this 
proposal, each voice service provider who wishes to qualify for the 
section 4(b)(2)(A) and/or (B) exemption must have an officer, as an 
agent of the voice service provider, sign a compliance certificate 
stating that the officer has personal knowledge that the company meets 
each of the stated criteria. We also propose requiring the voice 
service provider to submit an accompanying statement explaining, in 
detail, how the company is working to accomplish the four prongs of the 
exemption. We believe a certification process is necessary to allow us 
to meet Congress's deadline for completion of exemption determinations 
by December 30, 2020.
    57. We propose requiring these certifications to be filed no later 
than December 1, 2020. We propose requiring all certifications and 
supporting statements to be filed electronically in a new docket 
established specifically for such filings in the Commission's 
Electronic Comment Filing System (ECFS). We propose directing the 
Bureau to provide additional directions and filing information 
regarding the certifications in the Public Notice announcing OMB 
approval. And we propose directing the Bureau to review the 
certifications and accompanying documents for completeness and to 
determine whether the certifying party has met the standard we 
establish. We further propose directing the Bureau to

[[Page 22110]]

issue a list of parties that have filed compliant certifications and 
thus receive the exemption(s) on or before December 30, 2020. Because 
of the limited time for review of certifications, we propose that any 
voice service providers that file inadequate certifications will not 
receive an opportunity to cure and will, instead, be subject to the 
general duty we establish in the Report and Order to implement STIR/
SHAKEN by June 30, 2021. We preliminarily view this consequence as 
reasonable and appropriate because the purpose of the certification is 
merely to determine which voice service providers would, in the absence 
of the STIR/SHAKEN obligation, nonetheless be able to implement STIR/
SHAKEN in a timely manner.
    58. We seek comment on this proposed certification process. Are 
there ways that we can streamline the process without sacrificing 
certainty that an exemption is warranted? For instance, should we allow 
a less senior company official to sign the certification and, if so, 
who should be allowed to sign? Should we impose any additional 
requirements? Is there an additional or different way for voice service 
providers to demonstrate that they have met the implementation 
requirements in section 4(b)(2)(A) and/or (B) of the TRACED Act that 
would allow us to reach the determinations required by the statute by 
December 30, 2020? If so, how should we structure and implement any 
such process? Should we treat any of the information that voice service 
providers submit in their accompanying statement as presumptively 
confidential?
    59. Retrospective Review. The section 4(b)(2)(A) and (B) exemptions 
are, by their nature, based on a voice service provider's prediction of 
its future ability to implement STIR/SHAKEN by June 30, 2021. We 
preliminarily believe that Congress intended for us to verify, after 
the fact, that voice service providers claiming the exemption completed 
full implementation in accordance with their commitments. We believe 
that such a review is consistent with the TRACED Act both because the 
broad structure of section 4 aims toward full implementation of caller 
ID authentication and because section 4(b)(2)(A)(iv) and (B)(ii) each 
state that a voice service provider may receive the exemption only if 
it ``will'' be capable of ``fully'' implementing a call authentication 
framework (STIR/SHAKEN or ``an effective call authentication 
framework,'' respectively). We seek comment on this view. We are 
concerned that, absent a look back at whether voice service providers 
that receive the exemption later fulfill their expectations, voice 
service providers may receive the exemption but later not implement 
STIR/SHAKEN or a non-IP call authentication framework completely in a 
timely manner. This would harm the public because it would create 
pockets of unauthenticated calls and give the voice service providers 
that claimed the exemption but fall short a significant loophole--a 
circumstance that would invite bad actors to claim the exemption 
without any intent of completing the obligation. We seek comment on 
this view and whether there are alternatives to looking back at voice 
service providers claiming the exemption after the compliance deadline 
that would address the risk of gaps and abusive claims of the 
exemption.
    60. We specifically propose requiring a voice service provider that 
receives an exemption to file a second certification after June 30, 
2021, stating whether it in fact achieved the implementation goal to 
which it committed. We propose requiring the certification to be filed 
in ECFS subject to the same allowance for confidentiality and 
requirements for sworn signatures and detailed support as the initial 
certifications. We propose directing the Bureau to issue a Public 
Notice setting a specific deadline no later than three months after 
June 30, 2021 and providing detailed filing requirements. We propose 
directing the Bureau to seek public comment on each certification and, 
following review of the certifications, supporting materials, and 
responsive comments, to issue a Public Notice identifying which voice 
service providers remain subject to the exemption. We seek comment on 
these proposals and on possible alternatives.
    61. If a voice service provider cannot certify to full 
implementation upon retrospective review but demonstrates to the Bureau 
that it filed its initial certification in good faith and made good 
faith efforts to complete implementation, we propose that the 
consequence for such a shortcoming would be loss of the exemption and 
application of the general rule requiring full STIR/SHAKEN 
implementation, effective immediately. We believe an immediate 
effective date would be important to ensure that certain voice service 
providers do not receive an extension not granted to similarly situated 
providers simply because they filed a certification they later failed 
to meet. If the Bureau finds that a voice service provider filed its 
initial certification in bad faith or failed to take good faith steps 
toward implementation, we propose to require full implementation 
immediately and further to direct the Bureau to refer the voice service 
provider to the Enforcement Bureau for possible enforcement action 
based on filing a false certification and/or other possible violations. 
We believe we have legal authority to adopt the foregoing proposals 
under the TRACED Act, and that we have independent authority to do so 
under section 251(e). We seek comment on these proposals and on other 
possible alternatives.
    62. Providers Eligible for Exemption. We preliminarily do not 
interpret the TRACED Act's exemption process to include intermediate 
providers, because its definition of ``voice service'' refers to 
``furnish[ing] voice communications to an end user.'' We seek comment 
on whether and how we should extend the exemption process to 
intermediate providers, in addition to originating and terminating 
voice service providers. What would be the benefits and drawbacks of 
such an approach?

G. Prohibiting Line Item Charges for Caller ID Authentication

    63. The TRACED Act explicitly directs us to ``prohibit providers of 
voice service from adding any additional line item charges to consumer 
or small business customer subscribers for the effective call 
authentication technology'' mandated by that Act. Accordingly, we 
propose prohibiting voice service providers from imposing additional 
line item charges on consumer or small business subscribers for caller 
ID authentication. We believe this proposal is a straightforward 
implementation of Congress's clear direction. We propose to interpret 
``consumer'' as used in the TRACED Act to refer to residential mass-
market subscribers, and we propose to interpret ``small business'' to 
refer to business entities that meet the Small Business Administration 
(SBA) definition of ``small business.'' We note that the record 
developed in response to the 2019 Robocall Declaratory Ruling and 
Further Notice reflects support for such a prohibition. We seek comment 
on our proposal and proposed interpretation of this section of the 
TRACED Act. Should we adopt different definitions? For instance, should 
we define ``small business'' with respect to line count, and if so, 
what line count limitation is appropriate? We recognize that a line 
count-based definition would be easier for providers to administer, but 
would it leave out small businesses that Congress intended to protect 
from line item charges?
    64. To provide additional clarity regarding the prohibition on line 
item charges, we specifically propose to

[[Page 22111]]

prohibit voice service providers from imposing a line-item charge on 
consumers or small businesses for the cost of upgrading network 
elements as necessary to implement STIR/SHAKEN, for any recurring costs 
associated with the authentication and verification of calls, or for 
any display of STIR/SHAKEN verification information on their 
subscribers' phones. ITTA argues that ``SHAKEN/STIR implementation 
costs should be fully recoverable via . . . any line item that recovers 
government-mandated charges . . . .'' We disagree and propose to reject 
this suggestion with respect to consumer and small business 
subscribers, on the basis that Congress directly addressed this issue 
in the TRACED Act. We seek comment on whether we should extend our 
prohibition to other types of subscribers. We additionally seek comment 
on our proposal and whether it has the correct scope. Are there other 
caller ID authentication-related costs or services we should 
specifically address in our prohibition? Should we list all categories 
of prohibited charges, or should our list merely provide examples of 
the types of charges barred by the general prohibition on line-item 
charges? Should we address whether voice service providers may recover 
caller ID authentication costs from consumers and small businesses 
through rate increases, and if so how and on what legal basis?

H. Call Labeling

    65. We seek comment on whether and how to address any risks of 
consumer confusion or competitive issues stemming from call labeling. 
Some commenters have expressed concern that terminating voice service 
providers that have implemented STIR/SHAKEN caller ID authentication 
may display caller ID authentication information on their subscribers' 
phones in a manner detrimental to callers whose originating voice 
service provider has not yet implemented STIR/SHAKEN or is unable to 
provide the caller with ``full'' or ``A'' level attestation. These 
commenters assert that displaying when caller ID information has been 
successfully verified on a subscriber's device may lead subscribers to 
believe that calls which lack such a display are illegal calls, and 
that such a result is especially problematic before widespread 
implementation of STIR/SHAKEN. These commenters similarly identify the 
lack of a standard approach to displaying caller ID verification 
results--including whether to treat all attestation levels similarly or 
provide special treatment for ``A'' level attestation--as creating the 
potential for discriminatory or anticompetitive labeling. Commenters 
also express concern about mislabeling. While we decline in the 
accompanying Report and Order to mandate at this time any 
specifications that voice service providers must use if they choose to 
display STIR/SHAKEN verification results, we now seek comment on 
whether and how to address these concerns related to call labeling. 
What authority do we possess to regulate call labeling? Would section 
10 of the TRACED Act, which establishes redress mechanisms for 
blocking, provide us authority as one commenter suggests? One group of 
commenters suggests we should require a voice service provider to 
provide notice to the caller when it places a ``derogatory'' label on 
the caller's number; require that a voice service provider offer an 
effective and prompt redress mechanism for callers whose calls have 
been mislabeled by the provider; obligate a voice service provider to 
share information about mislabeled numbers with other providers; and 
require voice service providers to track and report to us how many 
lawful calls they are mistakenly mislabeling. Should we adopt any or 
all of these suggestions? What constitutes a derogatory label? Do 
commenters have alternative proposals? Further, is existing antitrust 
law sufficient to address any competitive issues, and if not why?

I. Benefits and Costs

    66. The proposals in this Further Notice generally reflect mandates 
from the TRACED Act, and we have no discretion to ignore such 
congressional direction. To the extent that we are seeking comment on 
multiple possible options to implement any given mandate, we urge 
commenters, where possible, to include an assessment of relative costs 
and benefits for competing options. We found in the accompanying Report 
and Order that widespread deployment of STIR/SHAKEN will increase the 
effectiveness of the framework for both voice service providers and 
their subscribers. Among the considerable and varied benefits 
identified in the Report and Order are the reduction in nuisance calls, 
protection from illegally spoofed calls, and restoration of confidence 
in incoming calls. The proposals in this Further Notice are intended 
to, consistent with the TRACED Act, encourage further deployment of 
this technology and thus expand these benefits. We thus propose to 
reaffirm our finding of considerable benefit to widespread caller ID 
authentication implementation, and we propose to conclude that 
implementation of the TRACED Act provisions and other proposals 
discussed above will make considerable progress in unlocking those 
benefits, and that those benefits far exceed the costs. We seek comment 
on this proposal. We further seek detailed comments on the costs of the 
proposals in this Further Notice. What are the upfront and recurring 
costs associated with each? Will these costs vary according to the size 
of the voice service provider? What costs would specifically burden 
intermediate providers? We preliminarily believe that intermediate 
providers would be faced with similar upfront costs as originating and 
terminating voice service providers, but will not have the recurring 
costs related to STIR/SHAKEN authentication and verification service. 
Is this view accurate? Do the benefits of our proposals outweigh the 
costs in each case?

J. Access to Numbering Resources

    67. Section 6(a) of the TRACED Act directs us to examine whether 
and how our policies regarding access to both toll free and non-toll 
free numbering resources can be modified to help reduce access to 
numbers by potential perpetrators of illegal robocalls, and it directs 
us to prescribe regulations to implement any such policy modifications. 
In addition, section 6(b) provides a forfeiture penalty, pursuant to 
section 503(b) of the Act, for a knowing violation of any regulation we 
prescribe pursuant to section 6(a). Our obligation to examine and 
implement policy modifications does not extend to the forfeiture 
provision of section 6(b). In light of this distinction, as well as the 
forfeiture procedures that the Commission already has in place, see 47 
CFR 1.80, we do not consider it necessary to seek comment on how 
section 6(b) of the TRACED Act would be implemented.
    68. Background. Currently, voice service providers that are 
telecommunications carriers access non-toll free numbers through the 
NANP Administrator (NANPA) and the Pooling Administrator (collectively, 
the ``Numbering Administrators''). Applicants for numbering resources 
must comply with Commission rules and with guidelines from the Alliance 
for Telecommunications Industry Solutions (ATIS) Industry Numbering 
Committee (INC) and the Numbering Administrators. We require the 
Numbering Administrators to follow ATIS INC guidelines, which, in turn, 
provides additional requirements for voice service providers accessing 
numbering resources. See 47 CFR

[[Page 22112]]

52.13(b)(3). These rules and guidelines require such voice service 
providers to provide contact information, provide Operating Company 
Number information, disclose the primary type of business for which the 
numbers will be used, file a NANP Numbering Resource Utilization/
Forecast (NRUF) Report with the NANPA, and disclose the states for 
which they will request numbering resources. Applicants for initial 
numbering resources must also include evidence that the applicant is 
capable of providing service within 60 days of the numbering resources 
activation date (facilities readiness requirement). Voice service 
providers must also maintain internal records of numbering resources 
for reporting purposes.
    69. While traditionally only telecommunications carriers were 
permitted to request and receive numbers from the Numbering 
Administrators, in 2015 the Commission adopted rules establishing a 
process for interconnected VoIP providers to request numbers directly 
from the Numbering Administrators. Direct access to telephone numbers 
by interconnected VoIP providers is restricted to only those 
interconnected VoIP providers that can demonstrate that they are 
authorized to provide service by a state-level certification in a given 
area for which they are requesting numbers or by a Commission-level 
authorization. To apply for Commission authorization for direct access 
to numbers, applicants for direct access authorization must submit 
applications through the Commission's Electronic Comment Filing System, 
interconnected VoIP providers must provide contact information; agree 
to comply with Commission rules, numbering authority delegated to the 
states, and industry guidelines and practices regarding numbering as 
applicable to telecommunications carriers; provide 30-day notice to 
relevant state commission(s) before requesting numbering resources from 
Numbering Administrators; provide proof of facilities readiness; and 
certify that the applicant possesses the requisite expertise to provide 
reliable service, that key personnel are not being nor have been 
investigated for failure to comply with any law, rule, or order, that 
the applicant complies with its Universal Service Fund (USF), 
Telecommunications Relay Services, NANP and local number portability 
administration contribution obligations, its regulatory fee 
obligations, and its 911 obligations, and that no party to the 
application is subject to denial of Federal benefits pursuant to 
section 5301 of the Anti-Drug Abuse Act. All voice service providers, 
including interconnected VoIP providers, must comply with a number of 
obligations in order to maintain their authorization to access numbers, 
including USF reporting and contributions, 911 service obligations, and 
maintaining sufficient and auditable data to demonstrate compliance 
with applicable guidelines, among other obligations in the Commission's 
rules and industry guidelines.
    70. A Responsible Organization (RespOrg) obtains toll free numbers, 
on a toll free subscriber's behalf, by reserving and assigning a number 
from the SMS/800 Toll Free Number Registry (TFN Registry). The 
Commission-designated Toll Free Numbering Administrator (TFNA) manages 
the TFN Registry and certifies RespOrgs. To access the TFN Registry, 
RespOrgs must complete a Service Establishment Application; obtain a 
logon identification code from the TFNA requiring the disclosure of 
information including general contact information, type of access 
sought, and the interexchange carrier providing the connection; 
demonstrate that one or more employees possess adequate TFN Registry 
training; and pass a TFN Registry certification test. RespOrgs must 
also follow the ATIS Toll Free Guidelines, adhere to agreements 
established through the ATIS industry forum process, and acknowledge 
that the RespOrg is bound by the terms and conditions contained in TFN 
Registry Functions Tariff. RespOrgs have sole responsibility for the 
accuracy of subscriber records and information in the TFN Registry. 
Toll free numbers must be available to RespOrgs and subscribers on an 
equitable basis, and typically are assigned first-come, first-served. 
The Commission may use competitive bidding and/or other alternative 
assignment methodologies for toll free numbers. In 2019, the TFNA held 
an auction of toll-free numbers in the 833 code for which there were 
two or more requests for assignment. Individual bidders and RespOrgs 
bid on specific numbers through a competitive bidding process and, 
unlike other toll free numbers, are able to sell those numbers won at 
auction in a secondary market.
    71. Discussion. We seek comment on whether and how we should modify 
our policies regarding access to toll free and non-toll free numbering 
resources to help reduce illegal robocallers' access to numbering 
resources. Specifically, we seek comment on whether any new or modified 
registration and compliance obligations would be appropriate to help 
reduce illegal robocallers' access to numbering resources. We ask 
commenters to identify specific modifications to our rules and 
Numbering Administrator policies. For example, should we require 
applicants for numbering resources to provide a certification that they 
``know their customers'' through some sort of customer identity 
verification, perhaps explaining the steps that they take to do so? 
Should we require voice service providers to provide information about 
their customers to the Numbering Administrators? Should we modify our 
NRUF reporting requirements concerning carriers that assign numbering 
resources to intermediate providers, and if so, in what way? Should we 
impose U.S. residency requirements for access to U.S. telephone 
numbers? Would imposing U.S. residency requirements reduce the 
likelihood of bad actors generating large-scale robocall campaigns 
beyond the reach of U.S. law enforcement? Further, would U.S. residency 
requirements increase accuracy and efficiency regarding attestation 
levels under the STIR/SHAKEN protocols? If we did impose U.S. residency 
requirements, would it reduce the number of voice service providers in 
the international voice market, thus reducing downward competitive 
pressure on international voice calling rates? Would imposing residency 
requirements harm domestic voice communications? Should we require 
minimal state contacts to obtain numbering resources in a particular 
state? Should we delegate enforcement of any modifications to our 
policies to the states, at least in the first instance? We invite 
parties to comment on these or other potential policy modifications 
that might limit illegal robocalling.
    72. We seek comment on the potential costs that would be imposed by 
any changes that commenters recommend to our policies regarding access 
to numbering resources. What costs do specific changes impose on 
entities that use numbers, Numbering Administrators, and consumers? 
Would any modifications to our policies unreasonably increase the 
difficulty for consumers and businesses (and their voice service 
providers) that are not perpetrators of illegal robocalling to obtain 
U.S. telephone numbers? We seek specific comment on the burdens of 
imposing potential certification requirements on applicants for 
numbering resources, particularly on small businesses. Additionally, we 
seek comment on how we can ensure that

[[Page 22113]]

any ``know your customer'' requirements do not harm consumer privacy.
    73. We also seek comment on the effects that any proposed 
modifications to our policies for access to numbering resourcing could 
have on competition and innovation in the voice marketplace. Could any 
market-distorting differential effects on voice service providers 
result? We seek comment on whether any suggested modifications could 
provide an unreasonable advantage to one type of technology or business 
model over another. For example, would modifications such as ``in-
person presentation of documents or identity verification tend to favor 
non-internet-based companies or those with physical lines over those 
who do business via the internet or use newer technologies?'' How could 
we minimize any negative ramifications for competition in the voice 
services market?
    74. We recognize that any potential modifications to our rules and 
policies may need to be uniquely tailored to particular industry 
segments in order to reduce access to numbers by bad actors while 
avoiding undesirable consequences. How could modifications be tailored 
to providers of toll free service, voice service providers that are 
telecommunications carriers, and interconnected VoIP providers in order 
to effectively prevent bad actors from accessing numbering resources 
while avoiding undesirable consequences? For example, would adding a 
``know your customer'' certification to the application for numbering 
resources work better for one industry than another (such as, for 
example, non-toll-free versus toll-free service)? Should we require 
that subscriber information be included in the TFN Registry, as opposed 
to RespOrg information alone? Should rules for any future Commission 
auctions of toll-free numbers also include these requirements? Further, 
are there specific policy modifications that we can adopt in the voice 
services wholesale market that will achieve the Commission's goal to 
reduce access to numbers by potential perpetrators of illegal 
robocalls?

II. Procedural Matters

    75. Paperwork Reduction Act. This document contains proposed new or 
modified information collection requirements. The Commission, as part 
of its continuing effort to reduce paperwork burdens, will invite the 
general public and the Office of Management and Budget (OMB) to comment 
on the information collection requirements contained in this document, 
as required by the Paperwork Reduction Act of 1995, Public Law 104-13. 
In addition, pursuant to the Small Business Paperwork Relief Act of 
2002, Public Law 107-198, we seek specific comment on how we might 
further reduce the information collection burden for small business 
concerns with fewer than 25 employees.
    76. Ex Parte Rules. This proceeding shall be treated as a ``permit-
but-disclose'' proceeding in accordance with the Commission's ex parte 
rules. Persons making ex parte presentations must file a copy of any 
written presentation or a memorandum summarizing any oral presentation 
within two business days after the presentation (unless a different 
deadline applicable to the Sunshine period applies). Persons making 
oral ex parte presentations are reminded that memoranda summarizing the 
presentation must (1) list all persons attending or otherwise 
participating in the meeting at which the ex parte presentation was 
made, and (2) summarize all data presented and arguments made during 
the presentation. If the presentation consisted in whole or in part of 
the presentation of data or arguments already reflected in the 
presenter's written comments, memoranda or other filings in the 
proceeding, the presenter may provide citations to such data or 
arguments in his or her prior comments, memoranda, or other filings 
(specifying the relevant page or paragraph numbers where such data or 
arguments can be found) in lieu of summarizing them in the memorandum. 
Documents shown or given to Commission staff during ex parte meetings 
are deemed to be written ex parte presentations and must be filed 
consistent with rule 1.1206(b). In proceedings governed by rule 1.49(f) 
or for which the Commission has made available a method of electronic 
filing, written ex parte presentations and memoranda summarizing oral 
ex parte presentations, and all attachments thereto, must be filed 
through the electronic comment filing system available for that 
proceeding, and must be filed in their native format (e.g., .doc, .xml, 
.ppt, searchable .pdf). Participants in this proceeding should 
familiarize themselves with the Commission's ex parte rules.
    77. Initial Regulatory Flexibility Analysis. As required by the 
Regulatory Flexibility Act of 1980, as amended (RFA), the Commission 
has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the 
possible significant economic impact on small entities by the policies 
and rules proposed in this Further Notice of Proposed Rulemaking 
(Further Notice). The Commission requests written public comments on 
this IRFA. Comments must be identified as responses to the IRFA and 
must be filed by the deadlines for comments provided on the first page 
of the Further Notice. The Commission will send a copy of the Further 
Notice, including this IRFA, to the Chief Counsel for Advocacy of the 
Small Business Administration (SBA).

A. Need for, and Objectives of, the Proposed Rules

    78. The Further Notice continues the Commission's efforts to combat 
illegal spoofed robocalls. Specifically, the Further Notice proposes to 
require intermediate providers to pass unaltered any STIR/SHAKEN 
Identity header they receive to the subsequent provider in the call 
path., and authenticate caller ID information for all SIP calls it 
receives for which the caller ID information has not been authenticated 
and which it will exchange with another provider as a SIP call. The 
Further Notice also proposes implementing provisions of section 4 of 
the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and 
Deterrence (TRACED) Act as follows: Prohibiting providers from imposing 
additional line item charges on consumer and small business subscribers 
for caller ID authentication technology; granting an exemption from our 
implementation mandate for providers which have certified that they 
have reached certain implementation goals; granting an extension in 
compliance with our implementation mandate for small providers; and 
requiring providers to take ``reasonable measures'' to implement an 
effective caller ID authentication framework in their non-IP networks 
by either upgrading non-IP networks to IP or by actively working to 
develop a non-IP authentication solution. The Further Notice seeks 
comment on all of these proposals, and on how we should implement 
section 6(a) of the TRACED Act. The proposals in the Further Notice 
will help promote effective caller ID authentication and fulfill our 
obligations under the TRACED Act.

B. Legal Basis

    79. The Further Notice proposes to find authority for these 
proposed rules under section 251(e) of the Communications Act of 1934, 
as amended (the Act), and section 4 of the TRACED Act. Section 251(e) 
gives us exclusive jurisdiction over numbering policy and the TRACED 
Act directs us to make rules to ensure the implementation of caller ID 
authentication frameworks by all voice

[[Page 22114]]

service providers. We propose that section 251(e) grants us the 
authority to require intermediate providers to pass STIR/SHAKEN 
information unaltered because such an action would prevent the 
fraudulent abuse of North American Numbering Plan resources by callers 
making calls which transit intermediate providers' networks. We propose 
that the TRACED Act authorizes the remaining proposed rules because 
they implement the TRACED Act's language. We solicit comment on these 
proposals, and whether section 227(e) of the Act, as amended by the 
Truth in Caller ID Act, or the TRACED Act, would provide additional 
authority for our proposal to extend our mandate to intermediate 
providers.

C. Description and Estimate of the Number of Small Entities to Which 
the Proposed Rules Will Apply

    80. The RFA directs agencies to provide a description of and, where 
feasible, an estimate of the number of small entities that may be 
affected by the proposed rules and by the rule revisions on which the 
Notice seeks comment, if adopted. The RFA generally defines the term 
``small entity'' as having the same meaning as the terms ``small 
business,'' ``small organization,'' and ``small governmental 
jurisdiction.'' In addition, the term ``small business'' has the same 
meaning as the term ``small-business concern'' under the Small Business 
Act. A ``small-business concern'' is one which: (1) Is independently 
owned and operated; (2) is not dominant in its field of operation; and 
(3) satisfies any additional criteria established by the SBA.
1. Wireline Carriers
    81. Wired Telecommunications Carriers. The U.S. Census Bureau 
defines this industry as ``establishments primarily engaged in 
operating and/or providing access to transmission facilities and 
infrastructure that they own and/or lease for the transmission of 
voice, data, text, sound, and video using wired communications 
networks. Transmission facilities may be based on a single technology 
or a combination of technologies. Establishments in this industry use 
the wired telecommunications network facilities that they operate to 
provide a variety of services, such as wired telephony services, 
including VoIP services, wired (cable) audio and video programming 
distribution, and wired broadband internet services. By exception, 
establishments providing satellite television distribution services 
using facilities and infrastructure that they operate are included in 
this industry.'' The SBA has developed a small business size standard 
for Wired Telecommunications Carriers, which consists of all such 
companies having 1,500 or fewer employees. U.S. Census Bureau data for 
2012 show that there were 3,117 firms that operated that year. Of this 
total, 3,083 operated with fewer than 1,000 employees. Thus, under this 
size standard, the majority of firms in this industry can be considered 
small.
    82. Local Exchange Carriers (LECs). Neither the Commission nor the 
SBA has developed a size standard for small businesses specifically 
applicable to local exchange services. The closest applicable NAICS 
Code category is Wired Telecommunications Carriers. Under the 
applicable SBA size standard, such a business is small if it has 1,500 
or fewer employees. U.S. Census Bureau data for 2012 show that there 
were 3,117 firms that operated for the entire year. Of that total, 
3,083 operated with fewer than 1,000 employees. Thus under this 
category and the associated size standard, the Commission estimates 
that the majority of local exchange carriers are small entities.
    83. Incumbent LECs. Neither the Commission nor the SBA has 
developed a small business size standard specifically for incumbent 
local exchange services. The closest applicable NAICS Code category is 
Wired Telecommunications Carriers. Under the applicable SBA size 
standard, such a business is small if it has 1,500 or fewer employees. 
U.S. Census Bureau data for 2012 indicate that 3,117 firms operated the 
entire year. Of this total, 3,083 operated with fewer than 1,000 
employees. Consequently, the Commission estimates that most providers 
of incumbent local exchange service are small businesses that may be 
affected by our actions. According to Commission data, one thousand 
three hundred and seven (1,307) Incumbent Local Exchange Carriers 
reported that they were incumbent local exchange service providers. Of 
this total, an estimated 1,006 have 1,500 or fewer employees. Thus, 
using the SBA's size standard the majority of incumbent LECs can be 
considered small entities.
    84. Competitive Local Exchange Carriers (Competitive LECs), 
Competitive Access Providers (CAPs), Shared-Tenant Service Providers, 
and Other Local Service Providers. Neither the Commission nor the SBA 
has developed a small business size standard specifically for these 
service providers. The appropriate NAICS Code category is Wired 
Telecommunications Carriers and under that size standard, such a 
business is small if it has 1,500 or fewer employees. U.S. Census 
Bureau data for 2012 indicate that 3,117 firms operated during that 
year. Of that number, 3,083 operated with fewer than 1,000 employees. 
Based on these data, the Commission concludes that the majority of 
Competitive LECS, CAPs, Shared-Tenant Service Providers, and Other 
Local Service Providers, are small entities. According to Commission 
data, 1,442 carriers reported that they were engaged in the provision 
of either competitive local exchange services or competitive access 
provider services. Of these 1,442 carriers, an estimated 1,256 have 
1,500 or fewer employees. In addition, 17 carriers have reported that 
they are Shared-Tenant Service Providers, and all 17 are estimated to 
have 1,500 or fewer employees. Also, 72 carriers have reported that 
they are Other Local Service Providers. Of this total, 70 have 1,500 or 
fewer employees. Consequently, based on internally researched FCC data, 
the Commission estimates that most providers of competitive local 
exchange service, competitive access providers, Shared-Tenant Service 
Providers, and Other Local Service Providers are small entities.
    85. We have included small incumbent LECs in this present RFA 
analysis. As noted above, a ``small business'' under the RFA is one 
that, inter alia, meets the pertinent small-business size standard 
(e.g., a telephone communications business having 1,500 or fewer 
employees) and ``is not dominant in its field of operation.'' The SBA's 
Office of Advocacy contends that, for RFA purposes, small incumbent 
LECs are not dominant in their field of operation because any such 
dominance is not ``national'' in scope. We have therefore included 
small incumbent LECs in this RFA analysis, although we emphasize that 
this RFA action has no effect on Commission analyses and determinations 
in other, non-RFA contexts.
    86. Interexchange Carriers (IXCs). Neither the Commission nor the 
SBA has developed a small business size standard specifically for 
Interexchange Carriers. The closest applicable NAICS Code category is 
Wired Telecommunications Carriers. The applicable size standard under 
SBA rules is that such a business is small if it has 1,500 or fewer 
employees. U.S. Census Bureau data for 2012 indicate that 3,117 firms 
operated for the entire year. Of that number, 3,083 operated with fewer 
than 1,000 employees. According to internally developed Commission 
data, 359 companies reported that their primary telecommunications 
service activity was the provision of interexchange services.

[[Page 22115]]

Of this total, an estimated 317 have 1,500 or fewer employees. 
Consequently, the Commission estimates that the majority of 
interexchange service providers are small entities.
    87. Cable System Operators (Telecom Act Standard). The 
Communications Act of 1934, as amended, also contains a size standard 
for small cable system operators, which is ``a cable operator that, 
directly or through an affiliate, serves in the aggregate fewer than 
one percent of all subscribers in the United States and is not 
affiliated with any entity or entities whose gross annual revenues in 
the aggregate exceed $250,000,000.'' As of 2018, there were 
approximately 50,504,624 cable video subscribers in the United States. 
Accordingly, an operator serving fewer than 505,046 subscribers shall 
be deemed a small operator if its annual revenues, when combined with 
the total annual revenues of all its affiliates, do not exceed $250 
million in the aggregate. We note that the Commission neither requests 
nor collects information on whether cable system operators are 
affiliated with entities whose gross annual revenues exceed $250 
million. Therefore we are unable at this time to estimate with greater 
precision the number of cable system operators that would qualify as 
small cable operators under the definition in the Communications Act.
2. Wireless Carriers
    88. Wireless Telecommunications Carriers (except Satellite). This 
industry comprises establishments engaged in operating and maintaining 
switching and transmission facilities to provide communications via the 
airwaves. Establishments in this industry have spectrum licenses and 
provide services using that spectrum, such as cellular services, paging 
services, wireless internet access, and wireless video services. The 
appropriate size standard under SBA rules is that such a business is 
small if it has 1,500 or fewer employees. For this industry, U.S. 
Census Bureau data for 2012 show that there were 967 firms that 
operated for the entire year. Of this total, 955 firms employed fewer 
than 1,000 employees and 12 firms employed of 1,000 employees or more. 
Thus under this category and the associated size standard, the 
Commission estimates that the majority of wireless telecommunications 
carriers (except satellite) are small entities.
    89. The Commission's own data--available in its Universal Licensing 
System--indicate that, as of August 31, 2018 there are 265 Cellular 
licensees that will be affected by our actions. The Commission does not 
know how many of these licensees are small, as the Commission does not 
collect that information for these types of entities. Similarly, 
according to internally developed Commission data, 413 carriers 
reported that they were engaged in the provision of wireless telephony, 
including cellular service, Personal Communications Service (PCS), and 
Specialized Mobile Radio (SMR) Telephony services. Of this total, an 
estimated 261 have 1,500 or fewer employees, and 152 have more than 
1,500 employees. Thus, using available data, we estimate that the 
majority of wireless firms can be considered small.
    90. Satellite Telecommunications. This category comprises firms 
``primarily engaged in providing telecommunications services to other 
establishments in the telecommunications and broadcasting industries by 
forwarding and receiving communications signals via a system of 
satellites or reselling satellite telecommunications.'' Satellite 
telecommunications service providers include satellite and earth 
station operators. The category has a small business size standard of 
$35 million or less in average annual receipts, under SBA rules. For 
this category, U.S. Census Bureau data for 2012 show that there were a 
total of 333 firms that operated for the entire year. Of this total, 
299 firms had annual receipts of less than $25 million. Consequently, 
we estimate that the majority of satellite telecommunications providers 
are small entities.
3. Resellers
    91. Local Resellers. The SBA has not developed a small business 
size standard specifically for Local Resellers. The SBA category of 
Telecommunications Resellers is the closest NAICs code category for 
local resellers. The Telecommunications Resellers industry comprises 
establishments engaged in purchasing access and network capacity from 
owners and operators of telecommunications networks and reselling wired 
and wireless telecommunications services (except satellite) to 
businesses and households. Establishments in this industry resell 
telecommunications; they do not operate transmission facilities and 
infrastructure. Mobile virtual network operators (MVNOs) are included 
in this industry. Under the SBA's size standard, such a business is 
small if it has 1,500 or fewer employees. U.S. Census Bureau data from 
2012 show that 1,341 firms provided resale services during that year. 
Of that number, all operated with fewer than 1,000 employees. Thus, 
under this category and the associated small business size standard, 
the majority of these resellers can be considered small entities. 
According to Commission data, 213 carriers have reported that they are 
engaged in the provision of local resale services. Of these, an 
estimated 211 have 1,500 or fewer employees and two have more than 
1,500 employees. Consequently, the Commission estimates that the 
majority of local resellers are small entities.
    92. Toll Resellers. The Commission has not developed a definition 
for Toll Resellers. The closest NAICS Code Category is 
Telecommunications Resellers. The Telecommunications Resellers industry 
comprises establishments engaged in purchasing access and network 
capacity from owners and operators of telecommunications networks and 
reselling wired and wireless telecommunications services (except 
satellite) to businesses and households. Establishments in this 
industry resell telecommunications; they do not operate transmission 
facilities and infrastructure. MVNOs are included in this industry. The 
SBA has developed a small business size standard for the category of 
Telecommunications Resellers. Under that size standard, such a business 
is small if it has 1,500 or fewer employees. 2012 Census Bureau data 
show that 1,341 firms provided resale services during that year. Of 
that number, 1,341 operated with fewer than 1,000 employees. Thus, 
under this category and the associated small business size standard, 
the majority of these resellers can be considered small entities. 
According to Commission data, 881 carriers have reported that they are 
engaged in the provision of toll resale services. Of this total, an 
estimated 857 have 1,500 or fewer employees. Consequently, the 
Commission estimates that the majority of toll resellers are small 
entities.
    93. Prepaid Calling Card Providers. Neither the Commission nor the 
SBA has developed a small business definition specifically for prepaid 
calling card providers. The most appropriate NAICS code-based category 
for defining prepaid calling card providers is Telecommunications 
Resellers. This industry comprises establishments engaged in purchasing 
access and network capacity from owners and operators of 
telecommunications networks and reselling wired and wireless 
telecommunications services (except satellite) to businesses and 
households.

[[Page 22116]]

Establishments in this industry resell telecommunications; they do not 
operate transmission facilities and infrastructure. Mobile virtual 
networks operators (MVNOs) are included in this industry. Under the 
applicable SBA size standard, such a business is small if it has 1,500 
or fewer employees. U.S. Census Bureau data for 2012 show that 1,341 
firms provided resale services during that year. Of that number, 1,341 
operated with fewer than 1,000 employees. Thus, under this category and 
the associated small business size standard, the majority of these 
prepaid calling card providers can be considered small entities. 
According to Commission data, 193 carriers have reported that they are 
engaged in the provision of prepaid calling cards. All 193 carriers 
have 1,500 or fewer employees. Consequently, the Commission estimates 
that the majority of prepaid calling card providers are small entities 
that may be affected by these rules.
4. Other Entities
    94. All Other Telecommunications. The ``All Other 
Telecommunications'' category is comprised of establishments primarily 
engaged in providing specialized telecommunications services, such as 
satellite tracking, communications telemetry, and radar station 
operation. This industry also includes establishments primarily engaged 
in providing satellite terminal stations and associated facilities 
connected with one or more terrestrial systems and capable of 
transmitting telecommunications to, and receiving telecommunications 
from, satellite systems. Establishments providing internet services or 
voice over internet protocol (VoIP) services via client-supplied 
telecommunications connections are also included in this industry. The 
SBA has developed a small business size standard for ``All Other 
Telecommunications'', which consists of all such firms with annual 
receipts of $35 million or less. For this category, U.S. Census Bureau 
data for 2012 show that there were 1,442 firms that operated for the 
entire year. Of those firms, a total of 1,400 had annual receipts less 
than $25 million and 15 firms had annual receipts of $25 million to 
$49,999,999. Thus, the Commission estimates that the majority of ``All 
Other Telecommunications'' firms potentially affected by our action can 
be considered small.

D. Description of Projected Reporting, Recordkeeping, and Other 
Compliance Requirements for Small Entities

    95. The Further Notice seeks comment on a proposed requirement 
that, in order to receive a voluntary exemption from our implementation 
mandate, a provider must file a certification reflecting that it is in 
a reasonably foreseeable position to meet certain implementation goals; 
and that, in order to maintain that exemption, a provider must make a 
later filing reflecting its achievement of those goals it stated it was 
in a reasonably foreseeable position to meet. If the Commission were to 
move forward with this proposal, providers would have new reporting, 
recordkeeping, and other compliance requirements with regard to these 
certifications. Specifically, we propose that each voice service 
provider that wishes to qualify for the exemption must have an officer, 
as an agent of the voice service provider, sign a compliance 
certificate stating that the officer has personal knowledge that the 
company meets each of the stated criteria. We also propose requiring 
the voice service provider to submit an accompanying statement 
explaining, in detail, how the company is working to accomplish the 
four prongs of the exemption. We also propose requiring these 
certifications to be filed no later than December 1, 2020. Finally, we 
propose requiring all certifications and supporting statements to be 
filed electronically in a new docket established specifically for such 
filings in the Commission's Electronic Comment Filing System (ECFS). We 
seek comment on these proposed requirements.

E. Steps Taken To Minimize the Significant Economic Impact on Small 
Entities, and Significant Alternatives Considered

    96. The RFA requires an agency to describe any significant 
alternatives that it has considered in reaching its proposed approach, 
which may include the following four alternatives (among others): (1) 
The establishment of differing compliance or reporting requirements or 
timetables that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance and reporting requirements under the rules for such small 
entities; (3) the use of performance rather than design standards; and 
(4) an exemption from coverage of the rule, or any part thereof, for 
such small entities.
    97. We seek comment on our proposal in the Further Notice to extend 
the STIR/SHAKEN implementation deadline for small voice service 
providers to June 30, 2022 and on other ways our proposed rules would 
impact such voice service providers; and on proposals to lessen that 
impact. We expect to take into account the economic impact on small 
entities, as identified in comments filed in response to the Further 
Notice and this IRFA, in reaching our final conclusions and 
promulgating rules in this proceeding.

F. Federal Rules That May Duplicate, Overlap, or Conflict With the 
Proposed Rules

    98. None.

III. Ordering Clauses

    99. It is ordered, pursuant to sections 4(i), 4(j), 227(e), 227b, 
227b-1, 251(e), and 303(r), of the Act, 47 U.S.C. 154(i), 154(j), 
227(e), 227b, 227(b)-1, 251(e), and 303(r), that that this Further 
Notice of Proposed Rulemaking is adopted.
    100. It is further ordered that the Commission's Consumer and 
Governmental Affairs Bureau, Reference Information Center, SHALL SEND a 
copy of this Report and Order, including the Final Regulatory 
Flexibility Analysis (FRFA), and Further Notice of Proposed Rulemaking, 
including the Initial Regulatory Flexibility Analysis (IRFA), to the 
Chief Counsel for Advocacy of the Small Business Administration.

List of Subjects in 47 CFR Part 64

    Carrier equipment, Communications common carriers, Reporting and 
recordkeeping requirements, Telecommunications, Telephone.

Federal Communications Commission.
Cecilia Sigmund,
Federal Register Liaison Officer, Office of the Secretary.

Proposed Rules

    For the reasons discussed in the preamble, the Federal 
Communications Commission proposes to amend 47 CFR part 64 as follows:

PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

0
1. The authority citation for part 64 is revised to read as follows:

    Authority:  47 U.S.C. 154, 201, 202, 217, 218, 220, 222, 225, 
226, 227, 227b, 228, 251(a), 251(e), 254(k), 262, 403(b)(2)(B), (c), 
616, 620, 1401-1473, unless otherwise noted; Pub. L. 115-141, Div. 
P, sec. 503, 132 Stat. 348, 1091.

0
2. Amend Sec.  64.6300 by redesignating paragraphs (b) through (g) as 
paragraphs (c) through (h) and adding new paragraph (b) to read as 
follows:


Sec.  64.6300  Definitions.

* * * * *
    (b) Caller identification authentication information. The term 
``caller identification authentication information'' refers to the 
information

[[Page 22117]]

transmitted along with a call that represents the originating voice 
service provider's attestation to the accuracy of the caller 
identification information.
* * * * *
0
3. Amend Sec.  64.6301 by revising the introductory text of paragraph 
(a) and adding paragraphs (b) through (f) to read as follows:


Sec.  64.6301  Caller ID authentication.

    (a) STIR/SHAKEN implementation by voice service providers. Except 
as provided in paragraphs (d) and (e) of this section, not later than 
June 30, 2021, a voice service provider shall fully implement the STIR/
SHAKEN authentication framework in its internet Protocol networks. To 
fulfill this obligation, a voice service provider shall:
* * * * *
    (b) STIR/SHAKEN implementation by intermediate providers. Not later 
than June 30, 2021, an intermediate provider shall fully implement the 
STIR/SHAKEN authentication framework in its internet Protocol networks. 
To fulfill this obligation, a voice service provider:
    (1) Shall pass unaltered to subsequent providers in the call path 
any caller identification authentication information it receives with a 
SIP call; and
    (2) Shall authenticate caller identification information for all 
SIP calls it receives for which the caller identification information 
has not been authenticated and which it will exchange with another 
provider as a SIP call.
    (c) Call authentication in non-IP networks. Except as provided in 
paragraph (e) of this section, not later than June 30, 2021, a voice 
service provider shall either:
    (1) Upgrade its entire network to allow for the initiation, 
maintenance, and termination of SIP calls and fully implement the STIR/
SHAKEN framework as required in paragraph (a) of this section 
throughout its network; or
    (2) Maintain and be ready to provide the Commission on request 
documented proof that it is participating, either on its own or through 
a representative, as a member of a working group or consortium that is 
working to develop a non-IP call authentication solution, or actively 
testing such a solution.
    (d) Extension of implementation deadline. (1) Small providers are 
exempt from the requirements of paragraph (a) of this section until 
June 30, 2022.
    (i) For purposes of this paragraph, ``small provider'' means a 
provider that has 100,000 or fewer voice service subscriber lines 
(counting the total of all business and residential fixed subscriber 
lines and mobile phones and aggregated over all of the provider's 
affiliates).
    (ii) Reserved.
    (2) The Wireline Competition Bureau may, upon a public finding of 
undue hardship, provide an extension for compliance with paragraph (a) 
of this section, for a reasonable period of time, for a voice service 
provider or class of voice service providers, or type of voice calls, 
as necessary for that voice service provider or class of voice service 
providers or type of calls to address identified burdens and barriers 
to implementation of caller ID authentication technology.
    (3) The Wireline Competition Bureau shall annually review the scope 
of any extension and, after notice and an opportunity for comment, may 
extend it or terminate it and may expand or contract the scope of 
entities subject to the extension.
    (4) During the period of extension, any provider subject to such 
extension shall implement an appropriate robocall mitigation program to 
prevent unlawful robocalls from originating on the network of the 
provider.
    (e) Exemption. (1) A voice service provider may seek an exemption 
from the requirements of paragraph (a) of this section by, before 
December 1, 2020, certifying that for those portions of its network 
served by technology that allows for the transmission of SIP calls, it:
    (i) Has adopted the STIR/SHAKEN authentication framework for calls 
on the internet Protocol networks of the voice service provider, by 
publicly committing to complete implementation of the STIR/SHAKEN 
authentication framework by June 30, 2021;
    (ii) Has agreed voluntarily to participate with other voice service 
providers in the STIR/SHAKEN authentication framework, by having 
written, signed agreements with at least two other voice service 
provides to exchange SIP calls with authenticated caller ID 
information;
    (iii) Has begun to implement the STIR/SHAKEN authentication 
framework, by completing the necessary network upgrades to at least one 
network element to enable the authentication and verification of caller 
ID information for SIP calls; and
    (iv) Will be capable of fully implementing the STIR/SHAKEN 
authentication framework not later than June 30, 2021, because it 
reasonably foresees that it will have completed all necessary network 
upgrades to its network infrastructure to enable the authentication and 
verification of caller ID information and authenticate and verify all 
SIP calls exchanged with STIR/SHAKEN-enabled partners by June 30, 2021.
    (2) A voice service provider may seek an exemption from the 
requirements of paragraph (c) of this section by, before December 1, 
2020, certifying that for those portions of its network that do not 
allow for the transmission of SIP calls, it:
    (i) Has taken reasonable measures to implement an effective call 
authentication framework; and
    (ii) Will be capable of fully implementing an effective call 
authentication framework not later than June 30, 2021.
    (3) All certifications shall be filed in ECFS in WC Docket No. 20-
68, shall be signed by an officer in conformity with section 1.16 of 
the Commission's rules, and shall be accompanied by detailed support as 
to the assertions in the certification.
    (4) The Wireline Competition Bureau shall determine whether to 
grant or deny timely requests for exemption on or before December 30, 
2020.
    (5) All voice service providers granted an exemption under 
paragraph (e)(1) of this section shall file an additional certification 
on or before a date specified by the Wireline Competition Bureau, and 
consistent with the requirements of paragraph (e)(3) of this section, 
attesting to whether the voice service provider fully implemented the 
STIR/SHAKEN authentication framework not later than June 30, 2021. The 
Wireline Competition Bureau, after notice and an opportunity for 
comment on the certifications, will determine whether to revoke the 
exemption for each certifying voice service provider based on whether 
it completed implementation.
    (f) Line-item charges. Providers of voice service are prohibited 
from adding any additional line item charges to consumer customer 
subscribers or small business customer subscribers for the effective 
call authentication technology required by paragraphs (a) and (c) of 
this section.
    (1) For purposes of this paragraph, ``consumer customer 
subscribers'' means residential mass-market subscribers.
    (2) For purposes of this paragraph, ``small business customer 
subscribers'' means subscribers that are business entities that meet 
the size standards established in 13 CFR part 121, subpart

[[Page 22118]]

A, as they currently exist or may hereafter be amended.

[FR Doc. 2020-07629 Filed 4-20-20; 8:45 am]
 BILLING CODE 6712-01-P