The following summary overview of the provisions of the Pallone-Thune TRACED Act, S. 151, currently under consideration by the US House of Representatives, is not a substitute for consulting the language of the bill itself. This blog is not a detailed and exhaustive summary of the 15 Sections of the bill, which consists of 44 pages and includes many requirements for rulemakings and reports imposed on the Federal Communications Commission (“FCC”) over the year or more after the date on which the bill formally becomes law. A link to the text of the bill itself can be found here.
With that background and caveat, key elements of the bill are as follows:
Section 1. – SHORT TITLE – Sets the name of the bill as the “Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act” or the “Pallone-Thune TRACED Act” for short.
Section 2. – COMMISSION DEFINED – Defines the term “Commission” as the FCC.
Section 3. – FORFEITURE
First, Section 3 of the Act amends Section 227 of the Communications Act (“Act”) also known as the Telephone Consumer Protection Act (“TCPA”) (47 U.S.C. §227) in three respects:
1. Adds a new subparagraph (4) – Civil Forfeiture – to Section 227(b); the new subsection provides as follows:
(A) General – Eliminates the citation requirement (in 47 U.S.C. §503(b)(5) of the Communications Act (“Act”)) for violations of this new subsection (4) and makes clear that a general forfeiture penalty is “in addition to any other penalty provided for under the Communications Act.” The amount of the forfeiture is to be determined under existing criteria (set forth in Section 503(b)(2)(A)-(F) of the Act) based on status and other factors.
(B) Violation With Intent – Where there is the “intent to cause such violation,” the same forfeiture standards apply, except there can be an “additional penalty not to exceed [USD] $10,000.”
The provision addresses recovery of the forfeiture (C) and the requirement for notice (D), again citing current provisions of the Act (Sections 504(a) and 503(b)(3) and (4), respectively).
(E) Statute of Limitations – Sets a one-year statute of limitations for a general violation under new subsection (4) and a four-year statute of limitations for violations with intent.
(F) The Commission may not impose a forfeiture under (A) and (B) based on the same conduct.
2. Amends the Truth in Caller ID Act in Section 227(e)(5)(A) of the Act by also eliminating the citation requirement in Section 503(b)(5) and changes the statute of limitations provisions from two years to four years.
3. Adds a new Subsection (h) to Section 227 (striking the former (h)) – Annual Report To Congress On Robocalls And Transmission Of Misleading Or Inaccurate Caller Identification Information – Requires the FCC, in consultation with the Federal Trade Commission (“FTC”), to submit a report to Congress no later than one year after the date of enactment, and annually thereafter, on FCC enforcement of Sections 227(b), (c), (d) and (e) of the Act. A series of categories of statistics to be included are specified (e.g., complaints, citations, forfeiture notices, final orders, amounts collected). Specifies that the FCC shall file this report without requiring additional information from providers of telecommunications service or voice service (as the latter is defined in Section 4 of the Pallone-Thune TRACED Act).
Second, it provides that the amendments shall not affect any action or proceeding commenced before or pending on the date of enactment.
Third, it requires the FCC to prescribe implementing regulations not later than 270 days after the date of enactment.
SECTION 4. – CALL AUTHENTICATION – This lengthy provision consumes more than a quarter of the bill in terms of pages. It focuses primarily on the implementation of the STIR/SHAKEN call authentication framework (“STIR/SHAKEN”) by voice service providers.
1. Definitions – Defines STIR/SHAKEN and voice service. The latter includes any service interconnected to the public switched telephone network (“PSTN”) and furnishes voice services using traditional telephone numbers and includes transmissions from a telephone fax machine, computer, or other devices to a telephone fax machine and “without limitation, any service that enables real-time, two-way voice communications….”
2. Authentication Frameworks –
– In General – With prescribed exceptions, not later than 18 months after the date of enactment, the FCC “shall require” a voice service provider to implement STIR/SHAKEN in the IP-networks of the provider and require the provider to “take reasonable measures to implement an effective call authentication framework” in the provider’s non-IP networks.
– Implementation – The FCC “shall not take the action” described immediately above if the Commission determines, not later than 12 months after the date of enactment, that the provider has met certain steps with respect to adopting STIR/SHAKEN in its IP-networks and “reasonable measures” in its non-IP networks, including determining that the provider will be capable of fully implementing STIR/SHAKEN in IP-networks and fully implementing an effective call authentication framework in non-IP networks not later than 18 months after the date of enactment.
– Implementation Report – Not later than 12 months after the date of enactment, the FCC must report to the House Energy and Commerce and Senate Commerce Committees (“the Committees”) on implementation of the call authentication frameworks and assess the “efficacy of” such frameworks in “addressing all aspects of call authentication.”
– Review And Revision Or Replacement – Not later than three years after the date of enactment, and every three years thereafter, the FCC, after “public notice and an opportunity for comment,” must assess the “efficacy” of the call authentication frameworks, revise or replace them, if determined to be in the public interest, and submit a report to the Committees on the findings of the assessment and revision or replacement actions.
– Extension Of Implementation Deadlines
– Not later than 12 months after the date of enactment and “as appropriate thereafter,” the FCC must assess “any burdens or barriers” to implementation, including for certain voice providers, small providers of voice services, and issues relating to equipment availability. Based on a “public finding of undue hardship,” the FCC can delay compliance with the 18-month implementation deadline for a “reasonable period of time” for providers needing to address the “identified burdens and barriers.”
– There is a specific delay provision for voice providers who “materially rely on a non-internet protocol network for provision” of voice services or calls, subject to the requirements described below.
– During any authorized compliance delay, the provider must implement “an appropriate robocall mitigation program to prevent unlawful robocalls from originating” on the provider’s network. If such provider is identified (by a consortium to be set up under Section 13 of the bill) as “repeatedly originating large-scale unlawful robocall campaigns,” the FCC must require the provider to take action to stop such originations. The FCC must take action to minimize the burden of the required robocall mitigation program (but can prescribe specific practices for certain providers).
– The FCC must take steps to enable “as promptly as reasonable full participation” of all classes of voice service providers and types of voice calls in call authentication frameworks. It can limit or terminate a delay in compliance if it determines the “provider is not making reasonable efforts to develop” the prescribed call authentication protocol.
– The FCC must identify, in consultation with small providers of voice services and those in rural areas, “alternative effective” methods to protect consumers from any unauthenticated calls during any compliance delay period.
– Not less frequently than annually after the first delay of compliance is granted, the FCC must consider revising or extending any delay and may do so. A public notice process is prescribed.
– No Additional Costs To Consumers Or Small Business Customers – The FCC must prohibit voice service providers from adding any additional line charges to consumer or small business customer subscribers for the required “effective call authentication technology.”
– Accurate Identification – Not later than 12 months after the date of enactment, the FCC must issue “best practices” that voice service providers may use in implementing effective call authentication frameworks to take steps to “ensure the calling party is accurately identified.”
3. Safe Harbor And Other Regulations – The FCC must not later than 1 year after date of enactment promulgate rules establishing, among other things, “a safe harbor” for voice service providers “from liability for unintended or inadvertent blocking of calls or for unintended or inadvertent misidentification of the level of trust for individual calls based, in whole or in part, on information provided by the call authentication frameworks.”
Other provisions deal with when a provider may block a call based on information from call authentication frameworks and protecting against unreasonable blocking where delay in compliance with the call authentication framework implementation is approved.
The rules also must establish a process to permit adversely affected calling parties to “verify the authenticity of the calling party’s calls.”
In establishing the safe harbor, the Commission must consider limiting the liability of the voice service provider based on several factors, including the use of the call authentication frameworks, implementation of procedures based on information provided by those frameworks, and use of “reasonable care.”
SECTION 5. – INTERAGENCY WORKING GROUP – The Attorney General, in consultation with the FCC Chair, is required to establish “an interagency working group to study Government prosecution of violations of section 227(b)” of the Act. The provision prescribes various “Duties” of the group, including a requirement to consider “whether to establish a process to allow States to request Federal subpoenas from the” FCC, and whether “regulation of any entity that enters into a business arrangement with a common carrier” regulated by the FCC “for the specific purpose of carrying, routing, or transmitting a call that constitutes a violation would assist in the successful prevention and prosecution of such violations.” The Attorney General determines the members, but Departments of Commerce, State, Homeland Security, the FTC and the Consumer Financial Protection Bureau are mentioned. The working group is to consult with “non-Federal stakeholders” as determined by the Attorney General, including the National Association of Attorneys General. Not later than 270 days after the date of enactment, the working group must submit to the Committees a report on the findings of the study, including “any recommendations regarding the prevention and prosecution” of violations and what progress, if any, relevant Federal departments have made “implementing the recommendations.”
SECTION 6. – ACCESS TO NUMBER RESOURCES – Not later than 180 days after the date of enactment, the FCC must commence a proceeding to “determine how Commission policies regarding access to number resources, including number resources for toll-free and non-toll-free telephone numbers, could be modified…to help reduce access to numbers by potential perpetrators of violations of section 227(b)” of the Act. If the FCC determines modifications could help in this regard, it is required to prescribe regulations to implement the modifications.
The Section also provides that “any person who knowingly, through an employee, agent, officer, or otherwise, directly or indirectly, by or through any means or device whatsoever, is a party to obtaining number resources” from a FCC-regulated common carrier in violation of the regulations, shall be subject to a forfeiture penalty under Section 503(b) of the Act, which shall be in addition to any other penalty provided by law.
SECTION 7. – PROTECTIONS FROM SPOOFED CALLS – Not later than one year after the date of enactment, the FCC must initiate a rulemaking to “help protect a subscriber from receiving unwanted calls or text messages from a caller using an unauthenticated number.” The FCC must consider a number of issues in the rulemaking, including the “best means of ensuring that a subscriber or provider has the ability to block calls from a caller using an unauthenticated North American Numbering Plan number” and the “impact on the privacy of a subscriber from unauthenticated calls.”
SECTION 8. – CONSUMER PROTECTIONS FOR EXEMPTIONS – Section 227(b)(2) of the Act is amended by adding a new subparagraph (I), requiring that any exemption granted by the Commission under Sections 227(b)(2)(B) and (C) of the Act must contain “requirements for calls made in reliance on the exemption with respect to” (i) the classes of parties that may make such calls and may be called and (ii) the number of calls that a calling party may make to a particular called party. Regarding any such exemption issued before the date of enactment, the Commission must, not later than one year after such date of enactment, prescribe regulations, or amend existing regulations, as necessary “to ensure that such exemption contains each of the requirements added in subparagraph I.” If the exemption already contains a requirement before the date of enactment, no further or amended regulations are required.
SECTION 9. – REPORT ON REASSIGNED NUMBER DATABASE – Not later than one year after the date of enactment, the FCC must submit to Congress, and make publicly available on the FCC’s website, a report on the “status of [its] efforts pursuant” to its December 12, 2018 Report and Order (“12/18 R&O”) to implement a reassigned number database. The report must describe the FCC’s efforts to ensure (a) establishment of the database, (b) that a person seeking to rely on any safe harbor in the 12/18 R&O must “demonstrate that, before making the call, the person appropriately checked the most recent update of the database and the database reported that the number had not been disconnected” and (c) if the person makes such a demonstration, the person will be shielded from liability under Section 227(b) of the Act should the database return an inaccurate result.
SECTION 10. – STOP ROBOBCALLS
1. Information Sharing Regarding Robocall And Spoofing Violations – Adds a new subsection (i) to Section 227 that requires the FCC, not later than 18 months after the date of enactment, to prescribe regulations to “establish a process that streamlines the ways in which a private entity may voluntarily share with the Commission information relating to”: (a) a call or text message sent in violation of Section 227(b) and (b) a call or text message for which misleading or inaccurate caller ID information was caused to be transmitted in violation of Section 227(c). The definition of a text message is as to be set forth in Section 227(e)(8) as added by the RAY BAUMS Act in 2018, but will apply as of the date of enactment.
2. Robocall Blocking Service – Adds a new subsection (j) to Section 227 that requires the FCC, not later than one year after the date of enactment, to take “final agency action to ensure the robocall blocking services provided on an opt-out or opt-in basis” pursuant to its 6/18 Declaratory Ruling (a) are provided with transparency and effective redress options for consumers and callers and without additional line item charges for consumers and no additional charges to callers for resolving complaints related to erroneously blocked calls and (b) make all reasonable efforts to avoid blocking emergency public safety calls. Same text message definition reference.
3. Study On Information Requirements For Certain Voice over IP Service Providers – Requires a FCC study regarding whether to require a provider of covered Voice over IP (“VoIP”) service to provide and maintain current contact information with the FCC and retain records relating to each call transmitted over the service that are sufficient “to trace such call back to the source of the call.” Not later than 18 months after the date of enactment, the FCC must report to Congress on the results of the study. Defines “covered VoIP service” as interconnected VoIP or service that would be interconnected VoIP except that the service only permits termination of calls to the PSTN, but not receipt of calls from the PSTN.
SECTION 11. – PROVISION OF EVIDENCE OF CERTAIN ROBOCALL VIOLATIONS TO ATTORNEY GENERAL – Requires the Chief of the FCC’s Enforcement Bureau (“EB”) to provide to the Attorney General any evidence obtained that “suggests a willful, knowing and repeated robocall violation with an intent to defraud, cause harm or wrongfully obtain anything of value.” Not later than one year after the date of enactment, the FCC shall publish on its website and submit to the Committees a report that provides the number of instances of the provision of such evidence and summary of types of robocall violations to which such evidence relates. Nothing in the provision is to affect the ability of the FCC or the EB under “other law” to refer a matter to the Attorney General or pursue, or continue to pursue, an enforcement action in a matter on which evidence was provided to the Attorney General. “Robocall violation” means a violation of Sections 227(b) or (e) of the Act.
SECTION 12. – PROTECTION FROM ONE-RING SCAMS – Not later than 120 days after the date of enactment, the FCC must initiate a proceeding to “protect called parties from one-ring scams.” As part of the proceeding, the FCC must consider how it can (a) work with Federal and State law enforcement agencies and foreign governments to address such scams, (b) in consultation with the FTC, better educate consumers on how to avoid such scams, (c) incentivize voice service providers to stop such calls, including “adding identified one-ring scam type numbers to the FCC’s list of permissible categories for carrier initiated blocking,” (d) work with entities that provide call-blocking services to address such scams, and (e) establish “obligations on international gateway providers that are the first point of entry for these calls into the” US, including potential requirements to “verify with the foreign originator the nature or purpose of calls before initiating service.”
Not later than one year after the date of enactment, the FCC must publish on its website and file with the Committees a report on the status of the one-ring scam proceeding.
Defines “one-ring scam” as a “scam in which a caller makes a call and allows the call to ring the called party for a short duration, in order to prompt the called party to return the call, thereby subjecting the called party to charges.” It also defines “State” (as in Section 3 of the Act) and “voice service,” as added to Section 227(e)(8) by the RAY BAUMS Act in 2018.
SECTION 13. – ANNUAL ROBOCALL REPORT
1. In General – Not later than one year after the date of enactment, and annually thereafter, the FCC must make publicly available on its website and file with the Committees, a report “on the status of private-led efforts to trace back the origin of suspected unlawful robocalls” by the “registered consortium and the participation of voice service providers in such efforts.”
2. Registration Of Consortium Of Private-Led Efforts To Trace Back The Origin Of Suspected Unlawful Robocalls – Not later than 90 days after the date of enactment, the FCC “shall issue rules to establish a registration process for the registration of a single consortium that conducts private-led efforts to trace back the origin of suspected unlawful robocalls.” The consortium shall (a) be “a neutral third party competent to manage” such a trace back effort, (b) maintain a “set of written best practices about the management of such efforts” and “providers of voice services participating” in such efforts, (c) focus on “‘fraudulent, abusive or unlawful’ traffic”, and (d) file a notice with the FCC that the “consortium intends to conduct private-led efforts to trace back in advance of such registration.” Not later than 120 days, after the date of enactment, and annually thereafter, the FCC must issue a “notice to the public seeking the registration” prescribed by above.
3. List Of Voice Service Providers – The FCC may publish a list of voice service providers and “take appropriate enforcement action” based on (a) information obtained from the consortium about such providers that “refuse to participate in private-led” trace back efforts and (b) other information the FCC may “collect about voice service providers that are found to originate or transmit substantial amounts of unlawful robocalls.”
4. Additional Information – Not later than 210 days after the date of enactment, and annually thereafter, the FCC must issue a public notice seeking additional information from voice service providers and the consortium “necessary for” the required annual report by the FCC.
5. Contents Of [Annual] Report – The report shall include as a minimum (a) description of efforts of the consortium and its efforts to coordinate with the FCC, (b) a list of voice service providers identified by the consortium who participated in private-led trace back efforts, (c) a list of voice service providers that were requested by the consortium to participate in such efforts and refused to participate, (d) the reasons, if any, given for not participating, and (e) a description of how the FCC can use in its enforcement efforts the information provided by the voice service providers or the consortium regarding trace back efforts.
6. Definitions – The Section includes definitions of (a) “private-led effort to trace back,” (b) “registered consortium,” (c) “suspected unlawful robocall (“reasonable” belief that the call “was made in violation of” Sections 227(b) or (e) of the Act), and (d) “voice service” (comparable to definition in Section 4 regarding Call Authentication).
SECTION 14. – HOSPITAL ROBOCALL PROTECTION GROUP
1. Establishment – Not later than 180 days after the date of enactment, the FCC must establish “an advisory committee to be known as the ‘Hospital Robocall Protection Group’ (“Group”).”
2. Membership – The membership shall include voice service providers serving hospitals, companies focusing on mitigating robocalls, consumer advocacy organizations, one-way VoIP providers, hospitals, state government officials focused on combatting unlawful robocalls, and FCC and FTC representatives.
3. Issuance Of Best Practices – Not later than 180 days after the Group is established, it must issue “best practices” as to how hospitals can better combat unlawful robocalls made to hospitals, how they can better protect themselves from such calls and how the Federal and State governments can help combat such calls.
4. Proceeding By FCC – Not later than 180 days after the Group issues the best practices, the FCC shall “conclude a proceeding to assess the extent to which the voluntary adoption of such best practices can be facilitated to protect hospitals and other institutions.”
5. Definitions – Includes definitions of (a) “Group,” (b) “State,” and (3) “voice service” (again comparable to the definition in Section 4 regarding Call Authentication).
SECTION 15. – SEPARABILITY CLAUSE – If any provision or amendments are held invalid, the remainder of the Pallone-Thune TRACED Act and the amendments and the “application of such provision to other persons or circumstances shall not be affected….”
We hope that this summary overview is helpful, but as noted above, it is not a substitute for reviewing the text of the bill itself. All should take the time to do so.
The bill is currently on the House Legislative Calendar for possible action under suspension of the House Rules this week.
As always, TCPAWorld will keep you posted.