It has been busy at the FCC.
On March 16, 2023, the Federal Communications Commission (FCC or Commission) announced its issuance of two headline-making Report and Order and Further Notices of Proposed Rulemaking (FNPRM) to combat scam texting and robocalls.
Text messaging is among the most popular forms of communication, the FCC said, but with that popularity comes risk.
“This Report and Order on scam texting [is] the Commission’s first action to protect consumers from unwanted and illegal texts requiring that all mobile wireless providers block certain text messages that are highly likely to be illegal so that all subscribers have a basic level of protection,” the agency explained.
Specifically, the new regulations require mobile wireless providers to block text messages from numbers on a reasonable Do Not Originate list, which would include numbers that purport to be from invalid, unallocated or unused North American Numbering Plan (NANP) numbers, and numbers for which the subscriber to the number has requested that texts purporting to originate from that number be blocked.
Any erroneous text blocking can be reported to the provider doing the blocking by requiring mobile wireless providers to maintain a single point of contact for texters to report erroneously blocked texts, the FCC said. While no date for complying with these changes has been set, these new rules will go into effect “no later than six months after publication of notice of OMB approval under the Paperwork Reduction Act.”
“The rules we adopt today are a targeted first step,” the FCC wrote, adding that the changes “will impose a minimal burden on mobile wireless providers while providing a necessary baseline level of protection to consumers.”
Even more significant, however, is the FCC’s solicitation of comments for how to close the “lead generator loophole.” This “loophole” manifests itself when a website seeks consent to contact a consumer on behalf of the entity that owns the website and its “partners.” The FCC states that there are many instances where these “partners” could number in the thousands and often do not have any logical connection to the topic regarding which the consumer provided consent to be contacted. To that end, the FCC is exploring a ban on the practice of obtaining a single consumer consent as grounds for delivering calls and text messages from multiple marketers on subjects beyond the scope of the original consent:
“We seek comment on amending our TCPA consent requirements to require that such consent be considered granted only to callers logically and topically associated with the website that solicits consent and whose names are clearly disclosed on the same web page,” according to the FNPRM.
In conjunction with this effort, the FCC proposed amendments (in bold underline below) to 47 C.F.R. § 64.1200(f)(9):
(9) The term prior express written consent means an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice, and the telephone number to which the signatory authorizes such advertisements or telemarketing messages to be delivered. Prior express written consent for a call or text may be to a single entity, or to multiple entities logically and topically associated. If the prior express written consent is to multiple entities, the entire list of entities to which the consumer is giving consent must be clearly and conspicuously displayed to the consumer at the time consent is requested. To be clearly and conspicuously displayed, the list must, at a minimum, be displayed on the same web page where the consumer gives consent.
The FCC additionally sought comment on whether to require mobile wireless providers to block texts when notified by the Commission that they are likely scams (similar to the FCC’s requirement for gateway providers in regard to voice calls), on the prospect of text message authentication, and on the possibility of an express clarification by the FCC that Do-Not-Call (DNC) protections apply to marketing text messages as well as voice calls.
The proposed rule was published in the federal register on April 7, 2023. Comments are due by May 8, 2023, and reply comments are due by June 6, 2023. Businesses interested in submitting comments may reach out to a Manatt professional. Additionally, the Professional Association for Customer Engagement (“PACE”) is also soliciting business feedback, and interested parties should contact Michele Shuster at Mac Murray & Shuster LLP, mshuster@mslawgroup.com. Comments can be anonymized through PACE.
To read the Report and Order and FNPRM, click here.
Further, in yet another push toward increasing consumer protections, the FCC issued a Sixth Report and Order and Further Notice of Proposed Rulemaking adopting new rules to combat illegal robocalls, including by enhancing and expanding provider obligations to implement the STIR (Secure Telephony Identity Revisited)/SHAKEN (Signature-based Handling of Asserted Information Using toKENs) caller ID authentication framework.
These rules “will require intermediate providers that receive unauthenticated IP calls directly from domestic originating providers to use STIR/SHAKEN to authenticate those calls,” the FCC explained. The FCC set a December 31, 2023 compliance deadline for these new authentication obligations. Moreover, all providers, regardless of their STIR/SHAKEN implementation status, are mandated to take “reasonable steps” to mitigate illegal robocall traffic and submit a certification and mitigation plan to the FCC’s Robocall Mitigation Database. Newly covered providers must meet the general mitigation standard withing 60 days following the rule’s publication in the federal register, which was published on April 11, 2023. Newly covered providers must therefore become compliant by June 10, 2023. The effective date of the changes to the CFR, however, is May 11, 2023.
The rules also implement procedures for removal of intermediate providers from the Robocall Mitigation Database and for an expedited removal process for providers that submit deficient certifications. Finally, the adoption of the Report and Order also establishes enforcement consequences for repeat offenders of robocall mitigation rules, including a forfeiture penalty on a per-call basis ranging from a minimum of $2,500 per call up to $23,727 per call and, for repeat offenders, the possibility of revocation of section 214 operating authority.
The FCC also sought comment on the use of third-party solutions to authenticate caller ID information and the possible elimination of STIR/SHAKEN implementation extension for providers that cannot obtain an SPC token, among other topics. Comments are due on May 11, 2023, with reply comments due on June 12, 2023.
To read the Report and Order and FNPRM, click here.
Why it matters: Big changes are coming. The FCC took pains to emphasize that these new rules were only the “first step” in its efforts to provide consumers protection from illegal and unwanted texts and robocalls. The FNPRMs are merely a preview of what might be in store for businesses, with anticipated changes ranging from the extension of DNC protections to a seismic shift in the validity of consent that could upend the lead-generation industry to explicitly permitting third parties to authenticate calls on behalf of a provider with A- or B-level attestations consistent with ATIS standards.