Yaana’s FCC Ray Baum’s Act Filing Explained
Disclaimer: Because some of the links are to sites that require organization access accounts, please contact the blog author for copies of documents not accessible: Anthony Rutkowski, firstname.lastname@example.org
Today, Yaana filed ex partecomments in the FCC’s new Ray Baum’s Act Sec. 503 proceeding being instituted by Commission as part of its 14 February 2019 agenda. This note explains what the Ray Baum’s Act section and new proceeding are about, who Yaana is, what the company said to the FCC Commissioners, and the larger context of spoofing internationally.
Ray Baum’s Act and the FCC Proceeding
The Act was named after the late Oregon Public Utility Commissioner and has a Sec. 503 entitled “spoofing prevention.” Among other things, the provisions make amendments to the Communications Act of 1934 “expanding and clarifying prohibition on misleading or inaccurate caller identification information…from outside the United States,” and requiring certain actions of the FCC and FTC. It became law in late 2018 and requires that the FCC “prescribe regulations to implement the amendments made by this subsection not later than 18 months after the date of enactment of this Act.”
While the provenance of the provision is somewhat unclear, the provision does explicitly rectify a long-existing omission of the Commission and its related activities: 1) largely ignoring the reality that significant text and voice spam, robocalling, and caller-id spoofing originates from outside the U.S. and 2) failure to engage in the many significant international activities which have long been underway in multiple international bodies – especially the responsible technical standards committees of the International Telecommunication Union Telecommunication Standardization body (ITU-T). Most nations are facing the same challenges here, and the needed solutions are plainly global.
The FCC agenda item points to a FCC Fact Sheet that describes the contemplated Notice of Proposed Rulemaking to implement the anti-spoofing provisions of the Ray Baum’s Act. As it notes, it is largely following the language in the Act.
Yaana and its FCC filing
Yaana is a well-known Milpitas-based global provider of services and products to meet network compliance requirements worldwide. Over the past twenty years, Yaana has actively participated in, and frequently led, many industry standards initiatives for compliance requirements. Those initiatives have included analysis, reports, and technical solutions for mitigating traffic and call identity spoofing.
For example, in September 2016, Yaana contributed an extensive report providing a structured overview of requirements, reports, measures and venues addressing the growing challenges of spoofed telephone calls to the Cybersecurity Technical Committee of the ICT global standards body, ETSI. It was followed in February 2017, by a comprehensive update report on Spoofed Call Developments.
Yaana’s ex parte comments to the FCC CallerID spoofing and Ray Baum’s Act dockets, 18-335 and 11-39, include a reference to one of the several international caller-id anti-spoofing work items underway in the ITU-T Study Group 2, known as Recommunication M.rtafm. The group has jurisdiction over international telephone number allocation and use, and the latest input document from the work item rapporteur into the plenary meeting in Geneva, 19-28 February, deals with the specific anti-spoofing requirements being considered by the Commission. Yaana also provided the Commission with the latest version of Recommendation ITU-T M.rtafm, “Requirements for Telecom anti-Fraud Management in the TMN” and urged the Commission to become actively involved in the ongoing work going forward – pursuant to Baum’s Act. The draft recommendation includes use cases, characteristics of fraudulent calls, and a framework for detecting and mitigating nuisance and spoofed calls.
Anti-spoofing activities internationally
Today there are several significant international venues in which the Commission should be engaged pursuant to Baum’s Act Sec. 503. Perhaps the most important, however, is ITU-T because is it is both an intergovernmental body and it is the venue that created the treaty agreements and standards for telephony and texting services, is responsible for the related telephone numbers, and for the underlying management systems and trust mechanisms for caller-id. Indeed, thirty years ago, it was the FCC that pursuant to the Computer III proceeding, helped develop the capabilities domestically and migrate them into the ITU-T.
Almost every FCC action required under Baum’s Act Sec. 503 is underway in ITU-T Study Groups 2 (operations and management) and 17 (security). Indeed, at the upcoming ITU-T SG2 meeting, there is a new work item proposal which is almost a copy Sec. 503, specifically to “present information on calling party number spoofing and means to combat it,” together with a base text. Arguably, the FCC should be leading this work item, or at least contributing significantly to its development.
Additionally, the ITU-T has also over more than a decade, been hosting international activities including a workshop specifically on Caller ID spoofing, special working groups, technologies, and technical/operational standards for mitigation.
Study Group 2 is not the only relevant venue at the ITU-T. SG17 has an entire subgroup – Q5/17 (Countering spam by technical means) – with five current work items that fall within the scope of Baum’s Act Sec. 503.
So the consequential question posed to the FCC going forward is whether or not it at long last will engage with its peers worldwide and industry in finding effective international solutions to caller-id spoofing and robocall mitigation.