Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act)

AGENCY:

Federal Communications Commission.

ACTION:

Final rule.

SUMMARY:

In this document, the Federal Communications Commission (Commission) adopts rules to implement the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) to streamline the process by which private entities may submit information to the Commission about violations of the Communications Act.

DATES:

Effective October 25, 2021.

FOR FURTHER INFORMATION CONTACT:

For further information, contact Daniel Stepanicich, Attorney, Telecommunications Consumers Division, Enforcement Bureau, at (202) 418-7451 or daniel.stepanicich@fcc.gov.

SUPPLEMENTARY INFORMATION:

This is a summary of the Commission's Report and Order, in EB Docket No. 20-374, FCC-21-75, adopted and released on June 17, 2021. The full text of this document is available for public inspection online at https://ecfsapi.fcc.gov/file/06171386503472/FCC-21-75A3.pdf. To request this document in accessible formats for people with disabilities ( e.g., Braille, large print, electronic files, audio format, etc.) or to request reasonable accommodations ( e.g., accessible format documents, sign language interpreters, CART, etc.), send an email to fcc504@fcc.gov or call the FCC's Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY).

Synopsis

1. This Report and Order establishes a streamlined process for private entities to submit information about unlawful, unwanted calls. In the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), Congress directed the Commission to establish regulations to create a process that “streamlines the ways in which a private entity may voluntarily share with the Commission information relating to” a call or text message that violates prohibitions regarding robocalls or spoofing set forth section 227(b) and 227(e) of the Communications Act of 1934, as amended. We adopt rules to establish an online web portal where private entities may submit information about suspected violations of sections 227(b) and 227(e). The Commission's Enforcement Bureau (Bureau) will monitor the portal.

2. Section 227 of the Communications Act of 1934, as amended (the Communications Act), is designed to protect consumers from unlawful robocalls. Sections 227(b), (c), and (d) impose specific requirements on telemarketing and prerecorded voice message calls to give consumers the ability to know who is calling and to control the calls they receive. Section 227(e) prohibits unlawful spoofing—the transmission of misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value. The Commission vigorously enforces violations of section 227.

3. The Commission has a well-established process for individual consumers to submit complaints about unwanted and suspected illegal robocalls and spoofed calls: The Commission's informal consumer complaint process, which the Consumer and Governmental Affairs Bureau oversees. We also have a process for obtaining information from certain public entities: Federal and state law enforcement agencies routinely coordinate with the Enforcement Bureau about robocall and caller ID spoofing enforcement and mitigation efforts. In addition, public entities often contact Enforcement Bureau staff directly about robocalling and spoofing matters. Against that background, Congress directed the Commission to develop a streamlined process for private entities to submit robocall information to the Commission.

4. Timely and thorough information from private entities is crucial to enable the Commission to mitigate illegal robocall incidents and bring swift enforcement actions. Our past robocall enforcement actions have relied extensively upon information from private entities. For example, in two enforcement actions, a medical paging company was a key source; it informed the Bureau that the paging company's phone lines were being bombarded by spoofed robocalls. Another enforcement action relied extensively on information from an industry group, the USTelecom's Industry Traceback Group (Traceback Group).

5. The TRACED Act directs the Commission no later than June 30, 2021 to “prescribe regulations to establish a process that streamlines the ways in which a private entity may voluntarily share with the Commission information relating” to violations of section 227(b) or 227(e) of the Communications Act. We released a Notice of Proposed Rulemaking ( NPRM ) on December 8, 2020, proposing to establish a streamlined process for private entities to submit information about robocall violations to the Commission. CTIA, SAFE Credit Union (SAFE), Twilio, Inc., and USTelecom-The Broadband Association (USTelecom) filed comments.

6. We amend our rules to establish a streamlined process for private entities to submit information about violations of Sections 227(b) and 227(e) of the Act to the Commission. To achieve this objective, we direct the Enforcement Bureau to create and monitor an online portal located on the Commission website. We anticipate that this portal will be particularly useful to private entities experiencing large scale robocall incidents and voice service providers that have network analytic information. This robocall “tip” line will provide a streamlined process for reporting potential violations, and will enable the Enforcement Bureau to respond quickly to disruptive robocalling events.

7. Definition of Private Entity. We define “private entity” as any entity other than (1) an individual natural person or (2) a public entity. In the NPRM, we proposed to include individuals in the definition of “private entity” but sought comment on the proposed interpretation, and whether there was a basis for a different interpretation of the term. Commenters suggested that the Commission consolidate the new portal and its existing informal consumer complaint process, which the Consumer and Governmental Affairs Bureau administers, or better distinguish the two processes by defining “private entity” to exclude consumers. Commenters were concerned that the definition proposed in the NPRM would create consumer confusion and duplicate existing Commission robocall information collection efforts.

8. We agree with the commenters and therefore exclude individual natural persons from the definition of private entity. First, we find that interpreting the term to exclude individual consumers from the definition of private entity is consistent with Congress's other uses of that term and similar terms. Congress did not define “private entity” in the TRACED Act. Elsewhere in the Communications Act, however, Congress used the term “person” to include individuals and organizational entities. Thus, if Congress had intended to include individuals, we presume that it would have used the term “person.” Moreover, in other statutes the term “private entity” is often used to refer to organizations rather than individuals. Black's Law Dictionary defines “entity” as “[a]n organization (such as a business or a governmental unit) that has a legal identity apart from its members or owners.” Second, we find that, as a policy matter, we should exclude individuals from the definition of private entity as the term is used in section 10(a) of the TRACED Act. We agree with commenters that including individuals within the definition of private entity would undermine the intent of the statute to streamline information collection about robocalls and spoofed calls, and would create confusion for consumers about whether to use the existing informal complaint process or the new portal, or both. Consumers are already served by the existing informal complaint intake process, and the TRACED Act gives no indication that Congress intended to upset or replace that process. Third, consumers will not be adversely affected by our decision to exclude them from the definition of private entity. If an individual consumer mistakenly files a complaint with the new portal, the Bureau will forward the complaint to the Consumer and Governmental Affairs Bureau.

9. We also clarify that a “public entity” is any governmental organization at the federal, state, or local level. This definition is consistent with common usage. Black's Law Dictionary defines “public entity” as “a governmental entity, such as a state government or one of its political subdivisions.” At least one statute, the Americans with Disabilities Act, defines public entity as any state or local government and “any department, agency, special purpose district, or other instrumentality of a State or States or local government.”

10. Streamlined Process. The rules we adopt today create a streamlined process by which a private entity may submit information about suspected robocall and spoofing violations directly to the Bureau via an online portal located on the FCC website. We interpret section 10(a) of the TRACED Act to encompass “suspected” or “alleged” violations of section 227(b) or section 227(e) as the most natural reading the of the statute. A private entity cannot determine whether a call violated the TCPA or the Truth in Caller ID Act—this determination is left to the Commission, an action brought by state law enforcement, or a judicial outcome from a private right of action. Thus, a private entity is only in a position to provide information about calls that it suspects are violations of the law. The portal will request private entities to submit certain minimum information including, but not necessarily limited to, the name of the reporting private entity, contact information, including at least one individual name and means of contacting the entity ( e.g., a phone number), the caller ID information displayed, the phone number(s) called, the date(s) and time(s) of the relevant calls or texts, the name of the reporting private entity's service provider, and a description of the problematic calls or texts. Although the portal will not reject submissions that fail to include the above information, such failure will make it more difficult for the Bureau to investigate fully and take appropriate enforcement action. Once submitted, the Bureau will review to determine whether the information presents evidence of a violation of our rules.

11. We agree with comments expressing the importance of vetting submitted information and protecting confidentiality. The Bureau will review information submitted through the portal to assess violations of the rules in the same manner that it reviews information submitted to the Commission through other means. All persons are required to submit truthful and accurate statements to the Commission. To protect law enforcement methods and techniques, we decline to adopt SAFE Credit Union's suggestion to detail the exact steps and criteria that the Bureau will use to evaluate the information submitted. Furthermore, we agree with commenters that the Bureau should protect the confidentiality of information submitted through the portal, especially because the data may include personally identifiable information or customer proprietary network information. Consistent with these privacy protections, however, the Bureau may share information gathered from the portal with other government agencies combatting robocalls. To the extent allowed by the Privacy Act of 1974 and our rules, the portal will clearly state that the Bureau may share submitted information with the Department of Justice, Federal Trade Commission, other federal agencies combatting robocalls, state attorney general offices, other law enforcement entities with which the Commission has information sharing agreements, and the registered traceback consortium.

12. The purpose of the portal is to provide private entities a streamlined method to submit information to the Bureau about suspected robocall or spoofing violations. USTelecom requests that we encourage private entities to first coordinate with the registered traceback consortium prior to filing information in the portal. While we encourage private entities to make use of the registered consortium's resources, we decline to mandate that private entities must coordinate with the consortium prior to submitting information to the Commission.

13. No Impact on Informal Consumer Complaint Process. This new portal will not affect the process by which a consumer submits an informal complaint about a robocall or spoofed call, using the long-standing process located on the Commission's homepage. The current informal consumer complaint process is a vital tool for the Commission. The Consumer and Governmental Affairs Bureau uses this information to inform Commission consumer protection policies as well as for analytical and consumer education purposes. The Consumer and Governmental Affairs Bureau also forwards complaints to the Enforcement Bureau, which may use them to pursue enforcement actions. Commenters raise concerns that the new streamlined portal will create consumer confusion or duplicate current processes. We find that our decision to exclude individual consumers from the definition of private entity will greatly reduce, if not eliminate, potential confusion.

14. Twilio recommends that the Commission create one centralized mechanism for reporting all information regarding robocalling and spoofing, whether it is from a whistleblower, company, or consumer. We agree with Twilio that private entities and consumers should be directed to a centralized reporting mechanism, but we also find that the new portal should be distinct from the existing informal consumer complaint process. First, we find that there is value in maintaining the separate informal consumer complaint process. That process is a well-established one that consumers have come to understand and depend upon. In addition, it serves as a valuable clearinghouse for the Commission to identify trends and activities that are negatively affecting consumers. The data in turn informs the Commission's policy work, serves as a deterrent to companies the Commission regulates and contributes to consumer protection efforts. Second, we find that establishing a stand-alone process designed specifically to handle concerns from private entities ( i.e., not individual consumers) about robocalls and spoofing best aligns with the TRACED Act requirement. Congress adopted the requirement to create a streamlined process to collect information about robocalls and spoofing against the backdrop of the existing informal consumer complaint process. Instead, the new portal will be integrated with, but distinct from, the existing consumer complaint process. Private entities and consumers who wish to submit information or complaints about robocalls will be directed on the FCC website to the appropriate intake process for their situation—the new portal for private entities or the existing informal consumer complaint process for consumers. We find that adopting a distinct intake process for private entities best satisfies the statutory language, while integrating it with the existing process managed by the Consumer and Governmental Affairs Bureau will reduce administrative costs and consumer confusion.

15. We acknowledge commenters' concerns that, at least initially, private entities might be confused about whether the consumer complaint process or the new streamlined process is a more appropriate place to submit information. Thus we adopt SAFE Credit Union's suggestion that the portal “clearly explain its purpose and intended use.” To that end, the new portal's home page will include prominent language that not only explains its purpose and use, but also distinguishes that portal from the existing informal consumer complaint process so as to minimize possible confusion. The portal is available for use by private entities that wish to submit information about suspected robocall or spoofing violations. Relevant incidents might include a corporation or association experiencing a deluge of robocalls overwhelming their internal phone network or a voice service provider that found evidence of illegal robocalls traversing its network. The portal is also available for use by private entities that have had their number(s) spoofed. Consumers, meanwhile, should continue to submit individual complaints about unwanted robocalls and spoofed calls that they receive through the Consumer and Governmental Affairs Bureau's informal consumer complaint process. We recognize that consumers might mistakenly file complaints through the new streamlined process rather than the existing consumer complaint process. In such cases, the Enforcement Bureau will forward such consumer complaints to the Consumer and Governmental Affairs Bureau.

16. Delegated Authority. Lastly, we delegate authority to the Bureau to make further decisions about administration of the portal. Additional technical issues may arise in the future, and those decisions can be made by the Bureau.

17. Final Regulatory Flexibility Analysis. As required by the Regulatory Flexibility Act of 1980, as amended (RFA), the Commission has prepared a Final Regulatory Flexibility Analysis (FRFA) relating to this Report and Order. The FRFA is set forth in Appendix C.

18. Paperwork Reduction Act of 1995 Analysis. The Report and Order contains new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA). It will be submitted to the Office of Management and Budget (OMB) for review under section 3507(d) of the PRA. OMB, the general public, and other Federal agencies will be invited to comment on the new or modified information collection requirements contained in this proceeding. In addition, we note that pursuant to the Small Business Paperwork Relief Act of 2002, we previously sought specific comment on how the Commission might further reduce the information collection burden for small business concerns with fewer than 25 employees.

19. In this document, we have created a new online portal located on the Commission website where private entities, including small businesses, may submit information about robocall or spoofing violations. The portal will collect contact information of the reporting entity, information about the suspected illegal robocall, and a description of the robocall incident. Use of the portal is completely voluntary and we impose no new requirements on small businesses. Thus, we have minimized the impact on small businesses.

20. Congressional Review Act. The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs that this rule is non-major under the Congressional Review Act, 5 U.S.C. 804(2). The Commission will send a copy of this Report and Order to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).

21. People with Disabilities. To request material in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an email to fcc504@fcc.gov or call the Consumer and Governmental Affairs Bureau at 202-418-0530 (voice).

22. Further Information. For further information, contact Daniel Stepanicich, Attorney, Telecommunications Consumers Division, Enforcement Bureau, at (202) 418-7451 or daniel.stepanicich@fcc.gov.

23. Accordingly, it is ordered , pursuant to sections 4(i), 4(j), and 227 of the Communications Act of 1934, as amended, 47 U.S.C. 154(i), 154(j), and 227, and section 10(a) of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Public Law 116-105, 133 Stat. 3274, this Report and Order, is hereby adopted .

24. It is further ordered that parts 0 and 64 of the Commission's rules are amended as set forth in Appendix A.

25. It is further ordered that, pursuant to §§ 1.4(b)(1) and 1.427(a) of the Commission's rules, 47 CFR 1.4(b)(1), 1.427(a), this Report and Order and the amendments to parts 0 and 64 of the Commission's rules, as set forth in Appendix A, shall be effective 30 days after publication in the Federal Register . Sections 64.1204(a) and 64.1606(a) contain new or modified information collection requirements that require review by OMB under the PRA. The Commission directs the Enforcement Bureau to announce the effective date for those information collections in a document published in the Federal Register after OMB completes its review, and directs the Enforcement Bureau to cause §§ 64.1204 and 64.1606 to be revised accordingly.

26. It is further ordered that the Commission shall send a copy of this Report and Order Rulemaking, including the Final Regulatory Flexibility Analysis, in a report to Congress and the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. 801(a)(1)(A).

27. It is further ordered that the Commission's Consumer and Governmental Affairs Bureau, Reference Information Center, shall send a copy of this Report and Order Rulemaking, including the Final Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration.

List of Subjects in 47 CFR Parts 0 and 64

• Authority delegations (Government agencies)
• Telecommunications

Final Rules

For the reasons discussed in the preamble, the Federal Communications Commission proposes to amend 47 CFR parts 0 and 64 as follows:

PART 0—COMMISSION ORGANIZATION

1. The authority citation for part 0 continues to read as follows:

Authority: 47 U.S.C. 151, 154(i), 154(j), 155, 225, and 409, unless otherwise noted.

2. Amend § 0.111 by redesignating paragraph (j) as paragraph (k) and revising it and by adding new paragraph (j) to read as follows:

PART 64—MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

3. The authority citation for part 64 continues to read as follows:

Authority: 47 U.S.C. 151, 152, 154, 201, 202, 217, 218, 220, 222, 225, 226, 227, 227b, 228, 251(a), 251(e), 254(k), 262, 276, 403(b)(2)(B), (c), 616, 620, 1401-1473, unless otherwise noted, Pub. L. 115-141, Div. P, sec. 503, 132 Stat 348, 1091.

4. Add § 64.1204 to subpart L to read as follows:

5. Add § 64.1606 to subpart P to read as follows: