Targeting and Eliminating Unlawful Text Messages

Download PDF
Federal RegisterOct 11, 2022
87 Fed. Reg. 61271 (Oct. 11, 2022)

AGENCY:

Federal Communications Commission.

ACTION:

Proposed rule.

SUMMARY:

In this document, the Federal Communications Commission (Commission) proposes to require mobile wireless providers to block texts, at the network level, that purport to be from invalid, unallocated, or unused numbers, and numbers on a Do-Not-Originate (DNO) list. The document also seeks comment on the extent to which spoofing is a problem with regard to text messaging and whether there are measures the Commission can take to encourage providers to identify and block texts that appear to come from spoofed numbers. In addition, the document seeks comment on applying caller ID authentication standards to text messaging.

DATES:

Comments are due on or before November 10, 2022 and reply comments are due on or before November 25, 2022.

ADDRESSES:

You may submit comments, identified by CG Docket No. 21-402, by any of the following methods:

• Comments may be filed using the Commission's Electronic Comment Filing System (ECFS), https://www.fcc.gov/ecfs/.

• Effective March 19, 2020, and until further notice, the Commission no longer accepts any hand or messenger delivered filings. This is a temporary measure taken to help protect the health and safety of individuals, and to mitigate the transmission of COVID-19. See FCC Announces Closure of FCC Headquarters Open Window and Change in Hand-Delivery Policy, Public Notice, DA 20-304 (March 19, 2020), https://www.fcc.gov/document/fcc-closes-headquarters-open-window-and-changes-hand-delivery-policy.

  • In the event that the Commission announces the lifting of COVID-19 restrictions, a filing window will be opened at the Commission's office located at 9050 Junction Drive, Annapolis, MD 20701.

People with Disabilities. To request materials in accessible formats for people with disabilities (Braille, large print, electronic files, audio format), send an email to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice).

FOR FURTHER INFORMATION CONTACT:

Mika Savir of the Consumer Policy Division, Consumer and Governmental Affairs Bureau, at mika.savir@fcc.gov or (202) 418-0384.

SUPPLEMENTARY INFORMATION:

This is a summary of the Commission's Notice of Proposed Rulemaking, FCC 22-72, CG Docket No. 21-402, adopted on September 23, 2022, and released on September 27, 2022. The full text of this document is available online at https://www.fcc.gov/document/fcc-proposes-blocking-illegal-text-messages.

This matter shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission's ex parte rules. 47 CFR 1.1200 et seq. Persons making oral ex parte presentations are reminded that memoranda summarizing the presentations must contain summaries of the substance of the presentations and not merely a listing of the subjects discussed. See47 CFR 1.1206(b). Other rules pertaining to oral and written ex parte presentations in permit-but-disclose proceedings are set forth in § 1.1206(b) of the Commission's rules, 47 CFR 1.1206(b).

Initial Paperwork Reduction Act of 1995 Analysis

This document does not propose new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. In addition, therefore, it does not propose any new or modified information collection burden for small business concerns with fewer than 25 employees, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see44 U.S.C. 3506(c)(4).

Synopsis

1. In this notice of proposed rulemaking ( NPRM), the Commission proposes to require mobile wireless providers to block text messages at the network level ( i.e., without consumer opt in or opt out) that purport to be from invalid, unallocated, or unused numbers, and numbers on the Do-Not-Originate (DNO) list. These texts are highly likely to be illegal. The Commission seeks comment on this proposal, including whether these text messages represent a material fraction of unwanted text messages. The Commission seeks comment on whether providers are blocking these types of messages today and, if so, how that blocking may inform the proposal. The Commission seeks comment on additional types of text blocking providers are currently doing, ( e.g., blocking based on reasonable analytics). The Commission seeks comment on whether requiring mobile providers to block text messages at the network level is necessary or whether the Commission should simply continue to allow for such network level blocking. The Commission also seeks comment on whether numbers placed on the DNO list are used for illegal texts.

2. Spoofing is where the caller disguises its number and instead shows the number of a neighbor or reputable source in the caller ID field in order to trick the recipient into thinking the call is trustworthy. The Commission seeks comment on the extent to which spoofing is a problem with regard to text messaging. The Commission also seek comment on whether there are additional measures the Commission can take to encourage mobile wireless providers to block texts that appear to come from spoofed numbers.

3. The Commission seeks comment on the need for mandatory blocking. The Commission seeks comment on whether increases in illegal texts may be a result of blocking unwanted calls and if the Commission should bring text blocking more in line with call blocking by requiring blocking from invalid, unallocated, or unused numbers, and numbers that otherwise appear to be spoofed, and therefore reduce the incentive for scammers to migrate to texting.

4. The Commission seeks comment on the voluntary text blocking that providers are currently doing to protect their subscribers. The Commission also seeks comment on the effectiveness of device-level or application-based text blocking to reduce illegal texts and the prevalence of application-based ( i.e., over the top, or OTT) text messaging and whether there are more or fewer illegal text messages sent on OTT services as opposed to through mobile wireless providers. The Commission seeks comment on how OTT messages differ in transmission characteristics from SMS and MMS texts, including their relationship to wireless telephone numbers and how likely the proposed regulations will mitigate the problem of illegal texts.

5. The Commission seeks comment on whether the definition of text message in the current rules would apply to OTT messages sent to wireless telephone numbers, but not to OTT messages sent to other users within the same application. The current definition of text message, in the Truth in Caller ID rules, includes SMS messages but “does not include . . . a message sent over an IP-enabled messaging service to another user of the same messaging service.”

6. The Commission also proposes that all tools that service providers use to determine whether a text is highly likely to be illegal be applied in a non-discriminatory, competitively- and content-neutral manner. For example, blocking by a provider must not be based solely or in part on the identity of other providers in the text's transmission path. Nor may blocking be based on unfavored content. The Commission seeks comment on adopting the same “highly likely to be illegal” criteria adopted for call blocking and on additional standards for blocking that may prevent blocking of legal, legitimate (and wanted) texts, particularly in the case of one-to-many text messages.

7. The Commission seeks comment on whether and how to protect consumers from erroneous blocking of emergency text messages. Commission rules require Commercial Mobile Radio Service (CMRS) and certain other text messaging providers to send 911 text messages to Public Safety Answering Points (PSAPs) that are capable of receiving them. Where the PSAP is not capable of receiving 911 texts, these providers must deliver an automatic bounce-back text message to any consumer attempting to text 911 stating that text-to-911 service is unavailable. The Commission states that it is improbable that text messages to 911 will be erroneously blocked and seeks comment on the risk of erroneous blocking of texts to 911 and on any mechanisms or standards the Commission should adopt to mitigate such risks.

8. The Commission also seeks comment on whether illegal texting to 911 poses a problem for PSAPs and, as a result, a threat to public safety. In addition, some text-capable PSAPs routinely send outbound text messages in response to hang-up calls or erroneously-dialed calls to 911. The Commission seeks comment on the risk of erroneous blocking of outbound texts from PSAPs and 911 call centers and whether there other types of non-911 health and safety text communications, such as public health notices, text-based public safety alerts, or texts to suicide prevention services such as the National Suicide Prevention Lifeline that are at risk of being erroneously blocked.

9. The Commission has acknowledged that call blocking comes with a risk that consumers could miss wanted calls, and recognizes the same concerns exist with the text blocking. The Commission states that because the proposal is that text messages deemed highly likely to be illegal would be subject to blocking, the risk of erroneous blocking would be minimal. The Commission seeks comment on whether to apply safeguards to any text blocking requirements. For example, should the Commission require that each terminating provider that blocks texts provide a single point of contact, readily available on the terminating provider's public-facing website, for receiving text blocking error complaints and verifying the authenticity of the texts of a texting party that is adversely affected by information provided by caller ID authentication? If so, should the Commission require that the terminating provider resolve disputes pertaining to caller ID authentication information within a reasonable time and, at a minimum, provide a status update within 24 hours? When a texter makes a credible claim of erroneous blocking and the terminating provider determines that the texts should not have been blocked, or the text delivery decision is not appropriate, should the terminating provider be required to promptly cease the text treatment for that number unless circumstances change? The Commission seeks comment on these issues, any alternative ways of addressing disputed or erroneous blocking, and on whether the Commission should adopt legal safe harbors for service providers.

10. The Commission seeks comment on whether to require providers to implement caller ID authentication for text messages. Industry technologists developed caller ID authentication-specifically, the STIR/SHAKEN framework for IP networks-to combat spoofing of voice calls. SHAKEN, or Signature-based Handling of Asserted information using toKENS, and STIR, or Secure Telephony Identity Revisited, uses public key cryptography to provide assurances that certain information about the transmitted caller ID is accurate. The Commission seeks comment on the progress of efforts to extend caller ID authentication to text messages. A working group of the internet Engineering Task Force (IETF) is currently considering a draft standard regarding application of some components of the STIR/SHAKEN framework to text messages. The Commission seeks comment on any additional work that needs to be done on the draft standard currently under consideration and on how long might it take to complete such work. Beyond that document, what, if any, additional standards work is necessary before authentication for text messages is operational?

11. The Commission seeks comment on whether the current STIR/SHAKEN governance system is able to accommodate authentication for text messages, or would it need to be modified or a new governance system established. Once standards work is sufficiently complete, what steps must providers take to implement authentication for text messages in their network? Can existing network upgrades to meet the June 30, 2021, STIR/SHAKEN implementation mandate for voice calls be used in whole or in part to support authentication for text messages? Or would authentication for text messages require more comprehensive technological network upgrades? If so, what is the estimated amount of time it would take to install the technology and what would be the projected costs?

12. The Commission tentatively concludes that providers should implement caller ID authentication for text messages and that such a requirement would spur standards groups to complete development of standards promptly. The Commission seeks comment on the timeline for implementation that accounts for the time needed both to finish standards and for providers to perform any necessary network upgrades. Would two years be sufficient time to complete standards development and implement necessary technology? Should the Commission instead require providers to implement caller ID for text messages when technically feasible, without setting a time-certain deadline? If so, how should the Commission define technically feasible? Alternatively, is an implementation requirement premature at this stage of standards development? If so, should the Commission instead require providers to work to develop text caller ID authentication standards, similar to the approach to non-IP caller ID authentication? Would this alternative approach sufficiently incentivize completion of new standards and deliver the benefits of those standards to Americans?

13. When it adopted the STIR/SHAKEN mandate, the Commission determined the expected benefits of implementing STIR/SHAKEN would far exceed estimated costs. How can the Commission quantify the benefit of protecting American consumers from spoofed texts through an implementation mandate for authentication for text messages? Are there any other benefits such a requirement would offer-for example, could authentication for text messages protect against malicious conduct toward text-to-911 services? What would be the costs of an implementation mandate? Will small mobile service providers face particular challenges in authenticating text messages? How might the Commission accommodate or mitigate such challenges?

14. The Commission seeks comment on the scope of any implementation mandate for authentication for text messages. Could the Commission apply the requirement to providers of voice service who are subject to the STIR/SHAKEN implementation mandate that also provide text message services, on the basis that entities that both provide text messaging service and voice services are capable of implementing STIR/SHAKEN? Or should the Commission define a new class of providers subject to a mandate for authentication for text messages and how would the Commission define that class?

15. What is the Commission's legal authority to create such a class and to regulate the members of any proposed class? Should the Commission instead follow the definition of text messaging service from the Truth in Caller ID Act and apply this obligation to providers of such service? Does this definition-which includes SMS messages but “does not include . . . a message sent over an IP-enabled messaging service to another user of the same messaging service”—adequately capture the scope of services Americans understand as “text message service” and through which bad actors defraud Americans using illegal and illegally spoofed robotexts? Should the Commission extend the scope of any implementation mandate to include some or all OTT applications delivered over IP-based mobile data networks? Rather than apply a mandate on a generally-defined class of text message service providers, are there any unique types of providers the Commission should focus on in particular? Should the Commission include interconnected OTT text messaging service providers?

16. Is there a reason to apply any requirements to intermediate text message providers or aggregators, as in the STIR/SHAKEN context for voice calls? If the Commission applies requirements to intermediate providers, should the requirement apply to intermediate providers who are subject to the existing STIR/SHAKEN rules and support text messages, or use a new definition? If the Commission adopts a new definition for intermediate text message provider, what should that definition be?

17. Should the Commission subject voice service providers and intermediate providers (or the equivalent groups established for purposes of a rule) to substantially the same obligations as under the STIR/SHAKEN rules? Or should the Commission create new obligations specific to the text message context? If so, what obligations?

18. The Commission also seeks comment on other implementation issues. For instance, should the Commission allow for extensions of the deadline for certain providers or classes of providers, or types of text messages? If so, should the Commission simply grant the same categorical extensions as the Commission did for the STIR/SHAKEN implementation mandate, or are there differences between text message service providers and voice service providers that require different categories of providers to receive extensions? Alternatively, should the Commission follow the undue hardship standard or some other standard to evaluate requested extensions?

19. Should the Commission require providers with non-IP network technology to work to develop a non-IP solution to enable the authentication for text messages on non-IP networks, or is there a different approach to address non-IP network technology? Should the Commission prohibit providers from imposing additional line-item charges for authentication for text messages? Should the Commission establish rules regarding the display on subscriber devices of any information produced by authentication for text messages, or continue to take a hands-off approach to display?

20. The Commission seeks comment on other actions to address illegal text messages. How can consumer education help to address the problem? Are there ways the Commission could encourage consumers to file complaints about illegal text messages in order to inform and potentially enhance enforcement efforts?

21. Are there ways the Commission can enhance its spam text message consumer education outreach and content? Are there roles advisory committees such as the Commission's Consumer Advisory Committee and the North American Numbering Council (NANC) could play in further educating consumers? The Commission seeks comment on whether text messages are more likely to be trusted than a call; if so, are there practices consumers and companies can adopt to maintain trust in text messages and to ensure they remain an effective tool for communication? The Commission seeks comment on how the Commission can educate consumers with regard to these practices.

22. Finally, the Commission, as part of its continuing effort to advance digital equity for all, including people of color, persons with disabilities, persons who live in rural or tribal areas, and others who are or have been historically underserved, marginalized, or adversely affected by persistent poverty or inequality, invites comment on any equity-related considerations and benefits (if any) that may be associated with the proposals and issues discussed herein. Specifically, the Commission seeks comment on how these proposals may promote or inhibit advances in diversity, equity, inclusion, and accessibility, as well the scope of the Commission's relevant legal authority.

23. The Commission seeks comment on the authority to adopt the measures described in this NPRM. Does the Commission have authority under section 251(e) of the Act, which provides “exclusive jurisdiction over those portions of the North American Numbering Plan that pertain to the United States?” The Commission found authority to implement STIR/SHAKEN for voice service providers under section 251(e) of the Act in order to prevent the fraudulent exploitation of numbering resources. Does that section grant authority to mandate implementation of authentication for text messages as well, or does it not apply to text messages? Similarly, the Commission has relied on section 251(e) of the Act to support call blocking. The Commission seeks comment on whether that authority extends to text messages. Would exercise of ancillary authority, which the Commission relied on in part to apply an obligation on providers of interconnected text messaging services when it adopted text-to-911 requirements, be necessary or appropriate to support the proposed implementation mandate? Is there another relevant statute under which the Commission has authority to mandate that providers implement authentication for text messages? For example, might the TRACED Act or the TCPA provide authority for the proposals? Should the Commission seek additional authority from Congress? The Commission seeks comment on the impact of the scope of texts subject to the TCPA following the Facebook, Inc. v. Duguid decision.

24. The Commission seeks comment on the authority under the Truth in Caller ID Act and whether the Truth in Caller ID Act provides authority for any implementation mandate adopted pertaining to spoofing. That Act makes unlawful the spoofing of caller ID information “in connection with any telecommunications service or IP-enabled voice service or text messaging service . . . with the intent to defraud, cause harm, or wrongfully obtain anything of value.” The Truth in Caller ID Act directed the Commission to adopt rules to implement that section. The Commission found authority under this provision to mandate STIR/SHAKEN implementation, explaining that it was “necessary to enable voice service providers to help prevent these unlawful acts and to protect voice service subscribers from scammers and bad actors.” The Commission seeks comment on whether that same reasoning applies here.

25. The Commission seeks comment on the scope of authority under Title III of the Act to undertake the measures described above. Several provisions of Title III of the Act provide the Commission authority to establish license conditions in the public interest. For example, section 301 of the Act provides the Commission with authority to regulate “radio communications” and “transmission of energy by radio.” Under section 303 of the Act, the Commission has the authority to establish operational obligations for licensees that further the goals and requirements of the Act if the obligations are in the “public convenience, interest, or necessity” and not inconsistent with other provisions of law. Section 303 of the Act also authorizes the Commission, subject to what the “public interest, convenience, or necessity requires,” to “[p]rescribe the nature of the service to be rendered by each class of licensed stations and each station within any class.” Section 307(a) of the Act likewise authorizes the issuance of licenses “if public convenience, interest, or necessity will be served thereby.” Section 316 of the Act provides a similar test for new conditions on existing licenses, authorizing such modifications if “in the judgment of the Commission such action will promote the public interest, convenience, and necessity.” Would any of these provisions, or other provisions in Title III of the Act, furnish the Commission with authority to adopt the text blocking proposals? What other authority-related issues should the Commission consider? Does the public interest benefit of combating illegally spoofed robocalls fall within the “comprehensive mandate” to manage spectrum “in the public interest”?

26. The Commission anticipates that the blocking of illegal texts would achieve an annual benefit floor of $6.3 billion. RoboKiller estimates that Americans are on track to receive more than 86 billion spam texts in 2021, a 55% increase from 2020. Assuming a nuisance harm of five cents per spam text, the Commission estimates total nuisance harm to be $4.3 billion ( i.e., 5 cents × 86 billion spam texts). The Commission estimates that an additional $2 billion of harm occurs annually due to fraud. American citizens lose approximately $10.5 billion annually in fraudulent robocall offers. Assuming that the corresponding loss through fraudulent texts is only 20% of that amount, the fraud loss from texts is $2 billion annually. The Commission seeks comment on these benefit estimates, whether the underlying assumptions are reasonable, and if not, what might be a better estimate of consumer harm.

27. As the Commission concluded in the STIR/SHAKEN Order with respect to the long-term cost of blocking illegal robocalls, the Commission anticipates that the text blocking requirement would result in an overall reduction of costs to text service providers due to this expected reduction in network congestion costs. Although the Commission will not obtain any detailed cost data until comments are received, the Commission tentatively concludes the $6.3 billion annual benefit floor expected from such a blocking requirement would far exceed the costs imposed on text service providers. The Commission seeks comment on this tentative conclusion.

Initial Regulatory Flexibility Analysis

28. The Commission has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the possible significant economic impact on a substantial number of small entities by the policies and rules proposed in this NPRM. Written public comments are requested on this IRFA. Comments must be identified as responses to the IRFA and must be filed by the deadlines for comments on the NPRM. The Commission will send a copy of the NPRM, including this IRFA, to the Chief Counsel for Advocacy of the Small Business Administration.

29. Need for, and Objectives of, the Proposed Rules. The NPRM seeks comment on requiring mobile wireless providers to protect consumers from illegal text messages by blocking at the network level text messages that are highly likely to be illegal because they purport to be from invalid, unallocated, or unused numbers and numbers on a Do-Not-Originate (DNO) list.

30. Legal Basis. This action is authorized under sections (4)(i) and (j), 159, and 303(r) of the Communications Act of 1934, as amended.

31. Description and Estimate of the Number of Small Entities to which the Proposed Rules Will Apply: The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that may be affected by the proposed rules and policies, if adopted. The RFA generally defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “small governmental jurisdiction.” In addition, the term “small business” has the same meaning as the term “small business concern” under the Small Business Act. A “small business concern” is one which: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the SBA.

32. Small Businesses, Small Organizations, Small Governmental Jurisdictions. The Commission's actions, over time, may affect small entities that are not easily categorized at present. The Commission therefore describes here, at the outset, three broad groups of small entities that could be directly affected herein. First, while there are industry-specific size standards for small businesses that are used in the regulatory flexibility analysis, according to data from the SBA's Office of Advocacy, in general a small business is an independent business having fewer than 500 employees. These types of small businesses represent 99.9% of all businesses in the United States, which translates to 28.8 million businesses.

33. Next, the type of small entity described as a “small organization” is generally “any not-for-profit enterprise which is independently owned and operated and is not dominant in its field.” Nationwide, as of August 2016, there were approximately 356,494 small organizations based on registration and tax data filed by nonprofits with the Internal Revenue Service (IRS).

34. Finally, the small entity described as a “small governmental jurisdiction” is defined generally as “governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.” U.S. Census Bureau data from the 2012 Census of Governments indicate that there were 90,056 local governmental jurisdictions, consisting of general purpose governments and special purpose governments, in the United States. Of this number, there were 37,132 General purpose governments (county, municipal, and town or township) with populations of less than 50,000, and 12,184 special purpose governments (independent school districts and special districts) with populations of less than 50,000. The 2012 U.S. Census Bureau data for most types of governments in the local government category show that the majority of these governments have populations of less than 50,000. Based on this data the Commission estimates that at least 49,316 local government jurisdictions fall in the category of “small governmental jurisdictions.”

35. Wireless Telecommunications Carriers (except Satellite). This industry comprises establishments engaged in operating and maintaining switching and transmission facilities to provide communications via the airwaves. Establishments in this industry have spectrum licenses and provide services using that spectrum, such as cellular services, paging services, wireless internet access, and wireless video services. The appropriate size standard under SBA rules is that such a business is small if it has 1,500 or fewer employees. For this industry, U.S. Census Bureau data for 2012 show that there were 967 firms that operated for the entire year. Of this total, 955 firms had employment of 999 or fewer employees and 12 had employment of 1000 employees or more. Thus, under this category and the associated size standard, the Commission estimates that the majority of wireless telecommunications carriers (except satellite) are small entities.

36. All Other Telecommunications. “All Other Telecommunications” is defined as follows: “This U.S. industry is comprised of establishments that are primarily engaged in providing specialized telecommunications services, such as satellite tracking, communications telemetry, and radar station operation. This industry also includes establishments primarily engaged in providing satellite terminal stations and associated facilities connected with one or more terrestrial systems and capable of transmitting telecommunications to, and receiving telecommunications from, satellite systems. Establishments providing internet services or Voice over internet Protocol (VoIP) services via client-supplied telecommunications connections are also included in this industry.” The SBA has developed a small business size standard for “All Other Telecommunications,” which consists of all such firms with gross annual receipts of $32.5 million or less. For this category, census data for 2012 show that there were 1,442 firms that operated for the entire year. Of these firms, a total of 1,400 had gross annual receipts of less than $25 million. Thus, a majority of “All Other Telecommunications” firms potentially affected by the proposals in the NPRM can be considered small.

37. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements. This NPRM does not propose any changes to the Commission's current information collection, reporting, recordkeeping, or compliance requirements.

38. Steps Taken to Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered. The RFA requires an agency to describe any significant alternatives that it has considered in reaching its approach, which may include the following four alternatives, among others: (1) the establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance or reporting requirements under the rule for small entities; (3) the use of performance, rather than design, standards; and (4) an exemption from coverage of the rule, or any part thereof, for small entities.

39. The NPRM seeks comment on requiring mobile wireless providers to block text messages that are highly likely to be illegal. The NPRM does not propose any exemptions for small entities. As service providers may already block landline and wireless calls that are highly likely to be illegal, the Commission does not anticipate that blocking such text messages will be burdensome for service providers.

40. Federal Rules that May Duplicate, Overlap, or Conflict with the Proposed Rules. None.

Federal Communications Commission.

Marlene Dortch,

Secretary.

[FR Doc. 2022-22049 Filed 10-7-22; 8:45 am]

BILLING CODE 6712-01-P