The Federal Communications Commission (FCC) recently adopted certain final rules, policies, and proposed rules (Order) to “stem the tide of foreign-originated illegal robocalls.” In the FCC’s crosshairs are so-called “gateway providers,” which are U.S.-based intermediate providers that receive calls directly from a foreign provider or its U.S.-based facilities before transmitting the calls downstream. The Order’s final rules impose stringent requirements on U.S.-based gateway providers to help curb robocalls. Among other things, gateway providers must block illegal traffic upon notification from the FCC, respond to robocall traceback requests within 24 hours, and implement “know your upstream provider” obligations. The Order’s proposed rules would extend most of the Order’s obligations to all forms of U.S.-based telecom providers.

Background

Preventing unsolicited, illegal robocalls has been a top priority for the FCC for decades. YouMail, a call blocking software service, reported that U.S. phones received nearly four billion robocalls in April 2022 alone. A significant portion of those robocalls originated overseas. The FCC has also consistently received more consumer complaints about unwanted robocalls than any other issue for years. Accordingly, the FCC’s Order has adopted a combative tone commensurate with the heady task of defeating the onslaught of foreign-based robocalls, promising that it will “deploy all tools in [its] authority to stop and punish bad actors[.]”

Mandatory Blocking Requirements

As we noted in a prior update on the FCC’s anti-robocall measures, the FCC has previously encouraged providers to use call blocking technology to minimize illegal robocall traffic. With this Order, the FCC now (1) requires gateway providers to affirmatively block illegal robocall traffic if the FCC provides a “Notification of Suspected Illegal Traffic” to the gateway provider, while simultaneously deputizing providers immediately downstream from a gateway provider to block all traffic from any gateway provider that fails to meet its blocking obligations, and (2) requires gateway providers to block calls based on a reasonable Do-Not-Originate list maintained by the gateway provider.

Suspected illegal traffic blocking. Under the Order, if the FCC identifies traffic from a gateway provider that it suspects is illegal, then the FCC will provide an initial Notification of Suspected Illegal Traffic to the gateway provider. This notice will identify the traffic in question and the FCC rule violations. After receiving such notice, a gateway provider will have at least 14 days to investigate and block the traffic. In addition, any gateway provider that receives a Notification of Suspected Illegal Traffic must develop a plan for blocking “any traffic that is substantially similar” to that flagged traffic and share this plan with the FCC. Although the FCC did not define what traffic may be “substantially similar” in the Order, the FCC provided examples of what gateway providers should consider, including call duration, call frequency, call completion ratios, neighbor spoofing patterns, and sequential dialing patterns. If a gateway provider fails to respond to a Notification of Suspected Illegal Traffic or does not sufficiently respond, then the FCC’s Enforcement Bureau will issue an Initial Determination Order and offer the gateway provider the opportunity to respond appropriately. Thereafter, if the gateway provider continues to fail to respond, the FCC will issue a Final Determination Order, requiring immediately downstream providers of the gateway provider to block all traffic from the gateway provider within 14 days.

Do-Not-Originate list blocking. The FCC elected not to specify any particular Do-Not-Originate list that gateway providers must use for call blocking purposes, but it does require gateway providers to use a “reasonable” Do-Not-Originate list. According to the FCC, a reasonable Do-Not-Originate list must include (at least) inbound-only government phone numbers and inbound-only private phone numbers associated with fraudulent activity and may also include other invalid, unallocated, and unused numbers, as well as numbers for which the subscriber to the number has requested blocking.

Other Relevant Requirements on Gateway Providers

24-hour traceback response requirement. The FCC has updated its prior “expectation” that gateway providers respond to traceback requests within 24 hours into a firm requirement. Although this rule aims to standardize responses to traceback requests, according to the Order, the FCC may, in its discretion, refrain from taking enforcement actions against gateway providers that encounter a “truly unexpected or unpredictable issue that leads to a delayed response.” Furthermore, if responding within 24 hours would create a “unique and significant burden” for a gateway provider, that gateway provider may apply for a waiver from the 24-hour response requirement. Based on the increased adoption of a 24-hour standard across the telecom industry, we expect such waivers to be granted only in extremely rare circumstances.

Know your upstream provider. The Order also includes a variation of the “know your customer” doctrine to require gateway providers to know their upstream providers. In short, the Know Your Upstream Provider rule requires gateway providers to (1) draft a robocall mitigation plan and file it with the gateway provider’s certification in the Robocall Mitigation Database, (2) take reasonable steps to ensure that an immediate upstream foreign provider is not using the gateway provider to transmit illegal robocalls, and (3) regularly update monitoring and oversight processes.

Although the FCC does not identify specific measures that gateway providers must adopt to remain in compliance with the Know Your Upstream Provider rule, the FCC did note that contracts between gateway providers and upstream foreign providers may be a useful tool to achieve these ends.

Potential Next Steps

The new requirements established in this Order are the most ambitious yet adopted by the FCC even though they only affect gateway providers. In the Order’s proposed rules, the FCC is seeking comment on whether many of the same stringent requirements should also apply to all U.S.-based telecom providers. The comment and reply comment schedule will be established when the Order is published in the Federal Register.

The authors wish to acknowledge the contributions of Summer Associate Courtney Otto.

© 2022 Perkins Coie LLP