TRACED Act FAQ
Stopping robocalls requires an understanding of call technologies and regulations. In this Q&A, we will define what constitutes an illegal robocall, describe limitations of current measures, and understand how the recently passed TRACED Act affects the government enforcement agencies.
What is a robocall?
A robocall is a call intimated from an auto-dialer to generate a large volume of calls and deliver a prerecorded voice message. Robocalls aren’t always scammers—there are often lawful reasons to use robocalls, such as notifying a consumer that their prescription is ready or a reminding a patient of a dentist appointment.
Are robocalls illegal?
Robocalls to wireless users is illegal without their prior written consent.
The Telecom Consumer Protection Act (TCPA) is enforced by the Federal Communications Commission (FCC) and restricts specific types of calls that can be made to landlines by auto-dialers if the consumer has not given written consent.
What is a spoofed call?
A call is qualified as “spoofed” if the caller ID information has been changed. As with robocalls, call spoofing isn’t always nefarious—there are many legitimate cases where spoofing is legal and desired. For example, a doctor calling from their cell phone may spoof their office number so that when the patient calls back, they reach the main answering service. Not only does it provide better customer service, it also protects the doctor from sharing their personal cell phone number.
Is call spoofing illegal?
The Truth in Caller ID Act, also enforced by the FCC, makes it illegal to spoof a number in order to commit fraud or obtain something of value. For example, when a fraudster spoofs a number from the IRS (giving the impression that it is a legitimate call) and requests money from the call recipient for a fictitious late tax bill.
What other regulations impact robocalls?
The Do Not Call Registry was created to protect the consumer from being harassed by marketers; before initiating calls, a marketer is required to suppress individuals on the Do Not Call Registry. The Federal Trade Commission (FTC) is charged with enforcement of this regulation as well as with ensuring that marketers do not take part in deceptive or abusive practices.
Over the years, many regulations have been put in place to protect consumers. Unfortunately, most robocalls (we collectively receive 167.3 million times per day) are not from creditable marketers but from bad actors who do not abide by any of these laws. Identifying and prosecuting the perpetrators of illegal robocalls has proved difficult, so they continue to operate with impunity.
Why is it so difficult to identify illegal robocalls?
Carriers are committed to protecting their subscribers from illegal robocalls. Unfortunately, the terminating carrier can only see the last carrier that handed them the call. Most phone calls transit multiple carriers, so the terminating carrier does not know who originated the call and therefore cannot block bad actors.
In order to help consumers identify illegal robocalls, the FCC has established the STIR/SHAKEN standards, which use digital certificates from the carriers to assure call recipients that a caller ID has not been altered. The TRACED Act mandates that carriers implement STIR/SHAKEN call authentication measures and/or robocall mitigation measures. (Read below for more on STIR/SHAKEN and the TRACED Act.)
How and why have current enforcement efforts fallen short?
The FTC has authority to prevent anti-competitive or deceptive business practices, but thus far, it has taken a narrow view when it comes to robocallers. The FTC gets involved when a bad actor violates the Do Not Call Registry or attempts to commit fraud. To date, the FTC has collected over $121 million dollars in fines, but these were largely levied against creditable companies with significant assets that violated telemarketing regulations.
The FCC is responsible for regulating telecoms while promoting new technologies to stop robocalls, but enforcement has been difficult. According The Wall Street Journal, the FCC has charged robocallers $208 million USD in fines since 2015; however, violators have routinely failed to pay. The agency has collected a total of just $6,790.
Enforcement has been difficult. Case development against bad actors often extended beyond the legal statute of limitations, and first-time infractions were merely given a warning. Furthermore, there are too many small elusive operators. A common practice of scammers is to shut down operations once they’re detected, only to start a new company under a new name to avoid prosecution and fines.
How does the TRACED Act change the current situation?
With the passing of the TRACED Act on December 30, 2019, the FCC and Department of Justice (DOJ) have expanded authority and new tools to go after scammers. The Act expands the authority of the FCC to levy more severe fines and make prosecution easier by including first-time violators and extending the statute of limitations to up to four years.
Additionally, the resources of the FCC and DOJ—previously siloed—will work together in an inter-agency task force with more manpower and broader authority to go after offenders. The FCC is required to “submit evidence of certain criminal robocall violations to the DOJ for criminal prosecution and would require the FCC to publish a report annually disclosing how frequently the FCC submitted such evidence in an effort to increase criminal prosecutions by the DOJ.”
As an early proof point of the commitment by the government enforcement agencies, the DOJ announced another wave of prosecutions last month—this time spurred by the advent of the TRACED Act. In this instance, the Justice Department is suing five US companies that serve as gateways and enable hundreds of millions of robocalls from India and other parts of the world. By using wire fraud charges, they are expected to receive a speedier result. Carriers should note that those who are assisting robocallers are also open to prosecution.
In order to enforce these regulations, agencies need to be able to detect when the caller ID has been spoofed. Enter STIR/SHAKEN.
STIR/SHAKEN establishes a trust chain between the originator of the call and the terminating carrier. If the chain is broken, that’s a signal that it may be an illegal robocall, and the terminating carrier can decide how to treat the call—pass it to the subscriber, provide an alert to the subscriber, or block the call outright. The TRACED Act requires carriers to implement STIR/SHAKEN or a robocall mitigation strategy by June 2021.
So where do we stand on fighting illegal robocalls?
While these changes are significant, they represent only an incremental step toward eliminating illegal robocalls. We expect the introduction of additional legal measures that will address known limitations of the TRACED Act, such as how US enforcement agencies will cooperate with foreign governments for illegal robocalls that originate outside of its borders.
The TRACED Act recognizes that it is simply a starting point and requires the FCC to regularly update Congress on the status of STIR/SHAKEN deployment and enforcement efforts. This opens the door for more aggressive action in the future. It is likely that Congress, as well as efforts within the Department of Justice, will push for international law enforcement agencies to cooperate and prosecute offenders— wherever they may be.
How can Neustar help?
At Neustar, we work arm in arm with industry stakeholders to develop solutions that mitigate illegal robocalls. Neustar offers analytics-based robocall mitigation and STIR/SHAKEN solutions that support both carrier and enterprise needs. For more information on what we’re working on and how this will change the future of telecom, contact Neustar today.