New Federal Law Takes Aim at the Robocall Epidemic
Robocalls have reached epidemic proportions. According to data from YouMail, there were approximately 58.5 billion robocalls in the United States in 2019. That’s a 22% increase over the 47.8 billion robocalls in 2018 and nearly double the 30.5 billion robocalls in 2017.
Businesses rely on robocalls to send customers messages such as prescription refill reminders and notifications of possible fraudulent activity on financial accounts. However, fewer than half of the robocalls made in 2019 were legitimate alerts. A whopping 44% were scams, and 14% were telemarketing calls.
All in all, Americans received more than 34 billion scam and telemarketing robocalls in 2019. Some areas of the United States were hit harder than others, with Texas and California each receiving more than 6 billion robocalls per year. Residents of Washington, D.C., received nearly 600 robocalls per person. Many of these calls use a technique called neighbor spoofing, in which the scammers alter the Caller ID to make it appear that the robocall is coming from the same area code.
The problem has become so dire that the federal government has taken steps to combat the robocall scourge. The Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, signed into law on December 31, 2019, requires telecom companies to implement technology that authenticates the source of a call.
Early Regulations Prove Ineffective
Historically, the Federal Communications Commission (FCC) has prohibited voice service providers from blocking calls in most instances, deeming such practices “unjust and unreasonable” under § 201(b) of the Communications Act.
In November 2017, however, the FCC issued an order authorizing service providers to block calls on the Do Not Originate (DNO) list and those purporting to originate from a number that is invalid, unallocated, or unused. By placing a number on the DNO list, the owner specifies that it can only accept incoming calls, not place outgoing ones.
The DNO list was developed by the Robocall Strike Force, a group of telecom carriers, technology companies, and other public and private sector organizations assembled by the FCC in 2016. For testing purposes, commonly spoofed IRS toll-free numbers were added to the DNO list. Robocalls using those numbers dropped 90%, but scammers soon began using similar numbers.
Technology Tools in the Fight Against Spoofed Robocalls
The Robocall Strike Force was tasked with developing cooperative solutions to the robocall epidemic, including technical standards for verifying and authenticating caller ID. Chief among these are Secure Telephony Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using ToKENs (SHAKEN).
Spoofed calls are difficult to detect because they pass through multiple service provider networks. The originating carrier knows whether the call is coming from a known customer and whether the caller ID provided matches that customer. With existing call routing technology, however, there’s no way for the company to know whether the number was spoofed for legitimate purposes or to convey that information to other service providers. STIR and SHAKEN address these challenges.
In essence, STIR uses digital certificates to authenticate calls and SHAKEN assigns an attestation level indicating the carrier’s confidence that the caller ID is legitimate. A unique key is used to identify legitimately spoofed numbers, such as when businesses display the main number of headquarters when calls originate from an internal extension.
All of this information is encrypted and sent along with the call. The receiving carrier verifies the information and decides whether the caller ID is legitimate. If it’s not, SHAKEN simplifies the process of tracing the call back to its origin, making it easier for law enforcement to locate and prosecute scammers.
Legal Leverage—2021 Deadline
Although the FCC encouraged the development of STIR/SHAKEN, it stopped short of mandating its implementation by the end of 2019. In the FCC’s February 2019 Report on Robocalls, the agency noted the cost and technical difficulties of implementing the protocols.
Several states have taken matters into their own hands by passing anti-robocall measures. Most notably, the California Consumer Call Protection Act signed into law on October 2, 2019, would require telecom companies to implement STIR/SHAKEN by January 1, 2021. Opponents of such measures have argued, among other things, that state-level initiatives create an overly complex regulatory scheme.
That issue is moot, however. The federal Pallone-Thune TRACED Act directs the FCC to announce rules that establish when a service provider may block calls and requires adoption of STIR/SHAKEN by June 30, 2021. It also increases the penalties for violations of robocall prohibitions and requires the Department of Justice and FCC to examine ways to improve enforcement.
Many robocalls originate overseas, and it’s unclear how these measures would stop them. Scammers have also proven adept at finding new ways to skirt the law. Nevertheless, the combined efforts of major technology companies and state and federal governments may give consumers much-needed relief from the scourge of robocalls.
Learn More About Consumer Call Protection and the Law
If you are interested in a legal education, visit Purdue Global Law School. We offer two online law degrees:
The Juris Doctor, for those who wish to become an attorney licensed in California
The Executive Juris Doctor, for those who want to earn a legal degree but do not want to become a practicing attorney