Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

FCC proposes rulemaking to combat unlawful text messages

Agency Rule-Making & Guidance Privacy, Cyber Risk & Data Security FCC Text Messages

Agency Rule-Making & Guidance

On September 27, the FCC announced a notice of proposed rulemaking (NPRM) to target and eliminate unlawful text messages. According to the FCC, the number of consumer complaints received related to unwanted text messages has increased by 146 percent between 2019 and 2020, and continues to grow in 2022. The Commission warns that these text messages present harms beyond that of unwanted phone calls, as text messages can include phishing and malware links. More than $86 million was stolen in 2020 through spam texting fraud schemes, the FCC reports. The NPRM seeks feedback on several topics, including whether providers should follow the STIR/SHAKEN authentication protocols for text messages as they do for phone calls, whether providers should block texts from invalid phone numbers, and how it can ensure that emergency text messages or other appropriate texts are not erroneously blocked. The NPRM also proposes requiring providers to block texts that appear to originate from phone numbers that are invalid, unallocated, or unused as well as numbers on the “Do-Not-Originate” list.

The Commission is also seeking input on the extent to which spoofing is a problem in texting, and if caller ID authentication standards should be applied to texting. Spoofing is when a sender deliberately disguises their number to trick a recipient into thinking the message is trustworthy. A working group of the Internet Engineering Task Force is currently considering a draft standard that would apply parts of the STIR/SHAKEN framework to text messages, the FCC stated, adding that it is asking stakeholders for suggestions on an ideal timeline and feedback on whether the current framework’s governance system would be able to accommodate authentication for text messages or if the framework would require more comprehensive technology network upgrades.

Comments on the NPRM are due 30 days after publication in the Federal Register.