InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FCC orders phone companies to block car warranty scammers
On July 21, the FCC announced it is ordering phone companies to stop carrying traffic regarding a known robocall scam marketing auto warranties. The FCC noted that the operation is also the target of an ongoing investigation by the FCC’s Enforcement Bureau and a lawsuit by the Ohio Attorney General. As previously covered by InfoBytes, the Ohio AG filed a complaint against multiple companies for participating in an alleged unwanted car warranty call operation. The complaint, filed in the U.S. District Court for Southern District of Ohio, alleged that the 22 named defendants “participated in an unlawful robocall operation that bombarded American consumers with billions of robocalls.” The FCC’s order follows its announcement of actions taken to decrease robocalls, including sending cease and desist letters to several carriers in an attempt “to cut off a flood of possibly illegal robocalls marketing auto warranties targeting billions of consumers.” The announcement also noted that the FCC has authorized “all U.S.-based voice service providers to cease carrying any traffic originating from the [named] operation consistent with FCC regulations,” as detailed in the notice.
States vow to enter information agreements with FCC against robocalls
On May 31, a coalition of 41 state attorneys generals, on behalf of the National Association of Attorneys General, sent a letter to the FCC commending the agency for its efforts in combating robocalls. Specifically, the AGs praised the FCC’s “leadership in encouraging states to enter into information sharing agreements to facilitate fast, effective information sharing during the course of robocall investigations.” The AGs stated that they “believe these information sharing agreements represent an important continuation of the progress made to date in combatting robocalls,” and entering the agreements “honor our country’s tradition of federalism and evidences a mutual commitment to working towards addressing complex issues collaboratively.” Not all the signatories had entered information sharing agreements with the FCC at the time the letter was sent, but the letter affirmed “their commitment to making a good faith attempt to sign the agreements,” and encouraged the FCC to reach out to the included point of contact for each state to move forward with the agreements.
FCC acts to stop international robocalls
On May 19, the FCC unanimously adopted proposed rules to ensure gateway providers that channel international call traffic comply with STIR/SHAKEN caller ID authentication protocols and validate the identity of the providers whose traffic they are routing to help weed out robocalls. As part of the agency’s robocall mitigation efforts, the proposed rules would require gateway providers to (i) “develop and submit traffic mitigation plans to the Robocall Mitigation Database”; (ii) “apply STIR/SHAKEN caller ID authentication to all unauthenticated foreign-originated Session Initiation Protocol (SIP) calls with U.S. North American Numbering Plan (NANP) numbers”; and (iii) “respond to traceback requests in 24 hours, block calls where it is clear they are conduits for illegal traffic, and implement ‘know your upstream provider’ obligations.”
“Gateway providers serve as a critical choke-point for reducing the number of illegal robocalls received by American consumers,” the FCC stated in its announcement. “The new rules require gateway providers to participate in robocall mitigation, including blocking efforts, take responsibility for illegal robocall campaigns on their networks, cooperate with FCC enforcement efforts, and quickly respond to efforts to trace illegal robocalls to their source.” Non-compliance may cause a gateway provider to lose its ability to operate. The FCC also announced it is requesting further comments on a proposal to expand robocall mitigation requirements to intermediate providers in the U.S. and not just gateway providers. The agency will also decide whether anti-robocall and spoofing rules should also apply to these intermediate providers, as they are currently not required to certify with the Robocall Mitigation Database.
Requiring domestic entry points to use STIR/SHAKEN, register in the Robocall Mitigation Database, and comply with traceback requests from the FCC and law enforcement will help the agency “figure out where these junk calls are originating from overseas,” FCC Chairwoman Jessica Rosenworcel said in a statement. “These measures will help us tackle the growing number of international robocalls. Because we can’t have these scam artists multiplying abroad and hiding from our regulatory reach. We also can’t have them hiding from our state counterparts.” To aid efforts, the FCC announced that to date 36 states have signed memoranda of understanding with the agency to share resources and information to reduce robocalls.
FCC signs robocall enforcement partnerships with states
On March 28, the FCC announced it launched formal robocall investigation partnerships with the Connecticut, District of Columbia, Idaho, Kentucky, Minnesota, New Jersey, and Wyoming state attorneys general, bringing the total number of state-federal partnerships to 22. According to the FCC, the seven AGs entered into a Memoranda of Understanding (MOU) with state robocall investigators and the FCC’s Enforcement Bureau, which establishes critical information sharing and cooperation structures to investigate spoofing and robocall scam campaigns. The FCC also noted that it expanded existing MOUs in Michigan and West Virginia with robocall investigations. According to the press release, the MOUs help facilitate relationships with other actors, including other federal agencies and robocall blocking companies, and provide support for and expertise with critical investigative tools, including subpoenas and confidential response letters from suspected robocallers. The FCC also noted that “[d]uring investigations, both the FCC’s Enforcement Bureau and state investigators seek records, talk to witnesses, interview targets, examine consumer complaints, and take other critical steps to build a record against possible bad actors,” which “can provide critical resources for building cases and preventing duplicative efforts in protecting consumers and businesses nationwide.”
FCC launches inquiry to reduce cyber risks
On February 25, the FCC adopted a Notice of Inquiry proposed by FCC Chairwoman Jessica Rosenworcel that would launch an inquiry into the vulnerabilities of the internet’s global routing system, in response to the increasing risk of cyberattacks stemming from Russia’s invasion of Ukraine. The adopted inquiry solicits public comments on vulnerabilities threatening the security and integrity of the Border Gateway Protocol, which is central to the global routing of internet traffic. The inquiry also intends to evaluate how these security risks could impact the transmission of data through email, e-commerce, and bank transactions to interconnected Voiceover Internet Protocol and 911 calls and how best to address any identified challenges. Comments are due 30 days after publication in the Federal Register, with replies due 30 days later.
FCC proposes record $45 million fine against robocaller
On February 18, the FCC released a proposed $45 million fine against a lead generator accused of conducting an illegal robocall campaign that made false claims about the Covid-19 pandemic to induce consumers into purchasing health insurance. This is the FCC’s largest ever proposed robocall fine to date. According to the FCC, the lead generator violated the TCPA by placing 514,467 robocalls to cellphones and landlines without subscribers’ prior express consent or an emergency purpose. The Florida-based lead generator allegedly purchased lists of phone numbers from third-party vendors and acquired phone numbers from consumers seeking health insurance quotes online, “without clearly disclosing that, by providing contact information, the consumers would be subject to robocalls.” It then left prerecorded voice messages marketing insurance plans sold by companies that had hired the lead generator. Many of these robocalls, the FTC claimed, were also unlawfully made to consumers on the Do Not Call Registry. FCC Chairwoman Jessica Rosenworcel issued a statement announcing that, in addition to the record fine, the Commission also established a new partnership with 16 state attorneys general in order to share information and resources to mitigate robocalls.
FCC proposes to classify ringless voicemails as “calls” under the TCPA
On February 2, FCC Chairwoman Jessica Rosenworcel announced a proposal that would classify technology that leaves ringless voicemails on consumers’ cell phones as “calls” under the TCPA and therefore subject to the FCC’s robocalling restrictions. If adopted by the full Commission, callers using this form of technology would be required to obtain a consumer’s consent before delivering a ringless voicemail. The announcement explained that the TCPA “prohibits making any non-emergency call using an automatic telephone dialing system or an artificial or prerecorded voice to a wireless telephone number without the prior express consent of the called party.” According to Chairwoman Rosenworcel, ringless voicemails should face the same consumer protection rules as other robocalls. The proposal is in response to a petition that asked the FCC to find that ringless voicemails are not calls protected by the TCPA.
FCC proposes new reporting on telecom data breaches
On January 12, the FCC announced that it shared, among the FCC staff, a notice of proposed rulemaking (NPRM) to strengthen the rules for notifying consumers and federal law enforcement of breaches of customer proprietary network information. According to the FCC, the NPRM “would better align the Commission’s rules with recent developments in federal and state data breach laws covering other sectors,” and “further advances the FCC’s efforts to ensure its rules keep pace with evolving cybersecurity threats and to protect consumers in the face of today’s challenges.” The NPRM outlines certain updates to current FCC rules that address telecommunications carriers’ breach notification requirements, including: (i) “[e]liminating the current seven business day mandatory waiting period for notifying customers of a breach”; (ii) “[e]xpanding customer protections by requiring notification of inadvertent breaches”; and (iii) “[r]equiring carriers to notify the Commission of all reportable breaches in addition to the FBI and U.S. Secret Service.” The NPRM solicits feedback regarding whether the FCC should require customer breach notices to include specific categories of information “to help ensure they contain actionable information useful to the consumer.” According to FCC Chairwoman Jessica Rosenworcel, current laws “need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers.”
Senate confirms Rosenworcel as permanent FCC Chair
On December 7, the U.S. Senate confirmed Jessica Rosenworcel to a five-year term as FCC Chair. As previously covered by InfoBytes, President Biden’s nomination highlighted Rosenworcel’s work at the FCC, where she has focused on addressing illegal robocalls and has worked to enhance consumer protections in the agency’s telecommunications policies. Rosenworcel issued a statement following the confirmation thanking President Biden for the opportunity and saying it is an honor to be confirmed and designated as the first woman to be named permanent Chair of the FCC.
CFPB issues FDCPA reminder on text messaging
On November 18, the CFPB issued a reminder that “debt collectors who adopt and follow certain procedures can obtain a bona fide error defense from civil liability for unintentional violations of the prohibition against third-party communications when communicating by email or text message,” as determined by the Bureau’s debt collection rule. As previously covered by InfoBytes, in October 2020 the CFPB issued its final rule amending Regulation F, which implements the FDCPA, addressing debt collection communications and prohibitions on harassment or abuse, false or misleading representations, and unfair practices. The reminder emphasizes that for text message communications, a provision in the rule includes utilizing a “complete and accurate database” to ensure that a consumer’s telephone number has not been re-assigned. Additionally, the reminder notes that the rule’s commentary identifies the FCC’s Reassigned Numbers Database as a “complete and accurate database,” which the FCC has published.