Home / Blogs

Collaboration to Prevent International Call Spoofing: Will the FCC Comply With Ray Baum’s Act?

As a former FCC senior staff member, the Commission’s increasing disengagement in international telecommunication technology forums over the past two decades has been dismaying. One of the adverse effects of this obliviousness-by-design approach has been felt by American consumers in the massive, exponentially increasing volume of spoofed calling numbers and CallerIDs on communications from outside the United States. It has taken a proverbial Act of Congress in the form of Ray Baum’s Act to motivate potential FCC action via a new rulemaking proceeding now open for comment. (Because the FCC after several weeks has yet to update its related website, it is best to go to the Federal Register site to see the Notice of Proposed Rulemaking (NPRM) and comments deadline.)

The FCC’s Notice of Proposed Rulemaking

The Commission’s NPRM on implementing Section 503 of Ray Baum’s Act dealing with spoofed caller ID begins with the usual recitation of mounting metrics, the past adoption of rules, deference to industry actions, and imposition of penalties, ending with a plea for comments on how the FCC can do better.

The interesting rub comes with its proposal “to extend the reach of [Commission] caller ID spoofing rules to include communications originating from outside the United States to recipients within the United States.” In an assertion of extraterritorial zeal, it believes that it now has the authority “to bring enforcement actions that allege both statutory and rule violations against bad actors who seek out victims in this country, regardless of where the communications originate.” It would also apply this authority to an array of voice and text communication.

Somewhat incredulously, however, the NPRM lacks any treatment whatsoever of the larger global legal, operational, technical, and institutional ecosystem for how telephony communications originate from outside the United States—something which has nearly 130 years of history. In a kind of sublime insularity if not arrogance, the Commission ignores the fact that there are 192 other nations facing similar challenges who have been working together for the past decade on same subject matter with ongoing international technical standards and operations activity specifically related to the Ray Baum’s Act mandate in the very venue the U.S. employed to instantiate CallerID worldwide 30 years ago.

It was especially ironic if not amusing that the FCC Chairman’s associated statement—which began by decrying spoofed call attacks on Chinese Americans - was effectively answered by a technical contribution by China Telecom a few days later in Geneva in a technical standards meeting dealing with international call spoofing.

Implementing the Ray Baum’s Act mandate at the Study Group 2 meeting

On 19 February, a mere four days following the release of the FCC’s NPRM on the Ray Baum’s Act Congressional mandate, the world’s intergovernmental body responsible for implementing international telephony services including CallerID convened in Geneva for an eight-day meeting that notably included spoofing. In fact, they had been dealing with international CallerID spoofing for many years—bringing together operators, vendors, and national authorities to deal with the challenges. The meeting had multiple input contributions advancing new operational standards to mitigate spoofing, as well as materials from a European CEPT workshop on the topic last December. There were no contributions from the U.S. to the SG2 meeting.

At this point, a digression is appropriate on the broader global legal, operational, technical, and institutional ecosystem and history section that was missing in the FCC NPRM. International telephony service operational arrangements were first agreed as part of a treaty instrument at the 1885 Berlin Conference in which U.S. private operators participated. Those provisions were carried forward in a continuing stream of treaty instruments since then—which the U.S. signed and ratified for most of the last century. The international technical standards for international telephony were offloaded to a newly created specialized body at Paris in 1923 known as the International Telephone Consultative Committee. It was subsequently moved within the International Telecommunication Union (ITU) through an initiative of the U.S. at Atlantic City in 1947 and now exists as the ITU-T. Within the ITU-T and its precursor, Study Group 2 for nearly a hundred years, has remained the authoritative global venue for agreements on international telephony technical standards and operational practices.

As the technology and services evolved, the development and maintenance of a global telephony endpoint numbering system was developed—known as E.164. These are what everyone uses worldwide for global communication, e.g., +1 888.225.5322 for the FCC or +44 207 981 3000 for the UK’s OFCOM or +97 5232 2144 for Bhutan’s MoIC. The master global registration and database is maintained at the ITU under SG2 control. Most of the core authoritative global standards and arrangements for how the international telephony and related services are interconnected are maintained by the ITU-T, although for mobile communications, many have been undertaken by two other organizations—3GPP for standards and GSMA for operational arrangements.

The actual specifications for CallerID - or as it is formally known, Calling Line Identification Presentation (CLIP)—was initially introduced internationally in 1988 for ISDN services and 1993 for telephony generally. The specifications have their origin in part in the FCC Computer III Order and the related internationalization proceeding in 1986 articulating the requirements for Open Network Architecture (ONA) Basic Service Elements. The FCC at that time was significantly engaged in ITU-T standards and operations activities. In 2009, an international standard known as E.157 was adopted that provides the basis for trusted international calling party number delivery to meet country treaty obligations. It continues to be evolved.

However, in February 2019 it was not the U.S., but an assortment of other countries and operators around the world who took the initiative to implement Section 503 of Ray Baum’s Act in the form of specifications for technical platforms, presentations, outreach to other engaged industry bodies, and a new adopted work item specifically on spoofing. A total of 27 documents were related to CallerID and Calling Number spoofing—a number of them providing insight and collaboration with other organizations and venues throughout the world working on the spoofing challenges. The only U.S. presence was a formal representative from the Dept. of State assisted by one person from the FCC.

Doing Better

The ITU-T is legally and operationally the authoritative global intergovernmental and industry organization for implementing the Ray Baum’s Act spoofing prevention mandate, and it will be essential in achieving any meaningful implementation of Commission “caller ID spoofing rules to include communications originating from outside the United States to recipients within the United States.” Ideally, the Commission would be leading the activity and actively engaging and facilitating the work not only in the ITU-T, but other essential organizations such as 3GPP and GSMA.

Plainly, the FCC can do better than obliviousness and inaction in implementing the Act, and Congress should hold them accountable if they do not.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Anthony Rutkowski, Principal, Netmagic Associates LLC

The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign