InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FCC updates rules to curb robocallers
On September 21, the FCC adopted rules that would strengthen and modernize the requirements that providers under the Voice over Internet Protocol (VoIP) need to abide by to obtain direct access to telephone numbers. The rules impose guardrails to make it more difficult for those who make illegal robocalls to access telephone numbers, which the FCC stated helps to protect national security and law enforcement, safeguard the nation’s finite numbering resources, reduce the opportunity for regulatory arbitrage, and further promote public safety. The FCC finalized the rules after the FCC sought comment in 2021 under the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which directed the FCC to examine its rules regarding direct access to telephone numbers.
The rules require an applicant seeking direct access to telephone numbers to:
- Provide certifications regarding its compliance with FCC robocall rules, FCC interconnected VoIP provider rules, and timely filing of FCC Forms 477 and 499.
- Submit disclosures on and continue to update its ownership structure, including related foreign entities, to reduce the risk that U.S. numbering resources reach bad actors abroad.
- Comply with applicable business-related state laws and registration requirements.
The rules codify the FCC’s role in completing direct access application review and rejection and the authorization revocation process.
Additionally, the rules instruct the North American Numbering Council to study numbering use to inform the FCC’s future rulemaking. The rules also seek comments on a variety of topics, including further reforms on new direct access applications, duties of existing direct access authorization holders, and whether direct access applicants should disclose a list of states where they will provide initial services.
The rules will take effect 30 days after publication in the Federal Register.
9th Circuit affirms TCPA dismissal
On August 8, the Ninth Circuit affirmed a district court’s dismissal of a cause of action under the TCPA, wherein the plaintiff alleged that the defendant sent her three mass marketing text messages that utilized “prerecorded voice[s]” even though there was no audible component. Under the TCPA, it is unlawful “to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using…an artificial or prerecorded voice” to a cell phone. In affirming the dismissal, the 9th Circuit reasoned that the ordinary meaning of “voice” encompasses only audible sounds, and that the context of the statute confirmed the ordinary meaning. Specifically, it noted that Congress defined “caller identification information” as “information regarding the origination of a call made using a voice service or a text message sent using a text messaging service.” The court reasoned that if Congress intended “voice” to include inaudible text messages, the term “text message” would be surplusage and “Congress would have written the statute in a manner contrary to a basic canon of statutory interpretation.” The 9th Circuit went on to reject plaintiff’s remaining arguments, including plaintiff’s legislative history and FCC deference arguments because the statute was unambiguous.
FCC warns provider to stop transmitting illegal robocalls
On August 1, the FCC’s Enforcement Bureau notified a gateway intermediate provider and originator that it is allegedly transmitting and originating illegal robocalls, which could result in the FCC permitting downstream service providers to block its traffic permanently if it fails to take action. The illegal robocalls allegedly involved attempts to engage with consumers by informing consumers of fake purchase orders or asking them to confirm their order. Noting that the provider is “closely connected” to two other entities that had previously received similar enforcement letters, the FCC warned that continually changing corporate formations and serving those same entities and related principals could constitute “willful attempts to circumvent the law to originate and carry illegal traffic.” Among other things, the provider is required to investigate the identified transmissions, block all of the identified traffic if the investigation confirms that the entity served as the gateway provider for the illegal transmissions, and report the results to the FCC’s enforcement bureau.
FCC fines companies $20M for insufficient consumer data security measures
On July 28, the FCC announced a proposed fine of $20 million for two affiliated mobile carrier companies over alleged violations of FCC rules. The Commission alleged that the companies failed to protect the privacy and security of subscribers’ personal data by violating three provisions of section 64.2010 of FCC rules, which requires carriers to authenticate customers’ identity before providing online access to their network information. The alleged violations included relying on readily available information to control access to the network information, failing to establish “reasonable” data security standards. FCC Chairwoman Jessica Rosenworcel cited such failures to protect consumers’ privacy to underpin the importance of the FCC’s newly established Privacy and Data Protection Task Force (covered by InfoBytes here). The proposed sanctions are not final, and the companies will have an opportunity to respond.
Feds, states launch “Operation Stop Scam Calls”
On July 18, the FTC, along with over 100 federal and state law enforcement partners nationwide, including the DOJ, FCC, and attorneys general from all 50 states and the District of Columbia, announced a new initiative to combat illegal telemarketing calls, including robocalls. The joint initiative, “Operation Stop Scam Calls,” targets telemarketers and the companies that hire them, lead generators that provide consumers’ telephone numbers to robocallers and others who falsely represent that consumers consented to receive the calls. The initiative also targets Voice over Internet Protocol (VoIP) service providers that facilitate illegal robocalls, many of which originate overseas.
In connection with Operation Stop Scam Calls, the FTC has initiated five new cases against companies and individuals allegedly responsible for distributing or assisting in the distribution of illegal telemarketing calls to consumers across the country. According to the announcement, the actions reiterate the FTC’s position “that third-party lead generation for robocalls is illegal under the Telemarketing Sales Rule (TSR) and that the FTC and its partners are committed to stopping illegal calls by targeting anyone in the telemarketing ecosystem that assists and facilitates these calls, including VoIP service providers.” The announcement also states that more than 180 enforcement actions and other initiatives have been taken by 48 federal and 54 state agencies as part of Operation Stop Scam Calls.
Among the new actions announced a part of Operation Stop Scam Calls is a complaint filed against a “consent farm” lead generator, which allegedly uses “dark patterns” to collect consumers’ broad agreement to provide their personal information and receive robocalls and other marketing solicitations through a single click of a button or checkbox via its websites. Under the terms of the proposed order, the defendant would be required to pay a $2.5 million civil penalty and would be banned from engaging in, assisting, or facilitating robocalls. The defendant would also be required to implement measures to limit its lead generation practices, establish systems for monitoring its own advertising and that of its affiliates, comply with comprehensive disclosure requirements concerning the collection of consumers’ consent to the sale of their information, and delete all previously collected consumer information.
Other actions were taken against a California-based telemarketing lead generator, a telemarketing company that provides soundboard calling services to clients who use robocalls to sell a range of products and services, a New Jersey-based telemarketing outfit that placed tens of millions of calls to consumers whose numbers are listed on the National Do Not Call Registry, and Florida-based defendants accused of assisting and facilitating the transmission of roughly 37.8 million illegal robocalls by providing VoIP services to over 11 foreign telemarketers.
FCC launches Privacy and Data Protection Task Force
On June 14, FCC Chairwoman Jessica Rosenworcel announced the establishment of the Commission’s new Privacy and Data Protection Task Force. According to the announcement, the task force will coordinate efforts across the FCC on rulemaking, enforcement, and public awareness needs in the privacy and data protection sectors. These coordinated measures, Rosenworcel said, are intended to protect against and respond to data breaches involving telecommunications providers and those related to cyber intrusions. Measures will also address supply chain vulnerabilities involving third-party vendors that service regulated communications providers. Speaking to the Center for Democracy and Technology Forum on Data Privacy, Rosenworcel commented that data monetization is big business and that “market incentives to keep our data and slice and dice it to inform commercial activity are enormous” and only increasing. She provided examples of data aggregators selling individual geolocation data and said this demonstrates how information can be monetized. Rosenworcel further explained that the task force will also provide input on Commission efforts to modernize the FCC’s data breach rules. As previously covered by InfoBytes, the FCC issued a notice of proposed rulemaking in January to launch a formal proceeding for strengthening the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information.
FTC program targets robocalls from overseas
On April 11, the FTC implemented Project Point of No Entry (PoNE) in an attempt to stop foreign-based scammers and imposters from targeting U.S. consumers with illegal robocalls. The FTC warned “point of entry” or “gateway” VoIP service providers that routing or transmitting illegal call traffic may violate the Telemarketing Sales Rule, which allows the Commission to seek civil penalties, restitution, and injunctions to stop violations. Through Project PoNE, the FTC will identify violators and “pursue recalcitrant providers” by opening enforcement investigations and filing lawsuits, as appropriate. According to the FTC, “Project PoNE has uncovered the activity of 24 target point of entry service providers responsible for routing and transmitting illegal robocalls between 2021 and 2023, in connection with approximately 307 telemarketing campaigns, including government and business imposters, COVID-19 relief payment scams, and student loan debt relief and forgiveness schemes, among others.” The FTC attributed the results to its collaboration with the Industry Traceback Group, the FCC, and state attorneys general, and said it will make publicly available recordings of the robocalls that target providers have allowed into the U.S. to help consumers identify and avoid scams. The announcement highlighted that before being contacted by the FTC, “the targets had a combined total of 1,043 tracebacks,” but that after being warned about the possible illegal conduct, the number decreased to 196 tracebacks. Of these 196 tracebacks, the FTC said “147 are linked to two uncooperative providers, one of which is subject to an FCC law enforcement action.”
FCC regulations target scam robotexts
On March 16, the FCC adopted its first regulations specifically targeting scam text messages sent to consumers. Recognizing that robotexts are generally covered under the TCPA’s limits against unwanted calls to mobile phones, the FCC stated that the new regulations will require mobile service providers to block certain robotexts that appear to be coming from phone numbers that are unlikely to transmit text messages, including invalid, unallocated, or unused numbers, as well as “numbers that the subscriber to the number has self-identified as never sending text messages, and numbers that government agencies and other well-known entities identify as not used for texting.” Mobile service providers will also be required “to establish a point of contact for text senders, or have providers require their aggregator partners or blocking contractors to establish such a point of contact, which senders can use to inquire about blocked texts.”
The FCC’s report and order also include a further notice of proposed rulemaking, which seeks to implement additional protections to further prevent illegal text messages. The proposal would “require terminating providers to block texts from a sender after they are on notice from the Commission that the sender is sending illegal texts, to extend the National Do-Not-Call Registry’s protections to text messages, and to ban the practice of marketers purporting to have written consent for numerous parties to contact a consumer, based on one consent.”
Comments are due 30 days after publication in the Federal Register.
FCC warns telecoms to stop carrying “mortgage scam” robocalls
On January 24, the FCC’s Enforcement Bureau announced it had ordered telecommunications companies to effectively mitigate robocall traffic originating from a Florida-based real estate brokerage firm selling mortgage scams. The FCC also sent a cease-and-desist letter to a voice service provider carrying the allegedly illegal robocall traffic. According to the FCC, several state attorneys general filed lawsuits late last year against the firm for allegedly using “misleading robocalls to ‘swindle’ and ‘scam’ residents into mortgaging their homes in exchange for small cash payments.” (See state AG press releases here, here, and here.) Additionally, last month, Senate Banking Committee Chairman Sherrod Brown (D-OH), along with Senators Tina Smith (D-MN) and Ron Wyden (D-OR) sent a letter to the FTC and the CFPB requesting a review of the firm’s use of exclusive 40-year listing agreements marketed as a “loan alternative.” (Covered by InfoBytes here.) In shutting down the robocalls, FCC Chairwoman Jessica Rosenworcel stressed that sending junk calls to financially-stressed homeowners in order to offer “deceptive products and services is unconscionable.” Enforcement Bureau Chief Loyaan A. Egal added that the voice service provider should have been applying “Know Your Customer” principles before allowing the traffic on its networks.
FCC announces July 20 as compliance date for amended TCPA rules
On January 23, the FCC announced that July 20 is the compliance date for amended telephone consumer protection act rules on prerecorded calls. As previously covered by InfoBytes, President Trump signed S. 151, the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), which granted the FCC authority to promulgate rules to combat illegal robocalls and requires voice service providers to develop call authentication technologies. On December 30, 2020, the Commission released the TCPA Exemptions Order to implement section 8 of the TRACED Act. In that rulemaking, the Commission amended the TCPA rules related to exemptions for non-commercial calls to residential numbers and commercial calls to residential numbers that do not include an advertisement or constitute telemarketing, among other things. Specifically, the Commission adopted numerical limits on exempted artificial or prerecorded voice calls to residential lines and also required callers making such exempt calls to allow consumers to opt out of any future calls that they do not wish to receive. The Commission explained in the TCPA Exemptions Order that it would publish in the Federal Register a compliance date for the amended rules, which would be six months after publication.