The Pallone-Thune TRACED Act is new legislation that takes aim at the relentless barrage of spam calls invading American homes every day. It seeks to put the onus on service providers to implement STIR/SHAKEN and call authentication technologies and to block unwanted calls while enhancing the power of the FCC and law enforcement agencies in their efforts to deter and combat robocalls. It is strong and sweeping legislation, and it will have positive impacts for consumers, but American’s should understand that the Pallone-Thune TRACED Act alone cannot put an end to the spam call epidemic.
In this article, we will explore key areas of this legislation and its short and long term impacts. We will also discuss the challenges and complexities that will make parts of the law difficult to implement.
We will look to answer the following questions:
- How does this law work to mandate the implementation of STIR/SHAKEN and other call authentication technologies?
- What does the Pallone-Thune TRACED Act do to push service providers to curb spam calls?
- How does the legislation help law enforcement agencies go after spam callers?
- What may or may not work as a deterrent in the future?
- What else does the Pallone-Thune TRACED Act do to help consumers?
Let’s start with the most aggressive and far-reaching provisions of the legislation.
How does this law work to mandate the implementation of STIR/SHAKEN and other call authentication technologies?
One of the major components of this law is a mandate for carriers to implement new technologies to ensure that caller-ID information is authenticated with no additional line item charges for customers. The main technology the law is relying on to accomplish this is called STIR/SHAKEN, a call authentication framework that combats malicious caller ID spoofing. Spam callers often use spoofing to disguise their caller ID, a tactic that can trick consumers into answering unwanted calls and enables bad actors to impersonate others as they perpetrate scams.
STIR/SHAKEN is good technology, but it has significant limitations:
- It does not actually block calls. It is a signal that carriers can use to identify the authenticity and ownership of a calling number.
- It cannot discern a caller’s intent. Just because a service provider can authenticate a call does not mean that the call is wanted by the receiving party; it could still be spam.
- The technology only works with Internet Protocol-based service providers. Many smaller carriers will not be able to employ this service. If your grandmother lives in a rural area, her call may not be authenticated; it would look the same as a spoofed spam call.
- STIR/SHAKEN is not a global standard. It is currently being deployed in the United States and Canada but many legitimate calls originate abroad. These calls cannot be authenticated regardless of their intent or value for consumers under STIR/SHAKEN.
The Pallone-Thune TRACED Act does recognize these limitations. It calls on the FCC to explore alternative methodologies for authenticating calls in rural areas and offers provision for carriers using older technologies. Consumers should understand, however, that a partially implemented call authentication system is significantly limited in terms of its value. Service providers will only be able to count on this technology to make effective block/allow decisions for a fraction of calls being passed through their network. In practice, STIR/SHAKEN will be one signal carriers employ within a larger analytics engine to power such decisions.
What does the Pallone-Thune TRACED Act do to push service providers to curb spam calls?
For several years the FCC has been pushing carriers to help consumers facing the growing number of intrusive spam calls, but carriers are in the business of connecting calls, and they get paid to do so. While we have seen some carriers integrate spam identification tools or offer mobile apps to help consumers, for the most part, carrier efforts have not been compelling or particularly effective.
The Pallone-Thune TRACED Act mandates that carriers should provide consumers with access to call blocking services, that there needs to be transparency when a call is blocked, and that both consumers and callers should have access to remedies if a call is improperly blocked. In theory, this can profoundly reduce the number of unwanted calls reaching consumers’ phones, but there are some large hurdles to clear.
As explained earlier, any dependence on call authentication technologies like STIR/SHAKEN will have significant limitations. Carriers will have to also rely on analytics engines as part of their process. This means looking at call volume trends and other signals to determine which calls to block. This gets complicated quickly, as highlighted by the following:
- There are both good and bad robocalls, and their footprints can look similar to call analytics engines. For example, a school’s snow closing robocall announcement can look the same as a malicious spam call attack.
- If an emergency number is mistakenly identified as a spam call it could be blocked–Call analytics engines could block a number because it appeared to behave in a manner that looked suspicious. Unfortunately, there is no universal definition or list of emergency numbers for carriers to whitelist.
- Not everyone agrees on which calls are wanted vs. unwanted–One consumer receiving a re-finance offer from a mortgage company with whom they have a previous relationship might see this call as legitimate, but another consumer might view the call as spam.
At RoboKiller we have employed audio analysis, audio-fingerprinting, machine learning, and user feedback into our algorithm to overcome these and other problems, but carriers have a different relationship with their customers making these challenging problems to solve.
The law does offer provisions to protect both callers and call recipients. For example, there is what is called a “safe harbor” written into the legislation to incentivize carriers to authenticate and block calls, and the law does call for consumers to have options to opt-out of these services. Consumers probably should not expect service providers to aggressively block unwanted calls on their behalf until these problems are resolved. While the law does push for the FCC to explore solutions to many known challenges, in some cases it may take years to simply identify practical solutions.
How does the legislation help law enforcement agencies go after spam callers?
The FCC, FTC, and law enforcement have aggressively gone after spam callers over the past few years, but older laws that they are beholden to have limited who they could go after and how. One such law limited the FCC to only sanctioning repeat offenders. A company could intentionally violate calling laws knowing that until they received a written warning to stop they were not even at risk of being fined for their actions.
In addition, other shortcomings of previous legislation weakened law enforcements’ ability to stop spammers. The maximum allowable fines often paled in comparison to the revenues spammers were generating, and a relatively short one-year statute of limitations often did not give agencies enough time to trace calls back to offenders. The Pallone-Thune TRACED Act allows $10,000 per violation fines and extends the statute of limitations to 4-years in many cases. These changes, along with provisions to improve law enforcements’ ability to trace back calls to their originators, will give agencies wider latitude to find, target, and prosecute bad actors.
The law also calls on the Department of Justice (DOJ) to actively prosecute scammers and fraudsters. The FCC and FTC are limited to imposing civil penalties, but the Justice Department can put the worst offenders in jail. The law also requires the FCC to provide evidence to the DOJ for certain violations and to publish an annual report on the subject.
The FTC cracked down on robocalls in 2019, taking 94 actions against offenders. RoboKiller measured a significant decrease in spam calls following that effort (we estimated a nearly 1 billion spam call drop from May to June). Unfortunately, the relief was short-lived for consumers, as a new record was set in October at 5.6 billion calls, but this does demonstrate how enforcement can impact the spam call landscape.
What may or may not work as a deterrent in the future?
The FTC, FCC, as well as state agencies, have done an admirable job of going after bad actors even within the constraints of older legislation. High profile cases have resulted in multi-million dollar fines and other sanctions against bad actors. As noted, this has even resulted in tangible reductions in spam calls, though unfortunately, those impacts were short-lived.
Under the Pallone-Thune TRACED Act, these agencies will be able to go after more spammers, hit them with larger fines, and potentially do more to put the worst offenders in jail. Only time will tell, but the “sharper teeth” this law seeks to give law enforcement may have some positive impact as a deterrent to would-be spammers as time goes on.
Unfortunately, there is some concern that even if enforcement actions do scare some spammers out of the business, it may also drive others offshore. Our law enforcement agencies have been most effective in going after domestic offenders. If more spammers move their operations overseas, the deterrence value may be diminished.
What else does the Pallone-Thune TRACED Act do to help consumers?
The enforcement improvement and mandates for carrier interventions in the Pallone-Thune TRACED Act take aim at the main drivers of the spam call epidemic, but the law also tackles more nuanced issues that impact our lives.
One provision, for example, identifies that bad robocallers in some cases have actually gained access to phone number resources from the FCC, and calls on the agency to examine how its policies could be modified to prevent this. Another section identifies that there are some exemptions in the current law that allow consumers to receive calls without consent, but that consumers should still be protected from being inundated by such calls. The impacts on consumers by high volumes of political robocalls could be examined under this clause.
The law further addresses problems that can have surprisingly negative impacts on consumers living in an ever more dynamic, mobile world. For example, when consumers get new phone numbers, they are sometimes bombarded with calls intended for the previous owner of that number. The law works to solve this by pushing for the implementation of a reassigned number database, and offers a process to ensure robocallers stop calling these numbers when the phone number changes hands.
These provisions showcase just how complex the spam call problem has become, but also showcases that this law is designed to be both aggressive and far-reaching in its approach to solving the problem.
So what can American’s Expect, and when?
The Pallone-Thune TRACED Act cannot solve the spam call problem alone, but as we have seen it does have the potential to have a positive impact in areas of this fight. Spammers take advantage of the structures and technologies that enable the world’s largest interconnected network and feed off of the lopsided economics that makes robocalling a very lucrative business.
This law calls for a great deal of action in a 12 – 18-month timeframe. It is likely that legal challenges from call originators, technological challenges, and other issues will cause delays or at least limit the extent of these implementations, but we do expect to see some tangible impacts in the next few years. While we believe this law will help improve the spam call landscape, consumers do have options to protect themselves now. RoboKiller uses cutting edge, advanced technologies including audio analysis, audio fingerprinting, machine learning, and user feedback to protect consumers on their mobile phones today.