Caller ID Spoofing Order Could Have Late Changes Sought by CTIA

CTIA met with commission officials asking whether the rules need to be expanded to include short codes, said a Friday filing in docket 18-335. “CTIA firmly supports efforts to curb spoofing, and applauds RAY BAUM’S Act’s efforts in this regard,” the group said: But “there is no evidence that this type of fraud exists or is possible in the short code context.” CTIA reported on a series of calls and meetings with the FCC. Among them was a call between Brad Gillen, its executive vice president, and Nicholas Degani, aide to Pai.

In a footnote in the filing, CTIA says the record contains no evidence anyone can spoof a short code or tamper with caller identification information. “The two articles cited in the Draft Order … do not address short code spoofing,” CTIA said: “The first describes allegations around misrepresentation in the actual content of a message not the caller identification information, and the second is more likely explained as a customer account associated with the wrong phone number as opposed to the spoofing challenges described in the Draft Order.”

CTIA asked the FCC to take a step back. “Given this lack of evidence, the absence of notice under the Administrative Procedure Act (APA), the absence of reference to short codes in the RAY BAUM’s Act, and the Commission’s well-established light-touch approach, CTIA expressed concern about the FCC expanding the reach of these rules to short codes,” the filing said.

CTIA said if the order includes short codes the FCC also should clarify nothing affects the commission’s decision in a December 2018 declaratory ruling (see 1812120043) “which expressly refrained from any finding that a short code is a ‘component’ of mobile messaging for purposes of the Communications Act.” CTIA declined further comment.

“CTIA is right,” network architect Richard Bennett told us: “Text messages sent from short code accounts are already validated by carriers, so there is no need to additional validation by the systems mandated by the FCC to achieve validation for common SMS messages.”

Short code messages and normal text messages “can serve similar purposes and be used almost interchangeably by businesses,” said Tom Struble, tech policy manager at the R Street Institute. “Even though they're similar services and both send messages to the same app on a user's phone, I think people recognize that short codes are only used by businesses whereas normal texts can be used by businesses or everyday users. So, just in terms of public policy … it's a close call for the FCC to make.”

CTIA’s legal arguments seem more important than its policy arguments, Struble said. CTIA argues that the NPRM didn't provide adequate notice that short codes would be included in the final rules, “and there isn't any substantial evidence of short-code spoofing to justify regulations on them, so including short codes in the final rules would violate the APA,” he said: On that point, “CTIA has a pretty strong argument, since I don't see a single mention of short codes in the NPRM, and the sources cited by the FCC in … the draft order seem pretty weak.” Without further work on the order, CTIA would have grounds for an appeal, he said.

In February, commissioners voted 5-0 to launch a rulemaking on curbing spoofed robocalls (see 1902140039), implementing part of Ray Baum's Act.

The FTC, meanwhile, said Monday it's making better do not call (DNC) list data available to the public through an interactive map. “Consumers can now access reports about the number of DNC and robocall complaints filed from their state, and see how that information compares with complaints filed by consumers in other states or nationally,” the FTC said: “Users also can do specific searches to determine what types of telemarketing calls consumers are reporting, such as live calls versus robocalls. In addition, because consumers often specify the type of telemarketing call they are reporting, users can explore the database by topic.”