More team-ups with other federal agencies going after robocallers and requiring phone companies to implement caller ID authentication tech were among suggestions on the FCC rulemaking on curbing spoofed robocalls. The NPRM was adopted in February (see 1902140039). Beyond requiring implementation of caller ID authentication technology, set guidelines for its implementation and ensure consumers are represented on the Signature-based Handling of Asserted Information Using toKENs/Secure Telephony Identity Revisited (Shaken/Stir) governance board, said Consumer Reports, the National Consumer Law Center and Consumer Federation of America in docket 18-335, which got comments through Thursday. They said spoofed calls need to be blocked or diverted, not just identified, and Shaken/Stir as conceptualized now wouldn't address situations where robocallers buy phone numbers and use those to mask identity. They said the FCC should consider requiring phone companies vet subscribers, monitoring for numbers making inordinate amounts of calls. CTIA said the FCC and other agencies such as the FTC and DOJ, plus states attorneys general and international counterparts, ought to "take even more steps to deter bad actors." It suggested the FCC define the scope of its expanded anti-spoofing rules to include short message service and multimedia message service text messages. The FCC needs to be sure it's "hewing closely" to the updates Congress made to caller ID issues in Ray Baum's Act and not expand the scope of those rules past congressional intent or change the established regulatory framework in other areas, Twilio said. It said the FCC should be careful applying spoofing rules to messages sent using common short code, and not include rich communications services in the definition of text message. Comcast suggested the FCC clarify that a provider originating an IP call has to transmit the calling party name alongside the calling party number. It also recapped meeting with an aide to Commissioner Geoffrey Starks, saying the order creating a comprehensive number database, while not specifically a fraudulent spoofing issue, also will help cut volume of unwanted calls.
Washington state’s privacy bill cleared 5-4 the House Innovation, Technology and Economic Development Committee Wednesday. Rep. Jeff Morris (D) joined three Republicans voting no, and even Democrats voting yes agreed that the House-amended S-5376 isn’t perfect. The committee’s executive session started Tuesday and carried over to Wednesday to allow more time for the public to read the latest version (see 1904020068). While taking several amendments, the committee rejected a proposal by ranking member Norma Smith (R) to remove a private right of action, leaving enforcement to the state attorney general. “To put a private right of action … will create greater chaos than we need and really short circuits ability for effective implementation,” Smith said at the livestreamed hearing. The legislature could reconsider giving a private right in two years, under her proposal. Chairman Zack Hudgins (D) replied that the bill doesn’t put a new private right of action into statute but relies on the existing right in the state’s Consumer Protection Act, so Smith’s amendment would “peel back” what consumers already have. There’s no point in giving rights to consumers if they can’t exercise them, said Vice Chair Shelley Kloba (D). Smith and other opponents said they still saw much work ahead. Morris, the only Democratic no, resisted what he called a “Cheshire cat bill.” He sees too many parties wearing “big grins” and worries the legislature is giving too much away. The bill might violate the state’s two-subject rule by addressing private data and facial recognition in one measure, he added. Hudgins agrees with all the members’ comments, for and against. “There’s some very serious concerns about the bill moving forward, but I do think it’s better in many ways than it came to us,” he said. “There’s some more specifics, there’s more focus on consent [and] there’s more concern about bias in the technology. We are still trying to protect innovation.”
The FCC has been too slow to address complaints AT&T, T-Mobile and Sprint are selling customers' real-time location data to bounty hunters (see 1901080046), Commissioner Geoffrey Starks said Tuesday. Starks cited the dangers of the practice during a February news conference shortly after he took office (see 1902080056) and called for action in an opinion article in Tuesday's The New York Times. “Our location information isn’t supposed to be used without our knowledge and consent and no chain of handoffs or contracts can eliminate the wireless company’s obligations,” Starks wrote. “This is particularly true for the misuse and disclosure of GPS-based 911 location data -- which is squarely against FCC rules.” The FCC says it's investigating, he said: “But nearly a year after the news first broke, the commission has yet to issue an enforcement action or fine those responsible.” The FCC didn't comment.
T-Mobile said it’s installing magenta-colored privacy cubes for customers in New York City, Washington, D.C., and its hometown Seattle. “You can use your smartphone in peace, even on the streets of some of the busiest cities in America,” it said Friday. Customers will need to use a new T-Mobile Phone BoothE app to access the booths. T-Mobile said initially the booths will be available at one location in each city, with limited hours.
The FCC should forget about toll-free texting and zero in on robocalls, blogged Seth Cooper, senior fellow at the Free State Foundation. Commissioners unanimously approved a declaratory ruling and NPRM on text enabling of toll-free numbers in June (see 1806070021). There were nearly 5 billion robocalls in February, and likely “zero instances of toll-free phone numbers being enabled to receive text messages without authorization by business subscribers,” Cooper wrote Friday.
The "measly" amounts the FCC is receiving in fines from robocallers are ineffective in addressing the problem, so it's time for other commissioners to call on carriers to make tools freely available to consumers to block such calls, Commissioner Jessica Rosenworcel tweeted Thursday. The Wall Street Journal reported the agency has levied $208 million in such penalties, collecting $6,790.
State bills to fight robocalls are marching forward. The Arkansas Senate voted 35-0 Monday to pass SB-514; the House Insurance and Commerce Committee plans to hear the bill Wednesday at 10 a.m. CDT. It got support last week from the Arkansas attorney general (see 1903190035). The California Senate Energy, Utilities and Communications Committee plans to hear testimony on a call-spoofing bill (SB-208) the same day at 9 a.m. PDT. The Mississippi House and Senate named conferees Monday to hash out differences in spoofing bills including SB-2821 and SB-2744 (see 1903130050).
The FTC voted 5-0 to issue orders to Google, AT&T, T-Mobile, Verizon, Comcast and related entities, initiating a study on broadband provider collection and sharing of user data. The study, authorized by Section 6(b) of the FTC Act (see 1903200073), allows the agency to collect internal information from the companies. The study will help the agency “better understand Internet service providers’ privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content,” the commission said Tuesday. Orders were sent to AT&T, AT&T Mobility, Comcast (dba Xfinity), Google Fiber, T-Mobile, Verizon and Cellco Partnership (dba Verizon Wireless). The agency is seeking details on what personal data is collected about users and their devices; how long the data is retained and if it’s shared with third parties; and whether the data is aggregated, anonymized or de-identified. The FTC also requested copies of the companies’ notices and disclosures to consumers about data collection practices; information on whether consent is offered and obtained; and processes for allowing user control of data. The companies didn’t comment.
A December FCC order creating a reassigned phone number database to help combat unwanted and illegal robocalls to people with new numbers (see 1812120026) took effect Tuesday with Federal Register publication. Commissioners approved the order 4-0 Dec. 12, adding a safe harbor giving some protection from Telephone Consumer Protection Act liability to parties using the database. Information collection requirements clearance by the Office of Management and Budget.
The Federal Emergency Management Agency exposed 2.3 million disaster survivors to increased risk of identity theft and fraud by sharing their personal data, including banking information, with a displacement contractor, the Office of Inspector General said, which FEMA acknowledged Friday. FEMA shared information it wasn't required to disclose, including electronic funds transfer and bank transit numbers of victims of hurricanes Harvey, Irma and Maria, and the 2017 California wildfires. FEMA violated the 1974 Privacy Act and Department of Homeland Security policy, the report said. There’s no evidence to suggest data was misused, and the contractor is cooperating to remove the unnecessary data, FEMA said Friday.