The Federal Communications Commission finalized new financial penalties for telecoms that submit false, inaccurate or late reporting to a federal robocalling system.
The new regulations, which go into effect Feb. 5, will require providers to recertify every year that their information is accurate in the Robocall Mitigation Database (RMD). It would also impose fines on offenders, including $10,000 for submitting false or inaccurate information and $1,000 for each entry not updated within 10 business days of receiving new information.
The commission also added two-factor authentication cybersecurity protections to access the database and directed its Wireline Competition Bureau to establish a new channel for reporting on deficient filings.
Those deficiencies “range from failures to provide accurate contact information to submission of robocall mitigation plans that do not in any way describe reasonable robocall mitigation practices,” the FCC wrote in a final rule posted this week in the Federal Register.
The FCC already requires voice service providers to verify and certify the identities of their callers through the RMD. The database is designed to help regulators and law enforcement track and prevent call spoofing, a frequent tactic of illegal robocallers, and hold providers accountable for the identities of callers and phone numbers that use their networks.
But America’s telecommunications networks are vast and decentralized, comprised of both massive companies like Verizon and AT&T and smaller telecoms and voice-over-internet-protocol (VoIP) providers. Calls often hop from one provider network to another, and verification can get lost or overlooked in the chain of custody.
Historically, federal regulators neither verified nor enforced the accuracy of those filings. Their effectiveness was called into question two years ago, when a political consultant used a voice-cloning tool to impersonate then-President Joe Biden in fake voicemails to New Hampshire voters, spoofing the number of a prominent state Democratic ally. The carrier that transmitted those calls, Lingo Telecom, had nonetheless verified the caller’s identity at their highest level of confidence.
The FCC asked for public feedback on whether to treat violations as minor paperwork errors, which typically carry smaller fines, or as evidence of more serious misrepresentation or lack of candor on the part of the provider. Telecom trade associations opposed fines for false or inaccurate filings unless filers were first granted an opportunity to correct the error or the FCC finds the information “willfully” inaccurate. State attorneys general and robocall surveillance platform ZipDX urged the FCC to take a stricter approach arguing that false filings “significantly undermines the Commission’s efforts to curb illegal robocalls.”
“The State AGs and ZipDX each express strong support for treating the filing of false or inaccurate information in the Robocall Mitigation Database akin to misrepresentation/lack of candor, arguing that such actions should elicit the statutory maximum penalty,” the commission wrote.
The FCC ultimately searched for a middle ground, concluding that a false filing in this case “warrants a significantly higher penalty than the existing $3,000 base forfeiture for failure to file required forms or information” but lower than the statutory maximum.