FCC Cracks Down on Scam Texts
Some long-overdue safeguards are being implemented.
Ars Technica (“FCC orders phone companies to block scam text messages“):
The Federal Communications Commission today finalized rules requiring mobile carriers to block robotext messages that are likely to be illegal. The FCC described the rules as the agency’s “first regulations specifically targeting the increasing problem of scam text messages sent to consumers.”
Carriers will be required to block text messages that come from “invalid, unallocated, or unused numbers.” Carriers must also block texts from “numbers that the subscriber to the number has self-identified as never sending text messages, and numbers that government agencies and other well-known entities identify as not used for texting,” the FCC said.
Carriers will have to establish a point of contact for text senders so the senders can inquire about blocked texts. The FCC already requires similar blocking of voice calls from these types of numbers.
The FCC still has a 2-2 partisan deadlock more than two years into Joe Biden’s presidency, but the robotext order was approved 4-0. The FCC sought public comment on the rules in September 2022 before finalizing them today. The order will take effect 30 days after it is published in the Federal Register, according to a draft of the order released before the meeting.
Given the ubiquity of spam texts, it’s frustrating that it’s taken this long to crack down. Aside from scammers and spammers themselves, I can’t imagine the person who is opposed to this regulation.
More robotext rules may be on the way because today’s “action also seeks public comment on further proposals to require providers to block texts from entities the FCC has cited as illegal robotexters,” the FCC said. For example, the FCC proposes to clarify that Do Not Call Registry protections apply to text messaging.
The FCC said it’s further proposing to close the “lead generator loophole” that “allows companies to use a single consumer consent to deliver robocalls and text messages from multiple—perhaps thousands—of marketers on subjects that may not be what the consumer had in mind.” The FCC “will also take further public comment on text authentication measures and other proposals to continue to fight illegal scam robotexts.”
Complaints about robotexts to the FCC rose from 3,300 to 18,900 per year between 2015 and 2022, the FCC said. Many of these robotexts “promote links to phishing websites or websites that can install malware on a consumer’s phone,” the FCC said.
Again, both welcome and absurdly overdue.
The FCC separately voted today to close another gap in its Caller ID authentication rules that target illegal robocalls. The rules already required phone companies to implement the caller ID authentication technologies known as STIR and SHAKEN.
But the rules don’t apply in every possible scenario, so the FCC has periodically strengthened them. In June 2022, for example, the FCC required carriers with 100,000 or fewer customers to comply a year earlier than these small carriers were originally required to.
The FCC said today’s vote closes another loophole as follows:
The new rules will require intermediate providers that receive unauthenticated IP calls directly from domestic originating providers to use STIR/SHAKEN to authenticate those calls. Although STIR/SHAKEN has been widely implemented under FCC rules, some originating providers are not capable of using the framework. In other cases, unscrupulous originating providers may deliberately fail to authenticate calls. By requiring the next provider in the call path to authenticate those calls, the FCC closes a gap in the caller ID authentication regime and facilitates government and industry efforts to identify and block illegal robocalls.
All steps in the right direction.
There are still far too many loopholes, although mostly those created by Congress. Spam from political campaigns, pollsters, and the like are all explicitly protected in the law.