Implementing the Truth in Caller ID Act passed last December, the FCC adopted rules prohibiting the fraudulent manipulation of caller ID information. These so-called anti-"spoofing" rules track the statutory language to prohibit any person from "knowingly transmit[ing] misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value." The Commission also released a report to Congress recommending additional legislative changes to strengthen the spoofing protections.
Check back later for additional analysis of the orders, but in the meantime, we will hit a few of the highlights.
In the Report and Order, the FCC largely tracks its proposal in the NPRM. The Commission prohibited the "knowing" transmission of misleading information with an intent to defraud, and clarified that to be liable the person possessing the fraudulent intent must also cause the transmission of misleading information.
Notably, the FCC adopted its proposal to take direct enforcement action against entities that violate the rules, even if those entities are not Commission licensees or holders of Commission authorizations. This side-steps the "warn first" regime that applies to other violations.
The Commission denied the Department of Justice's requests to extend liability to VoIP providers not meeting the FCC's existing definition of "interconnected VoIP" service and to impose additional verification obligations on third-party spoofing providers.
In the Report to Congress, the FCC recommends several changes to strengthen the Act, including expansion of the Act to reach non-interconnected VoIP and to address test-messaging services. As summarized in the Report, the Commission recommended the following:
Legislative recommendations include clarifying the scope of the Truth in Caller ID Act to include (1) persons outside the United States, (2) the use of IP-enabled voice services that are not covered under the Commission’s current definition of interconnected Voice over Internet Protocol (VoIP) service, (3) appropriate authority over third party spoofing services, and (4) SMS-based text messaging services.