Award Winning Blog

Friday, January 11, 2019

OMG! The FCC Just Legalized Spoofing!


            Most people loathe robocalls and spam: unsolicited commercial, extortionate and sometime criminal pitches by telephone, text and email.  This kind of traffic has become the leading consumer complaint at the FCC. [1]  Consumers especially revile a new sneaky software hack spammers use to insert fake names and numbers on the screens of handsets. It’s called spoofing and unbelievably the Federal Communications Commission just made this nasty, fraudulent intrusion much more likely, especially for text messages.

            In a recent Declaratory Ruling the FCC ostensibly eliminated “regulatory uncertainty” to specify that the information services classification applies to text messages and accompanying content, such as video and photos.  With sadly characteristic sanctimony, snark and self-congratulations, the FCC states unconditionally that this new deregulatory declaration will safeguard consumers. 

            The Commission’s brilliant strategy: abandon regulatory oversight and the ability to impose sanctions on bad actors and rely solely on the carriers transporting text to use whatever safeguards they deem necessary.  This tactic comports with the FCC’s elimination of any network neutrality oversight based on the view that self-regulation will suffice, possibly augmented by ex post, complaint review by the Federal Trade Commission on matters involving privacy and unfair trade practices.

            I want to believe that well intentioned Internet Service Providers always will do the right thing by acting as fair minded and consumer-oriented carriers, even without the prospect of sanctions by a cop on the beat.  But time after time, empirical evidence shows the foolishness in such trust.  Just now, AT&T and other wireless carriers have had to acknowledge that they monetize the location information subscribers must allow the carriers to acquire for call processing.  AT&T apparently forgot the public commitment it made not to exploit this data as a new revenue source.  See AT&T to end all location-data sales to data brokers; https://www.washingtonpost.com/business/technology/atandt-to-end-all-location-data-sales-to-data-brokers/2019/01/10/fb00a364-1547-11e9-ab79-30cd4f7926f2_story.html?utm_term=.ec82608aadd8

            Simply put, carriers have ample self-interest in applying filtering and other anti-spam techniques in ways that generate more revenues, or tilt the competitive playing field in favor of a corporate affiliates and third parties willing to pay.  Nothing prevents carriers from offering spam filtering as an “optional” service for an additional fee.

            Let us put aside the matters of carriers serving as foxes guarding the chicken coop.  The FCC explicitly recognizes that the status quo of uncertain regulatory status has not prevented carriers from filtering and safeguarding text messaging from spam contamination:

In the [current] absence of a Commission assertion of Title II regulation, wireless providers have employed effective methods to protect consumers from unwanted messages and thereby make wireless messaging a trusted and reliable form of communications for millions of Americans. [2]

            The biggest mistake of the Declaratory Ruling lies in a variety of unanticipated negative consequences that collectively add, rather than reduce regulatory uncertainty and increase consumer harms. 

            Consider spoofing.  When the FCC allowed the question of regulatory classification to remain uncertain—like Voice over the Internet Protocol—spoofing could be recognized as something the Commission could deem harmful and subject to regulatory sanction.  Even though spoofing uses software to act on content and replace it with fraudulent data, e.g., Internal Revenue Service (202) 622-5000, the FCC could safeguard consumers based on the statutory definition of unregulated information service that carves out an exception retaining jurisdiction:

(20) INFORMATION SERVICE.--The term “'information service” means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications, and includes electronic publishing, but does not include any use of any such capability for the management, control, or operation of a telecommunications system or the management of a telecommunications service. [3]

            If the FCC had left well enough alone, the highlighted language would have conferred jurisdiction for the FCC to regulate information service (spoofing) that, using the Commission’s language in the Declaratory Ruling, is part of an “integrated finished product” and “inextricably intertwined with information processing capabilities.” [4]

            Throughout its Declaratory Ruling, the FCC explains how texting of any sort constitutes an information service.  It follows that spoofing, occurring as part of the delivered text traffic, similarly constitutes an information service.  How could it be anything else? 

            With both texting and the ancillary spoofing of text messages both constituting information services, the carve out for management, control, or operation of a telecommunications system or the management of a telecommunications service cannot apply to the spoofing process.

            By insisting on an absolute dichotomy between information services and telecommunications ervices [5] each and every element in a composite of texting service has to fit within the newly announced information service classification.  If the FCC has decided that it lacks statutory oversight to regulate texting, then it follows that the Commission similarly has no jurisdiction over the software enabled reformulation of characters and numbers contained in the text message. Consumers may have redress at the FTC, but bear in mind that this agency reacts to complaints, lacks any telecommunications-specific expertise and relies heavily on consent decree promises that we see carriers conveniently forgetting. 

            At best, the FCC’s Declaratory Ruling shows how good intentions can result in unanticipated harms.  However, under current circumstances I cannot give Chairman Pai and his staff the benefit of the doubt.  This document follows a now well-worn path of deregulation for the sake of deregulation without full consideration of the consequences to consumers and competition.  Other matters, worthy of subsequent blogs, include:

1)         whether and how the FCC can enforce the safeguards contained in the Telephone Consumer Protection Act;

2)         how carriers providing common carrier Commercial Mobile Radio Service can enter the mutually exclusive realm of information service processing while   delivering of traffic that originates on handsets, traverses the Public Switched Telephone Network and appears on handset screens;

3)         whether texting, no longer classifiable as a telecommunications service, qualifies for an exemption from fitting within the interstate and international services subject to universal service funding payments by consumers; and

4)         what degree of storing and forwarding of traffic converts it to an information service from a package of telecommunications services (voice, text, caller ID) customarily offered by carriers.




[1]              “Last year, Americans received approximately 30 billion robocalls, and for the first five months of 2018,147 more than 16 billion robocalls have already been placed.148
 And the Commission receives over 200,000 complaints about unwanted calls each year—around 60% of all of the complaints that the Commission receives from consumers.”
Petitions for Declaratory Ruling on Regulatory Status of Wireless Messaging Service, Declaratory Ruling, FCC 18-178, ¶45, p. 23 (rel. Dec. 13, 2018); available at: https://docs.fcc.gov/public/attachments/FCC-18-178A1.pdf [hereinafter cited as Texting Information Service Declaratory Ruling].
[2]           Texting Information Service Declaratory Ruling at 43, p. 21. “[W]ireless providers [currently] prevent large volumes of unwanted or malicious text traffic from reaching consumers’ phones.  They do this by applying filters, blocking robotexts, and using anti-spoofing measures, among other things.” Id. Statement of Chairman Ajit Pai, p.30.
[3]              Communications Act of 1934, as amended, codified at 47 U.S.C. §153 (20)(2018)(emphasis added).

[4]              Texting Information Service Declaratory Ruling at 24, p. 11.
[5]           “The Communications Act, as amended, divides communications
services into two mutually exclusive types: highly regulated ‘telecommunications services’ and lightly regulated ‘information services.’ A ‘telecommunications service’ is a common carrier service that requires ‘the offering of telecommunications for a fee directly to the public, or to such classes of users as to be effectively available to the public, regardless of the facilities used.’” Texting Information Service Declaratory Ruling at ¶3, p. 2.

No comments: