In late December, Congress passed new Anti-Spoofing legislation. As we told you at the time, the Act requires the FCC to enact implementing regulations within 6 months. In anticipation of that rulemaking, the U.S. Department of Justice’s Criminal Division submitted a letter to the FCC with its recommendations for the regulations.
The DOJ letter is described in more detail below. Most notably, DOJ recommends verification obligations be imposed on providers of spoofing services and proposes an expansive definition of "IP-enabled Voice Service" that would impose obligations on services heretofore not subject to FCC regulations. If the FCC agrees, new classes of entities would be subject to compliance obligations relating to Caller ID spoofing.
The DOJ letter is available in full here. The DOJ supports regulations in the following areas:
1. Spoofing Service Providers. Citing to a floor statement by the Truth in Caller ID Act’s sponsor, now ex-Representative Rick Boucher (D-Va), DOJ supports the imposition of verification obligations on providers of spoofing services. Specifically, DOJ recommends:
The Commission should consider the feasibility of requiring public providers of Caller ID spoofing services to make a good-faith effort to verify that a user has the authority to use the substituted number, such as by placing a one-time verification call to that number.
DOJ also recommends technical standards that would allow law enforcement to trace such calls to their true originating number upon appropriate authority.
2. Law Enforcement Exception. The Act excludes any spoofing conducted by any "lawfully authorized investigative, protective, or intelligence agency." DOJ recommends specific language to implement this provision.
3. Applicability to IP-Enabled Services. The Act provides that it applies to the use of "any telecommunications service or IP-enabled voice service." With respect to IP-enabled voice services, the Act provides that the term "has the meaning given to that term by Section 9.3 of the [FCC’s] regulations." Section 9.3, however, defines "interconnected VoIP" services, which are a subset of IP-enabled services.
Noting the lack of a definition of "IP-enabled voice service," the DOJ argues for a definition that will expand the reach of the Caller ID regulations. The DOJ’s proposed definition would reach one-way VoIP services, Skype’s service (which Skype contends does not meet the FCC’s definition of "interconnected VoIP" service) and possibly other uses of VoIP, such as in video conferencing or gaming. Specifically, the DOJ proposes the following definition of "IP-enabled voice services:"
The term ‘IP-enabled voice service’ means the provision of real-time voice communications offered to the public, or such class of users as to be effectively available to the public, transmitted through customer premises equipment using TCP/IP protocol, or a successor protocol, (whether part of a bundle of services or separately) with interconnection capability such that the service can originate traffic to, or terminate traffic from, the public switched telephone network, or a successor network.
The Department states that this definition is based on 18 U.S.C. 1039(h)(4), which protects the confidentiality of telephone records under the Telephone Records and Privacy Protection Act of 2006.