[VoiceOps] FCC RMD Naughty List
Nathan Anderson
nathana at fsr.com
Thu Dec 12 01:23:41 EST 2024
I agree with your stance on this assuming this is a requirement. However...I
must be dense, because I have now skimmed over the Sixth, Seventh, and Eighth
"Caller ID Authentication Report and Orders", the "Improving the Effectiveness
of the Robocall Mitigation Database" docket, and
From: Mary Lou Carey [mailto:marylou at backuptelecom.com]
Sent: Wednesday, December 11, 2024 09:09
To: Nathan Anderson
Cc: Voiceops
Subject: Re: [VoiceOps] FCC RMD Naughty List
The requirement to disclose who your underlying carriers and additional contact
information were just added THIS YEAR. If you're up to date on everything else,
you might not have made the list because there were so many less complaint than
you, I wouldn't take that as a sign that the FCC won't ever contact you about
missing information.
I'm a consultant so I'm exposed to a lot more problems than one company may run
into. I personally spoke with the FCC and FBI about the scamming situation
because someone approached us for help when they realized someone had contacted
one of their upstream carriers and was impersonating them. The FCC and FBI had
no answers......I'm the one that made the connection between the information
scammers got and where they could have gotten it from.
I was helping carriers with STIR/SHAKEN compliance long before the RMD was
required. The FCC came up with it as a work around because not every carrier
could qualify for a STIR/SHAKEN certificate under the original requirements.
(The original requirement the RMD replaced was having access to numbering
resources. As in NXXs - not DIDs).
In my opinion what started out as a method to identify all the players in the
industry has turned into an information grab that should not be happening. Not
only because it would be a nightmare to keep the upstream carrier list updated,
but because it creates way too much temptation for fraudsters and the
anti-competitive to abuse it.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2024-12-10 08:09 PM, Nathan Anderson via VoiceOps wrote:
Wait, say what now? I'm not even sure I understand how that kind of
hijacking is possible. You'd have to be able to deduce who that provider's
underlying carriers are before you could attempt to engage in that kind of
social engineering with them, and as an IPES, there's nowhere either in our
499 filings or in the RMD filing where we are required to disclose that,
either publicly or privately/redacted. (Unless I'm missing something? We
have never disclosed that in any FCC filings, and yet we didn't get added
to this "naughty" list. Furthermore, a read through of the required
information listed in this notice under II.3 absolutely does not say
anywhere that you are required to itemize who your specific upstreams are.)
I suppose you could voluntarily disclose it in your RMD plan write-up,
but...why would you, as that just unnecessarily ties your hands and results
in a bunch of self-inflicted busy work (if you're going to list it, then
you either have to maintain that list, avoid bringing up new or tearing
down old SIP trunks with various underlying carriers, or risk having the
disclosure become "stale").
Also, on a different but related note, this whole incomplete-RMD-filing
issue is a problem that the FCC kinda/sorta created themselves, and then
decided shirk their responsibility for doing so and saddle all of us with
the downstream consequences and threats. Just to remind everybody of the
history here, this database as originally conceived by the brilliant minds
in Washington required that filers EITHER certified themselves as being
wholly S/S compliant, OR if not, then they had to supply a written
mitigation plan. If you selected the "I am 100% S/S compliant" checkbox,
it would NOT allow you to upload a document attachment with any kind of
written plan. And if you first filed as only partially compliant or
not-yet-compliant, and added such a document/attachment to your filing, and
then after finishing your S/S implementation you went back and UPDATED your
filing to reflect your new compliance, the system would DELETE your
previous attachment from your filing, and not give you any option to submit
a new one. If you filed as 100% compliant, you could not add an
attachment, PERIOD. 100% compliance and document attachments were mutually
exclusive.
Then one day they decided that maybe that was a bad idea, and required
everybody who was 100% complaint to drop everything & go back and add
written mitigation plans to their filings.
So far in the (admittedly few) minutes I've taken to check out a handful of
companies on this "naughty" list, virtually all of them are in the boat of
having checked the "100% compliant" checkbox, but not having gone back
after the rule change to submit a written RM plan document attachment to
their filing.
-- Nathan
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Mary Lou
Carey via VoiceOps
Sent: Tuesday, December 10, 2024 14:08
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] FCC RMD Naughty List
The requirements for RMD changed and you now need to add a lot more
information. You only have 14 days to respond to the FCC, but MAKE SURE YOU
FILE YOUR 499 CONFIDENTIALLY! We have already learned of incidents where
scammers got ahold of company information and attempted to get the
company's underlying carriers to change the IP addresses for their SIP
trunks so they could hijack their network. We've brought this to the
attention of the FBI and FCC, but the FCC's only offer was to file them
confidentially. I personally think they're asking for way too much
information and stupid to allow anyone's information to be listed on a
public site, but until they fix the problem its up to carriers themselves
to make sure their information is secure.
Ashley (with Equitel Compliance) and I (BackUP Telecom can help anyone that
needs to update their RMDs or get STIR/SHAKEN certified.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2024-12-10 03:42 PM, Dave Russo via VoiceOps wrote:
Here is the FCC order & list mentioned: https://docs.fcc.gov/public/
attachments/DA-24-1235A1.pdf
Also somewhat related, I'm curious how some companies that claim to be
STIR/SHAKEN compliant and are listed on iconectiv's authorized provider
list get away with not being fully FCC compliant?
For example when we were looking for a new provider it came to my
attention that Atheral is 5 years behind on its FCC 499 filings...
Looks like it last filed in 2019: https://apps.fcc.gov/cgb/form499/
499detail.cfm?FilerNum=832820
Does this mean it can get shut down any time the FCC decides to do
that? Will resellers that use them be at risk of losing service or
subject to some FCC action themselves?
-dr
On Tue, Dec 10, 2024, at 2:17 PM, Mike Hammett via VoiceOps wrote:
How many of you are on the Robocall Mitigation Database naughty
list that the FCC just sent out?
It'd be nice if they told you *WHY* your filing was deficient.
Instead, they just generically list broad categories that you may
or may not fit into.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20241211/e79d7eb6/attachment-0001.htm>
More information about the VoiceOps
mailing list