[VoiceOps] FCC RMD Naughty List

Thu Dec 12 23:15:48 EST 2024

Perhaps I'm misunderstanding the verbiage, but that appears to relate only
to vendors of call analytics 3rd parties, and not all upstreams?

On Thu, Dec 12, 2024, 6:03 PM Mary Lou Carey via VoiceOps <
voiceops at voiceops.org> wrote:

> See the attached document. I highlighted the verbiage that states you must
> provide the names of your 3rd party vendors. A lot of companies have their
> upstream providers sign their calls and do their analytics for them.
>
> MARY LOU CAREY
> BackUP Telecom Consulting
> Office: 615-791-9969
> Cell: 615-796-1111
>
>
> On 2024-12-11 07:23 PM, Nathan Anderson via VoiceOps wrote:
>
> I agree with your stance on this, assuming this is in fact a requirement.
> However...I must be dense, because I have now skimmed over the Sixth,
> Seventh, and Eighth "Caller ID Authentication Report and Orders", the
> "Improving the Effectiveness of the Robocall Mitigation Database" docket,
> the updated RMD deadlines and compliance info in DA 24-73 posted in
> January, and I re-read paragraph II.3 of the so-called "naughty list"
> document that kick-started this thread.  And I can find zero mention
> anywhere that supplying a detailed and accurate itemized list of your
> upstreams is any sort of requirement in one's RMD filing.  There seems to
> be plenty of talk about having "*know* your upstreams" procedures, but
> that is not defined as *disclosing* your upstreams.
>
>
>
> So what am I missing?  I'm sure I am just ignorant about where I should be
> looking ("I'm a doctorengineer, not a lawyer, dammit!"), but this is a
> rather well-hidden requirement...
>
>
>
> -- Nathan
>
>
>
> *From:* Mary Lou Carey [mailto:marylou at backuptelecom.com]
> *Sent:* Wednesday, December 11, 2024 09:09
> *To:* Nathan Anderson
> *Cc:* Voiceops
> *Subject:* Re: [VoiceOps] FCC RMD Naughty List
>
>
>
> The requirement to disclose who your underlying carriers and additional
> contact information were just added THIS YEAR. If you're up to date on
> everything else, you might not have made the list because there were so
> many less complaint than you, I wouldn't take that as a sign that the FCC
> won't ever contact you about missing information.
>
> I'm a consultant so I'm exposed to a lot more problems than one company
> may run into. I personally spoke with the FCC and FBI about the scamming
> situation because someone approached us for help when they realized someone
> had contacted one of their upstream carriers and was impersonating them.
> The FCC and FBI had no answers......I'm the one that made the connection
> between the information scammers got and where they could have gotten it
> from.
>
>
>
> I was helping carriers with STIR/SHAKEN compliance long before the RMD was
> required. The FCC came up with it as a work around because not every
> carrier could qualify for a STIR/SHAKEN certificate under the original
> requirements. (The original requirement the RMD replaced was having access
> to numbering resources. As in NXXs - not DIDs).
>
> In my opinion what started out as a method to identify all the players in
> the industry has turned into an information grab that should not be
> happening. Not only because it would be a nightmare to keep the upstream
> carrier list updated, but because it creates way too much temptation for
> fraudsters and the anti-competitive to abuse it.
>
> MARY LOU CAREY
> BackUP Telecom Consulting
> Office: 615-791-9969
> Cell: 615-796-1111
>
>
>
> On 2024-12-10 08:09 PM, Nathan Anderson via VoiceOps wrote:
>
> Wait, say what now?  I'm not even sure I understand how that kind of
> hijacking is possible.  You'd have to be able to deduce who that provider's
> underlying carriers are before you could attempt to engage in that kind of
> social engineering with them, and as an IPES, there's nowhere either in our
> 499 filings or in the RMD filing where we are required to disclose that,
> either publicly or privately/redacted.  (Unless I'm missing something?  We
> have never disclosed that in any FCC filings, and yet we didn't get added
> to this "naughty" list.  Furthermore, a read through of the required
> information listed in this notice under II.3 absolutely does not say
> anywhere that you are required to itemize who your specific upstreams
> are.)  I suppose you could voluntarily disclose it in your RMD plan
> write-up, but...why would you, as that just unnecessarily ties your hands
> and results in a bunch of self-inflicted busy work (if you're going to list
> it, then you either have to maintain that list, avoid bringing up new or
> tearing down old SIP trunks with various underlying carriers, or risk
> having the disclosure become "stale").
>
>
>
> Also, on a different but related note, this whole incomplete-RMD-filing
> issue is a problem that the FCC kinda/sorta created themselves, and then
> decided shirk their responsibility for doing so and saddle all of us with
> the downstream consequences and threats.  Just to remind everybody of the
> history here, this database as originally conceived by the brilliant minds
> in Washington required that filers EITHER certified themselves as being
> wholly S/S compliant, OR if not, then they had to supply a written
> mitigation plan.  If you selected the "I am 100% S/S compliant" checkbox,
> it would NOT allow you to upload a document attachment with any kind of
> written plan.  And if you first filed as only partially compliant or
> not-yet-compliant, and added such a document/attachment to your filing, and
> then after finishing your S/S implementation you went back and UPDATED your
> filing to reflect your new compliance, the system would DELETE your
> previous attachment from your filing, and not give you any option to submit
> a new one.  If you filed as 100% compliant, you could not add an
> attachment, PERIOD.  100% compliance and document attachments were *mutually
> exclusive*.
>
>
>
> Then one day they decided that maybe that was a bad idea, and required
> everybody who was 100% complaint to drop everything & go back and add
> written mitigation plans to their filings.
>
>
>
> So far in the (admittedly few) minutes I've taken to check out a handful
> of companies on this "naughty" list, virtually all of them are in the boat
> of having checked the "100% compliant" checkbox, but not having gone back
> after the rule change to submit a written RM plan document attachment to
> their filing.
>
>
>
> -- Nathan
>
>
>
> *From:* VoiceOps [mailto:voiceops-bounces at voiceops.org
> <voiceops-bounces at voiceops.org>] *On Behalf Of *Mary Lou Carey via
> VoiceOps
> *Sent:* Tuesday, December 10, 2024 14:08
> *To:* voiceops at voiceops.org
> *Subject:* Re: [VoiceOps] FCC RMD Naughty List
>
>
>
> The requirements for RMD changed and you now need to add a lot more
> information. You only have 14 days to respond to the FCC, but MAKE SURE YOU
> FILE YOUR 499 CONFIDENTIALLY! We have already learned of incidents where
> scammers got ahold of company information and attempted to get the
> company's underlying carriers to change the IP addresses for their SIP
> trunks so they could hijack their network. We've brought this to the
> attention of the FBI and FCC, but the FCC's only offer was to file them
> confidentially. I personally think they're asking for way too much
> information and stupid to allow anyone's information to be listed on a
> public site, but until they fix the problem its up to carriers themselves
> to make sure their information is secure.
>
> Ashley (with Equitel Compliance) and I (BackUP Telecom can help anyone
> that needs to update their RMDs or get STIR/SHAKEN certified.
>
> MARY LOU CAREY
> BackUP Telecom Consulting
> Office: 615-791-9969
> Cell: 615-796-1111
>
>
>
> On 2024-12-10 03:42 PM, Dave Russo via VoiceOps wrote:
>
> Here is the FCC order & list mentioned:
> https://docs.fcc.gov/public/attachments/DA-24-1235A1.pdf
>
>
>
> Also somewhat related, I'm curious how some companies that claim to be
> STIR/SHAKEN compliant and are listed on iconectiv's authorized provider
> list get away with not being fully FCC compliant?
>
>
>
> For example when we were looking for a new provider it came to my
> attention that Atheral is 5 years behind on its FCC 499 filings... Looks
> like it last filed in 2019:
> https://apps.fcc.gov/cgb/form499/499detail.cfm?FilerNum=832820
>
>
>
> Does this mean it can get shut down any time the FCC decides to do that?
> Will resellers that use them be at risk of losing service or subject to
> some FCC action themselves?
>
>
>
> -dr
>
>
>
>
>
> On Tue, Dec 10, 2024, at 2:17 PM, Mike Hammett via VoiceOps wrote:
>
> How many of you are on the Robocall Mitigation Database naughty list that
> the FCC just sent out?
>
>
>
> It'd be nice if they told you *WHY* your filing was deficient. Instead,
> they just generically list broad categories that you may or may not fit
> into.
>
>
>
>
>
>
>
> -----
>
> Mike Hammett
>
> Intelligent Computing Solutions
>
> http://www.ics-il.com
>
>
>
>
>
>
>
> Midwest Internet Exchange
>
> http://www.midwest-ix.com
>
>
>
>
>
> _______________________________________________
>
> VoiceOps mailing list
>
> VoiceOps at voiceops.org
>
> https://puck.nether.net/mailman/listinfo/voiceops
>
>
>
>
>
>
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
>
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20241212/082629eb/attachment-0001.htm>