[VoiceOps] FCC RMD Naughty List

Jeff Bilyk jbilyk at gmail.com
Thu Dec 12 23:53:04 EST 2024 

To be clear, I am not for or against the policies, I am just stating my
understanding, namely: the requirement highlighted in the document you
attached only mandates disclosure of 3rd party vendors used for analytics.
I do not believe that sentence requires disclosure of upstreams used simply
for voice traffic,

Jeff

On Thu, Dec 12, 2024, 6:26 PM Mary Lou Carey <marylou at backuptelecom.com>
wrote:

> How is it fair that if you use your upstream carrier for analytics that
> you have to list their name? The FCC has no business asking that.
> Especially when they don't force everyone who uses a separate analytic
> provider to list their upstream vendor's name? I have no problem with
> explaining the processes used, but asking for any vendor name is just not
> appropriate.
>
> MARY LOU CAREY
> BackUP Telecom Consulting
> Office: 615-791-9969
> Cell: 615-796-1111
>
>
> On 2024-12-12 05:15 PM, Jeff Bilyk wrote:
>
> Perhaps I'm misunderstanding the verbiage, but that appears to relate only
> to vendors of call analytics 3rd parties, and not all upstreams?
>
> On Thu, Dec 12, 2024, 6:03 PM Mary Lou Carey via VoiceOps <
> voiceops at voiceops.org> wrote:
>
>> See the attached document. I highlighted the verbiage that states you
>> must provide the names of your 3rd party vendors. A lot of companies have
>> their upstream providers sign their calls and do their analytics for them.
>>
>> MARY LOU CAREY
>> BackUP Telecom Consulting
>> Office: 615-791-9969
>> Cell: 615-796-1111
>>
>>
>> On 2024-12-11 07:23 PM, Nathan Anderson via VoiceOps wrote:
>>
>> I agree with your stance on this, assuming this is in fact a
>> requirement.  However...I must be dense, because I have now skimmed over
>> the Sixth, Seventh, and Eighth "Caller ID Authentication Report and
>> Orders", the "Improving the Effectiveness of the Robocall Mitigation
>> Database" docket, the updated RMD deadlines and compliance info in DA 24-73
>> posted in January, and I re-read paragraph II.3 of the so-called "naughty
>> list" document that kick-started this thread.  And I can find zero mention
>> anywhere that supplying a detailed and accurate itemized list of your
>> upstreams is any sort of requirement in one's RMD filing.  There seems to
>> be plenty of talk about having "*know* your upstreams" procedures, but
>> that is not defined as *disclosing* your upstreams.
>>
>>
>>
>> So what am I missing?  I'm sure I am just ignorant about where I should
>> be looking ("I'm a doctorengineer, not a lawyer, dammit!"), but this is
>> a rather well-hidden requirement...
>>
>>
>>
>> -- Nathan
>>
>>
>>
>> *From:* Mary Lou Carey [mailto:marylou at backuptelecom.com]
>> *Sent:* Wednesday, December 11, 2024 09:09
>> *To:* Nathan Anderson
>> *Cc:* Voiceops
>> *Subject:* Re: [VoiceOps] FCC RMD Naughty List
>>
>>
>>
>> The requirement to disclose who your underlying carriers and additional
>> contact information were just added THIS YEAR. If you're up to date on
>> everything else, you might not have made the list because there were so
>> many less complaint than you, I wouldn't take that as a sign that the FCC
>> won't ever contact you about missing information.
>>
>> I'm a consultant so I'm exposed to a lot more problems than one company
>> may run into. I personally spoke with the FCC and FBI about the scamming
>> situation because someone approached us for help when they realized someone
>> had contacted one of their upstream carriers and was impersonating them.
>> The FCC and FBI had no answers......I'm the one that made the connection
>> between the information scammers got and where they could have gotten it
>> from.
>>
>>
>>
>> I was helping carriers with STIR/SHAKEN compliance long before the RMD
>> was required. The FCC came up with it as a work around because not every
>> carrier could qualify for a STIR/SHAKEN certificate under the original
>> requirements. (The original requirement the RMD replaced was having access
>> to numbering resources. As in NXXs - not DIDs).
>>
>> In my opinion what started out as a method to identify all the players in
>> the industry has turned into an information grab that should not be
>> happening. Not only because it would be a nightmare to keep the upstream
>> carrier list updated, but because it creates way too much temptation for
>> fraudsters and the anti-competitive to abuse it.
>>
>> MARY LOU CAREY
>> BackUP Telecom Consulting
>> Office: 615-791-9969
>> Cell: 615-796-1111
>>
>>
>>
>> On 2024-12-10 08:09 PM, Nathan Anderson via VoiceOps wrote:
>>
>> Wait, say what now?  I'm not even sure I understand how that kind of
>> hijacking is possible.  You'd have to be able to deduce who that provider's
>> underlying carriers are before you could attempt to engage in that kind of
>> social engineering with them, and as an IPES, there's nowhere either in our
>> 499 filings or in the RMD filing where we are required to disclose that,
>> either publicly or privately/redacted.  (Unless I'm missing something?  We
>> have never disclosed that in any FCC filings, and yet we didn't get added
>> to this "naughty" list.  Furthermore, a read through of the required
>> information listed in this notice under II.3 absolutely does not say
>> anywhere that you are required to itemize who your specific upstreams
>> are.)  I suppose you could voluntarily disclose it in your RMD plan
>> write-up, but...why would you, as that just unnecessarily ties your hands
>> and results in a bunch of self-inflicted busy work (if you're going to list
>> it, then you either have to maintain that list, avoid bringing up new or
>> tearing down old SIP trunks with various underlying carriers, or risk
>> having the disclosure become "stale").
>>
>>
>>
>> Also, on a different but related note, this whole incomplete-RMD-filing
>> issue is a problem that the FCC kinda/sorta created themselves, and then
>> decided shirk their responsibility for doing so and saddle all of us with
>> the downstream consequences and threats.  Just to remind everybody of the
>> history here, this database as originally conceived by the brilliant minds
>> in Washington required that filers EITHER certified themselves as being
>> wholly S/S compliant, OR if not, then they had to supply a written
>> mitigation plan.  If you selected the "I am 100% S/S compliant" checkbox,
>> it would NOT allow you to upload a document attachment with any kind of
>> written plan.  And if you first filed as only partially compliant or
>> not-yet-compliant, and added such a document/attachment to your filing, and
>> then after finishing your S/S implementation you went back and UPDATED your
>> filing to reflect your new compliance, the system would DELETE your
>> previous attachment from your filing, and not give you any option to submit
>> a new one.  If you filed as 100% compliant, you could not add an
>> attachment, PERIOD.  100% compliance and document attachments were *mutually
>> exclusive*.
>>
>>
>>
>> Then one day they decided that maybe that was a bad idea, and required
>> everybody who was 100% complaint to drop everything & go back and add
>> written mitigation plans to their filings.
>>
>>
>>
>> So far in the (admittedly few) minutes I've taken to check out a handful
>> of companies on this "naughty" list, virtually all of them are in the boat
>> of having checked the "100% compliant" checkbox, but not having gone back
>> after the rule change to submit a written RM plan document attachment to
>> their filing.
>>
>>
>>
>> -- Nathan
>>
>>
>>
>> *From:* VoiceOps [mailto:voiceops-bounces at voiceops.org
>> <voiceops-bounces at voiceops.org>] *On Behalf Of *Mary Lou Carey via
>> VoiceOps
>> *Sent:* Tuesday, December 10, 2024 14:08
>> *To:* voiceops at voiceops.org
>> *Subject:* Re: [VoiceOps] FCC RMD Naughty List
>>
>>
>>
>> The requirements for RMD changed and you now need to add a lot more
>> information. You only have 14 days to respond to the FCC, but MAKE SURE YOU
>> FILE YOUR 499 CONFIDENTIALLY! We have already learned of incidents where
>> scammers got ahold of company information and attempted to get the
>> company's underlying carriers to change the IP addresses for their SIP
>> trunks so they could hijack their network. We've brought this to the
>> attention of the FBI and FCC, but the FCC's only offer was to file them
>> confidentially. I personally think they're asking for way too much
>> information and stupid to allow anyone's information to be listed on a
>> public site, but until they fix the problem its up to carriers themselves
>> to make sure their information is secure.
>>
>> Ashley (with Equitel Compliance) and I (BackUP Telecom can help anyone
>> that needs to update their RMDs or get STIR/SHAKEN certified.
>>
>> MARY LOU CAREY
>> BackUP Telecom Consulting
>> Office: 615-791-9969
>> Cell: 615-796-1111
>>
>>
>>
>> On 2024-12-10 03:42 PM, Dave Russo via VoiceOps wrote:
>>
>> Here is the FCC order & list mentioned:
>> https://docs.fcc.gov/public/attachments/DA-24-1235A1.pdf
>>
>>
>>
>> Also somewhat related, I'm curious how some companies that claim to be
>> STIR/SHAKEN compliant and are listed on iconectiv's authorized provider
>> list get away with not being fully FCC compliant?
>>
>>
>>
>> For example when we were looking for a new provider it came to my
>> attention that Atheral is 5 years behind on its FCC 499 filings... Looks
>> like it last filed in 2019:
>> https://apps.fcc.gov/cgb/form499/499detail.cfm?FilerNum=832820
>>
>>
>>
>> Does this mean it can get shut down any time the FCC decides to do that?
>> Will resellers that use them be at risk of losing service or subject to
>> some FCC action themselves?
>>
>>
>>
>> -dr
>>
>>
>>
>>
>>
>> On Tue, Dec 10, 2024, at 2:17 PM, Mike Hammett via VoiceOps wrote:
>>
>> How many of you are on the Robocall Mitigation Database naughty list that
>> the FCC just sent out?
>>
>>
>>
>> It'd be nice if they told you *WHY* your filing was deficient. Instead,
>> they just generically list broad categories that you may or may not fit
>> into.
>>
>>
>>
>>
>>
>>
>>
>> -----
>>
>> Mike Hammett
>>
>> Intelligent Computing Solutions
>>
>> http://www.ics-il.com
>>
>>
>>
>>
>>
>>
>>
>> Midwest Internet Exchange
>>
>> http://www.midwest-ix.com
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> VoiceOps mailing list
>>
>> VoiceOps at voiceops.org
>>
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>>
>>
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>>
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20241212/6d5ad6a6/attachment-0001.htm>

More information about the VoiceOps mailing list