[VoiceOps] FCC RMD Naughty List
Nathan Anderson
nathana at fsr.com
Fri Dec 13 01:52:36 EST 2024
I concur and was just about to respond with the same counter-argument. I read
this paragraph, and I still do not come away with an understanding that one is
required to disclose other carriers that you peer with.
Now, if you happen to only peer with a single carrier who is providing you with
a turn-key, all-in-one solution (they do all of your origination, termination,
they host your S/S cert, they sign your term calls for you using your cert on
your behalf, maybe they are even your S/S CA that you obtained your cert from
in the first place, AND they do call analytics & run an STI-
From: Jeff Bilyk [mailto:jbilyk at gmail.com]
Sent: Thursday, December 12, 2024 15:53
To: Mary Lou Carey
Cc: Nathan Anderson; Voiceops
Subject: Re: [VoiceOps] FCC RMD Naughty List
To be clear, I am not for or against the policies, I am just stating my
understanding, namely: the requirement highlighted in the document you attached
only mandates disclosure of 3rd party vendors used for analytics. I do not
believe that sentence requires disclosure of upstreams used simply for voice
traffic,
Jeff
On Thu, Dec 12, 2024, 6:26 PM Mary Lou Carey <marylou at backuptelecom.com> wrote:
How is it fair that if you use your upstream carrier for analytics that you
have to list their name? The FCC has no business asking that. Especially
when they don't force everyone who uses a separate analytic provider to
list their upstream vendor's name? I have no problem with explaining the
processes used, but asking for any vendor name is just not appropriate.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2024-12-12 05:15 PM, Jeff Bilyk wrote:
Perhaps I'm misunderstanding the verbiage, but that appears to relate
only to vendors of call analytics 3rd parties, and not all upstreams?
On Thu, Dec 12, 2024, 6:03 PM Mary Lou Carey via VoiceOps <
voiceops at voiceops.org> wrote:
See the attached document. I highlighted the verbiage that states
you must provide the names of your 3rd party vendors. A lot of
companies have their upstream providers sign their calls and do
their analytics for them.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2024-12-11 07:23 PM, Nathan Anderson via VoiceOps wrote:
I agree with your stance on this, assuming this is in fact a
requirement. However...I must be dense, because I have now
skimmed over the Sixth, Seventh, and Eighth "Caller ID
Authentication Report and Orders", the "Improving the
Effectiveness of the Robocall Mitigation Database" docket, the
updated RMD deadlines and compliance info in DA 24-73 posted in
January, and I re-read paragraph II.3 of the so-called "naughty
list" document that kick-started this thread. And I can find
zero mention anywhere that supplying a detailed and accurate
itemized list of your upstreams is any sort of requirement in
one's RMD filing. There seems to be plenty of talk about
having "know your upstreams" procedures, but that is not
defined as disclosing your upstreams.
So what am I missing? I'm sure I am just ignorant about where
I should be looking ("I'm a [S:doctor:S]engineer, not a lawyer,
dammit!"), but this is a rather well-hidden requirement...
-- Nathan
From: Mary Lou Carey [mailto:marylou at backuptelecom.com]
Sent: Wednesday, December 11, 2024 09:09
To: Nathan Anderson
Cc: Voiceops
Subject: Re: [VoiceOps] FCC RMD Naughty List
The requirement to disclose who your underlying carriers and
additional contact information were just added THIS YEAR. If
you're up to date on everything else, you might not have made
the list because there were so many less complaint than you, I
wouldn't take that as a sign that the FCC won't ever contact
you about missing information.
I'm a consultant so I'm exposed to a lot more problems than one
company may run into. I personally spoke with the FCC and FBI
about the scamming situation because someone approached us for
help when they realized someone had contacted one of their
upstream carriers and was impersonating them. The FCC and FBI
had no answers......I'm the one that made the connection
between the information scammers got and where they could have
gotten it from.
I was helping carriers with STIR/SHAKEN compliance long before
the RMD was required. The FCC came up with it as a work around
because not every carrier could qualify for a STIR/SHAKEN
certificate under the original requirements. (The original
requirement the RMD replaced was having access to numbering
resources. As in NXXs - not DIDs).
In my opinion what started out as a method to identify all the
players in the industry has turned into an information grab
that should not be happening. Not only because it would be a
nightmare to keep the upstream carrier list updated, but
because it creates way too much temptation for fraudsters and
the anti-competitive to abuse it.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2024-12-10 08:09 PM, Nathan Anderson via VoiceOps wrote:
Wait, say what now? I'm not even sure I understand how
that kind of hijacking is possible. You'd have to be able
to deduce who that provider's underlying carriers are
before you could attempt to engage in that kind of social
engineering with them, and as an IPES, there's nowhere
either in our 499 filings or in the RMD filing where we are
required to disclose that, either publicly or privately/
redacted. (Unless I'm missing something? We have never
disclosed that in any FCC filings, and yet we didn't get
added to this "naughty" list. Furthermore, a read through
of the required information listed in this notice under
II.3 absolutely does not say anywhere that you are required
to itemize who your specific upstreams are.) I suppose you
could voluntarily disclose it in your RMD plan write-up,
but...why would you, as that just unnecessarily ties your
hands and results in a bunch of self-inflicted busy work
(if you're going to list it, then you either have to
maintain that list, avoid bringing up new or tearing down
old SIP trunks with various underlying carriers, or risk
having the disclosure become "stale").
Also, on a different but related note, this whole
incomplete-RMD-filing issue is a problem that the FCC kinda
/sorta created themselves, and then decided shirk their
responsibility for doing so and saddle all of us with the
downstream consequences and threats. Just to remind
everybody of the history here, this database as originally
conceived by the brilliant minds in Washington required
that filers EITHER certified themselves as being wholly S/S
compliant, OR if not, then they had to supply a written
mitigation plan. If you selected the "I am 100% S/S
compliant" checkbox, it would NOT allow you to upload a
document attachment with any kind of written plan. And if
you first filed as only partially compliant or
not-yet-compliant, and added such a document/attachment to
your filing, and then after finishing your S/S
implementation you went back and UPDATED your filing to
reflect your new compliance, the system would DELETE your
previous attachment from your filing, and not give you any
option to submit a new one. If you filed as 100%
compliant, you could not add an attachment, PERIOD. 100%
compliance and document attachments were mutually exclusive
.
Then one day they decided that maybe that was a bad idea,
and required everybody who was 100% complaint to drop
everything & go back and add written mitigation plans to
their filings.
So far in the (admittedly few) minutes I've taken to check
out a handful of companies on this "naughty" list,
virtually all of them are in the boat of having checked the
"100% compliant" checkbox, but not having gone back after
the rule change to submit a written RM plan document
attachment to their filing.
-- Nathan
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On
Behalf Of Mary Lou Carey via VoiceOps
Sent: Tuesday, December 10, 2024 14:08
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] FCC RMD Naughty List
The requirements for RMD changed and you now need to add a
lot more information. You only have 14 days to respond to
the FCC, but MAKE SURE YOU FILE YOUR 499 CONFIDENTIALLY! We
have already learned of incidents where scammers got ahold
of company information and attempted to get the company's
underlying carriers to change the IP addresses for their
SIP trunks so they could hijack their network. We've
brought this to the attention of the FBI and FCC, but the
FCC's only offer was to file them confidentially. I
personally think they're asking for way too much
information and stupid to allow anyone's information to be
listed on a public site, but until they fix the problem its
up to carriers themselves to make sure their information is
secure.
Ashley (with Equitel Compliance) and I (BackUP Telecom can
help anyone that needs to update their RMDs or get STIR/
SHAKEN certified.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2024-12-10 03:42 PM, Dave Russo via VoiceOps wrote:
Here is the FCC order & list mentioned: https://
docs.fcc.gov/public/attachments/DA-24-1235A1.pdf
Also somewhat related, I'm curious how some companies
that claim to be STIR/SHAKEN compliant and are listed
on iconectiv's authorized provider list get away with
not being fully FCC compliant?
For example when we were looking for a new provider it
came to my attention that Atheral is 5 years behind on
its FCC 499 filings... Looks like it last filed in
2019: https://apps.fcc.gov/cgb/form499/499detail.cfm?
FilerNum=832820
Does this mean it can get shut down any time the FCC
decides to do that? Will resellers that use them be at
risk of losing service or subject to some FCC action
themselves?
-dr
On Tue, Dec 10, 2024, at 2:17 PM, Mike Hammett via
VoiceOps wrote:
How many of you are on the Robocall Mitigation
Database naughty list that the FCC just sent out?
It'd be nice if they told you *WHY* your filing was
deficient. Instead, they just generically list
broad categories that you may or may not fit into.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20241212/bb4757b3/attachment-0001.htm>
More information about the VoiceOps
mailing list