<div dir="auto">To be clear, I am not for or against the policies, I am just stating my understanding, namely: the requirement highlighted in the document you attached only mandates disclosure of 3rd party vendors used for analytics. I do not believe that sentence requires disclosure of upstreams used simply for voice traffic,<div dir="auto"><br></div><div dir="auto">Jeff</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2024, 6:26 PM Mary Lou Carey <<a href="mailto:marylou@backuptelecom.com">marylou@backuptelecom.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-size:10pt;font-family:Arial,Helvetica,sans-serif">
<p>How is it fair that if you use your upstream carrier for analytics that you have to list their name? The FCC has no business asking that. Especially when they don't force everyone who uses a separate analytic provider to list their upstream vendor's name? I have no problem with explaining the processes used, but asking for any vendor name is just not appropriate. </p>
<div>
<p><span>MARY LOU CAREY </span><br><span>BackUP Telecom Consulting </span><br><span>Office: 615-791-9969 </span><br><span>Cell: 615-796-1111</span></p>
</div>
<p><br></p>
<p>On 2024-12-12 05:15 PM, Jeff Bilyk wrote:</p>
<blockquote type="cite" style="padding:0 0.4em;border-left:#1010ff 2px solid;margin:0">
<div dir="auto">Perhaps I'm misunderstanding the verbiage, but that appears to relate only to vendors of call analytics 3rd parties, and not all upstreams?</div>
<br>
<div class="gmail_quote">
<div class="gmail_attr" dir="ltr">On Thu, Dec 12, 2024, 6:03 PM Mary Lou Carey via VoiceOps <<a href="mailto:voiceops@voiceops.org" target="_blank" rel="noreferrer">voiceops@voiceops.org</a>> wrote:</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-size:10pt;font-family:Arial,Helvetica,sans-serif">
<p>See the attached document. I highlighted the verbiage that states you must provide the names of your 3rd party vendors. A lot of companies have their upstream providers sign their calls and do their analytics for them.</p>
<div>
<p><span>MARY LOU CAREY </span><br><span>BackUP Telecom Consulting </span><br><span>Office: 615-791-9969 </span><br><span>Cell: 615-796-1111</span></p>
</div>
<p><br></p>
<p>On 2024-12-11 07:23 PM, Nathan Anderson via VoiceOps wrote:</p>
<blockquote style="padding:0 0.4em;border-left:#1010ff 2px solid;margin:0">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">I agree with your stance on this, assuming this is in fact a requirement. However...I must be dense, because I have now skimmed over the Sixth, Seventh, and Eighth "Caller ID Authentication Report and Orders", the "Improving the Effectiveness of the Robocall Mitigation Database" docket, the updated RMD deadlines and compliance info in DA 24-73 posted in January, and I re-read paragraph II.3 of the so-called "naughty list" document that kick-started this thread. And I can find zero mention anywhere that supplying a detailed and accurate itemized list of your upstreams is any sort of requirement in one's RMD filing. There seems to be plenty of talk about having "<em><u>know</u></em> your upstreams" procedures, but that is not defined as <em><u>disclosing</u></em> your upstreams.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">So what am I missing? I'm sure I am just ignorant about where I should be looking ("I'm a <s>doctor</s>engineer, not a lawyer, dammit!"), but this is a rather well-hidden requirement...</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">-- Nathan</span></p>
<p class="MsoNormal"><a name="m_-2974809383567822184_m_3183546179100767809__MailEndCompose" rel="noreferrer"></a><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><strong><span style="font-size:10.0pt;font-family:'Tahoma','sans-serif'">From:</span></strong><span style="font-size:10.0pt;font-family:'Tahoma','sans-serif'"> Mary Lou Carey [mailto:<a href="mailto:marylou@backuptelecom.com" target="_blank" rel="noreferrer">marylou@backuptelecom.com</a>] <br><strong>Sent:</strong> Wednesday, December 11, 2024 09:09<br><strong>To:</strong> Nathan Anderson<br><strong>Cc:</strong> Voiceops<br><strong>Subject:</strong> Re: [VoiceOps] FCC RMD Naughty List</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">The requirement to disclose who your underlying carriers and additional contact information were just added THIS YEAR. If you're up to date on everything else, you might not have made the list because there were so many less complaint than you, I wouldn't take that as a sign that the FCC won't ever contact you about missing information.</span></p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">I'm a consultant so I'm exposed to a lot more problems than one company may run into. I personally spoke with the FCC and FBI about the scamming situation because someone approached us for help when they realized someone had contacted one of their upstream carriers and was impersonating them. The FCC and FBI had no answers......I'm the one that made the connection between the information scammers got and where they could have gotten it from.</span></p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">I was helping carriers with STIR/SHAKEN compliance long before the RMD was required. The FCC came up with it as a work around because not every carrier could qualify for a STIR/SHAKEN certificate under the original requirements. (The original requirement the RMD replaced was having access to numbering resources. As in NXXs - not DIDs). </span></p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">In my opinion what started out as a method to identify all the players in the industry has turned into an information grab that should not be happening. Not only because it would be a nightmare to keep the upstream carrier list updated, but because it creates way too much temptation for fraudsters and the anti-competitive to abuse it. </span></p>
<div>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">MARY LOU CAREY <br>BackUP Telecom Consulting <br>Office: 615-791-9969 <br>Cell: 615-796-1111</span></p>
</div>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">On 2024-12-10 08:09 PM, Nathan Anderson via VoiceOps wrote:</span></p>
<blockquote style="border:none;border-left:solid #1010ff 1.0pt;padding:0in 0in 0in 5.0pt;margin-left:0in;margin-right:0in">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">Wait, say what now? I'm not even sure I understand how that kind of hijacking is possible. You'd have to be able to deduce who that provider's underlying carriers are before you could attempt to engage in that kind of social engineering with them, and as an IPES, there's nowhere either in our 499 filings or in the RMD filing where we are required to disclose that, either publicly or privately/redacted. (Unless I'm missing something? We have never disclosed that in any FCC filings, and yet we didn't get added to this "naughty" list. Furthermore, a read through of the required information listed in this notice under II.3 absolutely does not say anywhere that you are required to itemize who your specific upstreams are.) I suppose you could voluntarily disclose it in your RMD plan write-up, but...why would you, as that just unnecessarily ties your hands and results in a bunch of self-inflicted busy work (if you're going to list it, then you either have to maintain that list, avoid bringing up new or tearing down old SIP trunks with various underlying carriers, or risk having the disclosure become "stale").</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">Also, on a different but related note, this whole incomplete-RMD-filing issue is a problem that the FCC kinda/sorta created themselves, and then decided shirk their responsibility for doing so and saddle all of us with the downstream consequences and threats. Just to remind everybody of the history here, this database as originally conceived by the brilliant minds in Washington required that filers EITHER certified themselves as being wholly S/S compliant, OR if not, then they had to supply a written mitigation plan. If you selected the "I am 100% S/S compliant" checkbox, it would NOT allow you to upload a document attachment with any kind of written plan. And if you first filed as only partially compliant or not-yet-compliant, and added such a document/attachment to your filing, and then after finishing your S/S implementation you went back and UPDATED your filing to reflect your new compliance, the system would DELETE your previous attachment from your filing, and not give you any option to submit a new one. If you filed as 100% compliant, you could not add an attachment, PERIOD. 100% compliance and document attachments were <u>mutually exclusive</u>.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">Then one day they decided that maybe that was a bad idea, and required everybody who was 100% complaint to drop everything & go back and add written mitigation plans to their filings.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">So far in the (admittedly few) minutes I've taken to check out a handful of companies on this "naughty" list, virtually all of them are in the boat of having checked the "100% compliant" checkbox, but not having gone back after the rule change to submit a written RM plan document attachment to their filing.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d">-- Nathan</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif';color:#1f497d"> </span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><strong><span style="font-size:10.0pt;font-family:'Tahoma','sans-serif'">From:</span></strong><span style="font-size:10.0pt;font-family:'Tahoma','sans-serif'"> VoiceOps [<a href="mailto:voiceops-bounces@voiceops.org" target="_blank" rel="noreferrer">mailto:voiceops-bounces@voiceops.org</a>] <strong><span style="font-family:'Tahoma','sans-serif'">On Behalf Of </span></strong>Mary Lou Carey via VoiceOps<br><strong><span style="font-family:'Tahoma','sans-serif'">Sent:</span></strong> Tuesday, December 10, 2024 14:08<br><strong><span style="font-family:'Tahoma','sans-serif'">To:</span></strong> <a href="mailto:voiceops@voiceops.org" target="_blank" rel="noreferrer">voiceops@voiceops.org</a><br><strong><span style="font-family:'Tahoma','sans-serif'">Subject:</span></strong> Re: [VoiceOps] FCC RMD Naughty List</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">The requirements for RMD changed and you now need to add a lot more information. You only have 14 days to respond to the FCC, but MAKE SURE YOU FILE YOUR 499 CONFIDENTIALLY! We have already learned of incidents where scammers got ahold of company information and attempted to get the company's underlying carriers to change the IP addresses for their SIP trunks so they could hijack their network. We've brought this to the attention of the FBI and FCC, but the FCC's only offer was to file them confidentially. I personally think they're asking for way too much information and stupid to allow anyone's information to be listed on a public site, but until they fix the problem its up to carriers themselves to make sure their information is secure.</span></p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">Ashley (with Equitel Compliance) and I (BackUP Telecom can help anyone that needs to update their RMDs or get STIR/SHAKEN certified. </span></p>
<div>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">MARY LOU CAREY <br>BackUP Telecom Consulting <br>Office: 615-791-9969 <br>Cell: 615-796-1111</span></p>
</div>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
<p><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">On 2024-12-10 03:42 PM, Dave Russo via VoiceOps wrote:</span></p>
<blockquote style="border:none;border-left:solid #1010ff 1.0pt;padding:0in 0in 0in 5.0pt;margin:5.0pt 0in 5.0pt 0in">
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">Here is the FCC order & list mentioned: <a href="https://docs.fcc.gov/public/attachments/DA-24-1235A1.pdf" rel="noopener noreferrer noreferrer" target="_blank">https://docs.fcc.gov/public/attachments/DA-24-1235A1.pdf</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">Also somewhat related, I'm curious how some companies that claim to be STIR/SHAKEN compliant and are listed on iconectiv's authorized provider list get away with not being fully FCC compliant?</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">For example when we were looking for a new provider it came to my attention that Atheral is 5 years behind on its FCC 499 filings... Looks like it last filed in 2019: <a href="https://apps.fcc.gov/cgb/form499/499detail.cfm?FilerNum=832820" rel="noopener noreferrer noreferrer" target="_blank">https://apps.fcc.gov/cgb/form499/499detail.cfm?FilerNum=832820</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">Does this mean it can get shut down any time the FCC decides to do that? Will resellers that use them be at risk of losing service or subject to some FCC action themselves?</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">-dr</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">On Tue, Dec 10, 2024, at 2:17 PM, Mike Hammett via VoiceOps wrote:</span></p>
</div>
<blockquote id="m_-2974809383567822184m_3183546179100767809qt" style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black">How many of you are on the Robocall Mitigation Database naughty list that the FCC just sent out?</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black">It'd be nice if they told you *WHY* your filing was deficient. Instead, they just generically list broad categories that you may or may not fit into.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black">-----</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black">Mike Hammett</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black">Intelligent Computing Solutions</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"><a href="http://www.ics-il.com" rel="noopener noreferrer noreferrer" target="_blank">http://www.ics-il.com</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black">Midwest Internet Exchange</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"><a href="http://www.midwest-ix.com" rel="noopener noreferrer noreferrer" target="_blank">http://www.midwest-ix.com</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif';color:black"> </span></p>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">_______________________________________________</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'">VoiceOps mailing list</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"><a href="mailto:VoiceOps@voiceops.org" target="_blank" rel="noreferrer">VoiceOps@voiceops.org</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"><a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noopener noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Courier New'">_______________________________________________<br>VoiceOps mailing list<br><a href="mailto:VoiceOps@voiceops.org" target="_blank" rel="noreferrer">VoiceOps@voiceops.org</a><br><a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noopener noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a></span></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Arial','sans-serif'"> </span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:'Courier New'">_______________________________________________<br>VoiceOps mailing list<br><a href="mailto:VoiceOps@voiceops.org" target="_blank" rel="noreferrer">VoiceOps@voiceops.org</a><br><a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noopener noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a></span></p>
</div>
</blockquote>
</div>
<br>
<div style="margin:0;padding:0;font-family:monospace">_______________________________________________<br> VoiceOps mailing list<br> <a href="mailto:VoiceOps@voiceops.org" target="_blank" rel="noreferrer">VoiceOps@voiceops.org</a><br> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noopener noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a></div>
</blockquote>
</div>
_______________________________________________<br> VoiceOps mailing list<br> <a href="mailto:VoiceOps@voiceops.org" target="_blank" rel="noreferrer">VoiceOps@voiceops.org</a><br> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noopener noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a></blockquote>
</div>
</blockquote>
</div>
</blockquote></div>