Voglio sapere a riguardo di…

jbell on DSKJLSW7X2PROD with PROPOSALS

Federal Register / Vol. 86, No. 30 / Wednesday, February 17, 2021 / Proposed Rules functions of the Commission, including whether the information shall have practical utility; b the accuracy of the Commissions burden estimates; c ways to enhance the quality, utility, and clarity of the information collected; d ways to minimize the burden of the collection of information on the respondents, including the use of automated collection techniques or other forms of information technology;
and e way to further reduce the information collection burden on small business concerns with fewer than 25
employees. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107198, see 44 U.S.C.
3506c4, we seek specific comment on how we might further reduce the information collection burden for small business concerns with fewer than 25
employees. To view a copy of this information collection request ICR
submitted to OMB: 1 Go to the web page http www.reginfo.gov/public/do/
PRAMain, 2 look for the section of the web page called Currently Under Review, 3 click on the downwardpointing arrow in the Select Agency box below the Currently Under Review heading, 4 select Federal Communications Commission from the list of agencies presented in the Select Agency box, 5 click the Submit button to the right of the Select Agency box, 6 when the list of FCC
ICRs currently under review appears, look for the Title of this ICR and then click on the ICR Reference Number. A
copy of the FCC submission to OMB
will be displayed.
OMB Control Number: 3060XXXX.
Title: Secure Telephone Identity Governance Authority Token Revocation Review Process.
Form Number: N/A.
Type of Review: New information collection.
Respondents: Business or other forprofit entities.
Number of Respondents and Responses: 50 respondents; 50
responses.
Estimated Time per Response: 24
hours.
Frequency of Response: On occasion reporting requirement.
Obligation to Respond: Mandatory and required to obtain or retain benefits.
The statutory authority for these collections are contained in 47 U.S.C.
227b, 251e, and 227e of the Communications Act of 1934.
Total Annual Burden: 1,200 hours.
Total Annual Cost: No Cost.
Privacy Act Impact Assessment: No impacts.
Nature and Extent of Confidentiality:
The Commission will consider the
VerDate Sep<11>2014

16:07 Feb 16, 2021

Jkt 253001

potential confidentiality of any information submitted, particularly where public release of such information could raise security concerns e.g., granular location information. Respondents may request materials or information submitted to the Commission or to the Administrator be withheld from public inspection under 47 CFR 0.459 of the Commissions rules.
Synopsis I. Introduction 1. As part of the Commissions multipronged approach to combat illegal robocalls, the Commission has promoted the implementation of STIR/
SHAKEN, a caller ID authentication framework. STIR/SHAKEN is a set of industry-created technological standards that help to prevent illegally spoofed calls. Spoofing is a practice that involves the falsifying of caller ID
information and it is particularly nefarious when bad actors spoof calls to trick unsuspecting Americans into thinking that calls they make are trustworthy because the caller ID
information appears as if the call came from a neighbor or a familiar or reputable source.
2. In March, acting pursuant to the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act TRACED Act, the Commission required voice service providers to implement the STIR/
SHAKEN call authentication technology in the internet protocol IP portions of their phone networks by June 30, 2021.
The Commission completed implementation of the TRACED Act with respect to STIR/SHAKEN in September and required intermediate providers to facilitate caller ID
authentication.
3. Today, we propose a limited role for the Commission to oversee certificate revocation decisions by the private STIR/SHAKEN Governance Authority that would have the effect of placing providers in noncompliance with our rules. We anticipate that exercising an oversight role would provide necessary due process to parties that may be rendered noncompliant with our rules by the actions of a private entity without unduly interfering with the well-functioning multi-stakeholder private STIR/SHAKEN governance processes.
II. Background 4. To address the issue of illegal caller ID spoofing, technologists from the internet Engineering Task Force IETF
and the Alliance for
PO 00000

Frm 00012

Fmt 4702

Sfmt 4702

9895

Telecommunications Industry Solutions ATIS developed standards to allow for the authentication and verification of caller ID information for calls carried over IP networks. The result of their efforts is the STIR/SHAKEN call authentication framework, which allows for the caller ID information to securely travel with the call itself throughout the entire length of the call path. A key component to the STIR/SHAKEN
framework is the transmission of a digital certificate along with the call.
This certificate essentially states that the voice service provider authenticating the caller ID information is the voice service provider it claims to be, it is authorized to authenticate this information and, thus, the voice service providers claims about the caller ID
information can be trusted. To maintain trust and accountability in the voice service providers that vouch for the caller ID information, a neutral governance system issues the certificates.
5. The STIR/SHAKEN governance system is comprised of several different entities fulfilling specialized roles. The Governance Authority, managed by a board consisting of representatives from across the voice service industry, defines the policies and procedures for which entities can issue or acquire certificates. The Policy Administrator applies the rules set by the Governance Authority, confirms that certification authorities are authorized to issue certificates, and confirms that voice service providers are authorized to request and receive certificates.
Certification Authorities, of which there are several, issue the certificates used to authenticate and verify calls. And finally, the voice service providers themselves, which, when acting as call initiators, select an approved certification authority from which to request a certificate, and when acting as call recipients, check with certification authorities to ensure that the certificates they receive were issued by the correct certification authority.
6. To receive a digital certificate, a voice service provider must first apply to the Policy Administrator for a Service Provider Code SPC token. To obtain an SPC token, the Governance Authority policy requires that a voice service provider must 1 have a current FCC
Form 499A on file with the Commission, 2 have been assigned an Operating Company Number OCN, and 3 have direct access to telephone numbers from the North American Numbering Plan Administrator NANPA and the National Pooling Administrator. The SPC token then permits the voice service provider to
E:FRFM17FEP1.SGM

17FEP1