Voglio sapere a riguardo di…

jbell on DSKJLSW7X2PROD with PROPOSALS

9896

Federal Register / Vol. 86, No. 30 / Wednesday, February 17, 2021 / Proposed Rules
obtain the digital certificates it will use to authenticate calls from one of the approved Certification Authorities. The SPC token therefore is a prerequisite for a voice service provider to participate in the STIR/SHAKEN ecosystem, and management of token access is the mechanism by which the Policy Administrator and Governance Authority protect the system from abuse and misuse. On November 18, 2020, the Governance Authority announced an update to its Service Provider Code SPC Token Access Policy. Under the revised policy, an entity will no longer need direct access to telephone numbers; in place of that requirement, an entity will need to have certified with the Commission that they have implemented STIR/SHAKEN or comply with the Robocall Mitigation Program requirements and are listed in the Commission database. The Governance Authority provided that the revised policy will be effective upon the Commissions Robocall Mitigation Certification filing deadline and that, until then, the current SPC Token Access Policy remains in effect.
7. The Policy Administrator grants SPC tokens to eligible voice service providers conditioned on the execution of a signed agreement with each voice service provider, stating that the voice service provider will follow the appropriate standards. This agreement establishes that if the Policy Administrator deems the voice service provider to be in breach, it has the authority to suspend or revoke a voice service providers SPC token. The Governance Authority possesses sole authority to direct the Policy Administrator to revoke an SPC token, except in limited circumstances where the Policy Administrator may perform such actions on its own initiative, reviewable by the Governance Authority. In the Service Provider Token Revocation Policy, the Governance Authority lists the reasons for which an SPC token may be revoked:
1 In the situation of compromised credentials, i.e., a voice service providers private key has been lost, stolen, or compromised, or a certification authority has been compromised; 2 the voice service provider exits the ecosystem; 3 the voice service provider failed to adhere to the policy and technical requirements of the system, including the SPC Token Access Policy, funding requirements, or technical specifications regarding the use of STIR/SHAKEN; or 4 when directed by a court, the Commission, or another body with relevant legal authority due to a violation of Federal
VerDate Sep<11>2014

16:07 Feb 16, 2021

Jkt 253001

law related to caller ID authentication.
When a service providers credentials are compromised or it exits the ecosystem the former two scenarios, the Policy Administrator may revoke a service providers SPC token without prior direction from the Governance Authority because in either circumstance there will be no question as to its appropriateness. However, when a service provider fails to adhere to a policy or technical requirement, or at the direction of a court, the Commission, or another relevant legal authority the latter two scenarios, the Governance Authority conducts the revocation process according to the process outlined in the Service Provider Token Revocation Policy.
8. Before the Governance Authority revokes an SPC token due to a voice service providers violation of a policy, technical, or legal requirement, the Governance Authority follows a multistep process described by the Service Provider Token Revocation Policy, which allows the voice service provider to respond to the alleged infraction and appeal any adverse decision according to the Governance Authoritys operating procedures. According to the Service Provider Token Revocation Policy, a voice service provider, the Policy Administrator, a Certification Authority, or a regulatory agency may report a potential issue to the Governance Authority via a complaint. Next, the Governance Authority will conduct a formal review of the complaint and gather additional information. The Governance Authority Board then votes on whether to revoke the token, requiring a two thirds vote of the Governance Authority Board to approve the revocation. The affected service provider may appeal an adverse decision by the Governance Authority through a formal appeal process outlined in the Governance Authoritys Operating Procedures. In addition to the Governance Authority reviewing the complaint and issuing a written response, the formal appeal process includes the potential for a hearing before an independent panel of three individuals. Following a hearing, the appeals panel issues a written decision stating its findings of fact, conclusions, and the reasoning for its conclusions. If a voice service provider loses the appeal, or chooses not to appeal, it may seek reinstatement to the STIR/SHAKEN
ecosystem if the Governance Authority approves of its plan of action to remedy the issue or issues underlying the token revocation. The Commission is aware of the timing discrepancy between the appeal process as described in the
PO 00000

Frm 00013

Fmt 4702

Sfmt 4702

Reinstatement Policy and the STIGA
Operating Procedures, and we encourage the STIGA to further clarify the timing for each.
9. In the First Caller ID Authentication Report and Order and Further Notice, the Commission declined to impose new regulations on the STIR/SHAKEN
governance structure. The Commission reasoned, in part, that the Commission did yet not know the nature and scope of the type of problems that may arise that would require Commission intervention.
III. Discussion 10. Although we continue to refrain from unduly intruding upon the private STIR/SHAKEN governance structure, in this Further Notice we preliminarily conclude that it is important for the Commission to have a role in reviewing the Governance Authoritys decisions to revoke a voice service providers SPC
token because such decisions will have the effect of placing the voice service provider out of compliance with our rules. Specifically, we propose to establish an oversight role for the Commission over the Governance Authoritys token revocation decisions similar to the one we hold in the context of decisions by the Universal Service Administrative Company USAC.
Under our universal service appeals rules, after first seeking internal review by USAC, an aggrieved party may seek review of USACs decision by the Commission. Our proposed rules would follow this same format and allow review by the Wireline Competition Bureau, except for requests for review that raise novel questions of fact, law or policy, which would be considered by the full Commission. We seek comment on this proposal.
11. In more detail, we propose to adopt similar procedural and timing requirements as in our universal service rules. We propose that any voice service provider that has its SPC token revoked by the Governance Authority, must first, before appealing that decision to the Commission, exhaust all review of this decision by the Governance Authority, including completing the formal appeal process outlined in the Governance Authoritys Operating Procedures and described above. We believe that the Governance Authoritys robust review procedures will enable the dispute to fully develop before potentially reaching the Commission, thereby making it easier for the Commission to identify the relevant facts and issues. Do commenters agree? Are there any reasons we should allow for appeals of interim or other relief to the Commission before the full Governance
E:FRFM17FEP1.SGM

17FEP1