Voglio sapere a riguardo di…

lotter on DSK11XQN23PROD with PROPOSALS1

Federal Register / Vol. 86, No. 208 / Monday, November 1, 2021 / Proposed Rules are blocked to registered PSAP
telephone numbers? Is there a costeffective means for voice service providers to track the use of such telephone numbers to determine if they have been recently ported to nonautodialer users? Should voice service providers be required to report to the Commission the number of blocked autodialer calls to PSAPs in order to help the Commission assess how frequently such calls occur and whether the registry is effective?
11. Security Risks. Would a call blocking requirement raise the risk that a malicious actor could reverse-engineer a list of PSAP numbers by determining what calls have been blocked? Would that create any additional security risk for PSAPs? If there is such a risk, would this allow bad-actor callers to spoof the PSAP number and avoid all blocking under our existing rule limiting blocking emergency calls from PSAPs?
If so, what could the Commission do to address this concern? Should the Commissions transparency and redress requirements for blocked calls apply to blocking done pursuant to a PSAP DoNot-Call registry? See 47 CFR
64.1200k8. Are there other factual, legal, or policy factors that the Commission should consider before allowing voice service providers to block calls to PSAP numbers that are used for emergency purposes?
Alternatively, would such a requirement raise the risk that a malicious actor may purposely register non-autodialing outgoing numbers into the registry in order to prevent legitimate emergency callers from contacting PSAPs? If so, how can the Commission address such a concern? Are there any other potential security concerns the Commission may need to address?
12. Costs and Impact on Small Business. The Commission seeks comment on the impact of its proposal on small businesses and any potential alternatives that may reduce the impact of autodialed calls on PSAPs without imposing burdens on such small businesses. The Commission tentatively concludes that the benefits associated with its proposal exceed the costs and seeks comment on this tentative conclusion. The Commission seeks comment on any specific cost concerns associated with its proposal. Are there ways to mitigate any costs or burdens on smaller voice providers associated with implementing a call blocking approach to satisfy the statutory obligation to create a PSAP Do-Not-Call registry?
13. Statutory Authority. The Commission believes that the proposed approach satisfies its statutory obligation to create a specialized Do-

VerDate Sep<11>2014

17:51 Oct 29, 2021

Jkt 256001

Not-Call registry for PSAPs. See 47
U.S.C. 1473. In addition, the Commission believes that this approach satisfies its statutory requirement to provide a process for granting and tracking access to the registry by the operators of automatic dialing equipment. See 47 U.S.C. 1473b3.
The Commission seeks comment on this analysis of the statutory requirements contained in section 6507b as applied to the call blocking proposal in the FNPRM, including the extent to which the Commissions current rules must be amended to implement this proposal.
C. Do-Not-Call Registry 2012 Security Concerns 14. The Commission seeks comment on its assessment of the seriousness of the security risks associated with housing registered PSAP telephone numbers in a centralized database and granting access to those numbers to callers purporting to need them to comply with the rules as contemplated in 2012. The Commission is particularly interested in comments from PSAPs, law enforcement agencies, and national security agencies on these risks. To what extent, if any, would granting access to a list of PSAP numbers enhance the ability of bad actors to initiate a denial-of-service attack on a PSAP? Are there other comprehensive sources of PSAP telephone numbers already available, such that incremental risks added by the registry would be minimal? Even if some individual PSAP
numbers are obtainable from alternative sources, to what extent would access to a single centralized database of such numbers increase the security risks of misuse of such numbers? On balance, do these security concerns outweigh the potential protections a registry affords from unwanted autodialed calls? How might the Commission best address the security concerns posed by a centralized database of PSAP telephone numbers that would allow the Commission to move forward with the creation of a PSAP Do-Not-Call registry, as contemplated in 2012, in a manner that does not jeopardize PSAPs and emergency callers that rely on PSAPs?
15. To what extent do the significant potential monetary penalties for PSAP
Do-Not-Call violations and for unauthorized dissemination or distribution of the registered PSAP
numbers impact the Commissions analysis of the risks of potential abuse?
To what extent is the effectiveness of such monetary penalties undermined when dealing with individuals or entities who seek to intentionally disrupt the provision of emergency services and make efforts to conceal
PO 00000

Frm 00009

Fmt 4702

Sfmt 4702

60191

their identity, or who are foreign actors against whom it may be difficult or impossible to enforce such penalties?
Does the implementation of STIR/
SHAKEN caller ID authentication technology, or the efforts of the registered traceback consortium to trace calls back to their source, make it less likely that callers initiate denial-ofservice attacks on PSAPs by making it easier to determine the source of a call?
D. Alternative Solutions to the Do-NotCall Registry Security Issues 16. Enhanced Caller Vetting. If the call blocking proposal to protect PSAPs from unwanted autodialed calls proves unworkable, are there other mechanisms or safeguards that the Commission could implement to effectively vet the identity of users who seek access to registered PSAP numbers to reduce the likelihood of providing access to those telephone numbers to bad actors that might misuse these numbers, and if so, what are they? The Commissions rules already require that entities seeking access to the registry provide certain contact information including, for example, the names under which the registrant operates, a business address, a telephone number, an email address, and a contact person. See 47 CFR
64.1202d. Is this information sufficient to confirm the identity and intent of the party seeking access to the registry or should the Commission impose additional or different requirements?
How could the Commission prevent parties that seek access to the registry for malicious purposes from submitting false information to circumvent its review and gain access to the registry under false pretenses? Would any such measures be consistent with section 6507b3, which directs the Commission to provide a process for granting and tracking access to the registry by the operators of automatic dialing equipment? For instance, does the Commission have discretion under that provision to limit access only to certain operators? Is such discretion in that regard supported by the fact that section 6507b4 directs the Commission to protect the list of registered numbers from disclosure or dissemination by parties granted access to the registry? Is there any level of cost-effective vetting the Commission could do that would sufficiently guard against improper use of the registry?
The Commission asks commenters to provide cost information on any suggested mechanisms or safeguards.
17. Improved Data Security Requirements. Even with sufficient vetting of registry users, would there remain significant risks that PSAP

E:FRFM01NOP1.SGM

01NOP1