Before the Federal Communications Commission
Washington, D.C. 20554
Numeracle, Inc. (“Numeracle”) submits these comments in response to the Commission’s Second Further Notice of Proposed Rulemaking seeking comment on access to numberingresources.1 Numeracle is the industry pioneer and leader in verifying the identities of entities placing legal outbound communications and ensuring that verified identity information is transmitted securely to the communication’s recipient. Numeracle also works directly with service providers using Numeracle’s Entity Identity Management platform to collect, validate, and store customer information to better understand their customers’ identities and the intended use of services.
Numeracle agrees with the Commission’s proposal to require existing interconnected VoIP direct access authorization holders to comply with the new disclosure obligations set forth in the Second Report and Order.2 Aligning the requirements across existing and future authorization holders is necessary to ensure competitive neutrality and for enforcement practicality. Establishing two classes of service providers with incongruent sets of ongoing requirements may provide competitive advantages for providers with less restrictive requirements—and back-doors for potential bad actors. Allowing existing direct access authorization holders to maintain different sets of requirements would create unnecessary confusion for the Commission and service providers in understanding service provider obligations and pursuing enforcement for noncompliance. Further, the Commission has indicated that its requirements for new applicants were intended “to further stem the tide of illegal robocalls perpetrated by interconnected VoIP providers, to protect the nation’s numbering resources from abuse by foreign bad actors, and to advance other important public policy objectives tied to the use of our nation’s limited numbering resources.”3 If the requirements for new applicants are necessary to serve the public interest in preventing providers that might present a risk of facilitating illegal calls from obtaining numbering resources, then Numeracle is aware of no inherent characteristics of existing direct access authorization holders that would remove the need for them to undergo a similar review. After all, the nation had a significant illegal robocall problem before the introduction of the new requirements, so logic dictates that the doors illegal callers were already using to access phone numbers need to be closed as well. Indeed, the Commission’s description of its back and forth with prior applicants indicates that a significant portion of prior applicants presented a nonzero amount of risk in the eyes of the Commission.4 Some existing direct access authorization holders were approved as early as 2016,5 and the Commission’s rules and focus have changed extensively since that time. Aligning requirements across all direct access authorization holders would create a uniform understanding of the information reviewed by the Commission prior to approval and would prevent inadvertent competitive advantages for providers that were potentially subject to lower standards of review.
Numeracle agrees that service providers should bear responsibility for knowing their customers and that the Commission needs additional, ongoing insight into which companies are reassigning numbers and/or acting as service providers to effectively enforce its rules. Requiring direct access authorization holders to obtain, store, and disclose information concerning their indirect access recipient customers would be a step forward in creating a minimum standard of review associated with the resale of phone number resources to other service providers. Understanding some of the complex relationships between service provider reseller relationships is a start to unwinding the increasingly common use of large banks of phone numbers or recycled phone numbers by fraudulent actors.6 The Commission should further consider data collection and retention requirements for indirect number access recipient service providers, as well as the application of similar standards for providers only offering text messaging services and not voice services, as number cycling and number pooling are tactics used just as frequently in messaging fraud as they are in voice fraud. The Commission should also consider applying the same standards to all telecommunications providers with direct access to numbering resources, as all such providers are capable of offering phone number resources to interconnected VoIP service provider customers. Collecting robust data concerning customers should be the responsibility of all service providers. The Commission has previously declined to further specify rules for know your customer(KYC) review, but the Commission should take this opportunity to further pursue aligned standards for KYC review for voice service providers. Numeracle published the first and only Model Standards for KYC for communications service providers7 and we are eager to continue the advancement of actionable and scalable standards for KYC review. Standards should include obligations for the reasonable proactive evaluation of new and existing customers to identify those that may be operating as voice service providers, rather than relying solely upon terms and conditions prohibiting the use of service by voice service providers or on customers’ self identifications of whether they are operating as a voice service provider. Without codifying any such obligation, service providers or customers may use such strategies to avoid being recognized as voice service providers in order to avoid the obligations for the disclosures proposed by the Commission. Further, the Commission has proposed that certifications, acknowledgments, and disclosures (“materials”) should be collected by direct access authorization holders from their indirect access recipient customers but has not detailed whether or how the materials should be reviewed. Many of the rules regarding materials for direct number authorization holders allow applicants to potentially omit certain materials or acknowledgments if applicants instead include an explanation. Is the collection and retention of any materials and/or explanation(s) sufficient to meet the Commission’s requirements?8 If not, what is the responsibility of direct access authorization holders to further evaluate the materials? Are direct access authorization holders required to retain materials for former customers who are no longer actively serviced? For how long should direct access authorization holders be required to retain materials? The effort to further collect information with which to identify service providers is in the public interest if given proper consideration and clarification of operational specifics.
Numeracle applauds the Commission’s desire to further understand the identity and attributes of service providers and the number assignment and reassignment process. There remain outstanding questions regarding the practical implementation of the proposed requirements that need to be resolved to ensure effective implementation of the Commission’s intent without imposing unnecessary burdens or leaving significant loopholes. The ability for businesses or organizations to simply not self-identify as voice service providers when obtaining communications services to avoid complying with the proposed rules represents a significant potential gap.
Sarah Delphey, Vice President - Trust Solutions, Numeracle, Inc.
Rebekah Johnson, Founder & CEO
Keith Buell, General Counsel and Head of Global Public Policy