Once these rules take effect, the FCC closes a significant gap in its prior rules – calls which originate outside the United States – at the same time that it acts preemptively to prohibit deceptive spoofing in a growing area – text messaging. In the process, the FCC will enhance one of its most commonly used tools in its effort to combat unlawful robocalls – fines for unlawful spoofing. Generally, the FCC has attacked parties that originate unlawful robocalls by fining them for the subsidiary violation of spoofing the unlawful calls. In telecommunications enforcement, spoofing violations are the tax evasion charges to Al Capone’s criminal enterprise.

Expansion of the Spoofing Prohibition

The first change adopted in the August 1 Report and Order was to expand the rules to cover communications originating outside the United States directed at recipients within the United States. The existing rules only applied to persons and entities within the U.S. The new rule states:

“No person in the United States, nor any person outside the United States if the recipient is in the United States, shall, with the intent to defraud, cause harm, or wrongfully obtain anything of value, knowingly cause, directly, or indirectly, any caller identification service to transmit or display misleading or inaccurate caller identification information in connection with any voice service or text messaging service.”

The second change, also incorporated in the rule above, applies the rule’s prohibition beyond voice communications to include text messages. The definition of text messages includes text, images, sounds, or other information transmitted to or from a device, specifically covering short message service ("SMS") and multimedia message service ("MMS") messages. Also covered by the rules are messages sent to or from Common Short Codes (Short Codes), which are the 5- or 6-digit codes commonly used by enterprises to communicate with consumers at high volume.

Not included in the definition is real-time, two-way voice or video communications and messages over IP-enabled messaging services so long as the communication is to another user of the same messaging service. Thus, the rules do not reach messages sent via common OTT applications such as iMessage, Google Hangouts, Whatsapp, and direct message features in Snapchat and Twitter. Rich Communications Services ("RCS") messages, which allow advanced messaging features, are also excluded. The Commission determined that Congress intended for RCS messages to fit under the statutory exclusion for “IP-enabled communications.”

The Commission also clarified its definition of “voice service” to ensure the rules cover the broader “telecommunications service,” as well as interconnected VoIP.

Implementing the RAY BAUM’S Act

The rule changes were required by amendments to the Communications Act, made by the RAY BAUM’S Act of 2018, which strengthened the FCC’s authority over spoofed calls established in the Truth in Caller ID Act of 2009. The 2009 legislation prohibited the use of misleading and inaccurate caller ID information for harmful purposes, but in a 2011 report, the FCC recommended that Congress update the rules to give the Commission authority to prohibit calls outside of the U.S. and make explicit that the Act covers text messages. The order also cited a May 2019 filing by 42 state attorneys general urging the Commission to adopt the rules.

While all voting commissioners supported the order, Commissioner Mike O’Rielly expressed some reservations prior to the vote. In particular, he said he thought the extraterritorial jurisdiction would be difficult to execute and would have preferred narrower statutory language, but did not believe it was his role to “challenge the wisdom” of the legislature. He also said the definitions of text and voice services were broader than he wanted, which he thought might cause future unintended consequences.

The new rules will go into effect on February 6, 2020, or 30 days after Federal Register publication, whichever is later.

The Truth in Caller ID Act prohibits certain forms of “spoofing,” which involves the alteration of caller ID information. While Congress recognized certain benign uses of spoofing, federal law prohibits the deliberate falsification of caller ID information with the intent to harm or defraud consumers or unlawfully obtain something of value. Back in June 2017, the FCC accused Mr. Abramovich and his companies of placing millions of illegal robocalls that used spoofing to make the calls appear to be from local numbers to increase the likelihood that the called party would pick up, a practice known as “neighbor spoofing.” The robocalls indicated that they came from well-known travel companies like TripAdvisor, but in reality the robocalls directed consumers to foreign call centers that had no relationship with the companies. Mr. Abramovich did not deny that his companies placed the spoofed robocalls, but argued that he lacked the requisite intent to defraud or cause harm, and noted that only a fraction of the consumers targeted actually answered the robocalls. Mr. Abramovich also argued that the third-party companies that hired to him to run the robocall campaign and the carriers that transmitted the robocalls should share in the liability for the violations.

The FCC disagreed. First, the FCC found that the use of neighbor spoofing and the references to well-known travel companies demonstrated an intent to defraud consumers. The FCC also found that Mr. Abramovich intended to harm the travel companies by trading on their goodwill and harmed consumers by spoofing their phone numbers, resulting in angry return calls by robocall recipients. Second, the FCC rejected the argument that liability should be based on the number of consumers who actually answered, explaining that the Truth in Caller ID Act only requires that a spoofed call be placed with fraudulent intent, not that the call actually reach a consumer. Finally, the FCC emphasized that Mr. Abramovich and his companies, not the third-party travel companies or the carriers, actually placed the spoofed robocalls and therefore bore sole responsibility for the violations. In fact, the FCC stated that the spoofed robocalls harmed the carriers by burdening their networks and engendering consumer complaints.

The fine is important for reasons beyond its size. For one, the fine came less than a year after the FCC issued the associated notice of apparent liability – an unusually quick turnaround for such a complex case that represents a shift to accelerated enforcement in line with Chairman Pai’s prior calls for a one-year deadline for forfeiture orders. Moreover, the FCC imposed the record-setting fine despite Mr. Abramovich’s claims that he cannot pay it. The FCC is required by the Communications Act to consider a party’s ability to pay when assessing forfeitures. As a result, the FCC historically will reduce a fine to approximately 2-8% of a party’s gross revenues in response to an inability to pay claim and significantly lowered fines under this framework just over a year ago. However, inability to pay is just one factor in the FCC’s forfeiture analysis and the agency determined that the repeated, intentional, and egregious nature of Mr. Abramovich’s violations warranted the unprecedented fine. While the FCC’s rejection of the inability to pay claim is not unprecedented, it leaves open the question of whether and how the FCC expects Mr. Abramovich to pay the fine. In many cases, parties receiving large fines can negotiate lower settlements with the Department of Justice when it brings a collection action on behalf of the FCC, but such settlements are not guaranteed. As a result, it appears the FCC’s primary goal was to establish a strong precedent to deter future violators rather than to actually receive payment.

Two Commissioner statements on the item also deserve attention. Although voting to approve the fine, Commissioner O’Rielly dissented in part, questioning the FCC’s assertion that spoofed robocalls cause harm regardless of whether consumers actually hear the message. Commissioner O’Rielly agreed that Mr. Abramovich and his companies intended to defraud call recipients, but he did not find sufficient evidence to indicate that Mr. Abramovich and his companies specifically considered the potential harm to consumers with spoofed numbers or the referenced travel companies. The dissent appears concerned that the FCC automatically will infer an intent to harm any time neighbor spoofing is used, even when such spoofing does not involve fraud, creating a strict liability regime. Meanwhile, Commissioner Rosenworcel highlighted the need for comprehensive regulatory reform to combat illegal robocalls. Specifically, Commissioner Rosenworcel noted the recent federal court decision setting aside key aspects of the FCC’s robocalling rules and requiring the FCC to revisit its definition of an autodialer. The Commissioner also pointed to the glut of outstanding petitions at the agency seeking exemptions and technical limitations to the robocalling rules. The Commissioner signaled that the FCC’s focus on robocalling issues will involve as much rulemaking as enforcement.

We will continue to follow the actions of the FCC and lawmakers and post any new developments regarding robocalling and spoofing here.

Intent to Cause Harm

The FCC’s investigation stemmed from consumer complaints regarding a robocalling campaign advertising insurance products sold by Mr. Roesel’s companies. A medical paging service complained to the FCC when the campaign disrupted its subscriber communications, including service at South Carolina hospitals. Based on the information provided by the complainants, the FCC traced the robocalls to an account registered to Mr. Roesel at his personal address. After subpoenaing his phone records, the FCC determined that Mr. Roesel and his companies allegedly made over 21 million unauthorized robocalls in a three-month span, averaging 200,000 calls a day. Critically, the FCC analyzed a sample of about 82,000 robocalls and found that the caller ID information transmitted belonged to unassigned numbers unconnected to Mr. Roesel or his companies. Further investigation revealed that Mr. Roesel allegedly selected these numbers to mask the source of the calls for consumers and avoid detection by authorities.

The FCC found that the deceptive spoofing, when done in conjunction with an unauthorized robocalling campaign, automatically demonstrated the “intent to cause harm” necessary to violate the Truth in Caller ID Act. Moreover, statements obtained by the FCC from a whistleblower formerly employed by Mr. Roesel indicated he knew the spoofed robocalls violated the law and targeted “economically disadvantaged and unsophisticated consumers” as well as the elderly in his campaign. The FCC determined that the campaign not only harmed the consumers called and disrupted the medical paging service, but also that his actions reduced the supply of quality phone numbers available for assignment. Specifically, because the (unassigned) numbers used by Mr. Roesel and his companies were now linked to allegedly illegal telemarketing, these unassigned numbers have no value to future subscribers.

Personal Liability

Consistent with past enforcement actions involving spoofed robocalls, the FCC found Mr. Roesel personally liable for the alleged violations. First, the FCC noted that Mr. Roesel allegedly authorized and oversaw his companies’ spoofed robocalls. Second, Mr. Roesel allegedly failed to follow normal corporate formalities, mixing personal and corporate accounts, such as by setting up the campaign under his own name and paying for the campaign from his personal funds. The FCC found such personal involvement in the alleged violations sufficient to “pierce the corporate veil” and propose fines directly against Mr. Roesel.

The proposed forfeiture represents a fine of approximately $1,000 for each of the more than 82,000 robocalls allegedly spoofed with an unassigned number. Notably, the Truth in Caller ID Act authorizes the FCC to propose an NAL against entities not holding FCC licenses, without first issuing a “warning” in the form of a Citation. By contrast, the Telephone Consumer Protection Act contains no such exemption and required the FCC to issue the Citation for the alleged unauthorized robocalls by Mr. Roesel and his companies before it can propose forfeitures. The Citation warns that the FCC may impose penalties of nearly $20,000 per unauthorized robocall if Mr. Roesel or his companies commit any further violations. Judging by the FCC’s recent emphasis on stamping out unauthorized robocalls under Chairman Pai, there is every reason to heed such warnings and expect further robocalling-related enforcement actions.

According to the NAL, the FCC began its investigation into Mr. Abramovich in response to numerous consumer complaints regarding spoofed robocalls offering vacation packages, which were purportedly affiliated with well-known companies such as TripAdvisor, Expedia, Marriott, or Hilton. In fact, TripAdvisor informed the FCC in April 2016 that it also was receiving consumer complaints about “receiving unwanted calls with prerecorded messages claiming to be on behalf of TripAdvisor.” In addition, a company called Spok, Inc. contacted the FCC in December 2015 to report “a significant robocalling event that was disrupting its emergency medical paging service.” The FCC was eventually able to trace the calls back to Mr. Abramovich and his companies. According to the FCC, subpoenas of the call records for his companies revealed that one company placed more than 95 million calls during a three month period, and upon review of a sample of those calls, staff “found that every reviewed call was spoofed.”

Based on these apparent violations, coupled with the FCC’s contention that the “falsification of caller ID was done with apparent intent to defraud, cause harm, or wrongfully obtain something of value,” the FCC proposes a $120 million forfeiture. The proposed penalty consists of a base forfeiture amount of $80 million, which according to the Commission is “a level well below the maximum in recognition of the fact that we have not previously proposed a forfeiture for this particular kind of violation, but that will still serve to put bad actors on notice that we take such violations seriously and will act as a deterrent to other large scale spoofing operations.” The NAL then proposes an upward adjustment of $40 million due to “the sheer volume of calls Abramovich made.”

This NAL is important for a number of reasons. First, it is the Commission’s first spoofing enforcement action. Although the Truth in Caller ID Act does not prohibit all spoofing – and the FCC has openly acknowledged that there are many legitimate uses of caller ID spoofing – the NAL is the first action alleging that spoofing was conducted with an intent to defraud.

Second, the size of the proposed forfeiture suggests that the Commission will be active in enforcing spoofing violations, which seems to be a priority for Chairman Pai as part of his robocall agenda. Notably, the Truth in Caller ID Act authorizes the FCC to propose an NAL against entities not holding Commission licenses, without the “warning” in the form of a Citation that is necessary in other contexts. Indeed, the two-step enforcement process is mandatory for TCPA, wire fraud and Communications Act violations, as is evidenced by the parallel Citation issued to Abramovich for TCPA and wire fraud violations stemming from the same conduct addressed in the NAL. With this streamlined enforcement process, the Pai FCC is more likely to use spoofing as the vehicle for prompt enforcement against fraudulent autodialing or prerecorded messages.

Third, the NAL is the result of a collaborative investigation between the FCC and industry players, in this case TripAdvisor and Spok. We expect to see more of this cooperation with respect to spoofing and robocalls going forward, especially involving legitimate companies whose businesses are affected by practices similar to those described in the NAL.