Perhaps I'm misunderstanding the verbiage, but that appears to relate only to vendors of call analytics 3rd parties, and not all upstreams?
On Thu, Dec 12, 2024, 6:03 PM Mary Lou Carey via VoiceOps < [email protected]> wrote: > See the attached document. I highlighted the verbiage that states you must > provide the names of your 3rd party vendors. A lot of companies have their > upstream providers sign their calls and do their analytics for them. > > MARY LOU CAREY > BackUP Telecom Consulting > Office: 615-791-9969 > Cell: 615-796-1111 > > > On 2024-12-11 07:23 PM, Nathan Anderson via VoiceOps wrote: > > I agree with your stance on this, assuming this is in fact a requirement. > However...I must be dense, because I have now skimmed over the Sixth, > Seventh, and Eighth "Caller ID Authentication Report and Orders", the > "Improving the Effectiveness of the Robocall Mitigation Database" docket, > the updated RMD deadlines and compliance info in DA 24-73 posted in > January, and I re-read paragraph II.3 of the so-called "naughty list" > document that kick-started this thread. And I can find zero mention > anywhere that supplying a detailed and accurate itemized list of your > upstreams is any sort of requirement in one's RMD filing. There seems to > be plenty of talk about having "*know* your upstreams" procedures, but > that is not defined as *disclosing* your upstreams. > > > > So what am I missing? I'm sure I am just ignorant about where I should be > looking ("I'm a doctorengineer, not a lawyer, dammit!"), but this is a > rather well-hidden requirement... > > > > -- Nathan > > > > *From:* Mary Lou Carey [mailto:[email protected]] > *Sent:* Wednesday, December 11, 2024 09:09 > *To:* Nathan Anderson > *Cc:* Voiceops > *Subject:* Re: [VoiceOps] FCC RMD Naughty List > > > > The requirement to disclose who your underlying carriers and additional > contact information were just added THIS YEAR. If you're up to date on > everything else, you might not have made the list because there were so > many less complaint than you, I wouldn't take that as a sign that the FCC > won't ever contact you about missing information. > > I'm a consultant so I'm exposed to a lot more problems than one company > may run into. I personally spoke with the FCC and FBI about the scamming > situation because someone approached us for help when they realized someone > had contacted one of their upstream carriers and was impersonating them. > The FCC and FBI had no answers......I'm the one that made the connection > between the information scammers got and where they could have gotten it > from. > > > > I was helping carriers with STIR/SHAKEN compliance long before the RMD was > required. The FCC came up with it as a work around because not every > carrier could qualify for a STIR/SHAKEN certificate under the original > requirements. (The original requirement the RMD replaced was having access > to numbering resources. As in NXXs - not DIDs). > > In my opinion what started out as a method to identify all the players in > the industry has turned into an information grab that should not be > happening. Not only because it would be a nightmare to keep the upstream > carrier list updated, but because it creates way too much temptation for > fraudsters and the anti-competitive to abuse it. > > MARY LOU CAREY > BackUP Telecom Consulting > Office: 615-791-9969 > Cell: 615-796-1111 > > > > On 2024-12-10 08:09 PM, Nathan Anderson via VoiceOps wrote: > > Wait, say what now? I'm not even sure I understand how that kind of > hijacking is possible. You'd have to be able to deduce who that provider's > underlying carriers are before you could attempt to engage in that kind of > social engineering with them, and as an IPES, there's nowhere either in our > 499 filings or in the RMD filing where we are required to disclose that, > either publicly or privately/redacted. (Unless I'm missing something? We > have never disclosed that in any FCC filings, and yet we didn't get added > to this "naughty" list. Furthermore, a read through of the required > information listed in this notice under II.3 absolutely does not say > anywhere that you are required to itemize who your specific upstreams > are.) I suppose you could voluntarily disclose it in your RMD plan > write-up, but...why would you, as that just unnecessarily ties your hands > and results in a bunch of self-inflicted busy work (if you're going to list > it, then you either have to maintain that list, avoid bringing up new or > tearing down old SIP trunks with various underlying carriers, or risk > having the disclosure become "stale"). > > > > Also, on a different but related note, this whole incomplete-RMD-filing > issue is a problem that the FCC kinda/sorta created themselves, and then > decided shirk their responsibility for doing so and saddle all of us with > the downstream consequences and threats. Just to remind everybody of the > history here, this database as originally conceived by the brilliant minds > in Washington required that filers EITHER certified themselves as being > wholly S/S compliant, OR if not, then they had to supply a written > mitigation plan. If you selected the "I am 100% S/S compliant" checkbox, > it would NOT allow you to upload a document attachment with any kind of > written plan. And if you first filed as only partially compliant or > not-yet-compliant, and added such a document/attachment to your filing, and > then after finishing your S/S implementation you went back and UPDATED your > filing to reflect your new compliance, the system would DELETE your > previous attachment from your filing, and not give you any option to submit > a new one. If you filed as 100% compliant, you could not add an > attachment, PERIOD. 100% compliance and document attachments were *mutually > exclusive*. > > > > Then one day they decided that maybe that was a bad idea, and required > everybody who was 100% complaint to drop everything & go back and add > written mitigation plans to their filings. > > > > So far in the (admittedly few) minutes I've taken to check out a handful > of companies on this "naughty" list, virtually all of them are in the boat > of having checked the "100% compliant" checkbox, but not having gone back > after the rule change to submit a written RM plan document attachment to > their filing. > > > > -- Nathan > > > > *From:* VoiceOps [mailto:[email protected] > <[email protected]>] *On Behalf Of *Mary Lou Carey via > VoiceOps > *Sent:* Tuesday, December 10, 2024 14:08 > *To:* [email protected] > *Subject:* Re: [VoiceOps] FCC RMD Naughty List > > > > The requirements for RMD changed and you now need to add a lot more > information. You only have 14 days to respond to the FCC, but MAKE SURE YOU > FILE YOUR 499 CONFIDENTIALLY! We have already learned of incidents where > scammers got ahold of company information and attempted to get the > company's underlying carriers to change the IP addresses for their SIP > trunks so they could hijack their network. We've brought this to the > attention of the FBI and FCC, but the FCC's only offer was to file them > confidentially. I personally think they're asking for way too much > information and stupid to allow anyone's information to be listed on a > public site, but until they fix the problem its up to carriers themselves > to make sure their information is secure. > > Ashley (with Equitel Compliance) and I (BackUP Telecom can help anyone > that needs to update their RMDs or get STIR/SHAKEN certified. > > MARY LOU CAREY > BackUP Telecom Consulting > Office: 615-791-9969 > Cell: 615-796-1111 > > > > On 2024-12-10 03:42 PM, Dave Russo via VoiceOps wrote: > > Here is the FCC order & list mentioned: > https://docs.fcc.gov/public/attachments/DA-24-1235A1.pdf > > > > Also somewhat related, I'm curious how some companies that claim to be > STIR/SHAKEN compliant and are listed on iconectiv's authorized provider > list get away with not being fully FCC compliant? > > > > For example when we were looking for a new provider it came to my > attention that Atheral is 5 years behind on its FCC 499 filings... Looks > like it last filed in 2019: > https://apps.fcc.gov/cgb/form499/499detail.cfm?FilerNum=832820 > > > > Does this mean it can get shut down any time the FCC decides to do that? > Will resellers that use them be at risk of losing service or subject to > some FCC action themselves? > > > > -dr > > > > > > On Tue, Dec 10, 2024, at 2:17 PM, Mike Hammett via VoiceOps wrote: > > How many of you are on the Robocall Mitigation Database naughty list that > the FCC just sent out? > > > > It'd be nice if they told you *WHY* your filing was deficient. Instead, > they just generically list broad categories that you may or may not fit > into. > > > > > > > > ----- > > Mike Hammett > > Intelligent Computing Solutions > > http://www.ics-il.com > > > > > > > > Midwest Internet Exchange > > http://www.midwest-ix.com > > > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected] > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > > > _______________________________________________ > VoiceOps mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/voiceops > > > > _______________________________________________ > VoiceOps mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/voiceops > > > _______________________________________________ > VoiceOps mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/voiceops > > _______________________________________________ > VoiceOps mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/voiceops >
_______________________________________________ VoiceOps mailing list [email protected] https://puck.nether.net/mailman/listinfo/voiceops
