[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 151 Reported in Senate (RS)]

<DOC>





                                                        Calendar No. 94
116th CONGRESS
  1st Session
                                 S. 151

                          [Report No. 116-41]

   To deter criminal robocall violations and improve enforcement of 
    section 227(b) of the Communications Act of 1934, and for other 
                               purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            January 16, 2019

   Mr. Thune (for himself, Mr. Markey, Mr. Moran, Mr. Gardner, Mrs. 
 Capito, Ms. Klobuchar, Mr. Blumenthal, Ms. Duckworth, Mr. Hoeven, Mr. 
   Whitehouse, Mr. Rubio, Mr. Durbin, Mrs. Fischer, Ms. Sinema, Mrs. 
 Blackburn, Ms. Baldwin, Mr. Cramer, Ms. Warren, Mr. Tillis, Mr. King, 
 Mr. Young, Mr. Tester, Mr. Wicker, Mr. Udall, Ms. Rosen, Mr. Johnson, 
   Mr. Scott of Florida, Mr. Grassley, Mr. Carper, Mr. Menendez, Mr. 
Brown, Mr. Daines, Ms. Cortez Masto, Mr. Van Hollen, Mr. Barrasso, Mr. 
Roberts, Mr. Cornyn, Ms. Harris, Mr. Peters, Ms. McSally, Mr. Reed, Mr. 
  Boozman, Ms. Smith, Mr. Cardin, Mr. Rounds, Mr. Lankford, Mrs. Hyde-
 Smith, Mr. Wyden, Mr. Blunt, Ms. Collins, Mr. Kennedy, Mrs. Shaheen, 
 Ms. Hassan, Mr. Cotton, Mr. Burr, Mr. Crapo, Mr. Manchin, Ms. Hirono, 
    Mr. Casey, Mr. Bennet, Mr. Coons, Mr. Perdue, Mr. Heinrich, Mr. 
 Merkley, Mr. Schumer, Ms. Ernst, Mr. Inhofe, Mr. Murphy, Mr. Sanders, 
 Mr. Sullivan, Mr. Leahy, Mr. Toomey, Mr. Scott of South Carolina, Mr. 
   Kaine, Mr. Booker, Mr. Risch, Ms. Stabenow, Mrs. Gillibrand, Mr. 
 Warner, Mrs. Feinstein, Mr. Jones, Mr. Enzi, Mr. Hawley, Mr. Shelby, 
 and Mr. Isakson) introduced the following bill; which was read twice 
 and referred to the Committee on Commerce, Science, and Transportation

                              May 21, 2019

               Reported by Mr. Wicker, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
   To deter criminal robocall violations and improve enforcement of 
    section 227(b) of the Communications Act of 1934, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Telephone Robocall Abuse 
Criminal Enforcement and Deterrence Act'' or the ``TRACED 
Act''.</DELETED>

<DELETED>SEC. 2. FORFEITURE.</DELETED>

<DELETED>    (a) In General.--Section 227 of the Communications Act of 
1934 (47 U.S.C. 227) is amended--</DELETED>
        <DELETED>    (1) in subsection (b), by adding at the end the 
        following:</DELETED>
        <DELETED>    ``(4) Civil forfeiture.--</DELETED>
                <DELETED>    ``(A) In general.--Any person that is 
                determined by the Commission, in accordance with 
                paragraph (3) or (4) of section 503(b), to have 
                violated any provision of this subsection shall be 
                liable to the United States for a forfeiture penalty 
                pursuant to section 503(b)(1). The amount of the 
                forfeiture penalty determined under this subparagraph 
                shall be determined in accordance with subparagraphs 
                (A) through (F) of section 503(b)(2).</DELETED>
                <DELETED>    ``(B) Violation with intent.--Any person 
                that is determined by the Commission, in accordance 
                with paragraph (3) or (4) of section 503(b), to have 
                violated this subsection with the intent to cause such 
                violation shall be liable to the United States for a 
                forfeiture penalty. The amount of the forfeiture 
                penalty determined under this subparagraph shall be 
                equal to an amount determined in accordance with 
                subparagraphs (A) through (F) of section 503(b)(2) plus 
                an additional penalty not to exceed $10,000.</DELETED>
                <DELETED>    ``(C) Recovery.--Any forfeiture penalty 
                determined under subparagraph (A) or (B) shall be 
                recoverable under section 504(a).</DELETED>
                <DELETED>    ``(D) Procedure.--No forfeiture liability 
                shall be determined under subparagraph (A) or (B) 
                against any person unless such person receives the 
                notice required by paragraph (3) or (4) of section 
                503(b).</DELETED>
                <DELETED>    ``(E) Statute of limitations.--No 
                forfeiture penalty shall be determined or imposed 
                against any person--</DELETED>
                        <DELETED>    ``(i) under subparagraph (A) if 
                        the violation charged occurred more than 1 year 
                        prior to the date of issuance of the required 
                        notice or notice of apparent liability; 
                        and</DELETED>
                        <DELETED>    ``(ii) under subparagraph (B) if 
                        the violation charged occurred more than 3 
                        years prior to the date of issuance of the 
                        required notice or notice of apparent 
                        liability.</DELETED>
                <DELETED>    ``(F) Rule of construction.--
                Notwithstanding any law to the contrary, the Commission 
                may not determine or impose a forfeiture penalty on a 
                person under both subparagraphs (A) and (B) based on 
                the same conduct.''; and</DELETED>
        <DELETED>    (2) by striking subsection (h).</DELETED>
<DELETED>    (b) Applicability.--The amendments made by this section 
shall not affect any action or proceeding commenced before and pending 
on the date of enactment of this Act.</DELETED>
<DELETED>    (c) Deadline for Regulations.--The Federal Communications 
Commission shall prescribe regulations to implement the amendments made 
by this section not later than 270 days after the date of enactment of 
this Act.</DELETED>

<DELETED>SEC. 3. CALL AUTHENTICATION.</DELETED>

<DELETED>    (a) Definitions.--In this section:</DELETED>
        <DELETED>    (1) STIR/SHAKEN authentication framework.--The 
        term ``STIR/SHAKEN authentication framework'' means the secure 
        telephone identity revisited and signature-based handling of 
        asserted information using tokens standards proposed by the 
        information and communications technology industry to attach a 
        certificate of authenticity to each phone to verify the source 
        of each call.</DELETED>
        <DELETED>    (2) Voice service.--The term ``voice service''--
        </DELETED>
                <DELETED>    (A) means any service that is 
                interconnected with the public switched telephone 
                network and that furnishes voice communications to an 
                end user using resources from the North American 
                Numbering Plan or any successor to the North American 
                Numbering Plan adopted by the Commission under section 
                251(e)(1) of the Communications Act of 1934 (47 U.S.C. 
                251(e)(1)); and</DELETED>
                <DELETED>    (B) includes--</DELETED>
                        <DELETED>    (i) transmissions from a telephone 
                        facsimile machine, computer, or other device to 
                        a telephone facsimile machine; and</DELETED>
                        <DELETED>    (ii) without limitation, any 
                        service that enables real-time, two-way voice 
                        communications, including any service that 
                        requires internet protocol-compatible customer 
                        premises equipment (commonly known as ``CPE'') 
                        and permits out-bound calling, whether or not 
                        the service is one-way or two-way voice over 
                        internet protocol.</DELETED>
<DELETED>    (b) Authentication Framework.--</DELETED>
        <DELETED>    (1) In general.--Subject to paragraphs (2) and 
        (3), not later than 18 months after the date of enactment of 
        this Act, the Federal Communications Commission shall require a 
        provider of voice service to implement the STIR/SHAKEN 
        authentication framework in the internet protocol networks of 
        voice service providers.</DELETED>
        <DELETED>    (2) Implementation.--The Federal Communications 
        Commission shall not take the action described in paragraph (1) 
        if the Commission determines that a provider of voice service, 
        not later than 12 months after the date of enactment of this 
        Act--</DELETED>
                <DELETED>    (A) has adopted the STIR/SHAKEN 
                authentication framework for calls on the internet 
                protocol networks of voice service providers;</DELETED>
                <DELETED>    (B) has agreed voluntarily to participate 
                with other providers of voice service in the STIR/
                SHAKEN authentication framework;</DELETED>
                <DELETED>    (C) has begun to implement the STIR/SHAKEN 
                authentication framework; and</DELETED>
                <DELETED>    (D) will be capable of fully implementing 
                the STIR/SHAKEN authentication framework not later than 
                18 months after the date of enactment of this 
                Act.</DELETED>
        <DELETED>    (3) Implementation report.--Not later than 12 
        months after the date of enactment of this Act, the Federal 
        Communications Commission shall submit to the Committee on 
        Commerce, Science, and Transportation of the Senate and the 
        Committee on Energy and Commerce of the House of 
        Representatives a report on the determination required under 
        paragraph (2), which shall include--</DELETED>
                <DELETED>    (A) an analysis of the extent to which 
                providers of a voice service have implemented the STIR/
                SHAKEN authentication framework; and</DELETED>
                <DELETED>    (B) an assessment of the efficacy of the 
                STIR/SHAKEN authentication framework, as being 
                implemented under this section, in addressing all 
                aspects of call authentication.</DELETED>
        <DELETED>    (4) Review and revision or replacement.--Not later 
        than 3 years after the date of enactment of this Act, and every 
        3 years thereafter, the Federal Communications Commission, 
        after public notice and an opportunity for comment, shall--
        </DELETED>
                <DELETED>    (A) assess the efficacy of the call 
                authentication framework implemented under this 
                section;</DELETED>
                <DELETED>    (B) based on the assessment under 
                subparagraph (A), revise or replace the call 
                authentication framework under this section if the 
                Commission determines it is in the public interest to 
                do so; and</DELETED>
                <DELETED>    (C) submit to the Committee on Commerce, 
                Science, and Transportation of the Senate and the 
                Committee on Energy and Commerce of the House of 
                Representatives a report on the findings of the 
                assessment under subparagraph (A) and on any actions to 
                revise or replace the call authentication framework 
                under subparagraph (B).</DELETED>
        <DELETED>    (5) Extension of implementation deadline.--The 
        Federal Communications Commission may extend any deadline for 
        the implementation of a call authentication framework required 
        under this section by 12 months or such further amount of time 
        as the Commission determines necessary if the Commission 
        determines that purchasing or upgrading equipment to support 
        call authentication would constitute a substantial hardship for 
        a provider or category of providers.</DELETED>
<DELETED>    (c) Safe Harbor and Other Regulations.--</DELETED>
        <DELETED>    (1) In general.--The Federal Communications 
        Commission shall promulgate rules--</DELETED>
                <DELETED>    (A) establishing when a provider of voice 
                service may block a voice call based, in whole or in 
                part, on information provided by the call 
                authentication framework under subsection 
                (b);</DELETED>
                <DELETED>    (B) establishing a safe harbor for a 
                provider of voice service from liability for unintended 
                or inadvertent blocking of calls or for the unintended 
                or inadvertent misidentification of the level of trust 
                for individual calls based, in whole or in part, on 
                information provided by the call authentication 
                framework under subsection (b); and</DELETED>
                <DELETED>    (C) establishing a process to permit a 
                calling party adversely affected by the information 
                provided by the call authentication framework under 
                subsection (b) to verify the authenticity of the 
                calling party's calls.</DELETED>
        <DELETED>    (2) Considerations.--In establishing the safe 
        harbor under paragraph (1), the Federal Communications 
        Commission shall consider limiting the liability of a provider 
        based on the extent to which the provider--</DELETED>
                <DELETED>    (A) blocks or identifies calls based, in 
                whole or in part, on the information provided by the 
                call authentication framework under subsection 
                (b);</DELETED>
                <DELETED>    (B) implemented procedures based, in whole 
                or in part, on the information provided by the call 
                authentication framework under subsection (b); 
                and</DELETED>
                <DELETED>    (C) used reasonable care.</DELETED>
<DELETED>    (d) Rule of Construction.--Nothing in this section shall 
preclude the Federal Communications Commission from initiating a 
rulemaking pursuant to its existing statutory authority.</DELETED>

<DELETED>SEC. 4. PROTECTIONS FROM SPOOFED CALLS.</DELETED>

<DELETED>    (a) In General.--Not later than 1 year after the date of 
enactment of this Act, and consistent with the call authentication 
framework under section 3, the Federal Communications Commission shall 
initiate a rulemaking to help protect a subscriber from receiving 
unwanted calls or text messages from a caller using an unauthenticated 
number.</DELETED>
<DELETED>    (b) Considerations.--In promulgating rules under 
subsection (a), the Federal Communications Commission shall consider--
</DELETED>
        <DELETED>    (1) the Government Accountability Office report on 
        combating the fraudulent provision of misleading or inaccurate 
        caller identification required by section 503(c) of division P 
        of the Consolidated Appropriations Act 2018 (Public Law 115-
        141);</DELETED>
        <DELETED>    (2) the best means of ensuring that a subscriber 
        or provider has the ability to block calls from a caller using 
        an unauthenticated North American Numbering Plan 
        number;</DELETED>
        <DELETED>    (3) the impact on the privacy of a subscriber from 
        unauthenticated calls;</DELETED>
        <DELETED>    (4) the effectiveness in verifying the accuracy of 
        caller identification information; and</DELETED>
        <DELETED>    (5) the availability and cost of providing 
        protection from the unwanted calls or text messages described 
        in subsection (a).</DELETED>

<DELETED>SEC. 5. INTERAGENCY WORKING GROUP.</DELETED>

<DELETED>    (a) In General.--The Attorney General, in consultation 
with the Chairman of the Federal Communications Commission, shall 
convene an interagency working group to study Government prosecution of 
violations of section 227(b) of the Communications Act of 1934 (47 
U.S.C. 227(b)).</DELETED>
<DELETED>    (b) Duties.--In carrying out the study under subsection 
(a), the interagency working group shall--</DELETED>
        <DELETED>    (1) determine whether, and if so how, any Federal 
        laws, including regulations, policies, and practices, or 
        budgetary or jurisdictional constraints inhibit the prosecution 
        of such violations;</DELETED>
        <DELETED>    (2) identify existing and potential Federal 
        policies and programs that encourage and improve coordination 
        among Federal departments and agencies and States, and between 
        States, in the prevention and prosecution of such 
        violations;</DELETED>
        <DELETED>    (3) identify existing and potential international 
        policies and programs that encourage and improve coordination 
        between countries in the prevention and prosecution of such 
        violations; and</DELETED>
        <DELETED>    (4) consider--</DELETED>
                <DELETED>    (A) the benefit and potential sources of 
                additional resources for the Federal prevention and 
                prosecution of criminal violations of that 
                section;</DELETED>
                <DELETED>    (B) whether to establish memoranda of 
                understanding regarding the prevention and prosecution 
                of such violations between--</DELETED>
                        <DELETED>    (i) the States;</DELETED>
                        <DELETED>    (ii) the States and the Federal 
                        Government; and</DELETED>
                        <DELETED>    (iii) the Federal Government and a 
                        foreign government;</DELETED>
                <DELETED>    (C) whether to establish a process to 
                allow States to request Federal subpoenas from the 
                Federal Communications Commission;</DELETED>
                <DELETED>    (D) whether extending civil enforcement 
                authority to the States would assist in the successful 
                prevention and prosecution of such 
                violations;</DELETED>
                <DELETED>    (E) whether increased forfeiture and 
                imprisonment penalties are appropriate, such as 
                extending imprisonment for such a violation to a term 
                longer than 2 years;</DELETED>
                <DELETED>    (F) whether regulation of any entity that 
                enters into a business arrangement with a common 
                carrier regulated under title II of the Communications 
                Act of 1934 (47 U.S.C. 201 et seq.) for the specific 
                purpose of carrying, routing, or transmitting a call 
                that constitutes such a violation would assist in the 
                successful prevention and prosecution of such 
                violations; and</DELETED>
                <DELETED>    (G) the extent to which, if any, 
                Department of Justice policies to pursue the 
                prosecution of violations causing economic harm, 
                physical danger, or erosion of an inhabitant's peace of 
                mind and sense of security inhibits the prevention or 
                prosecution of such violations.</DELETED>
<DELETED>    (c) Members.--The interagency working group shall be 
composed of such representatives of Federal departments and agencies as 
the Attorney General considers appropriate, such as--</DELETED>
        <DELETED>    (1) the Department of Commerce;</DELETED>
        <DELETED>    (2) the Department of State;</DELETED>
        <DELETED>    (3) the Department of Homeland Security;</DELETED>
        <DELETED>    (4) the Federal Communications 
        Commission;</DELETED>
        <DELETED>    (5) the Federal Trade Commission; and</DELETED>
        <DELETED>    (6) the Bureau of Consumer Financial 
        Protection.</DELETED>
<DELETED>    (d) Non-Federal Stakeholders.--In carrying out the study 
under subsection (a), the interagency working group shall consult with 
such non-Federal stakeholders as the Attorney General determines have 
the relevant expertise, including the National Association of Attorneys 
General.</DELETED>
<DELETED>    (e) Report to Congress.--Not later than 270 days after the 
date of enactment of this Act, the interagency working group shall 
submit to the Committee on Commerce, Science, and Transportation of the 
Senate and the Committee on Energy and Commerce of the House of 
Representatives a report on the findings of the study under subsection 
(a), including--</DELETED>
        <DELETED>    (1) any recommendations regarding the prevention 
        and prosecution of such violations; and</DELETED>
        <DELETED>    (2) a description of what progress, if any, 
        relevant Federal departments and agencies have made in 
        implementing the recommendations under paragraph (1).</DELETED>

<DELETED>SEC. 6. ACCESS TO NUMBER RESOURCES.</DELETED>

<DELETED>    (a) In General.--</DELETED>
        <DELETED>    (1) Examination of fcc policies.--Not later than 
        180 days after the date of enactment of this Act, the Federal 
        Communications Commission shall commence a proceeding to 
        determine whether Federal Communications Commission policies 
        regarding access to number resources, including number 
        resources for toll free and non-toll free telephone numbers, 
        could be modified, including by establishing registration and 
        compliance obligations, to help reduce access to numbers by 
        potential perpetrators of violations of section 227(b) of the 
        Communications Act of 1934 (47 U.S.C. 227(b)).</DELETED>
        <DELETED>    (2) Regulations.--If the Federal Communications 
        Commission determines under paragraph (1) that modifying the 
        policies described in that paragraph could help achieve the 
        goal described in that paragraph, the Commission shall 
        prescribe regulations to implement those policy 
        modifications.</DELETED>
<DELETED>    (b) Authority.--Any person who knowingly, through an 
employee, agent, officer, or otherwise, directly or indirectly, by or 
through any means or device whatsoever, is a party to obtaining number 
resources, including number resources for toll free and non-toll free 
telephone numbers, from a common carrier regulated under title II of 
the Communications Act of 1934 (47 U.S.C. 201 et seq.), in violation of 
a regulation prescribed under subsection (a) of this section, shall, 
notwithstanding section 503(b)(5) of the Communications Act of 1934 (47 
U.S.C. 503(b)(5)), be subject to a forfeiture penalty under section 503 
of that Act. A forfeiture penalty under this subsection shall be in 
addition to any other penalty provided for by law.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Telephone Robocall Abuse Criminal 
Enforcement and Deterrence Act'' or the ``TRACED Act''.

SEC. 2. FORFEITURE.

    (a) In General.--Section 227 of the Communications Act of 1934 (47 
U.S.C. 227) is amended--
            (1) in subsection (b), by adding at the end the following:
            ``(4) Civil forfeiture.--
                    ``(A) In general.--Any person that is determined by 
                the Commission, in accordance with paragraph (3) or (4) 
                of section 503(b), to have violated any provision of 
                this subsection shall be liable to the United States 
                for a forfeiture penalty pursuant to section 503(b)(1). 
                The amount of the forfeiture penalty determined under 
                this subparagraph shall be determined in accordance 
                with subparagraphs (A) through (F) of section 
                503(b)(2).
                    ``(B) Violation with intent.--Any person that is 
                determined by the Commission, in accordance with 
                paragraph (3) or (4) of section 503(b), to have 
                violated this subsection with the intent to cause such 
                violation shall be liable to the United States for a 
                forfeiture penalty. The amount of the forfeiture 
                penalty determined under this subparagraph shall be 
                equal to an amount determined in accordance with 
                subparagraphs (A) through (F) of section 503(b)(2) plus 
                an additional penalty not to exceed $10,000.
                    ``(C) Recovery.--Any forfeiture penalty determined 
                under subparagraph (A) or (B) shall be recoverable 
                under section 504(a).
                    ``(D) Procedure.--No forfeiture liability shall be 
                determined under subparagraph (A) or (B) against any 
                person unless such person receives the notice required 
                by paragraph (3) or (4) of section 503(b).
                    ``(E) Statute of limitations.--No forfeiture 
                penalty shall be determined or imposed against any 
                person--
                            ``(i) under subparagraph (A) if the 
                        violation charged occurred more than 1 year 
                        prior to the date of issuance of the required 
                        notice or notice of apparent liability; and
                            ``(ii) under subparagraph (B) if the 
                        violation charged occurred more than 3 years 
                        prior to the date of issuance of the required 
                        notice or notice of apparent liability.
                    ``(F) Rule of construction.--Notwithstanding any 
                law to the contrary, the Commission may not determine 
                or impose a forfeiture penalty on a person under both 
                subparagraphs (A) and (B) based on the same conduct.''; 
                and
            (2) by striking subsection (h) and inserting the following:
    ``(h) TCPA Enforcement Report.--The Commission shall submit an 
annual report to Congress regarding the enforcement during the 
preceding year of laws, regulations, and policies relating to robocalls 
and spoofed calls, which report shall include--
            ``(1) the number of complaints received by the Commission 
        during the year alleging that a consumer received a robocall or 
        spoofed call;
            ``(2) the number of citations issued by the Commission 
        pursuant to section 503 during the year to enforce any law, 
        regulation, or policy relating to a robocall or spoofed call;
            ``(3) the number of notices of apparent liability issued by 
        the Commission pursuant to section 503 during the year to 
        enforce any law, regulation, or policy relating to a robocall 
        or spoofed call; and
            ``(4) for each notice referred to in paragraph (3)--
                    ``(A) the amount of the proposed forfeiture penalty 
                involved;
                    ``(B) the person to whom the notice was issued; and
                    ``(C) the status of the proceeding.''.
    (b) Applicability.--The amendments made by this section shall not 
affect any action or proceeding commenced before and pending on the 
date of enactment of this Act.
    (c) Deadline for Regulations.--The Federal Communications 
Commission shall prescribe regulations to implement the amendments made 
by this section not later than 270 days after the date of enactment of 
this Act.

SEC. 3. CALL AUTHENTICATION.

    (a) Definitions.--In this section:
            (1) STIR/SHAKEN authentication framework.--The term ``STIR/
        SHAKEN authentication framework'' means the secure telephone 
        identity revisited and signature-based handling of asserted 
        information using tokens standards proposed by the information 
        and communications technology industry.
            (2) Voice service.--The term ``voice service''--
                    (A) means any service that is interconnected with 
                the public switched telephone network and that 
                furnishes voice communications to an end user using 
                resources from the North American Numbering Plan or any 
                successor to the North American Numbering Plan adopted 
                by the Commission under section 251(e)(1) of the 
                Communications Act of 1934 (47 U.S.C. 251(e)(1)); and
                    (B) includes--
                            (i) transmissions from a telephone 
                        facsimile machine, computer, or other device to 
                        a telephone facsimile machine; and
                            (ii) without limitation, any service that 
                        enables real-time, two-way voice 
                        communications, including any service that 
                        requires internet protocol-compatible customer 
                        premises equipment (commonly known as ``CPE'') 
                        and permits out-bound calling, whether or not 
                        the service is one-way or two-way voice over 
                        internet protocol.
    (b) Authentication Framework.--
            (1) In general.--Subject to paragraphs (2) and (3), not 
        later than 18 months after the date of enactment of this Act, 
        the Federal Communications Commission shall require a provider 
        of voice service to implement the STIR/SHAKEN authentication 
        framework in the internet protocol networks of the voice 
        service provider.
            (2) Implementation.--The Federal Communications Commission 
        shall not take the action described in paragraph (1) if the 
        Commission determines that a provider of voice service, not 
        later than 12 months after the date of enactment of this Act--
                    (A) has adopted the STIR/SHAKEN authentication 
                framework for calls on the internet protocol networks 
                of the voice service provider;
                    (B) has agreed voluntarily to participate with 
                other providers of voice service in the STIR/SHAKEN 
                authentication framework;
                    (C) has begun to implement the STIR/SHAKEN 
                authentication framework; and
                    (D) will be capable of fully implementing the STIR/
                SHAKEN authentication framework not later than 18 
                months after the date of enactment of this Act.
            (3) Implementation report.--Not later than 12 months after 
        the date of enactment of this Act, the Federal Communications 
        Commission shall submit to the Committee on Commerce, Science, 
        and Transportation of the Senate and the Committee on Energy 
        and Commerce of the House of Representatives a report on the 
        determination required under paragraph (2), which shall 
        include--
                    (A) an analysis of the extent to which providers of 
                a voice service have implemented the STIR/SHAKEN 
                authentication framework, including whether the 
                availability of necessary equipment and equipment 
                upgrades has impacted such implementation; and
                    (B) an assessment of the efficacy of the STIR/
                SHAKEN authentication framework, as being implemented 
                under this section, in addressing all aspects of call 
                authentication.
            (4) Review and revision or replacement.--Not later than 3 
        years after the date of enactment of this Act, and every 3 
        years thereafter, the Federal Communications Commission, after 
        public notice and an opportunity for comment, shall--
                    (A) assess the efficacy of the call authentication 
                framework implemented under this section;
                    (B) based on the assessment under subparagraph (A), 
                revise or replace the call authentication framework 
                under this section if the Commission determines it is 
                in the public interest to do so; and
                    (C) submit to the Committee on Commerce, Science, 
                and Transportation of the Senate and the Committee on 
                Energy and Commerce of the House of Representatives a 
                report on the findings of the assessment under 
                subparagraph (A) and on any actions to revise or 
                replace the call authentication framework under 
                subparagraph (B).
            (5) Extension of implementation deadline.--The Federal 
        Communications Commission may extend any deadline for the 
        implementation of a call authentication framework required 
        under this section by 12 months or such further amount of time 
        as the Commission determines necessary if the Commission 
        determines that purchasing or upgrading equipment to support 
        call authentication, or lack of availability of such equipment, 
        would constitute a substantial hardship in meeting such 
        deadline for a provider or category of providers of voice 
        service.
    (c) Safe Harbor and Other Regulations.--
            (1) In general.--The Federal Communications Commission 
        shall promulgate rules--
                    (A) establishing when a provider of voice service 
                may block a voice call based, in whole or in part, on 
                information provided by the call authentication 
                framework under subsection (b);
                    (B) establishing a safe harbor for a provider of 
                voice service from liability for unintended or 
                inadvertent blocking of calls or for the unintended or 
                inadvertent misidentification of the level of trust for 
                individual calls based, in whole or in part, on 
                information provided by the call authentication 
                framework under subsection (b); and
                    (C) establishing a process to permit a calling 
                party adversely affected by the information provided by 
                the call authentication framework under subsection (b) 
                to verify the authenticity of the calling party's 
                calls.
            (2) Considerations.--In establishing the safe harbor under 
        paragraph (1), the Federal Communications Commission shall 
        consider limiting the liability of a provider of voice service 
        based on the extent to which the provider of voice service--
                    (A) blocks or identifies calls based, in whole or 
                in part, on the information provided by the call 
                authentication framework under subsection (b);
                    (B) implemented procedures based, in whole or in 
                part, on the information provided by the call 
                authentication framework under subsection (b); and
                    (C) used reasonable care.
    (d) Rule of Construction.--Nothing in this section shall preclude 
the Federal Communications Commission from initiating a rulemaking 
pursuant to its existing statutory authority.

SEC. 4. PROTECTIONS FROM SPOOFED CALLS.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, and consistent with the call authentication framework 
under section 3, the Federal Communications Commission shall initiate a 
rulemaking to help protect a subscriber from receiving unwanted calls 
or text messages from a caller using an unauthenticated number.
    (b) Considerations.--In promulgating rules under subsection (a), 
the Federal Communications Commission shall consider--
            (1) the Government Accountability Office report on 
        combating the fraudulent provision of misleading or inaccurate 
        caller identification required by section 503(c) of division P 
        of the Consolidated Appropriations Act 2018 (Public Law 115-
        141);
            (2) the best means of ensuring that a subscriber or 
        provider has the ability to block calls from a caller using an 
        unauthenticated North American Numbering Plan number;
            (3) the impact on the privacy of a subscriber from 
        unauthenticated calls;
            (4) the effectiveness in verifying the accuracy of caller 
        identification information; and
            (5) the availability and cost of providing protection from 
        the unwanted calls or text messages described in subsection 
        (a).

SEC. 5. INTERAGENCY WORKING GROUP.

    (a) In General.--The Attorney General, in consultation with the 
Chairman of the Federal Communications Commission, shall convene an 
interagency working group to study Government prosecution of violations 
of section 227(b) of the Communications Act of 1934 (47 U.S.C. 227(b)).
    (b) Duties.--In carrying out the study under subsection (a), the 
interagency working group shall--
            (1) determine whether, and if so how, any Federal laws, 
        including regulations, policies, and practices, or budgetary or 
        jurisdictional constraints inhibit the prosecution of such 
        violations;
            (2) identify existing and potential Federal policies and 
        programs that encourage and improve coordination among Federal 
        departments and agencies and States, and between States, in the 
        prevention and prosecution of such violations;
            (3) identify existing and potential international policies 
        and programs that encourage and improve coordination between 
        countries in the prevention and prosecution of such violations; 
        and
            (4) consider--
                    (A) the benefit and potential sources of additional 
                resources for the Federal prevention and prosecution of 
                criminal violations of that section;
                    (B) whether to establish memoranda of understanding 
                regarding the prevention and prosecution of such 
                violations between--
                            (i) the States;
                            (ii) the States and the Federal Government; 
                        and
                            (iii) the Federal Government and a foreign 
                        government;
                    (C) whether to establish a process to allow States 
                to request Federal subpoenas from the Federal 
                Communications Commission;
                    (D) whether extending civil enforcement authority 
                to the States would assist in the successful prevention 
                and prosecution of such violations;
                    (E) whether increased forfeiture and imprisonment 
                penalties are appropriate, such as extending 
                imprisonment for such a violation to a term longer than 
                2 years;
                    (F) whether regulation of any entity that enters 
                into a business arrangement with a common carrier 
                regulated under title II of the Communications Act of 
                1934 (47 U.S.C. 201 et seq.) for the specific purpose 
                of carrying, routing, or transmitting a call that 
                constitutes such a violation would assist in the 
                successful prevention and prosecution of such 
                violations; and
                    (G) the extent to which, if any, Department of 
                Justice policies to pursue the prosecution of 
                violations causing economic harm, physical danger, or 
                erosion of an inhabitant's peace of mind and sense of 
                security inhibits the prevention or prosecution of such 
                violations.
    (c) Members.--The interagency working group shall be composed of 
such representatives of Federal departments and agencies as the 
Attorney General considers appropriate, such as--
            (1) the Department of Commerce;
            (2) the Department of State;
            (3) the Department of Homeland Security;
            (4) the Federal Communications Commission;
            (5) the Federal Trade Commission; and
            (6) the Bureau of Consumer Financial Protection.
    (d) Non-Federal Stakeholders.--In carrying out the study under 
subsection (a), the interagency working group shall consult with such 
non-Federal stakeholders as the Attorney General determines have the 
relevant expertise, including the National Association of Attorneys 
General.
    (e) Report to Congress.--Not later than 270 days after the date of 
enactment of this Act, the interagency working group shall submit to 
the Committee on Commerce, Science, and Transportation of the Senate 
and the Committee on Energy and Commerce of the House of 
Representatives a report on the findings of the study under subsection 
(a), including--
            (1) any recommendations regarding the prevention and 
        prosecution of such violations; and
            (2) a description of what progress, if any, relevant 
        Federal departments and agencies have made in implementing the 
        recommendations under paragraph (1).

SEC. 6. ACCESS TO NUMBER RESOURCES.

    (a) In General.--
            (1) Examination of fcc policies.--Not later than 180 days 
        after the date of enactment of this Act, the Federal 
        Communications Commission shall commence a proceeding to 
        determine whether Federal Communications Commission policies 
        regarding access to number resources, including number 
        resources for toll free and non-toll free telephone numbers, 
        could be modified, including by establishing registration and 
        compliance obligations, to help reduce access to numbers by 
        potential perpetrators of violations of section 227(b) of the 
        Communications Act of 1934 (47 U.S.C. 227(b)).
            (2) Regulations.--If the Federal Communications Commission 
        determines under paragraph (1) that modifying the policies 
        described in that paragraph could help achieve the goal 
        described in that paragraph, the Commission shall prescribe 
        regulations to implement those policy modifications.
    (b) Authority.--Any person who knowingly, through an employee, 
agent, officer, or otherwise, directly or indirectly, by or through any 
means or device whatsoever, is a party to obtaining number resources, 
including number resources for toll free and non-toll free telephone 
numbers, from a common carrier regulated under title II of the 
Communications Act of 1934 (47 U.S.C. 201 et seq.), in violation of a 
regulation prescribed under subsection (a) of this section, shall, 
notwithstanding section 503(b)(5) of the Communications Act of 1934 (47 
U.S.C. 503(b)(5)), be subject to a forfeiture penalty under section 503 
of that Act. A forfeiture penalty under this subsection shall be in 
addition to any other penalty provided for by law.
                                                        Calendar No. 94

116th CONGRESS

  1st Session

                                 S. 151

                          [Report No. 116-41]

_______________________________________________________________________

                                 A BILL

   To deter criminal robocall violations and improve enforcement of 
    section 227(b) of the Communications Act of 1934, and for other 
                               purposes.

_______________________________________________________________________

                              May 21, 2019

                       Reported with an amendment