[Senate Hearing 118-606]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 118-606

                  PROTECTING AMERICANS FROM ROBOCALLS

=======================================================================

                                HEARING

                               before the

                 SUBCOMMITTEE ON COMMUNICATIONS, MEDIA,
                             AND BROADBAND

                                 of the

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                    ONE HUNDRED EIGHTEENTH CONGRESS

                             FIRST SESSION

                               __________


                            OCTOBER 24, 2023

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation





                 [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
               





                Available online: http://www.govinfo.gov

                               ______
                                 

                 U.S. GOVERNMENT PUBLISHING OFFICE

59-860 PDF                WASHINGTON : 2025













       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                    ONE HUNDRED EIGHTEENTH CONGRESS

                             FIRST SESSION

                   MARIA CANTWELL, Washington, Chair

AMY KLOBUCHAR, Minnesota             TED CRUZ, Texas, Ranking
BRIAN SCHATZ, Hawaii                 JOHN THUNE, South Dakota
EDWARD MARKEY, Massachusetts         ROGER WICKER, Mississippi
GARY PETERS, Michigan                DEB FISCHER, Nebraska
TAMMY BALDWIN, Wisconsin             JERRY MORAN, Kansas
TAMMY DUCKWORTH, Illinois            DAN SULLIVAN, Alaska
JON TESTER, Montana                  MARSHA BLACKBURN, Tennessee
KYRSTEN SINEMA, Arizona              TODD YOUNG, Indiana
JACKY ROSEN, Nevada                  TED BUDD, North Carolina
BEN RAY LUJAN, New Mexico            ERIC SCHMITT, Missouri
JOHN HICKENLOOPER, Colorado          J. D. VANCE, Ohio
RAPHAEL WARNOCK, Georgia             SHELLEY MOORE CAPITO, West 
PETER WELCH, Vermont                     Virginia
                                     CYNTHIA LUMMIS, Wyoming

                   Lila Harper Helms, Staff Director
                 Melissa Porter, Deputy Staff Director
                     Jonathan Hale, General Counsel
                 Brad Grantz, Republican Staff Director
           Nicole Christus, Republican Deputy Staff Director
                     Liam McKenna, General Counsel

                             ------                                

          SUBCOMMITTEE ON COMMUNICATIONS, MEDIA, AND BROADBAND

BEN RAY LUJAN, New Mexico, Chair     JOHN THUNE, South Dakota, Ranking
AMY KLOBUCHAR, Minnesota             ROGER WICKER, Mississippi
BRIAN SCHATZ, Hawaii                 DEB FISCHER, Nebraska
EDWARD MARKEY, Massachusetts         JERRY MORAN, Kansas
GARY PETERS, Michigan                DAN SULLIVAN, Alaska
TAMMY BALDWIN, Wisconsin             MARSHA BLACKBURN, Tennessee
TAMMY DUCKWORTH, Illinois            TODD YOUNG, Indiana
JON TESTER, Montana                  TED BUDD, North Carolina
KYRSTEN SINEMA, Arizona              ERIC SCHMITT, Missouri
JACKY ROSEN, Nevada                  J. D. VANCE, Ohio
JOHN HICKENLOOPER, Colorado          SHELLEY MOORE CAPITO, West 
RAPHAEL WARNOCK, Georgia                 Virginia
PETER WELCH, Vermont                 CYNTHIA LUMMIS, Wyoming









                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on October 24, 2023.................................     1
Statement of Senator Lujan.......................................     1
    Letter dated October 23, 2023 to Hon. Ray Ben Lujan and Hon. 
      John Thune from Loyaan Egal, Chief, Enforcement Bureau, 
      Federal Communications Commission..........................     2
    Prepared statement from Jennifer DeStefano...................     5
    Report entitled ``Scam Robocalls: Telecom Providers Profit'' 
      [link provided]............................................    61
Statement of Senator Fischer.....................................     7
    Prepared statement from Hon. John Thune, U.S. Senator from 
      South Dakota...............................................    62
    Letter dated October 24, 2023 to Senator Ray Ben Lujan and 
      Senator John Thune from Scott Purcell, Chief Executive 
      Officer, ACA International.................................    63
    Letter dated October 24, 2023 to Hon. Ray Ben Lujan and Hon. 
      John Thune from Jim Nussle, President and CEO, Credit Union 
      National Association.......................................    66
Statement of Senator Markey......................................    68
Statement of Senator Budd........................................    70
Statement of Senator Tester......................................    72
Statement of Senator Vance.......................................    74
Statement of Senator Klobuchar...................................    76
Statement of Senator Welch.......................................    78
Statement of Senator Hickenlooper................................    79
Statement of Senator Rosen.......................................    81

                               Witnesses

Margot Freeman Saunders, Senior Counsel, National Consumer Law 
  Center.........................................................     9
    Prepared statement...........................................    10
Megan L. Brown, Partner, Wiley Rein LLP, on behalf of the U.S. 
  Chamber Institute for Legal Reform.............................    25
    Prepared statement...........................................    27
Joshua M. Bercu, Executive Director, Industry Traceback Group; 
  Vice President, Policy & Advocacy, USTelecom--The Broadband 
  Association....................................................    35
    Prepared statement...........................................    36
Michael Rudolph, Chief Technology Officer, YouMail, Inc..........    42
    Prepared statement...........................................    44

                                Appendix

Response to written questions submitted to Margot Freeman 
  Saunders by:
    Hon. Maria Cantwell..........................................    91
    Hon. Ben Ray Lujan...........................................    95
    Hon. John Hickenlooper.......................................    96
    Hon. Peter Welch.............................................    96
    Hon. Ted Cruz................................................    97
Response to written questions submitted to Megan L. Brown by:
    Hon. Ted Cruz................................................   101
    Hon. John Thune..............................................   104
Response to written questions submitted to Joshua M. Bercu by:
    Hon. Maria Cantwell..........................................   106
    Hon. Ben Ray Lujan...........................................   106
    Hon. John Hickenlooper.......................................   107
    Hon. John Thune..............................................   107
Response to written questions submitted to Michael Rudolph by:
    Hon. Maria Cantwell..........................................   108
    Hon. Ben Ray Lujan...........................................   111
    Hon. Peter Welch.............................................   113









 
                  PROTECTING AMERICANS FROM ROBOCALLS

                              ----------                              


                       TUESDAY, OCTOBER 24, 2023

                               U.S. Senate,
        Subcommittee on Communications, Media, and 
                                         Broadband,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10:03 a.m., in 
room SR-253, Russell Senate Office Building, Hon. Ben Ray 
Lujan, Chairman of the Subcommittee, presiding.
    Present: Senators Lujan [presiding], Klobuchar, Markey, 
Peters, Tester, Rosen, Hickenlooper, Welch, Fischer, Budd, and 
Vance.

           OPENING STATEMENT OF HON. BEN RAY LUJAN, 
                  U.S. SENATOR FROM NEW MEXICO

    Senator Lujan. [Technical problems]--committee to order. I 
want to thank everyone for being here for a hearing on 
``Protecting Americans from Robocalls''. And first of all, I 
wanted to thank Ranking Member Thune for working with me and my 
staff.
    I want to thank his team. And I especially wanted to thank 
Senator Fischer for being here with us, as she always is, but 
especially to serve in an important role today as well. So, I 
want to thank you, Senator Fischer, for joining us to preside 
today.
    Thank you so very much. And today, we will hear from expert 
witnesses on protecting our constituents from the growing 
number of fraudulent and illegal robocalls and robotexts. Every 
month, Americans receive roughly 1.5 billion to 3 billion scam 
calls and likely illegal telemarketing calls.
    This is an issue that I am confident everyone in the room 
has dealt with. For those of you that have your phones on, I am 
sure you are going to receive robocalls and robotexts that are 
predatory even during this hearing, and I would not be 
surprised if we did as well.
    Robocalls, they interrupt sleep if you are not putting your 
phones in some privacy mode or sleep mode or turning them off 
themselves. They interrupt time with friends and family, and as 
I said, even during hearings, I won't be surprised if they came 
up.
    So, if they do, feel free to hold your phone up and share 
with the rest of America what is happening while we are in this 
room. Robocalls have eroded trust in our Nation's 
communications networks. I know many in my family, including 
myself, that you will look at the phone now and you are not 
sure where it is coming from.
    And some of the phone providers are putting scam alerts or 
maybe it is some other call, and folks will look at their 
device and they will drop it down as well. Many have become 
subject to those phishing attacks from those robotexts as well, 
which are costing the American people billions of dollars.
    In 1991, Congress passed the Telephone Consumer Protection 
Act, the TCPA, and more recently, the Telephone Robocall Abuse 
Criminal Enforcement and Deterrence Act, which--acronym is 
TRACED. It was back in 2019. These two laws each protect 
Americans from predatory and unsolicited robocalls and 
robotexts, giving Federal agencies the tools to fight back.
    And in some ways, the TCPA and TRACED, as they were 
implemented, the number of unsolicited and illegal 
telemarketing calls has decreased. Do not call complaints at 
the FCC have reduced as well, not entirely, but by some 
numbers.
    And the Federal Communications Commission has issued 500 
million enforcement actions against illegal robocalls over the 
last 12 months. The FCC has empowered the industry Traceback 
Group and phone companies to block, by default, illegal or 
unwanted calls based on reasonable evidence.
    And the Federal Communications Commission provided a 
statement for today's hearing. And without objection, I would 
like to enter it into the record. We will enter that.
    [The information referred to follows:]

                          Federal Communications Commission
                                   Washington, DC, October 23, 2023

Hon. Ben Ray Lujan,
Chairman,
Subcommittee on Communications, Media, and Broadband,
Washington, DC.

Hon. John Thune,
Ranking Member,
Subcommittee on Communications, Media, and Broadband,
Washington, DC.

Dear Chairman Lujan and Ranking Member Thune:

    Thank you for the opportunity to submit a statement addressing the 
ongoing work of the Federal Communications Commission's Enforcement 
Bureau to combat illegal robocalls and scam texts. Protecting consumers 
from fraud and unwanted communications is a top consumer protection 
priority for the Commission and the Enforcement Bureau. The Commission 
is grateful for the continuing support of the Subcommittee on 
Communications, Media, and Broadband. Below, I outline the Commission's 
recent enforcement efforts against illegal robocalls and ways the 
Commission is modernizing its approach to enforcement. Lastly, I 
identify where Chairwoman Jessica Rosenworcel has called for new 
legislation to address statutory gaps that are leaving consumers 
vulnerable.
Recent Enforcement Activities
    In our ongoing effort and commitment to put a stop to illegal 
robocalls, the Commission has ordered substantial penalties against bad 
actors, acted swiftly and repeatedly to disrupt illegal traffic, and 
cracked down on providers who have failed to implement sufficient 
robocall mitigation plans. This calendar year alone, the Commission has 
already issued four orders imposing more than $500 million in fines 
against robocallers. In parallel, the Commission has had significant 
success blocking illegal robocalls before they ever reach consumers. 
After identifying a non-compliant gateway or originating provider 
responsible for facilitating bad traffic, the Commission has permitted 
or ordered downstream providers to block the traffic from that non-
compliant provider--thereby stopping the robocalls immediately. 
Further, under the Commission's current rules, all providers in the 
potential path of a call are required to implement a robocall 
mitigation plan that includes reasonable steps to avoid originating, 
carrying, or processing illegal robocall traffic, and file that plan in 
the Robocall Mitigation Database (RMD). The Commission has issued over 
20 notices or show cause orders threatening non-compliant providers 
with removal from the RMD. This is a significant consequence, as 
downstream providers may not accept traffic from any provider that is 
required to file in the RMD and has been removed due to noncompliance 
with the Commission's rules. Our evolving, multi-pronged approach has 
resulted in an over 20 percent drop in illegal robocalls since last 
year, according to one study.\1\ But the Commission's work is not done. 
Going forward we intend to continue the battle against robocalls as 
well as pioneer enforcement against robotexts.
---------------------------------------------------------------------------
    \1\ See Robokiller, The Robokiller Phone Scam Report 2023 Mid-Year 
Insights & Analysis at 10 (2023), https://assets.website-files.com/
61f9a8793a878d7f71c5505d/64ca6ccf1f5e962fae3e55e3_
Robokiller%20Mid-Year%20Report%202023.pdf.
---------------------------------------------------------------------------
    To strengthen its investigative and enforcement efforts, the 
Commission has continued to expand its partnerships with state, 
federal, and international regulatory and law enforcement partners. The 
Commission now has memoranda of understanding with attorneys general in 
47 states, the District of Columbia, and Guam, which allows the 
Enforcement Bureau and its counterparties to facilitate information 
sharing and investigative cooperation more easily. The Commission also 
renewed its memorandum of understanding between international 
regulatory and law enforcement authorities that are members of the 
Unsolicited Communications Enforcement Network (UCENet). Collectively, 
these memoranda aim to promote domestic and cross-border collaboration 
to combat unsolicited communications, including e-mail and text spam, 
scams, and illegal telemarketing. These relationships matter. To point 
to just one example this year, our collaboration with the Ohio Attorney 
General's Office led to a record-breaking penalty of nearly 
$300,000,000 ordered against one of the worst robocalling schemes 
inflicted on U.S. consumers.
    The Commission also engages directly with consumers and the general 
public in a variety of ways to increase consumer and industry 
awareness. In advance of the Supreme Court's ruling pertaining to 
student loan debt in June, the Commission worked with multiple 
attorneys general and the U.S. Department of Education to warn students 
about potential scams looking to take advantage of any confusion 
stemming from the ruling. The Commission also now publishes certain 
traceback data, i.e., information pertaining to calls reported as 
potentially illegal, including the source of those calls. The 
Commission also closely monitors and investigates complaints by 
consumers and small businesses.
Modernizing Enforcement Methods
    Many of these successful enforcement efforts would not have been 
possible without the passage of the Telephone Robocall Abuse Criminal 
Enforcement and Deterrence (TRACED) Act, which led to two key 
developments. First, the TRACED Act no longer required the Commission 
to issue citations for the bulk of robocall violations, and instead 
allowed the Commission to move immediately to forfeiture proceedings. 
The result was record-breaking fines against the worst bad actors in 
the industry. Second, the TRACED Act required the FCC to mandate 
adoption of the STIR/SHAKEN caller identification framework, which 
enables phone companies to verify that the caller ID information 
transmitted with a call matches the caller's real phone number. Among 
other initiatives undertaken to meet this mandate, the FCC launched the 
RMD to monitor compliance. As discussed above, removal of providers 
from the RMD who fall short of their obligations to protect consumers 
is a devastating consequence.
    The Commission is currently engaged in discussions with the 
Treasury Department, including with the Financial Crimes Enforcement 
Network (FinCEN), to provide the Commission's Enforcement Bureau with 
access to vital information collected pursuant to the Bank Secrecy Act 
(BSA). Although our efforts with Treasury are ongoing, we are able to 
note that these efforts have been collaborative, and our Treasury 
colleagues have been very constructive in their engagement with us. BSA 
evidence is critical to identify the financing used to support the 
entities using U.S. communications networks to commit fraud targeting 
consumers, as well as the various methods in which bad actors are 
laundering and exfiltrating their illicit proceeds. Supplementing our 
current authorities with BSA information will further assist the 
Enforcement Bureau in identifying and going after the worst actors 
while limiting their ability to reconfigure and use financial resources 
to further their schemes.
Proposed Policy Changes
    The Chairwoman has identified two additional fronts where Congress 
can help the Commission's enforcement efforts. First, Congress could 
help the Commission protect consumers by broadening the definition of 
``automatic telephone dialing system'' in the Telephone Consumer 
Protection Act (TCPA). The TCPA broadly protects consumers from calls 
made using an ``automatic telephone dialing system or an artificial or 
prerecorded voice.'' The TCPA's definition of automatic telephone 
dialing system has been unaltered since 1991 and needs adjustments to 
keep pace with the way technology has developed over the last thirty 
years. Further, in Facebook v. Duguid, the Supreme Court narrowly 
interpreted ``automatic telephone dialing system'' to mean equipment 
that stores or generates numbers randomly or sequentially.
    Consequently, equipment that simply stores non-random and non-
sequential lists of numbers may fall outside the statute. This 
interpretation makes it harder for the Commission to regulate bad 
actors manipulating technology to reach massive volumes of consumers, 
particularly with regards to sending unwanted text messages.
    Second, the Chairwoman has explained that Congress could help the 
Commission protect consumers by giving the Commission the authority to 
collect the fines it imposes against bad actors responsible for illegal 
robocalls. The Commission has the authority to issue a Forfeiture Order 
for violations of the Communications Act and its rules, but it lacks 
the authority to pursue collection without involvement from the 
Department of Justice (DOJ). Since 2018, the Commission has referred 
eight robocalling forfeiture orders to the DOJ for collection, of which 
the DOJ is currently pursuing collection for two. The result is that 
significant sums of ill-gotten gains are potentially left in the 
pockets of bad actors. With its own authority to collect its fines, the 
Commission would pursue these cases promptly and aggressively.
    Thank you for the opportunity to submit written testimony about 
this important consumer protection matter.
            Sincerely,
                                               Loyaan Egal,
                                         Chief, Enforcement Bureau,
                                     Federal Communications Commission.

    Senator Lujan. However, it is important that we recognize 
that robocalls and robotexts are not just a nuisance. Scammers 
use our telecom networks to defraud Americans out of an 
estimated $39 billion.
    Now, that was just in 2022 alone. That is roughly enough 
money to provide affordable broadband to the current 21 million 
households enrolled in the Affordable Connectivity Program for 
8 years. I hope we understand the magnitude of what that $39 
billion year to year means.
    Scammers and fly by night companies are stealing American 
families' hard earned dollars using our telecom networks to do 
so, and they don't face any consequences. The FCC levies fines, 
but fines go uncollected, and the company dissolves and moves 
assets elsewhere.
    Congress must empower our regulators and enforcement 
agencies to ensure that when an individual or company breaks 
the law, they are held to account. Part of the reason these 
scammers are so effective at tricking consumers and evading 
enforcement is that the technology is constantly evolving.
    We will hear testimony that suggests consumer consent for 
telemarketing is increasingly falsified. Automated bots and 
other artificial intelligence systems are using public data to 
consent on behalf of a consumer for calls they never asked for 
and do not want.
    Automated robocalls and robots are using chat bots and 
generative artificial intelligence to impersonate a real life 
person, lulling the recipient into a false sense of security by 
mimicking voices and mannerisms.
    In the most frightening examples, bad actors are playing on 
our emotions and impersonating loved ones in distress. Earlier 
this year in the Senate Human Rights subcommittee, Senator 
Ossoff and Ranking Member Blackburn heard testimony from 
Jennifer DeStefano of Arizona who was the victim of a scam call 
impersonating her daughter.
    And without objection, I would like to enter her testimony 
into the record for today's hearing. Hearing none, it is 
entered.
    [The information referred to follows:]

                Prepared Statement of Jennifer DeStefano
                   Abuses of Artificial Intelligence
                             June 13, 2023
    Good Afternoon Senators, it is my great honor to speak with you 
today and to share my experience of how artificial intelligence is 
being weaponized to not only invoke fear and terror in the American 
public, but in the global community at large as it capitalizes on and 
redefines what we have known to be as ``familiar''. I would like to 
take this moment to thank Senator Ossoff for inviting me to be here 
today. I would also like to thank Senator Blackburn for your concern on 
this ever evolving topic and community threat. AI is revolutionizing 
and unraveling the very foundation of our social fabric by creating 
doubt and fear in what was once never questioned, the sound of a loved 
one's voice.
    What is ``familiar''? How many times have you received a phone call 
from your child and asked them to verify who is calling? How many times 
has a loved one reached out to you in despair and you stopped them to 
validate their identity? Did you hang up on them? Did you require to 
call them back to make sure you are speaking to the correct person? The 
answer is more than likely, never. Never have you stopped your loved 
one and questioned if the voice you are speaking with is really them. 
The sound of a loved one's voice is often never questioned. It is 
designed by nature, it is designed by God, as a unique identity, as 
unique as a fingerprint. This familiar identity is how a mother knows 
if it's her child crying in a room and it is how a newborn child 
instantly recognizes their mother.
    It was a typical Friday afternoon for our family kicking off a 
weekend of races and rehearsals that often divide our family across the 
state. As the parents of four children close in age, we tend to have to 
``divide and conquer''. My husband was with our older daughter Brie and 
our youngest son in Northern Arizona training for ski races. I was with 
our older son and youngest daughter Aubrey in the valley as she had 
rehearsal. Ski racing is a high risk sport and Brie had not raced in 
years. At age 15, she promised me she would take it easy and not hurt 
herself by pushing to hard. When I first received a call from an 
``unknown'' number upon exiting my car, I was going to ignore it. On 
the final ring I chose to answer as ``unknown'' calls can often be a 
doctor or a hospital. I answered the phone '' Hello'', on the other end 
was our daughter Briana sobbing and crying saying ``mom''. At first I 
thought nothing of it, she had run into race gates and bruised herself 
before, not to worry. I casually asked her what happened as I had her 
on speaker walking through the parking lot to meet her sister. Briana 
continued with ``mom, I messed up'' with more crying and sobbing. Not 
thinking twice, I asked her again, ``ok what happened?'' Suddenly a 
man's voice barked at her to ``lay down and put your head back''. At 
that moment I started to panic. My concern escalated and I demanded to 
know what was going on, but nothing could have prepared me for her 
response. ``MOM THESE BAD MEN HAVE ME, HELP ME, HELP ME!!'' She begged 
and pleaded as the phone was taken from her. A threatening and vulgar 
man took over the call ``Listen here, I have your daughter, you tell 
anyone, you call the cops, I am going to pump her stomach so full of 
drugs, I am going to have my way with her, drop her in Mexico and 
you'll never see her again!'' all the while Briana was in the 
background desperately pleading ``mom help me!!!''
    With my shaking hand on the door handle to the studio, I put the 
man on mute, flung open the door and started screaming for help. The 
next few minutes were a parent's worst nightmare. I was fortunate to 
have a few moms at the studio who surrounded me, hearing all of the 
vulgar threats the man was making. One mom ran outside and called 911. 
Our 13 year old daughter Aubrey stood paralyzed in fear. I needed her 
help, her sister was in trouble and we had to find her. Another mom ran 
to her to aid as they started making calls to her dad, her brothers, 
anyone that could help us figure out what happened to Brie. The 
kidnapper demanded a million dollars. That was not possible and so the 
kidnapper decided on $50,000, in cash. At this moment, the mom who 
called 911 came inside and shared with me that 911 was familiar with an 
AI scam where they can replicate your loved one's voice. I didn't 
believe this was a scam. It wasn't just Brie's voice, it was her cries, 
it was her sobs that were unique to her. It wasn't possible to fake 
that I protested. She told me that AI can also replicate inflection and 
emotion. That gave me a little hope but still was not enough. I 
proceeded with the negotiations. I asked for wiring instructions and 
routing numbers for the $50,000 but was refused. ``Oh no'' the man 
demanded, ``that's traceable, that's not how this is going to go down. 
We are going to come pick you up!'' ``What?'' I shouted, ``You will 
agree to being picked up in a white van, with a bag over your head so 
you don't know where we are taking you. You better have all $50k in 
cash otherwise both you and your daughter are dead! If you don't agree 
to this, you will never see your daughter again!'' he screamed. I had 
to stall, I asked the mom on the call with 911 to send police, I needed 
to stall until I had police with me. Then the mom who was making calls 
with Aubrey was able to get my husband on the phone. He frantically 
located Brie resting safely in bed.
    Brie had no idea what was happening. As I was negotiating the 
arrangements of the abduction of myself to save my daughter, the mom 
came to me and told me she found Brie and that she was safe. I didn't 
believe her. How could she be safe with her father and yet be in the 
possession of kidnappers? It was not making any sense. I had to speak 
to Brie. I could not believe she was safe until I heard her voice say 
she was. I asked her over and over again if it was really her, if she 
was really safe, again, is this really Brie, are you sure you are 
really safe?! My mind was whirling. I do not remember how many times I 
needed reassurance, but when I finally took hold of the fact she was 
safe, I was furious. I lashed at the men for such a horrible attempt to 
scam and extort money. To go so far as to fake my daughter's kidnapping 
was beyond the lowest of the low for money. They continued to threaten 
to kill Brie. I made a promise that I was going to stop them, that not 
only were they never going to hurt my daughter, but that they were not 
going to continue to harm others with their scheme. After I hung up, I 
collapsed to the floor in tears of relief. When I called the police to 
pursue the matter, unfortunately I was met with this is a prank call. 
That it happens often and that I am probably not in harm's way 
(although not a guarantee). I was offered to have a police officer call 
me from another ``unknown'' number if it would make me feel better as 
law enforcement numbers are also blocked. That certainly did not make 
me feel better. Bottom line was no actual crime had been committed, no 
one was physically kidnapped, and no money was transferred, period, the 
end.
    But that wasn't the end, it couldn't be the end. If it was the end, 
then this nightmare would never stop. I stayed up all night paralyzed 
in fear. Do they know where I am? Do they know where my daughter is? 
How did they get her voice? How did they get her crying, her sobs that 
are unique to her. She is not a very public person. Are we being cyber 
stalked? Targeted? So many questions that I could not leave unanswered, 
so I turned to our community and the response was overwhelming!
    Friends and neighbors came out of the woodwork with their stories. 
Kidnapping phone calls coming from their children's phones, bags of 
money being driven halfway to Mexico, even voices of young children 
nowhere to be found on social media and who do not have phones, the 
stories kept pouring in. Even my own mother received a call with my 
brother's voice claiming to be in an accident and needing money for the 
hospital bill! My mother is hard of hearing and quite spunky. After 
having the caller repeat the request multiple times, she realized the 
language used was not something my brother would say. She told the 
caller to call their real mother and hung up. The common response the 
victims received from authorities was that nothing could be done. In 
fact, one mother I know personally shared with me how she was even 
mocked by her son's school and security officer. She called his school 
frantically trying to locate her son when she received a call from him 
that he had been kidnapped. He even used his unique nickname during the 
call to self identify. Fortunately he was safe in class and she was 
told ``this happens all the time'' as her fear was dismissed. ``It's 
the most frustrating, maddening, scary and invaded I've felt . . . my 
fear is that it is only a matter of time until someone actually follows 
through with the threat'', she told me as she has been living in fear 
and concern for her son's safety ever sense.
    Money scams have been around for thousands of years. We have all 
heard of ``snake oil'' and remember the days of ``swap land'' sold as 
paradise in Florida. This is entirely different. This is terrorizing 
with lasting post traumatic stress. Even months later, sharing the 
story shakes me to my core. It was my daughter's voice. It was her 
cries, her sobs. It was the way she spoke. I will never be able to 
shake that voice out of mind. It's every parents' worst nightmare to 
hear your child pleading with fear and pain, knowing that they are 
being harmed and you are helpless and desperate. The longer this form 
of terror remains unpunishable, the farther and more egregious it will 
become. The thought crossed my mind before I hung on the ``kidnappers'' 
to follow through with the physical abduction of me. Was that what 
would it take to bring an end to this? Was that what it would take in 
order to have a pursuable criminal offense?
    As our world moves at a lightning fast pace, the human element of 
familiarity that lays foundation to our social fabric of what is 
``known'' and what is ``truth'', is being revolutionized with 
Artificial Intelligence. Some for good, and some for evil. No longer 
can we trust ``seeing is believing'', ``I heard it with my own ears'' 
nor even the sound of our own child's voice. This concept redefines and 
rewrites what the very meaning of ``familiarity'' means. Familiarity is 
defined as ``the quality of being well known or knowledge of 
something'' and further is defined as ``relaxed friendliness or 
intimacy between people.'' Familiar and family share the root word 
``Famil'' which establishes strength of a relationship between one 
person and another. I ask you, when your mother calls, are you going to 
hang up and call her back to make sure it is really her? When your 
child calls you in need of help, will you disconnect the call and say I 
don't believe its really you? Is this our new norm? Is this the future 
we are creating by enabling this abuse of Artificial Intelligence 
without consequence?
    I want to thank you for your time and attention today. Congress has 
a large and looming task ahead. How do we move forward as a community 
with this haunting reality that is plaguing us? If left uncontrolled, 
unguarded and without consequence, it will rewrite our understanding 
and perception what is and what is not truth. It will erode our sense 
of ``familiar'' as it corrodes our confidence in what is real and what 
is not. This is a non-partisan matter and I have seen the hands reach 
across the aisle in unified concern. That gives me great hope. How to 
contain the ever evolving Artificial Intelligence and its unknowns, is 
not an easy task. My sincere thanks and humble appreciation for your 
time and attention today. I thank all of you, and especially Senator 
Ossoff and Congress at large, for tirelessly taking action to keep our 
community and world safe from the hands of evil. I am one person, one 
story, but I am not the only one and I certainly will not be the last 
one unless action is taken. I wish you God's speed.

    Senator Lujan. Now, she testified, ``AI is revolutionizing 
and unraveling the very foundation of our social fabric by 
creating doubt and fear in what was once never questioned, the 
sound of a loved one's voice.''
    This hearing will examine how robocallers are evading 
enforcement, consider public, private efforts to combat illegal 
robocalls, unravel how new and evolving technologies are 
changing the landscape, and investigate what next steps are 
needed to protect Americans from fraudulent and illegal text 
messages and calls.
    I am very excited that we have the panel that we have with 
us today. I will introduce each of you momentarily. But first, 
I want to recognize a friend and a leader that is with us 
today, and I want to turn this over to Ranking Member Fischer 
for her opening comments.

                STATEMENT OF HON. DEB FISCHER, 
                   U.S. SENATOR FROM NEBRASKA

    Senator Fischer. Good morning, and thank you, Chairman 
Lujan, for holding this hearing. The persistent issue of 
illegal robocalls has been a longstanding concern of mine. 
Nationwide, illegal and spoofed robocalls continue to be the 
number one consumer complaint. I want to ensure that we have 
the right tools in place to protect consumers from these calls 
that prey on them.
    As we all know, our phones give us connection to the world 
around us. Whether it is calling family, friends, or 
colleagues, scheduling appointments, or summoning emergency 
services, they are integrated into our daily lives. Our phone 
numbers are a very personal part of our identities as well.
    We use them to verify who we are, and we hold on to them 
for decades, sometimes for a lifetime. But as we know too well, 
this allows scammers to reach directly into our homes and into 
our pockets. Bad actors are increasingly savvy in the 
technologies they use to defraud consumers.
    This can result in devastating financial losses. Criminals 
are engaging in more targeted calls and impersonating 
businesses like banks to steal personal data or commit 
financial fraud. Phone scams are still yielding the highest 
reported fraud losses per person, despite the rapid growth of 
scammers on social media platforms. In fact, fraud losses due 
to phone scams are higher than ever.
    According to a recent report, over 68 million Americans 
lost approximately $40 billion to phone scams in 2021 alone. In 
many ways, it feels like we have had this conversation so many 
times over so many years. But crucially, in 2019, Congress 
passed the TRACED Act to put wide ranging solutions in motion 
that would reduce illegal robocalls.
    I commend my colleague, Senator Thune, for leading this 
legislation, and I was glad to be a co-sponsor of it. 
Previously, I also led the Spoofing Prevention Act with Senator 
Bill Nelson, which passed into law in 2018.
    This law was a foundational effort to increase penalties 
and boost enforcement tools that fight illegal spoofing. 
Deterrence through fines for illegal robocall activities is a 
key part of cracking down on nuisance calls that endanger 
consumers.
    On this front, Federal agencies, particularly the Justice 
Department, must improve how they work together to ensure that 
unpaid fines are collected. There are no silver bullets to 
eradicate the scourge of illegal scam calls and texts.
    Lawmakers have to remain vigilant on and monitor how 
illegal robocall schemes are evolving. We must be able to 
empower consumers with the knowledge of who is actually calling 
them and the ability to block illegal callers. We all share the 
goal of being able to pick up our phone safely, trusting that 
we know who is going to be on the other end of the line, but we 
are not there just yet.
    The industry has made commendable efforts to reduce the 
prevalence of these illegal calls, including through 
advancements in call author--to authorize them, and trace back 
technology. New statistics from the federally designated 
Traceback Consortium, ITC, indicate that certain common 
robocall scams have started to decline over the last couple of 
years.
    Continuing this trend will take the united cooperation of 
all voice service providers. As lawmakers, we need to maintain 
this momentum and ensure that traceback efforts are fully 
supported. I urge the FCC to spend its time and resources to 
prevent genuine criminal activity and create meaningful, safe 
harbors for businesses acting in good faith compliance with the 
law.
    I look forward to hearing from today's witnesses about 
where we are in this effort and where additional assistance may 
be needed. Thank you for being here and thank you, Chairman 
Lujan.
    Senator Lujan. Thank you, Senator Fischer. And I want to 
thank you again for being with us today. But I want to commend 
you for your leadership in so many ways, but especially in this 
case, when it comes to robocalls and robotexts, and what you 
have been doing to work, to bring support to the American 
people.
    So, thank you so very much for that. As I introduce the 
panel, we will--after the introduction, we will then hear from 
Ms. Saunders. But Ms. Saunders, who is the Senior Attorney from 
the National Consumer Law Center, thank you so much for being 
with us today.
    Ms. Megan Brown, a member of the United States Chamber of 
Commerce's Cybersecurity Leadership Council. And partner, Wiley 
Rein, I believe, is with us as well--Wiley. Miss--Mr. Josh 
Burco--Bercu, like the city.
    I appreciate that, Josh. Mr. Josh Bercu, Executive 
Director, Industry Traceback Group and Vice President of Policy 
and Advocacy for USTelecom. Thank you so much as well. And Mr. 
Mike Rudolph, the Chief Technology Officer from YouMail.
    Thank you so much for being with us today. Ms. Saunders, 
the floor is yours for your opening statement for five minutes.

STATEMENT OF MARGOT FREEMAN SAUNDERS, SENIOR COUNSEL, NATIONAL 
                      CONSUMER LAW CENTER

    Ms. Saunders. [Technical problems]--Senator Fischer, I 
appreciate the opportunity to testify today on what needs to be 
done to protect Americans from robocalls. I provide my 
testimony today on behalf of the low income clients of the 
National Consumer Law Center and the Consumer Federation of 
America.
    The current regulatory structure allows criminals access to 
Americans' wallets. As you have cited, billions of dollars are 
stolen every year through scams executed over this Nation's 
telephones.
    At the same time, the combination of scam calls, along with 
the onslaught of illegal and unwanted telemarketing calls, have 
damaged our trust in our phones and made it more difficult for 
legitimate wanted messages to reach us. The FCC has been trying 
to solve the problem, but to date its methods have not 
succeeded.
    In my testimony, you can see a graph of the number of 
robocalls, and telemarketing calls and scam calls over the 
years, and it looks like that, unfortunately, we are about 
today where we were in 2019 in terms of the combined number of 
calls.
    But either the FCC does not have sufficient legal tools to 
stop the calls, or it has not yet determined how to employ 
those--deploy those tools effectively. The Commission has 
issued numerous regulations to implement the TRACED Act, 
brought multiple enforcement actions against scam callers and 
their complicit voice service providers, yet the numbers of 
calls and the losses to Americans keep--are continuing.
    The problem is that complicit voice service providers 
responsible for these calls are making money for transmitting 
them. And as FCC Commissioner Geoffrey Starks said, ``illegal 
robocalls will continue so long as those initiating and 
facilitating them can get away with it and profit from it.''
    To eliminate these calls, there must be incentives for 
compliance, which there are not currently. We believe that the 
calls can be dramatically reduced, but the resolution requires 
a shift in emphasis by the FCC.
    The primary goal of the FCC's actions should be to protect 
the Nation's telephone subscribers from the scam calls that are 
stealing billions of dollars. To do that requires a change, 
from ensuring that calls can be completed and protecting voice 
service providers' access to the telephone numbers, telephone 
network toward shielding consumers from these illegal calls.
    If the FCC were to adopt a system under which it quickly 
suspends the ability of a voice service provider to participate 
in the network once that provider is determined to be a repeat 
offender, we think that would be a magic bullet.
    This is along the lines of the temporary restraining order 
procedure established in the Federal rules of civil procedure. 
There are procedures that can be used that we think would 
change the incentive structure and actually cause a reduction 
in the calls. Additionally, the FCC's current regulations 
prohibit telemarketers from calling our phones without express 
written consent.
    Telemarketers routinely ignore the specific requirements of 
these regulations and make about a billion illegal 
telemarketing calls every month. Then they defend themselves 
from Government and private enforcement by relying on specious 
consent agreements that were either completely fabricated or 
based on supposed consent agreements, sold and resold, and sold 
again by lead generators.
    The FCC could actually eliminate this entire business model 
by simply reiterating its current regulations. Instead, 
unfortunately, it has proposed new regulations that are less 
protective of consumers.
    In a nutshell, we believe that the FCC could eliminate most 
of these illegal calls by changing their current emphasis. In a 
civilization in which we can take pictures of Saturn's rings, 
the failure to solve this problem is not a matter of 
technology. It is a question of whether the people in power 
actually want to solve it.
    Thank you very much.
    [The prepared statement of Ms. Saunders follows:]

Prepared Statement of Margot Freeman Saunders, Senior Counsel, National 
                          Consumer Law Center
    Chairman Lujan, Senator Thune, and Members of the Committee, I 
appreciate the opportunity to testify today on what needs to be done to 
protect Americans from robocalls. I provide my testimony here today on 
behalf of the low-income clients of the National Consumer Law Center 
(NCLC), and the Consumer Federation of America.\1\
---------------------------------------------------------------------------
    \1\ This testimony was written with the substantial assistance of 
Chris Frascella, Counsel at the Electronic Privacy Information Center, 
and Carolyn Carter, Deputy Director, National Consumer Law Center.
---------------------------------------------------------------------------
    The current regulatory structure allows criminals access to 
Americans' wallets: billions of dollars are stolen every year through 
scams executed over this Nation's telephone lines.\2\ At the same time, 
the combination of the scam calls along with the onslaught of 
unwanted--and mostly illegal--telemarketing calls and texts damages our 
trust in our phones and makes it more difficult for important messages 
from health care providers and other legitimate callers to get through.
---------------------------------------------------------------------------
    \2\ See National Consumer Law Center and Electronic Privacy 
Information Center, Scam Robocalls: Telecom Providers Profit (June 1, 
2022), available at https://www.nclc.org/resources/ scam-robocalls-
telecom-providers-profit/ [hereinafter Scam Robocalls report]. This 
report also explains how scam calls are impacting American subscribers, 
the mechanics of the communications system in the U.S., how the current 
system facilitates the transmission of illegal calls, and our 
recommendations to resolve the problem.
---------------------------------------------------------------------------
    The Federal Communications Commission (FCC or Commission) has been 
trying to address the problems, but, to date, its methods have not 
succeeded in achieving a meaningful reduction in these unwanted and 
illegal calls. Either the FCC does not have sufficient legal tools to 
stop these unwanted and illegal calls, or it has not yet determined how 
to deploy those tools effectively. In Section I, we describe the 
magnitude of the onslaught of the scam and illegal telemarketing calls, 
and how the problems caused by these calls have not significantly 
abated. We note that the numbers of these calls have remained high, 
despite the dozens of new regulations and rulings issued by the 
Commission to deploy the STIR-SHAKEN caller-ID authentication 
technology \3\ and implement other mandates of the TRACED Act passed by 
Congress in 2019,\4\ and the enforcement actions it has brought against 
VoIP providers and illegal callers.\5\
---------------------------------------------------------------------------
    \3\ See Federal Commc'ns Comm'n, Combating Spoofed Robocalls with 
Caller ID Authentication, available at https://www.fcc.gov/call-
authentication
    \4\ Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and 
Deterrence (TRACED) Act, Pub. L. No. 116-105, 133 Stat. 3274 (2019).
    \5\ See In re Advanced Methods to Target and Eliminate Unlawful 
Robocalls; Call Authentication Trust Anchor, Seventh Report and Order, 
Eighth Further Notice of Proposed Rulemaking and Third Notice of 
Inquiry, CG Docket No. 17-59, WC Docket No. 17-97, at  6 to 64. (Rel. 
May 19, 2023), available at https://docs.fcc.gov/public/ attachments/
FCC-23-37A1.pdf [hereinafter FNPRM].
---------------------------------------------------------------------------
    In Section II, we explain that we believe that these scam and 
illegal telemarketing calls can be dramatically reduced. But the 
resolution requires a shift in emphasis by the FCC. The primary goal of 
the FCC's actions should be to protect the Nation's telephone 
subscribers from the scam calls that are stealing tens of billions of 
dollars from them. To do that requires a change from ensuring that 
calls be completed and protecting voice service providers' access to 
the telephone network toward shielding consumers from these illegal 
calls. We believe the number of illegal calls would be significantly 
reduced if the FCC were to adopt a system of swiftly suspending the 
ability of complicit providers to transmit illegal calls after they has 
been notified of previous illegal transmissions.
    In Section III, we explain our advocacy before the Commission to 
encourage it to issue guidance that will radically reduce the number of 
illegal telemarketing calls.
    Finally, Section IV describes a methodology that would provide 
legal callers--such as health care providers, callers with fraud 
alerts, and those with payment reminders--a way to ensure that their 
calls are completed and that would also facilitate the blocking of the 
illegal calls.
I. Illegal and unwanted scam and telemarketing calls persist, despite 
        FCC efforts.
    The unrelenting onslaught of unwanted and illegal calls and texts 
to American telephone lines illustrates that more aggressive measures 
must be employed to stop them. In recent years, the combined number of 
scam and likely illegal telemarketing calls made every month to 
American telephone lines has ranged from 1.5 to 3.3 billion every 
month, with little change from year to year.\6\
---------------------------------------------------------------------------
    \6\ Scam Robocalls report, supra note 2, at 6 (noting annual scam 
robocall volumes between 20 billion and 25 billion from 2019-2021). See 
Total National Robocalls chart, infra.
---------------------------------------------------------------------------
    While the FCC and the private Industry Traceback Group (ITG)\7\ 
have removed hundreds of offending callers from the network--including 
progress on scam robocalls regarding car warranties and student loan 
debt relief \8\--the raw number of illegal calls has remained 
relatively steady. This illustrates that, even as one scam or 
telemarketing caller or complicit provider is removed from the network, 
another quickly steps into its place.
---------------------------------------------------------------------------
    \7\ The ITG, run by USTelcom/The Broadband Association, is 
designated by the FCC to determine the source of illegal calls. ``The 
origination, delivery, and termination of robocalls involves numerous 
voice service providers in a complex ecosystem. Using a secure 
traceback portal developed by the ITG, suspected illegal robocalls are 
traced systematically back through various networks until the ITG 
identifies the originator of the suspicious calls, where the calls 
entered the United States if internationally originated, and often the 
identity of the calling party. The ITG traces the call back from the 
recipient to the caller--usually routing through four or more, or 
sometimes as many as nine or ten service providers (or ``hops'') across 
the globe.'' Industry Traceback Group, How a Traceback Works, available 
at https://tracebacks.org/for-government/.
    \8\ See Press Release, Federal Commc'ns Comm'n, FCC & State 
Attorneys General Warn Consumers of Increased Risk of Student Loan Debt 
Scam Robocalls and Robotexts (June 30, 2023, available at https://
www.fcc.gov/document/fcc-state-ags-warn-student-loan-debt-scam-
robocalls-robotexts; Industry Traceback Group, ITG 2022 Year-In-Review: 
State of Industry Traceback, available at https://tracebacks.org/wp-
content/uploads/2023/03/ITG-2022-Year-in-Review-
State-of-Industry-Traceback.pdf (``Over 500 offending callers kicked 
off the network. Terminated callers responsible for approximately 32 
million daily illegal robocalls.'').
---------------------------------------------------------------------------
    Moreover, because of the complete lack of meaningful caller ID used 
by these callers, it remains effectively impossible for consumers to 
determine the difference between scam calls and unwanted spam 
telemarketing calls on the one hand, and legitimate calls on the other 
hand. Both types of unwanted calls continue to flood the system, and 
they all purport to be local. As it is highly doubtful that consumers 
have consented to receive over a billion telemarketing calls every 
month, most are likely illegal. The dark blue area on the chart below 
shows the combined volume of both scam and telemarketing calls.\9\
---------------------------------------------------------------------------
    \9\ All data comes from YouMail. The most recent data, which was 
supplied to us on October 17, 2023, was combined with publicly 
available data for previous time periods. Scam and telemarketing stats 
are likely conservative estimates based on known percentages rather 
than direct reporting, which would result in underreported volume on 
these categorizations. In the past, YouMail has cautioned that ``[s]ome 
calls initially viewed as telemarketing are eventually recognized as 
illegal telemarketing or scam calls, so it's important to measure the 
overall quantity of scam and spam calls combined.'' PR Newswire, 
Robocalls Top 50.3 Billion in 2022, Matching 2021 Call Volumes Despite 
Enforcement Efforts (Jan. 5, 2023), available at https://
www.prnewswire.com/news-releases/robocalls-top-50-3-billion-in-2022--
matching-2021-call-volumes-despite-enforcement-efforts-301714297.html 
(quoting YouMail press release).
---------------------------------------------------------------------------
    Americans continue to lose vast sums to scam calls and texts. The 
Harris Poll/TrueCaller survey found that the number of Americans who 
lost money through telephone scams continued to escalate in 2022, 
increasing from 59 million people suffering these losses in 2021 to 
over 68 million in 2022. As more people were scammed, the total 
consumer losses also increased to over $39 billion last year.\10\ The 
FTC also reported a significant increase in individual reported losses 
between 2021 and 2022.\11\ A March 2023 report issued by Juniper 
Research predicts that fraudulent robocalls will cost mobile 
subscribers $58 billion this year.\12\
---------------------------------------------------------------------------
    \10\ Truecaller, Truecaller Insights 2022 U.S. Spam & Scam Report 
(May 24, 2022), available at https://www.truecaller.com/blog/insights/
truecaller-insights-2022-us-spam-scam-report.
    \11\ Losses from phone scams reported to the FTC by consumers 
increased from $700M to $798M from 2021-22, and losses from text scams 
more than doubled from $131M to $326M. FTC Consumer Sentinel Network, 
Fraud Reports by Contact Method, Reports & Amount Lost by Contact 
Method (Losses & Contact Method tab, with quarters 1 through 4 checked 
for 2021, 2022) (last visited Mar. 10, 2023), available at https://
public.tableau.com/app/profile/federal.trade.commission/viz/
FraudReports/FraudFacts. These numbers represent live scams as well as 
robocalls. As the number of complaints received has decreased, this 
means the average reported losses are getting larger.
    \12\ Press Release, Juniper Research, Fraudulent Robocalls to Cost 
Mobile Subscribers a Record $58 Billion Globally This Year, Finds 
Juniper Research Study (Mar. 20, 2023), available at https://
www.juniperresearch.com/pressreleases/fraudulent-robocalls-to-cost-
mobile-subscribers?
utm_source=juniper_pr&utm_campaign=pr1_robocallmitigation_providers_
operators_mar23
&utm_medium=e (``Despite the ongoing development of robocalling 
mitigation frameworks, such as STIR/SHAKEN in North America, the report 
predicts that fraudsters' ability to innovate fraud methods will drive 
these losses to reach $70 billion globally by 2027. STIR/SHAKEN 
includes standards to mitigate fraudulent methods popular in North 
America, such as caller ID spoofing, which imitates a legitimate 
enterprise through the use of temporary business numbers.'').
---------------------------------------------------------------------------
    Incessant unwanted calls and texts are degrading the value of the 
U.S. telephone system. The continued onslaught of unwanted calls from 
unknown numbers undermines the value of the entire telephone system, 
and makes it more difficult to reach people in emergencies because they 
do not answer calls.\13\ As the Commission recently noted:
---------------------------------------------------------------------------
    \13\ See Benjamin Siegel, Dr. Mark Adbelmalek, & Dr. Jay Bhatt, ABC 
News, Coronavirus Contact Tracers' Nemeses: People Who Don't Answer 
Their Phones (May 15, 2020), available at https://abcnews.go.com/
Health/coronavirus-contact-tracers-nemeses-people-answer-phones/
story?id=70693586. See also Stephen Simpson, Few Picking Up Phone When 
Virus Tracers Call, Arkansas Democrat Gazelle, July 10, 2020, available 
at https://www.arkansasonline.com/news/2020/jul/10/few-picking-up-
phone-when-virus-tracers-call/.

        . . . [T]he evidence reveals that the escalating problem of 
        robocalls has undermined consumers' trust and willingness to 
        rely on their landline telephone, leading consumers in many 
        cases to simply not answer the phone. That communication 
        breakdown can have significant health and safety of life 
        implications for the many consumers who rely on residential 
        landline service.\14\
---------------------------------------------------------------------------
    \14\ Federal Commc'ns Comm'n, Final Rule, Limits on Exempted Calls 
Under the Telephone Consumer Protection Act of 1991, CG Docket No. 02-
278, 88 Fed. Reg. 3668, at  21 (Jan. 20, 2023), available at https://
www.govinfo.gov/content/pkg/FR-2023-01-20/pdf/2023-00635.pdf.

    Government agencies and their contractors (such as ITG and YouMail) 
typically focus on scam calls, as they are the most damaging to both 
the recipients and the network. We understand that originating 
providers have increasingly resisted traceback requests from the ITG 
regarding telemarketing calls, claiming that these calls are legal 
because the recipients have provided TCPA-compliant consent for these 
calls. Yet it is impossible to believe that legitimate consent has been 
provided by subscribers for over a billion telemarketing calls each 
month. To address this confusion, in this past year we have been 
advocating that the FCC provide guidance concerning its regulations in 
a way that should radically reduce the number of telemarketing calls 
for which consent can be claimed to have been provided. Section III 
explains this advocacy.
    FCC enforcement actions are not sufficient to make a meaningful 
difference in these illegal calls. U.S.-based providers continue to 
spurn the Commission's requirements to respond to traceback requests, 
as the FCC reports each year,\15\ and as recently as Q2 2023.\16\ Its 
``first-ever'' robo-blocking order (issued more than three years after 
the passage of the TRACED Act)\17\ has already been breached.\18\ 
Traceback requests unearth gateway providers and point of entry 
providers (the providers who bring the calls into the U.S. phone 
network) that months earlier were subject to FCC cease and desist 
orders for transmitting illegal robocalls.\19\ Of the more than 7,000 
voice service providers with certifications in the Robocall Mitigation 
Database (RMD),\20\ the FCC has brought a total of 27 enforcement 
actions for deficient certifications; many of these actions addressed 
providers' failure to upload relevant documents rather than actual sub-
standard practices.\21\ The fines issued against some of the most 
egregious fraudsters \22\ have not been recovered, which undermines the 
intended deterrent effect of imposing these fines. Yet the Commission 
has referred only three forfeiture orders to the Department of Justice 
related to unwanted calls since the FCC began TRACED Act reporting in 
2020.\23\
---------------------------------------------------------------------------
    \15\ Compare Federal Commc'ns Comm'n, Report to Congress on 
Robocalls and Transmission of Misleading or Inaccurate Caller 
Identification Information, Attachment A, ``Non-Responsive 2022'' tab 
(Dec. 23, 2022), available at https://www.fcc.gov/document/ fcc-
submits-traced-act-annual-report-2022-congress [hereinafter FCC 2022 
Report to Congress] with Federal Commc'ns Comm'n, Report to Congress on 
Robocalls and Transmission of Misleading or Inaccurate Caller 
Identification Information, Attachment A, ``2021 NR Providers'' tab 
(Dec. 22, 2021), available at https://www.fcc.gov/document/ fcc-
submits-traced-act-annual-report-2021-congress [hereinafter FCC 2021 
Report to Congress] with Federal Commc'ns Comm'n, Report to Congress on 
Robocalls and Transmission of Misleading or Inaccurate Caller 
Identification Information, Attachment D, ``2020 NR Providers'' tab 
(Dec. 23, 2020), available at https://www.fcc.gov/document/fcc-submits-
traced-act-annual-report-2020-congress [hereinafter FCC 2020 Report to 
Congress].
    \16\ Federal Commc'ns Comm'n, Report on Traceback Data for the 
Period of April 2023 Through June 30, 2023) (Sept. 29, 2023), available 
at https://www.fcc.gov/ document/fcc-releases-traceback-transparency-
report [hereinafter Traceback Transparency report].
    \17\ Press Release, Federal Commc'ns Comm'n, FCC Orders Blocking of 
Calls from Gateway Facilitator of Illegal Robocalls from Overseas (May 
11, 2023), available at https://www.fcc.gov/document/ fcc-issues-first-
ever-roboblocking-order-against-one-eye [hereinafter Blocking of Calls 
order].
    \18\ Traceback Transparency report, supra note 16, at 10, Traceback 
ID 13726; this call was in violation of the Commission's May 11 
Blocking of Calls order, supra note 17.
    \19\ See Letter from FCC Enforcement Bureau to Jeff Lawson, CEO of 
Twilio Inc. and Mellissa Blassingame, Senior Director of Twilio (Jan. 
24, 2023), available at https://www.fcc.gov/document/ fcc-issues-
robocall-cease-and-desist-letter-twilio; Letter from FCC Enforcement 
Bureau to Brittany Reed, President of SIPphony L.L.C. (Jan. 11, 2023), 
available at https://www.fcc.gov/document/fcc-issues-robocall-cease-
and-desist-letter-sipphony; Letter from FCC Enforcement Bureau to Corey 
Seaman, CEO of Vultik Inc. (Jan. 11, 2023), available at https://
www.fcc.gov/ document/fcc-issues-robocall-cease-and-desist-letter-
vultik-inc; Letter from FCC Enforcement Bureau to Aaron Leon, Co-
Founder & CEO of thinQ Technologies, Inc. (Mar. 22, 2022), available at 
https://www.fcc.gov/ document/fcc-issues-robocall-cease-and-desist-
letter-thinq.
    \20\ Federal Commc'ns Comm'n, Robocall Mitigation Database, 
available at https://fccprod
.servicenowservices.com/rmd?id=rmd_listings.
    \21\ See Press Release, Federal Commc'ns Comm'n, FCC Seeks to 
Remove Companies from Key Database for Non-Compliance with Anti-
Robocall Rules (Oct. 16, 2022), available at https://www.fcc.gov/
document/fcc-seeks-remove-companies-robocall-mitigation-database; Press 
Release, Federal Commc'ns Comm'n, FCC Plans to Remove Companies from 
Key Database for Non-Compliance with Anti-Robocall Rules (Oct. 3, 
2022), available at https://www.fcc.gov/document/fcc-remove-companies-
robocall-database-non-compliance.
    \22\ See Press Release, Federal Commc'ns Comm'n, FCC Proposes 
Record $225 Million Fine for Massive Spoofed Robocall Campaign Selling 
Health Insurance (June 9, 2020), available at https://www.fcc.gov/
document/fcc-proposes-record-225-million-fine-1-billion-spoofed-
robocalls-0 (proposed in June 2020), Press Release, Federal Commc'ns 
Comm'n, Health Insurance Telemarketer Faces Record FCC Fine of $225 
Million for Spoofed Robocalls (Mar, 17, 2021), 
available at https://www.fcc.gov/document/fcc-fines-telemarketer-225-
million-spoofed-robocalls (adopted in March 2021), Press Release, 
Federal Commc'ns Comm'n, FCC Reaffirms $225 Million Spoofed Robocall 
Fine (June 7, 2023), 3available at https://www.fcc.gov/document/fcc-
reaffirms-225-million-spoofed-robocall-fine-against-rising-eagle 
(reaffirmed in June 2023). See also Press Release, Federal Commc'ns 
Comm'n, FCC Imposes Record Penalty Against Transnational Illegal 
Robocalling Operation (Aug. 3, 2023), available at https://www.fcc.gov/
document/fcc-imposes-record-fine-transnational-illegal-robocalling-
operation (issued after the Ohio Attorney General brought the following 
case in July 2022: Complaint for Permanent Injunction, Damages, and 
Other Equitable Relief, State of Ohio ex rel. Attorney General Dave 
Yost v. Jones, No. 2:22-cv-2700 (S.D. Ohio July 7, 2022), available at 
https://www.ohioattorneygeneral.gov/Files/Briefing-Room/News-Releases/
Time-Stamped-Complaint-22-CV-2700-State-of-Ohio-v.aspx).
    \23\ See FCC 2022 Report to Congress, supra note 15, at 7 
(continuing the trend from 2021); FCC 2021 Report to Congress, supra 
note 15, at 8, and FCC 2020 Report to Congress, supra note 15, at 7.
---------------------------------------------------------------------------
    As is described in this testimony, we believe that additional 
measures are necessary to protect Americans from the illegal calls.
II. The FCC should establish a system to suspend complicit voice 
        service providers after one notice, preventing them from 
        transmitting illegal calls.
    There are currently insufficient deterrents to counter the $1 
million in monthly revenue \24\ earned by complicit providers that 
transmit the one billion or more illegal calls made monthly.\25\ Under 
the current rules, the profit from these calls clearly makes it 
worthwhile for providers to run the risk of transmitting the calls. Yet 
the income to providers pales when compared to the approximately $3 
billion stolen every month from consumers through these fraudulent 
robocalls.\26\
---------------------------------------------------------------------------
    \24\ By some estimates, robocallers can send one million calls for 
as cheaply as $1,000 in call transmission costs; at a cost of $0.001 
per call, more than one billion scam robocalls every month means that 
providers earn more than $1 million in revenue every month. See, e.g., 
In re Advanced Methods To Target and Eliminate Unlawful Robocalls, Call 
Authentication Trust Anchor, Comments of ZipDX LLC, Seventh Further 
Notice of Proposed Rulemaking in CG Docket No. 17-59, and Fifth Further 
Notice of Proposed Rulemaking in WC Docket No. 17-97, at 2 (filed Aug. 
17, 2022), available at https://www.fcc.gov/ecfs/search/search-filings/
filing/10818
2676204994.
    \25\ Every month there are an average of one billion scam robocalls 
made to U.S. telephones, and a comparable number of illegal 
telemarketing calls. PR Newswire, Robocalls Top 50.3 Billion in 2022, 
Matching 2021 Call Volumes Despite Enforcement Efforts (Jan. 5, 2023), 
available at https://www.prnewswire.com/news-releases/robocalls-top-50-
3-billion-in-2022--matching-2021-call-volumes-despite-enforcement-
efforts-301714297.html (quoting YouMail press release) (scam calls made 
up roughly 41 percent of all robocall volume in 2022). The distinction 
between the two appears to be somewhat fluid, as they depend on how the 
calls are classified. The universally-reviled calls selling auto 
warranties--recently targeted by the Ohio Attorney General and the 
Commission, see Press Release, Office of the Ohio Attorney General, 
Yost Files Suit Alleging Massive Robocall Scheme (June 7, 2022)--are 
considered telemarketing calls, not outright scam calls. Conversation 
with Mike Rudolph, CTO, YouMail (Aug. 29, 2022).
    \26\ In May 2022, HarrisPoll, in a survey commissioned by 
Truecaller, estimated $39.5 billion in consumer losses over the past 
twelve months. See Truecaller, Truecaller Insights 2022 U.S. Spam & 
Scam Report (May 24, 2022), available at https://www.truecaller.com/
blog/insights/truecaller-insights-2022-us-spam-scam-report (last 
visited Sept. 16, 2022). This is an average of more than $3.29 billion 
in consumer losses per month.
---------------------------------------------------------------------------
    Scam robocalls are transmitted as the result of the choices made by 
telecommunication service providers regarding what calls they will 
accept and transmit. Providers receive a payment for each call they 
transmit.
    Robocalls typically follow a multi-step path from a caller to the 
called party, passed along from one provider to another multiple times. 
Calls go first to an originating provider (or a ``gateway provider'' in 
the case of a call from another country). That provider makes a choice 
whether to accept the calls from that caller. If it accepts the calls, 
it will send them to an intermediate provider that chooses to accept 
and transmit those calls down the call path. If that first intermediate 
provider decides not to accept the calls from the originating provider, 
the scam calls are stopped at that point and do not reach the called 
party unless the originating provider finds another intermediate 
provider willing to take them. Similarly, each hop in the chain to a 
subsequent intermediate provider or the terminating provider represents 
a separate decision by the downstream provider to accept and transmit 
those calls or to block them. Currently, the primary determinant for 
many of these instantaneous decisions made by the providers in the call 
path is profit. That must change.
    As we describe in Section IV, there are tools currently available 
that allow providers to identify and then block scam robocalls. But 
providers need to be incentivized to use these tools and to block the 
calls found to be illegal.
    The choices that providers in the call path make about whether to 
accept calls from upstream providers should be guided not only by the 
price paid for those calls, but also by the risk involved in accepting 
calls from those upstream providers. The consequences of the wrong 
choice should be steep. Providers who might otherwise be tempted to be 
complicit in transmitting scam calls will be financially motivated to 
comply with the law if punishments are swift, certain, and sufficiently 
severe. Given the proper incentives, the communications industry in the 
United States will develop and implement additional successful 
mechanisms as they become necessary.
    Telephone providers should be incentivized to develop and use 
procedures to guard against transmitting fraud robocalls. For 
originating, gateway, and first intermediate providers specifically, 
there is little excuse for continuing to transmit scam robocall traffic 
after any notice that the traffic is illegal based on previous 
tracebacks, FCC or FTC notices or cease and desist letters, similar 
notices from state attorneys general, or notices from service providers 
such as YouMail.
    The FCC established the Robocall Mitigation Database (RMD) as a way 
to keep track of voice service providers and apply requirements to 
them.\27\ The RMD provides a powerful and effective tool to the FCC to 
control non-compliant providers, as providers are prohibited from 
accepting traffic from voice service providers that have not submitted 
proper certification to the RMD.\28\
---------------------------------------------------------------------------
    \27\ See Federal Commc'ns Comm'n, Robocall Mitigation Database, 
available at https://www.fcc.gov/robocall-mitigation-database.
    \28\ See 47 C.F.R. Sec. 64.6305(e)(1). See also In re Call 
Authentication Trust Anchor, Sixth Report and Order and Further Notice 
of Proposed Rulemaking, WC Docket No. 17-97, at  8 (Rel. Mar. 17 
2023), available at https://docs.fcc.gov/ public/attachments/FCC-23-
18A1.pdf.
---------------------------------------------------------------------------
    We believe that the FCC should be empowered to use immediate--but 
temporary--suspension \29\ from its Robocall Mitigation Database as a 
mechanism to protect telephone subscribers from receiving illegal 
calls, pending investigations and due process determinations. This 
would prioritize protecting U.S. telephone subscribers from criminal 
scam calls over providing originating and gateway providers access to 
the U.S. telephone network.\30\ Once a provider has been notified by 
any of the government enforcement agencies, or their service providers, 
that it has been found to be transmitting illegal calls, such 
notification should serve as legal notice that the next time it is 
determined to be transmitting illegal calls, it will be suspended from 
the RMD. These suspensions should be temporary and short-lived, but 
immediate, pending a due process review. The due process review would 
determine whether this latest finding that the provider was 
transmitting illegal calls was a mistake that will not be repeated, or 
whether it justifies permanent removal from the RMD.
---------------------------------------------------------------------------
    \29\ Suspension should result in legally effective removal from the 
RMD. This can be accomplished via a prominent notation that the 
provider's status is suspended. See, e.g., In re Advanced Methods to 
Target and Eliminate Unlawful Robocalls et al., Comments of ZipDX 
L.L.C., Fifth Further Notice of Proposed Rulemaking in CG Docket No. 
17-59, and Fourth Further Notice of Proposed Rulemaking in WC Docket 
No. 17-97, at  64 (filed Dec. 7, 2021), available at https://
www.fcc.gov/ecfs/document/12080110629539/1 (``We would note that 
`delisting' should not actually constitute complete removal from the 
database; rather, an entry should be retained so that it is clear to 
all others that the problematic provider has been explicitly designated 
as such. This will ensure that if (when) the problematic provider 
attempts to shift their traffic to a new downstream, that downstream 
will become aware of the situation before enabling the traffic.'').
    \30\ Most, if not all, of the offending voice service providers are 
VoIP (Voice over Internet Protocol) services. VoIP is a technology that 
accesses the telephone network through the internet, and is commonly 
used by many large telecommunications providers in place of traditional 
landlines to provide service to residential and business customers. 
Often, the telephone service is paired with Internet access and cable 
television service. The VoIP providers that process the illegal 
robocalls are generally small, often simply one or two individuals with 
minimal investment or technical expertise who have set up a service in 
their home or other temporary quarters and offer services through 
online advertisements. See FCC 2021 Report to Congress, supra note 15, 
at 12 (``The Commission's experience tracing back the origins of 
unlawful call traffic indicates that a disproportionately large number 
of calls originate from Voice over Internet Protocol (VoIP) providers, 
particularly non-interconnected VoIP providers. Moreover, the Industry 
Traceback Group has found that high-volume, rapid-fire calling is a 
cost-effective way to find susceptible targets, although it does not 
collect data about which robocall originators are VoIP providers.'').
---------------------------------------------------------------------------
    We have recommended this type of immediate suspension to the 
Commission as a way of swiftly preventing complicit voice service 
providers from continuing to transmit tens of thousands of illegal 
calls.\31\ The interests of American subscribers to be protected from 
dangerous, fraudulent, and invasive calls would be prioritized.
---------------------------------------------------------------------------
    \31\ In re Advanced Methods To Target and Eliminate Unlawful 
Robocalls, Call Authentication Trust Anchor, Comments of Electronic 
Privacy Information Center and National Consumer Law Center on Fifth 
Further Notice of Proposed Rulemaking in WC Docket No. 17-97 (filed 
Aug. 17, 2022), available at https://www.fcc.gov/ecfs/document/
10817350228611/1. Our proposal for the immediate suspension of 
complicit providers contrasts with the Commission's procedure of 
issuing a Notification of Suspected Illegal Traffic, followed by an 
Initial Determination Order, then followed by a Final Determination 
Order, see FNPRM at  30. All three of those steps are required by the 
FCC before the provider is stopped from continuing to transmit illegal 
calls. In the time between the first and third steps, tens of thousands 
of illegal calls will reach subscribers.
---------------------------------------------------------------------------
    We understand that this type of immediate suspension raises due 
process concerns for the affected providers. However, as we explain, 
those due process issues can be addressed.
    Due process principles raise two concerns: 1) the timing and the 
content of notice given to the provider before the suspension from the 
RMD occurs; and 2) the opportunity for the provider to be heard and 
contest the factual basis for the suspension.\32\
---------------------------------------------------------------------------
    \32\  See, e.g., Mathews v. Eldridge, 424 U.S. 319, 332, 96 S. Ct. 
893, 47 L. Ed. 2d 18 (1976) (``Procedural due process imposes 
constraints on governmental decisions which deprive individuals of 
`liberty' or `property' interests within the meaning of the Due Process 
Clause of the Fifth or Fourteenth Amendment.'').
---------------------------------------------------------------------------
    The Commission can establish an expedited process of suspending 
providers from the RMD akin to the procedures established by Rule 65 of 
the Federal Rules of Civil Procedure for a court to provide a Temporary 
Restraining Order (TRO). TROs recognize the need to move quickly and 
without prior notice to the respondent to protect the moving party from 
immediate, irreparable harm.\33\
---------------------------------------------------------------------------
    \33\ See ``Legal Information Institute, Temporary Restraining 
Order, available at https://www.law.cornell.edu/ wex/
temporary_restraining_order (last accessed Oct. 19, 2023).
---------------------------------------------------------------------------
    The Supreme Court has noted that ``due process is flexible and 
calls for such procedural protections as the particular situation 
demands.'' \34\ In this context, the Commission will be protecting 
telephone subscribers from the tens of thousands of illegal robocalls 
that would otherwise be placed but for the provider's suspension from 
the RMD. Protecting American subscribers from access by known criminals 
who seek to defraud them prevents irreparable harm and justifies a 
truncated procedure that provides notice to the provider of the 
suspension simultaneously with initiating an immediate suspension from 
the RMD. The U.S. government has an interest in protecting its 
residents from scam calls. The Supreme Court has recognized that the 
government's interests are to be balanced against the private interest 
affected by the action--in this case, the provider's removal from the 
RMD and subsequent inability to transmit calls into the network.\35\
---------------------------------------------------------------------------
    \34\ Morrissey v. Brewer, 408 U.S. 471, 481, 92 S. Ct. 2593, 33 L. 
Ed. 2d 484 (1972). See also Mathews v. Eldridge, 424 U.S. 319, 349, 96 
S. Ct. 893, 47 L. Ed. 2d 18 (1976) (``In assessing what process is due 
in this case, substantial weight must be given to the good-faith 
judgments of the individuals charged by Congress with the 
administration of social welfare programs that the procedures they have 
provided assure fair consideration of the entitlement claims of 
individuals.'').
    \35\ See Mathews, 424 U.S. at 334-35 (``Accordingly, resolution of 
the issue whether the administrative procedures provided here are 
constitutionally sufficient requires analysis of the governmental and 
private interests that are affected. More precisely, our prior 
decisions indicate that identification of the specific dictates of due 
process generally requires consideration of three distinct factors: 
First, the private interest that will be affected by the official 
action; second, the risk of an erroneous deprivation of such interest 
through the procedures used, and the probable value, if any, of 
additional or substitute procedural safeguards; and finally, the 
Government's interest, including the function involved and the fiscal 
and administrative burdens that the additional or substitute procedural 
requirement would entail.'' (internal citations omitted)).
---------------------------------------------------------------------------
    Formal Notice. Just as when a TRO is issued by a court, the system 
we propose would require the Commission to issue a formal notice of the 
suspension to the provider at the same time it orders the suspension 
from the RMD. The notice to the provider would inform it of the basis 
for the suspension, the provider's right to request an evidentiary 
hearing to challenge the suspension, and other requirements related to 
the suspension. At the same time, the Commission would also notify all 
other providers on the RMD that they are prohibited from accepting 
calls from the suspended provider until otherwise notified.
    Pre-Suspension Notice. The Commission can ensure that providers 
subject to these immediate suspensions have received previous notices 
of the consequences of continuing to transmit illegal calls. Currently, 
when the ITG sends a traceback request to a provider, it already 
includes information about the nature of the call subject to the 
traceback.\36\ The traceback request is sent up through the call-path 
from the terminating provider, through the multiple intermediate 
providers, up to the originating or gateway providers. Not all these 
providers in the call path are complicit, as the illegal calls become 
mixed with legal calls as they travel--making it difficult for 
downstream providers to root out the illegal calls.
---------------------------------------------------------------------------
    \36\ Each traceback notice sent to every provider in the call path 
contains a text description of the call, typically explaining what 
makes it illegal. See Complaint for Injunctive Relief and Civil 
Penalties, North Carolina ex rel. Stein v. Articul8, LLC & Paul K. 
Talbot, Case No. 1:22-cv-00058, at 30  93-94 and 34  98-99 
(M.D.N.C. Jan. 25, 2022), available at https://ncdoj.gov/wp-content/
uploads/2022/01/FILED-Complaint_NC-v-Articul8_22-cv-00058-MDNC-2022.pdf 
[hereinafter North Carolina v. Articul8 Complaint].
---------------------------------------------------------------------------
    In the future, all traceback requests could include a warning that 
the failure to cease making illegal calls after notice, could trigger 
suspension from the RMD. The pre-suspension notice could also be 
included in notices from state attorneys general and the Federal Trade 
Commission. Providing notice of the possibility of suspension to all 
providers who are found to have transmitted illegal calls serves to 
remind every one of the potential ramifications of continuing the 
illegal activity.
    Triggering Activity. Providers are complicit in transmitting 
illegal calls when they have received notice that their calls are 
illegal from any one of a number of enforcement agencies or their 
partners in this system and yet continue to pass along this traffic. 
Other Federal agencies are engaged in battling the scam calls, 
including the FTC and the Social Security Administration, as are the 
attorneys general in most states. Additionally, responsible 
intermediate providers currently alert upstream providers that they are 
transmitting illegal calls, as do some private service providers (such 
as YouMail and ZipDX) that are engaged in network monitoring. In the 
future, the Commission could establish a system under which any one of 
these entities--state attorneys general, the FTC and other Federal 
agencies involved in this work, intermediate providers, and private 
service providers--could alert the Commission when originating or 
gateway providers continue to transmit illegal calls even after 
repeated notice from any one or more of these entities. Alerts from any 
one of these trusted sources to the FCC could serve as the basis for 
the FCC to initiate immediately the suspension process. Once a trusted 
source provides information to the FCC regarding ongoing transmission 
of illegal calls by a provider, along with proof (information about the 
number and type of the calls, and the nature of the previous notice 
provided by the trusted source), that would trigger the immediate 
suspension notice from the FCC. At that point, the FCC would initiate 
the suspension of the targeted provider for a period of 10 days, by the 
end of which there would be a hearing to determine whether the provider 
would remain suspended from the RMD.
    Opportunity to be Heard. Once a provider is given the formal notice 
from the Commission or its enforcement partners about the suspension, 
the basis for the suspension, and the provider's rights, the provider 
would have the right to contest the determination that it was 
transmitting illegal calls, had failed to comply with a traceback 
request or a Commission order, or was affiliated with providers 
previously suspended from the RMD.
    We have advocated that the Commission should establish a mechanism 
to allow this type of fact-finding proceeding, possibly before a 
Commission Administrative Law Judge,\37\ on an expedited basis. The 
Supreme Court has not required that these due process hearings always 
involve full evidentiary hearings and oral testimony; hearings can be 
conducted solely through the submission of written evidence.\38\ The 
public's interest in being relieved of the illegal calls is a factor in 
determining the process that that is due. As the Court noted:
---------------------------------------------------------------------------
    \37\ Fed. Commc'ns Comm'n, Administrative Law Judges, available at 
https://www.fcc.gov/administrative-law-judges (last accessed Oct. 19, 
2023)
    \38\ See Mathews v. Eldridge, 424 U.S. 319, 334, 343-44, 96 S. Ct. 
893, 47 L. Ed. 2d 18 (1976).

        In striking the appropriate due process balance the final 
        factor to be assessed is the public interest. This includes the 
        administrative burden and other societal costs that would be 
        associated with requiring, as a matter of constitutional right, 
        an evidentiary hearing upon demand in all cases prior to the 
        termination of disability benefits. The most visible burden 
        would be the incremental cost resulting from the increased 
        number of hearings. . . .\39\
---------------------------------------------------------------------------
    \39\ Id. at 347.

    In this context, the Commission's priority should be protecting 
subscribers from the criminals seeking to defraud them through the scam 
robocalls. Moreover, the only procedures required are those ``to insure 
that [the respondents] are given a meaningful opportunity to present 
their case.'' \40\ The Supreme Court has emphasized that ``substantial 
weight must be given to the good-faith judgments of the individuals 
charged by Congress with the administration of social welfare programs 
that the procedures they have provided assure fair consideration of the 
entitlement claims of individuals.'' \41\ Like the Social Security 
Administration in the case quoted, the Commission is charged with the 
important task of protecting the American public--here, from illegal 
robocalls, and the billions stolen from American subscribers through 
these calls.
---------------------------------------------------------------------------
    \40\ Id. at 349.
    \41\ Id.
---------------------------------------------------------------------------
    Length of the Suspension. The Commission should offer the suspended 
provider the opportunity to request a hearing within an appropriate 
number of days to contest the grounds for the suspension, provide 
evidence, and possibly provide sufficient sureties of good behavior in 
the future. If no hearing is requested, however, the Commission should 
determine the appropriate length of the suspension based on the need to 
protect the telephone system from illegal robocalls. Permanent 
suspension from the RMD should be a valued tool in the Commission's 
authority to protect subscribers from illegal robocalls. This aligns 
with Commissioner Starks' statement: ``[i]f we identify a bad actor, 
it's time to make it harder to operate. If it's a repeat offender, we 
should go further.'' \42\ The Commission has already made clear in 
numerous instances that providers must comply with its rules, and it 
has listed potential consequences for failing to do so, explicitly 
including suspension from the RMD.\43\
---------------------------------------------------------------------------
    \42\ See Statement of Comm'r Geoffrey Starks, In re Advanced 
Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-
59; Call Authentication Trust Anchor, WC Docket No. 17-97; Report and 
Order, Order on Reconsideration, Order, and Further Notice of Proposed 
Rulemaking (May 19, 2022).
    \43\ For example, since at least as early as its Second Report and 
Order in October 2020, the Commission has given U.S. voice service 
providers (as well as foreign providers that use U.S. numbers to send 
voice traffic to U.S. subscribers) notice that deficient certifications 
or failure to meet the standards of its own certifications could be met 
with enforcement ``including de-listing the provider from the 
database.'' In re Call Authentication Trust Anchor, Second Report and 
Order, WC Docket No. 17-97, at  93 (Oct. 1, 2020), available at 
https://docs.fcc.gov/public/attachments/FCC-20-136A1.pdf. Also, the 
Commission has required that providers submit updates regarding ``any 
of the information they filed in the certification process'' within 10 
business days of the change. Id. The Commission took a similar step 
against the robocallers themselves in 2020. See Press Release, Federal 
Commc'ns Comm'n, FCC to Robocallers: There Will Be No More Warnings 
(May 1, 2020), available at https://docs.fcc.gov/public/attachments/
DOC-364109A1.pdf.
---------------------------------------------------------------------------
    If the Commission believes that it does not have the authority to 
exercise these immediate but temporary suspensions to protect American 
telephone subscribers from these illegal calls, we urge Congress to 
provide such authority.
III. The Commission should issue guidance confirming that its current 
        regulations limit agreements for prior express consent and 
        prior express invitation to calls from one seller, and that the 
        E-Sign Act applies to agreements entered online.
    The misuse of consumers' ``consents'' by lead generators and others 
is a major factor contributing to the increasing number of illegal 
telemarketing calls and texts. The number of telemarketing calls has 
been steadily rising in recent years, peaking at over 1.4 billion a 
month in March 2023.\44\
---------------------------------------------------------------------------
    \44\ PR Newswire, U.S. Consumers Received Roughly 5 Billion 
Robocalls in March, According to YouMail Robocall Index: National 
Monthly Robocall Volume Reached Highest Peak Since November 2019 (Apr. 
7, 2023), available at https://www.prnewswire.com/news-releases/us-
consumers-received-roughly-5-billion-robocalls-in-march-according-to-
youmail-robocall-index-301792
292.html.
---------------------------------------------------------------------------
    Lead generators, a common feature on the internet, refer potential 
customers to vendors.\45\ The ``leads''--the telephone numbers and 
other data regarding potential customers--are sold directly to sellers 
of products or services (such as lenders or insurance companies) or to 
lead aggregators that then sell the leads to sellers.\46\ As courts and 
the FTC have noted, it is not always apparent from a particular website 
that it is operated by a lead generator rather than an actual lender or 
seller of other products or services,\47\ and misrepresentations and 
outright consent fraud on lead generators' sites are common.\48\
---------------------------------------------------------------------------
    \45\ See Federal Trade Comm'n, ``Follow the Lead'' Workshop, Staff 
Perspective (Sept. 2016), available at www.ftc.gov (overview of lead 
generation industry).
    \46\ Id. at 2 (``A lead is someone who has indicated--directly or 
indirectly--interest in buying a product.'').
    \47\ See, e.g., CFPB v. D & D Mktg., 2016 WL 8849698, at *1 (C.D. 
Cal. Nov. 17, 2016).
    \48\ See Federal Trade Comm'n, Follow the Lead Workshop--Staff 
Perspective 5 (Sept. 2016), available at www.ftc.gov. See also Consumer 
Fin. Prot. Bureau v. RD Legal Funding, L.L.C., 332 F. Supp. 3d 729, 
782-783 (S.D.N.Y. 2018); MacDonald v. CashCall, Inc., 2017 WL 1536427, 
at *12 (D.N.J. Apr. 28, 2017), aff'd on other grounds, 883 F.3d 220 (3d 
Cir. 2018) (affirming denial of arbitration motion); CFPB v. D & D 
Mktg., 2016 WL 8849698, at *1 (C.D. Cal. Nov. 17, 2016); Consumer Fin. 
Prot. Bureau v. CashCall, Inc., 2016 WL 4820635, at *10 (C.D. Cal. Aug. 
31, 2016). See also McCurley v. Royal Seas Cruises, Inc., 21-55099, 
2022 WL 1012471 at *3 (9th Cir. Apr. 5, 2022) (``The amount of 
mismatched data in the record cannot all be explained by data-entry 
errors or family members with different last names. . . . These facts, 
in combination with the evidence of widespread TCPA violations in the 
cruise industry, would support a finding that Royal Seas knew facts 
that should have led it to investigate Prospects's work for TCPA 
violations.'').
---------------------------------------------------------------------------
    Consumers who visit a lead generator's site are typically invited 
to enter their contact information into a form or application on the 
site. Typically, the consumer is asked to click on a link that includes 
language in tiny font \49\ that does not anywhere indicate that the 
lead generator is planning to use that click to justify telemarketing 
calls from hundreds--or even--thousands--of telemarketers.\50\
---------------------------------------------------------------------------
    \49\ For example: By clicking ``Get My Auto Quotes'' the consumer 
is supposedly agreeing that the lead generator can ``share my 
information to the providers in our network for the purpose of 
providing me with information about their financial services and 
products.'' But to see the full list of callers and other lead 
generators that this website could sell the consumer's lead to, one 
must place their mouse and hover over a link embedded in the long 
paragraph under the place to be clicked, described infra at 50.
    To access this form, a person must go to QuoteWizard's website at 
https://www.quotewizard.com/ and provide information about the 
insurance product they seek, as well as their name, address, and 
telephone number, birth date, and other personal information.
    \50\ See, e.g., the list of thousands of insurance carrier partners 
of QuoteWizard, available at https://quotewizard.usnews.com/form/
static/corp/providers.html?bn=U.S.%20News&bf=us
news.
---------------------------------------------------------------------------
    The site operator then sells the consumer's information to 
interested lenders or sellers, sometimes with some level of data 
analysis, and often through an automated auction. A 2011 survey found 
that leads are sometimes sold for over $100 \51\; more recent online 
data indicates that leads can be sold for as much as $600 each.\52\
---------------------------------------------------------------------------
    \51\ Consumer Federation of America, CFA Survey of Online Payday 
Loan Websites 7 (Aug. 2011), available at https://consumerfed.org/pdfs/
CFAsurveyInternetPaydayLoanWebsites.pdf.
    \52\ See Leads Hook, Blog post, How to Make Money Selling Leads in 
2023 (& How Much to Charge) (July 12, 2023), available at https://
www.leadshook.com/blog/how-to-sell-leads/.
---------------------------------------------------------------------------
    One organization of lead generators admitted in its comments to the 
Commission in a March 2023 Notice of Proposed Rulemaking that lead 
generators are responsible for a ``meaningful percentage'' of entirely 
fabricated consent agreements.\53\ These comments provide particularly 
helpful information about how the lead generator industry works to 
facilitate telemarketing robocalls: ``once the consumer has submitted 
the consent form the company seeks to profit by reselling the `lead' 
multiple--perhaps hundreds--of times over a limitless period of time. 
Since express written consent does not expire, the website is free to 
sell the consent forever.'' \54\
---------------------------------------------------------------------------
    \53\ Comment of Responsible Enterprises Against Consumer 
Harassment, CG Dockets Nos. 21-402, 02-278, at 1 (filed May 9, 2023), 
available at https://www.fcc.gov/ecfs/document/1050
9951114134/1.
    \54\ Id. at 3 (emphasis added).
---------------------------------------------------------------------------
    Each party that owns the consent, including the original lead 
generator and every subsequent purchaser of the consent, ``is free to 
sell it again.'' \55\ As the lead generators explain: the result of all 
these sales is that ``[e]ach time the website operator--or an 
intermediary ``aggregator'' . . . sells the consumer's data a new set 
of phone calls will be made to the consumer.'' \56\
---------------------------------------------------------------------------
    \55\ Id. at 6 (emphasis added).
    \56\ Id. at 3 (emphasis added).
---------------------------------------------------------------------------
    Additional comments in the FCC's proceeding support the point that 
the practice of lead generators sharing consents is a major 
contributing factor in the proliferation of unwanted telemarketing 
calls:

   The known fact that one click can sign up a consumer to 
        thousands of businesses, related or not, is a dreadful problem. 
        Aged leads are also problematic because, currently, consent 
        never expires.\57\
---------------------------------------------------------------------------
    \57\ Comment of Drips, CG Dockets Nos. 21-402, 02-278 (filed May 8, 
2023), available at https://www.fcc.gov/ecfs/document/10509043191182/1.

   Until lead buyers stop purchasing non-compliant leads there 
        will be incentives that lead to bad practices.\58\
---------------------------------------------------------------------------
    \58\ Comment of National Association of Mutual Insurance, CG 
Dockets Nos. 21-402, 02-278 (filed May 8, 2023), available at https://
www.fcc.gov/ecfs/document/10508029328611/1.

    On the other hand, comments from the telemarketing industry and 
lead generators defend the sharing of consumer consents with hundreds, 
and even thousands, of callers. For example, a trade association for 
telemarketers argues against the Commission's proposal in the NPRM: 
``It is easy to say that 1,000 companies are too many but there are 
many markets, such as insurance, where hundreds of relevant companies 
provide differentiated products.'' \59\ The level of objections to the 
FCC's concerns by the lead generator industry underscores the extent to 
which that industry is responsible for so many of the billion monthly 
telemarketing calls made to American telephones.
---------------------------------------------------------------------------
    \59\ Comment of Professional Associations for Customer Engagement, 
CG Dockets Nos. 21-402, 02-278, at 9 (filed May 8, 2023), available at 
https://www.fcc.gov/ecfs/document/10508798
33281/1.
---------------------------------------------------------------------------
    FCC regulations already require consumers' written consents to 
apply to just one seller and to be non-transferable. The Telephone 
Consumer Protection Act \60\ requires the FCC to establish regulations 
governing telemarketing calls. For the past several decades, the FCC's 
regulations have outlined explicit requirements for callers before they 
can make prerecorded telemarketing calls to cell phones and residential 
lines,\61\ or any calls to lines registered on the Nation's Do Not Call 
(DNC) Registry.\62\ Both regulations require that, before those calls 
can be made, the recipient must have signed an express written 
agreement consenting to telemarketing calls by or on behalf of a single 
seller.\63\
---------------------------------------------------------------------------
    \60\ 47 U.S.C. Sec. Sec. 227 et seq.
    \61\ 47 C.F.R. Sec. 64.1200(f)(9).
    \62\ 47 C.F.R. Sec. 64.1200(c)(2)(ii).
    \63\ 47 U.S.C. Sec. 227(a)(4). The regulation makes exceptions for 
calls to DNC lines when the calls are on behalf of charities, and when 
the caller has an ``established business relationship'' with the 
recipient.
---------------------------------------------------------------------------
    The requirements for consent or invitation to receive telemarketing 
calls in the current FCC regulations are quite specific, and they have 
been the law for a long time.\64\ The current regulations prohibit 
telemarketing calls to a line registered on the DNC Registry unless the 
telemarketer has a ``personal relationship with the recipient'' or the 
caller has the subscriber's prior express invitation or permission. The 
rule specifies:
---------------------------------------------------------------------------
    \64\ The Commission's regulation governing consent for calls to DNC 
lines were promulgated in 2003. See Rules and Regulations Implementing 
the Telephone Consumer Protection Act (TCPA) of 1991, Final Rule, CG 
Docket No. 02-278, 68 Fed. Reg. 44,144, 44,148  22 (F.C.C. July 25, 
2003) (``Consistent with the FTC's determination, we conclude that for 
purposes of the national do-not-call list such express permission must 
be evidenced only by a signed, written agreement between the consumer 
and the seller which states that the consumer agrees to be contacted by 
this seller, including the telephone number to which the calls may be 
placed.'' (emphasis added)). The regulations requiring prior express 
written consent for prerecorded telemarketing calls to residential 
lines and cell phones were promulgated in 2012. See In re Rules & 
Regulations Implementing the Telephone Consumer Protection Act of 1991, 
Report and Order, Docket No. 02-278, 27 F.C.C. Rcd. 1830, 1873  28 
(F.C.C. Feb. 15, 2012).

        Such permission must be evidenced by a signed, written 
        agreement between the consumer and seller which states that the 
        consumer agrees to be contacted by this seller and includes the 
        telephone number to which the calls may be placed; . . .\65\
---------------------------------------------------------------------------
    \65\ 47 C.F.R. Sec. 64.1200(c)(2)(ii) (emphasis added).

    The critical language in this regulation is a) the agreement must 
be ``between the consumer and seller,'' and b) it must specify that the 
consumer agrees to be contacted by ``this seller.'' As each agreement 
must be between the seller and the consumer, and each agreement must be 
limited to the calls from that seller, the FCC's regulation clearly 
prohibits any agreement from providing consent to more than one seller 
or consent that can be sold or transferred to another seller.
    Similarly, the FCC's rules for prerecorded telemarketing calls to 
cell phones and residential lines requires prior express written 
consent,\66\ which the current regulations define in 47 C.F.R. 
Sec. 64.1200(f)(9) as:
---------------------------------------------------------------------------
    \66\ 47 C.F.R. Sec. 64.1200(a)(3).

        (9) The term prior express written consent means an agreement, 
        in writing, bearing the signature of the person called that 
        clearly authorizes the seller to deliver or cause to be 
        delivered to the person called advertisements or telemarketing 
        messages using an automatic telephone dialing system or an 
        artificial or prerecorded voice, and the telephone number to 
        which the signatory authorizes such advertisements or 
---------------------------------------------------------------------------
        telemarketing messages to be delivered.

        (i) The written agreement shall include a clear and conspicuous 
        disclosure informing the person signing that:

                (A) By executing the agreement, such person authorizes 
                the seller to deliver or cause to be delivered to the 
                signatory telemarketing calls using an automatic 
                telephone dialing system or an artificial or 
                prerecorded voice;\67\
---------------------------------------------------------------------------
    \67\ 47 C.F.R. Sec. 64.1200(f)(9) (emphasis added).

    Unlike the requirements for prior express invitation under 47 
C.F.R. Sec. 64.1200(c)(2)(ii) for calls to DNC lines, this regulation 
does not explicitly require that the agreement be ``between'' the 
person to be called and the seller. But the references to ``the 
seller'' make it clear that the agreement can permit calls from only 
one seller.
    Thus, both of these consent provisions are explicit in allowing 
consent to be given to receive calls only from a single identified 
seller. If there were any ambiguity, the FCC's rule should be 
interpreted to be consistent with the parallel provisions of the 
Federal Trade Commission's (FTC) Telemarketing Sales Rule (TSR).\68\ 
Congress has instructed the Commission to maximize consistency with the 
FTC's rules,\69\ and even without a congressional directive it is 
obvious that inconsistent rules governing the same activity would be 
problematic.
---------------------------------------------------------------------------
    \68\ 16 C.F.R. Sec. Sec. 310.1 et seq. With respect to prerecorded 
calls, before a telemarketing call can be made, the TSR requires that 
the ``seller [must have] obtained [consent] only after a clear and 
conspicuous disclosure that the purpose of the agreement is to 
authorize the seller to place prerecorded calls to such person;. . .'' 
16 C.F.R. Sec. 310.4(b)(1)(v)(A)(i) (emphasis added).
    \69\ The Do-Not-Call Implementation Act, Pub. L. No. 108-10, 
Sec. 3, 117 Stat. 557 (2003) (``Not later than 180 days after the date 
of enactment of this Act, the Federal Communications Commission shall 
issue a final rule pursuant to the rulemaking proceeding that it began 
on September 18, 2002, under the Telephone Consumer Protection Act (47 
U.S.C. 227 et seq.). In issuing such rule, the Federal Communications 
Commission shall consult and coordinate with the Federal Trade 
Commission to maximize consistency with the rule promulgated by the 
Federal Trade Commission. . . .'' (emphasis added)).
---------------------------------------------------------------------------
    The TSR's requirements that ``the seller'' obtain the consumer's 
consent, and that the consent allows delivery of prerecorded messages 
``by or on behalf of a specific seller,'' make it clear that a third 
party that is not the seller's agent cannot obtain the consumer's 
consent, and that consent cannot be sold or transferred. And the FTC 
has explicitly reiterated this point in its Business Guidance,\70\ 
which explains:
---------------------------------------------------------------------------
    \70\ Federal Trade Comm'n, Business Guidance, Complying with the 
Telemarketing Sales Rule, available at https://www.ftc.gov/business-
guidance/resources/complying-telemarketing-sales-
rule#prerecordedmessages.

        May a seller obtain a consumer's written permission to receive 
        prerecorded messages from a third-party, such as a lead 
        generator? No. The TSR requires the seller to obtain permission 
        directly from the recipient of the call. The seller cannot rely 
---------------------------------------------------------------------------
        on third-parties to obtain permission.

    The FCC should simply issue guidance reiterating the clear meaning 
of its existing regulations. To confirm what the FCC's regulations have 
said for the past twenty years, and to show consistency with the FTC's 
rule, the FCC should similarly issue guidance that under its existing 
rules, consent agreements must identify a single seller and that a 
seller or telemarketer cannot obtain consent by purchasing it from, or 
obtaining a referral from, a lead generator, another seller, 
telemarketer, or an independent contractor.
    In March 2023, the Commission proposed new regulations intended to 
limit the collection and selling of consent agreements among lead 
generators.\71\ However, we--on behalf of a broad coalition of consumer 
and privacy groups--have strongly urged the Commission not to proceed 
with its proposed changes to its regulations, as that proposal would be 
a reduction in consumer protections from the current regulations, and 
would be inconsistent with the existing language which already 
addresses the problem. In extensive comments, and several meetings,\72\ 
we have explained how the current TCPA regulations already set the 
necessary standards. Instead of issuing new regulations, we have urged 
the Commission to issue guidance reiterating the requirements in its 
current regulations, along with a reminder that the Federal E-Sign law 
applies whenever writings or signatures are provided electronically. 
Our comments on these points have been reiterated by USTelecom-The 
Broadband Association,\73\ as well as comments filed on behalf of 28 
state attorneys general.\74\
---------------------------------------------------------------------------
    \71\ In re Targeting and Eliminating Unlawful Text Messages Rules 
and Regulations Implementing the Telephone Consumer Protection Act of 
1991, Report and Order and Further Notice of Proposed Rulemaking, CG 
Docket Nos. 21-402, 02-278 (Rel. Mar. 17, 2023), available at https://
www.fcc.gov/document/fcc-adopts-its-first-rules-focused-scam-texting-0. 
The Proposed Rule was published in the Federal Register at 88 Fed. Reg. 
20,800 (Apr. 7, 2023) and is available at https://www.govinfo.gov/
content/pkg/FR-2023-04-07/pdf/2023-07069.pdf.
    \72\ See In re Targeting and Eliminating Unlawful Text Messages 
Rules and Regulations Implementing the Telephone Consumer Protection 
Act of 1991, Comments of National Consumer Law Center et al., CG Docket 
Nos. 21-402, 02-278 (filed May 8, 2023), available at https://
www.fcc.gov/ecfs/document/1050859496645/1 and In re Targeting and 
Eliminating Unlawful Text Messages Rules and Regulations Implementing 
the Telephone Consumer Protection Act of 1991, Reply Comments of 
National Consumer Law Center et al., CG Docket Nos. 21-402, 02-278 
(filed June 6, 2023), available at https://www.fcc.gov/ecfs/search/
search-filings/filing/10606186902940.
    \73\ In re Targeting and Eliminating Unlawful Text Messages Rules 
and Regulations Implementing the Telephone Consumer Protection Act of 
1991, Comments of USTelecom--The Broadband Association, CG Dockets No. 
21-402, 02-278 (filed May 8, 2023), available at https://www.fcc.gov/
ecfs/document/10508915228617/1.
    \74\ In re Targeting and Eliminating Unlawful Text Messages Rules 
and Regulations Implementing the Telephone Consumer Protection Act of 
1991, Reply Comments of 28 State Attorneys General, CG Dockets No. 21-
402, 02-278 (filed June 6, 2023), available at https://www.fcc.gov/
ecfs/search/search-filings/filing/10606091571575.
---------------------------------------------------------------------------
    Instead of issuing new rules, the FCC should simply issue guidance 
to industry, reiterating that the existing rules require a consumer's 
consent to be limited to calls by or on behalf of a single seller, and 
that this consent cannot be sold or transferred. Insisting on 
compliance with current TCPA regulations will significantly reduce the 
number of unwanted telemarketing calls by limiting the sale of consent 
by lead generators. Most of the billion-plus monthly telemarketing 
calls that consumers receive today are based on consents supposedly 
obtained through lead generators on various websites. Yet the fact that 
lead generators and their telemarketing customers have been ignoring 
the requirements of the Commission's regulations on telemarketing 
calls--and getting away with it for many years--is not a reason to 
allow that behavior to continue. As the Commission has repeatedly 
recognized, it is largely because of too many robocalls that the use of 
the telephone has declined in recent years.\75\
---------------------------------------------------------------------------
    \75\ See FNPRM at  1 (``Many of us no longer answer calls from 
unknown numbers and, when we do, all too often find them annoying, 
harassing, and possibly fraudulent. Consumers are not the only losers 
when this happens; legitimate callers have a hard time completing the 
calls consumers do want to receive.'').
---------------------------------------------------------------------------
    Limiting the ability to use a consumer's single agreement of 
consent to justify multiple calls from different telemarketers will 
stop a large number of unwanted telemarketing calls, as only a tiny 
fraction of the consents previously used to justify the calls will meet 
the requirements. Requiring the calling and lead generation industries 
to comply with regulations that have been on the books for over a 
decade may force a change in their practices, but it will be a change 
that will greatly benefit consumers.
    Complying with the existing rules will not prevent lead generators 
from putting consumers in touch with sellers they want to hear from. 
Nothing in the FCC's rules prevents lead generators from providing 
information to consumers, including direct referrals to sellers of 
products and services through weblinks. And nothing prohibits lead 
generators from providing the offered referrals through e-mail or snail 
mail (addresses are often required information), or even by simply 
displaying the information right on the website. Many lead generators 
currently do not require the entry of a telephone number to refer a 
consumer to a seller,\76\ and others ask for minimal information (like 
zip code) and then refer the consumer right to a seller's website.\77\ 
All of these practices, which are far less invasive than unleashing a 
torrent of telemarketing calls, will be unaffected by compliance with 
the existing rules.
---------------------------------------------------------------------------
    \76\ See, e.g., https://www.google.com/travel/flights.
    \77\ See, e.g., https://best.ratepro.co/; https://www.esurance.com/
; www.nerdwallet.com.
---------------------------------------------------------------------------
    The FCC should also issue guidance reiterating that online consent 
agreements must comply with E-Sign. Although few parties comply, the 
Federal E-Sign Act applies when signatures are provided electronically, 
and when electronic records are used to satisfy requirements for a 
writing. The E-Sign Act establishes the rules for satisfying a 
requirement for a writing or a signature with their electronic 
equivalents.\78\
---------------------------------------------------------------------------
    \78\ 15 U.S.C. Sec. Sec. 7001 et seq.
---------------------------------------------------------------------------
    It is only because of the E-Sign Act that an electronic action like 
a click on a website can carry the same legal significance as a ``wet'' 
signature.\79\ As a result, an electronic click used by a telemarketer 
to signify a person's signature on an agreement providing express 
consent or invitation to receive telemarketing calls under either the 
TCPA regulations or the TSR will qualify as a signature that can bind 
the person to the agreement only if that click meets the definition of 
an electronic signature in the E-Sign Act at 15 U.S.C. Sec. 7006(5). 
Among other things, this definition requires that the signer have the 
intent to sign the electronic record.\80\ When the agreement is to 
provide consent for telemarketing calls, the place on the electronic 
form where the electronic action is to be applied must clearly indicate 
that the consumer, by taking the electronic action, is intending to 
sign the related electronic agreement to receive those calls. An 
electronic sound, symbol, or process applied on a website that is 
hyperlinked to a list of multiple other parties from whom the person is 
purportedly agreeing to receive calls should not be construed to 
indicate consent by the person applying the click, because the person 
would not have had the required intent to sign an agreement with all of 
the callers each and every one of the hundreds or thousands of callers 
included in the hyperlinked list.\81\
---------------------------------------------------------------------------
    \79\ 15 U.S.C. Sec. 7001(a)(2).
    \80\ 15 U.S.C. Sec. 7006(5) (``The term `electronic signature' 
means an electronic sound, symbol, or process, attached to or logically 
associated with a contract or other record and executed or adopted by a 
person with the intent to sign the record.'' (emphasis added)).
    \81\ See, e.g., Federal Commc'ns Comm'n, In re Urth Access, Inc., 
Order, File No. EB-TCD-22-00034232, 2022 WL 17550566, at  16 (Rel. 
Dec. 8, 2022), available at https://www.fcc.gov/document/fcc-orders-
voice-service-providers-block-student-loan-robocalls (``The websites 
included TCPA consent disclosures whereby the consumer agreed to 
receive robocalls from `marketing partners.' These `marketing partners' 
would only be visible to the consumer if the consumer clicked on a 
specific hyperlink to a second website that contained the names of each 
of 5,329 entities. We find that listing more than 5,000 `marketing 
partners' on a secondary website is not sufficient to demonstrate that 
the called parties consented to the calls from any one of these 
`marketing partners.' '' (footnote omitted)).
---------------------------------------------------------------------------
    Because the telemarketing industry has routinized non-compliance 
with the FCC's current regulations, we have urged the FCC to issue 
guidance clarifying how these regulations apply to telemarketing calls.
IV. Legal callers should leverage their power in the marketplace to 
        protect their calls from blocking and mislabeling, which will 
        assist in the 
        efforts to eliminate the illegal calls.
    The FCC's efforts to address illegal calls include its recent 
proposal \82\ to encourage terminating providers to block more 
suspicious calls, as well as continuing to label suspicious calls.\83\ 
While supporting these proposals, we have respectfully suggested that 
just doing more of the same--requiring blocking of calls from FCC-
identified providers, encouraging opt-out blocking and labeling, and 
enforcing and tweaking rules for STIR/SHAKEN authentication--seems 
unlikely to change the basic dynamic that drives these illegal calls: 
originating and gateway providers are making sufficient income from 
these calls to make it more profitable to keep making the calls and 
risking the punishment.\84\ Clearly, the potential for costly 
consequences from conveying these illegal calls is sufficiently remote 
and outweighed by the income from these calls such that the current 
measures fail to dissuade these providers from continuing their current 
practices.\85\
---------------------------------------------------------------------------
    \82\ FNPRM. The Proposed Rule was published in the Federal Register 
at 88 Fed. Reg. 43,489 (July 10, 2023) and is available at https://
www.federalregister.gov/documents/2023/07/10/2023-13032/advanced-
methods-to-target-and-eliminate-unlawful-robocalls.
    \83\ We note that call labeling should only be used in lieu of 
blocking when there is meaningful doubt about the legality and value of 
the call, such that allowing the call to go through poses less risk 
than blocking it. In other words, calls that appear to be likely scams 
should always be blocked, as the risk to consumers from those calls is 
significant. Blocking scam calls should be the first and primary line 
of defense, not labeling.
    \84\ See In re Advanced Methods to Target and Eliminate Unlawful 
Robocalls; Call Authentication Trust Anchor, Reply Comments of National 
Consumer Law Center, Electronic Privacy Information Center, & Public 
Knowledge Relating to Seventh Report and Order and Eighth Further 
Notice of Proposed Rulemaking, CG Docket No. 17-59, WC Docket No. 17-97 
(filed Sept. 8, 2023), available at https://www.fcc.gov/ecfs/search/
search-filings/filing/1090831416629.
    \85\ This dynamic was noted in 2021 by Commissioner Starks: 
``[I]llegal robocalls will continue so long as those initiating and 
facilitating them can get away with and profit from it.'' In re Call 
Authentication Trust Anchor, Further Notice of Proposed Rulemaking, WC 
Docket No. 17-97 (Sept. 30, 2021) (Statement of Comm'r Geoffrey 
Starks).
---------------------------------------------------------------------------
    Instead, we have urged the Commission to adopt a set of best 
practices for legal callers that--if widely used--will likely eliminate 
many of the illegal calls plaguing subscribers' telephone lines. These 
best practices would leverage the market power of the legal callers to 
change the calculus of voice service providers that are currently 
complicit--either knowingly or with deliberate blindness--about their 
transmission of illegal calls. If legal callers were to demand, on a 
uniform basis, that the voice service providers that transmit their 
calls must adopt the Commission's best practices and avoid transmitting 
illegal calls, the profit from illegal calls would plummet. Even more 
importantly, the illegal calls would no longer mixed with the legal 
calls, making it much easier for the terminating providers to identify 
and block these calls.
    Legal callers have repeatedly complained that their legal--and 
often wanted--calls are erroneously blocked or labeled. As a result, 
subscribers are likely missing some calls that they want or need from 
callers,\86\ and legal callers are experiencing escalating costs and 
frustrations with consistently and reliably completing their calls to 
subscribers. These problems are caused by the mislabeling and incorrect 
blocking of their legal calls.\87\
---------------------------------------------------------------------------
    \86\ See, e.g., In re Advanced Methods to Target and Eliminate 
Unlawful Robocalls; Call Authentication Trust Anchor, Comments of 
Numeracle, Inc, CG Docket No. 17-59, WC Docket No. 17-97, at 2, 19 
(filed Aug. 9, 2023), available at https://www.fcc.gov/ecfs/document/
108102252
803712/1.
    \87\ Id.
---------------------------------------------------------------------------
    Legal callers are responsible for placing over two billion 
robocalls every month. While some of these calls are surely unwanted, 
there is no dispute that a significant percentage of these calls are 
desired, welcomed, or critical to their recipients (e.g., school, 
government, security, or disaster alerts). The difficulties with 
reliably completing these wanted calls are apparently increasing. Legal 
calls are mixed with a torrent of illegal calls at shared originating 
and intermediating providers, causing legal calls to be tainted by 
illegal calls in the same call path. The result is that legal calls end 
up mislabeled or blocked by downstream providers seeking to protect 
subscribers from illegal calls.
    We have proposed that the Commission facilitate leveraging the 
considerable marketplace power of these legal callers to assist in the 
efforts to eliminate dangerous and unwanted calls--scam and illegal 
telemarketing calls. If legal callers are armed with the information 
about how to avoid using the providers that are processing illegal 
calls, the sheer economic power of legal callers may be sufficient to 
force voice providers to stop transmitting illegal calls.
    We have suggested that the Commission define best practices for 
legal callers and provide clear recommendations to enable these callers 
to use their power in the telephone marketplace to ensure that their 
calls are placed only with providers that do not originate calls or 
transmit from illegal callers. A market-based approach like this would 
a) provide strong financial incentives to originating and intermediate 
providers to avoid transmitting illegal calls; b) facilitate the 
transmission of legal calls through call paths that would eliminate the 
likelihood that the calls would be labeled improperly or blocked by 
downstream or terminating providers; and c) supplement the other 
mechanisms created by the Commission intended to address illegal calls. 
The foundation of a market-based approach is providing legal callers 
with the information that they need to keep their calls separate from 
illegal calls. As we explain below, this information is already 
available from private analytics-based platforms. The Commission need 
only lead the way.
    Legal calls are mistaken for illegal calls because of the lack of 
transparency regarding the providers that are transmitting both types 
of calls. As described in Section II, supra, automated calls take 
circuitous routes from origination to the call recipient through the 
least-cost routing process.\88\ The least-cost routing process allows 
downstream providers to refuse to take calls from upstream providers if 
they do not like the price offered for the transmittal or if they deem 
the calls potentially illegal--and thus too costly. The issue is how to 
incentivize downstream providers to refuse more of these illegal calls. 
The providers that are complicit in transmitting illegal calls are well 
aware of what they are doing. They know that the calls are illegal 
because they have received multiple traceback requests. With each 
traceback request, they are given a notice from the Industry Traceback 
Group (ITG) that they are transmitting suspicious calls.\89\ So, even 
if the providers did not know before they received the traceback 
request from the ITG that the calls transmitted over their networks 
were illegal, the providers are fully aware once the traceback requests 
start arriving.
---------------------------------------------------------------------------
    \88\ See Appendix to Complaint, United States of America v. 
Palumbo, Case 1:20-cv-00473, Declaration of Marcy Ralston at 10-12  22 
(E.D.N.Y. Jan. 28, 2020). Marcy Ralston, a Special Agent in the Social 
Security Administration's Office of Inspector General, Office of 
Investigations, provided a sworn statement in United States of America 
v. Palumbo.
    \89\ Each traceback notice sent to every provider in the call path 
contains a text description of the call, typically explaining what 
makes it illegal. See North Carolina v. Articul8 Complaint, supra note 
36, at 30  93-94 and 34  98-99. In addition, most traceback notices 
include a link to the recorded message that was captured. North 
Carolina alleged that ITG notified Articul8 of this illegal traffic 49 
times for calls. Id. at 30  93. In one version of the Social Security 
scam, ``the caller says your Social Security number has been linked to 
a crime (often, he says it happened in Texas) involving drugs or 
sending money out of the country illegally.'' Jennifer Leach, Federal 
Trade Comm'n, Consumer Advice, Fake calls about your SSN (Dec. 12, 
2018), available at https://consumer.ftc.gov/consumer-alerts/2018/12/
fake-calls-about-your-ssn.
---------------------------------------------------------------------------
    The phone network currently allows for legal calls to be mixed with 
illegal calls, which frustrates attempts to identify the illegal calls 
accurately and label or block them. Disaggregating legitimate calls 
from illegal traffic is the first step to resolving both problems. To 
do that, legal callers need to be equipped with the means to avoid the 
providers transmitting high volumes of illegal traffic alongside their 
legal calls.
    The results of tracebacks and government investigations into 
illegal providers are only reported publicly after they are completed. 
To protect themselves, legal callers need to know in real time which 
providers are responsible for illegal calls, and they need to be made 
aware of how to use that information to protect their calls from being 
mislabeled or blocked.
    In their enforcement efforts, the Commission and other Federal and 
state government agencies currently use information from non-government 
service providers that maintain real-time content-based analytics 
platforms. These platforms capture live evidence of illegal calls, 
including the content of the calls (both audio and transcribed), the 
telephone numbers of the callers and called parties, the date and time, 
the upstream voice service providers that provided STIR/SHAKEN 
attestation, and more. This information is aggregated to show volumes 
of calls, patterns in the calls, call paths, compliance with STIR/
SHAKEN, and more. These content-based analytics platforms are also used 
by private enterprises in banking, health care, and hospitality and 
government agencies seeking to protect themselves from callers 
pretending to be these businesses to scam consumers. The platforms 
assist these institutions by identifying the voice service providers 
responsible for transmitting the imposter calls, thereby facilitating 
the disruption of illegal calls.\90\
---------------------------------------------------------------------------
    \90\ Both YouMail and ZipDX capture audio evidence and other 
material information on tens of thousands or millions of illegal calls 
daily. YouMail's solutions assist subscribers by identifying likely 
illegal calls, transferring those calls to voice-mail, and then, with 
the permission of the called consumers, capturing and transcribing the 
content of these calls. ZipDX performs similar functions using banks of 
its own telephone numbers (referred to as honeypots) to receive the 
calls. Both platforms categorize and analyze the calls, providing 
extensive detail about call patterns and call paths as well as 
transcripts of the illegal calls. Both can also identify which 
telephone providers are continuing to provide STIR/SHAKEN attestations 
to illegal calls even after receiving notice of the bad traffic.
---------------------------------------------------------------------------
    There is no reason that legal callers could not use the information 
from these content-based analytics platforms to identify the providers 
responsible for transmitting illegal calls. Once aware of which 
providers are participating in that conduct, a legal caller could 
switch to another originating provider that is not associated with 
illegal calls. Additionally, in its contracts with the providers 
originating their legal calls, the legal callers could require that the 
provider not send this caller's traffic to immediately downstream 
providers that are transmitting illegal calls from upstream providers 
that are currently accepting bad traffic.
    If sufficient numbers of legal callers employ these practices, in 
combination, considerable market pressure would be exerted on telecom 
providers to improve their mitigation efforts, as they would risk 
losing legal call traffic to competitors that are more effective at 
detecting and blocking bad traffic. Instead, at present, these 
originating and intermediate providers are rewarded when legal and 
illegal traffic are mixed together. That mixing masks illegal traffic, 
allowing the providers that are transmitting illegal traffic to 
continue profiting from it and further degrading the reliability of the 
American telephone system.
    The Commission can provide information on best practices that would 
clarify for legal callers how to ensure that their calls are not mixed 
with the illegal calls. Once these best practices are adopted by legal 
callers, the Commission can impose additional requirements on 
downstream and terminating providers to step up their blocking of 
suspicious calls, providing further incentives to legal callers to 
ensure that their calls are sent on legitimate call paths. Callers will 
be incentivized to use this method because it will facilitate the 
delivery of their calls, but the Commission's expanded blocking 
requirements may provide an additional stimulus.
    To prevent the telephone system from becoming further degraded by 
the prevalence of illegal, dangerous, and invasive calls, we have urged 
the Commission to consider recommending and facilitating these types of 
best practices for legal callers.
Conclusion
    I very much appreciate the opportunity to provide the Committee 
with our ideas and proposals for how to address illegal robocalls. 
Please let me know if you have questions.

    Senator Lujan. Thank you very much, Ms. Saunders. Ms. 
Brown, the floor is yours for five minutes.

STATEMENT OF MEGAN L. BROWN, PARTNER, WILEY REIN LLP, ON BEHALF 
         OF THE U.S. CHAMBER INSTITUTE FOR LEGAL REFORM

    Ms. Brown. Thank you very much. Good morning, Chairman 
Lujan, Ranking Member Fischer, and members of the Subcommittee. 
My name is Megan Brown, and I am a partner in the telecom, 
media, and technology practice at Wiley Rein. I am here on 
behalf of the U.S. Chamber Institute for Legal Reform.
    The U.S. Chamber is the world's largest business 
federation, representing the interests of more than 3 million 
businesses of all sizes and sectors, as well as State and local 
chambers and industry associations.
    Its Institute for Legal Reform is a division of the chamber 
that promotes civil justice reform at the global, national, 
State, and local levels. Thank you for the opportunity to 
testify. The Chamber has been involved in robocalling issues 
for years and offers the perspective of the American business 
community which values reliable and trustworthy ways to 
communicate with customers and the public.
    This is a highly regulated space with lots of litigation, 
something the Chamber has been vocal about for years because 
TCPA remains a major source of class action litigation that, in 
its view, does little to help consumers. So, the Chamber today 
would like the Committee to leave with four main points.
    First, American businesses support cracking down on illegal 
and abusive robocalls. Businesses want consumers to continue to 
trust the ecosystem and answer their calls and texts. American 
businesses work hard to comply with these very complex 
regulations at the Federal and State level.
    They are hurt by caller ID spoofing and fraud against 
consumers. And because of those harms, companies are fighting 
back against robocall scams. For example, Marriott did its own 
investigation into millions of calls placed illegally using--
misusing its brand. It worked with the Industry Traceback Group 
and YouMail, and then it sued the malicious robocallers, 
getting an injunction against the marketing agency that placed 
all these calls--bless you. U.S. businesses take the law 
seriously and work hard to comply with it.
    Second, Congress has passed major legislation recently on a 
bipartisan basis to address illegal robocalls. You can ensure 
that your hard work bears fruit by encouraging the Department 
of Justice to make robocall scams and illegal spoofing a 
priority.
    The Federal Communications Commission has taken major steps 
to implement all of this new Congressional direction, and I 
know FCC staff have been working really hard on these issues. 
They have issued enormous forfeiture orders against bad actors 
that blatantly break the law, and its cease and desist orders 
have been particularly impactful.
    Likewise, the Federal Trade Commission has been addressing 
scams using illegal robocalls and texts, and State Attorneys 
General have partnered with Federal agencies and bring their 
own cases. DOJ, however, is a vital partner here, and Congress 
should urge the Department to make enforcement a priority by 
acting aggressively on the referrals it gets from the FCC and 
by bringing its own cases directly for violations of laws like 
the Truth in Caller ID Act, but also mail and wire fraud for 
some of these really egregious scams.
    Third, unfortunately, the TCPA's private right of action 
and statutory damages continue to fuel abuse of litigation 
against American businesses. The Institute for Legal Reform has 
tracked lawsuit abuse for years and the operating environment 
under the TCPA continues to hurt businesses and consumers.
    Class actions seeking enormous damages and attorneys? fees, 
professional to TCPA plaintiffs, and the threat of crushing 
liability for mistakes creates a challenging environment for 
American businesses. An important takeaway here is that the 
TCPA class actions and those large settlements do not address 
the bad actors that are intentionally violating Federal law to 
send millions of illegal calls.
    Here I have in mind people like Adrian Abramovich, Greg 
Robbins, John Spillers, or the shell companies that they used 
to make massive numbers of fraudulent calls, often pretending 
to be legitimate American businesses. Fourth, the Chamber knows 
that some on this committee are considering additional 
legislation.
    Congress has been active on robocalling over the past 
several years, and the Chamber suggests that if the Committee 
goes forward with legislation, it should also consider modest 
but important changes that would limit the abuse of our 
judicial system through TCPA class actions that do not stop bad 
actors.
    So, in sum, the Chamber appreciates the Committee's 
attention to these issues, as well as the hard work of the FCC, 
State AGs, and the other panelists here to go after bad actors 
that abuse our networks, steal corporate goodwill, and harm 
consumers. Thank you for the opportunity to testify.
    [The prepared statement of Ms. Brown follows:]

   Prepared Statement of Megan L. Brown, Partner, Wiley Rein LLP, On 
         behalf of the U.S. Chamber Institute for Legal Reform
    Thank you Chair Lujan, Ranking Member Thune, and members of the 
Subcommittee. My name is Megan Brown, and I am a partner in the 
Telecom, Media and Technology practice at Wiley Rein LLP. I am here on 
behalf of the U.S. Chamber Institute for Legal Reform (``ILR''). The 
U.S. Chamber is the world's largest business federation, representing 
the interests of more than three million businesses of all sizes and 
sectors, as well as state and local chambers and industry associations. 
The ILR is a division of the U.S. Chamber that promotes civil justice 
reform through regulatory, legislative, judicial, and educational 
activities at the global, national, state, and local levels. Thank you 
for the opportunity to testify today about the robocalling landscape 
and how American businesses are protecting consumers.
    I would like to leave the Subcommittee with four main points today:

   First, legitimate businesses support efforts to crack down 
        on illegal and abusive robocalls in order to create a safe 
        communications ecosystem; businesses have every incentive to 
        ensure that consumers continue to trust the ecosystem and 
        answer calls and texts.

   Second, Congress can ensure that its already-substantial 
        efforts to address illegal robocalls bear fruit by ensuring 
        that Federal agencies--and particularly the Department of 
        Justice (``DOJ'')--make illegal robocalls an enforcement 
        priority.

   Third, the Telephone Consumer Protection Act's (``TCPA'') 
        private right of action continues to fuel abusive litigation 
        against American businesses. This difficult operating 
        environment hurts businesses and consumers, and Congress should 
        distinguish between good calls--such as appointment reminders, 
        notifications about school closures, and other communications 
        that consumers want--and bad calls, such as fraudulent and 
        harassing communications that originate from bad actors.

   Fourth, the Subcommittee could consider modest changes to 
        the TCPA to limit the abuse of our judicial system through 
        class actions that do nothing to stop bad actors--many of whom 
        flagrantly and repeatedly violate existing laws.
I. Industry Supports A Safe And Trustworthy Communications Ecosystem 
        And Is Devoting Resources To Protecting Consumers From 
        Scammers.
    Legitimate businesses have no interest in the perpetuation of 
illegal and abusive robocalls. The illegal robocalls that continue to 
plague U.S. consumers originate with bad actors that seek to defraud 
consumers and exploit the brand names and goodwill of trusted American 
companies. The business community abhors this conduct and shares 
Congress's concerns about protecting consumers.
    Indeed, the entire business community suffers when consumers cannot 
trust calls and text messages. Legitimate businesses use automated 
tools every day to communicate with the public. As former FCC 
Commissioner Michael O'Rielly explained, ``information is often better 
and more accurately conveyed by dialing automatically from a list or 
through pre-recorded messages rather than through a live operator.'' 
\1\ For example, businesses may opt to use robocalls or robotexts to 
deliver ``flu shot reminders,'' ``food delivery order alerts,'' 
``customer satisfaction surveys,'' and other messages.\2\ But if 
consumers are inundated with illegal and abusive robocalls, they may 
ignore or doubt the veracity of these helpful communications.\3\
---------------------------------------------------------------------------
    \1\ Remarks of FCC Commissioner Michael O'Rielly Before the 
Washington Insights Conference, FCC, at 3-4 (May 16, 2019), https://
www.fcc.gov/document/orielly-remarks-aca-intl-washing
ton-insights-conference (``O'Rielly Remarks'').
    \2\ TCPA Litigation Sprawl: A Study of the Sources and Targets of 
Recent TCPA Lawsuits, U.S. Chamber Institute for Legal Reform, at 4-5 
(Aug. 2017), https://instituteforlegalreform.com/research/tcpa-
litigation-sprawl-a-study-of-the-sources-and-targets-of-recent-tcpa-
lawsuits/ (``TCPA Litigation Sprawl'').
    \3\ See State Of The Call 2023,Hiya, at 11, available at https://
www.hiya.com/ state-of-the-call (updated June 2023) (``State Of The 
Call 2023'') (``17 percent of businesses report a decline in answer 
rates due to spam calls'').
---------------------------------------------------------------------------
    Further, legitimate businesses, including small businesses, are 
also victims of illegal and abusive robocalls. For example, businesses 
face the serious risk from illegal robocalls of dilution of their brand 
through impersonation fraud. Indeed, ``1 in 3 businesses'' report 
having ``had their name used by an impersonator making scam calls.'' 
\4\ The Federal Trade Commission (``FTC'') concurred with this data, 
finding last year in a notice of proposed rulemaking that business 
``impersonation fraud is'' both ``prevalent'' and ``harmful.'' \5\ This 
fraud carries serious consequences for businesses: 13 percent of 
consumers ``have since switched brands after receiving an impersonation 
call.'' \6\ The U.S. Chamber supports the FTC 's continued enforcement 
in this space to address business impersonation fraud.
---------------------------------------------------------------------------
    \4\ State Of The Call 2023 at 9.
    \5\ Trade Regulation Rule on Impersonation of Government and 
Businesses, Notice of Proposed Rulemaking, 87 Fed. Reg. 62,741, 62,746 
(Oct. 17, 2022).
    \6\ State Of The Call 2023 at 10.
---------------------------------------------------------------------------
    The risks to businesses from impersonation fraud do not stop at the 
business being impersonated. For example, a common scam is for 
fraudsters to impersonate representatives from Internet search engines 
and threaten to delist businesses from search results if they do not 
hand over personal information. With their livelihood on the line, 
these businesses may comply, exposing companies to identity theft.\7\ 
This scam creates two business victims--the company being impersonated 
and the company being targeted.
---------------------------------------------------------------------------
    \7\ See Robocall Scam of the Week: Google Business Scam, YouMail 
(Feb. 22, 2023), https://blog.youmail.com/2023/02/robocall-scam-of-the-
week-google-business-scam/.
---------------------------------------------------------------------------
    Because of significant harms to consumers and businesses from 
robocall scams, companies are fighting back against robocallers 
directly. For example, a major hotel chain brought its own trademark 
lawsuit against malicious robocallers and earlier this year obtained an 
injunction against a marketing agency that placed millions of calls 
illegally using its brand name.\8\ Other companies are devising 
innovative technologies to ward off illegal calls, such as analytics-
powered software.\9\
---------------------------------------------------------------------------
    \8\ See Marriott Int'l, Inc. v. Dynasty Mktg. Grp. LLC, No. 1:21-
CV-0610, 2023 WL 2230433 (E.D. Va. Feb. 6, 2023), report and 
recommendation adopted, 2023 WL 2226782 (E.D. Va. Feb. 24, 2023).
    \9\ See Haley Henschel, 7 of the Best Robocall Blocking Apps and 
Tools for Avoiding Phone Spam, Mashable (Apr. 26, 2023), https://
mashable.com/roundup/best-robocall-blocking-apps.
---------------------------------------------------------------------------
    The private sector partners with the Government in tackling illegal 
and abusive robocalls. The Industry Traceback Group (``ITG''), is a 
group of ``companies from across the wireline, wireless, VoIP, and 
cable industries'' that ``collaborate to trace, source, and ultimately, 
stop illegal robocalls.'' \10\ The ITG has conducted more than 10,000 
tracebacks over the past three years \11\ supporting state and Federal 
investigations. As the FCC explained, the ITG's efforts have ``played a 
key role in combating the scourge of illegal robocalling campaigns.'' 
\12\
---------------------------------------------------------------------------
    \10\ See Industry Traceback Group, https://tracebacks.org/ (last 
visited Sep. 25, 2023).
    \11\ FCC Report to Congress On Robocalls and Transmission of 
Misleading or Inaccurate Caller Identification Information, FCC, at 19 
(Dec. 23, 2022), https://docs.fcc.gov/public/attachments/DOC-
390423A1.pdf (``2022 TRACED Report'').
    \12\ Id.
---------------------------------------------------------------------------
    The telecommunications industry also has developed technology to 
help in the fight. Industry technologists developed a standard called 
STIR/SHAKEN to authenticate caller ID information for calls carried 
over an IP network to ``combat illegal spoofing.'' \13\ With the TRACED 
Act, Congress mandated the use of this industry-spearhead approach.\14\
---------------------------------------------------------------------------
    \13\ Call Authentication Tr. Anchor; Implementation of Traced Act 
Section 6(a)--Knowledge of Customers by Entities with Access to 
Numbering Res., Report and Order and Further Notice of Proposed 
Rulemaking, 35 FCC Rcd. 3241,  5 (2020).
    \14\ See Pallone-Thune Telephone Robocall Abuse Criminal 
Enforcement and Deterrence Act, Pub. L. No. 116-105, Sec. 4(b)(1)(A)-
(B), 133 Stat. 3274, 3277 (2019).
---------------------------------------------------------------------------
    These are just a few examples of the business community's many 
efforts to address illegal and abusive robocalls.
II. Congress Should Ensure That Prosecuting Illegal Robocallers Is A 
        Priority.
A. Fraudulent And Abusive Robocalls Are Already Illegal.
    Illegal and abusive robocalls do not stem from a lack of laws on 
the books. To the contrary, the TCPA and its associated rules prohibit 
autodialed and artificial or prerecorded voice robocalls to personal 
numbers unless the consumer consents or the call is otherwise permitted 
(e.g., calls made for emergency purposes).\15\ The TCPA also 
establishes a number of other robust protections for consumers with 
respect to telemarketing and solicitation calls--regardless of the 
technology being used to place the call.\16\ Further, the TCPA is not 
the only tool in enforcers' toolbox to fight illegal actors. For 
example, the Truth in Caller ID Act of 2009--strengthened by the TRACED 
Act--broadly prohibits callers from ``spoofing'' their numbers ``with 
the intent to defraud, cause harm, or wrongfully obtain anything of 
value.'' \17\ Congress also empowered the FTC to ``implement and 
enforce a national do-not-call registry,'' \18\ and under the FTC's 
Telemarketing Sales Rule (``TSR''), it is illegal to place most kinds 
of telemarketing calls to a number on the registry.\19\ The TSR also 
prohibits deceptive and abusive telemarketing tactics and can be a 
powerful tool to go after bad actors.\20\
---------------------------------------------------------------------------
    \15\ 47 U.S.C. Sec. 227(b)(1)(B), (2)(B); 47 C.F.R. 
Sec. 64.1200(a).
    \16\ See e.g., 47 C.F.R. Sec. 64.1200(b), (c)(2).
    \17\ 47 U.S.C. Sec. 227(e).
    \18\ 15 U.S.C. Sec. 6151.
    \19\ 16 C.F.R. Sec. 310.4(b)(1)(iii)(B).
    \20\ Id. Sec. Sec. 310.4, 310.5.
---------------------------------------------------------------------------
    Illegal robocallers face serious potential criminal penalties. 
Fraud is of course a Federal crime. Specifically, the wire fraud 
statute provides for up to 20 years imprisonment for ``devis[ing] any 
scheme or artifice to defraud, or for obtaining money or property by 
means of false or fraudulent pretenses, representations, or promises'' 
over the phone.\21\ In addition, the TRACED Act imposes criminal fines 
of $10,000 per violation of the prohibition on fraudulent spoofing.\22\ 
Further, the Communications Act's general penalty provision provides 
that willful and knowing violators of the TCPA and its associated rules 
may be imprisoned and fined.\23\
---------------------------------------------------------------------------
    \21\ 18 U.S.C. Sec. 1343.
    \22\ 47 U.S.C. Sec. 227(e)(5)(B).
    \23\ 18 U.S.C. Sec. 501.
---------------------------------------------------------------------------
    In sum, the robocallers that target and harass American consumers 
and businesses with fraudulent scams have not found a legal loophole. 
Rather, they are already openly flouting the law.
B. There Has Been Progress In Stopping Illegal Robocalls.
    Thankfully, we have seen progress in combatting the bad actors 
responsible for illegal robocalls. As the FCC's most recent report to 
Congress detailed, that agency pursues forfeitures for tens--and 
sometimes hundreds--of millions of dollars against the biggest 
robocalling operations targeting Americans.\24\ Among these recent 
enforcement actions are the largest forfeitures in the agency's 
history: $225 million levied against a group of businesses that placed 
one billion fraudulent robocalls.\25\ The FTC is also active, having 
recently initiated a lawsuit against a Voice over Internet Protocol 
(``VoIP'') provider that funneled ``hundreds of millions of illegal 
robocalls through its network.'' \26\
---------------------------------------------------------------------------
    \24\ See 2022 TRACED Report at 5-6; FCC Fines Telemarketer $225 
Million for Spoofed Robocalls, FCC (Mar. 18, 2021), https://
www.fcc.gov/document/fcc-fines-telemarketer-225-million-spoofed-
robocalls. See also FCC Assesses Nearly $300M Forfeiture for Unlawful 
Robocalls, FCC (Aug. 3, 2023), https://www.fcc.gov/document/fcc-
assesses-nearly-300m-forfeiture-unlawful-robocalls.
    \25\ Id. at 6.
    \26\ Press Release, FTC, FTC Sues to Stop VoIP Service Provider 
That Assisted and Facilitated Telemarketers in Sending Hundreds of 
Millions of Illegal Robocalls to Consumers Nationwide (May 12, 2023), 
https://www.ftc.gov/news-events/news/press-releases/2023/05/ftc-sues-
stop-voip-service-provider-assisted-facilitated-telemarketers-sending-
hundreds-millions.
---------------------------------------------------------------------------
    Businesses and States are supplementing these Federal enforcement 
efforts. A recently filed FTC complaint cites as evidence of 
robocalling violations ``over 100 Traceback Requests'' from the ITG, 
highlighting industry's crucial role in identifying illegal 
robocallers.\27\ The States are likewise engaged. In July, a host of 
Federal agencies joined ``attorneys general from all 50 states and the 
District of Columbia'' in launching ``Operation Stop Scam Calls''--an 
enforcement initiative to crack down on illegal telemarketing 
calls.\28\ And last year, a coalition of 50 state attorneys general 
formed a bipartisan Anti-Robocall Litigation Task Force that issued 
civil investigative demands to gateway providers suspected of routing 
``a majority of foreign robocall traffic.'' \29\
---------------------------------------------------------------------------
    \27\ Complaint  31-36, United States v. Xcast Labs, Inc., No. 
2:23-CV-3646 (C.D. Cal. May 12, 2023), ECF No. 1.
    \28\ Press Release, FCC, FCC Joins Federal and State Robocall 
Partners to Launch `Operation Stop Scam Calls' (July 18, 2023), https:/
/docs.fcc.gov/ public/attachments/DOC-395216A1.pdf.
    \29\ Press Release, NCDOJ, Attorney General Josh Stein Leads New 
Nationwide Anti-Robocall Litigation Task Force (Aug. 2, 2022), https://
ncdoj.gov/attorney-general-josh-stein-leads-new-nationwide-anti-
robocall-litigation-task-force/.
---------------------------------------------------------------------------
    These efforts are yielding results. As one data point, consumers 
filed more than 100,000 informal FCC complaints about robocalls in 
2018, but they filed under 40,000 in 2022.\30\ Nevertheless, there is 
still a long way to go.
---------------------------------------------------------------------------
    \30\ See 2022 TRACED Report at 5.
---------------------------------------------------------------------------
C. Robust Enforcement Is The Way To End Illegal Robocalls.
    Despite all of this activity--including headline-grabbing FCC 
forfeiture orders--the Federal government is not doing enough to hold 
bad actors accountable. A lack of DOJ enforcement presents the biggest 
obstacle at this time.
    DOJ has not been pursuing in court the forfeiture orders adopted by 
the FCC. The FCC recently reported that in ``calendar year 2022,'' DOJ 
``did not collect any forfeiture penalties or criminal fines for 
violations of
    [the TCPA] that the Commission has referred.'' \31\ This is a 
missed opportunity for DOJ.
---------------------------------------------------------------------------
    \31\ See 2022 TRACED Report at 7.
---------------------------------------------------------------------------
    Nor is DOJ taking enough action to prosecute bad actors that 
actively and openly flout the law and seek to defraud Americans. DOJ 
has ample authority under the wire fraud statute and other provisions, 
as earlier described. And it has the means to use that authority 
because the ITG and other industry groups provide DOJ with tracebacks 
and other information that it could use. At the end of the day, 
however, it is DOJ that has to make the decision about whether to 
prosecute. While the DOJ has partnered with the FTC and others on some 
cases against robocallers,\32\ DOJ does not appear to have made 
material prosecutions a high priority, which is particularly 
disappointing when it comes to recidivist robocall abusers.\33\ As a 
former DOJ official myself, I see this as a profoundly squandered 
opportunity.
---------------------------------------------------------------------------
    \32\ Press Release, DOJ Office of Public Affairs, U.S. Department 
of Justice, Federal Trade Commission, Federal Communications Commission 
and Other Federal and State Law Enforcement Agencies Announce Results 
of Nationwide Initiative to Curtail Illegal Telemarketing Operations 
(July 18, 2023), https://www.justice.gov/opa/pr/us-department-justice-
federal-trade-commission-federal-communications-commission-and-
other#::text=The%20department's%20Consumer%
20Protection%20Branch,that%20transmitted%20illegal%20phone%20calls.
    \33\ In the Matter of Sumco Panama SA et al., Forfeiture Order, 
File No. EB-TCD-21-00031913, FCC 23-64,  12 (Aug. 3, 2023) (``Cox and 
Jones, key participants in the Enterprise, are currently banned from 
any form of telemarketing, and have been since 2013 and 2017, 
respectively. However, they have continued illegal telemarketing 
practices by using an international network of companies to conceal 
their involvement.'').
---------------------------------------------------------------------------
    As lawmakers consider additional avenues to protect the public from 
illegal robocalls, it should consider ways to spur additional action 
from DOJ, such as:

   Requiring DOJ to file an annual report with Congress 
        explaining enforcement activity it has undertaken in the last 
        calendar year to combat illegal robocalls and its handling of 
        FCC referrals, including the pursuit of forfeiture amounts. 
        This requirement would be similar to the TRACED Act's annual 
        TCPA reporting requirement for the FCC and should require DOJ 
        to explain if and why it has not pursued FCC referrals.\34\
---------------------------------------------------------------------------
    \34\ 47 U.S.C. Sec. 227(h).

   Prioritizing DOJ funds for investigations and enforcement 
---------------------------------------------------------------------------
        actions against illegal robocallers.

   Requiring DOJ to establish a robocall enforcement and 
        education office.

    However Congress might proceed, know that American businesses stand 
ready to assist DOJ and others in the fight against illegal and abusive 
robocalls.
III. The TCPA's Private Right Of Action Continues To Be The Source Of 
        Ongoing Litigation Abuse, Which Does Not Address The Urgent 
        Issue Of Combatting Bad Actors.
    Although the TCPA has helped protect consumers, the same cannot be 
said for its private right of action. That provision is presently being 
abused by plaintiff's attorneys to seek enormous payouts from American 
businesses. Private TCPA lawsuits and the threat of litigation make it 
perilous for U.S. businesses to communicate with consumers. Although 
there was some initial thinking that the Supreme Court's 2021 decision 
in Facebook v. Duguid \35\ would significantly improve the situation, 
well-meaning businesses continue to be harassed by harmful and 
opportunistic TCPA lawsuits. This ultimately harms the ability of 
consumers to utilize modern communications tools and access innovative 
services. Ultimately, any discussion of robocalling and the TCPA must 
distinguish between legitimate and lawful communication on the one 
hand, and abusive scam calls on the other.
---------------------------------------------------------------------------
    \35\ Facebook, Inc. v. Duguid, 141 S. Ct. 1163 (2021).
---------------------------------------------------------------------------
A. Not All Automated Calls Are Bad.
    Automated calls and texts can provide an efficient and effective 
means of communication to which consumers regularly and willingly 
consent. As a former FCC Commissioner explained: ``There are good and 
legal robocalls, and there are scam and illegal robocalls, and it's the 
latter that are wreaking havoc on the Nation's communications 
networks.'' \36\ Such a distinction is critical. Consider some of the 
ways in which institutions use robocalls and robotexts to communicate:
---------------------------------------------------------------------------
    \36\ O'Rielly Remarks at 3.

   ``Alerts from a school that a child did not arrive at 
---------------------------------------------------------------------------
        school, or that the building is on lockdown.''

   ``Notifications regarding storm alerts, utility outages, and 
        service restoration.''

   ``Immunization reminders for underserved, low-income 
        populations.''

   ``Updates from airlines'' to provide critical flight 
        information to passengers.

   ``Text messages from taxi and ridesharing services to alert 
        customers when their driver has arrived.'' \37\
---------------------------------------------------------------------------
    \37\ Rules and Regulations Implementing the Telephone Consumer 
Protection Act of 1991 et al., Declaratory Ruling and Order, 30 FCC 
Rcd. 7961, 8084-85 (2015) (O'Rielly, Comm'r, dissenting in part and 
approving in part) (``2015 TCPA Declaratory Ruling and Order'').

    Such automated communications are not merely convenient; they are 
effective. For example, ``significantly more patients who received 
automated telephone messages regarding hypertension treatment achieved 
blood pressure control than patients who received ordinary care only.'' 
\38\ Likewise, energy companies have reported survey data showing 
``that customers would like outage and restoration notifications, and 
prefer communications via text message or telephone call, with e-mail 
being the least requested method of contact.'' \39\
---------------------------------------------------------------------------
    \38\ Id. at 8085 (alterations omitted).
    \39\ Id. at 8086 (internal quotations omitted).
---------------------------------------------------------------------------
    These beneficial communications are also protected by the First 
Amendment. The Supreme Court has long recognized that the Government 
may not ``suppress the dissemination of concededly truthful information 
about entirely lawful activity,'' even when dissemination is 
``commercial'' in nature.\40\ In striking down part of the TCPA as 
unconstitutional in 2020, the Supreme Court confirmed that robocalls 
constitute speech protected by the First Amendment.\41\
---------------------------------------------------------------------------
    \40\ Virginia State Bd. of Pharmacy v. Virginia Citizens Consumer 
Council, Inc., 425 U.S. 748, 771-73 (1976).
    \41\ See Barr v. Am. Ass'n of Pol. Consultants, Inc., 140 S. Ct. 
2335, 2347 (2020) (plurality) (``The law here focuses on whether the 
caller is speaking about a particular topic.'' (emphasis in original)); 
id. at 2357 (Sotomayor, J., concurring) (concluding that relevant 
provision of the TCPA unconstitutionally burdened ``robocall speech'' 
(internal quotations omitted)); id. at 2364 (Gorsuch, J., concurring) 
(``no one doubts the TCPA regulates speech.'').
---------------------------------------------------------------------------
    In sum, there are many beneficial robocalls that provide customers 
with timely, convenient, and desirable information. The Chamber urges 
this body to avoid conflating those calls with the fraudulent and 
harmful calls placed by scammers and abusers.
B. The TCPA Encourages Litigation Against American Businesses Instead 
        Of Bad Actors.
    Unfortunately, the TCPA continues to be abused and inhibits 
constitutionally protected pro-consumer communications. The Chamber's 
research has repeatedly shown how the TCPA has created a cottage 
industry of unnecessary and often abusive class-action litigation, 
burdening how businesses reach their customers, while doing little to 
stop truly abusive robocalls and protect consumers.\42\ This litigation 
cash cow has become a major obstacle, inhibiting legitimate and lawful 
communications between businesses--large and small--and their 
customers. It places businesses at risk for potential litigation each 
time they pick up the phone or send a text message. And it does nothing 
to address the real bad actors: repeat scammers who abuse our 
communications networks to harm consumers.
---------------------------------------------------------------------------
    \42\ See, e.g., TCPA Litigation Sprawl; Ill-Suited: Private Rights 
of Action and Privacy Claims, U.S. Chamber Institute for Legal Reform 
(July 2019), https://instituteforlegalreform.com/wp-
content/uploads/2020/10/Ill-Suited_-
_Private_Rights_of_Action_and_Privacy_Claims_Report
.pdf; Turning the TCPA Tide: The Effects of Duguid, U.S. Chamber 
Institute for Legal Reform (Dec. 2021), https://
instituteforlegalreform.com/wp-content/uploads/2021/12/1323_ILR_TCPA
_Report_FINAL_Pages.pdf (``Turning the TCPA Tide'').
---------------------------------------------------------------------------
    Indeed, just a handful of plaintiff's lawyers--and some 
professional pro se plaintiffs--are responsible for the majority of the 
thousands of TCPA cases brought each year.\43\ Repeat TCPA plaintiffs 
also come up with ways to game the system--such as purchasing dozens of 
prepaid cellphones--to procure huge cash payouts.\44\ One serial TCPA 
plaintiff in New Jersey has filed over 30 TCPA lawsuits, pocketing as 
much as $800,000.\45\ Another has filed more than fifty cases in the 
Northern District of Texas in the last decade.\46\
---------------------------------------------------------------------------
    \43\ See e.g., Johansen v, Bluegreen Vacations Unlimited, Inc., No. 
20-81076-CIV, 2021 WL 4973593, at *1 (S.D. Fla. Sept. 30, 2021), aff'd, 
No. 22-10695, 2022 WL 17087039 (11th Cir. Nov. 21, 2022) (``Plaintiff 
appears to have an extensive history with filing lawsuits alleging 
violations of the TCPA. (See Pl. Dep. (estimating that, prior to 2020, 
Plaintiff had filed sixty (60) TCPA lawsuits and estimating that, since 
2014, Plaintiff has made on average $60,000 per year from TCPA 
lawsuits).)'') (some internal citations omitted); see also TCPA 
Litigation Sprawl at 4 (``around 60 percent of the TCPA lawsuits 
examined in the study's 17-month period were brought by only 44 law 
firms/lawyers, with two firms filing well over 200 TCPA litigations 
each.'').
    \44\ TCPA Litigation Sprawl at 15.
    \45\ Id.
    \46\ Hunsinger v. Offer, LLC, No. 3:21-CV-2846, 2022 WL 18143951 
(N.D. Tex. Dec. 7, 2022).
---------------------------------------------------------------------------
    ILR's members know firsthand the difficulties with this kind of 
``gotcha'' operating environment. The statute's private right of action 
is expansive. Any person who receives an unlawful robocall may bring a 
lawsuit to recover $500-$1,500 per call.\47\ There is no cumulative 
limit to these damages, leading some plaintiff's lawyers to seek mind-
boggling damages awards. Further, massive classes--such as a recent 
class certification of over one million people in a TCPA case against a 
bank \48\--is often sufficient to drive companies into a coercive 
settlement. For example, one lawsuit alleging violations of the TCPA 
for advertisements led to a class action settlement fund of $35 million 
with 1,237,296 class members.\49\ Other examples include a class action 
settlement with a telecommunications company for $45 million \50\ and 
another with a utility services company for $38.5 million.\51\
---------------------------------------------------------------------------
    \47\ 47 U.S.C. Sec. 227(b)(3).
    \48\ Head v. Citibank, N.A., 340 F.R.D. 145, 149 (D. Ariz. 2022).
    \49\ Drazen v. Pinto, 41 F.4th 1354 (11th Cir. 2022), reh'g en banc 
granted, opinion vacated, 61 F.4th 1297 (11th Cir. 2023).
    \50\ Final Judgment  14, Joel Hageman v. AT&T Mobility LLC, No. 
1:13-CV-00050 (D. Mont. April 9, 2013), ECF No. 68.
    \51\ Jenkins v. Nat'l Grid USA Serv. Co., Inc., No. 15-CV-1219, 
2022 WL 2301668, at *3 (E.D.N.Y. June 24, 2022).
---------------------------------------------------------------------------
    With enormous potential damages in play, plaintiffs have little 
incentive to go after criminal or overseas scammers, who offer a 
miniscule chance to generate easily such large payouts.\52\ Instead, 
TCPA plaintiffs have opted to target legitimate businesses--many of 
them household names--and not the offshore robocallers flooding 
Americans' phones with fraud and scam calls. Consider some examples of 
recent targets of TCPA lawsuits:
---------------------------------------------------------------------------
    \52\ See David Adam Friedman, Impostor Scams, 54 U. Mich. J.L. 
Reform 611, 658 (2021), https://repository.law.umich.edu/cgi/
viewcontent.cgi?article=2527&context=mjlr (explaining that parties 
``increasingly responsible for the majority of TCPA violations are 
located overseas'' and are often ``judgment proof.'').

   The City of Albuquerque was sued after sending text messages 
        to local residents during the COVID-19 pandemic, notifying them 
        of the opportunity to engage in socially-distanced town 
        halls.\53\
---------------------------------------------------------------------------
    \53\ Silver v. City of Albuquerque, No. 1:22-CV-00400, 2023 WL 
2413780 (D.N.M. Mar. 8, 2023).

   Serve All, Help All, a non-profit company that provides 
        financial aid and assistance to those with housing needs, was 
        sued by a serial pro se litigant \54\ for an automated phone 
        call offering a Public Service Announcement for homeowners in 
        default.\55\
---------------------------------------------------------------------------
    \54\ The plaintiff filed 11 TCPA lawsuits in the Western District 
of Washington in 2021, two lawsuits in 2022, and this lawsuit in 2023.
    \55\ Barton v. Serve All, Help All, Inc., No. 3:21-CV-05338, 2023 
WL 1965905, at *1 (W.D. Wash. Feb. 13, 2023), motion to certify appeal 
denied, No. 3:21-CV-05338, 2023 WL 2372904 (W.D. Wash. Mar. 6, 2023).

   A ride-share company was sued for notifying a driver that he 
        needed to update an expired driver's license.\56\
---------------------------------------------------------------------------
    \56\ Eller v. Uber Technologies, Inc., No. 4:23-CV-03526 (S.D. Tex. 
Sept. 19, 2023).

    This litigation environment makes it hard to communicate. Indeed, 
much of the recent litigation involves technical errors and honest 
mistakes. In one recent case where a technical glitch resulted in a 
company accidentally misdialing consumers, the defendant settled almost 
immediately to avoid potentially paying more than $4 million for the 
8,645 alleged violations of TCPA.\57\ In another case, a court treated 
the TCPA as a strict liability statute, finding that a company could be 
on the hook for damages where it called a number for which consent had 
been obtained but--unbeknownst to the company--the number was 
subsequently reassigned to a different consumer.\58\ The court so held, 
notwithstanding a regulatory ``safe harbor'' that is designed to 
prevent this problem.\59\
---------------------------------------------------------------------------
    \57\ Fralish v. Ceteris Portfolio Services, LLC, No. 3:22-CV-00176, 
2022 WL 19920239 (N.D. Ind. Mar. 7, 2022).
    \58\ Hylton v. Titlemax of Virginia, Inc., No. 4:21-CV-163, 2022 WL 
16753869, at *1 (S.D. Ga. Nov. 7, 2022).
    \59\ Id. at *5-*8; see also 47 C.F.R. Sec. 64.1200(m).
---------------------------------------------------------------------------
    The end result is that well-meaning businesses committed to 
compliance can nevertheless be subject to bet-the-company liability 
every time they call or text.
    This system does not protect against the scammers and bad actors 
who continue to prey on consumers.\60\
---------------------------------------------------------------------------
    \60\ In the Matter of Sumco Panama SA et al., Forfeiture Order, 
File No. EB-TCD-21-00031913, FCC 23-64,  1 (Aug. 3, 2023).
---------------------------------------------------------------------------
C. Facebook v. Duguid Has Not Materially Improved The Situation.
    There was some optimism after the Supreme Court's decision in 
Facebook v. Duguid that we would see a decline in frivolous TCPA 
lawsuits. In that case, the Court clarified that an ``automatic 
telephone dialing system''--a key term in the TCPA--must use a random 
or sequential number generator.\61\ Because some lower courts had 
previously found that any system capable of storing numbers could 
trigger TCPA liability, this interpretation clarified the statute's 
language and should have limited some lawsuits against callers. Several 
courts since have heeded the Supreme Court's interpretation and 
rejected efforts to evade it with strained arguments about 
equipment.\62\
---------------------------------------------------------------------------
    \61\ Facebook, Inc. v. Duguid, 141 S. Ct. 1163, 1173 (2021).
    \62\ The Ninth Circuit and Third Circuit have followed the Supreme 
Court's interpretation. In Borden v. eFinancial, LLC, the Ninth Circuit 
held that an automatic telephone dialing system must ``randomly or 
sequentially generate telephone numbers, not just any number.'' Borden 
v. eFinancial, LLC, 53 F.4th 1230, 1233 (9th Cir. 2022). Similarly, in 
Panzarella v. Navient Solutions, Inc., the Third Circuit held that use 
of a system with the capacity to be an automatic telephone dialing 
system is not sufficient to establish a TCPA violation. Judgment, 
Panzarella v. Navient Solutions, Inc., No. 20-2371 (3d Cir. June 14, 
2022), ECF No. 60.
---------------------------------------------------------------------------
    Unfortunately, that has not happened. An ILR study concluded that 
although there was a short term reduction immediately following Duguid 
in the volume of TCPA lawsuits filed, most lawsuits were still 
``allowed to proceed to discovery instead of being dismissed at the 
pleadings stage.'' \63\ Given the expense of discovery, plaintiff's 
attorneys still have ample leverage to coerce companies into massive 
settlements in a post-Duguid world.
---------------------------------------------------------------------------
    \63\ Turning The TCPA Tide at 2.
---------------------------------------------------------------------------
    Worse, that initial slowdown in TCPA lawsuits has now been 
reversed. TCPA filings year-to-date are up 16.8 percent from last 
year.\64\ Even more problematic, there has also been an increase in 
class action lawsuits. More than 50 percent of the 2,457 TCPA cases 
filed in Federal court in 2022 and so far in 2023 have been class 
actions.\65\ In August 2023 alone, 66.2 percent of all TCPA lawsuits 
filed were class actions.\66\
---------------------------------------------------------------------------
    \64\ Eric J. Troutman, HUGE INCREASE: TCPA Lawsuits Up Double 
Digits From Last Year--Class Action Numbers Spike, TCPA World (Sept. 
12, 2023), https://tcpaworld.com/2023/09/12/ huge-increase-tcpa-
lawsuits-up-double-digits-from-last-year-class-action-numbers-spike/.
    \65\ Westlaw Litigation Analytics, Telephone Consumer Protection 
Act (last visited Sept. 25, 2023).
    \66\ Eric J. Troutman, HUGE INCREASE: TCPA Lawsuits Up Double 
Digits From Last Year--Class Action Numbers Spike, TCPA World (Sept. 
12, 2023), https://tcpaworld.com/2023/09/12/ huge-increase-tcpa-
lawsuits-up-double-digits-from-last-year-class-action-numbers-spike/.
---------------------------------------------------------------------------
    Thus, Duguid has not led to long-term meaningful protections 
against opportunistic TCPA lawsuits. Worse still, there have also been 
suggestions that the FCC should unilaterally revise key terms defined 
by Congress and definitively interpreted by the Supreme Court, 
suggesting that even this limited protection could be on the chopping 
block.\67\
---------------------------------------------------------------------------
    \67\ See Review of the FY 2024 Budget for the Federal 
Communications Commision: Hearing Before the S. Comm. on 
Appropriations' Subcommitte on Financial Services and General 
Government, 118th Cong. (2023) (statement of Jessica Rosenworcel, 
Chairwoman, Federal Communications Commisson), https://docs.fcc.gov/
public/attachments/DOC-397034A1.pdf.
---------------------------------------------------------------------------
D. The TCPA's Private Right Of Action Harms Consumers.
    In all this talk about precedent and statistics, I do not want to 
lose track of what is at stake here. The TCPA's private right of action 
hurts businesses and consumers. Given that even innocent missteps can 
lead to business-ending liability, some companies may understandably 
choose to ``cease communicating'' altogether.\68\ But, as explained 
above, many consumers want these communications. They want to know if 
their flight has been delayed, if their medication is ready for pickup, 
or if their child did not arrive at school. An in terrorem litigation 
environment that chills these communications is fundamentally anti-
consumer.
---------------------------------------------------------------------------
    \68\ 2015 TCPA Declaratory Ruling and Order at 8093.
---------------------------------------------------------------------------
IV. Modest Changes To The TCPA Could Limit Litigation Abuse.
    Since the TCPA's 1991 enactment and in more recent legislation to 
address illegal robocalling, Congress has tried to strike a balance by 
addressing the abuse of mass communication tools while protecting the 
ability of businesses to communicate with customers using modern 
technology by delivering desired and timely communications in an 
efficient manner. The current litigation climate has seriously 
undermined that balance. If Congress wants to address the calling 
ecosystem, it could take steps to rein in the counterproductive abuse 
of the TCPA's statutory damages provision and the near-strict liability 
approach that has developed.
    To restore that balance, Congress should consider modest changes to 
reduce abusive litigation under the TCPA, including:

   Cumulative Damages Cap: Total exposures in TCPA cases can 
        become extraordinary because of the combination of statutory 
        damages and large numbers of class members who may have 
        received only one errant call and experienced no meaningful 
        harm. Facebook in the Duguid case faced billions in potential 
        damages, and there are countless examples of eyepopping 
        settlements and damage calculations.\69\ Congress should 
        consider adding a cap on the TCPA's damages to help alleviate 
        the specter of crushing liability for simple mistakes. The 
        Health Insurance Portability and Accountability Act of 1996 
        (``HIPAA'') offers a model for this approach. It caps penalties 
        in tiers based on the culpability of the violator, with the low 
        tier limiting the statutory penalty amount to ``$100 for each 
        such violation, except that the total amount imposed on the 
        person for all such violations of an identical requirement or 
        prohibition during a calendar year may not exceed $25,000.'' 
        \70\ Congress could similarly impose a limit on the ``total 
        amount'' of damages available under the TCPA.
---------------------------------------------------------------------------
    \69\ See, e.g., Wakefield v. ViSalus, Inc., No. 3:15-CV-1857, 2019 
WL 2578082 (D. Or. June 24, 2019) (denying request to treble 
$925,220,000 damage award).
    \70\ 42 U.S.C. Sec. 1320d-5(a)(3)(A).

   Safe Harbor: The law should provide businesses an 
        opportunity to cure inadvertent alleged violations of the TCPA 
        without being subjected to liability. Safe harbors allow 
        businesses to remedy good-faith mistakes, thereby leaving 
        consumers better off and allowing enforcers to better focus 
        their efforts on true bad actors. The idea of a safe harbor is 
        not unfamiliar in important societal issues. For example, the 
        FTC's Children's Online Privacy Protection Act (COPPA) Safe 
        Harbor Program allows industry groups to be considered in 
        compliance with COPPA regulations if their proposed COPPA 
        oversight programs are approved by the FTC.\71\ Additionally, 
        in May of this year, Florida amended the Florida Telephone 
        Solicitation Act to allow consumers to respond with ``STOP'' to 
        cease further text message solitications.\72\ However, the law 
        also provides a safe harbor period of 15 days for solicitors to 
        react to the ``STOP'' text, and no action can be brought 
        against a telephone solicitor unless a text is received more 
        than 15 days after the initial ``STOP'' message was sent.\73\
---------------------------------------------------------------------------
    \71\ 16 CFR Sec. 312.11(b).
    \72\ H.B. 761, 2023 Leg., Reg. Sess., Sec. 1 (Fla. 2023).
    \73\ Fla. Stat. Sec. 501.059(10)(c).

   Limit Attorney's Fees: Congress should consider limiting 
        attorney's fees that may be available in TCPA cases. One reason 
        for the onslaught of TCPA litigation is that attorneys are 
        incentivized to go after American businesses, regardless of 
        culpability or actual consumer harm because large damage awards 
        can generate large attorney's fees. Reasonable limits on 
        attorney's fees could blunt that distorted incentive. Congress 
        could borrow from other Federal statutes that limit attorney 
        fee recoveries, ensuring that any damages award benefit 
---------------------------------------------------------------------------
        consumers.

    Each of these approaches offer Congress a way to limit some of the 
most abusive TCPA litigation without undermining efforts to crack down 
on the bad actors responsible for harmful and abusive robocalls.
    The business community wants to end illegal robocalls and foster a 
safe and trustworthy communications ecosystem for businesses and their 
customers. Companies take pains to comply with the TCPA and stand ready 
to continue assisting state and Federal partners to go after scammers 
and those who intentionally flout Federal and state law. As Congress 
considers paths forward, enforcement should remain a top priority of 
all Federal agencies and Congress should consider reforms to prevent 
legitimate businesses from being ensnared in abusive TCPA litigation.
    I want to again thank the Subcommittee for the opportunity to 
discuss these important issues. I look forward to answering your 
questions.

    Senator Lujan. Thank you--[technical problems]--very much 
for your testimony today. Mr. Bercu, the floor is yours for 5 
minutes.

       STATEMENT OF JOSHUA M. BERCU, EXECUTIVE DIRECTOR, 
 INDUSTRY TRACEBACK GROUP; VICE PRESIDENT, POLICY & ADVOCACY, 
              USTELECOM--THE BROADBAND ASSOCIATION

    Mr. Bercu. Thank you, Chair Lujan and Ranking Member 
Fischer, for the opportunity to join this important 
conversation.
    I am Josh Bercu, Executive Director of the Industry 
Traceback Group, or ITG, and I also serve as Vice President of 
Policy and Advocacy at USTelecom, the Broadband Association. 
USTelecom established the ITG to address the illegal robocall 
problem, and today, pursuant to the TRACED Act, the ITG is 
designated by the FCC as the official consortium to traceback 
unlawful robocalls.
    We are proud to support the FCC, FTC, DOJ, State Attorneys 
General, and other Government efforts to stop illegal robocalls 
through our traceback data. And I am pleased to be here today 
to discuss that collective effort and how Congress can bolster 
it.
    As I explain in my written testimony, various technological 
and economic changes have made it cheap and easy for bad actors 
to call American consumers from anywhere in the world. All 
anyone needs to initiate robocalls is a computer, some 
associated software, and a website. In the past, providers had 
no true--had no way to know the true origin of the calls.
    Industry traceback solves for that by piecing together the 
entire path of any given suspicious call, regardless of the 
number of providers involved. We obtained within a day or two 
the same information that would take enforcement agencies 
multiple months to get via subpoenas, and virtually all of the 
data we get makes its way to those enforcement agencies.
    Thanks to ITG data, Federal and State agencies are bringing 
more enforcement actions against illegal robocallers than ever 
before, and these efforts are working. For example, data from 
my colleagues at YouMail show that scam robocall volumes have 
dropped over 50 percent from their peak in October 2019.
    And after FCC and State enforcement actions based on ITG 
tracebacks, the billions of auto warranty robocalls that were 
plaguing Americans early last year have dropped almost to zero. 
Notably, even absent any affirmative enforcement action, 
tracebacks disrupt illegal robocalls in real time.
    Nearly 85 percent of completed tracebacks result in the 
originating provider warning or firing its offending customer. 
But as industry and Government innovate to fight illegal 
robocalls, so do their perpetrators.
    For instance, instead of robocallers, robocalls, scammers 
are now making more targeted live calls, sometimes combined 
with communications through other channels. The scammers know 
precisely who they are calling as they convincingly pretend to 
be your bank, for example.
    Also, the decline in scam robocalls has been supplanted by 
a substantial rise in unsolicited and unwanted telemarketing 
robocalls. These are the robocalls your constituents are most 
likely to receive today.
    A consumer may sign up on a job listing website, for 
example, but miss the fine print linking to a second page with 
hundreds or thousands of marketing partners that each now 
purportedly have the consumer's consent for robocalls.
    Even worse, ITG evidence suggests that these already flimsy 
claims of consent could be entirely falsified by bots 
consenting on behalf of consumers for calls they never asked 
for and do not want.
    While the STIR/SHAKEN, and call authentication framework 
makes it harder to send spoofed calls to consumers, prolific 
robocalls now engage in number rotation where they cycle 
through assigned, not spoofed numbers, sometimes for a single 
call per number.
    But this practice is intended to evade industry safeguards, 
and harms both consumers and legitimate callers, because calls 
from new numbers are far more likely to be treated as spam as a 
result.
    In my written testimony, I provide several steps that 
Congress can take to further empower industry and Government 
efforts to stop illegal robocalls, but I want to emphasize a 
few today. First, Congress should ensure that DOJ prioritizes 
prosecuting the criminals behind unlawful robocalls.
    Second, to address problematic number rotation, Congress 
should formally expand the role of the Traceback Consortium to 
investigate how bad actors get access to scores of numbers.
    Third, Congress should reintroduce and pass the Robocall 
Traceback Enhancement Act, which Senators Thune and Markey 
introduced last Congress to protect the consortium in the work 
protecting consumers. Thank you again for the opportunity to 
speak.
    We look forward to continuing to collaborate with the 
Subcommittee and Federal and State Government partners in 
solving the illegal robocall problem.
    [The prepared statement of Mr. Bercu follows:]

  Prepared Statement of Joshua M. Bercu, Executive Director, Industry 
  Traceback Group; Vice President, Policy & Advocacy, USTelecom--The 
                         Broadband Association
    Thank you Chair Lujan and Ranking Member Thune for the opportunity 
to speak on behalf of the Industry Traceback Group (ITG) and 
USTelecom--The Broadband Association (USTelecom), which leads the ITG.
    I am Josh Bercu, and I serve as the Executive Director of the ITG, 
and also as Vice President, Policy & Advocacy at USTelecom. I have held 
these roles for over three years, and before that, for nearly a decade, 
I was in private practice focusing on privacy, consumer protection, and 
telecommunications law.
    I am pleased to be here today to share my insights on why this 
country has an illegal robocall problem and what industry together with 
Federal and state government partners is doing to address it. Illegal 
and unwanted robocalls started to grow and get out of control in the 
early 2010s. The problem grew in large part because of the rise of the 
internet-based calling technology known as voice over Internet 
protocol, or ``VoIP.'' VoIP technology made it easier and more 
affordable for consumers to call their friends and family anywhere in 
the world, but it also made it cheap and easy for bad actors to call 
American consumers from anywhere in the world. These bad actors care 
little about the legal restrictions that apply to such calls.
    Worse, many VoIP platforms based here and abroad allowed bad actor 
callers to input any number into the caller ID field, a practice known 
as spoofing. Over the years, we have seen bad actors experiment with 
spoofing to increase the odds that their fraudulent calls are answered 
by unsuspecting consumers. Their practices evolved to use the same or 
neighboring area codes, a practice known as ``neighborhood spoofing,'' 
as well as quickly cycling through calling numbers to evade the 
blocking and labeling tools carriers have deployed, a practice known as 
``snowshoeing.'' Sometimes bad actors also spoof the telephone numbers 
of government agencies, banks, or other well-known brands.
    It would be reasonable to question why the phone network allowed 
spoofing in the first instance. There are some legitimate spoofing use 
cases, as Congress recognized when it passed the Truth in Caller ID 
Act, making spoofing illegal only with the intent to defraud, cause 
harm, or wrongfully obtain anything of value. For instance, domestic 
violence shelters often spoof outbound calls to hide the victim's 
location. Enterprises and call centers frequently spoof an outbound 
number to provide a better number to call back. Congressional telephone 
town hall calls do the same, displaying the Member of Congress's office 
number rather than a number tied to the platform vendor.
    It is also based on the nature of how the phone network evolved. 
Before VoIP, to be a phone provider, you had to lay wire to each 
customer's physical location. It was a high capital, expensive 
business. And when you wired a local bank or call center, you generally 
knew they were a real entity. You knew your customer. With VoIP and 
Internet technology, that is no longer the case. Today all anyone needs 
to be a phone provider or calling platform is a computer, some 
associated software, and a website.
    The U.S. phone system is a collection of interconnected telephone 
networks. Therefore, in most cases--and certainly before the deployment 
of the STIR/SHAKEN call authentication framework that has made it 
harder to spoof calls--providers had no reliable way to know where a 
given call actually originated from and who made it. And given the 
nature of an interconnected network, where a provider found a problem 
and fired a calling customer or wholesale provider because of 
questionable call traffic, the offending traffic often still made its 
way to the provider--just through additional wholesale providers, or 
``hops.'' In the ITG's experience, illegal robocalls average six hops 
before they get to the call recipient.
    Given these challenges, in July 2016, then-AT&T CEO Randall 
Stephenson responded to then-Federal Communications Commission (FCC) 
Chairman Tom Wheeler's request to establish an industry task force to 
address the growing robocall problem. The result was the industry-led 
Robocall Strike Force, through which a broad cross-section of the 
industry brainstormed creative solutions to abate the proliferation of 
illegal and unwanted robocalls and promote greater consumer control 
over the calls they wish to receive. The Strike Force ultimately made 
numerous recommendations to the industry as well as to the FCC, 
including but not limited to deploying the STIR/SHAKEN call 
authentication framework and expanding traceback efforts.
    The deployment of the STIR/SHAKEN call authentication framework has 
undoubtedly made it harder to get spoofed calls through to consumers. 
In response, we have seen a shift to a practice called ``number 
rotation,'' where callers making hundreds of thousands of robocalls no 
one asked for cycle through assigned - not spoofed--numbers, sometimes 
averaging only 1.2 calls per number. This practice--designed to evade 
the protections that the industry has deployed--not only harms 
consumers, it also harms legitimate callers. That is because the 
analytics show that a new calling number is far more likely to be a 
spam call than a real call, impacting how calls from such numbers are 
treated by analytics providers and their carrier partners.
    The Industry Traceback Group was a voluntary industry initiative 
established by USTelecom in 2015. USTelecom initially established it as 
a working group to explore the notion of industry tracebacks, and then 
evolved it to a broader and more formal industry effort to 
systematically conduct tracebacks. The effort expanded to include 
representatives beyond USTelecom members and from across the 
telecommunications industry. The TRACED Act then created a formal role 
for industry traceback through the establishment of the registered 
traceback consortium, which the FCC followed up with a mandate to 
cooperate with traceback requests from the consortium. We are proud 
that the FCC recently designated the ITG as the official traceback 
consortium for the fourth year in a row.
    Prior to the ITG's establishment, the true origin of illegal 
robocalls was difficult to discern given the interconnected nature of 
the phone network, the potential for multiple voice service providers 
to be involved in the path of a single call, and the limited 
information that each provider has about the traffic they receive with 
any given call. Industry traceback solves for these challenges. As a 
general matter, all any voice service provider in the call path knows 
is the direct upstream provider from whom it received the call. And 
that is the primary information we request from each voice service 
provider in the call path of a traceback. Through this process, the ITG 
is able to rapidly piece together the path of any given suspected 
unlawful robocall, regardless of the number of providers in the call 
path.
    The ITG obtains data of suspected illegal call examples from 
various sources, including analytics companies, honeypots, or referrals 
from law enforcement or others harmed by the calls. The ITG team 
reviews the examples to ensure that we have information to support a 
reasonable suspicion that the given call campaign and examples are 
fraudulent, abusive, or otherwise unlawful. We then initiate tracebacks 
that are representative of hundreds of thousands or millions of illegal 
calls. Our system sends notifications to each provider in the call path 
and continues hop to hop to hop until we identify the provider that 
originated the call as well as its customer. We also find out other 
information along the way, including the provider that let the call 
into the country, in instances where the call originated overseas.
    Today, providers from across the phone ecosystem support and guide 
the ITG effort, and hundreds more cooperate, including hundreds of 
providers located abroad that send calls to the United States. We often 
get results within a day or two, whereas it would take two or three 
months for an enforcement agency to get the same information through 
subpoenas and investigative demands. And through the ITG's ongoing 
innovation and enhancements to the process, we are conducting 
tracebacks at much greater scale across a wider set of campaigns and 
calls.
    Generally speaking, there are three types of calls that the ITG 
traces back:

   Government and Brand Imposter Calls. Fraudulent high-volume 
        robocalls that impersonate the Social Security Administration, 
        sheriff offices, utilities, financial institutions, technology 
        companies, and the like. In our experience, these calls 
        predominantly originate abroad.

   Unsolicited Lead Generation Telemarketing Calls. Unsolicited 
        high-volume lead generation telemarketing calls. These calls 
        seek to sell a service or product, e.g., warranty, insurance, 
        or debt reduction products, but in violation of consent 
        requirements, and sometimes trademark law as well. These are 
        the robocalls that your constituents are most likely to receive 
        today.

   Malicious Live Calls. Targeted attacks, often with a live 
        caller. These include voice phishing (or ``vishing'') attempts, 
        ``Grandma scams,'' swatting calls, and more. For instance, 
        earlier this year, the ITG worked with a local police 
        department in Indiana to traceback a series of spoofed calls, 
        including bomb and mass shooting threats to a high school and a 
        swatting call targeting a student in the school, helping the 
        police apprehend the suspect before any harm was done.

    Tracebacks generate information about the entities responsible for 
the illegal calls, and traceback has enabled more FCC, Federal Trade 
Commission (FTC), and other Federal and state enforcement actions to be 
efficiently and quickly brought against robocallers and their enablers 
than ever before. But equally important, even absent any affirmative 
enforcement actions, tracebacks also disrupt the flow of illegal calls 
in real time. Nearly 85 percent of completed tracebacks result in the 
originating provider warning or firing its offending customer, which is 
up almost 20 percent from 2022.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Providers that do not cooperate with tracebacks, or fail to comply 
with straightforward FCC rules like filing in the FCC's Robocall 
Mitigation Database, are identified, and the providers that accept 
their traffic are put on clear notice that the provider they are 
accepting traffic from is not complying with applicable rules. This 
puts the downstream provider in a position to take corrective action or 
face a potential Federal or state enforcement action.
    But beyond immediate disruption, the collective work of industry 
and government is having a more persistent impact. According to YouMail 
data, scam robocall volumes have dropped 50 percent since January 2019, 
and 55 percent since they peaked in October 2019. Once prevalent 
robocalls purporting to be the Social Security Administration and other 
government entities are increasingly rare, a trend that correlates to 
an overall decline in government impersonation scams.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    The drop in scam robocalls has unfortunately been supplanted by a 
substantial rise in unsolicited telemarketing calls. The lead 
generators responsible for these billions of unwanted robocalls do not 
sell any product or service; rather, as the government has alleged in 
one case, they act as ``a massive `consent farm' enterprise, using 
deceptive ads and websites to induce nearly one million consumers a day 
to provide their personal information and purported consent to receive 
telemarketing calls.'' \1\ These lead generators then sell these 
questionably obtained consents to various third parties. For example, a 
consumer may sign up for a job listing website or to participate in a 
raffle, but that person almost certainly missed the fine print that 
links to a second page of ``Marketing Partners'' and purportedly gave 
consent to receive robocalls from hundreds, or even thousands, of 
entirely unrelated entities. Worse, the ITG has seen some evidence that 
suggests these already flimsy claims of consents could actually be 
entirely falsified, where a bot used public data to consent on behalf 
of consumers for calls they never asked for and do not want.
---------------------------------------------------------------------------
    \1\ Complaint for Civil Penalties, Permanent Injunction, Monetary 
Relief, and Other Relief  2, United States v. Fluent, LLC, No. 923-cv-
81045, (S.D. Fla. July 17, 2023), ECF No. 1, https://www.ftc.gov/
system/files/ftc_gov/pdf/1923230fluentcomplaintandattachment.pdf
---------------------------------------------------------------------------
    But even with these illegal robocalls, consumers are in fact seeing 
the positive impact of the ITG's efforts and Federal and state 
enforcement actions. The billions of unsolicited robocalls offering 
auto warranties which you and your constituents almost certainly 
received have dropped almost to zero after FCC and state attorney 
general enforcement based on ITG data. Unwanted student loan robocalls 
have also faced a similar fate, now operating at a fraction of peak 
levels.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Americans are starting to notice these differences. There were over 
560,000 Do Not Call complaints to the FTC in March 2019. Complaints 
declined after passage of the TRACED Act before peaking again in March 
2021. Since then, however, there has been a steady and persistent 
decline--one that aligns with the industry's deployment of caller ID 
authentication as well as the ramping up of ITG-powered enforcement.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    FCC complaint data shows an equivalent trend.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    To be clear, there are still too many complaints, and there 
continues to be far too many illegal robocalls and too much fraud 
initiated by phone. Consumers still are afraid to answer their phone 
when they do not know the number calling. In fact, that's precisely the 
advice often given by experts: Do not pick up if you do not know the 
caller.
    There also are new trends of concern, including growth in dollars 
lost per victim of fraud, driven by targeted and increasingly 
sophisticated attacks. New technologies are also creating new 
challenges. In some of our tracebacks, we have seen automated robocalls 
that pretend to be a live caller, asking the call recipient about how 
they are doing and how their day is going. Regardless of how you 
respond--maybe with an assessment of your day and the weather, or with 
annoyance or confusion about receiving the call--the message continues 
and delivers the robocaller's offer.
    For our part, the ITG is constantly adapting to bad actors' latest 
tactics to target and bombard consumers with illegal calls. We have 
expanded partnerships with entities in other sectors to help protect 
their customers victimized by fraudulent calls and we are constantly 
working to make the traceback process more efficient and more 
effective.
    While the work of the ITG and that of Federal and state enforcement 
agencies to protect consumers from illegal robocalls continues, there 
are steps Congress can take to further empower these efforts:

   Criminal Enforcement. Congress should ensure that the U.S. 
        Department of Justice (DOJ) has the resources, authorities, and 
        prioritization it needs to prosecute the criminals behind 
        unlawful robocalls, including fraudsters overseas as well as 
        recidivist robocallers that stand up new entities under 
        pseudonyms as soon as their prior ones are shut down. The 
        criminal fraudsters overseas make their livelihood by 
        defrauding Americans in some form, and will continue even if 
        they cannot do so through robocalls. Likewise, recidivist 
        robocallers are not deterred by financial penalties because 
        these bad actors will never pay their fines. The threat of 
        criminal enforcement for the fraud they have committed will 
        make them think twice, however.

   Support FTC and FCC Clarifications of Consent for Lead 
        Generation Telemarketing. The FTC recently released updated 
        guidance under the Telemarketing Sales Rule regarding a 
        consumer's consent to receive lead generation calls. The FCC 
        has an open proceeding to clarify its view of consent for lead 
        generation calls under the Telephone Consumer Protection Act. 
        These efforts are important to ensure that bad actors cannot 
        continue delivering millions of robocalls each day that no one 
        asked for or wanted under flimsy-at-best claims of consent. 
        Congress should support efforts to ensure that any 
        telemarketing robocalls consumers receive are ones that they in 
        fact consented to and are expecting to receive.

   Number Trace. To address problematic number rotation, 
        Congress should formally expand the role of the traceback 
        consortium to investigate how bad actors get access to the 
        thousands and thousands of numbers they rotate through. Just as 
        tracebacks have infused accountability about how unlawful calls 
        get onto the phone network, number traces will infuse more 
        accountability into how unlawful callers get numbers through 
        the number wholesale market.

   Re-Introduce and Pass the Robocall Trace Back Enhancement 
        Act or Similar Protection. The registered traceback consortium 
        should have protection from frivolous and nuisance lawsuits 
        intended to undermine the traceback process and detract 
        resources of the consortium. Those resources are better 
        dedicated to continuing to enhance the traceback process and 
        its disruption of illegal robocalls and support of Federal and 
        state enforcement.

   Extend Consortium Designation Process to Every Three Years. 
        Under the TRACED Act, the registered traceback consortium must 
        be designated by the FCC annually. The FCC's review and 
        oversight are integral to confirming that the consortium 
        operates in a neutral and non-discriminatory manner. Conducting 
        the designation process on an annual basis, however, ties up 
        the Commission's resources as well as those of the consortium. 
        Those resources could be better dedicated to investments in 
        continuing the fight against illegal robocalls.

    Thank you again for the opportunity to speak, and we look forward 
to continuing to collaborate with this Subcommittee, the FCC, FTC, DOJ, 
and other Federal and state government partners on solving the illegal 
robocall problem.

    Senator Lujan. Mr. Bercu, thank you very much for your 
testimony today as well. Mr. Rudolph, you are recognized for 5 
minutes. The floor is yours.

    STATEMENT OF MICHAEL RUDOLPH, CHIEF TECHNOLOGY OFFICER, 
                         YOUMAIL, INC.

    Mr. Rudolph. Thank you for the opportunity to speak today 
regarding robocalls, robotexts, targeted attacks like vishing 
and smishing.
    I am a CTO, so I am going to introduce a whole bunch of 
acronyms and new terms, I apologize. And the evolving landscape 
of threats, tools, and enforcement. My name is Mike Rudolph, 
and I am the CTO at YouMail. YouMail provides a service that 
protects individuals from harmful calls and texts, and we 
publish the robocall index summarizing nationwide and State 
robocall data.
    We also provide blocking, analysis, audit, and 
investigative services to communication providers, enterprises, 
investment firms, and Government agencies. Prior to YouMail, I 
worked with many Fortune 500 companies helping mitigate risk 
through automated controls and policies to comply with things 
like the Sarbanes-Oxley Act and implement processes performing 
background checks and pre-employment screening.
    I see similar patterns and needs emerging and 
communications now as robocall mitigation controls and know 
your customer policies that balance the levers of risk and 
revenue at communication providers who can control those 
levers.
    I am honored to work with talented--the talented YouMail 
team on the front lines of investigations, disruptions, and 
enforcement. Our team is small given the demands to monitor 
tens of thousands of monthly and weekly active messaging and 
voice campaigns targeting consumers. Some of our prioritized 
targeted success here in industry is well chronicled, working 
with states, particularly Attorney General's offices, Federal 
agencies, and private industry, such as one of Wylie's clients, 
resulting in 90 to 100 percent reduction when we target 
specific robocall campaigns.
    I thank and commend those partners that made the 
identification and disruption of those campaigns a top priority 
for their fraud, cyber, or legal teams. Without their 
collaboration, it is significantly harder to escalate a 
robocall campaign from simply being unwanted and deceptive, all 
the way up to unlawful and eagle, so we can take--unlawful and 
un-legal, so we can take action. When the FCC identified 
specific robo-campaigns as poison pills for industry, I 
observed many providers that were previously uncertain about 
how to treat those calls suddenly decide with decisive action 
how to stop them.
    We can credit 2022 as the year unwanted auto warranty calls 
were stopped. However, now we have home warranty, debt 
reduction, Government grant, loan and insurance calls taking 
their place.
    Robo operators feverishly evolve their tactics in this cat 
and mouse game, and some embrace new techniques and tactics 
like generative AI, shifting from spoofing of numbers to using 
real numbers, and have adopted strategies to minimize the 
evidence they leave behind, which is necessary for companies 
like ours and the ITG and the FCC to ultimately stop these bad 
actors.
    Who is to serve as our TSA screening guardian that stops 
bad actors from flying the skies of the public telephone 
network? These accounts at providers, checked only the first 
day they want to make a call, or are they checked routinely 
every time they want to traverse the network like airline 
travelers every time they fly?
    By our estimates, we have endured over 250 billion, that is 
a quarter trillion, robocalls since 2019, about a thousand per 
American adult. We have taken a bite out of several of the most 
prolific robocall operations responsible for these few billion 
calls.
    It is not just the sheer volume game, as every robocall 
campaign is different, and we are now in an era where there are 
fewer but more advanced calls causing more harm per call. There 
is no shortage of work to do if we are to continue to make 
progress. I look forward to your questions.
    [The prepared statement of Mr. Rudolph follows:]

   Prepared Statement of Michael Rudolph, Chief Technology Officer, 
                             YouMail, Inc.
    Chairman Lujan, Senator Thune, and Members of the Committee, I 
thank you for the opportunity to appear and testify today regarding the 
current state of the operations, investigations and enforcement actions 
relative to omni-channel robo-communications--both robocalls and 
robotexts as well as phishing tactics and platforms including vishing, 
smishing, and generative AI.
    I provide my testimony today as Chief Technology Officer of 
YouMail, a privately held company whose mission is to protect the 
public from harmful communications and to restore trust in our 
communications networks.
I. Introduction
    YouMail is often recognized for its role providing data in the 
behind-the-scenes battle against unwanted voice calls. The company's 
origins, as its name suggests, trace back to being one of the 
innovators and first providers of visual voice-mail and cloud-based 
voice-mail answering services in the United States.
    As early as 2009, YouMail recognized that the demand for its 
solutions was linked to individuals who relied heavily on receiving 
dozens to hundreds of daily live, inbound calls to their personal 
mobile phone number. These individuals spanned a wide range of high-
touch professions that are considered very small businesses (VSBs) in 
America: fitness trainers, tutors, repairman, electricians, plumbers, 
exterminators, realtors, interior designers, handymen, contractors 
(floor, paint, tile, carpentry, construction), appraisers, notaries, 
mobile mechanics and detailers, dog sitters/walkers, photographers, 
event planners, florists, babysitters, caterers, bakers, accountants, 
financial planners, landscapers, movers, stylists, barbers, 
beauticians.
    It's important to acknowledge that professionals such as these find 
their success and income depends on how they respond to incoming calls 
from unknown numbers. Before unwanted and illegal calls from unknown 
numbers invaded our phone network, these calls from outside of contact 
lists typically meant a potential new customer for this VSB. For sole 
proprietors, unknown calls signaled an opportunity to connect with a 
prospective local customer to generate income to provide for themselves 
and their families. Failure to answer the live incoming call often 
meant the potential lead for their small business would move on to call 
the next highest rated provider, discovered on search engines or 
websites such as Yelp, that may have a lower rating, but were available 
at just that moment to answer the live call and interact with the 
caller. At one time, and still perhaps today, answering live calls from 
unknown numbers was a critical path to success for small businesses.
    As any good business asking its customers what they needed next, 
YouMail recognized the need to silence the ringer for these subscribers 
when the call was almost certainly spam, but also to ensure real local 
customers calls would ring through to be answered live to then ideally 
become appointments and customers for very small businesses. As a 
visual voice-mail and answering service, and not just a device ring 
blocker, YouMail provided a fallback as voice-mail audio is converted 
into readable text and a small business, like any user, could quickly 
determine the purpose of the call.
    In 2009, YouMail began investing in technology and techniques to 
identify calls as spam or unwanted, both in order to prevent ringing 
and also to move unwanted messages into a Spam folder, as most users 
are accustomed to experience with e-mail.
    Eventually, as unwanted robocalls became an evidence signal in 
everyone's voice-mail box, YouMail launched the Robocall Index in 2015, 
which over time has become recognized as the standard for industry 
metrics on robocalls occurring nationwide, as well as per-state and 
per-metro region.
    YouMail's role as an over-the-top app, trusted to provide answering 
services to millions of telephone numbers across all major U.S. and 
Canadian carriers, provided it with unique capabilities to respect 
consumer privacy while tracking and grouping unlawful communications 
throughout the mobile phone networks. It is worth noting that YouMail 
data is nearly entirely based on what reaches consumer handsets, and 
does not extend to communications blocked at the network of the 
underlying carrier, which certainly would indicate even more by way of 
voice and SMS communications attempting to reach consumers.
    In late 2019, YouMail launched its YouMail Protective Services 
division, which assists law enforcement, financial services, 
enterprises, and communications providers with its data, evidence, 
intelligence, and investigative services.
    As YouMail's role in industry has expanded, innovative bad actors 
behind unlawful and unwanted communications have become aware of 
YouMail's industry role. YouMail is already observing efforts by both 
telemarketing and threat actors to evade YouMail's methods of detection 
by minimizing calls and voice evidence to YouMail users or by trying to 
directly obtain access to YouMail data for similar evasive purposes.
II. Caller and Call Recipient Relationships
    As many state and Federal agencies have reported over the years, 
unwanted communications, particularly robocalls and robotexts, rank 
among the top complaints received by their offices.
    One of the difficulties in analyzing communications is determining 
whether a communication is spam, generally unwanted by most recipients, 
or is perpetrating a scam or committing fraud. This is particularly 
challenging as the content of a communication may be nearly identical 
when it comes from an enterprise such as a bank, utility, or government 
agency as it is when it originates from an imposter.
    It is helpful to consider different classes of originating callers 
from the perspective of an average person, as this classification helps 
to understand a common, generally desirable experience based on the 
relationship between that average call recipient and the calling party.
    In the examination of types of caller relationships, we may 
consider why an individual may be at a moment in their life that would 
affect their susceptibility to answering a live, incoming communication 
from an unknown, non-contact telephone number.

   Personal--these are communications between two individuals 
        who know each other and may or may not yet be saved contacts on 
        the device. These are friends, family, colleagues, co-workers, 
        classmates, acquaintances who usually have a direct, personal 
        relationship, or may be introduced through a mutual 
        acquaintance. If you or your child have joined a new school or 
        club, you may be expecting a call or text message from a 
        teacher or coach from an unknown number. While it's nearly 
        universal, personal calls are not always wanted such as cases 
        of harassment or stalking, but any desired blocking in this 
        case is between two individuals for personal reasons.

   Local Business--these are not often personal relationships, 
        but between an individual or household and small local 
        businesses or services. This would include your dry cleaner 
        communicating your garments are ready, or a local restaurant 
        confirming a reservation, or your handyman, gardener, 
        babysitter, dogwalker, trainer, or healthcare professional 
        discussing an appointment, problem or matter. These are 
        sometimes saved contacts, but often when someone has an urgent 
        need, they may be expecting calls from several potential 
        unknown numbers that provide a local service in order to 
        address that time-based matter or need. While this is also 
        nearly universal, sometimes disputes between a customer and 
        service provider may lead to an individual wishing to block 
        these communications. Or, if a local business has crossed a 
        line from communicating about appointments/inquiries/problems 
        into using the communication channel for marketing or lead 
        generation, these calls may drift into unwanted and blocked 
        territory. Once again though, these types of calls are almost 
        universally wanted apart from the situation where two parties 
        have a personal conflict.

   Non-Local Business--these are communications between a 
        national, regional or online business and an individual and are 
        also where most universally unwanted communications occur, 
        although not all communications between individuals and 
        households and non-local businesses are unwanted. These 
        interactions typically fall into a few sub-categories:

     Essential: these would be appointment reminders and 
            confirmations, one-time or password reset events, critical 
            account/emergency alerts where the individual's interaction 
            is necessary (password reset or transaction confirmation) 
            or the individual would be impacted based on their 
            assumption of a time/place/occurrence.

     Marketing, Originated by Individual/Household, Follow-
            up: these communications rely on a triggering event 
            typically where the individual expressed an interest in the 
            business, ideally directly through a communication 
            initiated by the individual/household that occurred online, 
            in-person or by phone.

     Marketing, Originated by Non-Local Business, Goal-
            Driven: these communications usually begin with a sales, 
            marketing or operations team at the business that is 
            interested in demand generation to stimulate sales or 
            engagement in products or services, regardless of any 
            recent interaction by the individual/household.

   Scam/Fraud--these are communications which can be disguised 
        to look like any of the above as they reach an individual or 
        household and rely on TTPs (tactics, techniques, and 
        procedures) that emulate a real individual, local, or non-local 
        business, as described previously, as closely as possible in 
        order to maximize their success.
III. Call Recipients Want To Know Who Called
    Society has been shifting away rapidly from voice calls, as the 
voice communications network has become filled with unwanted and 
unlawful voice calls.
    When someone receives a call from an unknown number, they want to 
know who called and the reason the call was made.
    Individuals and households are particularly susceptible to 
answering calls from unknown numbers based on time and situation-based 
events in their lives. The originators of unwanted and unlawful calls 
make repeated call attempts, hoping to get their timing right for these 
live answer opportunities.
    Call recipients generally fall into one of two camps during these 
moments of answering susceptibility--those who will answer all unknown 
numbers during these windows of vulnerability, and those who allow the 
calls go to voice-mail, hoping to identify the anticipated call and to 
call it back if it matched an expected call. In the case of returning a 
call based on a voice-mail, this can mean having to wait on hold and 
navigate an interactive voice response (IVR), and a loss of time simply 
due to a best practice of screening incoming calls from unknown 
numbers.
When a legitimate caller has a significant enough situation to merit a 
        voice call as the chosen medium of communication and places a 
        call, they have no good reason to not leave a message.
    Consider all the potential relationships and legitimate reasons for 
a call between a lawful caller and call recipient. If the caller 
suspects the call recipient doesn't know who it is based on the high 
likelihood it is not a personal contact saved to the device, the caller 
would want to identify themselves and their reason for calling to 
encourage engagement from the called party, since there was an 
important reason for initiating a voice call.
    As we expand into the ``Marketing, Originated By Non-Local 
Business, Goal-Driven'' relationship and use case above, the company 
that is using the voice channel to engage in telemarketing, if they 
possess the conviction that their marketing offer is worth initiating 
the voice call, should maintain that conviction that the call is 
important enough to identify themselves and the purpose of their call 
initiation in a voice-mail message.
    By not leaving a message, the call initiator could suggest their 
additional attempts, making many more calls to the recipient, are 
because they are still trying to deliver the message. The subsequent 
attempts may not be necessary if the message was left on the first 
attempt and the individual was able to make a decision based on this 
evidence to respond to the communication by any indicated, allowable 
channels.
    YouMail attempts to classify calls received by consumers into 
several categories and has been tracking this data for several years. 
YouMail relies on lawful, legitimate call originators, or bad actors 
imitating those call originators, obeying this societal protocol that 
if it was important enough to initiate a voice call, it was important 
enough to indicate who you are and why you called.
    YouMail, via the Robocall Index \1\, observed a significant 
increase in indeterminate, non-categorizable robocalls beginning in 
September 2022.
---------------------------------------------------------------------------
    \1\ https://www.robocallindex.com

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Because the telephone numbers linked to indeterminate robocall 
behavior do not possess a history of delivering desirable/wanted 
communications, YouMail infers that they are linked to unwanted and 
undesired behavior, as they do not provide audio evidence of their 
identity or reasons for calling recipients.
    This increase in indeterminate calls also correlates to a decline 
in observable calls linked to scams and telemarketing, so it is 
reasonable to assume some of the parties behind those calls have 
shifted their tactics to call and hang up in order to evade consumer 
recognition, as well as detection by services such as YouMail that 
utilize audio evidence in voice-mail to prevent and support enforcement 
against unwanted and unlawful communications.
    Present enforcement and traceback efforts often rely on the audio 
content of the call in order to wield it as evidence of unlawful 
activity in an investigative process. If a robocall operation is 
sophisticated enough to use evasive strategies such as utilizing 
attested calls made in very low volumes across an inventory of real 
numbers, and across a span of enabling providers, while leaving no 
audio evidence (permitting access to CPNI under the Communications Act 
Section 222-d-2), it becomes much more difficult to track, investigate, 
and prevent.
    Establishing a requirement for business communications to leave a 
voice-mail when they introduce a new originating number to communicate 
with a specific call recipient not only serves the interest of 
consumers who want identity and purpose to accompany unanswered, 
unknown calls, it also serves the legitimate business to solicit 
reciprocal engagement from the recipient, assuming this communication 
achieved the litmus test of having been worth initiating a call in the 
first place.
    Further, voice service providers can track this behavior in new and 
existing accounts, ensuring that their logs of calls from accounts that 
have identified as a business that need to make hundreds, thousands or 
millions of calls are making calls of a duration long enough to permit 
them to convey their identity and reason for calling. Accounts refusing 
to follow this policy would have no reasonable explanation, as their 
communications are either not valuable enough to pay for the extra 5-30 
seconds per call (and thus were not valuable enough in the first place 
to disturb and disrupt the recipient's day), or they did not want 
recorded evidence by way of voice-mail of their operations and were 
likely unlawful or illegal.
IV. Omni-Channel Marketing & Communications
    Marketing technology, communications technology, and their 
subsequent integration into consolidated platforms have made 
significant advances in the past decade. A litany of acronyms from the 
tenured CRM (Customer Relationship Management) and CPaaS 
(Communications Platform as a Service) to more recent upstarts such as 
CDP (Customer Data Platform) and CEP (Customer Engagement Platform) 
highlight the rapid innovation and convergence of automated omni-
channel marketing applied to integrated recipient data.
    Omni-channel marketing engages a single recipient through many 
media, sometimes simultaneously, sometimes as a scripted sequence of 
conditional events. A good omni-channel marketing platform allows the 
marketer to upload a list of recipients and to buy ad placements on 
search engines or websites, send e-mails, generate calls and send TXTs, 
engage in messaging conversations and host a telephone number with a 
menu for incoming calls. Domain registration and website building has 
become trivial enough that some tools can be given a domain and create 
a similar looking website with a few clicks for under $20.
    A competent individual can invent a company and deploy a 
sophisticated omni-channel marketing operation in hours and at low 
cost, choosing from hundreds of vendors, ranging from fledgling start-
ups to publicly traded firms. Some platforms, seeking to accelerate 
their own growth through streamlined onboarding, allow communicating 
with a customer list on trial plans with no financial transaction (or 
vetting) necessary. The barriers to ``looking big'' and ``communicating 
wide'' have never been lower, which is tremendous for encouraging new 
entrepreneurial ventures in competitive markets, but also enables a 
tremendous opportunity for bad actors mimicking these real businesses 
to gain access to these advanced tools.
    Though YouMail and its Robocall Index have observed that robocall 
volumes have declined slightly from 58 billion in 2021 to an estimated 
53 billion by end of 2023, the FTC and FBI both indicate rising 
reported losses in the complaints gathered from consumers. These are 
only the losses reported to these specific agencies, and significantly 
understate the true consumer harm, as only a subset of losses is ever 
reported.
    The FTC Consumer Sentinel Network Tableau site \2\ shows a 400 
percent increase in Business Imposter dollar losses reported since Q2 
2022.
---------------------------------------------------------------------------
    \2\ https://public.tableau.com/app/profile/
federal.trade.commission/viz/FraudReports/FraudFacts

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    The FBI IC3 Data \3\ shows a rise in reported financial harm from 
Government Impersonation and Tech and Customer Support losses. These 
are the categories of losses in which voice or SMS were used to 
impersonate a known organization.
---------------------------------------------------------------------------
    \3\ https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Legitimate enterprises have shifted to omni-channel marketing as it 
is more effective in soliciting customer engagement and inducing more 
transactions. Advanced threat actors who wish to successfully 
impersonate an organization study the organization's current practices 
and, recognizing the user of omni-channel communication (ads, online, 
web, e-mail, voice, SMS, app), it should be no surprise that the threat 
actors embrace similar tactics and platforms to increase their success 
rates with victims.
    Even more advanced threat actors take advantage of APIs provided by 
these platforms and entrench themselves across multiple accounts and 
multiple platforms to reduce the impact of a single disruption or take-
down. As astute recipients/targets report the attempt by the threat 
actor, only one of hundreds or thousands of accounts are deactivated, 
and criminal operation continues with minimal operational impact.
V. Generative AI & Pig Butchering
    Since 2022, many omni-channel marketing and communications 
platforms have been rapidly introducing and announcing the benefits of 
integrating capabilities of LLMs (large language models) and generative 
AI.
    The benefits to a legitimate marketing operation should be 
obvious--you can simultaneously communicate with more people on a 
personal level through almost every available medium of communication. 
One marketer in a small operation can leverage generative AI to speak 
personally and fluently in nearly any supported language with tens of 
millions of recipients daily.
    Prior to widespread use of generative AI, YouMail would observe 
`broken English' in robocall or robotext campaigns that identified as a 
bank. Poor command of the English language serves as an obvious tell, 
indicating a campaign is operated by a fraudulent imposter.
    One such example YouMail has shared is in generating the script 
``press 1 to connect to a fraud specialist'' to emulate a financial 
services firm, a Chinese-speaking threat actor with limited skills at 
English may use a simplistic tool to translate the Chinese word 
``[handwritten characters]'' (shengcheng) to either ``generate'' or 
``connect''. YouMail's investigators would observe the audio ``press 1 
to generate to a fraud specialist'' as an indication of fraud as it is 
highly unlikely a US-based financial services firm would make such a 
mistake. With threat actors leveraging well-trained, fluent generative 
AI platforms, such mistakes rarely occur, which then requires 
additional investigative resources and collaboration to separate 
legitimate and imposter communications from one another.
    As YouMail has expanded its investigative and protective solutions 
to cover SMS, MMS, RCS and other messaging technologies, it has 
observed conversations that are clearly evidence of ``pig butchering'' 
attacks.
    ``Pig butchering'' often begins by using a messaging platform such 
as SMS to initiate a conversation that is otherwise indistinguishable 
from personal conversation by saying something like ``Hi'' or ``Hey 
Ben, it was good talking last week''. If engaged, the conversation 
apologizes awkwardly for the accidental message but maintains a 
friendly, charismatic tone and works to establish a casual friendship 
as a goal. Often, the threat actor is awkward and apologetic, citing 
English as a second language to cover for any misunderstandings.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Over time, the threat actor builds a rapport and encourages its 
target to take certain actions which range from things that may feel 
trivial like checking out an app or visiting an interesting website. 
Ultimately, they are more successful the more they appear authentic and 
patient and don't force their target to immediately connect Apple Pay 
to their bank account or begin ``investing'' in cryptocurrency.
    A single threat actor using generative AI connected to the 
communications network can run hundreds to thousands of simultaneous 
conversations, refining its model while learning from mistakes and 
exercising patience in rapport-building indistinguishable from a real 
person. The technology already exists to generate synthetic yet 
authentic appearing images, video and audio, if those prove necessary 
hurdles in carrying out further artificial trust-building to support 
the criminal endeavor.
    Messaging continues to trend towards technologies with E2E (end-to-
end) encryption (iMessage, RCS, WhatsApp, Telegram) and advanced pig 
butchering initiated by SMS often tries to move the conversation to an 
E2E encrypted medium in order to evade detection via unencrypted 
channels as it reaches deeper, detectible evidence of malfeasance in 
later steps of its script.
    A recent blog \4\ from digital risk protection vendor Phishlabs 
includes several screenshots of how quick and easy an aspiring threat 
actor can make a few clicks using a PhaaS (Phishing-as-a-Service) 
platform to deploy automated omni-channel phishing services with out-
of-the-box capabilities to impersonate 11 U.S. financial services 
institutions. The site regularly holds sales.Recent rates to send SMS 
messages ranged from $130 to send 5,000 SMS messages or $620 to send 
25,000 SMS messages.
---------------------------------------------------------------------------
    \4\ https://www.phishlabs.com/blog/threat-actor-profile-strox-
phishing-as-a-service/

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

VI. Tools, Resources, Success
    While the FTC and FBI data indicates an increase in reporting of 
individual financial harm from communications, despite stability in 
total robo-communication volumes, the media, trade shows and industry 
investments reveal a sprint to connect advanced tools such as 
generative AI and omni-channel marketing platforms to the communication 
network. Nonetheless, progress has been made in industry to use new 
tools and techniques to curb high-volume robocall operations that once 
upon a time plagued consumers.
STIR/SHAKEN
    STIR/SHAKEN is one of most cited tools to assist in the combatting 
of unwanted, unlawful robocalls, with many deadlines for implementation 
passing in 2022 and 2023.
    YouMail tracks the certificates on the voice calls that terminate 
at its network, and where the voice call matches a known unwanted, 
unlawful, or illegal campaign, it links the originating or gateway 
provider that indicated it owns responsibility for attesting to that 
call.
    As of September 2023, YouMail was observing nearly 800 distinct 
certificates per week in the calls that it answers. YouMail has yet to 
publicly publish statistics on its observed certificates, but YouMail's 
observations match the approximately 800 signers in data published \5\ 
by TransNexus. TransNexus also notes the approximate number of 1,200 
SHAKEN-authorized providers as of September 2023.
---------------------------------------------------------------------------
    \5\ https://transnexus.com/blog/2023/shaken-statistics-september/
---------------------------------------------------------------------------
    As of October 18, 2023, YouMail observes that there are 17,900 
entries in the FCC 499 Filer database \6\. 4,789 entries identify their 
principal communication type as `Interconnected VOIP'. As of October 
18, 2023, the FCC Robocall Mitigation Database \7\(RMD) contained 8,562 
entries. 2,891 of the RMD entries state ``Complete S/S Implementation'' 
and 1,980 entries state ``Partial S/S Implementation, Performing 
Robocall Mitigation'' for a total of 4,871, indicating some STIR/SHAKEN 
implementation.
---------------------------------------------------------------------------
    \6\ https://apps.fcc.gov/cgb/form499/499View.htm
    \7\ https://fccprod.servicenowservices.com/rmd?id=rmd_welcome
---------------------------------------------------------------------------
    It would appear that there are somewhere between 8,000 and 20,000 
entities that acknowledge themselves as relevant voice communication 
providers, so these 800 certificates presently active in September 2023 
are potentially only indicating origination information for 4-10 
percent of communication providers.
STIR/SHAKEN & Sample YouMail Investigations
    YouMail, as an answering service for customers of mobile network 
operators (Verizon, T-Mobile, AT&T, et al.), relies on customers 
setting up their call forwarding feature to divert unanswered calls to 
YouMail's service. Consequently, YouMail, and services like YouMail's, 
rely upon voice providers implementing the IETF RFC 8946 Personal 
Assertion Token (PASSporT) Extension for Diverted Calls in order to 
carry the originator certificate through to YouMail as the final 
termination point for a call. When unimplemented at a network, YouMail 
typically observes a mobile network operator introducing its own 
certificate (at the lowest level of attestation, a C-attestation) in 
place of the originating provider's A-attestation, when diverting 
calls. This negatively affects transparency regarding the origination 
of unlawful call campaigns carried in the ecosystem on diverted calls 
going to voice-mail services like YouMail.
    When the originating provider's certificate carries successfully to 
the call termination point, companies such as YouMail can perform 
aggregate analysis on the calls received from an originating provider 
by matching content (such as voice-mail) to the originating service 
providers.
    Below is a sample pie chart indicating the content carried by an 
originating provider's traffic for a month:

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    This pie chart reveals:

   a light grey area where callers left no message

   a dark grey area where a message was left but did not match 
        the template of a known robocall

   a red area, representing calls for which the audio matched 
        audio of a call suspected to be a scam

    It is often helpful to exclude the light and dark grey areas (to 
remove calls not providing audio evidence and calls where the audio 
evidence wasn't able to be matched to known good or bad robocalls) in 
order to produce a drill-down pie chart of all recognized robocalls at 
that provider.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    This pie chart reveals that, of the tracked robocalls at this 
provider, the majority appear linked to scam campaigns, with only a 
small green wedge linked to potentially legal/lawful alerts and 
reminders.
    Underlying this pie chart, YouMail can examine the exact campaigns 
and their relative volumes as they compose this provider's traffic 
profile. At the time of this testimony, the current campaigns 
identified here are linked to their best, most likely classification, 
so this is not intended to be definitive attribution of a campaign to 
illegal behavior but rather the current suspected nature of these 
campaigns.
    In the case of this sample provider, it reveals A-level 
attestations were given to audio and calls determined to be carrying 
illegal, unlawful content. It would indicate accounts that should be 
terminated if the activity is confirmed within the provider's records 
and a legal imperative to perform an investigation to find and 
terminate accounts carrying similar traffic. In the case below, the top 
campaigns found were ``Google Business Listing Scams'', ``Amazon Alexa 
Scams'', and ``Government Grant Scams''. What is also of note is that 
this provider has very little traffic that indicates lawful, desirable 
robocalls to be received by consumers (such as a prescription reminder, 
or change-of-venue alert, etc.).

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    YouMail's position is that STIR/SHAKEN is an extremely valuable 
tool that is still in the process of industry adoption, despite recent 
FCC deadlines. It is a tool presently lacking sufficient resourcing to 
carry out investigative, compliance, and enforcement efforts and 
success in curbing robocalls ultimately depends on the resources 
applied to ensure data is not only properly collected but integrated 
into the ecosystem to maximize transparency.
    It is a non-trivial undertaking to prioritize and investigate 
thousands of active robocall campaigns each month, understand their 
legality and effect corrective action where necessary.
KYC (Know-Your-Customer), KYT (Know-Your-Traffic), Know-Your-Upstream 
        (KYUP)
    During our investigation-related discussions with voice service 
providers, they regularly indicate that they were unaware that the 
indicated account was carrying the communications provided in the 
supporting evidence attached to the reported incident. Conversations 
such as these indicate that many providers, intentionally or 
unintentionally, do not truly know their customers.
    Over the past few years, a few parties have weighed in on best 
practices and requirements for communication providers to ``know your 
customer'' or ``know your traffic''. The FCC recently also included 
``know your upstream provider'' \8\ to this growing lexicon on April 
27, 2023.
---------------------------------------------------------------------------
    \8\ https://docs.fcc.gov/public/attachments/DOC-392975A1.pdf
---------------------------------------------------------------------------
    When illegal communications are injected into public 
communications, it should not matter whether the account holder is 
considered a ``customer'', ``peer'' or a ``provider'' and it should not 
matter what the enabling platform considers itself (gateway, 
intermediate, facilities-based, etc). All platforms enabling 
communications share responsibility in preventing accounts originating 
illegal, unlawful communications.
    An FCC filing \9\ by private company Numeracle, on April 27, 2023, 
included Numeracle's Model Standards v1.1 for KYC, which includes a 
list of questions to ask new customers. Numeracle's list is 
comprehensive, including asking the prospective customer to share 
marketing materials, reveal prior actions or judgements, provide 
descriptions of the calls along with consent collection and legal 
compliance practices. Another example of good KYC policies and controls 
can be found in settlements between recidivist providers enabling 
robocalls, such as the March 6, 2023 settlement between State of Texas 
et al and Rising Eagle Capital Group LLC \10\ .
---------------------------------------------------------------------------
    \9\ https://www.fcc.gov/ecfs/search/search-filings/filing/
1042778647719
    \10\ https://www.texasattorneygeneral.gov/sites/default/files/
images/press/Spiller%20Stipu-
lated%20Order.pdf
---------------------------------------------------------------------------
    An account faced with strenuous onboarding Q&A that is planning to 
initiate illegal or grey-area telemarketing communications is unlikely 
to proceed with establishing the account at a provider using processes 
such as these, as it indicates the bad actor is likely to be either 
rejected before they can start sending communications, or if they 
misrepresent themselves, their ability to communicate would be short-
lived before they face a permanent termination.
    YouMail is often asked to comment on KYC Practices and observes 
many communication providers want to keep their current practices 
private, because they are viewed as both:

   a legal liability, if revealed (and ultimately proven 
        intentionally or unintentionally insufficient)

   a competitive advantage

    Interestingly, interpreting the KYC process as a competitive 
advantage perception cuts two ways. Some providers view their ``light 
touch'' policies, procedures, and controls as an advantage because they 
maximize their revenue in turning away only the most egregious new 
accounts, while permitting less egregious yet still unlawful revenue-
bearing accounts to onboard. On the other side, providers with stricter 
controls and policies comment they are playing the ``long game'' and, 
while they lose out on this potential revenue in the short term, they 
envision they will eventually see account migrations from peers and 
competitors, as those peers and competitors are publicly identified as 
a risky supplier for legitimate high-revenue enterprises.
KYC, Analytics, Call Labeling & Blocking
    Numeracle filed further comments \11\ with the FCC on August 9, 
2023, through which they addressed the current state of analytics, 
labeling, and blocking. Some of Numeracle's \12\commentary was 
furthered by an FCC filing made that same day by United Office \13\, 
who included screenshots demonstrating how their customers' calls were 
displayed on Android and iOS devices across major carriers.
---------------------------------------------------------------------------
    \11\ https://www.fcc.gov/ecfs/search/search-filings/filing/
108102252803712
    \12\ https://www.fcc.gov/ecfs/search/search-filings/filing/
108092119116596
    \13\ https://www.fcc.gov/ecfs/search/search-filings/filing/
108092119116596
---------------------------------------------------------------------------
    Both Numeracle and United Office cite working with customers who 
had their calls labeled as `Spam Likely' or `Scam Likely'. Seeking to 
remediate the labeling on behalf of their customers, they worked 
closely with them to get to know them and determine whether these calls 
were mislabeled, often to provide evidence to call analytics companies 
and voice providers in order to correct the mislabeling.
    YouMail has observed that telephone numbers of legitimate calling 
parties (banks, government, security alerts, emergency, and disaster 
alerts) drift from accurate labeling to `Spam Likely' or `Scam Likely' 
treatment over time at individual mobile operators,without any evidence 
to show that the numbers have been compromised or spoofed by a threat 
actor. As the mislabeling occurs, YouMail also observes that its 
customers with the YouMail app installed on their device no longer 
answer these calls, indicating that mislabeling an incoming call 
effectively results in the same outcome as blocking the call as it 
drifts into an answer rate below 5 percent when prior answer rates 
exceeded 50 percent.
    Typically, engagement with services or solutions that would 
remediate and clear up this mislabeling corrects the issue. As 
expected, this generates revenue for vendors that provide these 
solutions and results in increasing the costs of this business 
communicating with its customers, which could eventually mean this 
business passes those higher costs to communicate along to its 
customers.
    YouMail has also observed in its investigations that many robocalls 
received by consumers receive a ``green checkmark'' treatment as they 
appear on devices. TransNexus indicated in their September 2023 
blog.\14\ that among prolific robocall signers, 88.46 percent of calls 
they signed with B-level attestation were robocalls and 79.4 percent of 
calls they signed with A-level attestation were robocalls. Robocalls 
with C-level attestation trend downward (from <40 percent in April 2023 
to <20 percent as of September 2023).
---------------------------------------------------------------------------
    \14\ https://transnexus.com/blog/2023/shaken-statistics-september/
---------------------------------------------------------------------------
    Robocall operators are the most engaged, active calling parties 
seeking to stamp their calls with legitimacy in their quest to maximize 
engagement and answer rates. As a result, they have become the most 
prolific early adopters of new services that promise them A 
attestations for their calls. This presents distinct challenges to 
measure the benefit of labeling and display indicators like checkmarks 
to the public when legal, legitimate call originators are slower to 
adopt than the operators of suspect, grey-area or unlawful calls.
    It is unclear how ``pay to display'' dynamics in the robocall 
labeling industry will ultimately play out. YouMail observes that calls 
with a green STIR/SHAKEN checkmark and display name generally have 
lower answer rates than calls without a green checkmark, which runs 
counter to the results promised by vendors charging call originators 
for these solutions. On the other hand, at the present time, this 
merely indicates the financial commitment of the marketing 
professionals operating highest volume telemarketing robocalls to spend 
to achieve their revenue goals and quotas, and their willingness to 
absorb an extra cost for the calls they place.
TCPA Class Actions
    TCPA class action litigation can have a powerful effect on reducing 
unwanted robocalls. YouMail selected two recent class action 
settlements and the effect on calls received by Americans per month.
    In 2022, DirecTV settled \15\ a $17M TCPA class action lawsuit. 
DirecTV`s robocalls per month reached a peak of an estimated 87 million 
calls received in the U.S. in September 2021. This data does not 
necessarily reflect which calls were subject to the TCPA actions in the 
assorted TCPA lawsuits filed against DirecTV, but provide YouMail's 
estimate of DirecTV robocalls per month over time where the surge in 
calls accounted for approximately 858 million total calls.
---------------------------------------------------------------------------
    \15\ https://topclassactions.com/lawsuit-settlements/closed-
settlements/directv-unsolicited-calls-17m-class-action-settlement/

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    As can be seen, the class action litigation has reduced DirecTV 
robocalls by over 99 percent, which from its total volume has had a 
material impact in the total robocalls received by the public.
    Also in 2022, National Grid settled \16\ a $38.5M TCPA class action 
lawsuit. National Grid robocalls reached a peak of 2 million monthly 
calls by mid-2022, increasing 1500 percent from their pre-surge monthly 
volumes of 150,000 per month.
---------------------------------------------------------------------------
    \16\ https://topclassactions.com/lawsuit-settlements/closed-
settlements/national-grid-pre-recorded-phone-calls-38-5m-class-action-
settlement/

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    YouMail only analyzed and modeled calls identifying as National 
Grid or referencing ngrid.com and did not include calls identifying as 
other entities from the class action suit (KeySpan Gas Corp, Brooklyn 
Union Gas Co, Niagra Mohawk Power Corp, Boston Gas Co, Colonial Gas Co, 
Massachusetts Electric Co, Nantucket Electric Co, Narragansett Electric 
Co). It is entirely possible that the robocall operation distributed 
call volume into different campaigns that no longer identified directly 
as National Grid at a point in time.
    Based on YouMail estimates and models, the TCPA class action 
litigation appears to have caused a 45 percent reduction in monthly 
robocalls directly identifying at National Grid.
State & Federal Enforcement Actions & Coordination
    YouMail works closely with partners in state and Federal 
enforcement agencies to model, track, investigate, provide, and analyze 
evidence of unlawful robocall campaigns. These efforts are largely 
concentrated on a campaign topic--robocalls that consumers recognize as 
carrying specific messaging to induce certain actions from them such as 
to purchase a vehicle warranty contract or to obtain loan assistance 
services. As consumer complaint data collected at a state or Federal 
level indicate specific areas of problematic robocalls, YouMail's 
ability to isolate the robocall campaigns from other communications 
enables real-time tracking, investigation, and enforcement action.
Student Loan Campaigns
    In 2022, concerted efforts by state and Federal enforcement, in 
partnership with YouMail have effected a dramatic reduction in 
robocalls carrying student loan related campaigns. YouMail has modeled 
and tracked 234 distinct robocall campaigns related to student loans 
over the past 3 years and recent work to curb these robocall campaigns 
has resulted in a massive decrease in these calls received by 
consumers. YouMail attributes the December 8, 2022, FCC order \17\ to 
all US-based carriers as the definitive signal to industry to no longer 
allow such robocalls in the network. After being made aware of this 
order, YouMail noted that many providers who had previously tolerated 
such calls began to adopt non-tolerance stances.
---------------------------------------------------------------------------
    \17\ https://www.fcc.gov/document/fcc-orders-voice-service-
providers-block-student-loan-robocalls

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    YouMail does believe that many of these robocall operations have 
shifted from advertising as `student loan' support to advertising their 
services as `debt reduction', `government grant' or other similar 
financial assistance offers in order to evade the FCC order restricting 
student loan robocalls. In this manner, providers cooperating with 
grey-area telemarketing operations providing underlying services have 
complied with the ``no student loan robocalls'' order by shifting their 
offering to ``general loan'' services. Further efforts to curb all loan 
and debt-related robocalls would be necessary to observe an overall 
reduction in total robocalls received by the public from these 
operations.
Auto Warranty Campaigns
    YouMail estimates auto warranty robocalls peaked at 150M weekly 
calls. Joint efforts by state and Federal enforcement from late 2021 
through 2022 have effectively eliminated the auto warranty robocalls 
with a 99 percent reduction to weekly auto warranty robocalls. At 
present, the small number of remaining auto warranty calls in the 
ecosystem,which are so small relative to the period of 2020-2022 in the 
graph they are only a few pixels tall on the graph, appear to be 
lawful, legal calls.
    The final blows to these calls were delivered by the FCC on July 
21, 2022, with an order \18\ to all U.S. providers to avoid or cease 
carriage of auto warranty robocall traffic.
---------------------------------------------------------------------------
    \18\ https://www.fcc.gov/document/robocall-enforcement-order-all-
us-based-voice-service-providers

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

Traceback & Transparency
    On September 29, 2023, the FCC released a Traceback Transparency 
report \19\that detailed 844 tracebacks (1,043 tracebacks records, IDs 
12808-13882) from the period of April 1, 2023, through June 30, 2023.
---------------------------------------------------------------------------
    \19\ https://docs.fcc.gov/public/attachments/DOC-397295A1.pdf
---------------------------------------------------------------------------
    The 844 tracebacks were grouped in campaigns from 21 campaign 
topics tracked by YouMail. These campaign topics were: Amazon Imposter, 
Authorized Order, Auto Warranty, Customs & Border Patrol Imposter, Camp 
Lejeune Solicitation, Financial Services Imposter, Package Delivery 
Imposter, Debt Reduction/Elimination, Financial Hardship, Healthcare 
Assistance, Home Services, CSP Imposter, Loan Approval, Medicare Offer, 
Mortgage Assistance, Disability Assistance, Contest/Sweepstakes, SSA 
Imposter, Student Loan Assistance, Tax/Debt Relief, Utility Imposter.

------------------------------------------------------------------------
 
------------------------------------------------------------------------
US Originating Providers (ORG)                                      61
Non-US Originating Provider (IOR)                                   14
Point-of-Entry Providers (POE)                                      51
Non-Responsive Providers (NR)                                       59
TOTAL Distinct Providers                                           174
------------------------------------------------------------------------

    Of the 174 unique providers receiving the 844 tracebacks, there was 
an average of 4.87 per quarter per provider, or 1.6 per month per 
provider.
    In many cases, multiple tracebacks within the same day reached the 
same provider. If we recognize this as a ``daily provider traceback 
incident'' covering multiple tracebacks within the same day, there were 
371 ``daily provider traceback incidents'' in the 3-month span across 
the 174 providers. The average provider received 2.1 ``daily provider 
traceback incidents'' in the period, or just 0.7 ``daily provider 
traceback incidents'' per month.
    A provider receiving just a single ``daily provider traceback 
incident'' (1 per month) would be higher than the average provider (0.7 
per month).
    YouMail is often asked in industry discussions to reflect on how 
many tracebacks in a period are too many? This report is the first such 
report in which these types of averages can be calculated per provider, 
day, or campaign, which can enable any analyst engaged by a voice 
provider to measure relative concern when receiving a traceback.
    Based on this now-public data, YouMail encourages providers to take 
even 1 isolated traceback as a serious matter to apply investigative 
resources to find all eliminate all present substantially similar 
traffic, while also implementing preventative controls to disallow new 
account creations that will bring back the same traffic under a new 
name. However, it is important to realize that every hour spent by a 
provider investigating beyond the minimum increases costs and decreases 
revenue, so the teams at these providers tasked with this 
responsibility are often at odds to the rest of their organization 
seeking to minimize costs and maximize revenue.
One Shutdown Equals Dozens of Sales & Revenue Opportunities
    Voice service providers have tremendous freedom in how they react 
to becoming aware of unlawful traffic traversing their network. Some 
may shut down just a single account as their ``responsible action'' 
because that is all the evidence indicated to them was problematic. 
Providers currently employing policies of quickly shutting down a 
single account without an extensive investigation not only save 
expenses on investigating the traffic, but they also retain revenue by 
turning a blind eye to other accounts carrying similar traffic. In not 
introducing extra steps and friction into their new account onboarding 
process, they maximize the conversion rates and success of onboarding 
new, incoming revenue.
    If a provider with effective investigative processes and strong 
controls succeeds in exterminating these accounts, while industry 
operates without an advisory to not enable the actor (such as the ones 
that industry received regarding auto warranty and student loan 
robocalls), the robocall bad actors have learned that they should use 
the services of multiple voice providers in order to have back-up 
routes to deliver their traffic and often contact dozens of voice 
providers over the next week to re-establish their operations. Thus, 
one decisive action by a thorough provider creates a sales opportunity 
for dozens of their less careful competitors, especially when those 
dozens do not employ strict requirements to verify the customer or 
their traffic, or obey similar no-tolerance policies before and after 
onboarding new accounts.
YouMail Direct Disruptions
    Using intelligence and evidence from its own proprietary data 
sources, YouMail Protective Services conducts direct disruptions of 
illegal communication campaigns at cooperating communication service 
providers. These communications disruptions include voice calls, SMS, 
MMS, RCS and iMessage channels.
    For the period of June 2023 to September 2023, YouMail Protective 
Services disrupted 2,366 non-voice messaging vectors, enabling illegal 
imposter communications over SMS, MMS, RCS and iMessage channels.

------------------------------------------------------------------------
 
------------------------------------------------------------------------
June 2023                                                          700
July 2023                                                          674
August 2023                                                        603
September 2023                                                     389
------------------------------------------------------------------------

    YouMail is expanding these capabilities, working jointly with 
enterprises in communications, finance, retail and hospitality, as well 
as trade associations, with the goal that once the illegal campaigns 
have been modeled and confirmed by the impersonated enterprise, they 
can be shut down at cooperating enabling communications platforms 
within their first minutes to first hour of operation.
VII. Concluding Remarks
    My testimony reflects a brief assessment of industry relative to 
the current state of robocalls, robotexts, omni-channel marketing 
platforms used by telemarketers and threat actors, potential impacts of 
generative AI, and the successes and challenges in industry compliance 
and enforcement.
    Significant enforcement progress has been made through Federal and 
state efforts, and I am proud that YouMail and its team have played an 
important role in some of the most notable successes, particularly when 
the crosshairs have been trained on specific unlawful robo-
communication operations (robocalls, robotexts, and robo-messages on 
private platforms).
    Communications have evolved significantly over the past decade, and 
businesses and individuals communicate through more channels and 
mediums than ever before in human history. As generative AI finally 
brings a robot, indistinguishable from a human to robo-communications, 
the public has never been at greater risk.
    I urge Congress, as well as state and Federal agencies, to 
recognize that the digitalization of society, along with automation of 
and ease of accessibility to communication platforms, could very well 
mean that U.S. citizens are now at greater risk of harm sourced 
digitally than by physical threat. Agencies should strongly consider 
expanding their budgeted resources to increase investigative and 
enforcement capabilities, while simultaneously considering new policies 
to address bad early adoption threat actors, capitalizing on next-
generation robo-communication tools.
    Thank you for your time today. I am happy to answer any questions.

    Senator Lujan. Mr. Rudolph, thank you so very much as well 
for being with us today. I am going to recognize myself for 5 
minutes for your questions. Now, as you all can see on the 
image behind me, there are multiple examples of scammers 
impersonating companies to trick consumers and steal their 
information.
    Now, these are real messages collected by my staff, but the 
links were changed so that we don't inadvertently encourage 
people to go to these links as well and therefore supporting 
that fraud. Now, this is a problem for so many industries, from 
delivery services, to streaming platforms, to financial 
institutions, to Government agencies.
    And I very much appreciate the groups that are walking in 
now. I don't want to detract from the questions that I have, 
but you all know what robocalls are and robotexts are with your 
devices. I am seeing a lot of heads nodding yes. I am sure you 
are tired of them, and you want them to end.
    That is what this hearing is about. And so, if you all have 
ideas as well, we would invite them to be submitted to us. So, 
the class or the trip that you are on, we may be leaning out to 
you to be able to solicit that information with what is 
happening to each and every one of you.
    Now, Ms. Brown, yes or no, does the prevalence of texts and 
calls impersonating U.S. companies negatively affect the 
ability of your member companies to reach and build 
relationships with consumers?
    [Technical problems.]
    Senator Lujan. Your microphone----
    Ms. Brown. Oh, got it. Got it. Sorry. Thank you. Sorry 
about that. I don't know that it lends itself to a clean yes or 
no. The Chamber is really concerned about business 
impersonation fraud and the texts that you see. But I think, I 
don't know that we have seen a noticeable harm to the overall 
business relationship with our customers.
    Like it is a part of the package and I think our--the 
Chamber members do a good job of keeping those relationships. 
But it is a worry, the brand dilution. And for instance, the 
Marriott case that I mentioned earlier, it is a concern that 
you know, the brands will be diluted by this kind of fraud.
    Senator Lujan. And I will share with you my experience, Ms. 
Brown. There are some companies when they are calling my phone 
now, I will not answer, because I have been hit over and over 
by robocalls from them. There are some companies where they 
have been spoofed before, but it has not been time and time 
again. But I am less likely to answer them, or I am very 
cautious as well.
    Now, that is my behavior. I don't know if that is 
consistent with others across the room. When I was asking them, 
I saw a lot of heads nodding yes. And so, we want to make sure 
that there is that trust that can be established with this form 
of communications. I appreciate that.
    My follow up is, Ms. Saunders, I wanted to talk about the 
impact on consumers specifically. Can you share examples how 
messages and calls such as these defraud customers and limit 
access to goods and services?
    Ms. Saunders. Was that to me?
    Senator Lujan. Yes.
    Ms. Saunders. Yes. I have an example of an elderly woman in 
Virginia who answered a prerecorded call purporting to be from 
the Social Security Administration that it had found drugs in a 
car associated with her and that if she didn't pay a certain 
amount of money to do a certain--take a certain number of 
steps, she would lose her Social Security.
    And as a result, she actually ended up losing hundreds of 
thousands of dollars of savings. I have many more examples. I 
don't know how much time you want me to take with them, but 
there are--a lot of them are written up in our scam report that 
is on our website.
    Senator Lujan. And Jeff, what I may do is, if we can get 
that report, we will ask unanimous consent to submit that into 
the record as well, Ms. Saunders, just so that it is part of 
the record for this particular hearing.
    [The report referred to can be found at the following 
link:]

    https://www.nclc.org/resources/scam-robocalls-telecom-providers-
profit/.

    Senator Lujan. So, thank you so very much. Mr. Bercu, one 
of the recommendations in your testimony supports the FTC and 
FCC clarifications of consent for safe calls.
    Earlier this year, as you said, Senator Markey had worked 
on some other issues, but Senator Markey and I had also led a 
letter to the FCC Chairwoman asking the Commission to update 
guidance along the lines of the FTC, reinstating long held 
requirements for unwanted telemarketing calls.
    Now, Mr. Bercu, you also cited evidence that consumer 
consent for telemarketing is increasingly falsified. Automated 
bots and other artificial intelligence systems are using public 
data to consent on behalf of a consumer for calls they never 
asked for or do not want.
    How can industry, FTC, and FCC update guidance to develop 
standards that would limit the use of automated bots to falsify 
consent for robocalls?
    Mr. Bercu. Thank you, Chair Lujan. I think on this issue, I 
think the courts and the guidance that is out there are pretty 
clear already. You need an actual consumer's consent, and if it 
is falsified, it is not consent.
    So, I think those are clear, and if there is any ambiguity, 
happy to work with you and your staff on resolving that 
ambiguity, because consumers should only be in the calls they 
actually consented to.
    Senator Lujan. I appreciate that very much. Ms. Fischer, 
the floor is yours for questions.
    Senator Fischer. Thank you, Chairman Lujan. To begin with, 
I would like to ask unanimous consent that a statement from 
Senator Thune, and a letter from ACA International and the 
Credit Union National Association be made part of the hearing 
record.
    Senator Lujan. Without objection.
    [The information referred to follows:]

 Prepared Statement of Hon. John Thune, U.S. Senator from South Dakota
    Good morning and thank you Chairman Lujan for holding today's 
hearing.
    Protecting Americans from illegal robocalls has long been a 
priority of mine while serving on this committee.
    Illegal robocalls are not only a major nuisance, but they can be 
dangerous and defraud consumers out of money or steal a consumer's 
identity information.
    Many individuals who fall prey to these scammers can spend months 
or even years getting their life back.
    At the same time, it's important to remember that not all automated 
calls are inherently negative.
    Many important services are carried out via robocall where 
companies and call recipients have pre-established relationships and 
where the consumer has agreed to participate in these types of calls.
    For example, some entities like hospitals and pharmacies use 
robocalls to remind a patient of an upcoming appointment or that a 
prescription is ready for pick-up; airlines use automated calls to 
notify a consumer if their flight is canceled; and credit card 
companies may use calls to notify consumers of important fraud alerts.
    In an effort to reduce fraudulent and illegal robocalls, I authored 
the Telephone Robocall Abuse Criminal Enforcement and Deterrence 
(TRACED) Act with Senator Markey, and the legislation was signed into 
law in 2019.
    The TRACED Act made several important steps to fight the scourge of 
robocalls by providing regulators with the tools to discourage illegal 
robocalls and crack down on offenders.
    It provided the FCC with more time to identify robocallers who 
intentionally violate the law.
    It established rules to protect consumers from the issue of so-
called one-ring scams, where international scammers try to get 
individuals to return their calls so they can charge them exorbitant 
fees.
    TRACED required carriers to adopt an industry-developed standard 
for call authentication.
    And it helped bolster private-led efforts to trace the origin of 
unlawful robocalls.
    These are just a few of the provisions in the TRACED Act that are 
helping make it safer to answer your phone again.
    We knew the TRACED Act wouldn't stop every illegal robocall, but 
the good news is that since the TRACED Act was signed into law, illegal 
and scam robocalls are down.
    When TRACED Act was signed into law, consumers were receiving over 
2 billion scam calls a month.
    Since that time and with the implementation of the TRACED Act, scam 
robocalls have nearly been cut in half.
    While that is a significant improvement, it's not to say there 
isn't more work to be done.
    The prosecution of illegal robocallers can be difficult since many 
scammers are based abroad and can quickly shut down before authorities 
get to them.
    New technologies have made it easier for scammers to hide from law 
enforcement and deceive consumers, such as using deepfakes produced by 
artificial intelligence to mimic family members' voices.
    However, Congress has provided the regulators with several tools to 
go after illegal robocallers, and we need to also make sure the 
relevant agencies are using those tools to deter bad actors.
    The Department of Justice is responsible to prosecute forfeiture 
orders issued by the FCC.
    Despite having the clear authority to collect these unpaid fines, 
it appears the DOJ has not been carrying out this responsibility.
    If we're going to hold bad actors accountable and truly tackle the 
issue illegal robocalls, it's going to require cooperation from all of 
the relevant Federal partners and industry.
    So I'm interested in hearing from our panel today about what steps 
are needed to continue to reduce illegal robocalls because one of the 
biggest negative effects of these illegal robocalls is that they 
frustrate recipients to the point that they are less likely to answer 
legitimate calls.
    I'll continue my work to protect Americans from illegal robocalls.
    Today, I'm eager to hear about the TRACED Act's implementation, and 
what more needs to be done.
    I appreciate each of the witnesses being here today and look 
forward to your testimony.
    Thank you, Chairman Lujan.
                                 ______
                                 
                                          ACA International
                                                   October 24, 2023

Senator Ben Ray Lujan,
Chair of the Subcommittee on Communications, Media, and Broadband,
Washington, DC.

Senator John Thune,
Ranking Member of the Subcommittee on Communications, Media, and 
Broadband,
Washington, DC.

Dear Chairman Lujan and Ranking Member Thune:

    On behalf of ACA International, the Association of Credit and 
Collection Professionals (ACA), I am writing regarding the Subcommittee 
on Communications, Media and Broadband hearing titled ``Protecting 
Americans from Robocalls.'' ACA represents approximately 1,700 members, 
including credit grantors, third party collection agencies, asset 
buyers, attorneys, and vendor affiliates, in an industry that employs 
more than 133,000 people worldwide. Most ACA member debt collection 
companies, however, are small businesses. The debt collection workforce 
is ethnically diverse and 70 percent of employees are women.
Background about ACA International
    ACA International members play a critical role in protecting both 
consumers and lenders. ACA International members work with consumers to 
resolve consumers' debts, which in turn saves every American household, 
on average, more than $700, year after year. The accounts receivable 
management (``ARM'') industry is instrumental in keeping America's 
credit-based economy functioning with access to credit at the lowest 
possible cost. For example, in 2018 the ARM industry returned over $90 
billion to creditors for goods and services they had provided to their 
customers. And in turn, the ARM industry's collections benefit all 
consumers by lowering the costs of goods and services--especially when 
rising prices are impacting consumers' quality of life throughout the 
country.
    ACA International members also follow comprehensive compliance 
policies and high ethical standards to ensure consumers are treated 
fairly. The Association contributes to this end goal by providing 
timely industry-sponsored education as well as compliance 
certifications. In short, ACA International members are committed to 
assisting consumers as they work together to resolve their financial 
obligations, all in accord with the Collector's Pledge that all 
consumers are treated with dignity and respect.
    ACA members support FCC efforts to target illegal scam calls and 
text messages. Illegal fraudsters should be eliminated from the 
marketplace. However, certain FCC policies have done little to stop bad 
actors who do not care about the law, and instead have resulted in 
limiting legitimate informational calls that consumers need. ACA 
supported the Pallone-Thune Telephone Robocall Abuse Criminal 
Enforcement and Deterrence Act (TRACED Act), because of its efforts to 
target bad actors harming consumers. However. Carriers and the FCC have 
not kept up with their end of the bargain in this important law. 
Instead of providing clear standards for transparency and redress 
options when calls and texts are blocked from legitimate businesses, 
the FCC has allowed for opaque and incomplete standards that allow 
carriers to continue blocking needed calls with must know information. 
We ask that Congress consider the following concerns:
FCC's Work on Text Message Blocking
    This spring the Federal Communications Commission (FCC) proposed 
(1) to require terminating mobile wireless providers to investigate and 
potentially block texts from a sender after they are on notice from the 
Commission that the sender is transmitting suspected illegal texts, (2) 
to apply the National ``Do Not Call'' Registry's restrictions to text 
messages, and (3) to restrict the ability of entities to obtain a 
consumer's single consent and use that consent as the basis for 
multiple callers to place marketing calls to the consumer.
    The Commission should not impede the completion of text messages 
sent by legitimate businesses to their customers and other consumers. 
To protect text messages from legitimate companies, the Commission 
should require mobile wireless providers to notify the sender 
immediately when the provider has blocked the sender's text message and 
to resolve disputes no longer than six hours after receiving the 
dispute. ACA with a large group of other stakeholders has outlined 
(here) actions the FCC can take to protect legitimate callers and 
consumers.
    A sender of text messages can only take action to dispute an 
erroneous block if the sender knows that its text message has been 
blocked. Unfortunately, the FCC's erroneous thinking in this area in 
its Report and Order inaccurately stated that carriers are ``already 
providing adequate notice when they block texts.'' The Commission 
should require immediate notification of blocking.
Call Blocking Activity
    In May, the FCC put out another call blocking order and further 
notice for combatting illegal robocalls. The FCC unfortunately has 
missed the mark on requiring carriers to put effective processes in 
place to ensure call blocking is done with transparency and redress 
options, as Congress required in the TRACED Act. A large group of 
impacted callers outlined a number of concerns as they work towards 
seeking appropriate redress.\1\ As noted, several industries report 
that the informational calls that they place, including fraud alerts 
and servicing calls, continue to be mislabeled as ``spam'' based on the 
analytics of voice service providers or their third-party analytics 
service providers. This can discourage customers from answering the 
call or lead voice service providers or third-party analytics service 
providers to block the call. Both of these results prevent consumers 
from receiving important and often time sensitive information.
---------------------------------------------------------------------------
    \1\ https://policymakers.acainternational.org/wp-content/uploads/
2023/08/ABAJointTrades
CommentCallBlocking-FCCEighthNPRM-August2023.pdf.
---------------------------------------------------------------------------
Revoking Consent
    The FCC's 2015 TCPA Order clarified that consumers may revoke 
consent using any reasonable means and barred callers from designating 
the exclusive means of consent.\2\ This past summer the FCC proposed to 
codify this requirement. The notice specifically proposes to codify its 
``previous decision that consumers only need to revoke consent once to 
stop getting all robocalls and robotexts from a specific entity.'' The 
Commission, however, does not cite any previous decision where it has 
ruled that a single revocation stops everything. The Commission here 
also seems to be creating a new regulation rather than codifying an 
existing ruling. Most concerning, the FCC proposes to require callers 
to honor revocation requests within 24 hours of receipt. This is a 
dramatic departure from existing practice that, coupled with banning 
use of exclusive procedures and deeming the revocation to apply to all 
future robocalls and robotexts, creates an impracticable standard.
---------------------------------------------------------------------------
    \2\ Rules and Regulations Implementing the Telephone Consumer 
Protection Act of 1991, CG Docket No. 02-278, WC Docket No. 07-135, 
Report and Order, 30 FCC Rcd 7961 (2015) (``2015 TCPA Order''). 3 
Notice para. 8 (emphasis added).
---------------------------------------------------------------------------
    The Commission predicates its 24-hour rule on the use of automated 
systems to process revocation or opt out requests. Requests to revoke 
consent do not, however, always utilize automated systems and the 
Commission's rules will allow a number of different channels to submit 
such requests. Even where automated systems are used, they only work to 
quickly process requests when consumers utilize prescribed means, which 
the proposed rules would disallow. For example, text messages almost 
universally enable consumers to cancel further messages by texting 
STOP. If a consumer instead texts a word that the system is not 
programmed to recognize, or sends a phrase, sentence, or emoji, the 
requests will not be processed automatically. Even if the consumer uses 
the prescribed method, the sender may process the revocation request 
only with respect to the category of information or channel of 
communication involved in the original message.
    The proposed rule that a single revocation stops all future 
robocalls and robotexts requires coordination and communication 
throughout the enterprise and among the various third-party vendors a 
company may use for communications. The confluence of precluding 
exclusive means, an unlimited scope of revocation, and the 24-hour rule 
creates a standard that is impossible to meet in many cases, and at the 
very least creates compliance uncertainties.
Congressional Discussions
    Congressman Frank Pallone, Jr. (D-NJ) issued a statement, 
``denouncing the ongoing epidemic of abusive robocalls practices,'' 
which he says have been exacerbated by the Supreme Court's ruling in 
Facebook, Inc. v. Duguid, which interpreted the Telephone Consumer 
Protection Act's definition of ``autodialer''. The Supreme Court 
correctly found that to qualify as an ATDS under the TCPA, a device 
must have the capacity to either: Store a telephone number using a 
random or sequential number generator, or produce a telephone number 
using a random or sequential number generator. In other words, 
equipment that can store or dial telephone numbers without using a 
random or sequential number generator does not qualify as an ATDS under 
the TCPA.\3\ While the plaintiffs' bar surely regrets the clarity that 
the 9-0 decision from the Supreme Court provided on this issue, it is 
an important development for a host of businesses making informational 
calls with much needed information for consumers. It has also decreased 
class action litigation under the TCPA.\4\ Fraudulent calls aimed to 
harm consumers should be limited. However, the wide variety of 
financial services calls that consumers need including account updates, 
information about stolen credit cards, and other must know financial 
information should be supported by Congress.
---------------------------------------------------------------------------
    \3\ In April 2021, the U.S. Supreme Court issued a 9-0 decision in 
e your browser tools to copy the text, then click Close. Facebook, Inc. 
v. Duguid, 141 S. Ct. 1163, finding that many lower courts were 
improperly interpreting what types of technology were considered an 
ATDS. The Supreme Court justices were clear that Congress drafted the 
TCPA to address abusive telemarketing, not to punish legitimate 
business callers.
    \4\ WebRecon Stats Dec '22 & Year in Review, available at https://
webrecon.com/webrecon-stats
-dec-22-year-in-review/?utm_source=ActiveCampaign&utm_medium=e-
mail&utm_content=WebRe
con+Stats+Dec++22+%26+Year+in+Review&utm_campaign=Dec+2022+Newsletter&vg
o_ee=AqSu
xCM3%2B72kAO9%2FZXuiVzpLB9tk6tN1Fm%2BmFY3WWOeL8u0%2BWBCfKIYwvb2riYN9. 
(noting that For the full year 2022, FDCPA (-31.3 percent) and TCPA (-
10.8 percent) were both down significantly over 2021).
---------------------------------------------------------------------------
    We understand the serious problem that fraudulent nuisance calls 
present for consumers and it is important to consider public policy 
objectives to limit them. However, the truth is that illegal scam 
artists do not care about the law and as evidenced in recent years, do 
not pay fines even when presented with them. More should be done to 
address this without laws or regulations that in an overreaction 
actually stop calls and texts with needed information.
    Thank you for your attention to the concerns of the ARM industry. 
Please let me know if you have any questions.
                                             Scott Purcell,
                                           Chief Executive Officer,
                                                     ACA International.
                                 ______
                                 
                          Credit Union National Association
                                   Washington, DC, October 24, 2023

Hon. Ben Ray Lujan,
Chairman,
Committee on Commerce, Science, and Transportation,
Subcommittee on Communications, Media, and Broadband,
United States Senate,
Washington, DC.

Hon. John Thune,
Ranking Member,
Committee on Commerce, Science, and Transportation,
Subcommittee on Communications, Media, and Broadband,
United States Senate,
Washington, DC.

Dear Chairman Lujan and Ranking Member Thune:

    On behalf of the Credit Union National Association (CUNA), I am 
writing regarding the Subcommittee's hearing entitled, ``Protecting 
Americans from Robocalls.'' CUNA represents America's credit unions and 
their more than 135 million members.
    We share with Congress the overriding goal of restoring trust in 
communications networks that has been tarnished by unscrupulous persons 
preying on consumers or companies that make no serious efforts to 
comply with the Telephone Consumer Protection Act (``TCPA). Illegal 
robocalls not only harm consumers but also legitimate businesses that 
are increasingly being impersonated by fraudsters that send texts or 
make calls claiming to be one of our member credit unions. Fraud 
facilitated by illegal robocalls and robotexts causes financial harm to 
both members and their credit unions. Thus, we whole-heartedly support 
efforts to target bad actors, get them off and keep them off the 
network.
    Unfortunately, the TCPA has little, if any, deterrent effect on bad 
actors' intent on defrauding consumers. Fraudsters are often located in 
other countries beyond the TCPA's reach or they simply ignore the law 
knowing they are unlikely targets of private litigation. Instead, all 
too often the TCPA, which combines strict liability with statutory 
damages, has become a mechanism to extract monetary settlements through 
threats of class action litigation against companies that are making 
good faith efforts towards compliance. America's credit unions spend 
substantial resources to comply with TCPA's complex array of regulatory 
requirements yet face litigation risk for making innocent mistakes, 
such as calling a wrong number. Further expanding the TCPA will not 
materially advance the goal of restoring trust in our communications 
network.
    Recognizing the limitations of the TCPA to deter bad actors, the 
FCC has turned to technological solutions such as automated calling 
number authentication (STIR/SHAKEN), call blocking regime, and caller 
traceback. We applaud the Commission's recent successes in using these 
tools to identify and shut down some of the worst abusers. These tools 
are still evolving and, while aiding in identifying the worst actors, 
also result in legitimate calls being blocked or mislabeled.
    Achieving a balance between facilitating legitimate calls while 
preventing illegal calls is necessary to restore trust in our 
communications network. Fortunately, Congress created a mechanism to 
achieve that balance. In the TRACED Act, Congress directed the FCC to 
ensure transparent and effective redress for companies whose calls are 
mishandled, and we have sought to work with the FCC to achieve the 
admittedly difficult balancing act of stopping bad calls without 
blocking good ones. We urge the FCC to move forward with the adoption 
of call blocking notification standards so that testing and 
implementation of this technology can begin.
    On behalf of America's credit unions and their more than 135 
million members, thank you for holding this important hearing and 
considering our views on the subject.
            Sincerely,
                                                Jim Nussle,
                                                 President and CEO.

    Senator Fischer. Thank you. I agree with the Chairman that 
this committee's focus on enforcement today is key.
    First and foremost, though, I think we need to ensure that 
our laws and rules that are on the books are being enforced to 
the fullest extent. Since 2020, the FCC has issued 700 million 
in forfeiture orders for TCPA violations.
    However, hardly any of these have been collected mostly due 
to the Justice Department's failure to pursue these cases in 
court. In its obligations under the TRACED Act, the DOJ also 
seems to have missed the opportunity to submit a report with 
meaningful recommendations.
    Ms. Brown, do you believe that the Justice Department is 
doing enough to ensure that bad actors carrying out illegal 
telemarketing and robocall schemes pay the penalties that the 
FCC assesses?
    Ms. Brown. Thank you for the question. And in my written 
testimony, we explain, no, I don't believe the Department of 
Justice is doing enough, and you can sense that frustration 
from the FCC Chairwoman.
    They certainly at the department have a lot of tools that 
they can use, both to enforce FCC orders, but on their own to 
bring righteous mail fraud, wire fraud cases, and enforce the 
laws that you all have passed.
    So, yes, we believe the United States Department of Justice 
should do more, and as a former DOJ official, I think it is a 
missed opportunity for them.
    Senator Fischer. So, what can we as Congress do to make 
sure that they do enforce those rules, that as you said, they 
have the tools. So how do we get them to use them?
    Ms. Brown. Well, I think that one challenge is it is hard 
for Congress to direct the Department of Justice to take 
specific action due to separation of powers. But you have a lot 
of power to nudge, cajole, and shape expectations.
    And in my written testimony, we offer a few examples. In 
the TRACED Act, for example, you impose some pretty robust 
reporting obligations on the Federal Communications Commission. 
We think similarly you could impose those kinds of updates, 
mandates on DOJ to let you all know what they are doing.
    We also suggest that DOJ should prioritize funds for 
investigations and enforcement, and you all can direct some of 
that. And then requiring DOJ, for example, to establish a 
robocall enforcement and education office.
    Right now, at the Department, I think much of their 
robocall effort is housed under an elder justice initiative, 
and I think that is really important, obviously, but they can 
do more. And I think Congress can really look into that and 
impress upon them that this is a priority.
    Senator Fischer. You know, to me, this focus on enforcement 
really is two pronged. We want to make sure that the Government 
is going after the bad actors, and we want to avoid opening up 
legitimate actors to frivolous lawsuits.
    Abusive litigation against businesses acting in good faith 
does nothing to stop criminals. Ms. Brown, would you provide 
some examples of TCPA filings that you view as litigation 
abuse?
    Ms. Brown. Certainly, thank you. And unfortunately, there 
are a lot, and I would commend to anyone's attention the work 
that the Chamber's Institute for Legal Reform has done. They 
have had several reports that give examples.
    But one example that stuck out to me recently, the City of 
Albuquerque was sued after sending text messages to local 
residents during the COVID-19 pandemic to notify them of the 
opportunity to participate in socially distanced town halls.
    And ultimately, Senator, I believe the city was able to get 
out of that lawsuit, but not after burdensome litigation. And 
that is just one example of many that seems to go after 
beneficial communications, or at least not the bad actors that 
I think we are here mostly to talk about.
    Senator Fischer. You know, we have many members on this 
committee who represent very rural states.
    There is a lot of vastness in our states, and we want to 
make sure that rural Americans receive services, Governmental 
services, but also services from private industry. And many of 
rural America is still connected with copper mines and they are 
vulnerable when we look at these fraudulent schemes that are 
out there.
    Mr. Bercu, what are the challenges that remain for these 
copper based voice service networks in terms of stopping 
illegal robocalls and their telemarketing schemes? And does 
this lack of fiber that we see in rural areas, does that have 
an outsized effort on most of our rural constituents that we 
have?
    Mr. Bercu. Thank you. I think there are challenges. I know 
the industry is very committed to moving to IP and that work is 
ongoing. Yes, when STIR/SHAKEN information can't be passed to 
the legacy networks.
    But what I would say is that the protections in place are 
helping all consumers. When we trace back calls, those calls 
are hitting people in New York. They are hitting people in 
rural America as well.
    And so, when we get them off the network, that is helping 
everyone. Same with STIR/SHAKEN. It is helping infuse 
accountability that benefits everyone, whether they are getting 
their calls with STIR/SHAKEN or not.
    Senator Fischer. Yes, thank you. Thank you, Mr. Chairman.
    Senator Lujan. Thank you very much. Senator Markey, you are 
recognized for your questions.

               STATEMENT OF HON. EDWARD MARKEY, 
                U.S. SENATOR FROM MASSACHUSETTS

    Senator Markey. Thank you, Mr. Chairman. In 2019, I was 
proud to partner with Senator Thune to pass the Telephone 
Robocall Abuse Criminal Enforcement and Deterrence Act, the 
TRACED Act, which directed the Federal Communications 
Commission to issue critical new rules to crack down on illegal 
robocalls.
    The TRACED Act has helped stop some of the worst practices 
by robocallers, but robocalls remain a plague on our telephone 
system. My constituents in Massachusetts received over 623 
million robocalls last year, nearly 20 robocalls per second. 
This year, Massachusetts residents are on pace to receive 800 
million robocalls.
    Across the country, Americans are on pace to receive 54 
billion robocalls this year. Some robocalls are lawful, but of 
course the numbers of unlawful calls are astonishing. To each 
of the witnesses, starting with Ms. Saunders, do you agree that 
robocalls remain a serious problem for consumers, yes or no?
    Ms. Saunders. Yes.
    Senator Markey. Ms. Brown.
    Ms. Brown. Unlawful and illegal robocalls certainly do. 
Yes--whoops, sorry.
    Senator Markey. Yes. Mr. Bercu.
    Mr. Bercu. Yes, illegal robocalls remain a problem.
    Mr. Rudolph. Yes, absolutely.
    Senator Markey. Thank you. These fraudulent robocalls cost 
consumers tens of billions of dollars every year and undermine 
trust in the telephone system. That is a serious problem, 
period.
    And I want to turn to one particular element of the TRACED 
Act. The law directed the FCC to require the telephone 
providers adopt a technical standard to verify that caller ID 
information was accurate.
    Senator Thune and I drafted this provision to stop bad 
actors from falsifying caller ID information, a practice known 
as spoofing. Robocallers often spoof calls to make the caller 
ID indicate that a call is coming from a local number.
    I am pleased that the FCC has worked expeditiously to 
implement this provision, but I am also deeply alarmed by the 
sheer number of fraudulent robocalls and scams. Robocallers 
seem to be changing their methods faster than we can adjust.
    Ms. Saunders, do you agree that the TRACED Act has been 
helpful in reducing the number of spoofed calls, but that 
robocallers have found ways to circumvent these rules?
    Ms. Saunders. Yes, sir, I do.
    Senator Markey. And Mr. Rudolph, do you agree with Ms. 
Saunders' assessment?
    Mr. Rudolph. Absolutely. I know we see less spoof numbers 
than ever before. We see that the threat actors, especially 
those impersonating banks, getting real active phone numbers. 
And also jumping when a bank branch closes down, grabbing that 
number and then using that number to contact people.
    Senator Markey. Yes. It is unbelievable. Targeting 
robocallers is like an endless game of whack a mole, and so far 
the moles are winning by an astonishing margin in this battle. 
If the robocallers have evaded the caller ID system by 
exploiting how phone numbers are distributed, then we may need 
to adapt our regulations as well.
    And I want to say one final word about the FCC's robocall 
mitigation data base. Every telephone provider must register 
with that database at the Federal Communications Commission, 
and companies that have not yet implemented the caller ID 
verification system must submit a plan for addressing illegal 
robocalls.
    Last week, the FCC took an important step to begin removing 
20 noncompliant companies from the robocall mitigation data 
base. Some of the companies' filings were laughable. Here is 
one. Here is one of the filings right here. Pretty simple to 
see. It is a blank piece of paper.
    That is what they have submitted in terms of their 
compliance with the law. Another filing was a picture of the 
company's logo. Another provider submitted a document that said 
nothing in capital letters on the sheet of paper on the 
website, nothing.
    I am glad the FCC has launched enforcement proceedings 
against these obviously problematic filings, and I appreciate 
the ideas that Ms. Saunders has suggested to further strengthen 
the robocall mitigation data base.
    I look forward to continuing to work with the Commission 
and my colleagues on this issue. It goes right to the heart of 
the issue that just drives every American crazy every single 
day, the unwanted robocalls coming into their lives all day 
long at the most inconvenient times, almost knowing that you 
are home, and you are having dinner with your family to be the 
perfect time to get the whole family angry at these companies.
    So, we thank you, Mr. Chairman, for having this hearing, 
and we just have to keep our focus on this issue. Thank you all 
so much for everything that you are doing.
    Senator Lujan. Senator Markey, thank you very much. And 
especially bringing attention to the filings at the end of your 
testimony today. I am reminded that some of those filings also 
include menus from restaurants as being submitted as official 
documents as well.
    So, thank you very much on bringing more and more attention 
to the enforcement side of this. Thank you very much, Senator, 
and your work on this. Senator Budd, you are recognized for 5 
minutes.

                  STATEMENT OF HON. TED BUDD, 
                U.S. SENATOR FROM NORTH CAROLINA

    Senator Budd. Thank you, Chairman. And I thank you for the 
witnesses for being here today. You know, when I talk to folks 
from North Carolina, they ask me about this topic a lot. They 
talk about robocalls, and they express their frustrations, some 
of them. They don't want to download the app that helps screen 
these things or pay a few extra dollars for that. So, they are 
frustrated. They want some solutions.
    When I was in the U.S. House a year ago, I was proud to be 
an original co-sponsor of the TRACED Act, which I think it is 
making a difference. According to YouMail, scam, robocall 
volumes have declined about 55 percent since their peak in 
October 2019. Tools like Industry--the Industry Traceback Group 
and deployed authentication technologies like STIR/SHAKEN--
great name, by the way, they better detect spoofing. They seem 
to be working.
    So, I think we all still agree, however, that there's still 
a lot of work to do. So, Mr. Bercu, in your written testimony 
you noted that, ``Government and brand imposter calls 
predominantly originate abroad.
    These are scams where someone claims to be calling from the 
IRS regarding back taxes or from the local power company on an 
overdue bill. These scams are particularly dangerous because 
they pretend to be communication from important institutions 
like Government agencies, utilities, or from banks.''
    In your working with the Industry Traceback Group, have you 
identified any gaps in Federal efforts to prevent illegal scam 
robocalls that make going after those foreign callers 
difficult?
    Mr. Bercu. Thank you. Yes, it is difficult because they 
feel they are not going to face justice because they are not 
based here. They use shell companies. They get kicked off a 
network and find a new one. So, absolutely, we have been very 
effective in disrupting them. We have seen some of the impact, 
especially on the robocall side, that the scam volume is way 
down.
    But, you know, it is one of the reasons, you know, I agree 
with my colleague here, Megan, that criminal enforcement 
against these individuals, these groups that is organized crime 
abroad doing this is absolutely critical because that--the only 
way they are going to stop trying to defraud Americans is if 
they are taken off the board. So, we think that is very 
important.
    Senator Budd. Thank you. So, you mentioned for--you 
mentioned the enforcement agencies. What could some of them do 
to improve the success rate of stopping these foreign placed 
robocalls?
    Mr. Bercu. So again, I think criminal enforcement is key. 
When the--a few years ago, when the Department of Justice, FBI 
worked with the Central Bureau of Intelligence in India to raid 
some of these call centers, Government impersonation scams went 
down almost overnight. So, that is key. It is really working 
with those partners abroad and bringing people to justice, I 
think is the key.
    Senator Budd. Thank you. Ms. Brown, in your testimony you 
discussed how the Department of Justice does not sufficiently 
prioritize prosecuting bad actors who break robocall laws and 
they attempt to defraud Americans.
    How does a lack of enforcement action influence efforts to 
shut down scams and make the cost of illegally robocalling 
significant enough to dissuade criminals?
    Ms. Brown. Thank you for the question, Senator. I think the 
lack of DOJ enforcement kind of shows that the FCC's efforts 
really run out of steam if the department is not there to sort 
of get them across the finish line to actually collect on some 
of those forfeitures.
    Similarly, there are open and notorious scammers that seem 
to me very clearly violating the wire fraud and the mail fraud 
statutes. And I think sending a message, as Josh was just 
saying, whether it is to overseas scammers or domestic 
scammers--I mean, some of the folks the FCC has brought 
enforcement actions are right here in the United States.
    And the Department has taken a few actions to bring some 
cases, but I think they could do far more to send that message 
that we are not going to tolerate these scams and the fraud 
that Margot discussed.
    Senator Budd. Thank you. So how would small businesses, who 
themselves can be victims of these robocalls and illegal scam 
calls, how would these small businesses benefit from increased 
DOJ enforcement of the existing laws?
    Ms. Brown. Is that to me, Senator?
    Senator Budd. Sure.
    Ms. Brown. Great. I think they would benefit in the same 
ways that consumers would if they are being victimized and they 
don't have the resources to deploy sophisticated anti-fraud, 
then sending that message to take, as Josh said, some of these 
bad actors off the board, I think would be really, really 
helpful to them in much the same way that consumers are being 
defrauded.
    Senator Budd. Anyone else helping small businesses?
    Mr. Rudolph. First, I would like to commend your Attorney 
General. North Carolina is one of the top leaders in robocall 
enforcement at the State level.
    I would say that small businesses, we have data that shows 
some of the threat actors understand that they have got deeper 
pockets, I suppose, as a targeted victim. So, we are seeing a 
rise in specifically the robocalls and robotexts.
    They are trying to hit small business owners and convince 
them, you know, to engage in their campaigns.
    Senator Budd. Thank you. My time has expired.
    Senator Lujan. Thanks, Senator Budd. Senator Tester, you 
are recognized for questions.

                 STATEMENT OF HON. JON TESTER, 
                   U.S. SENATOR FROM MONTANA

    Senator Tester. I want to thank you for holding this 
hearing, you and the Ranking Member. I appreciate it very much. 
I want to thank the folks who are testifying today.
    We got murderers, we got child molesters, we got rapists, 
we got drug peddlers, we got people who commit armed robbery, 
and then we got robocallers, OK. And it distresses me a lot 
when I hear that there is $700 million of fines that have been 
levied and no collections.
    Ms. Brown, you were--were you with the U.S. Attorney's 
Office at one point in time in your career. Is that what I 
gathered?
    Ms. Brown. I was at Main Justice at the Department of 
Justice.
    Senator Tester. Well, that is good enough. So, look, they 
got all this stuff. I know the U.S. Attorney in Montana, for 
example, is very, very busy running down people who are doing 
horrific crimes.
    By the way, I could make a claim that this is nearly as 
horrific as any of those ones I mentioned before. Why? Because 
I have got a business. I was on top of a combine this year. The 
phone is ringing. I am expecting a call from my wife. I bust 
off the combine, damn near break my leg.
    I get to the call and the guy is asking me if I paid my 
loan for when I was in school. I haven't been in college in 45 
years, and I didn't have a loan when I went then because it was 
a different time, OK.
    So, these guys are bad, bad people. The question I have is, 
the DOJ has levied these fines and none of it has been 
collected. There is an effort here in this body to defund the 
Department of Justice. Do they have enough people? For you, Ms. 
Brown.
    Ms. Brown. Well, having been at Main Justice, I know they 
have a lot of priorities. They have a lot of people. I do think 
the department can probably walk and chew gum at the same time 
and prioritize a few more of these cases, if that is what you 
are asking.
    Senator Tester. I would love it, because we can pass all 
the laws we want here and we can take credit for passing these 
laws, but unless somebody drops the hammer on these clowns and 
makes them pay a price, puts them out of jail, or better yet 
even puts them in jail, and I would pay more taxes to put these 
people in jail, I think it is going to continue to happen.
    And it is going to happen--when I was in the State 
legislature, 20 years ago, we passed the do not call list. I 
have signed up for multiple do not call list, and I get more 
robocalls today than I did back in 2003, for example, 20 years 
ago. So, the question is, does Congress need to do any more, or 
is this all about enforcement?
    Ms. Brown. For me, again, Senator?
    Senator Tester. Ms. Saunders, I will let you go. Ms. Brown 
got the last one, so we will spread it around.
    Ms. Brown. Yes. It is your turn.
    Ms. Saunders. Our main point in our test--in the testimony 
that I have submitted is that the incentives need to be 
changed, whatever way it is done.
    Senator Tester. Well, I understand if you hit somebody in 
their wallet, that kind of hurts.
    Ms. Saunders. Right, right. And what we have proposed is 
that the FCC adopt a methodology such as is permitted under the 
Federal rules of civil procedure to get a temporary 
restraining----
    Senator Tester. And they have not done that yet?
    Ms. Saunders. No. So that once a particular voice service 
provider is found to be a repeat offender----
    Senator Tester. Yes.
    Ms. Saunders.--and to continue to process illegal calls 
after it has been notified previously----
    Senator Tester. Yes.
    Ms. Saunders.--the FCC should be--should suspend 
immediately its ability to----
    Senator Tester. OK. Do the rest of the people on the panel 
agree with that perspective? Ms. Brown.
    Ms. Brown. I haven't reviewed closely Ms. Saunders' 
proposal, but I am not sold that we need new authorities over 
at the FCC to do the kind of suspensions that she is talking 
about. I think they have got----
    Senator Tester. But do you think those suspensions would be 
OK if they did them?
    Ms. Brown. On the voice service side, I am not sure exactly 
whether there would be some unintended consequences there of 
what she is proposing, but they certainly can do more with 
their cease and desist orders and notices.
    Senator Tester. Mr. Bercu.
    Mr. Bercu. So, I think when we are talking about fraud, one 
of the themes is that the fraud actors change their behavior. 
They have moved from robocalls to more targeted calls.
    And some of the tools we have built for robocalls don't 
work as well for a live call. There is a big difference from I 
let someone on my network make----
    Senator Tester. But you know what, I don't--I very seldom 
get live calls. I get a call from a damn computer that sounds 
like a live person that then if I stay on long enough, goes to 
a live person who I ask, why don't they get a real job because 
there is plenty of jobs out there in society now instead of 
being a crook. So why is there a difference here?
    Mr. Bercu. So, in that, that would be a pre-recorded call. 
But I still think enforcement against the fraudsters is really 
the key there, because they are going to keep adapting as the 
rules and the protections change. It doesn't mean we shouldn't 
keep adding more protections, but they will always keep working 
to try to get around them.
    Senator Tester. I got it. That is what a crook does. They 
look for the--and by the way, these are crooks. They look for 
the weakest link in the fence.
    So, I came to this hearing hoping that I would hear from 
some of you, and I did hear from Ms. Saunders, your view, what 
we can do to stop. Not to slowdown. We have been slowing down 
forever. But to stop these folks. Anybody have anything that 
Congress can do to stop them or--I haven't asked you a question 
yet, Mr. Rudolph.
    Mr. Rudolph. You referenced, you received a loan robocall, 
right.
    Senator Tester. Yes. I have taxes, loan robocalls. And by 
the way, it is the same voice, the same computer, the same 
call, sometimes called from my neighbor's phone, by the way. 
So, I don't know if that is illegal now or not.
    I had a neighbor that got a call from his own phone number 
one time. I mean, this is crazy. This is crazy stuff that this 
country doesn't need in their economy. Keep going.
    Mr. Rudolph. So, your loan robocall, I would strongly 
suggest that is domestic originated and that is an area that I 
would call gray area telemarketing.
    So, in this case, right now we don't have--we track 
thousands of active campaigns per week and current enforcement 
efforts are just working on the highest volume, prioritized 
campaigns.
    So, your specific robocall, if you can get your state or 
you can get the FCC to put that on the priority list, that is 
one that we have got the tools and the techniques to diffuse. 
There is just not enough manpower to, you know, have a priority 
list that goes more than 10, 15 campaigns deep.
    So, if we can get--if we can start working, you know, 50, 
100 campaigns deep on a week to week basis, the FCC has showed 
effectively, you know, that the highest volume campaigns can be 
stopped.
    Senator Tester. Just for the record, if any of you know how 
many these are done out of State versus in country, out of 
country, I would love to know that information. Thank you all. 
This is a bunch of crap, I will just tell you. We need to stop 
this. This is not good for anybody. And for the robocallers out 
there, go get a damn job.
    Senator Lujan. Thank you very much, Senator Tester. Senator 
Vance, the floor is yours for questions.

                STATEMENT OF HON. J. D. VANCE, 
                     U.S. SENATOR FROM OHIO

    Senator Vance. Great. Thank you, Mr. Chair. And I agree 
with Senator Tester, and my questions are going to pick up 
largely in the same vein. Mr. Bercu, the thing that I struggle 
with sort of reviewing materials that my staff prepared for me 
for this hearing and just obviously experiencing this 
particular problem as a human being.
    And I--you know, my own mom just a couple of weeks ago sort 
of called me and gave me the quick hits of a particular scam 
that had been--targeted her. And it seems like we keep on 
tinkering around the edges here a little bit. We sort of do 
these little things and maybe they slow it down to Senator 
Tester's point.
    But we are fundamentally allowing crooks to prey on some of 
the most vulnerable people in our country, people who are 
living on fixed incomes and so forth. And I guess I am just 
wondering if we were willing to do something big.
    And it is one of the few things maybe that you could get 
bipartisan majorities in this House or this chamber to do. If 
we wanted to do something really big here, what could actually 
stop this, right.
    So, the example that we talked about, or that I was talking 
about earlier just with a friend, is, you know, you ban 
robocallers from calling a particular number, but then let's 
say an individual goes and signs up on something online and 
they don't read the 75 pages of fine print, and one of those 
pages of fine print effectively signs their number up to be 
robocalled and that opens up the floodgates that allows 
criminals to go after them.
    I am just wondering like what can we actually do to stop 
this thing? I want to pick up where Senator Tester left off.
    Mr. Bercu. Thank you, Senator, for the question. I think 
one of the challenges here is the phone system by its nature is 
a series of interconnected networks. So, the providers that are 
providing service to us, all they know is like your mailman 
would know, what is the address? Where is this going?
    They don't know what's inside the content. So that is the 
fundamental challenge. And what we do in Traceback, we trace 
back the illegal calls and we hit five, six, seven, eight 
providers that all touch it on way, and it mixes in with legal 
traffic as well.
    So, I think that is where--I think what is big is criminal 
enforcement. It is the theme that I am going to keep hitting 
here because if--even if we stopped every single robocall, the 
criminals who do this, their day job is still defrauding 
Americans, and they will just find a new version.
    So, the only way to get them to stop defrauding Americans 
is criminal enforcement.
    Senator Vance. Do we have a sense of how many of these 
people are actually in America versus how many of them are 
overseas?
    Mr. Bercu. So, in our experience, it varies a little bit 
based on the type of call. So, the pure fraud robocalls, the 
pure fraud vishing calls, voice phishing calls, et cetera, 
those are predominantly coming from overseas.
    The unsolicited telemarketing calls, those may originate 
here and be done by people here. But to what Megan said before, 
we--one of the reasons it is hard to collect fines against them 
is they pop up a new shell company, dissolved the old one, and 
are now doing new robocalls under a new name.
    And I do think there are some laws that might apply and 
that might make that criminal.
    Senator Vance. And where are they coming from, the ones 
overseas? I mean, are there particular areas? You know, you 
sort of hear about Eastern Europe or Nigeria, sort of--where 
are these things actually coming from?
    Mr. Bercu. A lot are from India, some are from Dominican 
Republic, some other countries as well. But India is a big 
portion of the calls.
    Senator Vance. And has there been any effort sort of 
diplomatically, legally, to interface with some of the 
countries where this fraud is most common and actually use the 
extraordinary leverage the United States has to bring some of 
these folks to justice?
    Or is there sort of an attitude like once it is in another 
country, it is such small ball things relative to other 
international crime, we don't focus on it, but of course, it is 
not small ball to the people who are affected by it.
    Mr. Bercu. There has been collaboration. And when there is 
collaboration, when our FBI works with the Central Bureau of 
Intelligence in India and raids these call centers, we see the 
impact. YouMail data will show just Government imposter scams 
dropped immediately after those raids. So, I think that is a 
testament to why we should keep prioritizing that, because it 
does work.
    Senator Vance. OK. One final question here. We are actually 
going to an artificial intelligence briefing with some industry 
leaders later this afternoon. What could we do to help AI 
platforms and social media companies shield their data or tools 
from being used for more elaborate, you know, family emergency 
scams, things like that?
    Mr. Bercu. You know, happy to work with you on that. You 
know, I am not sure how--what exactly you could do on the 
social media side. But one thing I will say is that the TCPA 
right now makes illegal robocalls to cell phones, and robocalls 
are making the calls with a pre-recorded or artificial voice. 
So, I think there--just one thing there is the TCPA I do 
believe applies.
    Senator Vance. OK, great. Thanks, Mr. Chair. I yield.
    Senator Lujan. Thank you, Senator Vance. Senator Klobuchar, 
you are recognized----

               STATEMENT OF HON. AMY KLOBUCHAR, 
                  U.S. SENATOR FROM MINNESOTA

    Senator Klobuchar. Thank you, Mr. Chair. A lot of questions 
here. I will go fast. First of all, we know that after the 
TRACED Act passed in 2019, after new FCC rules were in place, 
the number of scam robocalls declined by almost half. Now we 
are having all kinds of new issues.
    And Mr. Bercu, you noticed in your--noted in your testimony 
that we--that there is collaboration between industry and the 
FCC. How can we make sure that tracing illegal calls to their 
origin results in actual enforcement action?
    Mr. Bercu. So, I think what we have seen, the FCC's 
approach with the cease and desist, I think it has been highly 
effective. They have targeted certain campaigns. They have 
dropped off the face of the earth almost.
    So, I think we are making great progress. I think the more 
we do--some of the rules the FCC did about know your provider, 
I think it is a process, and over time that is going to keep 
going the right direction. So, I think we have done a lot of 
great work there.
    Senator Klobuchar. OK. Good. Ms. Saunders, why do you think 
particularly these telemarketing calls, that these volumes are 
so high? I mean, I was just looking. We have got so many 
people, 221 million numbers registered on the do not call list, 
and still, we are seeing a number of people call about 
violations. What solution should we prioritize here?
    Ms. Saunders. So first, let me say that I believe that the 
number of scam calls there have appeared to be reduced because 
there has been a reorganization or recategorization of many of 
those calls. Many of the calls that had previously been 
identified as scams have now been identified as telemarketing 
calls.
    And as Mr. Bercu said, most of the telemarketing calls 
originate in the United States. We think that what needs to be 
done is the FCC should adopt a quick acting, temporary 
restraining order type of methodology, and once a voice service 
provider is found to have repeatedly, after notice, processed 
scam or telemarketing calls, they should be suspended 
immediately from the robocall mitigation data base. That will 
cost them money. And even if they--after they have----
    Senator Klobuchar. So, that will make--that will be an 
incentive to be more careful.
    Ms. Saunders. That is correct.
    Senator Klobuchar. OK. All right. I like it. AI voice 
cloning. Senator Vance mentioned this. We actually had, I had 
someone I know that got one of these calls. His son serving in 
the Marines, deployed. So, he knew he was deployed, didn't know 
where. They get a call, because they scraped his voice off the 
internet, asking for money to be delivered to somewhere in 
Texas.
    I have had two other military families tell me this story 
in Minnesota. I don't--this is unbelievable to me. So, what are 
service providers, Mr. Bercu, what are they doing to get ahead 
of these robocalls made using voice calling?
    These are obviously targeted ones with the person's voice, 
but all kinds of things could happen. And what can we do, Mr. 
Rudolph, to mitigate this?
    Mr. Bercu. Thank you. You know, the voice service providers 
take protecting their customers very seriously. They are always 
looking at the greatest technology. They have implemented 
blocking and labeling. They have analytics running on their 
network.
    So, I think they will continue to try to find out how they 
can identify those scams and how they can take action 
accordingly. One of the things with our Traceback effort, 
whether it is a robocall or one of those calls, we can trace 
those back.
    We can find out who is making them. We can find out who put 
it on the network. So, I think Traceback will be a really 
important part of stopping those going forward as well.
    Mr. Rudolph. Your specific use case is a targeted attack.
    And based on the investigations that we have done so far 
into similar attacks, those are threat actors who have gotten a 
personal phone and a personal phone number, just like anybody 
going into a store to get a device.
    So those are extremely hard for a communication provider to 
deal with. It looks just like a customer making those phone 
calls, yes.
    Senator Klobuchar. Right. I understand. I get it, I get it. 
Yes, I am not--actually, I am just using it as an example. Then 
it could get worse, right?
    Mr. Rudolph. Absolutely.
    Senator Klobuchar. And to the voice of general in that they 
know I am famous commander or something, anything, and it would 
go to all the military families, or it would go to people 
thinking it is a political person and turns into a robocall. 
So, I do think this adds to the danger.
    Last thing, robotexts. There were over 12 billion spam 
texts to Americans just last month. I think I got half of them. 
And these texts often include links that install malware and 
spyware on a consumer's device. In March, the FCC adopted 
rules. Ms. Saunders, what other measures should they consider 
to go with these illegal robotexts?
    Ms. Saunders. We have recommended to the Commission that it 
adopt special security rules for robotexts that include URLs 
just because of this significant damage. Congress could also 
pass regulations that--or statutes that provided more 
protection for consumers once they have had their money stolen 
from their bank accounts. There are--that would be a big help 
as well.
    Senator Klobuchar. All right. Thank you. Thank you, Mr. 
Chairman.
    Senator Lujan. Thank you, Senator. Senator Welch, you are 
recognized.

                STATEMENT OF HON. PETER WELCH, 
                   U.S. SENATOR FROM VERMONT

    Senator Welch. Thank you very much. I mean, you are hearing 
the incredible frustration all of us have. You heard Senator 
Vance, Senator Tester, Senator Klobuchar. I mean, it is really 
driving our constituents crazy.
    Vermont with 3.5--small State, 3.5 million robocalls just 
last month. It is like six calls per Vermonter. And it is 
really--it is really, really unsettling, especially to older 
people, who think they may be getting a call from a grandchild 
or a son or a daughter and they have to pick it up and figure 
out what is going on.
    And I know you are trying to do stuff, but it is not 
working. It is not working in the way it needs to. You know, I 
joined Senator Lujan and Senator Markey in asking the FCC to 
align its do not call registry guidelines with those of the 
FTC, as well as prohibit telemarketers from calling consumers 
without explicit consent.
    Ms. Saunders, do you believe these actions would benefit 
consumers? And what additional steps can Congress take to push 
the FCC and better protect consumers from robocalls?
    Ms. Saunders. Thank you for the question, Senator. We have 
been pushing the FCC for months now to simply reiterate that 
the language in its current regulations mean what it says. And 
instead, the FCC has proposed regulation that would reduce 
protections from the current regulations, and we have been very 
afraid of this. So, actually----
    Senator Welch. Why is that? Why are they doing that?
    Ms. Saunders. We--I am not sure whether it is a 
misunderstanding or whether the lead generators and the sellers 
who are benefiting from these telemarketing calls have gotten 
to them, frankly.
    But the proposed regulation or anything like it is very 
dangerous. The FCC issued regulations 20 years ago explicitly 
requiring that every telemarketing call is only legal if it is 
prerecorded. If the consumer has provided a signed, written 
consent allowing that caller to make calls to that consumer.
    And the proposed regulations would allow more calls per 
consent. Would not require a writing--and so, I can't tell you 
why they are issued--why they are proposed. But I can say that 
if you can encourage the FCC not to proceed in this way, it 
would be beneficial.
    Senator Welch. All right. Let me move on to a question for 
Mr. Rudolph. It is about generative AI. And, you know, there is 
some argument that that could help actually push back on the 
scammers, but it also obviously is a tool that is going to be 
used by scammers, especially generating a familiar voice.
    Can you tell me how the evolving landscape for generative 
AI impact the ongoing efforts to combat fraudulent 
communications and protect consumers?
    Mr. Rudolph. First, I would like to recognize your State as 
well. There is robocall platforms and robocall operations that 
refuse to call Vermont. That state is too hot to call.
    So, your constituents benefit from your Attorney General's 
work in that regard. On the topic of generative AI, clearly 
threat actors have flocked to it. It allows them--allows one 
person to do the work of hundreds. Generative AI doesn't have 
ethics or questions about what it is doing as it is affecting 
social engineering.
    On our side, on the good guys side defending against, you 
know, what is going on in industry--a Senator earlier showed a 
blank piece of paper as a robocall mitigation plan. Generative 
AI can--or a large language model can rip through the robocall 
mitigation database filings and actually synthesize and 
understand if there are sufficient or lacking sufficient 
controls.
    So that is a great place where we can apply that technology 
and probably discard half the entries in the database in an 
afternoon or a week of work.
    Senator Welch. All right, Mr. Saunders, again, thank you. 
The STIR and SHAKEN, I want to go through it. You know it. But 
how can the FCC incentivize providers to use the available 
tools to block calls?
    Ms. Saunders. I think the FCC has done a very good job at 
implementing STIR/SHAKEN. And the problem with STIR/SHAKEN is 
not the particular technology. It is the fact that there is 
this whole other method for robocallers to use borrowed 
numbers, rotating numbers for--as Mr. Rudolph explained, for a 
minute or for a particular call.
    And the ability of robocallers to use the numbering 
resources or misuse them in this way completely undermines the 
whole purpose of STIR/SHAKEN. So, I think now it is time for 
the FCC to drill down on the numbering resources misuse.
    Senator Welch. And thank you. I yield back, Mr. Chairman.
    Senator Lujan. Thank you, Senator Welch.
    Senator Hickenlooper, you are recognized.

             STATEMENT OF HON. JOHN HICKENLOOPER, 
                   U.S. SENATOR FROM COLORADO

    Senator Hickenlooper. Thank you, Mr. Chair. And thank all 
of you. What a fascinating issue that--I mean, you look at some 
of the issues around the world and this seems relatively small, 
and yet when you talk to constituents in any of our states, we 
see this is top of mind, something that drives people batty. I 
mean, just they can't function.
    Ms. Saunders, a number of cyber security experts have 
raised the issue of some companies functioning as consent 
farms. They are essentially tricking the consumers into, you 
know, they may be browsing a website, but they are tricked into 
basically signing on to--a consent to receive robocalls.
    And first, I can't imagine how anyone--whether anyone, 
people actually intentionally would do that. I guess they must. 
Anyway, the FTC has launched investigations into companies who 
are behaving this way, acting as consent farms.
    And my question to you is, do you believe that a stronger 
cybersecurity practices or clearer online disclosures would be 
sufficient and would be successful protections for consumers 
who obviously don't want to get the calls?
    Ms. Saunders. No, sir, I do not. I think that disclosures 
are, unfortunately, uniformly ineffective at protecting 
consumers. I think the problem needs to be that the rules need 
to be sufficiently clear. That the sellers who are using the 
telemarketers to make these calls and benefiting from these 
calls will be much more careful who--which callers they employ 
to make the calls. Because if they are not careful, they will 
be zinged with a TCPA class action.
    And unfortunately, although I understand the frustration of 
the Chamber of Commerce with inappropriate class actions at the 
moment, the danger of class actions is also one of the prime 
ways that incentivizes sellers and callers to comply with the 
law.
    So, we want the law to be clear, and we want the law to 
create those incentives to comply with it.
    Senator Hickenlooper. Great. And, Mr. Rudolph, I would ask 
you just, and this is off--my staff will chide me later, but I 
am curious, it seems like there is a market there. This is so 
frustrating to people that for a relatively low monthly cost, 
lots of people, I think, would buy protection. In other words, 
you know, does generative AI have the potential to really 
effectively protect people from these kinds of scammers?
    Mr. Rudolph. Going back to the question you just asked 
Margot, I want to really reinforce the robocall operator who 
can use tens of thousands or millions of numbers to contact 
you. If you think about what we can do on a device, it is very 
easy to block an individual number.
    And while it is not actually officially signaling to that 
company, hey, I am taking my consent back. But by blocking that 
single number, you are preventing it from communicating with 
you. If we can require companies, when you grant consent to 
say, I am going to consent to that one number, right.
    And if they, if a bot granted it or you accidentally 
unintentionally grant it, at least it was pinned to that one 
number, and you can control the caller originating from that 
one number and revoke that consent.
    So, if we can just change how we--change our policies about 
when you have got an entity and how many numbers it tries to 
rotate through to evade these tools that we have in our hand. 
You don't need generative AI. You just need to make sure that 
you pin robo-operations, robo-communications to using a number 
which matches their identity as they communicate that with you.
    Senator Hickenlooper. Interesting. Yes, great. Ms. Brown, 
in your testimony, you described how businesses use automated 
messages to reach their customers. So, when these bad actors 
flood an individual with robocalls, people lose their trust in 
answering the phone. The best example, I always--I have my 
phone.
    If I were to call you, comes--I, you know, it doesn't give 
my number, because whether for whatever right or wrong reason, 
sometimes rarely a constituent or a journalist might decide 
they want to get a hold of me frequently.
    So, I have, you know, caller ID blocked. No one will take 
my call. So, I have to send someone a text before they will 
take my call because they think that that is always going to be 
a robocall. Whereas now the robo guys are so smart that they 
never use it anymore.
    I keep trying to convince even my family that they should 
accept blocked numbers, but they don't. Anyway, Ms. Brown, how 
would you think small businesses would benefit if we could 
reduce the volume of illegal or unwanted calls?
    Ms. Brown. Thank you for the question. I think small 
businesses are victimized by fraudulent and illegal calls in 
much the same way that Ms. Saunders was talking about consumers 
at the front end.
    So, I do think the steps Congress has taken to prevent 
caller ID spoofing, to try and clean up the ecosystem, and some 
of the work that Josh and the Industry Traceback Group do is 
really important to try to instill or protect confidence in the 
calling ecosystem so people do want to pick up their phone.
    Small businesses both make calls and receive calls, and I 
think everyone is benefited if there can be trust that who is 
calling you is who it purports to be and not an overseas 
scammer, for example.
    Senator Hickenlooper. Yes. The small businesses I know are 
irate because they have to take every call, and so they are the 
ones that are constantly distracted at certain times of the day 
when the robocalls are coming in waves. Anyway, thank you all 
for taking time out of your busy schedules to be here. I yield 
back to the Chair.
    Senator Lujan. Thank you so much, Senator Hickenlooper. 
Senator Rosen, you are recognized. Senator Rosen, we cannot 
hear you right now.

                STATEMENT OF HON. JACKY ROSEN, 
                    U.S. SENATOR FROM NEVADA

    Senator Rosen. Oh. I am off mute. Can you hear me now?
    Senator Lujan. Yes, we can, Senator. The floor is yours.
    Senator Rosen. Oh, perfect. Thank you. All right. 
Technology is great when it works. And sometimes technology is 
not so great when it gives you a million phone calls all at 
once. So, there you go.
    Thank you, everybody, for being here today. And I am going 
to just get right into it on scams, of course, in Nevada. 
Because according to the FTC, in 2022 alone, Nevada had the 
third highest rate of fraud and the fifth highest rate of 
identity theft.
    So, every year, millions of Americans, of course, we know, 
including many of my constituents, fall victim to these 
predatory robocallers. The scammers, they create elaborate 
schemes through robocalls.
    They say they are calling from Government agencies or other 
entities attempting really just to convince people to provide 
their personal identifiable information or that they are 
legitimate.
    And so, for example, Nathan is one of my constituents in 
Las Vegas. He is a veteran of the Air Force, the U.S. Air 
Force. He wrote to my office sharing about a spam call he 
received from the Veterans Benefit Center. They asked him to 
refinance his mortgage. He said at one point he was receiving 
10 to 15 calls a day from this Veterans Benefits Center.
    But thankfully, Nathan recognized the scam. Many others 
don't. And veterans like him who serve our country should not 
be targeted with these kinds of calls. It is unacceptable. We 
have to do more to protect all of our constituents and combat 
these criminal schemes.
    So, Ms. Saunders, what advice would you give to Nevadans, 
and of course, to everyone, particularly in more vulnerable 
communities perhaps, like seniors and veterans, who are 
targeted by scammers and are impacted at, I would say, 
disproportionate rates?
    Ms. Saunders. We have--thank you for the question. We have 
one clear piece of advice to give all American subscribers 
until this problem has been solved. If you receive a call from 
anybody, unless you are absolutely positive you know--that you 
know the person that has called you, do not give access to your 
bank account or any other money to that caller.
    If you receive a call from somebody purporting to be from 
the Veterans Administration and you want to make sure that your 
benefits are protected, then hang up, look up the number for 
the Veterans Administration or whoever it is that supposedly 
called you and call them directly.
    But don't give--and we don't do that even when we receive 
solicitations from a charity that we believe in. We never, ever 
give over the phone payment information.
    Senator Rosen. Yes, that is a great advice, and we are 
going to have to keep putting it out there over and over again, 
so people are continuing to hear this message.
    But Mr. Bercu, can you tell us a little bit about how 
companies are working together to ensure that people are aware 
of these scams? We have to get it out there again over and over 
to keep reminding people.
    Scams like the ones that Nathan called this about. What are 
you doing to make sure your advocacy is reaching every corner 
of every state, urban and rural?
    Mr. Bercu. Thank you for the question. The industry is very 
active educating their consumers and their customers. I think 
they all have information out there. But one of the other 
things is all voice service providers virtually today have 
protections in place too. They--not only STIR/SHAKEN, which we 
talked about, but all the major wireless carriers have blocking 
and labeling. So, there is actually a lot of work to directly 
protect their customers as well.
    Senator Rosen. Thank you. And speaking about customers, and 
now you are trying to make your workforce who is creating all 
these ways to protect consumers, workforce and technology, it 
is so important.
    You know, as a former computer programmer, I have a unique 
understanding of both the benefits and challenges that 
technology presents. So, in this case, we have this great 
technology, but it allows for more sophisticated use of 
robocalls and robotexts. And hopefully on the same side, we 
have presumably enough resources to combat that.
    So, Ms. Brown, law enforcement officers, they really need 
access to training and technology to talk about the more 
advanced scams, especially as we see AI start to play a role in 
these scam robocalls.
    And so, based on your experience, what kind of technology 
and training do you think, you know, Congress can support to 
bolster these resources as these scams just get more and more 
vicious, I would say?
    Ms. Brown. Thank you for the question, Senator. You know, I 
haven't given a lot of thought to specific training for State 
and local law enforcement, but it makes me think back to the 
importance of the Department of Justice and that collaborative 
work that the State Attorneys General are already doing with 
the Federal Communications Commission and otherwise.
    So, my perception is there are a lot of resources that are 
available, some of which are similar to what Ms. Saunders was 
talking about in terms of consumer facing. But I would expect 
that the Department of Justice, the Federal Trade Commission, 
can sort of dig into those resources and help State and local 
law enforcement.
    But I will say the State Attorneys General have been very 
active on these issues, and I think they are uniquely 
positioned to help State and local law enforcement identify 
some of these more exotic, shall we say, scam attempts that my 
panelists were discussing.
    So, I think it is a great area to think about, particularly 
if you have constituents who it sounds like may not be getting 
that kind of information and support.
    Senator Rosen. No. Especially as we deal with deepfakes and 
other things. And of course, we are just going to keep working 
on building out our STEM workforce and keep working to protect 
the consumers.
    Mr. Chairman, thank you for this hearing. I yield back.
    Senator Lujan. Senator Rosen, thank you so very much. I am 
going to recognize myself for some additional questions.
    Mr. Rudolph, everyone is talking about AI in some degree 
and using it differently. Just yesterday, the Chairwoman of the 
FCC, Jessica Rosenworcel, proposed a new notice of inquiry that 
would take a closer look at how artificial intelligence impacts 
illegal and unwanted robocalls and texts.
    Specifically, this would investigate how the Commission 
might use AI technologies to protect consumers under the 
Telephone Consumer Protection Act.
    Now, YouMail specializes in stopping scam calls and texts, 
so thank you for that. How do you envision using artificial 
intelligence to protect consumers from robocalls and robotexts?
    Mr. Rudolph. It is a great question. Thank you. I would 
almost make a joke that we are going to enter a Black Mirror 
episode and each of us will be protected by our own bot that is 
going to screen every inbound communication, and eventually we 
have got just all these telemarketing bots talking to all these 
consumer protection bots, and the polar ice caps melting for 
all the GPU's having to run that.
    But that joke aside, one of the suggestions I had earlier 
was to use a large language model to go through robocall 
mitigation database filings and toss out all the ones that are 
junk. So LLMs can be trained pretty quickly to synthesize that 
data and understand the intent, and you know, what that 
robocall mitigation filing would--if it is even feasible to, 
you know, implement the controls at those providers.
    If you look at the Herculean lift of enforcement, the same 
thing could be done where if you wanted to investigate a 
communication service provider and you were given logs from 
that provider or given internal communications or memos that, 
you know, discuss the policies or controls those providers 
implemented, an LLM could quickly, you know, process that data 
and come to an understanding of what was actually happening.
    So, I would say, you know, we are really facing a problem 
of scaling enforcement labor to, you know, make industry 
compliant here, and that is a great place to deploy that 
technology.
    Senator Lujan. I very much appreciate that response. And 
also, bringing attention to the line of questioning from 
Senator Markey around how so many are thumbing their nose at a 
requirement with the mitigation plan and submitting blank 
documents, documents that are intended to be rude, or menus, or 
whatever nonsense is also being submitted.
    It shows that it is not working. That there is a loophole 
somewhere that has been created. That there is no attention to 
the prosecution side, if you will, or the requirements from a 
mitigation plan.
    And using tools to identify where those are is going to be 
critically important to ensure that we are able to enforce the 
mitigation plan when someone is found to be doing this illegal 
activity. I also appreciate, Ms. Saunders, your response to 
several colleagues' questions about what could be done in the 
area of looking at where traffic is being carried.
    Data that I have seen suggests that not all carriers may be 
knowingly doing this, but it seems to be that there is a 
smaller number of carriers that carry more of the calls. That 
is revenue. If someone is told, you are carrying these calls 
that are stealing billions of dollars of American people, and 
they do it over and over, and then they submit a mitigation 
plan that is a blank document, it is the cost of doing 
business.
    I want to equate this to financial institutions in America 
who are laundering money for cartels. And the cost of doing 
business is paying a fine. Some really smart people created 
these loopholes. Well intentioned, but there is loopholes and 
people have learned to take advantage of them.
    What I would hope is that we can all agree to the ending of 
those loopholes. I remarked on this when this committee, the 
Commerce Committee, had a hearing on a rail derailment. Well-
intentioned legislation, well-intentioned testimony, people 
working together, but when the rulemaking gets started, then 
there is all kinds of stuff submitted into the Federal 
registry.
    A lot of them are loopholes that get codified into the 
rules creating loopholes. Loopholes can lead to problems, as 
well-intentioned as they may be for whoever is submitting them. 
I hope that we can pull back the curtains on this to stop this.
    With the transition to telecommunications being digital, it 
is not analog--Mr. Bercu, you can trace this stuff back 
wherever it goes. Mr. Rudolph, YouMail can stop it because you 
know where it is coming from. It is digital. You can follow it.
    So, why is this so hard? If the traffic is in a small area, 
let's work with them, either to create the technical 
capabilities for the small carriers to have those capabilities, 
but for the whole industry also to self-police, to say you are 
the problem, you need to stop this.
    Because if a small carrier has an agreement with one of the 
major carriers in America, and they are knowingly doing this, 
when I look at 12 percent of the traffic that is coming from 
some of the bigger names in the country, stop it. And I am 
hoping that we can get there. So, I appreciate that, that line 
of questioning and those responses.
    I will close with this particular question toward you, Ms. 
Saunders, around AI generated scam calls. Now, we also know 
there is an urgent need to mitigate risks and establish 
responsible guardrails around AI.
    And we have seen many examples around here. Scammers are 
cloning people, children's voices. We heard the testimony from 
our colleagues with veterans or active military whose voices 
are being spoofed all to steal financial resources from 
families.
    Now, Ms. Saunders, yes or no, do current laws and 
regulations around robocalls cover these types of AI generated 
scam calls?
    Ms. Saunders. The Telephone Consumer Protection Act has 
been found to cover robot generated scam calls and 
telemarketing calls, yes.
    Senator Lujan. Would anyone else respond to that? Ms. 
Brown.
    Ms. Brown. And I think the view is the TCPA is well suited 
to adapt to that sort of new technology. And I was just going 
to commend to you a report that the Chamber put out on a 
bipartisan basis.
    They have an AI Commission, and I think there is a lot to 
learn from the NOI that the Chairwoman of the FCC has kicked 
off about how all of this will play out. But I do think the 
TCPA reaches some of these voice cloned concerns.
    Senator Lujan. Mr. Bercu.
    Mr. Bercu. I concur.
    Senator Lujan. Mr. Rudolph.
    Mr. Rudolph. I think anybody who is doing voice cloning to 
make calls doesn't care about the TCPA. So, they are committing 
criminal acts and TCPA, they would ignore it.
    Senator Lujan. I appreciate that. Ms. Saunders.
    Ms. Saunders. The problem is that the TCPA is not effective 
against scam calls. It is effective against telemarketing 
calls, but it is not effective against scam calls.
    And the only way to stop the scam calls is to deal with the 
providers who are providing access to the communications 
network for those scammers. And we don't have a law like the 
TCPA that applies to the voice service providers, nor are we 
necessarily recommending that there be one.
    So, Ms. Brown, you don't need to worry. But what we are 
recommending is that the FCC be encouraged or enabled, 
whichever is appropriate, to act much more quickly against 
those problem voice service providers that are inserting the 
bad callers--the bad calls into the network.
    Senator Lujan. I appreciate that. I am concerned that it 
does not. I think it handles calls in one format, but I am 
concerned in this other space as well. And look, 
understandably, when it was written, this technology did not 
exist to the degree that it exists today.
    One of the faults with many pieces of legislation is when 
it is thought up, and by the time it passes, technology has 
accelerated, you know, a generation or two ahead of what the 
well intentioned proposal was as well. But that is where the 
rulemaking bodies are supposed to keep up with what?s happening 
here.
    And also, industry. When something bad is happening that 
cannot be self-policed, ask for help. How do we stop the 
nonsense? $39 billion being stolen in a year. That should rise 
to any prosecutor's attention. If the Department of Justice is 
not going to do this, then how do we find other partners that 
are willing to?
    How do you work with the FCC such that if a fine is put 
forth and then there is not a prosecution, then what? And I 
will also say that if there is a small number of entities that 
are responsible for the majority of traffic, and they have been 
warned about it, and it continues, something needs to be done 
there because, again, it is the cost of business, it is 
revenue.
    And if you can make $100 million and pay a $10 million 
fine, some people are willing to take that deal. And it is just 
not right, because who is at the end of this?
    Ms. Saunders, do you have some thoughts on what Congress 
could be doing to protect Americans from AI generated scam 
calls and robotexts? And I will ask the rest of the panel to 
address that as well, and then we will close out the hearing.
    Ms. Saunders. I think that I have articulated it already. I 
think that the FCC is uniquely poised to be the prime policeman 
on the block regarding the voice service providers.
    What I want to explain is that the reason the terminating 
providers who are all in agreement that these calls should not 
be processed, the reason they cannot stop them, they can't 
block them is because the scam calls are mixed with the legal 
calls, so it is impossible for them, for the terminating 
providers to identify them.
    Senator Lujan. But Ms. Saunders, if I may interject. I am a 
former public utility commissioner.
    So, while the calls may be mixed in, they can tell where 
the calls are originating, and then they also know if the 
investigators are doing their job, you are burying this traffic 
from, you know, Mr. John in whatever location, whether it is in 
the United States or in other part of the world.
    Why are you carrying all this traffic where it appears that 
90 percent of it is bad stuff as well?
    Ms. Saunders. Well, I am not sure that the terminating 
providers can always identify exactly where the calls are 
originating. They see--all they see is that the calls are 
coming from the upstream intermediate provider.
    And so, the key is to somehow encourage all of the 
providers in the network to only carry legal calls or else it 
will cost them. And we provided in our testimony in the last 
section an example of how the legal callers can use their power 
in the marketplace to encourage their voice service providers 
to only carry their calls and thus isolate the illegal calls, 
which we think would enable the terminating providers to better 
identify them and block them.
    Senator Lujan. Appreciate that. I am going to go to Mr. 
Bercu and I will come back to Ms. Brown. How are you able to 
follow the calls then, if--how do you know where they are 
coming from?
    Mr. Bercu. So that is what our trace back process 
accomplishes. Because as Ms. Saunders said, often all a 
provider knows is who they got from, and our process does that. 
We just go hop, by hop, by hop. Who did you get the call from? 
Who did you get the call from? Until we find out exactly where 
it came from.
    Senator Lujan. That is proprietary technology?
    Mr. Bercu. It is our--we have a portal that all the 
providers log into and they do it in the portal. We have 
automation. If someone doesn't respond, they get shamed for not 
responding in time. They get warnings. The provider downstream 
gets shamed if they continue to take traffic from robocallers, 
and all this information is made available to the enforce.
    Senator Lujan. Repeat that last part, Mr. Bercu. What 
happens if they take calls from folks that are responsible for 
robocalls or where they are known to come from?
    Mr. Bercu. So, the way our--we designed our system, if 
providers upstream is the originator of the illegal robocalls 
we trace, the downstream provider knows that. They are put on 
notice that their upstream partner keeps giving them bad 
traffic. And again, all this information makes its way to the 
enforcement community.
    Senator Lujan. So, based on that common carrier or whatever 
the agreement is between one carrier and another, your 
technology allows for those two entities to know that there is 
a problem with these fraudulent calls?
    Mr. Bercu. Yes, absolutely. And we see, to Ms. Saunders' 
point, we see all the time carriers taking action. We see them 
fire their wholesale providers. The challenge is because it is 
an interconnected network, it is--we have--you know, I have 
heard from providers that said, OK, we got too much bad traffic 
from these providers and fired all of them. The calls still hit 
their network. It just was another hop or two that were added 
in between.
    Senator Lujan. And Mr. Rudolph, with that being said, where 
traffic can be identified, YouMail can stop this from hitting a 
consumer, dramatically reduce, stop to protect people. Is 
YouMail also--is YouMail able to identify where it originates?
    Mr. Rudolph. So as calls reach the consumer, right, we have 
got two very amazing ways to understand which communication 
providers were the originators or the gateway providers for 
those traced back.
    If the call was not a test, using STIR/SHAKEN. And if it 
has a STIR/SHAKEN packet, basically with it, it is clear as day 
that these are the seven voice providers that are currently 
harboring that account that is making the loan calls, you know, 
as a--identifying as a VA or interrupting other centers--so, 
you know, if you ask me right now, you know, who are the 
providers who have these calls. We can look at STIR/SHAKEN and 
get a lot of that.
    And then the ones we don't see the STIR/SHAKEN yet carry, 
the trace back process can illuminate that. What we are missing 
is the signal to industry, those specific calls are bad, knock 
those off, right.
    The FCC has done that twice auto warranty calls and student 
loan calls. And now providers have a clear signal from the FCC, 
don't carry those. And what happens is, you know, trace back 
runs, or YouMail will directly contact a provider and say, hey, 
this call looks like it is committing fraud. Maybe you should 
knock it off. That account gets kicked off that provider and 
goes and finds a new home.
    So, unless the entire ecosystem is notified, don't take 
this account on, someone is going to look at that new sign up 
and think, oh, that is revenue. I am going to take that new 
account on and kind of look the other way about whatever that 
account might be communicating.
    Senator Lujan. What process is required to ensure the whole 
ecosystem knows about the one fraudulent call and the 
communication to the one company?
    Mr. Rudolph. Can you say that again? Sorry.
    Senator Lujan. What would be required to share that 
information that YouMail may be having with one carrier, or 
anyone maybe having with one carrier to say this called 
fraudulent, you should kick it--you should probably kick it 
off, so that it goes across the entire ecosystem.
    Mr. Rudolph. So, we work regularly, every other week, with 
the FCC and we go through the prioritized calls that are on 
that hotlist of investigations. And we will provide that and 
those discussions about, hey, these are the providers that we 
are seeing that are carrying those calls presently.
    Senator Lujan. Appreciate that. Ms. Brown.
    Ms. Brown. Do you want me to address AI, which I think is 
what you started with a little while ago?
    Senator Lujan. In this space with AI, also given the 
responses associated with being able to narrow where there may 
be a fraudulent call with the carrier, is there something that 
could be done to share it within the ecosystem?
    Is it something that the companies could adopt to share--
and through that process? Is it something the FCC should be 
doing with existing authorities that this is just--this is what 
is going to happen every time that we see this, and it is 
proven that there is a fraudulent call. If you could touch in 
those three areas.
    Ms. Brown. Sure. I will do my best. Thank you, Senator. I 
am actually sort of optimistic and I think the Chamber would be 
that AI will sort of juice up what the ITG and YouMail are 
already doing.
    And I think, so that gives me optimism that those anti-
fraud efforts and the ability to detect bad traffic is going to 
get better over time. And I think at a recent workshop the FCC 
held back in September with the National Science Foundation, 
they heard about that as well.
    So that is kind of my response on the AI piece of this, or 
the AI approach. It sounded to me from what Mr. Rudolph and Mr. 
Bercu were saying, that the FCC is intimately involved in 
getting this information, I think it is maybe a question of 
scale, to address the issue that you were raising.
    Again, maybe AI, maybe some additional technology can help 
there. I don't have visibility, whether it is a manual process 
or if it is really phone calls with the Enforcement Bureau, 
which it probably is, which makes me sad for the Enforcement 
Bureau staff.
    But again, I think there is a reason to be sort of 
cautiously optimistic that maybe they haven't cracked the code, 
but there can be additional steps. And then if the FCC can be 
encouraged to do more of what it did in the auto warranty space 
and student loan space.
    I think the report the FCC gave to Congress under the 
TRACED Act had some really remarkable data in it about the 
decrease in calls after they took those actions. So, I am sort 
of cautiously optimistic about that process working.
    I don't see right now a need for new regulatory authorities 
to be given because it feels like that process is actually 
working fairly well, even if it is a little opaque. Sorry for 
that long answer.
    Senator Lujan. Oh, I appreciate the response very much. 
Thank you all for being here today, and to all my colleagues 
for attending today.
    This is important testimony and there is, as you all know, 
an immense interest with the American people in this space and 
immense frustration with the American people about what happens 
to them every minute of every day as well.
    And I want to commend you for helping to solve this 
challenge, for helping consumers one at a time, for providing 
support to help the process, understand where and what is 
happening every day, looking at the ability of rules that 
exist, exploring those that may be needed to make things better 
in this space.
    So, thank you so very much. And remaining challenge and a 
very complex issue. With that, I will close the hearing. And 
should members have additional questions for the witnesses for 
the record, I ask that they submit them to the Committee within 
two weeks, and witnesses will have an additional two weeks to 
respond. Thank you, everybody.
    [Whereupon, at 11:51 a.m., the hearing was adjourned.]

                            A P P E N D I X

   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                        Margot Freeman Saunders
Innovation and Adoption
    Robocallers are taking advantage of technological innovations to 
flood our phones with calls and texts. It seems to me that other forms 
of technological innovation--like machine learning and generative 
artificial intelligence- hold the most promise for combatting this 
flood of illegal robocalls.

    Question 1. How can Congress and the FCC encourage 
telecommunications companies to embrace innovative technologies and use 
new tools responsibly to protect consumers from robocalls?
    Answer. By creating incentives for telecommunications companies to 
protect consumers--either with the ``carrot or the stick.''
    The carrot might involve the FCC establishing a system of public 
rewards, such as positive ratings for trustworthiness for those 
companies who have no history of transmitting illegal calls in the 
previous 12 months. Legal robocallers (such as banks, health care 
providers, and pharmacies sending desired alerts to consumers) could 
use this information to choose their originating voice service 
providers for their calls.
    The stick should be clear and immediate consequences which are 
costly to the providers who persist after notice in transmitting 
illegal calls. These must be meaningful and not merely ``the cost of 
doing business.''
AI and Deepfake Calls
    I recently heard about an alarming situation in my state. A family 
in Pierce County, Washington received a deepfake call, where a scammer 
used AI to spoof their daughter's voice saying that she had been in a 
car accident and that a man was threatening to harm her unless they 
wire $10,000. No family should have to face this.

    Question 1. How can Congress empower consumers, regulators, and law 
enforcement to stay ahead of the increasingly sophisticated 
technologies scammers use?
    Answer. As explained more fully in response to the question ``How 
can Congress best ensure that the FCC uses its enforcement authority 
effectively?'' We believe that in addition to close monitoring of the 
voice service providers who repeatedly transmit these dangerous scams 
after notice, and punishment Congress should authorize the FCC to 
suspend the ability of complicit voice service providers to transmit 
calls into the network. This is described more fully in Section II of 
NCLC's testimony. In addition, Congress should require the Department 
of Justice to pursue and prosecute the perpetrators of these scams.
Heightened Enforcement
    Congress passed the TRACED Act in 2019 to enhance the FCC's 
enforcement authority and increase penalties for illegal robocallers. 
Since then, scam robocalls have dropped 50 percent, but they remain a 
serious problem.
    It's true that, on paper, there appears to have been a 50 percent 
reduction in scam robocalls. However, this is a result of 
reclassification of calls that were previously classified as scam 
calls, and are now classified as telemarketing calls. Please see the 
illustration of this in the table on page 4 of NCLC's testimony to this 
Committee on October 24, 2023.\1\
---------------------------------------------------------------------------
    \1\ https://www.commerce.senate.gov/services/files/92F8E35B-F203-
49FD-BA53-E9F8816
A19F2
---------------------------------------------------------------------------
    As illustrated in that table, when the scam calls and telemarketing 
calls are combined, these calls peaked at more than 3 billion calls per 
month in September 2019. There were similar levels of these combined 
calls in March 2021. In September 2023, the combined number of these 
unwanted calls was at 2 billion a month, but as recently as March 2023, 
the numbers had been as high as 2.5 billion.
    Additionally, the FTC reports that while the reports of scams were 
lower in 2022 than the previous year, the amount of losses reported 
increased substantially to $8.8 billion.\2\
---------------------------------------------------------------------------
    \2\ https://www.ftc.gov/business-guidance/blog/2023/02/ftc-
crunches-2022-numbers-see-where-scammers-continue-crunch-consumers. 
Regarding scams conducted over phone or text specifically, the FTC 
noted $830 million in consumer-reported scam losses in 2021 as compared 
with $1.13 billion in 2022; in the first three quarters of 2023 alone 
the FTC has already seen $922 million in reported consumer losses from 
text and phone call scams. https://public.tableau.com/app/profile/
federal.trade.commission/viz/FraudReports/FraudFacts
---------------------------------------------------------------------------
    Last year, scam robocalls cost American consumers a total of $39 
billion. This includes 1.1 million people in the State of Washington. 
Clearly, we can do more to crack down on these scams.

    Question 1. The FCC already has civil enforcement authority over 
robocalls. How can Congress best ensure that the FCC uses its 
enforcement authority effectively?
    Answer. As described in section II of NCLC's testimony, we 
recommend that the FCC establish a system to suspend complicit voice 
service providers after one verified notice that the provider has been 
transmitting illegal calls. In a nutshell, we are proposing that the 
FCC should be authorized to quickly remove the ability of complicit 
voice service providers to transmit calls into the U.S. telephone 
network. This can be accomplished by suspending these repeated 
offenders from the Robocall Mitigation Database. Below is an excerpt 
from the testimony that summarizes this recommendation.

        We believe that the FCC should be empowered to use immediate--
        but temporary--suspension \3\ from its Robocall Mitigation 
        Database as a mechanism to protect telephone subscribers from 
        receiving illegal calls, pending investigations and due process 
        determinations. This would prioritize protecting U.S. telephone 
        subscribers from criminal scam calls over providing originating 
        and gateway providers access to the U.S. telephone network.\4\ 
        Once a provider has been notified by any of the government 
        enforcement agencies, or their service providers, that it has 
        been found to be transmitting illegal calls, such notification 
        should serve as legal notice that the next time it is 
        determined to be transmitting illegal calls, it will be 
        suspended from the RMD. These suspensions should be temporary 
        and short-lived, but immediate, pending a due process review. 
        The due process review would determine whether this latest 
        finding that the provider was transmitting illegal calls was a 
        mistake that will not be repeated, or whether it justifies 
        permanent removal from the RMD.
---------------------------------------------------------------------------
    \3\ Suspension should result in legally effective removal from the 
RMD. This can be accomplished via a prominent notation that the 
provider's status is suspended. See, e.g., In re Advanced Methods to 
Target and Eliminate Unlawful Robocalls et al., Comments of ZipDX 
L.L.C., Fifth Further Notice of Proposed Rulemaking in CG Docket No. 
17-59, and Fourth Further Notice of Proposed Rulemaking in WC Docket 
No. 17-97, at  64 (filed Dec. 7, 2021), available at https://
www.fcc.gov/ecfs/document/12080110629539/1 (``We would note that 
`delisting' should not actually constitute complete removal from the 
database; rather, an entry should be retained so that it is clear to 
all others that the problematic provider has been explicitly designated 
as such. This will ensure that if (when) the problematic provider 
attempts to shift their traffic to a new downstream, that downstream 
will become aware of the situation before enabling the traffic.'').
    \4\ Most, if not all, of the offending voice service providers are 
VoIP (Voice over Internet Protocol) services. VoIP is a technology that 
accesses the telephone network through the internet, and is commonly 
used by many large telecommunications providers in place of traditional 
landlines to provide service to residential and business customers. 
Often, the telephone service is paired with Internet access and cable 
television service.

    Question 2. Are there additional tools that Congress should empower 
the FCC with to combat illegal robocalls?
    Answer. In our 2022 Report ``Scam Robocalls: Telecom Providers 
Profit,'' \5\ we also suggested that the FCC employ a more robust 
licensing system to police voice service providers that have a history 
of non-compliance with the FCC's rules. This would establish a simple 
method for the FCC to govern recalcitrant providers.
---------------------------------------------------------------------------
    \5\ https://www.nclc.org/resources/scam-robocalls-telecom-
providers-profit/ at 32.
---------------------------------------------------------------------------
    The VoIP providers that process the illegal robocalls are generally 
small, often simply one or two individuals with minimal investment or 
technical expertise who have set up a service in their home or other 
temporary quarters and offer services through online advertisements. 
See FCC 2021 Report to Congress, supra note 15, at 12 (``The 
Commission's experience tracing back the origins of unlawful call 
traffic indicates that a disproportionately large number of calls 
originate from Voice over Internet Protocol (VoIP) providers, 
particularly non-interconnected VoIP providers. Moreover, the Industry 
Traceback Group has found that high-volume, rapid-fire calling is a 
cost-effective way to find susceptible targets, although it does not 
collect data about which robocall originators are VoIP providers.'').
    Just as states require testing and licenses before people are 
permitted to drive on public roads to protect the public from dangerous 
drivers, the FCC should require licenses, that must be renewed on a 
regular basis for all voice service providers. Repeated notices of non-
compliance should be grounds for revoking a provider's license to 
transmit calls into the system.
Strengthening Rules
    I understand that you have previously called for the FCC to 
strengthen its rules to address the marked rise in unwanted robocalls. 
Our robocall enforcement efforts cannot be successful without strong 
robocall rules in place.

    Question 1. What can be done to modernize robocall rules?
    Answer. The FCC has recently announced its intention to adopt a 
strong regulation governing consent for telemarketing rules.\6\ Final 
approval and enforcement of this amended regulation ``will prohibit 
abuse of consumer consent by'' lead generator websites.
---------------------------------------------------------------------------
    \6\ https://docs.fcc.gov/public/attachments/DOC-398661A1.pdf
---------------------------------------------------------------------------
    Similar actions should be taken to modernize the rules governing 
calls to lines registered on the Do Not Call Registry, such as--

  a.  Limiting the time for which a consumer's consent to be called 
        should be considered (changing it from no time limit to 30 
        days), and clarify that once the consumer says ``stop calling 
        me'' or anything similar that indicates a desire for the caller 
        to stop calling.

  b.  Unequivocally stating that once a consumer revokes consent to a 
        telemarketer calling on behalf of a seller, the seller is 
        responsible for ensuring that the telemarketer reports that 
        revocation immediately to the seller, who in turn must 
        immediately inform any other telemarketers making calls on that 
        seller's behalf that calls to that consumer must stop.

  c.  Establishing that a caller that fails to use the Reassigned 
        Number Database to check that it is calling the person who 
        provided consent for the call, cannot escape liability for 
        placing that call under any of the Commission's rules.

  d.  Restoring meaningful restrictions on calls and texts sent using 
        an automated telephone dialing system.

    Question 2. What additional actions can the FCC take to stop 
illegal calls and texts?
    Answer. As is described in NCLC's testimony, one of the primary 
reasons that terminating providers are unable to block scam robocalls 
is because complicit voice service providers mix the illegal calls with 
the calls from ``legal callers.'' Legal callers are sending robocalls 
that consumers want and for which they have consented, such as medical 
appointment reminders, fraud alerts, and prescription refills.
    The difficulties with reliably completing these wanted calls are 
apparently increasing. Legal calls are mixed with a torrent of illegal 
calls at shared originating and intermediating providers, causing legal 
calls to be tainted by illegal calls in the same call path. The result 
is that legal calls end up mislabeled or blocked by downstream 
providers seeking to protect subscribers from illegal calls.
    We have proposed that the Commission facilitate leveraging the 
considerable marketplace power of these legal callers to assist in the 
efforts to eliminate dangerous and unwanted calls--scam and illegal 
telemarketing calls. If legal callers are armed with the information 
about how to avoid using the providers that are processing illegal 
calls, this would prevent the legal calls from being used to mask the 
illegal calls.
    The sheer economic power of legal callers may be sufficient to 
force voice providers to stop transmitting illegal calls. A market-
based approach like this would a) provide strong financial incentives 
to originating and intermediate providers to avoid transmitting illegal 
calls; b) facilitate the transmission of legal calls through call paths 
that would eliminate the likelihood that the calls would be labeled 
improperly or blocked by downstream or terminating providers; and c) 
supplement the other mechanisms created by the Commission intended to 
address illegal calls. The foundation of a market-based approach is 
providing legal callers with the information that they need to keep 
their calls separate from illegal calls. As explained in the testimony, 
this information is already available from private analytics-based 
platforms. The Commission need only lead the way.
STIR/SHAKEN Call Authentication
    In 2019, Congress passed the TRACED Act to require phone carriers 
to adopt STIR/SHAKEN call authentication standards. These standards 
create a digital signature that identifies the calling party and allows 
phone carriers to verify calls, while weeding out calls from 
illegitimate sources.
    While these standards have helped in the important fight against 
robocalls, they have certain limitations. For example, they will not 
work for all telephone calls. We have seen illegal robocallers change 
tactics, moving away from using fake phone numbers to buying real phone 
numbers that trick spam-blocking software into allowing the calls 
through.

    Question 1. What is your assessment of STIR/SHAKEN?
    Answer. A primary goal of the TRACED Act \7\ was to facilitate the 
identification of callers so that illegal and unwanted calls can be 
blocked by either subscribers or downstream providers.\8\ However, the 
temporary rental of telephone numbers by bad actor voice service 
providers who advertise to callers the availability of Dynamic Caller 
ID, or Direct Inward Dialing numbers (DIDs), completely undermines the 
effectiveness of even the most robustly enforced caller ID 
authentication methodologies. The identity and the real telephone 
number of the caller is functionally obscured when a caller uses a 
disposable number that is local to the called party.
---------------------------------------------------------------------------
    \7\ Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and 
Deterrence (TRACED) Act, Pub. L. No. 116-105, Sec. 4(b), 133 Stat. 3274 
(2019) [hereinafter ``TRACED Act''].
    \8\ TRACED Act at Sec. 7(b)(2).
---------------------------------------------------------------------------
    Some telephone providers routinely rent telephone numbers or make 
``dynamic caller ID'' available to callers to facilitate deliberate 
evasion of the FCC's requirements for callers to identify themselves 
properly. For example, one telephone provider--CallHub--advertises that 
its service can be deliberately manipulated to make calls appear to be 
from local numbers \9\--which they are clearly not, or this service 
would not be necessary:
---------------------------------------------------------------------------
    \9\ https://callhub.io/dynamic-caller-id/ (emphasis added) (last 
visited June 5, 2023).

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Some VoIP providers openly advertise the use and the effectiveness 
of these services, emphasizing that even calls from international 
---------------------------------------------------------------------------
numbers will appear that they are from a local business:

        Is it possible to change an outgoing caller ID? Yes, with the 
        VoIP feature, dynamic caller ID, your business can display a 
        local or toll free number instead of a long-distance or 
        international number.\10\
---------------------------------------------------------------------------
    \10\ https://www.unitedworldtelecom.com/learn/what-is-a-dynamic-
caller-id-for-voip/ (emphasis added) (last visited June 5, 2023).

    The use of rented telephone numbers just for the purpose of 
matching the area code to which the calls are directed, rather than 
matching the actual geographic source of the call, conflicts with 
several specific requirements imposed by Congress and the Commission 
designed to give called parties reliable and truthful information about 
the identity of callers. A fraudulent or scam caller that rents 
telephone numbers on a temporary basis for the purpose of displaying a 
deceptive caller ID violates 47 U.S.C.Sec. 227(e)(1)'s prohibition of 
misleading caller ID. When the calls are telemarketing calls, the use 
of rented numbers or dynamic caller ID also conflicts with 47 CFR 
Sec. 64.1601(e), which requires telemarketers to transmit specific 
caller identification information regarding the seller or the 
telemarketer. This regulation serves no purpose if callers are 
permitted to rent telephone numbers that provide no information about 
the caller or seller whose product is subject to the call. This is 
illustrated by the advertisement on another website.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Callers use bulk rented numbers is to deceive the called party into 
believing the caller is local, to mask the caller's actual identity, 
and to avoid the ``scam likely'' analytics of terminating providers.
    Applying the STIR/SHAKEN authentication closes one door to 
falsifying caller-IDs, while leaving another one wide open. While 
considerable progress on the spoofing front has been made,\11\ the 
problem continues. Quoting from previous findings, the Commission has 
recently noted that it has received--``hundreds of comments from 
consumers . . . stating that they no longer answer their phone when it 
rings,'' and has concluded that ``[i]t is obvious that the volume of 
unwanted calls is reducing the value of telephony to anyone who makes 
or receives calls.  . . . Unwanted robocalls, for example, often are 
either delivered with inaccurate caller ID information deliberately 
designed to trick the called party into answering the telephone. . .'' 
\12\
---------------------------------------------------------------------------
    \11\ See e.g., FCC Closes Gap in Caller ID Authentication Regime 
(Mar. 17, 2023), https://www.fcc.gov/document/fcc-closes-gap-caller-id-
authentication-regime-0.
    \12\ In re Rules and Regulations Implementing the Telephone 
Consumer Protection Act of 1991, ACA International, the Edison Electric 
Institute, the Cargo Airline Association, and the American Association 
of Healthcare Administrative Management Petition for Partial 
Reconsideration, Enterprise Communications Advocacy Coalition Petition 
for Reconsideration, Order on Reconsideration and Declaratory Ruling, 
CG Docket No. 02-278 at  33 (Dec. 22, 2022), https://www.fcc.gov/ecfs/
search/search-filings/filing/12271082616240.
---------------------------------------------------------------------------
    Even the most perfect and robust use of STIR/SHAKEN will not stop 
callers from hiding their real name, location, and telephone number 
unless the use of rented DIDs is also eliminated. Failing to eliminate 
the use of rented numbers while requiring strict compliance with STIR/
SHAKEN requirements is like adding a deadbolt to a closed door to keep 
the flies out, while leaving a window wide open.

    Question 2. If STIR/SHAKEN is not enough, what more do we need to 
effectively curb illegal robocalls?
    Answer. Voice service providers should be prohibited from renting 
outbound numbers for short-term temporary use, with specific exceptions 
permitted for appropriate business reasons.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Ben Ray Lujan to 
                        Margot Freeman Saunders
Facebook v. Duguid
    Question 1. How will the Supreme Court's ruling in Facebook, Inc. 
v. Duguid et al., impact litigation brought under the TCPA?
    Answer. It has effectively eliminated all challenges to automated 
live calls and non-telemarketing texts, as well as telemarketing texts 
made to cell phones that are used for business purposes.

    Question 2. In Duguid, the Supreme Court reasoned that the narrow 
statutory design of the definition of the technology that constitutes 
an automatic telephone dialing system (``autodialer'') under the TCPA 
was deliberately designed to address ``nuanced problems.'' If Congress 
were to expand and redefine the technology that constitutes an 
autodialer, what would the definition need to include to protect 
Americans from unwanted robocalls?
    Answer. We suggest that the new definition for ATDS should be along 
the following lines:

        ``(1) The term ``automatic telephone dialing system'' means 
        equipment that--

                a. produces a set of telephone numbers to be called; 
                and

                b. dials the set of numbers using automation or partial 
                automation.

        (2) ``produce'' means to select, create, or recreate from a 
        file, database, or other form of data storage, or to generate 
        using number generators;

        (3) ``automatic telephone dialing system'' does not include any 
        application that comes preinstalled with the operating system 
        of any consumer device.''

    Question 3. The National Consumer Law Center (NCLC) submitted an 
amicus brief to the Supreme Court in support of Duguid. The NCLC 
cautioned that ``unwanted automated calls significantly invade the 
privacy of Americans, diminish the usefulness of cellular telephones, 
and threaten public safety.'' How does narrowing the TCPA undermine 
commerce and telecommunications in America? Specifically, how will the 
post-Duguid narrowing of the TCPA impact small businesses and low-
income Americans?
    Answer. Narrowing the definition has led to the proliferation of 
unwanted texts to cell phones, as well as more unwanted and 
unconsented-to automated live calls. The only protection against 
unconsented-to texts or automated calls (that do not include a 
prerecorded voice) to cell phones apply only if the message involves 
telemarketing, and only if the cell phone is used for residential 
purposes, and only if the cell phone telephone number is registered on 
the Do-Not-Call Registry. However, there are no protections against 
unwanted and unconsented-to texts or automated live calls for cell 
phones used for business purposes.

    Question 4. The Supreme Court reasoned that a more expansive 
definition of an autodialer could expand the TCPA's liability 
provisions and affect ordinary cell phone owners in the course of 
common place usage. If the TCPA definition of an autodialer were to be 
expanded, how would that impact American cell phone owners?
    Answer. It would dramatically cut down on the number of 
unconsented-to texts received by American cell phone owners. 
Additionally, the definition that we propose ensures that calls from 
consumers using their cell phones would not be inadvertently included.
                                 ______
                                 
  Response to Written Question Submitted by Hon. John Hickenlooper to 
                        Margot Freeman Saunders
Traceback Transparency
    The Industry Traceback Group (ITG) conducts thousands of tracebacks 
to find the source of illegal traffic by tracing each provider along 
the call path who helped facilitate the illegal call. However, raw 
traceback information is only released privately or on a case-by-case 
basis to law enforcement.

    Question. Should raw traceback information be made available to the 
public? What are the benefits, and potential risks, of traceback 
information becoming public?
    Answer. We have advocated that traceback information regarding the 
originating and/or gateway provider, as well as the first intermediate 
provider, be made available to the public. This would enable the world 
to see which providers are responsible for transmitting illegal calls.
    The telephone industry argues that revealing the tracebacks 
publicly will reveal confidential contractual arrangements involving 
least-cost routing between providers. The issue is which is more 
important--protecting these contractual secrets or protecting consumers 
from the scam calls that these providers are transmitting, even after 
repeated notices that they are responsible for these calls.
                                 ______
                                 
    Response to Written Questions Submitted by Hon. Peter Welch to 
                        Margot Freeman Saunders
    Question 1. What challenges does the FCC face in reducing unwanted 
and illegal calls?
    Answer. We think the most significant challenges that the FCC faces 
are:

    First, the lack of clear authority and instruction from Congress to 
move quickly to shut down the providers who are repeatedly transmitting 
the illegal calls and texts into the U.S. telecommunications system, as 
I described in detail in Section II of the testimony to this 
Committee.\13\
---------------------------------------------------------------------------
    \13\ https://www.commerce.senate.gov/services/files/92F8E35B-F203-
49FD-BA53-E9F8816
A19F2
---------------------------------------------------------------------------
    And second, insufficient funding to hire more staff to deal with 
the problem.

    Question 2. The STIR and the SHAKEN framework is slated to be fully 
implemented by December 31, 2023. How can STIR/SHAKEN protocols be 
improved before they are fully implemented?
    Answer. Please see the response provided to the question on STIR/
SHAKEN from Chairwoman Cantwell, above.
                                 ______
                                 
      Response to Written Questions Submitted by Hon. Ted Cruz to 
                        Margot Freeman Saunders
Cy Pres Awards
    When class action award funds are unable to be awarded to class 
members directly, or are unclaimed by class members, courts will use cy 
pres awards and distribute those funds to nonprofit entities instead of 
class members. The National Consumer Law Center (NCLC) actively 
solicits and receives such cy pres awards in Telephone Consumer 
Protection Act (TCPA) class actions.\1\ Given that most class actions 
result in class member claims rates of well less than 10 percent, these 
residual distributions could be substantial.\2\
---------------------------------------------------------------------------
    \1\ For example, NCLC lists ``ways to give'' on its website, 
including through cy pres nominations (NCLC--Cy Pres). It features cy 
pres stories and successful nominations in its newsletter. ``NCLC--
Consumer Impact Spring 2021'' lists over 60 successful nominators and 
``NCLC--Consumer Impact Spring 2019'' mentions a TCPA cy pres award 
(though not the amount). NCLC is reported to be the designated 
beneficiary of TCPA class actions, including Krakauer v. Dish Network 
at $1,708,810. Other TCPA suits designate NCLC to receive any residual 
funds not distributed to class members and the final amounts NCLC 
receives are unclear.
    \2\ Fed. Trade Comm'n, Consumers and Class Actions: A retrospective 
and Analysis of Settlement Campaigns, at 11 (Sept. 2019), https://
perma.cc/CM66-ZVCX; Consumer Financial Protection Bureau, Arbitration 
Study, at Section 8, page 30 (reporting a weighted average claims 
rate'' in class actions of just 4 percent), https://perma.cc/8AX5-AYWN; 
see also Mayer Brown Study at 7 & n.20 (in the handful of cases where 
statistics were available, and excluding one outlier case involving 
individual claims worth, on average, over $2.5 million, the claims 
rates were miniscule: 0.000006 percent, 0.33 percent, 1.5 percent, 9.66 
percent, and 12 percent), https://www.mayerbrown.com/files/uploads/
Documents/PDFs/2013/December/DoClassActionsBenefit
ClassMembers.pdf.

    Question 1. How much revenue has NCLC received from cy pres awards 
each year for the past five years (CY2019 to CY2023)?
    Answer. NCLC has been determined to be an appropriate recipient of 
cy pres awards by many courts across the Nation over the past 5 years. 
From CY2019 through CY2023 (through 12/1/2023) the amount of cy pres 
awards we have received is:

        2019--$2,471,054.58

        2020--$5,139,211.54

        2021--$1,892,346.33

        2022--$4,329,220.91

        2023--$3,645,940.60

    Question 2. What percentage of NCLC's cy pres revenue was generated 
from TCPA class actions each year for the past five years (CY2019 to 
CY2023)?
    Answer. Most class action cases involve multiple causes of action. 
The percentage of total cy pres revenue generated from class actions 
that involved a TCPA claim as one of the causes of actions (that we 
have been able to identify) each year for the past five years is: 
2019--30 percent; 2020--7 percent; 2021--38 percent; 2022--44 percent; 
2023--48 percent.

    Question 3. What limitations exist on the use of any revenue NCLC 
receives from TCPA cy pres awards?
    Answer. Limitations on the use of TCPA cy pres awards are 
determined by the court that enters the order approving the award in 
each case. NCLC abides by all court orders.

    Question 4. Are these funds resulting from cy pres awards comingled 
with any other revenue streams?
    Answer. Cy pres awards that are purpose-restricted by a court are 
not comingled with any other revenue streams.

    Question 5. How has NCLC used revenue from TCPA cy pres awards each 
year for the past five years (CY2019 to CY2023)?
    Answer. In the past five years, NCLC has used revenue from TCPA cy 
pres awards to support work to protect consumers from unwanted and 
dangerous calls and texts and, where permissible under the court order, 
to support our research, training, and advocacy on behalf of low-income 
and other vulnerable consumers who have been or are at risk of being 
abused, deceived, discriminated against, or denied access to justice.
    This work includes advocacy before the Federal Communications 
Commission (FCC) to stop unwanted and dangerous calls and texts, 
especially those that defraud consumers. In the past several years our 
work has included the filing of 44 comments and ex parte notices to 
encourage more effective protections against invasive and dangerous 
calls. These filings have been in multiple dockets, including but not 
limited to the TCPA docket.
    During this time our advocacy has been instrumental in improved 
consumer protections against these calls and texts, including:

  a.  The FCC's determination that ringless voice-mail messages are 
        covered under the TCPA, which protects consumer and business 
        cell phone subscribers from having their voice mailboxes filled 
        with unwanted robocalls.

  b.  The FCC's new limits on non-telemarketing prerecorded calls to 
        residential lines that were previously exempt from any 
        restrictions. These calls are now limited to only 3 
        unconsented-to calls a month; this particularly protects 
        consumers from overzealous debt collection efforts.

  c.  Our 2022 Scam Call report on the causes and consequences of the 1 
        billion plus monthly scam calls has received widespread 
        attention, reinforcing the efforts we launched with our 
        national partners to urge the FCC to apply more aggressive 
        measures to block these calls. Some of the proposals that the 
        FCC is now considering appear to be in response to many of the 
        issues we raised. We have also done considerable work to assist 
        consumers in recovering money stolen through scam robocalls and 
        texts.

  d.  NCLC is also leading an effort to drastically reduce illegal 
        telemarketing calls (currently over 1.2 billion monthly) by 
        prohibiting lead generators and data brokers from trafficking 
        in the consents that are used to justify these calls. The 
        Federal Trade Commission has issued guidance supporting this 
        position, and along with a dozen national partners we have 
        filed comprehensive comments and held numerous meetings with 
        the FCC, urging it to do the same. Twenty-eight state attorneys 
        general have supported these efforts, as has USTelecom, the 
        trade association for the telephone providers. Indeed, the FCC 
        has recently announced its intention to implement many of our 
        recommendations in an amended regulation that the FCC says will 
        ``prohibit abuse of consumer consent by'' lead generator 
        websites.

  e.  NCLC has testified before Congress on ways to limit dangerous and 
        unwanted robocall multiple times, including before this 
        Committee in 2016, 2018 and 2019, and before the House 
        Subcommittee on Communications and Technology in 2019.

  f.  NCLC writes and publishes a treatise titled Federal Deception 
        Law, which includes two chapters providing a detailed analysis 
        of all significant TCPA decisions and FCC actions, updated 
        regularly (most recently in early 2023).

  g.  NCLC provides multiple Continuing Legal Education (CLE)-eligible 
        trainings to consumer lawyers each year on the intricacies of 
        the TCPA and related regulations.

    Our broader efforts to protect low-income consumers are documented 
on www.nclc.org, which includes thousands of pages of detailed reports, 
testimony, advocacy, and resources directed at achieving economic 
justice for people with low incomes. NCLC's research and advocacy helps 
protect every consumer who buys a house or a car, uses a credit card, 
opens a banking account, makes a payment, incurs a medical debt, 
obtains utility services, or takes out a student loan from unfair, 
abusive, and deceptive financial practices.
    NCLC's work includes publishing comprehensive legal treatises, 
widely considered to be the Nation's leading source of consumer law 
analysis, which are often cited in judicial opinions by courts across 
the country, including the U.S. Supreme Court. The 21-volume Consumer 
Law Practice Series and the NCLC Digital Library are used over 35,000 
times each month by attorneys working to detect and remedy illegal 
robocalls, obtain redress from scams and fraud, challenge arbitration 
clauses, clear credit reporting errors, protect consumers from abusive 
debt collection practices, use bankruptcy to obtain a fresh financial 
start, stop threatened foreclosures, and much more.
    NCLC's expertise is often called upon by public officials, courts, 
attorneys, and other advocates focused on addressing the needs of low-
income and other disadvantaged consumers. NCLC provides comprehensive 
continuing legal education on consumer law. More than 10,000 consumer 
attorneys, advocates, and service providers attend an NCLC conference 
or receive training from an NCLC attorney through a webinar or in-
person training session each year.

    Question 6. How does NCLC advocate and/or engage in activities 
designed to encourage and/or maximize the amount of cy pres awards 
provided to NCLC in TCPA actions?
    Answer. NCLC encourages class action attorneys to consider 
nominating NCLC to receive cy pres awards in appropriate cases through 
occasional mailings, e-mails, newsletters, and mentions at relevant 
conferences and trainings. NCLC does not seek to ``maximize'' cy pres 
awards; our advocacy consistently supports the maximum distribution of 
settlement funds to class members.

    Question 7. Has anyone who nominated NCLC for a cy pres award in a 
TCPA class action in the past five years (CY2019 to CY2023) received 
any payment, benefit, award or honorarium from NCLC because of, or in 
connection to, such nomination for or actual receipt of a cy pres 
award? If so, please describe any such payment, benefit, award, or 
honorarium received.
    Answer. NCLC does not offer or issue any payment, benefit, award or 
honorarium ``because of, or in connection to'' nominations for or 
receipt of cy pres awards. We do provide some forms of non-monetary 
recognition to attorneys who nominate NCLC to receive cy pres awards, 
including lapel pins, plaques, and public expressions of appreciation 
for the attorney's work to protect consumers on nclc.org, at 
conferences, and/or in our bi-annual newsletter.
    From 2019-2023, NCLC has issued 20 awards: five Vern Countryman 
Awards for consumer attorneys whose special contributions to the 
practice of consumer law have strengthened and affirmed the rights of 
low-income and other vulnerable consumers, and 15 Rising Star Awards to 
attorneys newer to practice who have made major contributions to 
consumer law within the past two years by trying or settling a case of 
great success and significance. Of these 20 individual attorneys, one 
award winner nominated NCLC for a cy pres award in a TCPA class action, 
and the award was based on that recipient's career accomplishments 
assisting low-income consumers. Award recipients receive a trophy and 
$500 in recognition of their lifetime achievements.
Provider Suspension Process
    Question 1. In your written testimony, you advocated for the 
Federal Communications Commission (FCC) to immediately suspend a 
provider from the Robocall Mitigation Database if that provider 
transmits as few as two calls deemed to have been illegal by a 
government agency or a government contractor. Your proposed scheme 
seems like a two-strike system: You get one notification that a problem 
has occurred, and then if it happens again, you get an immediate 
suspension and have to cease all operations for 10+ days.

    a. In your view, should a voice service provider be forced to cease 
all operations, sacrifice two weeks of revenue, and defend itself 
before the FCC if it merely lets just two illegal robocalls pass 
through its network?
    Answer. No. The notifications and the suspensions we are proposing 
are only triggered by numerous (thousands, or tens of thousands) of 
similar calls transmitted through the same provider.

    b. What evidence of wrongdoing should be required before the FCC 
takes such measures?
    Answer. Repeated transmission of illegal calls after notification 
from a Federal or state enforcement agency, or a designated contractor 
of one of these agencies, that the provider is continuing to transmit 
illegal calls.

    Question 2. Your proposal contemplates allowing a suspended 
provider to have a hearing before the FCC's Administrative Law Judge 
(ALJ) by the end of its 10-day initial suspension. However, there is 
currently only one ALJ working at the FCC. How will the hearing process 
move on ``an expedited basis'' as you describe?
    Answer. If necessary, we propose that the FCC employ more ALJs to 
deal with these hearings. And, if more funding is necessary, we are 
advocating that Congress should allocate sufficient funds to the FCC to 
enable it take appropriate steps to stop these illegal calls.
    Currently the illegal scam and telemarketing calls cause billions 
of dollars to be stolen annually by scam callers, and significant 
losses of time and privacy for almost all telephone subscribers in the 
United States. These calls are also a primary contributor to overall 
denigration of the American telephone system. These costs surely 
provide sufficient justification for additional funding to the FCC to 
employ the necessary number of ALJs and other staff.

    Question 3. If the hearing can take place immediately after the 10-
day period, why do you believe the suspended voice provider will be 
ready by then?
    Answer. As with the hearings that follow temporary restraining 
orders (TRO) issued pursuant to Rule 65(b) of Federal Rules of Civil 
Procedure, the 10-day period is for the benefit of the recipient of the 
orders to request that the TRO be lifted. If the provider requests an 
extension of time before the hearing, we doubt anyone would object.

    a. Why is it a reasonable expectation for every voice provider to 
have sufficient in-house counsel or teams of lawyers on retainer that 
can spring into action, gather evidence, write briefs, and prepare 
arguments within ten days?
    Answer. Not every voice provider would need these resources--only 
those providers whose practices either support or permit the illegal 
calls to continue after being given notice. The potential for 
suspension would create incentives for providers to comply with the 
law.
    Additionally, it is highly unlikely that providers who receive 
these notices would be unaware that they are flouting the law. Indeed, 
it is more typical for repeated notices to be sent to complicit 
providers who ignore them and continue to transmit the illegal calls. 
This dynamic was described in a recent case brought by the Attorney 
General of Florida against a voice service provider for repeatedly 
transmitting illegal calls after notice: ``Plaintiff alleges that 
Defendant was notified approximately 250 times of fraudulent calls it 
has transmitted, despite having this knowledge it continued to connect 
these calls, profited from these fraudulent calls, refused to implement 
a means to check for these robocalls, and the calls would not have 
connected but for Defendant's decision to allow them to transit its 
network.'' Office of the Attorney General v. Smartbiz Telecom LLC,--
F.Supp.3d--, 2023 WL5491835116 at 4, (S.D.Fl. August 23, 2023).

    Question 4. If a voice provider is wrongfully suspended--say, 
because the suspected illegal robocalls were actually legal, or because 
the initial notice of having transmitted illegal robocalls was never 
provided to them--would the provider have any recourse from the FCC for 
the wrongful suspension?
    Answer. Just as with the current process for a court to issue a 
TRO, one prerequisite would be the requirement for specific facts and 
evidence of those facts to show that the calls continued after the 
required notification was given to the voice service provider. (See 
FRCP Rule 65(b)). We have not outlined every specific facet of the 
procedure, only the general outline. The expedited, ex parte process 
used for TROs is a well-developed process in the Federal and state 
courts, used to prevent irreparable injury, loss, or damage that would 
result if the complained-of acts were allowed to continue. We are 
recommending that the FCC be authorized to establish and pursue a 
similar process to cut down on these invasive and dangerous calls.
    The original notifications should be based on verified information, 
using any one or several of the available service providers that 
identify the illegal calls. The FCC should only issue the suspension 
after ascertaining that the required notifications have been issued.

    Question 5. If a voice provider was wrongfully suspended, could 
they recover damages for the ten days of lost revenue?
    Answer. The answer to this question should be based on whether 
defendants in similar expedited processes (such as TROs issued under 
Rule 65)) may be entitled to such damages.

    a. What about reputational damages they may suffer by being 
publicly suspended from the Robocall Mitigation Database?
    Answer. Please see the answer to question # 5, above.
Lead Generators
    Question 1. In your oral testimony, you stated: ``Telemarketers 
routinely ignore [FCC] regulations and make . . . about a billion 
illegal telemarketing calls every month. Then they defend themselves 
from government and private enforcement by relying on specious consent 
agreements that were either completely fabricated or based on supposed 
consent agreements, sold and resold, and sold again by lead 
generators.''

    a. Yes or no. If a consumer provides express written consent to a 
lead generator to be contacted by other businesses, and then their 
information is sold either to an aggregator or directly to a seller of 
the good or service the consumer wanted, would you consider any 
subsequent phone call from such businesses to be illegal?
    Answer. Yes. As we and numerous others have stated in comments 
filed with the FCC (see answers above), under the applicable rules for 
telemarketing calls made with an artificial or prerecorded voice, a 
lead generator can only collect consent for calls for one seller at a 
time in one agreement with the consumer. The FTC has already declared 
that calls made after consents for calls using prerecorded voice are 
traded are illegal under the Telemarketing Sales Rule.
    Furthermore, as we and others have also explained in comments filed 
with the FCC, under the applicable rules for telemarketing calls and 
texts to lines registered on the DNC Registry, the agreement that is 
necessary to make those messages legal can only be entered into between 
the seller and the consumer. No lead generator can be involved unless 
it is an agent of the seller.

    Question 2. In your oral testimony, you stated that the FCC should 
``eliminate [the] entire business model'' of lead generation. Although 
there are bad actors within the industry, there are also legitimate 
companies, including small businesses, that rely on purchasing leads to 
grow their business and reach consumers who have given consent to be 
contacted. Could a categorical ban on lead generators harm these 
legitimate businesses?
    Answer. We have not called for eliminating the lead generation 
industry, only the practice of selling consumers' purported consent for 
telemarketing calls. There is a distinction between purchasing leads 
with the contact information of consumers who are interested in 
particular products or services, and purchasing the consent agreements 
that are necessary for telemarketing calls to be considered legal under 
the FCC's regulations. I was only addressing the practice of lead 
generators of trading the agreements for consent, which we believe to 
be already illegal, but which the FCC's amendment to the TCPA 
regulations ``unequivocally'' makes illegal.
                                 ______
                                 
      Response to Written Questions Submitted by Hon. Ted Cruz to 
                             Megan L. Brown
FCC Robocall Forfeitures
    Federal Communications Commission (FCC) Chairwoman Jessica 
Rosenworcel has sought additional authority to make up for the 
Department of Justice's (DOJ) failure to pursue Telephone Consumer 
Protection Act (TCPA) violations. While I understand the importance of 
recovering penalties and fines, I am concerned about giving this 
additional authority to the FCC. It raises separation of power concerns 
and could shift the FCC's focus away from pursuing bad actors.

    Question 1. Can you please describe the implications of giving 
prosecution authority over forfeiture penalties to the FCC?
    Answer. Authorizing the Federal Communications Commission (FCC) to 
pursue forfeitures directly in Federal court, instead of relying on the 
DOJ, would be an expansion of authority and change the role of the 
FCC's Enforcement Bureau. It may open the door to future expansions of 
broad direct prosecution authority to the FCC and other agencies. At a 
time when courts are looking skeptically at Federal agencies' general 
ability to both interpret and enforce statutes, Congress should not 
expand the FCC's ability to go straight to court without DOJ. To the 
contrary, many statutes rely on DOJ enforcement of other agency 
actions, which makes sense because DOJ is well positioned to prioritize 
enforcement, exercise prosecutorial discretion, and promote consistency 
in the positions of the United States before Federal courts. Putting a 
new responsibility on the FCC may require additional resources and is 
beyond the agency's procedural and substantive areas of expertise.
    It is unnecessary to make such a fundamental change at this time. 
The FCC has been capably investigating and acting on abuses of the 
TCPA, the Truth in Caller ID Act, the TRACED Act, and its rules, 
including recent actions to address police misstatements and defects in 
the Robocall Mitigation Database (RMD).\1\ As FCC Chairwoman Jessica 
Rosenworcel recently noted, in the last two years since passage of the 
TRACED Act, the FCC has ``stopped more big robocall schemes than at any 
point in [the FCC's] history.'' \2\ The FCC can continue to pursue bad 
actors, increase its efforts to clean up the RMD, communicate with 
industry when it identifies problematic traffic, and increase its 
collaboration with the agency's registered traceback consortium under 
the TRACED Act, the Industry Traceback Group. As the FCC itself has 
noted, when it sends clear messages to stop facilitating bad traffic, 
the results are impressive. For example, in a recent enforcement action 
targeting the bad actors behind more than 5 billion fraudulent auto 
warranty robocalls, FCC Chairwoman Rosenworcel noted that subsequent to 
its enforcement action, the volume of these calls fell by 99 
percent.\3\ In recent Senate testimony, Chairwoman Rosenworcel 
emphasized similar results in student loan scam calls, which were 
reduced by 88 percent.\4\
---------------------------------------------------------------------------
    \1\ See Press Release, FCC Seeks to Remove Companies from Key 
Database for Non-Compliance with Anti-Robocall Rules, FCC (Oct. 16, 
2023), available at https://docs.fcc.gov/public/attachments/DOC-
397737A1.pdf. The FCC's press release discusses the issuance of 20 
Enforcement Bureau orders to begin removing specified non-compliant 
voice service providers from the agency's RMD, due to their submission 
of allegedly deficient robocall mitigation plans. Their removal from 
the RMD would require all intermediate providers and terminating voice 
service providers to cease carrying the companies' traffic, these 
companies' customers would be blocked, and no traffic originated by 
these companies would reach the called party.
    \2\ See Statement of Chairwoman Jessica Rosenworcel, Advanced 
Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-
59; Call Authentication Trust Anchor, WC Docket No. 17-97; Seventh 
Report and Order in CG Docket CG 17-59 and WC Docket 17-97, Eighth 
Further Notice of Proposed Rulemaking in CG Docket 1759, and Third 
Notice of Inquiry in CG Docket 17-59 (May 18, 2023); available at 
https://docs.fcc.gov/public/attachments/FCC-23-37A1.pdf.
    \3\ Statement of Chairwoman Jessica Rosenworcel, In the Matter of 
Sumco Panama SA, Sumco Panama USA, Virtual Telecom kft, Virtual Telecom 
Inc., Davis Telecom Inc., Geist Telecom LLC, Fugle Telecom LLC, Tech 
Direct LLC, Mobi Telecom LLC, and Posting Express Inc., File No.: EB-
TCD-21-00031913, Forfeiture Order, FCC-23-64 (August 3, 2023) (Sumco 
Panama Forfeiture Order).
    \4\ https://docs.fcc.gov/public/attachments/DOC-397034A1.txt
---------------------------------------------------------------------------
    Given the ability of DOJ to go to court, there is no demonstrable 
need to fundamentally change the agency's relationship with the FCC and 
the courts. In fact, when Congress in the 1970s gave some direct 
litigating authority to the Federal Trade Commission, it was responding 
to demonstrated disagreement between the DOJ and the FTC that was 
affecting litigated cases.\5\
---------------------------------------------------------------------------
    \5\ See S. Rep. No. 93-151, at 29 (1973) (``This section insures 
that the Commission will be able to represent itself in any civil 
proceeding involving the Federal Trade Commission Act. At the present 
time, the Commission must, in many situations, rely on the Department 
of Justice, which has been sluggish in the past in enforcing regulatory 
agency decisions in Federal courts.'').
---------------------------------------------------------------------------
    The prior ``division of labor created problems when the FTC and DOJ 
disagreed on substantive areas of antitrust law and policymaking 
efforts and resulted in poor representation of the FTC's positions 
through filing delays, settlements that did not reflect the agency's 
policy goals, and even the refusal to file cases in the first 
place.''\6\ There is no apparent disfunction between DOJ and the FCC 
over collection of forfeitures, so it appears premature at best to 
expand the role of the FCC.
---------------------------------------------------------------------------
    \6\ Eliott Karr, Independent Litigation Authority and Calls for the 
Views of the Solicitor General, 77 Geo. Wash. L. Rev. 1080, 1091 (June 
2009).

    Question 2. Do you agree that we should focus on getting the DOJ to 
do its job rather than giving this power to an independent agency?
    Answer. The Chamber agrees that it would be preferable to encourage 
the DOJ to prioritize the collection of FCC forfeitures and the pursuit 
of other claims--civil and criminal--against those who abuse the 
communications system to seek to defraud Americans. There are many ways 
the DOJ, using existing authorities, can investigate and prosecute bad 
actors and fraudsters, with the FCC and on its own. As I explained in 
my written testimony, Congress can do several things to encourage DOJ 
to take more action:

   Require DOJ to file an annual report with Congress 
        explaining enforcement activity it has undertaken in the last 
        calendar year to combat illegal robocalls and its handling of 
        FCC referrals, including the pursuit of forfeiture amounts. 
        This requirement would be similar to the TRACED Act's annual 
        TCPA reporting requirement for the FCC and should require DOJ 
        to explain if and why it has not pursued FCC referrals.

   Prioritize DOJ funds for investigations and enforcement 
        actions against illegal robocallers.

   Require DOJ to establish a robocall enforcement and 
        education office.
TCPA Abuse
    Question 1. In your testimony, you point out that TCPA class action 
litigation filings are once again on the rise even in in the wake of 
Facebook v. Duguid.\7\ Why is that and why should the public and 
lawmakers be concerned?
---------------------------------------------------------------------------
    \7\ Facebook, Inc. v. Duguid, 141 S. Ct. 1163 (2021).
---------------------------------------------------------------------------
    Answer. It appears that class action lawyers and plaintiffs are 
turning to other parts of the TCPA, and also that they continue to try 
to limit and undermine the decision in Duguid.\8\ Post-Duguid, TCPA 
litigation has remained steady with the overall number of cases 
dropping slightly at first and gradually increasing.\9\ Additionally, 
the plaintiffs' bar has used techniques to prolong litigation to the 
summary judgment stage instead of being dismissed at the pleadings 
stage, giving plaintiffs' attorneys leverage to coerce companies into 
massive settlements in a post-Duguid world.\10\ Because of the 
statutory damages and near strict liability of the TCPA, it simply 
remains too attractive to class action lawyers.
---------------------------------------------------------------------------
    \8\ See, e.g., Borden v. eFinancial, LLC, 53 F.4th 1230 (9th Cir. 
2022) (rejecting attempt to distinguish Duguid); Brickman v. Meta, 56 
F.4th 688 (9th Cir. 2022) (same). The U.S. Chamber participated as 
amicus in Brickman, and explained to the Ninth Circuit that ``the TCPA 
plaintiffs' bar has continued after Duguid to bring putative class 
actions under the statute seeking exorbitant statutory damages. Like 
many TCPA plaintiffs since Duguid, Brickman makes an argument that 
relies heavily on a single sentence within a single footnote in 
Duguid--footnote 7. As a recent report released by the Chamber's 
Institute for Legal Reform explains, that footnote ``has become the 
battleground in much of the post-Duguid TCPA litigation.'' Brief Amicus 
Curiae, United States Chamber of Commerce, Brinkman v, Meta, 9th Cir. 
No. 21-16785 (filed Apr. 18, 2022) https://www.uschamber.com/assets/
documents/U.S.20Chamber20Amicus20Brief20-
20Brickman20v.20United20States2028Ninth20Circuit29.pdf (citing U.S. 
Chamber Inst. for Legal Reform, Turning the TCPA Tide: The Effects of 
Duguid 13 (Dec. 2021), https://institute
forlegalreform.com/wp-content/uploads/2021/12/
1323_ILR_TCPA_Report_FINAL_Pages.pdf).
    \9\ Turning the TCPA Tide: The Effects of Duguid, U.S. Chamber 
Institute for Legal Reform (Dec. 2021), https://
instituteforlegalreform.com/wp-content/uploads/2021/12/1323_ILR_TCPA
_Report_FINAL_Pages.pdf, (``Between October 1, 2020 and March 31, 2021, 
975 TCPA-related Federal cases were filed. Duguid was decided on April 
1, 2021. In the six succeeding months, up to September 30, 2021, 674 
TCPA-related cases were filed in Federal court--a decrease of roughly 
31 percent.''). According to data from Westlaw Litigation Analytics, 
more than 50 percent of the 2,640 TCPA cases in Federal court in 2022 
and so far in 2023 have been class actions. In October 2023 alone, 64 
percent of all TCPA lawsuits were class actions. (In Westlaw Analytics, 
we reviewed docket analytics under the ``Experience'' (Telephone 
Consumer Protection Act) tab for 1/01/2022 to 11/20/2023 to identify 
the total cases (2,640). We reviewed how many were class action 
(1,463). We also looked at the cases in the date range 10/1/2023-10/31/
2023 (122) and reviewed how many were class actions (79) to determine 
that in October 2023 alone, 64 percent of TCPA lawsuits were class 
actions.) (last visited Nov. 20, 2023)).
    \10\ Id.
---------------------------------------------------------------------------
    The proliferation of TCPA class actions should be a concern for 
policymakers because they generate costly litigation and encourage 
settlements that may not reflect violations of the law but that greatly 
benefit lawyers. This is why the TCPA remains a lucrative specialty for 
the plaintiffs' bar. Because the TCPA operates as a strict liability 
statute, legitimate businesses that make a mistake can be caught in its 
cross hairs. And the threat of expensive litigation and enormous 
damages can lead companies to settle cases even where they have solid 
defenses and did nothing wrong. For example, even where a company 
claims it has adequate consent for the communication, it can be 
difficult to establish consent in early motions practice at the class 
certification stage. This means a defendant faces enormous litigation 
costs, creating a strong incentive to settle.
    Fundamentally, this sort of punitive TCPA litigation environment 
does nothing to discourage the fraudsters and scammers that 
intentionally violate the law and are responsible for the overwhelming 
majority of illegal robocalls and texts.

    Question 2. On October 24th, Ms. Saunders of the National Consumer 
Law Center testified that while she ``understand[s] the frustration of 
the Chamber of Commerce with inappropriate class actions at the moment, 
the danger of class actions is also one of the prime ways that 
incentivizes sellers and callers to comply with the law.''

    a. Do you agree or disagree that the ``danger of TCPA class 
actions'' helps consumers and is effective in reducing illegal 
robocalls?
    Answer. I disagree. The fear of TCPA liability chills legitimate 
and lawful communications campaigns and imposes additional burdens on 
companies. Legitimate American businesses have robust compliance 
programs to meet the demands of the TCPA as well as the Telemarketing 
Sales Rule and other requirements. And the calling ecosystem has 
extensive codes of conduct and programs that are built on consent and 
compliance. The bad guys, fraudsters, and criminals abusing our 
communications networks do not care about compliance and are not 
deterred by our laws or the threat of class actions. TCPA litigation 
ensnares legitimate U.S. businesses that already have robust compliance 
programs and ample incentive to comply with the law.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. John Thune to 
                             Megan L. Brown
    Question 1. The TRACED Act increased the FCC's ability to initiate 
enforcement actions against illegal robocallers who are intentionally 
violating the law by extending the statute of limitations from 1 year 
to 3 years, and it eliminated the citation requirement for such 
violations. Has this provision helped enable the FCC to stop illegal 
robocallers?
    Answer. Yes, this part of the TRACED Act appears to have helped the 
FCC investigate and bring actions against illegal robocallers. The FCC 
has been bringing substantial enforcement actions since passage of the 
TRACED Act, the FCC appeared to have used this provision on at least 
three occasions. For example, on August 24, 2021, the FCC issued a 
Notice of Apparent Liability for Forfeiture (NAL) proposing a 
$5,134,500 fine against John M. Burkman, Jacob Alexander Wohl, and J.M. 
Burkman & Associates LLC for apparently making 1,141 unlawful robocalls 
to wireless phones without prior express consent in violation of the 
TCPA.\11\ The FCC noted that this was the first case in which the FCC 
used the TRACED Act's authorization to issue an NAL for apparent TCPA 
violations without first issuing a citation.\12\ The FCC appears to 
have leveraged this provision on at least two other occasions.\13\
---------------------------------------------------------------------------
    \11\ See John M. Burkman, Jacob Alexander Wohl, and J.M. Burkman & 
Associates LLC, Notice of Apparent Liability for Forfeiture, FCC 21-97 
(Aug. 24, 2021).
    \12\ Id. at  2.
    \13\ See e.g., Gregory Robbins; Interstate Brokers of America LLC; 
National Health Agents LLC, Notice of Apparent Liability for 
Forfeiture, FCC 22-16 (2022); see also Thomas Dorsher, ChariTel Inc., 
OnTel Inc., ScammerBlaster Inc., Notice of Apparent Liability for 
Forfeiture, FCC-22-57 (2022).

    Question 2. Does the FCC have the authority to revise the 
definition of an ATDS without a clear directive from Congress following 
the Supreme Court's decision in Duguid?
    Answer. No. The Supreme Court's unanimous opinion definitively 
interpreted Sec. 227(a)(1)(A) of the statute, defining what is required 
to constitute an autodialer. The Court held that ``a necessary feature 
of an autodialer under Sec. 227(a)(1)(A) is the capacity to use a 
random or sequential number generator to either store or produce phone 
numbers to be called.'' \14\
---------------------------------------------------------------------------
    \14\ Facebook v. Duguid, 141 S. Ct. 1163, 1173 (2021).
---------------------------------------------------------------------------
    The FCC does not have authority the revise the statutory 
definition, as interpreted by the unanimous Supreme Court, nor should 
it attempt to do so on its own.

    Question 3. Could you provide some examples of TCPA filings that 
you would categorize as litigation abuse?
    Answer. There are so many cases that involve beneficial 
communications, as well as legitimate companies, non-profits and 
government actors. And in many instances, court rulings prevent speedy 
resolution of dispositive questions like whether there was consent or 
whether a call is for telemarketing. Because there is no cumulative 
limit to damages, plaintiffs' lawyers will continue to seek mind-
boggling damages awards. Further, massive classes--such as a recent 
class certification of over one million people--encourage settlement 
even where a company has strong defenses. The Chamber provides a few 
examples:

   Silver v. City of Albuquerque\15\: The City of Albuquerque 
        was sued after sending text messages to local residents during 
        the COVID-19 pandemic, notifying them of the opportunity to 
        engage in socially-distanced town halls. The City had to engage 
        in substantial litigation over communications that were 
        intended to help the community participate in local government.
---------------------------------------------------------------------------
    \15\ No. 1:22-CV-00400, 2023 WL 2413780 (D.N.M. Mar. 8, 2023).

   Barton v. Serve All, Help All, Inc.\16\: Serve All, Help 
        All, a non-profit company that provides financial aid and 
        assistance to those with housing needs, was sued by a serial 
        pro se litigant for an automated phone call offering a Public 
        Service Announcement for homeowners in default.
---------------------------------------------------------------------------
    \16\ No. 3:21-CV-05338, 2023 WL 1965905, at *1 (W.D. Wash. Feb. 13, 
2023), motion to certify appeal denied, No. 3:21-CV-05338-RJB, 2023 WL 
2372904 (W.D. Wash. Mar. 6, 2023).

   Eller v. Uber Technologies, Inc.\17\: Plaintiff sued Uber 
        after receiving text messages that, ``Your Driver's License is 
        expired, please head to the app to update it.'' Plaintiff 
        alleges Uber failed to honor opt-out requests and makes a 
        number of process-based claims about internal policy problems 
        such as lack of sufficient training. Since this case was filed 
        in September 2023, no merits briefing has taken place, but it 
        appears this case will seek enormous damages and fees ($1500 
        per text for alleged knowing and willful conduct). It appears 
        this case is on shaky ground. The plaintiff alleges this is a 
        telemarketing text, but it does not appear to be, and it is not 
        clear that the plaintiff followed the opt-out mechanism 
        provided by the company.
---------------------------------------------------------------------------
    \17\ No. 4:23-CV-03526 (S.D. Tex. Sept. 19, 2023).

   Head v. Citibank, N.A.\18\: Plaintiff sued a credit card 
        company in a putative class action alleging that she received 
        unsolicited calls about past-due credit card debt incurred by 
        another person. Citibank argued that the Plaintiff ``does not 
        identify a single similarly situated person or phone number 
        that received allegedly wrong number calls.'' Citibank argued 
        against certification of a class action because, among other 
        things, its internal ``wrong number codes'' are used for a 
        variety of reasons, and do not necessarily indicate unconsented 
        calls. The court disagreed and certified the class, reasoning 
        that ``[i]n light of the enormous rate at which Citibank places 
        calls to delinquent accounts, it seems virtually impossible'' 
        that Citibank has not called ``at least 40'' non-customers, 
        warranting class certification. This ruling is based on 
        speculation but subjects Citibank to expensive litigation and 
        burdensome discovery, delaying resolution and increasing the 
        pressure to settle despite what appear to be meritorious 
        defenses.
---------------------------------------------------------------------------
    \18\ 340 F.R.D. 145, 149 (D. Ariz. 2022).
---------------------------------------------------------------------------
   Hylton v. Titlemax of Virginia, Inc.\19\: This is a 
        reassigned number case, a type of TCPA case in which companies 
        are sued for making communications to numbers that, unbeknownst 
        to the company, were reassigned from someone who had provided 
        consent to a new user who then sues for the mistake. The 
        plaintiff, Hylton, received communications because Titlemax was 
        trying to contact an individual who had the number prior to 
        Hylton and had consented to calls with a pre-recorded message 
        and agreed to inform Titlemax of any change in his provided 
        number but failed to do so. After receiving calls, Hylton 
        called Titlemax on five occasions, but did not inform Titlemax 
        that she had received the calls on the number they thought 
        belonged to another person nor requested that Titlemax stop 
        calling Hylton's number. Though the defendant was not on notice 
        of the reassigned number and had consent from the previous 
        holder of the number, the court found that ``neither the text 
        of the TCPA nor the FCC's recent rulemaking supports the 
        creation of a defense or exemption for those who can show that 
        they reasonably relied upon their intended recipient's prior 
        express consent when calling a reassigned number,'' and denied 
        Titlemax's motion for summary judgement.
---------------------------------------------------------------------------
    \19\ No. 4:21-CV-163, 2022 WL 16753869, at *1 (S.D. Ga. Nov. 7, 
2022).

   Wick v. Twilio, Inc.\20\: Plaintiff accessed a website, 
        Crevalor, which offered a nutrition supplement. To receive a 
        free sample, the plaintiff submitted his name, address and cell 
        phone number into a form on the website. Plaintiff was then 
        directed to a webpage that provided pricing information. 
        Plaintiff decided against continuing with the order and closed 
        the webpage. Immediately after plaintiff submitted his 
        information, defendant Twilio, which provides automated text 
        messaging services, sent the plaintiff a text message stating: 
        ``Noah, Your order at Crevalor is incomplete and about to 
        expire. Complete your order by visiting http//hlth.co/xDoXEZ.'' 
        Plaintiff filed suit under the TCPA, alleging that the text 
        constituted telemarketing. The Court disagreed, reasoning that 
        ``it is not telemarketing for the service or product provider 
        to inform plaintiff how to complete'' an order process . . . 
        Because plaintiff consented to the communications at issue when 
        he submitted his telephone number during the Crevalor order 
        process, plaintiff fails to plead a TCPA violation.'' This case 
        show how even valid defenses and consent cannot stop litigation 
        of spurious claims that requires expensive defense costs for 
        targeted companies.
---------------------------------------------------------------------------
    \20\ 2016 WL 6460316, at *1 (W.D. Wash. Nov. 1, 2016).

    Question 4. You list caps on attorneys' fees as a means to deter 
abusive TCPA litigation. What is your view on limiting the availability 
of class actions under the TCPA, which could also deter out-of-control 
attorneys' fees?
    Answer. Limiting the availability of class actions under the TCPA 
would be an effective way to help reduce enormous attorney's fees. 
According to data from Westlaw Litigation Analytics, more than 50 
percent of the 2,640 TCPA cases in Federal court in 2022 and so far in 
2023 have been class actions. In October 2023 alone, 64 percent of all 
TCPA lawsuits were class actions. The class action vehicle is a major 
driver of TCPA litigation. The combination of statutory damages ($500 
or $1500) multiplied across large numbers of purported class members 
creates a threat of crushing liability; this leads to large 
settlements, of which a third or more can go to the lawyers.
    The Chamber has long criticized the utility of the class action 
vehicle because it is often used to target large companies and exact 
enormous fee awards, with little direct benefit to class members (for 
example in coupon settlements) or consumers.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                            Joshua M. Bercu
Heightened Enforcement
    Congress passed the TRACED Act in 2019 to enhance the FCC's 
enforcement authority and increase penalties for illegal robocallers. 
Since then, scam robocalls have dropped 50 percent, but they remain a 
serious problem.
    Last year, scam robocalls cost American consumers a total of $39 
billion. This includes 1.1 million people in the State of Washington. 
Clearly, we can do more to crack down on these scams.

    Question 1. How can we ensure that the partnerships between state 
law enforcement and the private sector effectively supplement what the 
FCC and the FTC do on a Federal level?
    Answer. State enforcers are critical partners in the fight against 
illegal robocalls. The ITG works closely with attorneys' general 
offices from across the country, including Washington. States, like 
their colleagues at the FCC and FTC, are bringing more enforcement than 
ever before in large part based on ITG traceback data. For instance, 
earlier this year, 49 attorneys general sued one provider they deemed 
responsible for illegal robocalls based on traceback data.
Robocall Mitigation Tools
    You spoke of the various types of robocall ``mitigation tools'' 
that providers are deploying, which help consumers block unwanted 
calls.

    Question 1. Do the various tools you described work with all 
technologies and devices?
    Answer. Providers have deployed a variety of tools to protect their 
customers, and most have different tools deployed at different layers 
of their network and operations. For instance, many providers block 
calls highly likely to be illegal within the network long before they 
reach the consumer. Sometimes they do so because the calls are 
purportedly from numbers on the ITG's Do Not Originate list, a list 
composed of government and enterprise numbers intended only for inbound 
calls and never used to make calls.
    Providers also have deployed tools that block and label illegal and 
unwanted calls on a per-call basis. The tools can vary provider-to-
provider and vendor-by-vendor, and implementation for wireline can 
differ from wireless. In addition to the tools deployed by providers 
and their partners, consumers can obtain over-the-top applications to 
supplement protections, such as from YouMail, Nomorobo, and Robokiller.

    Question 2. How do we ensure that these mitigation tools can evolve 
quickly enough to counter scammers' changing tactics?
    Answer. The tools deployed by providers rely on machine learning 
and other cutting-edge technologies and methods to detect scammers' 
latest tactics and address them. As I noted in my testimony, one 
challenge for providers and legitimate callers alike are bad practices 
of scammers like number rotation, designed specifically to evade 
blocking and labeling protections. More oversight and curbing of such 
practices will help to further isolate illegal calling from legal 
calling, helping to better mitigate the former while minimizing 
inadvertent blocking and labeling of the latter.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Ben Ray Lujan to 
                            Joshua M. Bercu
Handset Operating Systems
    Question 1. Fewer and fewer families subscribe to landline 
telephones, and the great majority of consumers receive robocalls and 
robotexts through handsets that use Apple iOS or Google Android. How do 
these handset providers work with STIR/SHAKEN to ensure call recipients 
have the best information about a call? Do Apple and Google participate 
in industry groups dedicated to limiting illegal and unwanted calls and 
texts?
    Answer. Neither USTelecom nor the ITG works directly with Apple or 
Google on robocall or robotext mitigation applications, but it is my 
understanding that Apple and Google work closely with wireless carriers 
to continue to improve the customer experience.
                                 ______
                                 
 Response to Written Questions Submitted by Hon. John Hickenlooper to 
                            Joshua M. Bercu
Artificial Intelligence
    The Federal Communications Commission (FCC) is launching a proposed 
inquiry to examine how Artificial Intelligence (AI) can be used as a 
tool to detect robocalls and robotexts.

    Question 1. How have members of U.S. Telecom utilized traditional 
AI/machine learning for both detecting robocalls and conducting 
traceback campaigns? Are members of U.S. Telecom exploring methods to 
detect AI-generated robocalls?
    Answer. USTelecom members are at the forefront of deploying 
cutting-edge technology to protect their customers. Providers and their 
analytics partners have long relied on machine learning and other tools 
to detect and stop scammers' latest practices. Providers choose the 
technologies and methods most effective for that goal. As a general 
matter, providers and their analytics partners are focused on 
identifying patterns of bad calling activity based on numerous factors. 
Their tools often focus primarily on such patterns, and capture illegal 
robocall activity whether generated by AI or not.
Traceback Transparency
    Industry Traceback Group (ITG) traceback information is only 
released to selected parties and not made publicly available. In 
November 2022, ITG stated in their public comments submitted for the 
Federal Communications Commission's (FCC) annual report to Congress 
that releasing raw traceback information to the public could be 
``misleading and harmful'' without proper context.

    Question 1. What steps is ITG taking to increase real-time 
transparency about scam calls to the public? Can generative AI be used 
in a virtual assistant to provide the necessary context to consumers 
such that they can easily digest raw traceback information?
    Answer. The ITG relies on third parties, such as YouMail, 
Robokiller, and individual providers, for real-time information about 
ongoing scam call campaigns. The ITG's traceback data is limited to 
information about suspected illegal call examples and how those calls 
transited from provider to provider across the telephone network. Such 
information does not offer either beneficial or actionable information 
directly to individual consumers, but it is critical to enforcement. In 
that regard, last year, the ITG launched a portal to provide direct 
access to traceback data to the FCC and other Federal and state law 
enforcement agencies. The ITG also responds to hundreds of subpoenas 
from such agencies to support their enforcement efforts.
                                 ______
                                 
     Response to Written Question Submitted by Hon. John Thune to 
                            Joshua M. Bercu
    Question. In your testimony, you mention that the registered 
traceback consortium established under the TRACED Act has been an 
effective tool for identifying illegal robocalls. Are there steps 
Congress should take to further advance industry efforts to crack down 
on illegal calls? How would the Robocall Trace Back Enhancement Act, 
legislation I led last Congress with Senator Markey, help bolster 
privately led efforts to trace illegal robocalls?
    Answer. The Robocall Trace Back Enhancement Act would advance the 
ITG's efforts in combating illegal robocalls by extending liability 
protection to the ITG as the registered traceback consortium 
responsible for traceback. The legislation would allow the ITG to 
continue to be aggressive in disrupting illegal call flows through 
sharing of traceback-based data within the industry and with government 
entities by protecting the ITG as the registered consortium from 
frivolous lawsuits aimed at undermining the traceback process.
    The ITG would also support Congress extending the consortium 
designation process to every three years. Under the TRACED Act, the 
registered traceback consortium must be designated by the FCC annually. 
The FCC's review and oversight are integral to confirming that the 
consortium operates in a neutral and non-discriminatory manner. 
Conducing the designation process on an annual basis, however, ties up 
the Commission's resources as well as those of the consortium. Those 
resources would be better dedicated to investments in advancing the 
fight again illegal robocalls.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                            Michael Rudolph
Innovation and Adoption
    Robocallers are taking advantage of technological innovations to 
flood our phones with calls and texts. It seems to me that other forms 
of technological innovation--like machine learning and generative 
artificial intelligence- hold the most promise for combatting this 
flood of illegal robocalls.

    Question 1. How can Congress and the FCC encourage 
telecommunications companies to embrace innovative technologies and use 
new tools responsibly to protect consumers from robocalls?
    Answer. The biggest current challenge meriting Congressional and 
FCC assistance to combat illegal robocalls and robotexts is assisting 
in the adoption of effective, innovative technologies.
    Presently, telecommunication companies are not incentivized to 
solve these problems as solving the problems not only costs time, and 
resources, but the eventual outcome is lost revenue from the now 
missing robocommunications.
    Robocalls are introduced into the phone network because the ``chain 
of trust'' has been broken, and a telecommunication company has allowed 
a nefarious, bad acting account or other telecommunication company to 
enter the network and bring along unwanted, unlawful communications.
    At present, telecommunication companies, being profit-driven 
enterprises, seek to maximize revenue. Maximizing revenue means 
carrying as many robocalls as reasonably possible while signaling to 
investigators and enforcement that ``just enough'' mitigation effort is 
applied and a conveying ``just enough'' responsiveness to investigative 
demands.
    For example, take recent evidence from the public record in the 
Florida Southern District Court from Office of Attorney General, State 
of Florida vs Smartbiz Telecom LLC (1:2022cv23945). Document 50-32 
contains 18 pages of invoices of a provider accused of being a conduit 
of millions of unlawful robocalls. The very first invoice indicates 
that the provider earned $140,063 of revenue in 1 month via 1 
relationship for 96 million calls, or $0.0015 per call. Documents for 
this case further include 444 pages of traceback e-mails received by 
this telecommunication provider for 261 traceback notifications 
starting in 2020. In just one route of this provider's business, 
approximately 814 million calls from July 2022 through June 2023 
generated $1.22 million in revenue.
    US Telecom recently indicated that the average traceback travels 
6.1 hops \1\ which could then be applied to form an approximate 
``industry revenue model'' for 814 million such calls by using the 
.0015/call rate and 10 percent wholesale margins. In total for the six 
provides involved, 814 million similar calls generate $5.7M in 
telecommunications revenue, with $720,000 for the final provider 
servicing the call recipient.
---------------------------------------------------------------------------
    \1\ https://docs.fcc.gov/public/attachments/DOC-390423A3.pdf

----------------------------------------------------------------------------------------------------------------
    Hop 1            Hop 2               Hop 3               Hop 4               Hop 5           Term  (Hop 6)
----------------------------------------------------------------------------------------------------------------
$1.22M                   $1.10M               $988K               $889K               $800K               $720K
----------------------------------------------------------------------------------------------------------------

    The current state in industry for innovative solutions that 
identify which accounts and partners carry these calls faces tremendous 
resistance if a telecommunications company can achieve sufficient 
robocall mitigation compliance by simply responding to individual 
incident reports (direct or via traceback) and taking down individual 
numbers on accounts as they are reported rather than seek to 
exterminate all similar traffic from their networks. The decision to 
not adopt comprehensive solutions not only saves the provider from 
paying for the cost of those solutions, but also allows the provider to 
retain as much revenue from allowing the remaining unreported, 
uninvestigated, unlawful traffic to continue transiting their networks.
    In 2002, the Sarbanes-Oxley Act was passed with votes of 423-3 and 
99-1 that mandated certain practices in financial record keeping and 
reporting for corporations. Minimal or non-existent detection, 
investigation and mitigation controls at communications companies are 
predominantly responsible for the plague of robocommunications. Present 
reductions have only been achieved due to FCC orders \2\ that create a 
no-tolerance policy for certain topical robocalls and then follow it up 
orders with direct evidence, outreach and enforcement to eliminate the 
traffic exhaustively throughout the telephone network.
---------------------------------------------------------------------------
    \2\ https://www.fcc.gov/document/robocall-enforcement-order-all-us-
based-voice-service-providers
---------------------------------------------------------------------------
    If communication platforms servicing unlawful robocommunication 
operations were subjected to regular assessments similar to those 
within Section 404 of Sarbanes-Oxley requiring management and external 
auditors to report on the adequacy of a company's internal controls 
(and to also improve deficient controls, even if that meant losing 
material revenue), it would dramatically shift the risk/revenue balance 
throughout industry with new standards for conduct, tolerance and 
accountability.
    As the problem is rooted in functions balancing risk with revenue, 
it is not solved without further Congressional action to change the 
balance of the equation where providers seek to eliminate the risk 
rather than protect revenue.
AI and Deepfake Calls
    I recently heard about an alarming situation in my state. A family 
in Pierce County, Washington received a deepfake call, where a scammer 
used AI to spoof their daughter's voice saying that she had been in a 
car accident and that a man was threatening to harm her unless they 
wire $10,000. No family should have to face this.

    Question 1. How can Congress empower consumers, regulators, and law 
enforcement to stay ahead of the increasingly sophisticated 
technologies scammers use?
    Answer. This particular scam is one of the most difficult ones to 
stay ahead of, as it:

   Uses a phone number that appears as unknown to the recipient

   Uses a convincing ``deep fake'' voice of someone the 
        recipients knows and cares about

   Explains the rational for using a suspicious, unrecognized 
        number is part of the reasoning for the crisis requiring 
        sending money

    Technology innovators thrive in a continuous effort to stay ahead 
of the scammers, but are certainly only permitted to innovate solutions 
within the confines provided by Google on Android devices and Apple on 
iOS devices.
    The scam perpetrator in this case may:

   be using a VOIP number obtained from a CPaaS platform

   have walked into an actual store and obtained a phone or 
        plan

   may be using an ``over the top'' (i.e., ``burner'') phone 
        number app they downloaded (perhaps even for free)

    Presently, companies like YouMail possess data that indicate the 
origination and history of the number. If the scammer is saying they 
``have borrowed a friend's phone'', there is data to refute this and 
indicate that the number is recently acquired and could indicate 
details for the source and geography. If allowed by Google or Apple, 
this information could be displayed alongside the call so the recipient 
could ``check the facts''.
    YouMail, as a device installed app on Android or Google, enables 
individuals to link their address book data. In many cases, because so 
many people do not answer calls from unknown numbers, this particular 
scam leaves a voice-mail message. YouMail transcribes every voice-mail 
message left for its users and does ``extract'' the identity the caller 
provided for themselves (i.e., ``Hi, this is your grandson, Mike. . 
.''). YouMail can use this content to provide a live warning or caution 
indicator to the recipient that provides more details on the call 
origination and educates the customer live at the time of interacting 
with the call and reduces the chance the call is returned, or a 
subsequent live call from that number is answered.
    Ultimately, this particular communication was criminal, and law 
enforcement must apprehend the criminal parties behind the call. By 
partnering with law enforcement, YouMail has enabled identification of 
the parties operating scams such as these using same-day, live data and 
domestic threat actors can be pursued by enforcement while and in-
network countermeasures can be put in place at cooperating network 
providers for communications originating from outside the U.S.
Heightened Enforcement
    Congress passed the TRACED Act in 2019 to enhance the FCC's 
enforcement authority and increase penalties for illegal robocallers. 
Since then, scam robocalls have dropped 50 percent, but they remain a 
serious problem.
    Last year, scam robocalls cost American consumers a total of $39 
billion. This includes 1.1 million people in the State of Washington. 
Clearly, we can do more to crack down on these scams.

    Question 1. How can we ensure that the partnerships between state 
law enforcement and the private sector effectively supplement what the 
FCC and the FTC do on a Federal level?
    Answer. YouMail partners directly with many State Attorneys General 
offices to monitor, investigate, disrupt and enforce laws against 
robocall operations. YouMail thanks the State of Washington for its 
active role and partnership investigating certain robocall campaigns 
over the past few years and its participation in the multi-state Anti-
Robocalling Task Force.
    YouMail has provided data indicating the robocall reduction since 
the passage of the TRACED Act directly ties to state and Federal 
efforts to investigate and shut down the highest volume robocall 
operations--such as the robocalls impersonating the Social Security 
Administration, offering extended warranties or providing student loan 
assistance. YouMail presently applies investigative resources to track 
several thousand active robocall campaigns each month for directly 
classifying and stopping these calls from harming YouMail users 
directly. Additionally, YouMail works to provide evidence to state and 
Federal investigative and enforcement resources but observes those 
resources only have bandwidth to investigate a few dozen of these 
active campaigns at a time. YouMail has observed certain states (North 
Carolina, Ohio, Florida, Indiana, Vermont, Washington) have taken more 
active roles in the Anti-Robocalling Task Force. If each state would 
contribute resources proportional to its population affected by 
robocalls, current investigative and enforcement impacts would be 
increase significantly and more active robocommunication threats could 
be investigated and disrupted.
    Robocommunications that are criminal or unlawful require an 
appropriate amount of policing to prevent and deter. State enforcement 
can operate with greater agility than Federal enforcement, particularly 
when issuing CID or subpoenas on robocommunications operations, but the 
amount of criminal or unlawful activity it can pursue is proportional 
to the number of real people that have those responsibilities set as 
their weekly priority within their respective offices.
    In simpler terms, there are not enough state and Federal police 
proportional to rising crime occurring via the telephone network and 
digital communication platforms.
Robocall Mitigation Tools
    You spoke of the various types of robocall ``mitigation tools'' 
that providers are deploying, which help consumers block unwanted 
calls.

    Question 1. Do the various tools you described work with all 
technologies and devices?

    Question 2. How do we ensure that these mitigation tools can evolve 
quickly enough to counter scammers' changing tactics?
    Answer. It should be reinforced that not all robocalls are scams. 
YouMail has partnered with certain states to review direct consumer 
complaint data and tie those consumer complaints to the calling 
campaigns or even the exact call made related to that complaint. 
Generally, the majority of robocall complaints received by a State are 
``grey area telemarketing'' rather than true criminal-intent scams. 
Further scoping this to complaints received by a State that are 
criminal in nature identifies hundreds of threat actors operating at 
lower volumes.
    YouMail operates as a bridge between consumers receiving 
communications on their devices, their mobile network operators, the 
communication networks in between the originator and recipient, any 
business or entity that may have been impersonated and finally state 
and Federal enforcement agencies with committed resources to combatting 
these communications.
    YouMail presently works from an evidence capture perspective on 
both Android and iOS devices and can relay this data through to 
enforcement resources that same hour/same day. However, some phone 
carriers do not allow consumers to use a service such as YouMail to 
become the `answering service' for their calls. Engaging a solution 
like YouMail directly on your device as a consumer also potentially 
suffers from a fair amount of friction to `activate' it successfully 
depending on the willingness of the handset maker or the carrier to 
allow third-party solutions.
    There are significant ``boxes of evidence'' that have yet to be 
opened up for agile detection and enforcement. For example, consumers 
can report unwanted SMS to their carrier by sending it to ``7726'' or 
tapping ``Report Junk''. Presently this data resides within each 
carrier to evaluate or improve its own analytics (as a competitive 
enabler) and does not leave that carrier's databases for broader 
consumer protection or benefit. Both Apple and Google have material 
live intelligence of communication threats (particularly via iMessage 
and RCS) and consumers have no convenient method to indicate they are 
willing to also grant independent security applications (i.e., YouMail, 
McAfee, Aura, Gen/Norton, etc) access to this threat data for direct 
consumer benefit.
    Encouragement for the carriers and platforms/operating systems to 
make changes that would allow consumers to share their reports and to 
share threat intelligence improves the collective response time of 
industry to identify threats as they are occurring and implement 
countermeasures that enhance consumer safety and security.
STIR/SHAKEN Call Authentication
    In 2019, Congress passed the TRACED Act to require phone carriers 
to adopt STIR/SHAKEN call authentication standards. These standards 
create a digital signature that identifies the calling party and allows 
phone carriers to verify calls, while weeding out calls from 
illegitimate sources.
    While these standards have helped in the important fight against 
robocalls, they have certain limitations. For example, they will not 
work for all telephone calls. We have seen illegal robocallers change 
tactics, moving away from using fake phone numbers to buying real phone 
numbers that trick spam-blocking software into allowing the calls 
through.

    Question 1. Your testimony notes that STIR/SHAKEN currently has 
insufficient resources to carry out the investigative and enforcement 
efforts needed to stop illegal robocalls. What can Congress, the FCC, 
and providers do to address this resource gap and other limitations?
    Answer. From an industry-wide perspective, effective 
robocommunication mitigation is achieved through joint efforts of all 
parties when live communications evidence captured at the consumers' 
device is available that same day (or as soon as possible thereafter) 
to be used for committed investigative and enforcement resources 
combatting those particular communications. In the cases of vehicle 
warranty spam and scam calls, and student loan spam and scam calls, 
prioritized investigation and elimination of those calls met with 
success in ``short circuiting'' the calls as they reached consumers, 
disrupting those calls at their point of origination and identifying 
the parties behind those calls. Scaling this formula for success with 
additional state, Federal and private resources so the capacity to 
mitigate dozens to hundreds of active campaigns rather than just a few 
is essential to have ``eyes on all the present tactics''.
    Communication networks have evolved into digital streets that some 
consumers travel more often than real, physical streets. Threats and 
crime have followed opportunity to these streets as they are less 
protected, policed and understood. As private enterprises, 
communication providers pursue their self-interests and revenue goals 
and do not bear substantial obligations to protect the general public 
in the same manner as state or Federal agencies. There are state-
specific robocommunications attacks occurring in states without any 
material state resources to police the threat. There are nation-wide 
attacks with an expanding but still resource-constrained FCC to stay 
abreast of every robocommunications campaign every month. Based on 
active participation in joint efforts in 2021-23, total funding by 
states and Federal agencies for robocommunications investigation, 
mitigation and enforcement relies on the work of 15-20 individuals, 
many who balance other non-robocommunications matters in their monthly 
responsibilities. With several thousand robocommunication campaigns 
active each month, the ratio of threat to nationwide individual 
reacting to the threat is between 300:1 and 500:1.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Ben Ray Lujan to 
                            Michael Rudolph
Handset Operating Systems
    Question 1. Fewer and fewer families subscribe to landline 
telephones, and the great majority of consumers receive robocalls and 
robotexts through handsets that use Apple iOS or Google Android. How do 
these handset providers work with STIR/SHAKEN to ensure call recipients 
have the best information about a call? Do Apple and Google participate 
in industry groups dedicated to limiting illegal and unwanted calls and 
texts?
    Answer. As the handset platform/operating system providers, Apple 
and Google can play significant roles in combatting illegal and 
unwanted calls and texts.
    Since there is such an expansive amount of unwanted communications, 
it's possible to meet twenty people who complain about an unwanted or 
illegal call or text and for each of those twenty individuals, stopping 
their particular unwanted communication requires a different approach. 
Depending on the scam and the approach, further success has 
dependencies on both technology but also policy and regulatory change
    As one example, package delivery scams have evolved from using SMS 
messaging to instead use iMessage or RCS messaging:

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    If the recipient of most of these recent messages looks closely, 
while they may have been perceived as an SMS message, it may show an 
indication that the message was an ``iMessage'' or ``RCS chat''. The 
way RCS or iMessage work is they send the messages over the data 
channel of your carrier (Verizon, AT&T, T-Mobile, etc) so those mobile 
carriers cannot do anything to identify nor stop that message from 
reaching your device. From their origination point, they are encrypted 
and travel through your data connection (and not SMS or voice channels) 
and only upon reaching the recipient device, are decrypted. Thus, any 
assumption that a carrier or app-based solution can address these 
unwanted or illegal communications is false as any solution depends on 
Google or Apple providing such visibility or capabilities to touch that 
message.
    With regards to handset providers working with STIR/SHAKEN to 
assist call recipients, the most common indication that there is some 
perceivable benefit to a call recipient is the ``green checkmark'' next 
displayed next to an incoming call on Android devices. Google has 
provided the most access to the ``verification status'' of a call which 
is essentially asking ``was the call signed properly?''). This small 
window of access is possible via a 
``getCallerNumberVerificationStatus'' method made available to 
developers in Android 11 developer APIs \3\ in 2020 but has evolved 
little since. iOS13, released in 2019, or newer devices will show 
similar information, but in the call log after the call has completed 
rather than when the call is actively presented on the device to make 
an answering decision.
---------------------------------------------------------------------------
    \3\ https://developer.android.com/reference/android/telecom/
Call.Details#getCallerNumber
VerificationStatus()
---------------------------------------------------------------------------
    Joint investigation efforts by YouMail, major banks and law 
enforcement has typically found that the ``green check mark'' is often 
utilized by threat actors to make their calls appear more legitimate, 
rather than an indication of trust. Specifically, bank imposter calls 
will obtain real numbers that carry authentic STIR/SHAKEN data through 
to display the ``green check'' on the consumer device.
    Industry has long benefited from innovative companies that can 
assist consumers with problems such as these, but at present neither 
Android nor Apple make it easy for third-parties to augment an incoming 
or historical call with valuable, assistive information. As an example, 
in partnership with several banks, YouMail knows exactly which numbers 
are used by those banks to originate their legal voice calls or SMS 
messages and could use this intelligence to indicate to a consumer that 
an incoming or previous communication with content claiming to be the 
bank from a number outside this known set of numbers is very highly 
likely an impersonation of that bank with a clear consumer warning 
rather than an obtuse ``Scam Likely'' warning.
    At present, neither Apple nor Google play material, active roles in 
these groups or trade associations where network providers, banks or 
enforcement agencies convene on robocall/robotext matters. Given the 
unique data they collect from the handset devices or consumer reports 
using features like the `Report Junk' ability on an Apple device, they 
possess highly valuable intelligence that can be a leading indicator of 
major threats targeting Americans. Carriers, banks, consumers and other 
organizations can benefit from these signals to put countermeasures in 
place as well as educate consumers to threats before and during their 
rise rather than days later. However, this intelligence is also a 
tremendous competitive advantage for companies to use in order to 
compete with one another, so there are factors contributing to minimal, 
if any, intelligence sharing in industry.
    Minimal access to enhance consumer safety is provided by Apple and 
Google devices for third-party innovators, and often what little is 
provided has major hurdles that introduce friction into providing the 
solution for consumers. YouMail is fortunate enough to have over 13 
million registered U.S. users in its decade of directly providing safe 
communication solutions to U.S. consumers, but faces many challenges in 
its end-users getting setup correctly due to consumers needing to jump 
in and out of the app in order to manage settings at the operating 
system level outside of the app itself. It would be transformative if 
Android and Apple made it easier for consumers to leverage innovative 
solutions directly that give them more control over which 
communications they allow to reach them and how they are allowed to do 
so.
                                 ______
                                 
    Response to Written Questions Submitted by Hon. Peter Welch to 
                            Michael Rudolph
    Question 1. FCC Chairwoman Jessica Rosenworcel has expressed 
interest in exploring how generative artificial intelligence might be 
used to stop robocall and robotext scams.

    a. How is generative AI being explored to combat robotext scams, 
and what potential advantages does it offer for identifying and 
blocking fraudulent text messages?

    b. Are there ethical or privacy concerns associated with using 
generative AI to filter or create text messages, and how can these 
concerns be addressed?

    c. As Congress considers potential legislative responses to 
emerging AI technologies, what steps--if any--should it take to protect 
consumers from generative AI scams, while preserving the ability of 
Federal regulators and industry to innovate?
    Answer. Artificial Intelligence (AI), Machine Learning (ML) and 
Natural Language Processing (NLP) have long been used to analyze and 
identify communications, using both behavior of senders/numbers 
(volume, reach, frequency), the communication content carried by those 
senders/numbers, or to analyze individual consumer complaints about 
senders/numbers.
    Advances by ChatGPT, Large Language Models (LLMs), Generative AI 
and Discriminative AI have brought a lot of attention to their 
potential as tools to combat fraudulent communications. YouMail is just 
one of many companies using generative and discriminative AI to analyze 
text message content to separate lawful messaging from illegal 
messaging. The more powerful, modern models require less development 
resources to effectively and accurately perform these tasks that can 
follow threat actor messaging campaigns over time as they impersonate 
multiple institutions. They can evaluate conversations that otherwise 
look like personal communications and observe indications of potential 
social engineering, and alert customers to concerns about that 
communication (if allowed to by the handset manufacturer). AI-assisted 
evidence collection has been and continues to be provided by YouMail 
directly and regularly to many state and Federal enforcement agencies 
for action against specific topical, prioritized threats.
    AI scanning personal communications is a slippery slope when it 
comes to ethical or privacy concerns. As an example, your Internet 
provider could scan every single file you download without your 
knowledge and decide which files arrive on your computer unaltered or 
potentially decide to block those outright. Or, as a consumer you could 
choose which utilities you trust to perform this job for you and 
enable/disable them as you control them outright (i.e., anti-virus 
software such as that by McAfee, Microsoft or Norton). The same 
slippery slope exists for communications--voice calls and messaging 
such as SMS. Consumers have a variety of use cases where some folks may 
be extremely susceptible to social engineering scams and want their 
inbound communications to essentially be limited to trusted, close 
acquaintances. Small businesses, like a plumber or electrician, may 
want every potential call or message coming through to their business 
line since every communication could be an essential lead for their 
business that day or week.
    In essence, utilities and filtering powered by generative or 
discriminate AI are not unlike virtual robotic assistants you could 
choose to employ at your discretion, and you could select the one that 
is most appropriate for your needs. 2020-2030 will see science fiction 
is no longer far from reality where your incoming communications can be 
screened by artificial intelligence where each embodiment of AI behaves 
slightly differently depending on how it has been trained or 
programmed.
    There are certainly concerns in a future if consumers rely on an 
unseen AI presence operating at the handset or within the network (or 
multiple networks in tandem) that is unknown with questions over how 
they have been tuned to filter or block communications that are in a 
`grey area'. Consider political communications that travel systems with 
AI models that consider them as `potentially scam' for one political 
party and `not spam' for the other political party. Any time any 
filtering is performed for a consumer, they should be able to control 
who performs the filtering and ideally consumers would select solutions 
that transparently show them what they were protected from (i.e., in a 
spam folder or quarantine folder) so the audiences of those solutions 
can be held accountable for the standards those consumers expect from 
them. This provides consumers with the choice to select aggressive or 
passive systems to use as their defenses. YouMail provides many 
settings to its end-users to decide how its AI-enabled solutions 
classify and treat incoming calls and messages and ultimately consumers 
can always visit their `Spam folder' to see if these settings need to 
be changed because they want more or less calls like the one they are 
viewing. Similarly, YouMail does believe any solution given such a 
power to act as a barrier or shield to communications should be one 
that consumers have total control of choice and configuration in how it 
works for them.
    As Congress considers legislative responses, it is presently too 
early to provide a definitive recommendation on steps it should take. 
One of the challenges with generative AI is that it has evolved to a 
point that it is extremely difficult to distinguish from a real person 
when authoring text or audio content. While a text message or audio 
file could be examined and a likelihood assigned that it may have been 
created by generative AI, investigative and enforcement efforts need to 
reach higher levels of certainty by collecting hard evidence that 
generative AI was utilized by threat actors (i.e., finding logs of 
sessions with LLMs on the threat actor devices).
    Congress should continue to encourage efforts like the FCC's recent 
Notice of Inquiry \4\ on November 16 2023. Even if this NOI produces 
few response filings by December 18, 2023, Federal agencies charged 
with protecting consumers from unsafe communications benefit from 
increased encouragement to apply resources and take quick action 
against rapidly evolving threats causing harm. Representatives can of 
course direct additional funding to their respective destinations, at 
the state and Federal level, which will not only enable more personnel 
to police and enforce laws against these unlawful communications, but 
also stimulate innovation in solutions used by these personnel to 
achieve this policing and enforcement at better scale.
---------------------------------------------------------------------------
    \4\ https://www.fcc.gov/consumer-governmental-affairs/fcc-launches-
inquiry-ais-impact-robocalls-and-robotexts
---------------------------------------------------------------------------

                                 [all]