[Congressional Record Volume 165, Number 9 (Wednesday, January 16, 2019)]
[Senate]
[Pages S276-S277]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. THUNE (for himself and Mr. Markey):
  S. 151. A bill to deter criminal robocall violations and improve 
enforcement of section 227(b) of the Communications Act of 1934, and 
for other purposes; to the Committee on Commerce, Science, and 
Transportation.
  Mr. THUNE. Mr. President, I ask unanimous consent that the text of 
the bill be printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                 S. 151

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Telephone Robocall Abuse 
     Criminal Enforcement and Deterrence Act'' or the ``TRACED 
     Act''.

     SEC. 2. FORFEITURE.

       (a) In General.--Section 227 of the Communications Act of 
     1934 (47 U.S.C. 227) is amended--
       (1) in subsection (b), by adding at the end the following:
       ``(4) Civil forfeiture.--
       ``(A) In general.--Any person that is determined by the 
     Commission, in accordance with paragraph (3) or (4) of 
     section 503(b), to have violated any provision of this 
     subsection shall be liable to the United States for a 
     forfeiture penalty pursuant to section 503(b)(1). The amount 
     of the forfeiture penalty determined under this subparagraph 
     shall be determined in accordance with subparagraphs (A) 
     through (F) of section 503(b)(2).
       ``(B) Violation with intent.--Any person that is determined 
     by the Commission, in accordance with paragraph (3) or (4) of 
     section 503(b), to have violated this subsection with the 
     intent to cause such violation shall be liable to the United 
     States for a forfeiture penalty. The amount of the forfeiture 
     penalty determined under this subparagraph shall be equal to 
     an amount determined in accordance with subparagraphs (A) 
     through (F) of section 503(b)(2) plus an additional penalty 
     not to exceed $10,000.
       ``(C) Recovery.--Any forfeiture penalty determined under 
     subparagraph (A) or (B) shall be recoverable under section 
     504(a).
       ``(D) Procedure.--No forfeiture liability shall be 
     determined under subparagraph (A) or (B) against any person 
     unless such person receives the notice required by paragraph 
     (3) or (4) of section 503(b).
       ``(E) Statute of limitations.--No forfeiture penalty shall 
     be determined or imposed against any person--
       ``(i) under subparagraph (A) if the violation charged 
     occurred more than 1 year prior to the date of issuance of 
     the required notice or notice of apparent liability; and
       ``(ii) under subparagraph (B) if the violation charged 
     occurred more than 3 years prior to the date of issuance of 
     the required notice or notice of apparent liability.
       ``(F) Rule of construction.--Notwithstanding any law to the 
     contrary, the Commission may not determine or impose a 
     forfeiture penalty on a person under both subparagraphs (A) 
     and (B) based on the same conduct.''; and
       (2) by striking subsection (h).
       (b) Applicability.--The amendments made by this section 
     shall not affect any action or proceeding commenced before 
     and pending on the date of enactment of this Act.
       (c) Deadline for Regulations.--The Federal Communications 
     Commission shall prescribe regulations to implement the 
     amendments made by this section not later than 270 days after 
     the date of enactment of this Act.

     SEC. 3. CALL AUTHENTICATION.

       (a) Definitions.--In this section:
       (1) Stir/shaken authentication framework.--The term ``STIR/
     SHAKEN authentication framework'' means the secure telephone 
     identity revisited and signature-based handling of asserted 
     information using tokens standards proposed by the 
     information and communications technology industry to attach 
     a certificate of authenticity to each phone to verify the 
     source of each call.
       (2) Voice service.--The term ``voice service''--
       (A) means any service that is interconnected with the 
     public switched telephone network and that furnishes voice 
     communications to an end user using resources from the North 
     American Numbering Plan or any successor to the North 
     American Numbering Plan adopted by the Commission under 
     section 251(e)(1) of the Communications Act of 1934 (47 
     U.S.C. 251(e)(1)); and
       (B) includes--
       (i) transmissions from a telephone facsimile machine, 
     computer, or other device to a telephone facsimile machine; 
     and
       (ii) without limitation, any service that enables real-
     time, two-way voice communications, including any service 
     that requires internet protocol-compatible customer premises 
     equipment (commonly known as ``CPE'') and permits out-bound 
     calling, whether or not the service is one-way or two-way 
     voice over internet protocol.
       (b) Authentication Framework.--
       (1) In general.--Subject to paragraphs (2) and (3), not 
     later than 18 months after the date of enactment of this Act, 
     the Federal Communications Commission shall require a 
     provider of voice service to implement the STIR/SHAKEN 
     authentication framework in the internet protocol networks of 
     voice service providers.
       (2) Implementation.--The Federal Communications Commission 
     shall not take the action described in paragraph (1) if the 
     Commission determines that a provider of voice service, not 
     later than 12 months after the date of enactment of this 
     Act--
       (A) has adopted the STIR/SHAKEN authentication framework 
     for calls on the internet protocol networks of voice service 
     providers;
       (B) has agreed voluntarily to participate with other 
     providers of voice service in the STIR/SHAKEN authentication 
     framework;
       (C) has begun to implement the STIR/SHAKEN authentication 
     framework; and
       (D) will be capable of fully implementing the STIR/SHAKEN 
     authentication framework not later than 18 months after the 
     date of enactment of this Act.
       (3) Implementation report.--Not later than 12 months after 
     the date of enactment of this Act, the Federal Communications 
     Commission shall submit to the Committee on Commerce, 
     Science, and Transportation of the Senate and the Committee 
     on Energy and Commerce of the House of Representatives a 
     report on the determination required under paragraph (2), 
     which shall include--
       (A) an analysis of the extent to which providers of a voice 
     service have implemented the STIR/SHAKEN authentication 
     framework; and
       (B) an assessment of the efficacy of the STIR/SHAKEN 
     authentication framework, as being implemented under this 
     section, in addressing all aspects of call authentication.
       (4) Review and revision or replacement.--Not later than 3 
     years after the date of enactment of this Act, and every 3 
     years thereafter, the Federal Communications Commission, 
     after public notice and an opportunity for comment, shall--
       (A) assess the efficacy of the call authentication 
     framework implemented under this section;
       (B) based on the assessment under subparagraph (A), revise 
     or replace the call authentication framework under this 
     section if the Commission determines it is in the public 
     interest to do so; and
       (C) submit to the Committee on Commerce, Science, and 
     Transportation of the Senate and the Committee on Energy and 
     Commerce of the House of Representatives a report on the 
     findings of the assessment under subparagraph (A) and on any 
     actions to revise or replace the call authentication 
     framework under subparagraph (B).
       (5) Extension of implementation deadline.--The Federal 
     Communications Commission may extend any deadline for the 
     implementation of a call authentication framework required 
     under this section by 12 months or such further amount of 
     time as the Commission determines necessary if the Commission 
     determines that purchasing or upgrading equipment to support 
     call authentication would constitute a substantial hardship 
     for a provider or category of providers.
       (c) Safe Harbor and Other Regulations.--
       (1) In general.--The Federal Communications Commission 
     shall promulgate rules--
       (A) establishing when a provider of voice service may block 
     a voice call based, in whole or in part, on information 
     provided by the call authentication framework under 
     subsection (b);
       (B) establishing a safe harbor for a provider of voice 
     service from liability for unintended or inadvertent blocking 
     of calls or for the unintended or inadvertent 
     misidentification of the level of trust for individual calls 
     based, in whole or in part, on information provided by the 
     call authentication framework under subsection (b); and
       (C) establishing a process to permit a calling party 
     adversely affected by the information provided by the call 
     authentication framework under subsection (b) to verify the 
     authenticity of the calling party's calls.
       (2) Considerations.--In establishing the safe harbor under 
     paragraph (1), the Federal Communications Commission shall 
     consider limiting the liability of a provider based on the 
     extent to which the provider--
       (A) blocks or identifies calls based, in whole or in part, 
     on the information provided by the call authentication 
     framework under subsection (b);
       (B) implemented procedures based, in whole or in part, on 
     the information provided by the call authentication framework 
     under subsection (b); and
       (C) used reasonable care.
       (d) Rule of Construction.--Nothing in this section shall 
     preclude the Federal Communications Commission from 
     initiating a rulemaking pursuant to its existing statutory 
     authority.

[[Page S277]]

  


     SEC. 4. PROTECTIONS FROM SPOOFED CALLS.

       (a) In General.--Not later than 1 year after the date of 
     enactment of this Act, and consistent with the call 
     authentication framework under section 3, the Federal 
     Communications Commission shall initiate a rulemaking to help 
     protect a subscriber from receiving unwanted calls or text 
     messages from a caller using an unauthenticated number.
       (b) Considerations.--In promulgating rules under subsection 
     (a), the Federal Communications Commission shall consider--
       (1) the Government Accountability Office report on 
     combating the fraudulent provision of misleading or 
     inaccurate caller identification required by section 503(c) 
     of division P of the Consolidated Appropriations Act 2018 
     (Public Law 115-141);
       (2) the best means of ensuring that a subscriber or 
     provider has the ability to block calls from a caller using 
     an unauthenticated North American Numbering Plan number;
       (3) the impact on the privacy of a subscriber from 
     unauthenticated calls;
       (4) the effectiveness in verifying the accuracy of caller 
     identification information; and
       (5) the availability and cost of providing protection from 
     the unwanted calls or text messages described in subsection 
     (a).

     SEC. 5. INTERAGENCY WORKING GROUP.

       (a) In General.--The Attorney General, in consultation with 
     the Chairman of the Federal Communications Commission, shall 
     convene an interagency working group to study Government 
     prosecution of violations of section 227(b) of the 
     Communications Act of 1934 (47 U.S.C. 227(b)).
       (b) Duties.--In carrying out the study under subsection 
     (a), the interagency working group shall--
       (1) determine whether, and if so how, any Federal laws, 
     including regulations, policies, and practices, or budgetary 
     or jurisdictional constraints inhibit the prosecution of such 
     violations;
       (2) identify existing and potential Federal policies and 
     programs that encourage and improve coordination among 
     Federal departments and agencies and States, and between 
     States, in the prevention and prosecution of such violations;
       (3) identify existing and potential international policies 
     and programs that encourage and improve coordination between 
     countries in the prevention and prosecution of such 
     violations; and
       (4) consider--
       (A) the benefit and potential sources of additional 
     resources for the Federal prevention and prosecution of 
     criminal violations of that section;
       (B) whether to establish memoranda of understanding 
     regarding the prevention and prosecution of such violations 
     between--
       (i) the States;
       (ii) the States and the Federal Government; and
       (iii) the Federal Government and a foreign government;
       (C) whether to establish a process to allow States to 
     request Federal subpoenas from the Federal Communications 
     Commission;
       (D) whether extending civil enforcement authority to the 
     States would assist in the successful prevention and 
     prosecution of such violations;
       (E) whether increased forfeiture and imprisonment penalties 
     are appropriate, such as extending imprisonment for such a 
     violation to a term longer than 2 years;
       (F) whether regulation of any entity that enters into a 
     business arrangement with a common carrier regulated under 
     title II of the Communications Act of 1934 (47 U.S.C. 201 et 
     seq.) for the specific purpose of carrying, routing, or 
     transmitting a call that constitutes such a violation would 
     assist in the successful prevention and prosecution of such 
     violations; and
       (G) the extent to which, if any, Department of Justice 
     policies to pursue the prosecution of violations causing 
     economic harm, physical danger, or erosion of an inhabitant's 
     peace of mind and sense of security inhibits the prevention 
     or prosecution of such violations.
       (c) Members.--The interagency working group shall be 
     composed of such representatives of Federal departments and 
     agencies as the Attorney General considers appropriate, such 
     as--
       (1) the Department of Commerce;
       (2) the Department of State;
       (3) the Department of Homeland Security;
       (4) the Federal Communications Commission;
       (5) the Federal Trade Commission; and
       (6) the Bureau of Consumer Financial Protection.
       (d) Non-Federal Stakeholders.--In carrying out the study 
     under subsection (a), the interagency working group shall 
     consult with such non-Federal stakeholders as the Attorney 
     General determines have the relevant expertise, including the 
     National Association of Attorneys General.
       (e) Report to Congress.--Not later than 270 days after the 
     date of enactment of this Act, the interagency working group 
     shall submit to the Committee on Commerce, Science, and 
     Transportation of the Senate and the Committee on Energy and 
     Commerce of the House of Representatives a report on the 
     findings of the study under subsection (a), including--
       (1) any recommendations regarding the prevention and 
     prosecution of such violations; and
       (2) a description of what progress, if any, relevant 
     Federal departments and agencies have made in implementing 
     the recommendations under paragraph (1).

     SEC. 6. ACCESS TO NUMBER RESOURCES.

       (a) In General.--
       (1) Examination of fcc policies.--Not later than 180 days 
     after the date of enactment of this Act, the Federal 
     Communications Commission shall commence a proceeding to 
     determine whether Federal Communications Commission policies 
     regarding access to number resources, including number 
     resources for toll free and non-toll free telephone numbers, 
     could be modified, including by establishing registration and 
     compliance obligations, to help reduce access to numbers by 
     potential perpetrators of violations of section 227(b) of the 
     Communications Act of 1934 (47 U.S.C. 227(b)).
       (2) Regulations.--If the Federal Communications Commission 
     determines under paragraph (1) that modifying the policies 
     described in that paragraph could help achieve the goal 
     described in that paragraph, the Commission shall prescribe 
     regulations to implement those policy modifications.
       (b) Authority.--Any person who knowingly, through an 
     employee, agent, officer, or otherwise, directly or 
     indirectly, by or through any means or device whatsoever, is 
     a party to obtaining number resources, including number 
     resources for toll free and non-toll free telephone numbers, 
     from a common carrier regulated under title II of the 
     Communications Act of 1934 (47 U.S.C. 201 et seq.), in 
     violation of a regulation prescribed under subsection (a) of 
     this section, shall, notwithstanding section 503(b)(5) of the 
     Communications Act of 1934 (47 U.S.C. 503(b)(5)), be subject 
     to a forfeiture penalty under section 503 of that Act. A 
     forfeiture penalty under this subsection shall be in addition 
     to any other penalty provided for by law.
                                 ______