M3AAWG Comments on Proposed Federal Communications Commission (FCC) Rules to Reduce Illegal Text Messages
Authored by the M3AAWG Mobile Tech and Public Policy Committee Chairpersons
The Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) mission includes addressing abuse of text messaging. As part of that effort, M3AAWG has filed comments on the FCC's notice of proposed rulemaking (NPRM) intended to reduce illegal text messages.
M3AAWG’s comments are viewable with the original FCC NPRM and other comments on the FCC's public access site at They also can be found here, https://www.fcc.gov/ecfs/search/search-filings/filing/11081168704757 and on the M3AAWG site, https://www.m3aawg.org/for-the-industry/published-comments.
In summary, the FCC has proposed mandating authentication/attestation technologies, such as Secure Telephony Identity Revisited and SHAKEN (Secure Handling of Asserted information using toKENs) (STIR/SHAKEN) or similar crypto-based technology that can authenticate/attest to a text message's originating service provider and to some extent the originating phone number. More info on the protocol can be found here, https://www.fcc.gov/call-authentication.
Similar technology was mandated in voice, where spoofed calls have accounted for somewhere around 50% of the unwanted and illegal robocalls. The FCC, in an effort to reduce illegal texts, has proposed to mandate similar technology in U.S. text messaging.
M3AAWG comments to the FCC’s proposed rules state that while spoofing is common in U.S. voice communications, originating number spoofing is extremely rare in U.S. text messaging, and the originating service provider is also almost always well known.
This is due to voluntary industry agreements and operational checks currently in place in the U.S. These voluntary agreements and checks are effective - they ban and block the delivery of messages from not only spoofed, but also invalid, unassigned and unallocated phone numbers. The NPRM's proposals seem incongruent with the fact that industry has already solved the spoofing 'problem' using technologies that go beyond the effect of what the FCC proposes; some regulators may not have been made sufficiently aware of these facts.
M3AAWG’s comments also explain how the industry's current anti-spoofing safeguards work, state that they are effective, and recommend that the FCC not mandate a 'solution' to a problem that is essentially non-existent in the U.S.
More best common practices from M3AAWG on messaging and related issues can be found here: https://www.m3aawg.org/published-documents. Comments on public policy can be found here: https://www.m3aawg.org/for-the-industry/published-comments.