Targeting and Eliminating Unlawful Text Messages
CG Docket No. 21-402
In an age where communication technology is advancing rapidly, the Federal Communications Commission (FCC) has been actively working to protect consumers from unwanted and potentially harmful text messages, including robo-texts. Below we will explain the implications and requirements of FCC's Rule and Order 23-21 concerning robo-texts, focusing on common attack vectors, and the methods used to mitigate risk and ensure operator compliance.
Understanding Rule and Order 23-21
The FCC's Rule and Order 23-21was accepted and released on September 27, 2023, to address the rising issue of unsolicited text messages that inundate our mobile devices. These robo-texts are not only annoying but can also be used for malicious purposes, such as scams, phishing attacks, or spreading malware.
Illegal robo-text messages are now causing problems similar to illegal robocalls, including privacy invasion and fraud. The FCC has observed an increase in such texts, with reports from the Consumer Advisory Committee (CAC) highlighting various fraudulent tactics. CTIA (Cellular Telecommunications Industry Association) has also noted a significant rise in the number of spam texts blocked by wireless providers, growing from 1.4 billion in 2015 to 14 billion in 2020. While the App Association has reported a surge in automated text messages, increasing from 1 billion in July 2021 to 12 billion in June 2022.
Under Rule and Order 23-21, the FCC outlines guidelines and regulations that all MNOs (mobile network operators) and service providers must follow to combat this growing problem. Failure to comply may result in hefty fines and legal consequences, making it essential for all stakeholders to take these rules seriously.
Common Attack Vectors
Robo-texts can be sent using a variety of methods, making them a formidable challenge to combat. Some common attack vectors include:
Spoofing
Attackers often impersonate legitimate entities, making it difficult for consumers to distinguish between a legitimate message and a fraudulent one.
Phishing
Robo-texts are frequently used to trick recipients into divulging personal information or clicking on malicious links, leading to identity theft or malware infections.
Spam Campaigns
Mass distribution of unwanted messages can overwhelm consumers and disrupt their daily lives.
Malware Distribution
Attackers may use robo-texts to deliver malware to unsuspecting users, compromising their devices and data.
FCC Sought Comment on 3 Proposed Rulemakings
FCC Adopted 2 of the 3 Proposed Rulemakings
Mandatory blocking of texts claiming to be from invalid, unallocated, or unused numbers or on the DNO list.What’s Next: Further Notice of Proposed Rulemaking
Seeking further comment on authentication.In Summary: How can Interop Technologies help?
The FCC's Rule and Order 23-21 represent a significant step forward in protecting consumers from the onslaught of robo-texts. While these rules are relatively manageable, there is a possibility of more demanding regulations in the future. Implementing new features also depends greatly on the type of platform.
“In general, we do not believe that a DNO list is necessary for Interop Technologies’ hosted customers, while our turnkey customers will need to be evaluated on a case-by-case basis," said Steve Zitnik, EVP and CTO for Interop Technologies. “For MNO customers utilizing Interop Technologies messaging platform who need DNO functionality, it will be offered as an add-on option.”
The battle against these intrusive and potentially harmful messages is an ongoing one. Operators, service providers, and consumers must work together to stay ahead of evolving attack vectors, implement robust mitigation strategies, and ensure compliance with FCC regulations. By doing so, we can foster a safer and more secure mobile communication ecosystem for everyone.
Zitnik discussed this topic at the CCA (Competitive Carriers Association) Annual Convention in Atlanta on October 19, 2023. If you would like to view a recording of the keynote presentation, click here.