On October 2, 2019, California Governor Gavin Newsom signed the Consumer Call Protection Act of 2019 to address the rise in deceptive robocalls and protect California consumers from fraudulent calls.
The law requires telecommunications service providers to implement Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN) protocols by January 1, 2021. These protocols are designed to attest to the authenticity of caller identification data and provide service providers with information to help ensure that calls are not spoofed. Carriers may also implement an “alternative technology” as long as it “provides comparable or superior capability to verify and authenticate caller identification for calls carried over an internet protocol network.” Demonstrating a “good faith” effort to implement STIR/SHAKEN will serve as a defense against a claim that a service provider failed to meet the STIR/SHAKEN deadline. The law does not require carriers to block calls.
The California law sets a deadline for carriers to implement STIR/SHAKEN and is the latest in a series of ongoing efforts to promote STIR/SHAKEN or similar call authentication frameworks:
- This year, both the U.S. Senate and House of Representatives passed anti-robocall legislation with call authentication provisions (the Senate TRACED Act and the House Stopping Bad Robocalls Act).
- Reducing robocalls is also a priority for the Federal Communications Commission (FCC). In June 2019, the FCC released a controversial Declaratory Ruling and Third Further Notice of Proposed Rulemaking regarding call blocking and call authentication.
In addition to the STIR/SHAKEN requirements, the Consumer Call Protection Act authorizes the California Attorney General (CA AG) and the California Public Utilities Commission (CPUC) to “take all appropriate actions to enforce” the federal Telephone Consumer Protection Act (TCPA) and FCC regulations promulgated under the TCPA.