This Act may be cited as the “Telephone Robocall Abuse Criminal Enforcement and Deterrence Act” or the “TRACED Act”.

(a) In general.—Section 227 of the Communications Act of 1934 (47 U.S.C. 227) is amended—

(1) in subsection (b), by adding at the end the following:

“(4) CIVIL FORFEITURE.—

“(A) IN GENERAL.—Any person that is determined by the Commission, in accordance with paragraph (3) or (4) of section 503(b), to have violated any provision of this subsection shall be liable to the United States for a forfeiture penalty pursuant to section 503(b)(1). The amount of the forfeiture penalty determined under this subparagraph shall be determined in accordance with subparagraphs (A) through (F) of section 503(b)(2).

“(B) VIOLATION WITH INTENT.—Any person that is determined by the Commission, in accordance with paragraph (3) or (4) of section 503(b), to have violated this subsection with the intent to cause such violation shall be liable to the United States for a forfeiture penalty. The amount of the forfeiture penalty determined under this subparagraph shall be equal to an amount determined in accordance with subparagraphs (A) through (F) of section 503(b)(2) plus an additional penalty not to exceed $10,000.

“(C) RECOVERY.—Any forfeiture penalty determined under subparagraph (A) or (B) shall be recoverable under section 504(a).

“(D) PROCEDURE.—No forfeiture liability shall be determined under subparagraph (A) or (B) against any person unless such person receives the notice required by paragraph (3) or (4) of section 503(b).

“(E) STATUTE OF LIMITATIONS.—No forfeiture penalty shall be determined or imposed against any person—

“(i) under subparagraph (A) if the violation charged occurred more than 1 year prior to the date of issuance of the required notice or notice of apparent liability; and

“(ii) under subparagraph (B) if the violation charged occurred more than 3 years prior to the date of issuance of the required notice or notice of apparent liability.

“(F) RULE OF CONSTRUCTION.—Notwithstanding any law to the contrary, the Commission may not determine or impose a forfeiture penalty on a person under both subparagraphs (A) and (B) based on the same conduct.”; and

(2) by striking subsection (h) and inserting the following:

“(h) TCPA enforcement report.—The Commission shall submit an annual report to Congress regarding the enforcement during the preceding year of laws, regulations, and policies relating to robocalls and spoofed calls, which report shall include—

“(1) the number of complaints received by the Commission during the year alleging that a consumer received a robocall or spoofed call;

“(2) the number of citations issued by the Commission pursuant to section 503 during the year to enforce any law, regulation, or policy relating to a robocall or spoofed call;

“(3) the number of notices of apparent liability issued by the Commission pursuant to section 503 during the year to enforce any law, regulation, or policy relating to a robocall or spoofed call; and

“(4) for each notice referred to in paragraph (3)—

“(A) the amount of the proposed forfeiture penalty involved;

“(B) the person to whom the notice was issued; and

“(C) the status of the proceeding.”.

(b) Applicability.—The amendments made by this section shall not affect any action or proceeding commenced before and pending on the date of enactment of this Act.

(c) Deadline for regulations.—The Federal Communications Commission shall prescribe regulations to implement the amendments made by this section not later than 270 days after the date of enactment of this Act.

(a) Definitions.—In this section:

(1) STIR/SHAKEN AUTHENTICATION FRAMEWORK.—The term “STIR/SHAKEN authentication framework” means the secure telephone identity revisited and signature-based handling of asserted information using tokens standards proposed by the information and communications technology industry.

(2) VOICE SERVICE.—The term “voice service”—

(A) means any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user using resources from the North American Numbering Plan or any successor to the North American Numbering Plan adopted by the Commission under section 251(e)(1) of the Communications Act of 1934 (47 U.S.C. 251(e)(1)); and

(B) includes—

(i) transmissions from a telephone facsimile machine, computer, or other device to a telephone facsimile machine; and

(ii) without limitation, any service that enables real-time, two-way voice communications, including any service that requires internet protocol-compatible customer premises equipment (commonly known as “CPE”) and permits out-bound calling, whether or not the service is one-way or two-way voice over internet protocol.

(b) Authentication framework.—

(1) IN GENERAL.—Subject to paragraphs (2) and (3), not later than 18 months after the date of enactment of this Act, the Federal Communications Commission shall require a provider of voice service to implement the STIR/SHAKEN authentication framework in the internet protocol networks of the voice service provider.

(2) IMPLEMENTATION.—The Federal Communications Commission shall not take the action described in paragraph (1) if the Commission determines that a provider of voice service, not later than 12 months after the date of enactment of this Act—

(A) has adopted the STIR/SHAKEN authentication framework for calls on the internet protocol networks of the voice service provider;

(B) has agreed voluntarily to participate with other providers of voice service in the STIR/SHAKEN authentication framework;

(C) has begun to implement the STIR/SHAKEN authentication framework; and

(D) will be capable of fully implementing the STIR/SHAKEN authentication framework not later than 18 months after the date of enactment of this Act.

(3) IMPLEMENTATION REPORT.—Not later than 12 months after the date of enactment of this Act, the Federal Communications Commission shall submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Energy and Commerce of the House of Representatives a report on the determination required under paragraph (2), which shall include—

(A) an analysis of the extent to which providers of a voice service have implemented the STIR/SHAKEN authentication framework, including whether the availability of necessary equipment and equipment upgrades has impacted such implementation; and

(B) an assessment of the efficacy of the STIR/SHAKEN authentication framework, as being implemented under this section, in addressing all aspects of call authentication.

(4) REVIEW AND REVISION OR REPLACEMENT.—Not later than 3 years after the date of enactment of this Act, and every 3 years thereafter, the Federal Communications Commission, after public notice and an opportunity for comment, shall—

(A) assess the efficacy of the call authentication framework implemented under this section;

(B) based on the assessment under subparagraph (A), revise or replace the call authentication framework under this section if the Commission determines it is in the public interest to do so; and

(C) submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Energy and Commerce of the House of Representatives a report on the findings of the assessment under subparagraph (A) and on any actions to revise or replace the call authentication framework under subparagraph (B).

(5) EXTENSION OF IMPLEMENTATION DEADLINE.—The Federal Communications Commission may extend any deadline for the implementation of a call authentication framework required under this section by 12 months or such further amount of time as the Commission determines necessary if the Commission determines that purchasing or upgrading equipment to support call authentication, or lack of availability of such equipment, would constitute a substantial hardship in meeting such deadline for a provider or category of providers of voice service.

(c) Safe harbor and other regulations.—

(1) IN GENERAL.—The Federal Communications Commission shall promulgate rules—

(A) establishing when a provider of voice service may block a voice call based, in whole or in part, on information provided by the call authentication framework under subsection (b);

(B) establishing a safe harbor for a provider of voice service from liability for unintended or inadvertent blocking of calls or for the unintended or inadvertent misidentification of the level of trust for individual calls based, in whole or in part, on information provided by the call authentication framework under subsection (b); and

(C) establishing a process to permit a calling party adversely affected by the information provided by the call authentication framework under subsection (b) to verify the authenticity of the calling party's calls.

(2) CONSIDERATIONS.—In establishing the safe harbor under paragraph (1), the Federal Communications Commission shall consider limiting the liability of a provider of voice service based on the extent to which the provider of voice service—

(A) blocks or identifies calls based, in whole or in part, on the information provided by the call authentication framework under subsection (b);

(B) implemented procedures based, in whole or in part, on the information provided by the call authentication framework under subsection (b); and

(C) used reasonable care.

(d) Rule of construction.—Nothing in this section shall preclude the Federal Communications Commission from initiating a rulemaking pursuant to its existing statutory authority.

(a) In general.—Not later than 1 year after the date of enactment of this Act, and consistent with the call authentication framework under section 3, the Federal Communications Commission shall initiate a rulemaking to help protect a subscriber from receiving unwanted calls or text messages from a caller using an unauthenticated number.

(b) Considerations.—In promulgating rules under subsection (a), the Federal Communications Commission shall consider—

(1) the Government Accountability Office report on combating the fraudulent provision of misleading or inaccurate caller identification required by section 503(c) of division P of the Consolidated Appropriations Act 2018 (Public Law 115–141);

(2) the best means of ensuring that a subscriber or provider has the ability to block calls from a caller using an unauthenticated North American Numbering Plan number;

(3) the impact on the privacy of a subscriber from unauthenticated calls;

(4) the effectiveness in verifying the accuracy of caller identification information; and

(5) the availability and cost of providing protection from the unwanted calls or text messages described in subsection (a).

(a) In general.—The Attorney General, in consultation with the Chairman of the Federal Communications Commission, shall convene an interagency working group to study Government prosecution of violations of section 227(b) of the Communications Act of 1934 (47 U.S.C. 227(b)).

(b) Duties.—In carrying out the study under subsection (a), the interagency working group shall—

(1) determine whether, and if so how, any Federal laws, including regulations, policies, and practices, or budgetary or jurisdictional constraints inhibit the prosecution of such violations;

(2) identify existing and potential Federal policies and programs that encourage and improve coordination among Federal departments and agencies and States, and between States, in the prevention and prosecution of such violations;

(3) identify existing and potential international policies and programs that encourage and improve coordination between countries in the prevention and prosecution of such violations; and

(4) consider—

(A) the benefit and potential sources of additional resources for the Federal prevention and prosecution of criminal violations of that section;

(B) whether to establish memoranda of understanding regarding the prevention and prosecution of such violations between—

(i) the States;

(ii) the States and the Federal Government; and

(iii) the Federal Government and a foreign government;

(C) whether to establish a process to allow States to request Federal subpoenas from the Federal Communications Commission;

(D) whether extending civil enforcement authority to the States would assist in the successful prevention and prosecution of such violations;

(E) whether increased forfeiture and imprisonment penalties are appropriate, such as extending imprisonment for such a violation to a term longer than 2 years;

(F) whether regulation of any entity that enters into a business arrangement with a common carrier regulated under title II of the Communications Act of 1934 (47 U.S.C. 201 et seq.) for the specific purpose of carrying, routing, or transmitting a call that constitutes such a violation would assist in the successful prevention and prosecution of such violations; and

(G) the extent to which, if any, Department of Justice policies to pursue the prosecution of violations causing economic harm, physical danger, or erosion of an inhabitant's peace of mind and sense of security inhibits the prevention or prosecution of such violations.

(c) Members.—The interagency working group shall be composed of such representatives of Federal departments and agencies as the Attorney General considers appropriate, such as—

(1) the Department of Commerce;

(2) the Department of State;

(3) the Department of Homeland Security;

(4) the Federal Communications Commission;

(5) the Federal Trade Commission; and

(6) the Bureau of Consumer Financial Protection.

(d) Non-Federal stakeholders.—In carrying out the study under subsection (a), the interagency working group shall consult with such non-Federal stakeholders as the Attorney General determines have the relevant expertise, including the National Association of Attorneys General.

(e) Report to Congress.—Not later than 270 days after the date of enactment of this Act, the interagency working group shall submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Energy and Commerce of the House of Representatives a report on the findings of the study under subsection (a), including—

(1) any recommendations regarding the prevention and prosecution of such violations; and

(2) a description of what progress, if any, relevant Federal departments and agencies have made in implementing the recommendations under paragraph (1).

(a) In general.—

(1) EXAMINATION OF FCC POLICIES.—Not later than 180 days after the date of enactment of this Act, the Federal Communications Commission shall commence a proceeding to determine whether Federal Communications Commission policies regarding access to number resources, including number resources for toll free and non-toll free telephone numbers, could be modified, including by establishing registration and compliance obligations, to help reduce access to numbers by potential perpetrators of violations of section 227(b) of the Communications Act of 1934 (47 U.S.C. 227(b)).

(2) REGULATIONS.—If the Federal Communications Commission determines under paragraph (1) that modifying the policies described in that paragraph could help achieve the goal described in that paragraph, the Commission shall prescribe regulations to implement those policy modifications.

(b) Authority.—Any person who knowingly, through an employee, agent, officer, or otherwise, directly or indirectly, by or through any means or device whatsoever, is a party to obtaining number resources, including number resources for toll free and non-toll free telephone numbers, from a common carrier regulated under title II of the Communications Act of 1934 (47 U.S.C. 201 et seq.), in violation of a regulation prescribed under subsection (a) of this section, shall, notwithstanding section 503(b)(5) of the Communications Act of 1934 (47 U.S.C. 503(b)(5)), be subject to a forfeiture penalty under section 503 of that Act. A forfeiture penalty under this subsection shall be in addition to any other penalty provided for by law.