Requires providers of voice service to implement the STIR/SHAKEN authentication framework in the internet protocol networks of voice service providers.
STATE OF NEW YORK
________________________________________________________________________
585--A
Cal. No. 36
2021-2022 Regular Sessions
IN ASSEMBLY(Prefiled)
January 6, 2021
___________
Introduced by M. of A. PAULIN, OTIS, FAHY, GRIFFIN, WALLACE, VANEL --
read once and referred to the Committee on Corporations, Authorities
and Commissions -- reported and referred to the Committee on Codes --
reported from committee, advanced to a third reading, amended and
ordered reprinted, retaining its place on the order of third reading
AN ACT to amend the general business law, in relation to requiring
STIR/SHAKEN authentication framework
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. The general business law is amended by adding a new section
2 399-z-1 to read as follows:
3 § 399-z-1. STIR/SHAKEN authentication framework. 1. As used in this
4 section, the following terms shall have the following meanings:
5 (a) "STIR/SHAKEN authentication framework" means the secure telephone
6 identity revisited and signature-based handling of asserted information
7 using tokens standards proposed by the information and communications
8 technology industry.
9 (b) "Voice service" means any service that is interconnected with the
10 public switched telephone network and that furnishes voice communi-
11 cations to an end user using resources from the North American Numbering
12 Plan or any successor to the North American Numbering Plan adopted by
13 the public service commission under section 251(e)(1) of the Communi-
14 cations Act of 1934 (47 U.S.C. 251(e)(1)); and includes:
15 i. transmissions from a telephone facsimile machine, computer, or
16 other device to a telephone facsimile machine; and
17 ii. without limitation, any service that enables real-time, two-way
18 voice communications, including any service that requires internet
19 protocol-compatible customer premises equipment (commonly known as
20 "CPE") and permits out-bound calling, whether or not the service is
21 one-way or two-way voice over internet protocol.
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD01131-02-1
A. 585--A 2
1 2. Not later than twelve months after the effective date of this
2 section, the public service commission shall require a provider of voice
3 service to implement the STIR/SHAKEN authentication framework or alter-
4 native technology that provides comparable or superior capability to
5 verify and authenticate caller identification in the internet protocol
6 networks of voice service providers.
7 3. (a) Any voice service provider that knowingly fails or neglects to
8 comply with this section, or a rule or regulation adopted thereunder,
9 shall forfeit to the people of the state of New York a sum not less than
10 ten thousand dollars and no more than one hundred thousand dollars
11 constituting a civil penalty for each and every offense and, in the case
12 of a continuing violation, each day shall be deemed a separate and
13 distinct offense.
14 (b) Notwithstanding any other provision of law, rule, or regulation, a
15 voice service provider shall be considered to be in compliance with this
16 section and any rule or regulation adopted thereunder if that provider
17 has filed a certification with the Federal Communications Commission
18 that the provider's traffic is either signed with STIR/SHAKEN or subject
19 to a compliant robocall mitigation program. A copy of such certification
20 shall be made available to the attorney general or the public service
21 commission, upon request.
22 4. Whenever there shall be a violation of this section, an application
23 may be made by either (a) the attorney general in the name of the
24 people of the state of New York, or (b) in the case of a voice service
25 provider subject to the jurisdiction of the public service commission,
26 to a court or justice having jurisdiction, to issue an injunction, and
27 upon notice to the defendant of not less than five days, to enjoin and
28 restrain the continuance of such violations, and for the enforcement of
29 the penalties provided in this section.
30 5. When the department of public service has reason to believe a
31 person or voice service provider has violated any provision of this
32 section, the department may request in writing the production of rele-
33 vant documents and records. If the person upon whom such request was
34 made fails to produce the documents or records within fourteen days
35 after the date of the request, the department may issue and serve
36 subpoenas to compel the production of such documents and records. If any
37 person shall refuse to comply with a subpoena issued under this section,
38 the department may petition a court of competent jurisdiction to enforce
39 the subpoena and, notwithstanding any other provision of law, to request
40 a civil penalty not to exceed one thousand dollars per day, actual
41 damages sustained by reason of the failure to comply, and such sanctions
42 as the court may direct.
43 6. The public service commission and the department of public service
44 may promulgate rules and regulations to implement and enforce the
45 provisions of this section.
46 § 2. This act shall take effect immediately.