Legislation
SECTION 399-Z-1*2
STIR/SHAKEN authentication framework
General Business (GBS) CHAPTER 20, ARTICLE 26
* § 399-z-1. STIR/SHAKEN authentication framework. 1. As used in this
section, the following terms shall have the following meanings:
(a) "STIR/SHAKEN authentication framework" means the secure telephone
identity revisited and signature-based handling of asserted information
using tokens standards proposed by the information and communications
technology industry.
(b) "Voice service" means any service that is interconnected with the
public switched telephone network and that furnishes voice
communications to an end user using resources from the North American
Numbering Plan or any successor to the North American Numbering Plan
adopted by the public service commission under section 251(e)(1) of the
Communications Act of 1934 (47 U.S.C. 251(e)(1)); and includes:
i. transmissions from a telephone facsimile machine, computer, or
other device to a telephone facsimile machine; and
ii. without limitation, any service that enables real-time, two-way
voice communications, including any service that requires internet
protocol-compatible customer premises equipment (commonly known as
"CPE") and permits out-bound calling, whether or not the service is
one-way or two-way voice over internet protocol.
2. Not later than twelve months after the effective date of this
section, the public service commission shall require a provider of voice
service to implement the STIR/SHAKEN authentication framework or
alternative technology that provides comparable or superior capability
to verify and authenticate caller identification in the internet
protocol networks of voice service providers.
3. (a) Any voice service provider that knowingly fails or neglects to
comply with this section, or a rule or regulation adopted thereunder,
shall forfeit to the people of the state of New York a sum not less than
ten thousand dollars and no more than one hundred thousand dollars
constituting a civil penalty for each and every offense and, in the case
of a continuing violation, each day shall be deemed a separate and
distinct offense.
(b) Notwithstanding any other provision of law, rule, or regulation, a
voice service provider shall be considered to be in compliance with this
section and any rule or regulation adopted thereunder if that provider
has filed a certification with the Federal Communications Commission
that the provider's traffic is either signed with STIR/SHAKEN or subject
to a compliant robocall mitigation program. A copy of such certification
shall be made available to the attorney general or the public service
commission, upon request.
4. Whenever there shall be a violation of this section, an application
may be made by either (a) the attorney general in the name of the people
of the state of New York, or (b) in the case of a voice service provider
subject to the jurisdiction of the public service commission, to a court
or justice having jurisdiction, to issue an injunction, and upon notice
to the defendant of not less than five days, to enjoin and restrain the
continuance of such violations, and for the enforcement of the penalties
provided in this section.
5. When the department of public service has reason to believe a
person or voice service provider has violated any provision of this
section, the department may request in writing the production of
relevant documents and records. If the person upon whom such request was
made fails to produce the documents or records within fourteen days
after the date of the request, the department may issue and serve
subpoenas to compel the production of such documents and records. If any
person shall refuse to comply with a subpoena issued under this section,
the department may petition a court of competent jurisdiction to enforce
the subpoena and, notwithstanding any other provision of law, to request
a civil penalty not to exceed one thousand dollars per day, actual
damages sustained by reason of the failure to comply, and such sanctions
as the court may direct.
6. The public service commission and the department of public service
may promulgate rules and regulations to implement and enforce the
provisions of this section.
* NB There are 2 § 399-z-1's
section, the following terms shall have the following meanings:
(a) "STIR/SHAKEN authentication framework" means the secure telephone
identity revisited and signature-based handling of asserted information
using tokens standards proposed by the information and communications
technology industry.
(b) "Voice service" means any service that is interconnected with the
public switched telephone network and that furnishes voice
communications to an end user using resources from the North American
Numbering Plan or any successor to the North American Numbering Plan
adopted by the public service commission under section 251(e)(1) of the
Communications Act of 1934 (47 U.S.C. 251(e)(1)); and includes:
i. transmissions from a telephone facsimile machine, computer, or
other device to a telephone facsimile machine; and
ii. without limitation, any service that enables real-time, two-way
voice communications, including any service that requires internet
protocol-compatible customer premises equipment (commonly known as
"CPE") and permits out-bound calling, whether or not the service is
one-way or two-way voice over internet protocol.
2. Not later than twelve months after the effective date of this
section, the public service commission shall require a provider of voice
service to implement the STIR/SHAKEN authentication framework or
alternative technology that provides comparable or superior capability
to verify and authenticate caller identification in the internet
protocol networks of voice service providers.
3. (a) Any voice service provider that knowingly fails or neglects to
comply with this section, or a rule or regulation adopted thereunder,
shall forfeit to the people of the state of New York a sum not less than
ten thousand dollars and no more than one hundred thousand dollars
constituting a civil penalty for each and every offense and, in the case
of a continuing violation, each day shall be deemed a separate and
distinct offense.
(b) Notwithstanding any other provision of law, rule, or regulation, a
voice service provider shall be considered to be in compliance with this
section and any rule or regulation adopted thereunder if that provider
has filed a certification with the Federal Communications Commission
that the provider's traffic is either signed with STIR/SHAKEN or subject
to a compliant robocall mitigation program. A copy of such certification
shall be made available to the attorney general or the public service
commission, upon request.
4. Whenever there shall be a violation of this section, an application
may be made by either (a) the attorney general in the name of the people
of the state of New York, or (b) in the case of a voice service provider
subject to the jurisdiction of the public service commission, to a court
or justice having jurisdiction, to issue an injunction, and upon notice
to the defendant of not less than five days, to enjoin and restrain the
continuance of such violations, and for the enforcement of the penalties
provided in this section.
5. When the department of public service has reason to believe a
person or voice service provider has violated any provision of this
section, the department may request in writing the production of
relevant documents and records. If the person upon whom such request was
made fails to produce the documents or records within fourteen days
after the date of the request, the department may issue and serve
subpoenas to compel the production of such documents and records. If any
person shall refuse to comply with a subpoena issued under this section,
the department may petition a court of competent jurisdiction to enforce
the subpoena and, notwithstanding any other provision of law, to request
a civil penalty not to exceed one thousand dollars per day, actual
damages sustained by reason of the failure to comply, and such sanctions
as the court may direct.
6. The public service commission and the department of public service
may promulgate rules and regulations to implement and enforce the
provisions of this section.
* NB There are 2 § 399-z-1's