BillCam

STATE OF NEW YORK ________________________________________________________________________

7759--C Cal. No. 358

2019-2020 Regular Sessions

IN ASSEMBLY

May 20, 2019 ___________

Introduced by M. of A. PAULIN, BUCHWALD, OTIS, FAHY -- read once and referred to the Committee on Corporations, Authorities and Commissions -- committee discharged, bill amended, ordered reprinted as amended and recommitted to said committee -- recommitted to the Committee on Corporations, Authorities and Commissions in accordance with Assembly Rule 3, sec. 2 -- committee discharged, bill amended, ordered reprinted as amended and recommitted to said committee -- reported and referred to the Committee on Codes

AN ACT to amend the general business law, in relation to requiring STIR/SHAKEN authentication framework

The People of the State of New York, represented in Senate and Assem- bly, do enact as follows:

1 Section 1. The general business law is amended by adding a new section 2 399-z-1 to read as follows: 3 § 399-z-1. STIR/SHAKEN authentication framework. 1. As used in this 4 section, the following terms shall have the following meanings: 5 (a) "STIR/SHAKEN authentication framework" means the secure telephone 6 identity revisited and signature-based handling of asserted information 7 using tokens standards proposed by the information and communications 8 technology industry. 9 (b) "Voice service" means any service that is interconnected with the 10 public switched telephone network and that furnishes voice communi- 11 cations to an end user using resources from the North American Numbering 12 Plan or any successor to the North American Numbering Plan adopted by 13 the public service commission under section 251(e)(1) of the Communi- 14 cations Act of 1934 (47 U.S.C. 251(e)(1)); and includes: 15 i. transmissions from a telephone facsimile machine, computer, or 16 other device to a telephone facsimile machine; and 17 ii. without limitation, any service that enables real-time, two-way 18 voice communications, including any service that requires internet 19 protocol-compatible customer premises equipment (commonly known as

EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD11622-11-0

A. 7759--C 2

1 "CPE") and permits out-bound calling, whether or not the service is 2 one-way or two-way voice over internet protocol. 3 2. Not later than twelve months after the date upon which this section 4 shall have become a law, the public service commission shall require a 5 provider of voice service to implement the STIR/SHAKEN authentication 6 framework or alternative technology that provides comparable or superior 7 capability to verify and authenticate caller identification in the 8 internet protocol networks of voice service providers. 9 3. Any voice service provider that knowingly fails or neglects to 10 comply with this section, or a rule or regulation adopted thereunder, 11 shall forfeit to the people of the state of New York a sum not less than 12 ten thousand dollars and no more than one hundred thousand dollars 13 constituting a civil penalty for each and every offense and, in the case 14 of a continuing violation, each day shall be deemed a separate and 15 distinct offense. 16 4. Whenever there shall be a violation of this section, an application 17 may be made by either (a) the attorney general in the name of the 18 people of the state of New York, or (b) in the case of a voice service 19 provider subject to the jurisdiction of the public service commission, 20 to a court or justice having jurisdiction, to issue an injunction, and 21 upon notice to the defendant of not less than five days, to enjoin and 22 restrain the continuance of such violations, and for the enforcement of 23 the penalties provided in this section. 24 5. When the department of public service has reason to believe a 25 person or voice service provider has violated any provision of this 26 section, the department may request in writing the production of rele- 27 vant documents and records. If the person upon whom such request was 28 made fails to produce the documents or records within fourteen days 29 after the date of the request, the department may issue and serve 30 subpoenas to compel the production of such documents and records. If any 31 person shall refuse to comply with a subpoena issued under this section, 32 the department may petition a court of competent jurisdiction to enforce 33 the subpoena and, notwithstanding any other provision of law, to request 34 a civil penalty not to exceed one thousand dollars per day, actual 35 damages sustained by reason of the failure to comply, and such sanctions 36 as the court may direct. 37 6. The public service commission and the department of public service 38 may promulgate rules and regulations to implement and enforce the 39 provisions of this section. 40 § 2. This act shall take effect immediately.