in

What you need to know about new E911 laws to ensure telephony compliance

Jan. 6, 2022 is a date that CIOs and other IT leaders need to circle on their calendars. This is the deadline by which non-fixed phone lines will need to comply with the upcoming RAY BAUM’s Act (capitalization is correct). 

For those not familiar with the details, a few years back an unfortunate death of a young woman in a hotel room led to a new regulation being adopted in her name aimed at improving multi-line telephone systems (MLTS). Kari’s Law, which went into effect last year, eliminates any required prefix when calling 911, such as pressing “9” first to get an outside line. It also mandates that a designated contact (or contacts) within an enterprise be notified when a 911 call has been made. 

Kari’s Law is named in honor of Kari Hunt, who was killed by her estranged husband in a motel room in Marshall, Texas in 2013.  Ms. Hunt’s 9-year-old daughter tried to call 911 for help four times from the motel room phone, but the call never went through because she did not know that the motel’s phone system required dialing “9” for an outbound line before dialing 911.

Congress responded by enacting Kari’s Law in 2018. Kari’s Law requires direct 911 dialing and notification capabilities in multi-line telephone systems, which are typically found in enterprises such as office buildings, campuses, and hotels.

Since then, the Federal Communications Commission also has implemented RAY BAUM’s Act, which will have an even greater positive impact on emergency outcomes, even though it may present some challenges during initial implementation. RAY BAUM’s Act requires that a 911 caller’s “dispatchable location” be provided to public safety officers for each emergency call that is made. The dispatchable location includes both a street address and any additional information, such as a floor, suite, quadrant, or room number that is needed to locate the caller within a building. 

Since the law was first proposed, there have been some changes and, in my discussions with IT leaders, many companies aren’t ready. To get a better understanding of the changes–where customers struggle and what they should do to prepare–I recently interviewed product marketing manager Tricia McConnell of Bandwidth. I’ve discussed this topic with many industry people, but I sought her out because she is one of the most knowledgeable people on this topic. Here is a Q&A with McConnell.

What are the recent changes in E911 regulations? 

The first RAY BAUM’s Act compliance deadline was on Jan. 6 of this year, and it applies to fixed MLTS, interconnected VoIP, telephony, and telephony relay services. Examples of these fixed devices include desktop phones, hard phones for contact center agents, conference room phones, or equipment in use by the deaf and hard-of-hearing. 

[Editor’s note: Hard phones are essentially hardware-based IP phones that exist as a physical device and act similarly to a traditional desk phone. IP hard phones look like phones; these devices provide a handheld receiver that lifts off a base, just like any other telephone.]

The second deadline comes into effect on Jan. 6, 2022. It applies to the same telephony services but for non-fixed applications, including softphone platforms such as Microsoft Teams, Zoom Phone, and RingCentral, to name a few. These popular platforms offer flexible, work-from-anywhere collaboration features, but they also create unique challenges when it comes to 911 and regulatory compliance. As we talk with enterprises of varying sizes, the complexity of how to stay compliant with E911 regulations while embracing these new tools can overwhelm them and even cause them to lag behind. 

Why do so many organizations struggle with RAY BAUM’s Act?

Let’s first talk about the requirement for fixed telephony. At a minimum, it requires IT administrators to ensure that they have updated each physical device with a dispatchable location. For a large enterprise with locations around the country and hundreds or maybe even thousands of workers at each location, this is a fairly straightforward but time-consuming process. IT departments should be prepared to audit their phones to be sure the location has been provisioned correctly.  

Also, many MLTS systems make use of extensions where each user has not been signed a unique DID. In fact, a single DID (direct inward dialing) service may be allocated to hundreds of phones distributed across several floors or even an entire building. This is important because, in the event of a dropped call, public safety needs to be able to call back the distressed party. When a caller is using an extension, a callback won’t work because the extension value is never passed outside of the MLTS system to public safety.

[Editor’s note: Direct inward dialing (DID), also called direct dial-in (DDI) in Europe and Oceania, is a telecommunication service offered by telephone companies to subscribers who operate a private branch exchange (PBX) system. The feature provides service for multiple telephone numbers over one or more analog or digital-physical circuits to the PBX, and transmits the dialed telephone number to the PBX so that a PBX extension is directly accessible for an outside caller, possibly by-passing an auto-attendant.] 

What many enterprises have done up until now is to provide a street address without the dispatchable location information for each extension. They also may assign floor-level location information to several hundred users that may or may not meet the standard for a “dispatchable location.” It’s this lack of specificity that leaves companies of all shapes and sizes vulnerable in terms of their compliance. 

What about the upcoming deadline of Jan. 6, 2022? 

Solving for non-fixed VoIP is even more challenging. It usually requires dynamic location routing solutions and the additional provisioning of network elements, such as WiFi access points, subnets, switches or ports with a dispatchable location. This technique allows an end-user to move around the corporate network. As the user attaches to one of the provisioned network elements, his/her softphone application will capture the updated dispatchable location information. If he/she makes a 911 call, that dispatchable location will be used to route the call and will be conveyed to the 911 call taker. 

What are some of the solutions that currently support the dynamic requirements for RAY BAUM’s Act?

They all work a little differently under the covers, but Dynamic E911 for Microsoft Teams, Zoom Phone’s Nomadic E911 (PDF), and RingCentral’s Nomadic 911 are the most innovative and can support the upcoming RAY BAUM’s Act requirement for non-fixed VoIP. I think of these solutions as the electric vehicles of enterprise voice communications while desk phones are like gas-powered vehicles. Hard phones aren’t going away anytime soon, but we’ll see fewer of them in use over time. 

What about work-at-home employees?

This is obviously a growing area of concern that the rules for RAY BAUM’s Act, adopted by the FCC well before COVID-19, did not fully anticipate. Work-at-home use cases add even more complexity to how an enterprise is able to collect personal current location information when employees work at home with a softphone application. 

What about using remote work communications while at a Starbucks or the airport? One option is to adopt one of the platforms noted above that offer dynamic or nomadic capabilities. However, if the organization is using traditional on-prem PBXs such as Avaya, Cisco Systems, and others, they can leverage a supplemental solution that recognizes when the user is no longer locally attached to the enterprise network. These tools will prompt off-net users to enter their current location, whether it’s the address of their home, a hotel room, or some other remote location. 

Ultimately, if a 911 call is made and no location is available, most emergency services providers will route the call to a nationwide call center that will try to determine the location from the caller, then manually transfer the call to the right public safety answering point. Obviously, this is the path of last resort, but it is a safety valve that exists in accordance with industry recommendations and best practices. 

How precise does a dispatchable location need to be for compliance?

This question comes up a lot and, as a non-lawyer, I always point our customers to their attorneys for legal guidance on questions like this. The RAY BAUM’s Act regulations state the dispatchable location contains information “necessary to adequately locate the caller.” Each enterprise may interpret this statement differently and has to make a decision about how specific they want the dispatchable location to be, depending on the unique configuration of their building, their current PBX, and the number of employees and remote workers. 

Are there any exemptions for either RAY BAUM’s Act or Kari’s Law?

Kari’s Law applies to “MLTS that are manufactured, imported, offered for first sale or lease, first sold or leased, or installed after Feb. 16, 2020.” Some enterprises may assume this means they don’t have to comply, but the law goes on to say the enterprise should comply “if the system is able to be configured to provide the notification without an improvement to the hardware or software of the system.” The view here is that if your equipment can be enabled–and most can at this point—-then it should be enabled. 

Another common area of misunderstanding applies to contact centers. Many enterprises with call centers mistakenly assume that they aren’t responsible for enabling 911 on the user’s device. However, RAY BAUM’s Act does apply to all interconnected VoIP services, including contact centers, that allow for users to make outbound calls (as well as receive calls from customers). This is something that, frankly, we don’t see being discussed or covered thoroughly enough in the industry.

[End of Q&A]

Final thoughts 

To paraphrase the great humorist Mark Twain and re-channel one of his most famous lines to that of phone-calling: “Reports of its death are greatly exaggerated.” While telephony doesn’t have the same level of sizzle as video or messaging, it’s still one of the top communications channels used across all demographics. In fact, when people want to discuss things that matter, such as their health, financial records or reporting an emergency, phone-calling is the preferred choice. 

Given the sharp rise in VoIP systems caused by the pandemic, it’s crucial that businesses fully understand E911 regulations and have the systems in place to comply.


Source: Networking - zdnet.com

Google releases new open-source security software program: Scorecards

Microsoft adds second CVE for PrintNightmare remote code execution