'Robocall Strike Force' Proposal Could Stop Caller ID Spoofing

This summer the FCC convened a "Robocall Task Force" to help consumers fight unwanted automated telemarketers, and Wednesday the coalition finally delivered a report recommending a "Do Not Originate" list so carriers could spot spoofed numbers which should be blocked. A trial of the "DNO" list that's been running for the last few weeks on some IRS numbers has resulted in a 90 percent drop in the volume of IRS scam calls, officials from AT&T, which leads the strike force, said during the FCC meeting Wednesday. The carriers on the strike force, which include Sprint, Verizon, and many others, plan to continue testing the DNO list in the coming months, with the intent to fully implement it some time next year...

The strike force members also are working on a system to classify calls into categories, such as political or charity, as a way to give consumers more information before they answer calls from unknown numbers. And, the group said it has developed a working solution for authentication between VoIP applications and traditional landline networks as another way to defeat spoofing from callers in foreign countries.
Early next year they're planning larger tests -- and the strike force has also created a new site describing how to block and report robocalls.

yes, and

[ThatsNotPudding]

the task force pays for itself... from the untold billions the carriers made on every spam / scam call they put thru to you.

Re:yes, and

[EvilSS]

the task force pays for itself... from the untold billions the carriers made on every spam / scam call they put thru to you.

Pretty sure they don't make billions per call.

Much needed

[110010001000]

I would say about 90% of all landline calls are spam at this point.

Re:Much needed

I would say about 90% of all landline calls are spam at this point.

I put the political calls in that category too - and they're all robocalls.

And for some reason, a lot of them think that a robocall with their wife on it actually makes a difference. And if those robocalls actually make a difference, well my opinion of the American people cannot get any lower.

My opinion of the US Electorate is at an all time low and I finally realized the genius of our Founding Fathers for making us a Republic and not a Democracy. Just look at most of the comments to that poll to the right and see for yourself.

Re:Much needed

[RatPh!nk]

I would tend to agree with you. This also falls into a "no-brainer" type of law. I cannot reasonably imagine a legitimate use for caller-ID spoofing (outside of maybe the law).

Re:Much needed

I would say about 90% of all landline calls are spam at this point.

Yep. My landline is like the usenet of telephony now.

Re: Much needed

It's bitztream, the autism-hating, custom-epiPen-hating Slashdot troll!

Re: Much needed

That's still not a legitimate reason to spoof.

If you want someone to call you back on a different line you could, I don't know, maybe leave a message saying so?

Re: Much needed

[sjames]

Spoofing is a relative term. As TFA uses it, you are not spoofing since you are sending out a number that actually belongs to you. The ones they're talking about spoof the number of a legitimate business of government agency that does not belong to them.

Re:Much needed

I can. Lets say you work Gigantic Bank Corp. You have a Loan and a Mortgage and a Banking division as they are all separate companies due to legal requirements. Why have 3 collections firms? You have one collections firms and 3 outgoing caller ID so that it goes with what ever company you are representing.

Re:Much needed

So what is the problem with having multiple outgoing numbers show on caller ID? Your internal PBX system should be handling any rerouting.

Re: Much needed

You seem to be working from a unusually broad term of the term "spoofing". I don't think anyone can reasonably say that a single company/building tweaking their numbers so that their inbounds/outbounds go to certain numbers should be illegal. The term "spoofing" that the parent is using likely the more common one, IE being a scam artist and spoofing their phone number/caller ID info to read IRS 800-829-1040. The latter should be highly illegal, resulting in fines/prison time. I don't even have a problem with individuals/companies wanting to remain anonymous, as long as they use a common code (IE: "Private number") that I can ignore if I see fit or buy a device that will automatically kick such calls to voicemail.

Re:Much needed

[ananamouse]

I have toyed with the idea of turning my land line into a 1-900 number so that the robocallers have to pay me to talk to the box.

Why are they messing about?

[Joce640k]

Why are they even messing about with this?

Require mandatory jail sentences for anybody installing/operating this equipment and the problem will disappear overnight.

The same goes for a lot of other crap the people have to put up with. Start throwing more scumbags in jail and the scumbags will stop doing it.

Maybe a general "scumbag" law that can be applied retroactively to people who try to beat the system. If a jury decides that somebody is being a 'scumbag' then anybody with a history of the behavior being judged can have the law applied to them.

Vote for me in the next election!

Re:Why are they messing about?

[HBI]

The task of government is to make the system appear fair to all and to achieve a relatively constant justice. Actually being fair and just in all cases is of course, impossible. But governments have been failing at this task of appearing uncorrupted for a while now. The first effect is vigilantism, as we see with Anonymous and Wikileaks. Then it comes off its moorings with random killing to settle scores. Then we're back in medieval times in the West...much of the rest of the world still lives under the threat of random killing. At that point, our communication systems and goods distribution will crash to a halt due to the manifest lack of safety.

We're not far away from that reality. Therefore, any attempt to reassure people that there are consequences for unfair or criminal action is useful. Coming up with more and more baleful punishments for the tiny minority who get caught is not the solution, though.

Re:Why are they messing about?

A better solution than jail time for nonviolent offenders is a judgement placed against the scammers issued to the victims. Then the victims can pursue them for money or sell the judgement to a collection agency who will then aggressively go after the scammers for life. Turnabout is fair play.

Re:Why are they messing about?

[smooth+wombat]

Start throwing more scumbags in jail and the scumbags will stop doing it.

Because all those scumbag murderers already in jail has stopped people from committing murders. The same with rapists, child molesters, animal abusers, financial fraud and so on.

It would be much cheaper to simply execute them since it serves two purposes.

1) The criminals would be gotten rid of rather than being coddled by taxpayer money. They wouldn't be able to get out and go back to their criminal ways.

2) It would show, unlike jail time, we're serious about this.

But nope, we'll keep making excuses why we should coddle criminals, pouring more money down the black hole of jails.

Re:Why are they messing about?

[EvilSS]

You want to throw every telecom installer in jail? it's not like they are using special scam hardware, it's standard PBX equipment.

Re:Why are they messing about?

[currently_awake]

Killing people for less severe crime has been tried, england killed thieves and robbers for a while. The result was a massive increase in murder and other serious crime as there was no difference in punishment and the more serious crimes had a better payout for the same or less risk.

Re:Why are they messing about?

[Joce640k]

Yep. If you're installing a call center then you should make sure of the credentials of the people asking you to do it.

This will be done by that person giving you a copy their installation permit and you looking up the permit on the government website to see if it checks out (correct person, correct address, correct installation date, etc).

I may be cruel, but I'm just.

Re:Why are they messing about?

This will be done by that person giving you a copy their installation permit and you looking up the permit on the government website to see if it checks out (correct person, correct address, correct installation date, etc).

Right ... because criminals always use their real names when applying for permits they intend to use for criminal activities. It would be easier (and more effective) to simply look at a calls ANI and compare it with the presented caller ID. If the two don't match then automatically drop the call and send the address (that the installer actually logged as where the equipment was installed, along with the "business" address on the installation permit) to the local police department flagged as a currently active scam operation. Who knows, there might even be someone still there to arrest after the three or four days it would take the police to actually show up to investigate.

There is only one legitimate reason for using spoofed caller ID, that would be a someone with a reason good enough for them to get a court order (battered spouse, etc).

Re:Why are they messing about?

Why are they even messing about with this?

Require mandatory jail sentences for anybody installing/operating this equipment and the problem will disappear overnight.

The same goes for a lot of other crap the people have to put up with. Start throwing more scumbags in jail and the scumbags will stop doing it.

Maybe a general "scumbag" law that can be applied retroactively to people who try to beat the system. If a jury decides that somebody is being a 'scumbag' then anybody with a history of the behavior being judged can have the law applied to them.

Vote for me in the next election!

yeah has that logic shown to work for anything else? like drugs? illegal immigration? murder? rape? tax fraud? nothing disappears overnight just because it/they became illegal.

Re:Why are they messing about?

[quetwo]

The problem is that most of these scam calls are originating from outside the United States. Our laws can't do much outside the US without a lot of legal paperwork -- and in most cases it won't be worth it.

One easy solution is to give consumers access to the BTN or Bill-To phone number. This is the number that is being billed for the call -- essentially pinning down the place where the call is being switched into the PSTN. If you get the BTN, you get the person behind the call -- regardless of what their Caller ID is. Unfortunately, right now, the only way to get access to the BTN is via the SS7 protocol (not available to consumers), or to compel your phone company to give it via a subpoena. Enough abuse from a single BTN -- cut them off until they can clean up their act.

Re:Why are they messing about?

Why are they even messing about with this?

Require mandatory jail sentences for anybody installing/operating this equipment and the problem will disappear overnight.

That worked so well with the War On Drugs didn't it? Why not have measured penalties. I.e. if some 19 year old naive geek annoys a couple people, without causing the loss of life, let's start them out with the equivalent of a 90mph speeding ticket.

Oh, but you (and the politicians that will be happy to represent your simple plan) want to be seen as Hard On Robocallers.

Life is a spectrum of risks, rewards, and punishments. Let's not crucify Wesley Crusher because he played ball on the grass and didn't notice the no trespassing sign.

Re: Why are they messing about?

[cdwiegand]

Then they can find a way to make it available.

Re:Why are they messing about?

[EvilSS]

What installation permit? No permit is required, at least in the US, to install a PBX in your building. Also what about VOIP providers? You want to arrest the guys who sold them their PBX equipment because one of VOIP provider's customers 5 years later scammed someone? You didn't think this through.

Re:Why are they messing about?

... a general "scumbag" law ...

The USA already has "scumbag" laws:
  - Civil forfeiture; you committed a crime and will be robbed by bigger criminals - us,
  - Money laundering; you committed a crime and bought stuff,
  - ex-felon laws; you went to prison and don't deserve voting privileges, welfare, contractual responsibility (rental agreement, loan, phone/internet contract), or a job.

The first law is problematic because a jury doesn't decide if someone is guilty. Then there are nebulous US laws like 'computer fraud and abuse' where almost any act over the internet can be labeled a crime.

Re:Why are they messing about?

Our laws can't do much outside the US without a lot of legal paperwork.

True, but drones and missiles work just about everywhere. The message needs to go out loud and clear to criminals that they can either submit themselves to the legal system and it's protections or they can be targeted for a drone strike. Their choice.

Re:Why are they messing about?

"Our laws can't do much outside the US"

Who says you have to do anything outside of the US? Require that all interconnections telcoms routing calls into the US either provide a legitimate caller ID, or a specific "unknown number"/"private number" code that consumers can block calls from if they desire. Any interconnection telcom that doesn't conform to this requirement gets blocked from the US telephone network.

Re: Why are they messing about?

A better solution is financial liability for passing a scam call. Every time a scammer calls my house, Verizon pays me a fine. Verizon gets pissed off by the large volume of fines they're paying off and collects huge fines from Level 3. Level 3 sees these scams all coming from Ukranian Podunk Communications, etc, and cuts them off until they fix the problem.

This has the advantages of working internationally with existing legal frameworks and naturally aggregating the liability so there will always be someone with incentive to act on it

Re:Why are they messing about?

[lucien86]

Yeah. I'm in favour of all cold calling being made a crime. For me death alone is not enough, I would give them a choice between impalement and crucifixion. Since most of them are abroad in places like India or Pakistan I would be in favour of using drone strikes to take out the call centres.
That would teach them.

We get a lot of cold calls..

Why is that legal in the first place?

[Opportunist]

We're all too happy to outlaw things that have no legal purpose, even if they do. Care to inform me what legal purpose spoofing caller ID could possibly have?

Re:Why is that legal in the first place?

[110010001000]

All businesses use it to make the call appear to come from the general office number. So if an employee calls someone they don't get the direct number to that employee, just the general business number.

Re:Why is that legal in the first place?

I used to work for a company that would make automated calls on behalf of our clients to people with existing business relationships or optins (club memberships, renewal notifications, etc.). One of the selling points was that we would spoof the caller id to make it look like it was coming from the store/location that they had made a purchase from or had registered at, that way they would a) know who was calling them and b) could use redial to call back and get that store/location.

Everything was legit, this wasn't a scam company, we took DNC and optouts very seriously.

Re:Why is that legal in the first place?

[runningduck]

You explanation is perfectly valid for why a business might assert a particular CID that is valid within the company, but not what carriers allow people to assert any CID not registered to that individual or company.

The only way to solve this problem is to make the carriers accountable for allowing such behavior. To be clear, I am less concerned about unwanted calls and much more concerned about scammers. If a carrier allows scammers to forge their identities then the carriers are complicit in the scammers illegal acts.

Re:Why is that legal in the first place?

[chihowa]

That's the one valid use for this, but that could be implemented without allowing general spoofing. Between that and allowing people to block caller ID altogether (which most normal people wouldn't do and would guarantee that a telemarketer call wouldn't be answered), are there any other cases that warrant allowing the caller to arbitrarily set their own ID?

Re:Why is that legal in the first place?

[EvilSS]

You explanation is perfectly valid for why a business might assert a particular CID that is valid within the company, but not what carriers allow people to assert any CID not registered to that individual or company.

Because when the system was put in place no one foresaw VOIP and the extremely low barrier to entry for doing this. So they didn't design the system with misuse of the CID assignment from a PBX in mind. So they went with the simpler implementation and then technology happened.

Re:Why is that legal in the first place?

[Greyfox]

Back in the day I used to run an asterisk server that listened for calls on a landline. When a call came in, it would check the caller ID against a white list and send matching numbers out over voip to my cell phone. Since my voip provider would accept any caller ID I entered, I'd spoof the outgoing caller ID to my cell phone to be the incoming caller ID of the person calling me. Kind of an edge case, I suppose, and I could have lived without the feature, but there are valid use cases.

Re:Why is that legal in the first place?

[runningduck]

VoIP is actually irrelevant; there is still a hand-off from a customer to a carrier in order for the call to be connected outside of a local network. There will either be a voice gateway with PRIs or some sort of SIP trunk. The carrier has the option of restricting CIDs but few do.

Re:Why is that legal in the first place?

Great. You ask for a reason, and a reason is given to you.
But now that isn't good enough, you want multiple reasons.

Why do I get the feeling that if I typed out a detailed answer to you, suddenly it wouldn't be good enough either and you'll demand yet a third reason?

Yea I don't think I'm going to bother. You look up how VOIP works on your own time.

Re:Why is that legal in the first place?

[aardvarkjoe]

All businesses use it to make the call appear to come from the general office number. So if an employee calls someone they don't get the direct number to that employee, just the general business number.

The sensible thing to do would be to have a "callback" number as well as a "from" number. The "callback" number could be set to the business' general office number, but it should be impossible to change the "from" number.

Re:Why is that legal in the first place?

[Nethead]

I was given the option by my local carrier for the company PRI. I chose to only allow the DIDs that we lease. Not that I was going to spoof, but if someone got in via SIP to our system at least it would get back to me so I could investigate and fix.

Re:Why is that legal in the first place?

[EvilSS]

It's not irrelevant, and I already explained why. Maybe read the entire comment first.

Re:Why is that legal in the first place?

[runningduck]

Maybe read the entire reply first before getting all indignant. The existing protocols carry sufficient information for carriers to lock customers into displaying only CIDs that the customer is authorized to display. Carrier equipment has had the ability to lock PRIs to customer CIDs for the past 20 years that I am aware of, likely much longer. VoIP still relies on a carrier unless you are talking about a limited VoIP deployment within a contained network. At the point of ingress a carrier can block unauthorized CIDs regardless of connection method. You would have to solve the problem at the protocol level if you tried to block the abuse between carrier.

There is no technical reason preventing carriers from blocking their customers from using unauthorized CIDs except the decisions that are made within the carriers themselves; either poor choice of equipment purchases or poor implementation/design.

Re:Why is that legal in the first place?

[chihowa]

I'm not the the OP, oh ye of poor reading skills, so my first question was for a list of compelling reasons to keep a clearly broken design that only benefits telemarketers and some businesses and presents constant problems for every other user of the system.

We here are the sort of people who design systems, so we need to design a system that doesn't facilitate arbitrary ID spoofing. Your "look up how VOIP works" comment makes me think that you're not a designer of systems, but a lever-pulling operator monkey of the systems designed by others, which means that you have nothing to contribute to this discussion. A VOIP system that doesn't trust, without validation or sanity checks, the ID supplied by a peer is perfectly possible to design.

Re:Why is that legal in the first place?

[EvilSS]

Still missing the context I see. Why didn't the telcos require it all this time?

Re:Why is that legal in the first place?

[BronsCon]

This. And every time the subject comes up, I propose that carriers should only automatically allow a company's PBX to request the display of a number that also appears on the same bill as the number placing the call.

There would have to be some manual verification process to cover cases where several companies share a number (for example, a contract customer service call center) or one company uses numbers from several providers, since these would not appear on the same bill. That should be as simple as dialing a * code, perhaps *24 (*CI, for Caller ID), which then prompts you for the number you would like to add to your available list and a 4 digit PIN. That system would then call that number with a brief explanation of what the call was about and request the PIN. PINs mach? Call added to list. No match? No add. You'd have to get a few tries during that one call. because it shouldn't allow more than one attempt per week in order to keep people from using the automated call as a form of harassment.

Performing the above verification should allow the number to be used by any line on the bill, not just the line that called it, as there are often hundreds or thousands of lines that may need to use that number for inbound calls within an organization.

Current switching equipment should be able to handle this already. Implement. Problem solved.

Hell, the use of a number not on your bill could be something providers charge monthly, and per number, for. If they don't think they can profit more from fixing this than they do from letting it slide, they're not being creative enough. And I've read my fucking bill. I know they're creative.

Re:Why is that legal in the first place?

[runningduck]

Only the people behind closed doors know why the telcos did not require this, but in my experience it is likely for a few reasons:
1) Without a good architecture and integrated process managing CIDs requires an amount of administrative overhead
2) Telcos could not figure out how to charge customers for locking down CIDs
3) Locking down CIDs reduces call volumes and exchange fees

Re:Why is that legal in the first place?

[runningduck]

Well said!

Re:Why is that legal in the first place?

[BronsCon]

Thank you! I've been posting this for years now and you're the first person to actually acknowledge it.

Incidentally, I just got a call from my local DMV office to remind me of an appointment I have later this week. I didn't answer because they user the international format for their DID, so I assumed it was a scammer because, well, most calls from 800 numbers are scams and this one made itself look extra suspicious. If they hadn't left a message, I wouldn't have known who called in order to call back to confirm.

This wouldn't be a problem and I'd have answered the call if not for the prevalence of illegitimate DID spoofing.

Re:Why is that legal in the first place?

[runningduck]

You are very welcome. I have not seen your other posts.

I agree with you on the CID spoofing. I never answer calls unless I know the number. People can leave a message. If it is legitimate then I'll add them to my address book.

Trust

[thegarbz]

Why did we design systems which implicitly trust the information provided by a sender? Why are packets that claim they are from an IP address that doesn't belong to that ISP or phone numbers that don't below to a specific service not immediately blocked at the first router?

Re:Trust

Seemed like a good idea at the time.

Re:Trust

The trust model predates most people on this site. In the olden days calls cost money, long distance calls cost lots of money, spam calls were therefore not profitable. Without an incentive to exploit it, the broken trust model wasn't an issue.

Today spam calls are profitable, and the carriers have an incentive to let as many calls as possible complete so that they can skim some revenue off the top. The "enumerated prohibition" model of the do-not-originate list is clearly intended to have as many gaps as possible. To suppress spoofed CLI, the best approach would be "default deny" at the network ingress switch for each customer. Carriers know exactly which numbers are connected to which physical lines, therefore can deny any others being spoofed. But they don't. Follow the money.

That would leave suppressing or permitting CLI at carrier-to-carrier interconnects, which again is a solvable problem. If you're interconnecting with a trustworthy fellow carrier, pass through its CLI. If you get too many complaints about spoofed numbers originating from the other side of an interconnect, just suppress all CLI it presents and show "unavailable" to the subscriber, who then can make an informed decision about whether to accept any call. But carriers don't do that. Follow the money.

Re:Trust

The problem is, the target group they're trying to reach no longer have land lines. The people that still have land lines are businesses, because they call me a crap load of times, even some of them that randomly press extensions to reach my employees. It's quite annoying.

Re:Why is that possible in the first place?

[Cigaes]

Why is it possible in the first place?

If I were to design a protocol of this kind, one of the first measures I would take, in the protocol itself if relevant and in any implementation, would be to check that peer-provided source addresses match the routing system, making spoofing impossible. I cannot fathom that the people who designed this particular protocol did not do the same from the beginning, and even more so that they did not fix it since then.

Censorship platform

That sounds way too much like a government censorship program by stealth. We all know that will be abused.

A better solution is just to digitally sign telco traffic along physical routes. No more spoofing and complete tracability. Enev signing packets statistically would be fine and cause minimal overhead.

Re: Censorship platform

The govt is not asking telecos to blacklist a list of numbers. People can ask their own number to be blacklisted. The irs has done this for their numbers.

Band Aid

DNO is a hack. I guess it might be worthwhile because it could be implemented on the receiving end of the call (either the final switch or even the telephone set). On the other hand, the correct approach would be for originating telco offices to require that the originating caller-id belong to their customer. Of course, that might jeapordize telco revenues, so is a non-starter.

Re:Band Aid

[silas_moeckel]

Have fun getting that to work I have hundreds of DID's for the work PBX. I have multiple carriers. Any DID might go out any carrier. Ever sales monkey seems to want thier company cellphone as their outbound CID from their desk phone.

Now take my home PBX I make 800 calls out as my work phone because I actualy make money doing so. I use my cell phone as my outbound CID because that is the number people know been the same since the 90's and frankly voip sms is not fully baked yet.

Blocking the scammers without breaking basic functionality thats old than most of us is not hard.

Re:Band Aid

[chihowa]

An appropriately accountable system could be designed, even if it ultimately ended up costing businesses some money or flexibility in their setup. Keeping an obviously broken system because you actually make money using it does not typically register as a valid reason to everyone else.

Re:Band Aid

[silas_moeckel]

Replacing an existing system that spans the world is a massive task Your still going to need trust points and IPv4 has shown us that those will fail. Optionally requiring authentication to use particular CID's is far more sensible and incremental. Hell's laying it on top of DNS actualy make pretty good sense as country codes and TDL's match up pretty well.

Re:Band Aid

[chihowa]

That's a great idea.

SIT trust

[emil]

The PSTN/POTS trust design is likely older than both of us combined.

Fortunately, autodialers also must trust "Special Information Tones" (SIT) that announce a disconnected number. I put this SIT tone on my voicemail.

Because I ported my longtime landline number, "Rachel from card services" was leaving me messages several times per day. With my SIT tone trick, she is now long gone. I really don't miss her.

Re:SIT trust

[quetwo]

Sure, autodialers, by law are supposed to trust those tones. Guess what -- the people making these scam calls don't care, and often don't respect them.

Re:Why is that possible in the first place?

[silas_moeckel]

Then your protocol would be broken, my PBX routes calls via the best carrier for a given destination. The CID might be the main 800 line an extension DID or an individuals cellphone (which tend to call forward into DID's for VM and desk phone roll over). Many of those carriers I dont have any DID's with nor do I want any.

It would be fairly easy to require LOA's the same as IPv4 just a nightmare to administrate where once you get big enough the requirement goes away. Looking for odd DID origination is also not that hard.

Qestioning their statistics

[mi]

A trial of the "DNO" list that's been running for the last few weeks on some IRS numbers has resulted in a 90 percent drop in the volume of IRS scam calls

How do we know, the drop is not explained by one such big scam operation getting busted?

The scam-calls I'm getting, for example, — 2-3 times per day — do not pretend to be from the IRS' numbers at all...

Another Revenue Source for Carriers?

[JimMcc]

I didn't read them all, but T-Mobile's solution is an app which you install on your smart phone. The description says that it's a free trial and they state up from that it is a paid service. So if you want protection from spam/scam calls you need to pay extra. I get tired of the various carriers nickle and diming you to death.

Re:Another Revenue Source for Carriers?

[Mister+Transistor]

AT&T is pulling that shit too, apparently My mother said something like "My caller ID names are gone, and it's just numbers now. It said something about the free trial being up." that must be what she was talking about, she just got a new Galaxy 7 Edge with AT&T service.

I'm on Verizon and I get names and numbers as part of basic caller ID service, AFAIK.

Re:Another Revenue Source for Carriers?

[spire3661]

Doesnt the phone match up the number with your phones internal contact database?

Re:Another Revenue Source for Carriers?

[Mister+Transistor]

That gives you local caller ID names, kind of a local whitelist. With landlines there is a "name service" that provides a number AND a name, usually (when not blocked, spoofed, etc.) but that doesn't get sent to the cell network, apparently. So, the latest version of Android has it half-baked in as a paid service feature or something.

Re:Another Revenue Source for Carriers?

[quetwo]

The database that does the CLID -> Name lookup is owned by a company called NeuStar. They charge the telephone companies roughly a penny for each lookup they perform for each call. That's why there is a charge for pretty much every company to provide this data...

Re:Another Revenue Source for Carriers?

[phorm]

On mobile phones this isn't a big deal, since anyone in your contact lists is automatically matched up with the number. Heck, it's on things I give Kudos to Apple for, since apparently in IOS the answer "button" is different for recognised/non-recognised callers.

Re:Why is that possible in the first place?

[swb]

The PBX predates caller ID.

The PBX was fed with trunk lines which actually phone numbers, usually unrelated to the called number. When an inbound call was made to 555-1000, telco switched that call at the CO to one of the trunk lines. Outbound calls worked basically in reverse, the call went to the PBX which chose an open trunk and completed the call.

Direct Inward Dial (DID) involved buying a block of numbers which had no physical line associated with them and these were programmed to be switched to a trunk at telco with signaling that passed the called party number to the PBX so it could complete the call to the internal extension.

This system had to be adapted to caller ID. Early outbound calls often showed the trunk's phone number, but IIRC you could get telco to basically rewrite those calls to a customer specific number, usually the main number, if your switch lacked the software or signalling to pass the calling extension out.

PBX software eventually got the ability to pass an extension's DID to telco, so caller ID passed to the called party would see the number the call came from, even though it may have passed over an analog trunk with a completely different assigned phone number.

Basically, caller ID has, for anything other than single POTS or cell lines where telco handled all the switching, been a kludge on a system that wasn't built for caller ID, and spoofing was a necessary feature.

The problem all along has been lazy and/or greedy telcos who never bothered to implement sanity testing on spoofed calling party info and just accepted all of it rather than build in checks that the calling party info actually represented numbers assigned to the calling party.

And I'm sure much of it was made worse by call centers, for whom number spoofing was a business feature -- doing business for a company who WANTED call center calls to come up as their numbers. And VOIP vendors who wanted to use IP networks to route calls and unload them onto POTS at the cheapest point, terminating a call from a DID block leased from telco A using circuits leased from carrier B.

It pays for itself

[rsilvergun]

from the billions of American dollars that don't get scammed.

simple solution....

[Lumpy]

force all call routing tables that all telcos use to be authenticated. Yes that means poor poor multi million dollar businesses will have to pay $100 a year to have their giant VoIP system to be verified and validated. home VoIP is forced to be sent through a certified telco that locks the CID information and disallows ANY changes.

Honestly it could be fixed in only a couple of months if people got off their asses.

Re:simple solution....

Honestly it could be fixed in only a couple of months if people got off their asses.

Yes. The problem could have easily been solved years ago if the telcos wanted to solve it, which they don't. You have to look at it from their point of view. Every phone call is a phone call that can be billed for. They don't want to end the fraud calls because that would cost them money. It is the same reason why banks rigidly resist any attempts at ending credit card fraud. While most credit card accounts limit loses to $50, that is still an additional $50 the bank is getting that they normally wouldn't have.

Re:Why is that possible in the first place?

[currently_awake]

Checking foreign calls to ensure they don't have a local caller ID would go a long way to stopping this. Or you could display "Foreign" before the caller ID for any call that originated outside the trusted network. You could do this for email and text messages as well. Or you could bill the phone company for scam and spam calls so stopping them pays money instead of costing them money.

What about hiding behind open VoIP/Proxy boxes?

[forrie]

This does nothing to handle those that bounce their calls off of vulerable VoIP or other devices. This happened to me recently; the ID was of some girl in a local city that has (had, hopefully) an Android phone that has obviously been hacked. It's unlikely someone is going to spend the kind of money required to trace them in this manner, unless they suspect it's a Big Fish they're going to catch.

Re:Why is that possible in the first place?

While a good idea, I am not sure it would be very efficient due to the flow of calls. I could be in woozoo land and use a proxy. Also, due to the way voip traffic is routed, I could use a local provider. I could even rent equipment in the country I am calling if it is a big enough operation

Best incentive yet improvement is cell phones

[MrKrillls]

As long as there is no better alternative, landline telecoms see no downside to a lax stance on robocalls. But if I cancel my land line and just use my cell, because I can control how my cell phone responds better, then the landline industry has motivation for attacking the problem. I am going call my telecom and tell them they will lose my business if the industry doesn't get serious on this. I include political calls, surveys, the whole set of unsolicited calls.

Re:Best incentive yet improvement is cell phones

You do realize, that most ILECs don't want to support landline service. They would much rather have you as a mobile customer. It's more profitable and unregulated.

Use ANI, not CLID

[knorthern+knight]

CLID (standard Caller ID) is sent out by the sending phone/PBX, and is not trustworthy. ANI (Automatic Number Identification) is used by telcos for billing info, and it works, Otherwise telcos would be in financial trouble. Yes, it is available, but telcos want to "monetize" it, so they charge an ar and a leg for anybody who orders it.

Re:Use ANI, not CLID

[quetwo]

CLID and ANI are the same thing. The BTN is what you are really looking for (The Billing Telephone Number)... Field 0x71 on SS7, according to Telcordia...

Re:Why is that possible in the first place?

[silas_moeckel]

You dont seem to get how the PSTN works. Foreign you mean oversea's? so get few buck a month VM via bitcoin and you look like a US PBX now. These guys are not using indian/russian telco's to do this they are back hauling to the US via VoIP as they dont realy care about call quality only cost. It's not uncommon for them to hack legit PBX's to save costs either.

People keep thinking a hack system like we put in place for ipv4 will work but there are billions of DID's ipv4 doesn't work well with only millions of possible networks. Something more analogous to SPF for email is needed.

Re:Why is that possible in the first place?

[quetwo]

Actually, since digital switching began in the 60's and 70's, there have been three fields transmitted with every call (well, a lot more, but these are relevant)
BTN = Bill To Number -- this is the number that the call is billed to. This is actually validated by the connecting carrier, and still is today. In most cases it will be the circuit number, SPID, or an account number for really large customers.
CPN = Calling Party Number -- this is the number that the call is presenting itself as -- the Caller ID if you will. A long time ago, this was always validated by the phone company against the customer's record of DIDs. In the early 90's the LECs started charging companies to open up this field so that they could hide call center numbers, etc. and to make their phone number their brand. In the late 90's some LECs started offering this as a standard feature as a differentiation against other CLECs.
RTN = Route To Number -- this is the number the call is destine to.

This biggest problem is that we started getting a lot of smaller CLECs that didn't understand the technology well enough and started giving everybody closer access to the PSTN (for example, by not watching the CPN they were sending). The problem was exacerbated when VoIP became a thing and CLECs started allowing anybody access to the PSTN with no restrictions and no regard to their physical location.

These scams are hard to track down. I'd venture to say that 80% of them are running on stolen credit cards, on AWS (or other cloud provider) EC2 instances, connected to some VoIP provider that is billing another stolen credit card. They connect their SIP phones from anywhere to the PBX in the cloud and they start. Labor is cheap in other places in the world and with everything being in the cloud they can be pretty much anywhere. If they get shut down, they just use another stolen credit card and launch another EC2 instance and they are back in business a few minutes later.

Are companys like trackphone excluded?

[Stan92057]

i use tracfone they don't have a system the even tells you whos calling unless you save the number to you address book.

You can lie

[DFDumont]

The real problem with call-id is that you can lie. You can identify the calling party number as any collection of 10 digits (in the US). There is no check. Even this 'Do Not Originate' is a blacklist approach, which as we know has its limits. Rather the system should only allow you to say you are one of the numbers you own, as in those assigned to the line being used, or assigned to the organization which owns the line. Case in point, when a DID enabled desk phone calls out for pizza, the caller-id given is typically the facility main number, not the DID of the phone. They own that number. Scammers lie. They tell the PSTN that they are ogininating from a number they don't own, sometimes a random number. It would not be difficult to put into place a system which screened caller-id to those numbers associated with the owning account, since after all someone is still paying the bill for the line being used. That wouldn't end dialing robots, but at least then when we file a complaint with the Do Not Call registry we would have the information of the actual offending company.

Needs homing device

Spoof call to the grandparents or a scam call? Need an option next to # sign to send a homing package of thermite to the source.

Thank you, CrimeCast. . .

[Salgak1]

. . . .thanks to your crappy VoIP service, we shut down our landline **just prior** to the blizzard of political robocall spam. Because that's what it is: Unsolicited and Commercial. . .

Of course, that won't stop them from trying to call our cell phones, but the target is at least more diffuse.

As for the Republic, I fear that it is dead, but don't worry, the American Empire has replaced it.

Ave, President-Imperator, nos morituri te salutabat. . . . .

(evil grin)

8 Simple Rules for Not Dialing My Number

(We'll say this as many times as we have to in order to get our message across.)

8 Simple Rules For NOT Dialing My Number:

1. If you're selling something don't call me. Period. If I want something I'll call you.
2. If you're a politician or a pollster don't call me. Period.
3. If I don't recognize your number you're going to voice mail. Get over it and leave a message.
4. If Caller ID is blocked, missing, or obviously spoofed you're going to voice mail. Get over that, too, and leave a message.
5. Every carrier should have the ability and facility in this day and age to "Back Bill" any call, anywhere. If a "boiler room," or even my own mother, calls me I should be able to dial "*BACB" (or something similar) and charge them some nominal amount for the call to the device that I'm paying the bill for if I don't want them contacting me.
6. Spoofing Caller ID information should be considered Wire Fraud and therefore illegal.
7. I'm paying for my air time on my cellular phone even when you call me, that makes it trespassing if I don't want you there and I should be able to prosecute you if you become a nuisance.
8. Unsolicited Text Messages are no different from Unsolicited Voice Calls and therefore no exception to the above rules.
9. Bonus Rule: Wireless carriers should enact voluntary number blocking/filtering systems with no arbitrary limits (like, say, MORE than 5 numbers, Verizon Wireless) with Opt-IN policies (NOT Opt-OUT) for scam services like Premium Text Messages.

Correlation != causation

[RogueWarrior65]

That drop in IRS calls could also be due to the recent bust of the Indian scammers behind it all. As for the DNO, what's to stop some company setting up an automated phone routing center in BFE South Dakota? VOIP from India to the routing center where the calls would originate.

IRS scam

[phorm]

The seemed to find a way to nail people under the "IRS scam" that was going around. I'd imagine that they could do something about this if they were so inclined.

My first thought is that a non-local-originating caller should not be able to display a local number. If they want a North American # then they should have at least a local satellite office.

It's idiotic that the FCC deals with this

I want the people who call and harass me arrested and jailed.