Slashdot Mirror
FCC Chair Wants Carriers To Block Robocalls From Spoofed Numbers (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: The FCC in 2015 made it clear that voice service providers can offer call blocking tools to customers, but commissioners said at the time that more needed to be done about Caller ID spoofing. FCC Chairman Ajit Pai has now scheduled a preliminary vote for March 23 on new rules designed to solve the problem. "One particularly pernicious category of robocalls is spoofed robocalls -- i.e., robocalls where the caller ID is faked, hiding the caller's true identity," the proposal says. "Fraudsters bombard consumers' phones at all hours of the day with spoofed robocalls, which in some cases lure consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or lead to identity theft." The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid." Providers would be able to block numbers that aren't valid under the North American Numbering Plan and block valid numbers that haven't been allocated to any phone company. They'd also be able to block valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber. The proposal would also codify the FCC's previous guidance that phone companies can block calls when requested by the spoofed number's subscriber. The upcoming vote on March 23 is for a Notice of Proposed Rulemaking (NPRM), which means the rules won't take effect immediately. The FCC uses NPRMs to seek comment on proposals before issuing final rules.
There's no reason for companies to mask or spoof their phone numbers. Yes, please, stop all that!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Why the F would you want to block only robocalls from spoofed numbers? Let me make a better proposition:
1) Ban/block *ALL* robocalls, period.
2) Ban/block *ALL* spoofed numbers, period.
On this topic I actually feel like I can trust Ajit Pai.
After all, there is no big company making these robocalls, hence no big bribes for Ajit to collect.
Should Verizon or AT&T ever start the practise however, I suspect Ajit will turn the ship around on a penny like he did with net neutrality.
There is one thing to be said for Ajit, he represent predictability and stability.
The politicians use robcallers. It really sucks. My wife is a registered Republican - has been voting Dem since the 90s.
Anyway, during the Rep primaries it's nonstop. The politicians, their wives, their business associates all have recorded robocalls ...and this is what it sounds like:
"[candidate's name] is the Conservative candidate. blah blah blah conservative yak yak yak conservative blah blah blah blah conservative yak blah bs bs bs blah conservative ..... " the word conservative is used several more times and then "vote for [candidate's name].
Multiply that times 3 for every Republican candidate.
Then for the general it does get shorter - "A vote for the [democratic candidate] is a vote for Obama's policies!!" Except this past November it was all about "Make America Great again and shit about emails and Bill Clinton scandals."
If a live caller came on, I informed them that I will NOT be voting for Bill Clinton in November '16 - because after all, I'm a the typical informed Republican.
User modifiability of Caller ID was put in as a convenience for businesses which want to have all their phone numbers identify as the same identity. But it's such an inconvenience to everyone else that we will have no choice but to freeze caller identities to prevent criminal spoofing.
When a call comes from a number I do not recognize, I just don't answer. Doesn't matter what it is. Once in a while if I am expecting a call I might answer an unrecognized number. Otherwise, let it go to voicemail.
If they leave a message and it is someone I want to talk to, I add them to my contacts and call them back
And if they robocall from the same number a few times, I add the number to the "ignore" list so I am not bothered by the sound of a ringing phone.
This is not going to make a meaningful impact on spoofed CID robocalls.
We get them constantly, and most have 100% valid CID data -- it's a real, assigned number. About the only distinguishing feature is that most of the robocalls use a "city, state" for the name portion of the CID info, but that mimics how CID data is presented for many/most legitimate cellphone calls, so even that's not a red flag. The worst are the ones that deliberately select a number in your own area code and local prefix; those are almost impossible to screen out because they look like a cellphone call from someone local.
Regarding this topic, I've always wondered whether there is a good and reliable landline call blocking system that also works in Europe. Ideally, I'd like to have an affordable system that allows me to put callers into a waiting line, with a phone menu like in commercial systems, so robots are trapped in the system and human advertisers can be warned that they need to hang up immediately. The system should also be able to record every call and inform callers that their call will be recorded for 'quality assurance purposes'. Of course, you need to be able to deactivate all of this based on a whitelist. Does such a thing exist? Probably very expensive, right?
I am a doctor. I have to answer calls (If you have ever had a medical issue, I hope you can see that logic - I don't know if it is a distant emergency room with one of my patients)
I was at home on a Saturday afternoon, with my kids, and the phone rang with "UNAVAILABLE"
I answered - and a person introduced themselves as a Comcast representative, and they were calling people who they knew didn't have Comcast service.
(We don't have any cable - and TV is only for weekend movies)
When I asked to be placed on Comcast do-not-call list, she raised her voice and snottily told me it "would take 30 days", and I "might get more calls in that period"
I find it disgusting that:
A. Spoofing is possible
B. A huge corporation like Comcast would exploit it
C. The phone companies, who apparently can bill me for 5 seconds of a call to Timbuktu and track that number, hide behind the story that they can't keep track of numbers and spoofing
And yes, I reported this unsolicited call on a Sat afternoon with spoofed caller-id to my state attorney general website, and of course got a form letter, saying thank you, but we don't find this worth our time.
As soon as they start blocking the obviously forged numbers, then all the spammers will switch to forging real numbers. Then they'll have to switch to routing-based blocking. If the number is assigned to a Verizon customer, and the call isn't being routed in a manner that Verizon uses, drop it.
Of course, this means Verizon customers couldn't use VoIP robo-callers with their own number, at least without registering it in some database first. Those customers wouldn't like the extra step, so they'll complain and block the rule.
What we really need is some unforgeable authentication system. This would require some trusted authority to give a public/private key pair for each phone number, so that each call would be accompanied by digitally signed Caller ID. For most customers, this would be handled transparently by their provider. Verizon and the like could even charge a fee for providing keys for use with VoIP dialers. Of course, this would be a major change in how calls are handled, so it would likely take many years and lots of equipment upgrades.
There are plenty of very valid, very legitimate reasons for companies large and small to mask/spoof caller ID numbers. If you knew anything about how the phone system works you'd know this. You'd also know that what they are proposing will be near impossible to accomplish because offshoring and VoIP allow ALL the rules to be broken very easily and cheaply.
It doesn't make any sense for your local pizza place or doctor's office to have 5 or 15 different numbers showing up whenever someone makes a call. They advertise one number and only one number shows up on the caller ID, even though their 5 "lines" all had different and unique numbers.
So the conditions that would be blocked would be;
--numbers that aren't valid under NANPA: foreign numbers and nonsensical numbers like 000-000-0000
--valid numbers that haven't been allocated to any phone company: in NANPA's reserve (like bogons)
--valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber: in a carrier's reserve
which completely ignores all calls that spoof legit numbers that already belong to another entity, which is the most dangerous type of spoofing and the one that needs the most attention. "Hi, I'm from the IRS. See my number? I'm legit!"
Come on, grow some teeth
No! No! No! The only time I get a friendly call from a woman is when Heather, from Account Services, calls to offer me help on my credit card debt. I look forward to those calls every day. When I'm in a bad place, Heather calls and I say "Excuse me, I have to take this". And Heather is amazing. She really gets around. She calls from Maine one day and from Arizona the next. Once while talking to Heather on the office phone, she also called my cell. And a different number every time. Amazing woman, that Heather. Please don't take her away. Could it be I'm falling in love?
How dare the FCC impose even more regulations on teh FREE MARKET! How will we innovate bigly if corporations are denied FREE SPEECH via the phone network? THIS IS AN OUTRAGE! Robocalls will MAKE AMERICA GREAT AGAIN! This is just more Federal over-reach, demanding that private companies bend to the will of Big Brother and implement systems at the expense of shareholders! sad.
See my subject: They OWN arseholetechnica - PWNED by President Trump for fakenews hahahahaha https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22CNN+Banned%22&btnG=Google+Search&gbv=1/
* R o T f L m A o...
APK
P.S.=> Oh, the SHAME of it (nothing new to the WORMS @ the arsehole though - it's what they do & how they roll)... apk
dying in 'murika is the accepted solution as well. why should republidjits pay for a sick democrap's healthcare. only the rich should get sick, then greedy doctors, pharma, hospitals, and insurance companies can make money.
Note that this isn't a requirement to block ANYTHING - just an allowance. The free market will take care of that, with the good providers blocking bad robocalls and thereby gaining more subscribers through their positive customer service efforts.
Of course, this would also allow providers to block numbers that have been issuied by non-phone companies, I suppose, like Google and VoIP providers, so we can get that riff raff out of the system and start making sure you pay a real telecom provider for your service. Capitalism doesn't run on freeloaders , you know, and if we can get those freeloaders into paying customers everyone will be happy and rich. Well, at least for the people who are already rich and own everything. Everyone else can go pound sand (but do it on your own damned time, because you need to go find a job you lazy sap - you've got bills to pay)
Is it just my observation, or are there way too many stupid people in the world?
The phone companies limit the number of phone numbers that you can block from the end-user side. Why not let customers block an unlimited number of calls? You would still get one call but after that the number would be blocked.
People still use phones?
Kidding aside, I have a cheapo ARM system with a caller ID modem and a DTMF decoder. If the number isn't one I've white listed, the DTMF board takes the call and asks for the 4 digit pin to be entered. If they give the correct one, the phone rings in the house. If they don't, they get a voice mail box which is really Dave Null.
My cell only rings for white listed numbers. Everything else goes to the voice mail box. Oh, yeah, I should probably delete some messages so folks can leave new ones.
The simple answer is:
0. Get rid of caller ID and institute out of band signaling for call originator such as ANI. Problem with CID is that it's so easy to spoof. Stop that.
1. Any one desiring to have more than 3 simultaneous outbound calls needs to have a permit - no exceptions allowed even if you are overseas and wish to terminate a call in the US. Get your permit revoked and you can't connect more than 3 outbound calls.
2. World wide blocking list of abusive/junk call sources. Pick one that suits you and use it.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
And it is about time this came up as a serious action.
DoNotCall list gets ignored, that pisses me off.
Compiling a list of active numbers to sell - this too.
Getting calls from pakistani jack kinda does too.
I bet their robo callers are exempt from it.
Let the answer machine pick it up if you don't know the number on the Caller Id.
I get that robocalls with spoofed numbers is adding insult to injury but is there in any* case where a machine making a voice call to a human is not an unwelcome intrusion?
*OK, a wakeup call setup by the intended recipient is one but, really, who uses or needs a wakeup call these days?
please please please finally omfg make this work
This doesn't go far enough and won't catch scammers spoofing using a real, valid phone number to display on your caller ID. We need some kind of trust/certificate system tied to IP and real physical address/person. Once we have that, we can systematically block all callers who spoof their caller ID or otherwise try to mask or confuse their identity over the phone networks, and we can pass a law making it a federal crime to try to do so...
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
If I see number calling me on my mobile that I don't recognize I decline the call. Anyone with a legitimate reason to call me will leave a voicemail. The volume of spam calls I receive has dropped off dramatically since I implemented this personal policy. Since I also refuse to install any app that wants access to my contact list I'm also far more immune to robocallers spoofing my contacts. Carpe diem.
This should be changed from "let" to "require". There's no reason carriers should be putting these calls through. I'm already paying my provider a couple of fees for blocking things, and yet they still let shit through.
"The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid."
Just another day in Paradise
Gosh POTUS banned YOU (lol) + I dusted ars today on slashdot letting /.ers do it for me https://yro.slashdot.org/comments.pl?sid=10320833&cid=53976475/ "2 for the price of 1" what a bargain - "ART OF THE GOOD DEAL" lol...
* ROTFLMAO!
APK
P.S.=> Big trick banning me outta your private little playpen. Outside it you're zero (& less than zero in there, lol) - just because I dusted Jeremy Reimer @ Windows IT Pro with Jay Little (the 'exchange expert', lol - not) who lo & behold STALKED ME THERE too as always like the link above (who knows which ars unidentifiable worm that was)... apk
It's time to move on to more technical solutions. Specifically calls that are automatically encrypted and signed. Ones where you can be sure where they originated from. And I don't mean phones sharing private keys but rather a massive database like the DNS system where every phone is listed possibly multiple times.
It should be trivial to include not only a telephone number but also a pass key so that you can enable a person to call you but also be able to revoke that ability. Something like a 404 error code to tell them you don't want to talk to them anymore; that they are explicitly blocked.
This should be done immediately! I get so many of these every week, even thoug I'm on the do not call list. I also tell them not to call me again but it doesn't work.
incomprehensible why spoofed numbers are allowed anyway.
All I can say is: Thank goodness and it's way about time that now in 2017 this might get done.
I see ppl complaining about collateral damage, e.g. legit uses for spoofing but I say screw it. It's not worth it. If you need those features or whatever find another way to do it. Spoofing needs to be stopped completely once and for all.
I would also like to see more actual enforcement against spammers. Would be great to read about them being locked up which is where they belong.
Then why LIE?!
Agreed, why do some get to do this and some don't. I have an Ooma VoIP line, and they don't let you punch in any number you want into the CallerID field for setup. I have the residential plan, but the question is "why not?". If others can do it, why not everyone? What if I want my home VoIP line to appear to be comming from my cell phone? That is legit of a reason as the business have.
Just let me white list numbers that I want to talk with, and block all others.
The company, before it was sold, produced actually two technology products. Both of which were sold as "security tools". One was their war dialer, "Phone Sweep", which remains one of the world's best war dialers. It was fabulous at telling the difference between real humans, fax machines, modems, and other non-human numbers and sped through such numbers, saving time and optimizing calls for robocalls and phone spam. It had *no* legitimate use, since the modest time it might save robodialing legitimate targets or doing security sweeps was time that a legitimate robodialer or legitimate security sweep had no problem paying for.
Their other problem was "NetIntercept", the world's best packet sniffer designed to write to disk every packet of every channel of traffic, and which its creators long ago optimized for man-in-the-middle attack. Again, it has no ethical use, since local packet sniffing tools by the owners of the firewalls themselves may be less efficient, but the man-in-the-middle attacks done by legitimate packet sniffers are supportable by the owners of the private keys, who own the keys and can do the packet sniffing anyway. NetIntercept was *designed* to support man-in-the-middle attacks by people who do *not* own the private keys and do fundamentally abusive packet sniffing, including and especially supportive of wholesale government traffic sniffing.
Think I'm kidding? Go visit any number of Boston geek, poly, and listen to their founders and original staff self-justify their behavior. Most of their original staff started at FTP Software, one of the the *original* tech startups whose founders went on to successful careers of ethically dubious but personally profitable behavior for the last few decades, in technology and socially questionable behavior through the new favorite hotbed of questionable sexual mores, Arisia, ever since Disclave fell to the sprinkler incident of 1997. For real fun, go digging for how many Sandstorm and and former FTP members were in *attendance* at the BDSM party that ended Dissclave.
Believe me, I could not *possibly* be making this up.
Design a computer that picks up the phone and mimics a company. For sales press 1, for hardware press 2., etc. A computer can probably record the alpha-numeric number and block it if needed. Which a phone can't do!!! You friends can dial a special code to leave a message. And prospective friends and clients can be guided in another folder to leave a message with the "operator". To this day I can't figure out why some bright individual hasn't written code for this. Add to this: If the computer is down, have a backup phone pick up the message with more rings.
block sending the caller ID tones by the call originator, if detected disconnect. Require registration before allowing a trunkline of any sort to send a caller-ID that is not the one assigned to he trunkline. Covers ISDN PRI and T1 handily. Disallow calls from out of country to have a caller name other than International. Foreign call centers can deal with it. They want an exception, they apply to the FCC and register. Then they have to have the caller name for that trunk that matches their client.
The "Open Source" direction would be to provide ANS for free on every line.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!