FCC Chair Wants Carriers To Block Robocalls From Spoofed Numbers

An anonymous reader quotes a report from Ars Technica: The FCC in 2015 made it clear that voice service providers can offer call blocking tools to customers, but commissioners said at the time that more needed to be done about Caller ID spoofing. FCC Chairman Ajit Pai has now scheduled a preliminary vote for March 23 on new rules designed to solve the problem. "One particularly pernicious category of robocalls is spoofed robocalls -- i.e., robocalls where the caller ID is faked, hiding the caller's true identity," the proposal says. "Fraudsters bombard consumers' phones at all hours of the day with spoofed robocalls, which in some cases lure consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or lead to identity theft." The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid." Providers would be able to block numbers that aren't valid under the North American Numbering Plan and block valid numbers that haven't been allocated to any phone company. They'd also be able to block valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber. The proposal would also codify the FCC's previous guidance that phone companies can block calls when requested by the spoofed number's subscriber. The upcoming vote on March 23 is for a Notice of Proposed Rulemaking (NPRM), which means the rules won't take effect immediately. The FCC uses NPRMs to seek comment on proposals before issuing final rules.

And any other CLI masking, please!

[aglider]

There's no reason for companies to mask or spoof their phone numbers. Yes, please, stop all that!

Re:And any other CLI masking, please!

[Alain+Williams]

That should include numbers from another country. Telephone exchanges worldwide are just special purpose computers, so there is no reason/excuse at all that numbers should not be passed onto another country.

Re:And any other CLI masking, please!

[karnal]

There is a reason for businesses to spoof a number.

Let's say I own Bob's National Grocery chain. My internal number is 888-555-1555. When I dial out, for privacy reasons, my number shows as the internal switchboard number - 888-555-2627 ("bobs" lol). This should not be a problem, as (1) my company owns this number and (2) it is answered. The issues here are two fold:

1. How do you determine the number I am advertising is mine? The answer here is simple - for numbers I advertise out from my phone switch, I must own these from the phone company I am peering with (first hop) or have some way to prove that I own those DIDs if I have multiple peering companies. Not a difficult hurdle to overcome.
2. How do you determine the number I am advertising (assuming step #1 is valid) is a valid company or answered number? In the case of robocalls or spam, my company could prove I own a block - satisfying #1 above, but turn out to be a voicemail box that's full or a non-company-answered blank DID.

About 15 years ago, I played around with a company owned phone switch setup and found that ANY number I put to advertise outbound was picked up and relayed to the target's caller id. I made a few test calls to my cell phone to validate that this was possible and then promptly reverted back to the company's owned block.

Re:And any other CLI masking, please!

[tomhath]

Well, there is a reason, albeit not a good one. If you knew who they are you would never answer them.

The Do Not Call list is a joke, the proposed rule is an example of good regulation.

Re: And any other CLI masking, please!

[DavidPetersonHarvey]

It also allows one company to work as another company's representative while maintaining a single point of contact.

Re:And any other CLI masking, please!

[rmdingler]

Well, there is a reason, albeit not a good one. If you knew who they are you would never answer them.

Actually, that's a pretty good reason. Most of us stopped answering anonymous and unrecognized calls years ago, due to the likelihood such attempts at contact would be nuisance calls.

I run a local service company, and I'm obligated to answer the phone call when a local prefix shows up. Too often now, that winds up being an offer for a preapproved small business loan or a need to update my records for some such thing.

With robocalls able to mimic local phone exchanges, we're back in the wild, pre-caller ID days, and might as well have to answer every phone call... what are we? Savages?

Re: And any other CLI masking, please!

[aglider]

YOUR phone operator knows who you are and whether your advertised number is licit or not. NO EXCUSE!

Re:And any other CLI masking, please!

[Ol+Olsoc]

There is a reason for businesses to spoof a number.

Likewise, a reason for me to ignore those calls. I understand what you say, but at this point, don't care.

This is all much too little, much too late. Over the years of being bombarded by this worthless crap, I've just reached the point where if you aren't in my address book on my phone, it won't even ring. For me and a lot of others, the telephone has been just about destroyed as a communications tool.

Re:And any other CLI masking, please!

[aussie_a]

So which regulations will the FCC be removing in order for this one to go into effect?

After all, Trump requires more regulations to be repealed than are added in his term (regardless of how good they are).

Re: And any other CLI masking, please!

[corychristison]

I have a two numbers for my business. I use VOIP for a number of reasons, mostly cost and flexibility.

I have a Toll Free (888) number, and a local number.

My numbers are with two different providers. The reason is that I started with just a toll free because it was not possible to get a local number. A few years later I found a different provider that has numbers for my area.

The provider of my Toll Free has cheaper outgoing calls, so I use them exclusively for outgoing calls.

My local number is simply pointed at my inbound SIP address at the first provider.

One of the reasons I got a local number is when I make an outgoing call with my 888 number, some people are hesitant to pick up, and some businesses simply block it. One of my clients is a University in New York, and I was not able to call them.

So I set my outbound call display number as my local number, that is mine, but the provider has no way of internally verifying it is mine. It is quite useful in many cases to be able to advertise my outgoing number as one that isn't with that provider.

With that said, one thing that Twilio does right is call the number you are claiming to own, and asks you to enter a code to verify that you at least have access to it. It's a pretty good middle ground to ensure someone isn't abusing someone elses number.

Re:And any other CLI masking, please!

[sjames]

Simple enough, adopt a same origin policy. Your phone provider(s) can allow you to spoof any number that is assigned to you as long as it comes from a line that is assigned to you. If you want/need a 3rd party to spoof a number assigned to you, just sign a document in blood (figuratively) that lines belonging to 3rd party represent you for the next x days.

Re: And any other CLI masking, please!

[gweilo8888]

No, it is not an example of good regulation, but then we wouldn't expect otherwise from Ajit Pai. He has no interest in protecting consumers, just in giving the impression of doing so -- and that's what this regulation will do. It only takes two seconds to realize that all the scammers have to do is change to spoofing real phone numbers instead, testing each number they plan to use once first to be sure it rings. Hey presto, no reduction in spam calls and possibly an increase in phantom rings.

Re:And any other CLI masking, please!

[unixisc]

Olsoc's #2) above deals w/ your scenarios. If I get calls from my bank, credit cards or doctor, I do answer the call or call back. But I get a lot of calls from people who thought they were calling someone else, and also, robocalls have increased. I know that robocalls have emerged b'cos more people are afraid of being rebuffed on the phone - sometimes rudely, sometimes not, but if I get a robocall, I hang up. Most irritating are the robocalls that pretend to be a live person - the one where a female voice says, after a pause 'I'm sorry, I was talking to my husband' and then goes on to tell me about the cruise to FL. Which doesn't even make sense, given that 'she' was the one who called, not I

Re:And any other CLI masking, please!

[thegarbz]

Most of us stopped answering anonymous and unrecognized calls years ago

Indeed. Many people will take this to a logical extreme. My partner is a teacher and for a while she was a substitute teacher. This required her number to be listed with a myriad of people who she didn't recognise. For this she actually bought a second phone with a second SIM. She only ever answered unrecognised numbers on that phone which led to some hilarity when I was stuck in the bush without cell phone coverage but tried to collect call her from a payphone. She did answer her work phone but not her main phone despite me ringing it about 6 times.

Re:And any other CLI masking, please!

[SeaFox]

Aren't they already removing regulations for Net Neutrality?

Re:And any other CLI masking, please!

[LeftCoastThinker]

This is a potentially dangerous consequence of this reckless behavior by telemarketers. I wonder what the social and economic impact has been over the years of all the un-answered phone calls by people assuming it was a telemarketer when it was in fact an important call that they should have taken, all because a few assholes want to abuse the system for their personal economic gain...

Re:And any other CLI masking, please!

[Maxo-Texas]

You must have a very odd definition of "we took it like adults".

3 of Mr. Trump's associates have lied about meeting with the top russian spy master (a republican's words- not a democrats) in the U.S. so far.

Look- even if Ted Cruz had been elected, I'd say you have a point. But something is seriously wrong with Mr. Trump. it stinks to high hell.

Re: And any other CLI masking, please!

[PPH]

Exactly.

But why do YOU have to do this? Make it a service provided by your telco. You buy a block of 200 numbers and specify that they identify them as the inbound 800 number. Taking this function out of the hands of the end user and putting it under control of the people who regulator can get hold of should it be abused would go a long way to ending abuse. Or at least give law enforcement a telco employee that can be butt-raped in prison for the transgression.

Telcos can easily restrict the applied ID to a number that they know they actually sold to you.

Re:And any other CLI masking, please!

Since you spent all 8 years screaming in terror at the black man in the white house was getting your guns and money and was making death panels to kill you in FEMA camps. Not to mention 8 years on a statement that there would be no agreements with the president and that everything would be done (and you did it) to stop anything being accomplished.

That is your "taking it like a man", and sure, you should expect us to return the favour and take it similarly.

Bite a towel.

Re:And any other CLI masking, please!

[LeftCoastThinker]

The only things that stink here are the fetid bias of the MSM and their complete lack of journalistic ethics and the Democrats lack of ethics of any kind (likely to be revealed in the coming weeks as the AG opens real investigations and begins criminal prosecutions).

Just to be clear, there was no lying involved with Jeff Sessions. Here are some facts without the liberal MSM spin machine shitting all over them:

Attorney General Jeff Sessions was asked under oath if he had ever had any contact with the Russians regarding the Trump campaign. The exact question was:

"Several of the President-Elect’s nominees or senior advisers have Russian ties. Have you been in contact with anyone connected to any part of the Russian government about the 2016 election, either before or after election day?"

Jeff Sessions answered "No."

There has been zero evidence to date that his answer was not accurate (note the question asked about contact with the Russian government about the election, not contact with the Russian government in general as the MSM and dishonest Democrats are alleging...) Even the far left factcheck.org who are shills for the liberal progressive movement say there is nothing there: http://www.factcheck.org/2017/...

Fact 1: Jeff Sessions met with the Russian ambassador once in 2016, before he was part of the campaign, as a function of his position on the armed services committee.
Fact 2: The meeting was also attended by several retired armed service members and staffers, hardly the venue for collusion about throwing an election.
Fact 3: His other "meeting" was in a receiving line for 30 seconds surrounded by hundreds of people, again no sane person would believe that this even provided opportunity to discuss the 2016 election.

If you look at the facts, this is a non-story, but the MSM and democrats are doing their best to conflate and confuse the public.

Michael Flynn's "improper contact" with the Russian ambassador happened after the election and was nothing sandwich. It was in his job description to interact with foreign diplomats, and his only mistake was trying to get a jump on his responsibilities rather than waiting for after his confirmation hearings. Many legal scholars say that because Flynn was part of the president elect's selected cabinet, he was not in violation of law and could have made a strong case and would have won any legal challenge to his actions (in the same way that every president elect, including Trump interacts legally with foreign countries/leaders even though he has not been sworn in yet). He resigned not because it was illegal or indicative of collusion with the Russians to throw the election but because he is an honorable man and didn't want it to be a distraction.

From now forward I suspect you will see some really brutal blow-back on all of the criminal felon leakers in the federal government, and you may see many from the Obama administration perp walked in handcuffs for leaking classified information and/or illegal wiretapping/lying on a federal warrant application and serving hard time in federal prison. Since day one, the Democrats and Obama appointees have been working to sabotage the government to prevent Trump from getting anything done, and they have been succeeding, but the jig appears to be up with the revelation that the Obama admin wiretapped Trump under false pretense during the election and systematically distributed classified information within the executive branch for the purposes of later leaking it to the press.

The Obama administration was empirically one of the least transparent, most corrupt administrations in modern history (lying on warrant applications and then wire tapping the AP and reporter James Rosen, anyone remember that?), and it appears that Trump is not going to give them a pass any more and is now directing the FBI and attorney general to begin investigating the misdeeds of the Obama administration.

ALL

[markdavis]

Why the F would you want to block only robocalls from spoofed numbers? Let me make a better proposition:

1) Ban/block *ALL* robocalls, period.
2) Ban/block *ALL* spoofed numbers, period.

Re:ALL

[sjames]

The second case should not be permitted. If you want to call me, you'd better be willing to answer when I call you. Otherwise, go away.

Ajit is consistent

[TimothyHollins]

On this topic I actually feel like I can trust Ajit Pai.
After all, there is no big company making these robocalls, hence no big bribes for Ajit to collect.
Should Verizon or AT&T ever start the practise however, I suspect Ajit will turn the ship around on a penny like he did with net neutrality.

There is one thing to be said for Ajit, he represent predictability and stability.

Re:Ajit is consistent

[DogDude]

After all, there is no big company making these robocalls, hence no big bribes for Ajit to collect.

Who allows robocalls to happen in the first place, Einstein? Who gets paid for the robocalls calls, Doctor?

Jesus Christ.. No wonder we have Trump.

Re:Time to make Caller ID non-modifiable

[mrbester]

If they have multiple lines that terminate at the same building, an office PBX has been able to be set to one of them for outgoing calls for decades. VoIP can have the same. But cheap businesses don't like that, or even to show a fixed line number. They'd rather advertise some NGN that costs them $5/y that means they get paid cents on the minute for every incoming call.

Routing-Based Blocking

[crow]

As soon as they start blocking the obviously forged numbers, then all the spammers will switch to forging real numbers. Then they'll have to switch to routing-based blocking. If the number is assigned to a Verizon customer, and the call isn't being routed in a manner that Verizon uses, drop it.

Of course, this means Verizon customers couldn't use VoIP robo-callers with their own number, at least without registering it in some database first. Those customers wouldn't like the extra step, so they'll complain and block the rule.

What we really need is some unforgeable authentication system. This would require some trusted authority to give a public/private key pair for each phone number, so that each call would be accompanied by digitally signed Caller ID. For most customers, this would be handled transparently by their provider. Verizon and the like could even charge a fee for providing keys for use with VoIP dialers. Of course, this would be a major change in how calls are handled, so it would likely take many years and lots of equipment upgrades.

Re: Landline call blocking... suggestions?

[radiumsoup]

I use Ring Central for one of my businesses, and it does everything you're asking for (except maybe the whitelist, I haven't looked into that because I've never needed it - but people "in the know' can hit an extension number to get through immediately.) My personal extension forwards to an IP phone at my desk and my mobile phone simultaneously.

Re:Here is what I do...

[Ol+Olsoc]

When a call comes from a number I do not recognize, I just don't answer. Doesn't matter what it is. Once in a while if I am expecting a call I might answer an unrecognized number. Otherwise, let it go to voicemail.

If they leave a message and it is someone I want to talk to, I add them to my contacts and call them back

And if they robocall from the same number a few times, I add the number to the "ignore" list so I am not bothered by the sound of a ringing phone.

A pretty good mode. Self defense against the phone Visigoths at the gates. I am really surprised that legitimate business interests haven't worked on curing this along time ago. These days, charitable organizations who rely on phone canvassing are included in the listing of calls that aren't answered, that political calls are psychologically associated with fix your PC scams, or the IRS scams, or whatever other scammy crap these criminals are promoting.

Doesn't get us far

[PuddleBoy]

So the conditions that would be blocked would be;

--numbers that aren't valid under NANPA: foreign numbers and nonsensical numbers like 000-000-0000
--valid numbers that haven't been allocated to any phone company: in NANPA's reserve (like bogons)
--valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber: in a carrier's reserve

which completely ignores all calls that spoof legit numbers that already belong to another entity, which is the most dangerous type of spoofing and the one that needs the most attention. "Hi, I'm from the IRS. See my number? I'm legit!"

Come on, grow some teeth

Re:Doesn't get us far

[thegarbz]

which completely ignores all calls that spoof legit numbers that already belong to another entity

This type of activity is already illegal and therefor gives enforcement agencies some teeth to fight it.

Re:Doesn't get us far

[Megane]

"Hi, I'm from the IRS. See my number? I'm legit!"

That was so last year. Now it's "blah blah blah blah can you still hear me?" [wait for YES] [save YES recording for nefarious purposes]

Heather, from Account Services

[methano]

No! No! No! The only time I get a friendly call from a woman is when Heather, from Account Services, calls to offer me help on my credit card debt. I look forward to those calls every day. When I'm in a bad place, Heather calls and I say "Excuse me, I have to take this". And Heather is amazing. She really gets around. She calls from Maine one day and from Arizona the next. Once while talking to Heather on the office phone, she also called my cell. And a different number every time. Amazing woman, that Heather. Please don't take her away. Could it be I'm falling in love?

Re:There are PLENTY Of Reasons

[sjames]

So allow same origin spoofing. Any line the local pizza place or doctor's office owns can advertise any number assigned to them but no others.

Apply the rules at the border should a call be handed off for completion.

Re:Here is what I do...

[buss_error]

He doesn't seem to grasp the concept of ignoring phone calls. I don't get it.

It's a generational thing, one I had a hard time breaking myself of in fact. It's hard to explain, but when I was younger, a call wasn't normally an interruption or scam attempt. Every call was likely something that was legitimately needing attention.
When I finally got rid of my AT&T land line, I had not received a single legitimate phone call on it for more than three years but received on average 9 calls a day, and never used it to make calls. Once AT&T demanded almost $75 a month for a simple POTS and no other service, I said ENOUGH! and got rid of them. I've never felt better than to be completely free of the horror of AT&T.

Re:Time to make Caller ID non-modifiable

[Ol+Olsoc]

And what do you do when a loved one is in an accident and the hospital or police are trying to call you to notify you Mr. Smarty pants?

If I get two phone calls from the same number within three minutes, it will ring through. They can leave a message as well, Mr Sweetie Pie.

What if they call while I'm taking a dump. What if they call while I'm inside a tunnel. What if they call while I'm on the phone talking to someone else, what if what if?

Are you one of the millenials who breaks into a cold sweat of fear when that last little bar disappears form your phone? I've worked with some who won't leave an area with cell phone coverage. Had one try to get me to turn around while on the way to a remote site. Spent most of his time there climbing on things to try to get a little extra height to re-establish his wireless umbilical cord. Something might happen that someone might need to get hold of them about something that is the most important thing they will ever take a call about. That's addiction personified.

Do you sleep with your phone? And how in the hell did humans ever manage to survive before we had these little things? Did they never leve their loved ones?

Re:Why allow robocalls at all?

[dcw3]

I get reminder calls from my doctor, dentist, pharmacy, etc. None of them are human, but all are welcome.

Thank goodness

[execthis]

All I can say is: Thank goodness and it's way about time that now in 2017 this might get done.

I see ppl complaining about collateral damage, e.g. legit uses for spoofing but I say screw it. It's not worth it. If you need those features or whatever find another way to do it. Spoofing needs to be stopped completely once and for all.

I would also like to see more actual enforcement against spammers. Would be great to read about them being locked up which is where they belong.