FCC Chair Wants Carriers To Block Robocalls From Spoofed Numbers

An anonymous reader quotes a report from Ars Technica: The FCC in 2015 made it clear that voice service providers can offer call blocking tools to customers, but commissioners said at the time that more needed to be done about Caller ID spoofing. FCC Chairman Ajit Pai has now scheduled a preliminary vote for March 23 on new rules designed to solve the problem. "One particularly pernicious category of robocalls is spoofed robocalls -- i.e., robocalls where the caller ID is faked, hiding the caller's true identity," the proposal says. "Fraudsters bombard consumers' phones at all hours of the day with spoofed robocalls, which in some cases lure consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or lead to identity theft." The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid." Providers would be able to block numbers that aren't valid under the North American Numbering Plan and block valid numbers that haven't been allocated to any phone company. They'd also be able to block valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber. The proposal would also codify the FCC's previous guidance that phone companies can block calls when requested by the spoofed number's subscriber. The upcoming vote on March 23 is for a Notice of Proposed Rulemaking (NPRM), which means the rules won't take effect immediately. The FCC uses NPRMs to seek comment on proposals before issuing final rules.

ALL

[markdavis]

Why the F would you want to block only robocalls from spoofed numbers? Let me make a better proposition:

1) Ban/block *ALL* robocalls, period.
2) Ban/block *ALL* spoofed numbers, period.

Ajit is consistent

[TimothyHollins]

On this topic I actually feel like I can trust Ajit Pai.
After all, there is no big company making these robocalls, hence no big bribes for Ajit to collect.
Should Verizon or AT&T ever start the practise however, I suspect Ajit will turn the ship around on a penny like he did with net neutrality.

There is one thing to be said for Ajit, he represent predictability and stability.

Re:And any other CLI masking, please!

[Alain+Williams]

That should include numbers from another country. Telephone exchanges worldwide are just special purpose computers, so there is no reason/excuse at all that numbers should not be passed onto another country.

Re:And any other CLI masking, please!

[karnal]

There is a reason for businesses to spoof a number.

Let's say I own Bob's National Grocery chain. My internal number is 888-555-1555. When I dial out, for privacy reasons, my number shows as the internal switchboard number - 888-555-2627 ("bobs" lol). This should not be a problem, as (1) my company owns this number and (2) it is answered. The issues here are two fold:

1. How do you determine the number I am advertising is mine? The answer here is simple - for numbers I advertise out from my phone switch, I must own these from the phone company I am peering with (first hop) or have some way to prove that I own those DIDs if I have multiple peering companies. Not a difficult hurdle to overcome.
2. How do you determine the number I am advertising (assuming step #1 is valid) is a valid company or answered number? In the case of robocalls or spam, my company could prove I own a block - satisfying #1 above, but turn out to be a voicemail box that's full or a non-company-answered blank DID.

About 15 years ago, I played around with a company owned phone switch setup and found that ANY number I put to advertise outbound was picked up and relayed to the target's caller id. I made a few test calls to my cell phone to validate that this was possible and then promptly reverted back to the company's owned block.

Re:And any other CLI masking, please!

[tomhath]

Well, there is a reason, albeit not a good one. If you knew who they are you would never answer them.

The Do Not Call list is a joke, the proposed rule is an example of good regulation.

Routing-Based Blocking

[crow]

As soon as they start blocking the obviously forged numbers, then all the spammers will switch to forging real numbers. Then they'll have to switch to routing-based blocking. If the number is assigned to a Verizon customer, and the call isn't being routed in a manner that Verizon uses, drop it.

Of course, this means Verizon customers couldn't use VoIP robo-callers with their own number, at least without registering it in some database first. Those customers wouldn't like the extra step, so they'll complain and block the rule.

What we really need is some unforgeable authentication system. This would require some trusted authority to give a public/private key pair for each phone number, so that each call would be accompanied by digitally signed Caller ID. For most customers, this would be handled transparently by their provider. Verizon and the like could even charge a fee for providing keys for use with VoIP dialers. Of course, this would be a major change in how calls are handled, so it would likely take many years and lots of equipment upgrades.

Re:And any other CLI masking, please!

[Ol+Olsoc]

There is a reason for businesses to spoof a number.

Likewise, a reason for me to ignore those calls. I understand what you say, but at this point, don't care.

This is all much too little, much too late. Over the years of being bombarded by this worthless crap, I've just reached the point where if you aren't in my address book on my phone, it won't even ring. For me and a lot of others, the telephone has been just about destroyed as a communications tool.

Doesn't get us far

[PuddleBoy]

So the conditions that would be blocked would be;

--numbers that aren't valid under NANPA: foreign numbers and nonsensical numbers like 000-000-0000
--valid numbers that haven't been allocated to any phone company: in NANPA's reserve (like bogons)
--valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber: in a carrier's reserve

which completely ignores all calls that spoof legit numbers that already belong to another entity, which is the most dangerous type of spoofing and the one that needs the most attention. "Hi, I'm from the IRS. See my number? I'm legit!"

Come on, grow some teeth

Heather, from Account Services

[methano]

No! No! No! The only time I get a friendly call from a woman is when Heather, from Account Services, calls to offer me help on my credit card debt. I look forward to those calls every day. When I'm in a bad place, Heather calls and I say "Excuse me, I have to take this". And Heather is amazing. She really gets around. She calls from Maine one day and from Arizona the next. Once while talking to Heather on the office phone, she also called my cell. And a different number every time. Amazing woman, that Heather. Please don't take her away. Could it be I'm falling in love?

Re:And any other CLI masking, please!

[unixisc]

Olsoc's #2) above deals w/ your scenarios. If I get calls from my bank, credit cards or doctor, I do answer the call or call back. But I get a lot of calls from people who thought they were calling someone else, and also, robocalls have increased. I know that robocalls have emerged b'cos more people are afraid of being rebuffed on the phone - sometimes rudely, sometimes not, but if I get a robocall, I hang up. Most irritating are the robocalls that pretend to be a live person - the one where a female voice says, after a pause 'I'm sorry, I was talking to my husband' and then goes on to tell me about the cruise to FL. Which doesn't even make sense, given that 'she' was the one who called, not I