State Attorneys Urge FCC To Combat Neighborhood Spoofing

Attorneys general from 35 states are urging the Federal Communications Commission to allow telephone companies to block illegally manipulated calls that appear to come from consumers' neighborhoods. From a report: The rule change could help reduce "spoofed" calls from numbers with the same area code as the consumer, or even calls from the consumer's own number. Combating junk marketing calls has been a top consumer protection priority for FCC Chairman Ajit Pai. The FCC last November adopted a set of robocall rules that allowed telephone companies to proactively block calls from invalid, unassigned or unused numbers. The agency then sought public comments on empowering telephone companies further. The attorneys general want to the FCC to create new rules specifically targeting neighborhood spoofing, they said in comments filed Oct. 9 with the agency.

Junk

[Joce640k]

Combating junk marketing calls has been a top consumer protection priority for FCC Chairman Ajit Pai.

Just start castrating anybody caught doing it. It'll soon die out.

(and no, it's not too harsh)

Re:Junk

If you castrate them then unix win, amirite?

Re:Junk

[taustin]

The current interpretation of the Constitution requires and exemption for political calls, so far as the do not call list is concerned.

Spoofing caller ID, however, is a different matter. But then, Caller ID is useless anyway, since it's under the control of the caller.

Revamp the entire system to use ANI instead, with a system in place for the originating phone company and only the phone company to alter it (for things like PBX systems where multiple lines call out from the same place, but need only one Caller ID number reported) after verifying the identity of the company.

With criminal penalties for the phone company execs for collusion.

But it'll never happen.

Re: Junk

[fafalone]

I just can't deal with it any more. Went to white listing. Any number not in contacts gets silently sent to voicemail. Most of them don't leave messages so that's manageable for now. I have a few other rules too, and it's surprisingly hard to implement now on Android. For some reason or another, Mr. Number and all the other apps either removed or never had some of these options, even if they still work. I don't know what the deal is, I'm forced to use an ancient, years-old version of the app to get decent call blocking options, like applying different rules to pattern matched numbers and even choosing between hang up or voicemail. It seems like Google, being an advertising company themselves, must have exerted pressure. Why else would all apps in cateogry all have their call blocking abilities degraded, instead of enhanced, over time?

Re: Junk

[taustin]

Yeah, when criminals call you, they're the outlet for all your life's frustrations. Now matter how abusive you are, even if you threaten to rape their children to death in front of them, there is nothing they can do about it. Threaten to firebomb their office? They can't report it without identifying themselves.

As for signing up for their service, try Fake Name Generator, which will give you a complete fake identity, even a credit card number (guaranteed to be fake, but should pass the checksum).

Why not block all unverified POTS spoofing?

[Etcetera]

I realize certain infrastructure bits need to be able to do this, but why not a regulation that requires outbound data be verified to be under the control of the "real" sending entity? A service (Skype, say) initiating an outbound call with a user-entered number must first validate control (voice call or SMS, etc) and record/audit such validation before putting injecting it into the POTS.

Make that a best-practice at the ITU, but enforce it by regulation for domestic.

That just leaves international calls as suspect (which has long been the case anyways) and international-but-still-in-NANPA calls as notable (ditto).

Re:Why not block all unverified POTS spoofing?

[110010001000]

I don't think call centers care about more regulations, they already ignore the ones in place. There would need to be a technical solution. We would need to get rid off spoofing numbers. The arguments for spoofing aren't good enough to allow the system to be abused.

Re:Why not block all unverified POTS spoofing?

[SoonerSkeene]

I work in an inbound-only call center (tech support for web host). If we call a client back, we spoof our number so the number they see on their caller ID is the same toll free number they called to reach us in the first place. We used to not do this, and every outbound call looked like it came from somewhere in Colorado (we're in Oklahoma), so it helped our customers in more than one way. First, they recognize it's us calling them back about their ticket, and two, they can call the number they saw on caller ID and reach us again. Previously the Colorado local number they saw went nowhere, it was just some bulk trunk line owned by Verizon and leased by our call ACD routing cloud software company. I'd argue it was worse for our clients when we couldn't spoof. They had no idea who was calling them, they get dead-air if they tried to call it back. Having said that, I'm sick of death of getting these "looks local" telemarketing recorded sales pitches, so much that I essentially treat phone calls like email now: safe senders only. If you aren't in my address book head of time, my phone doesn't even ring anymore. It's insane. I must get 3 a day.

Re:Why not block all unverified POTS spoofing?

[110010001000]

I know why people like you do it. There are lots of "valid" reasons to spoof. I don't care. You need to figure out some other method. The entire system is non-functional at this point, so we need to take drastic measures.

Re:Why not block all unverified POTS spoofing?

[mentil]

How about an update to caller ID so that it shows both the true originating number, and the potentially-spoofed number? Worst case scenario you have to make 2 calls to succeed in calling someone back, but you'd always know what number to make a complaint about to the FCC/phone company.

Re:Why not block all unverified POTS spoofing?

[110010001000]

Or just get rid of spoofing. What valid reason is there to spoof a number? The ONLY reason is so the person can't call you back directly and has to go to a central answering service. Companies love that, but that is their problem.

Re:Why not block all unverified POTS spoofing?

[EvilSS]

The problem isn't the spoofing itself, that's not going away, it can't. Companies don't have 1:1 physical lines to extensions, and the numbers assigned to the physical lines usually don't route since they are never actually used in the company phone system. The problem is the phone company systems allow the customer to set any number they want, not just numbers assigned to them. That's the part that needs to change. They need to force the phone companies to start to apply some damn security to the process and prevent assigning numbers not assigned to the customer from being used. Yes it's going to cost money so they won't do it by themselves. They also need to require VOIP companies with outbound calling gateways in the US to log outbound calls and assign to the customer making the calls. Make them financially liable if the customer can't be identified.

Re:Why not block all unverified POTS spoofing?

[Strider-]

I run a (small) phone system, and you're absolutely right. We have 23 outbound lines (gotta love the PRI), and 100 DIDs (in our case, the whole 24xx block). When I generate an outbound call over the PRI, I can technically set the outbound number to whatever I want. The PSTN should reject that call if the ANI I generate is from a block that is not assigned to my PRI.

Re:Why not block all unverified POTS spoofing?

[tlhIngan]

Or just get rid of spoofing. What valid reason is there to spoof a number? The ONLY reason is so the person can't call you back directly and has to go to a central answering service. Companies love that, but that is their problem.

Lots of valid reasons to spoof.

1) Business - making outgoing calls uses a trunk line that doesn't necessarily result in a callable number. Instead, you spoof it so you can give the DID or main line number of company so the person being called can call back. Calling trunk lines does absolutely nothing (dead air, or it rings forever).

2) Call centers - they may handle dozens or hundreds of customers and may need to call you back. It would be nice if the number shown is the company you called, right? I mean, if you called Apple and they said they'd call you back, the number should be the Apple number you called, rather than some random call center number. If you're in urgent need of support and get "Unknown number" calls, you might ignore them, not realizing they're your support call being returned.

3) VoIP. Again, trunk lines. Be nice if someone was using VoIP for their phone that when they called out, their number showed up, right? Better than some random phone number of the trunk line that was used to complete the call to POTS. And since that number changes, it would make using VoIP almost impossible if no one picked up because of all the strange numbers they were getting. (It still happens where you get all 0's or something Then again, it's only VoIP - I mean, who uses it?

What should happen instead is the phone company filters what numbers can be spoofed. There's no reason for a business to spoof numbers that it doesn't own, and call centers already "own" the number used to reach it so they can spoof that. They should not be able to spoof random arbitrary numbers. VoIP providers have pools of numbers as well which can be used to limit their available spoof numbers.

Of course, if you really want to get rid of scammers, ban VoIP. That's it - that's the only way they can call from India and do their scams.

But of course, VoIP is too valuable and too "high tech" and modern. Perhaps we can ban spoofing VoIP, so every VoIP call shows up as 000-000-0000.which could be your friend with Vonage or Skype or other program, or an Indian scammer. After all, it's not our fault people use VoIP, right?

Re:Why not block all unverified POTS spoofing?

[fishscene]

Spoofing is valid in certain scenarios and if you think spoofing is never valid - you've never worked in a call center or answering service and have no concept of the myriad of chaos that would be generated without spoofing. Keep in mind these call centers are generally working with the public. So let's say a person calls in to a call center and agents are busy. The call is logged and an agent calls the customer back without call ID spoofing. That agent was very helpful and the customer was impressed - so much so that the customer saves their number as the contact for this company. The agent is now fully responsible for handling the customer - whether they are on vacation, move to a position in the company... and it's generally rude to call one person and have another person answer - so now customer service quality goes down in the eyes of the customer if: - Agent is on vacation - Agent is out sick. - Agent is at the end of their day and hasn't gotten through all their voicemails. - Agent is tired of working with people because the customers love them and are adding the agent to their direct contacts. - Agent flips a table and walks out because other agents aren't doing anything and get sent home. - Agent 2 replaces Agent 1 and customers are disappointed. I mean, these are very real scenarios. Asking for companies to "deal with it" isn't answer. Customers can "deal" with cold-calls with spoofed numbers. There has to be a better way then telling one party that this is entirely "their problem" because unrelated bad actors are taking advantage of the system.

Re: That might be counterproductive

[Waffle+Iron]

In your case, yes, you can assume any inbound caller is either a bill collector or a robocall so you can afford it. The rest of us have friends, business associates, etc.

If it's anyone I care about, it's already in my contacts list and gets displayed using their real names. Any other number purporting to be from my exchange is always spam.

Re: That might be counterproductive

[Obfuscant]

If only there was a way to recognize the numbers of people you know. Maybe even have their name appear on the screen.

I think you completely missed the point of this entire discussion. The issue is that robo and spam callers can send any number and name data that they want, even that of your friends or neighbors. You can recognize the name, pick up the phone, and find out that someone at your number has requested information about back braces.

And unfortunately, the state AGs have missed out on one bit of technology that everyone thought was a good thing at the time: number portability. If I move from A to B and change cell providers, I can take my old phone number with me! If I used to live in 202-land but moved to 503-land, for example, I can keep my 202 area code number. Suppose I try calling my friend who I lived next door to in 202-land. There will be an inbound call to the central office serving his phone showing a 202 area code but coming from outside the 202 area. Does the phone company block that call as spam? It's not.

A related problem is VoIP. I have Vonage and when I signed up they had NO local numbers available for me. I could get a number in a city far away but in the same area code, or in a different area code altogether. I got a number that was local to my parents and family so they could call me toll-free. So, when I call someone next door to my brother the caller ID will show a local number. Does the phone company block that call because it must be spam?

Re:Technology is the answer, not the FCC

[dissy]

"Neighborhood number" is, today, a useless phrase. That's what makes a proposal to block "neighborhood numbers" as spam technically wrong.

I suppose that makes me jealous of you.
The area code I'm in ranks #5 in most neighborhood number spam calls in north america.

Spam calls spoofed with my area code and prefix number 7-10 nearly every single day for the past two years. Last December near Christmas time was a week or two that count dropped to 1-3 per day.

I count 16 voicemails on my phone from such numbers, all real people who are calling back to bitch and complain about the spam calls all night after my own number was spoofed to them.

Now looking back at my robokiller history, between March 2016 and today, I have received a total of 6 calls flagged as spam from non-neighborhood numbers which I don't recognize the area codes of.

Yes, six (6!), in two years. Compared to over 5000 neighborhood number spam calls.

So to many people around here "neighborhood number" is far from useless of a phrase, it's nearly required language both in discussing such calls as well as naming the feature used to block them in software on our phones.

The problem has gotten so bad that it drew attention from lawmakers over a year ago and is being used as a basis to criminalize not just neighborhood number spoofing but any unwanted call spoofing, but of course the law moves slow as hell and it will likely be another year before any results come from it.

In the mean time, we have few options and taking matters into our own hands for blocking rule purposes is going to give the best results.
It's very nice to block 99.998% of your spam calls with a single toggle switch in software conveniently named "block neighborhood numbers"