US Regulator Demands Companies Take Action To Halt Robocalls

FCC Chairman Ajit Pai on Monday wrote the chief executives of major telephone service providers and other companies, demanding they launch a system no later than 2019 to combat billions of "robocalls" and other nuisance calls received by American consumers. Reuters reports: In May, Pai called on companies to adopt an industry-developed "call authentication system" or standard for the cryptographic signing of telephone calls aimed at ending the use of illegitimate spoofed numbers from the telephone system. Monday's letters seek answers by Nov. 19 on the status of those efforts.

The letters went to 13 companies including AT&T, Verizon, T-Mobile, Alphabet, Comcast, Cox, Sprint, CenturyLink, Charter, Bandwith and others. Pai's letters raised concerns about some companies current efforts including Sprint, CenturyLink, Charter, Vonage, Telephone and Data Systems and its U.S. Celullar unit and Frontier. The letters to those firms said they do "not yet have concrete plans to implement a robust call authentication framework," citing FCC staff. The authentication framework "digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it," the FCC said.

Just follow the money

[Koby77]

How is it that a phone network would know who to bill for a call, but would not know who placed the call?

Re:Just follow the money

[Drishmung]

A phone network knows the numbers in its own network, but relies on the networks it peers with to supply correct information.

If Verizon passes on a call from Cox, it trusts the number Cox says originated the call. In terms of billing, Verizon doesn't care. It doesn't send a bill to the originating caller (Cox's subscriber), it sends it to Cox, with appropriate call details (time of day, duration, A & B numbers, etc.)

Given that every telco doesn't peer with every other telco, that trust then gets distributed---and diluted.

As networks get huge, and hugely complicated, bad actors can spoof their numbers. Or, they may just steal them (hack into someone's PBX and jump off from its number).

Re:Just follow the money

[Koby77]

Then it seems to me that no endpoint authentication is required. Simply mandate that the originating network, which of course knows the caller ID of its own subscriber, to pass along the correct caller ID. Otherwise there shall be statutory fines. Such statutory fines are already commonplace in other industries for violators.

Re:Just follow the money

It is 100% controllable by the phone companies.

I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

Re:Just follow the money

[scdeimos]

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

Re:Just follow the money

[msauve]

When's the last time you paid for a domestic call not covered under basic flat rate service? Is "long distance" still a thing?

Re: Just follow the money

Force the US endpoint carrier to charge the foreign endpoint for every fraudulent call, and pass the buck to the foreign nations to fix their routing problems.

Re: Just follow the money

VoIP for PBX
Some exchanges relies on VoIP technology -- Voice Over Internet Protocol. VoIP telephone systems turn phone calls into data packages and send them over a computer network. A company's return on investment using VoIP will vary depending on the phone services it uses. Compared to a regular PBX, a VoIP or IP exchange cuts costs because the company can use one network for phone calls and data, instead of two. Instead of central switchboard, the PBX has a central server. The phones in the office have the software or hardware to connect to the server.

Virtual PBX
Instead of a business setting up the exchange inside its building, a virtual PBX turns that responsibility over to another company. From the business's point of view, everything works the same, but without having any of the tech on-site. Having another company provide virtual PBX services offers some advantages: There are no physical limits on the number of lines and it's easy to add more when needed. Virtual PBX systems are also known as hosted PBX.

Centrex
Businesses can manage their phone systems without going PBX. A centrex -- central office exchange -- has the phone company provide the equivalent of a PBX. The local phone company reserves part of its network for the business paying for centrex service. The equipment may be off-site, like a virtual PBX, or installed on the business premises. Either way, it's the phone company's job to maintain it and upgrade it, rather than the customer's.

Re: Just follow the money

[tcgroat]

I would favor that, with the majority of the fee being statutory damages paid to the both the receiver of the call and to the person whose number was spoofed. Then we just need to bring the political polls and campaign calls under the robo-call prohibition, and perhaps it would be safe to to answer the phone again.

Re: Just follow the money

[Drishmung]

Alas, it's more complicated than it appears. Way more complicated

The FCC proposal seems stupidly complex on the face of it, but it might be the simplest solution. (Might, I don't know.)

Re:Just follow the money

[omnichad]

you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

No they don't. You can have numbers from several different providers. You can make outbound calls with your cell phone's number. All legitimate use cases and not able to be authenticated by the terminating provider

Re:Just follow the money

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

I'm of the opinion that we might want to start charging the originator of the call, not the receiver. Then everyone might get their act together, if they are left holding the bag for their poor security.

Re:Just follow the money

[pushing-robot]

If they can't verify it, pass that knowledge along to the user. Smartphones could easily show a trust banner for phone calls like browsers do for web sites. Most people rarely get random calls from outside the country, so it would be an immediate red flag.

Re:Just follow the money

[Obfuscant]

Is "long distance" still a thing?

Yes. "Basic flat rate service" is local. "Extended calling area" gets me a few neighboring cities. Everything else is LD. Which, through an interesting bit of history I don't actually have, but still pay the FCC LD access fee.

Of course, the logical naming system for phone services falls apart when it comes to Caller ID. "Caller ID Name And Number" is the name of the service. Names are rarely included, and numbers are mostly fake.

Re: Just follow the money

look they do it all the time for sms gateways.

just follow the money. if the calls keep getting through someone is paying for them, thats just how it is.

if they're not paid, they cut off the peering, duh.. you do realize that in any other case they would be using the robocalls to advertise cheaper(free / low flat fee) call rates? because the alternative to the money trail is just that, that they could sell free phone calls.

Re:Just follow the money

[currently_awake]

If there were fines for spoofed caller id, the carriers would want to eliminate the problem, as opposed to wanting to ignore the problem.

Re:Just follow the money

[ShanghaiBill]

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

You don't. You just fine the telecoms a significant amount of money for every spoofed robo-call. Let them worry about how to fix the problem.

Once the fines start, I predict they will come up with a solution in about five minutes.

Financial incentives work better than regulatory micromanagement.

Re:Just follow the money

[tlhIngan]

It is 100% controllable by the phone companies.

I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

And some providers do. We switched landline providers and our new one filters the caller IDs we tell it. Our old one didn't, but the new one knows which phone numbers belong to us and does a quick lookup to make sure the number we pass it is one of ours. (We have something like 100 phone numbers, but we only have around 15 connections on a fractional).

The biggest source of the spoofs really is VoIP - and it's going to be hard to source filter those because many VoIP providers have large pools of numbers that they peer with everyone, so those lists need to be shared with all their connection providers. But that's becoming a fancy form of spoofing if your provider can simply acquire a number (from somewhere other th an you) and say it's theirs.

Perhaps all the VoIP providers need to get together and actually list out who owns what number in a centralized directory that can be consulted/ And if it's not there, then show up as 000-000-0000 or something to show an obviously invalid number and to hang up on them. But sucks to be on VoIP...

Re:Just follow the money

[djinn6]

The number of spam Skype calls I receive is 0. Same goes for Facebook, Hangouts and WhatsApp. If they can all figure it out despite working through a medium with 0 trust (that is, the internet), so can telecoms.

Re:Just follow the money

[nukenerd]

I'm of the opinion that we might want to start charging the originator of the call, not the receiver.

Is the USA the only place in the World that charges the recipient something for the call? From the UK, I find charging the recipient anything is almost unbelievable to the point of insanity.

Re:Just follow the money

[Drishmung]

That's actually the reason. The Internet is a medium with zero trust. It's also unreliable. Therefor, the end-points have had to ensure trust and reliability themselves.

The telco world evolved on the premise that its network was secure and reliable (objective evidence to the contrary). Its protocols assume secure/reliable transport, and DON'T put any checks in themselves. Over the years, as the protocols have evolved, the mindset has still been one of a centralised cabal of trusted providers. If something does go wrong at the transport layer, the endpoints don't and can't do anything about it. That means that there have to be fundamental changes in order to do authenticated calls. But, after over a century of incremental modification, the natural path (natural for the telco mindset), is to do more tweaking; to add more complexity to the twisty maze of interconnect protocols. Instead, the correct thing to do is to replace with a new, Internet based app. All the while navigating more than a century's worth of laws, regulations, established best practice, and without breaking established services.

Re:Just follow the money

[Drethon]

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

Mark any calls from non US areas that list a US area code as suspicious?

Re:Just follow the money

[crypticedge]

Came here to say this.

I'll miss having CID control to the degree I can spoof any test number, but I never used it outside of initial CID testing or in the case of one customer who's end users wouldn't pick up after putting in a ticket, spoofing one of their own numbers to convince them to answer so we could fix their problem.

We fired that customer though, so basically just CID testing now (to ensure control, since some providers don't give you that control I've seen).

Re:Just follow the money

[L.+J.+Beauregard]

Only on mobile phones; "air time" is the same whether you placed or received the call.

Re:Just follow the money

[jittles]

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

You either force them to accept your rules and potential fines or you don't peer with them. Simple. I guarantee you the trustworthy networks will play ball. The originating network knows whose DID was used to start the transaction. The fines for a spam call just trickle through the network until the originator pays the fine or that provider is cut off.

Re:Just follow the money

[dj245]

If they can't verify it, pass that knowledge along to the user. Smartphones could easily show a trust banner for phone calls like browsers do for web sites. Most people rarely get random calls from outside the country, so it would be an immediate red flag.

I registered a DBA about a month ago. Almost immediately, I have been bombarded by call centers in India who claim to be from Google and will help me upgrade my Google profile. Caller ID always shows spoofed numbers from the US. I run a business, so I have to answer the phone or risk losing a lead. People move around a lot more and a non-local area code doesn't mean they don't live in my area.

They aren't held to the rules of the Do Not Call list, since they are from out of the country. And it is always a different number, so I can't just block the number. If I'm not busy, I try to run them down a rabbit hole of wasted time. But they are reasonably smart about catching my BS and just hang up.

Re:Just follow the money

[dj245]

It is 100% controllable by the phone companies.

I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

There isn't much incentive for providers in India or other countries to do such a thing. Especially if they are on the bribe or all the external calls are going to US numbers. Why would they turn down that business?

Re:Just follow the money

[gmack]

That works, because in each case, they control both ends of the call. SPAM is actually the reason Hangouts dropped it's Jabber interface. So unless you are advocating that telcos stop taking calls from outside of their direct customer base, I'm not sure what your point is.

Re:Just follow the money

[Kjella]

You don't. You just fine the telecoms a significant amount of money for every spoofed robo-call. Let them worry about how to fix the problem. Once the fines start, I predict they will come up with a solution in about five minutes.

I think I already know the solution - pass the bill. Like if we get fined $10/call for spoofed robo-calls coming from $provider, put it in the contract that they pay us $10/call. Very soon that bill either lands on the spammer's doorstep or the source provider gets scammed and needs to improve their system, for example by putting funds in escrow.

Re:Just follow the money

[mysidia]

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

You don't.... you mandate that the carrier peering with the Canadian carrier check the Caller ID on incoming calls to ensure the calls have an appropriate prefix.
If the prefix is wrong, then you either prepend a prefix or add a flag indicating the Caller ID is spoofed/unreliable.

Then when calling the US they have to choose between only spoofing Canadian numbers, or having their calls "flagged" for possible filtering.

Re:Just follow the money

[mysidia]

Any legitimate need to spoof a number

I don't care if they spoof a number legitimately.... Telecom carriers that accept and send outgoing calls from a customer should be REQUIRED to verify that all Outgoing Caller ID matches a number either (1) Assigned to that customer by the provider, OR (2) Ported in by that customer, OR (3) Supplied by that customer in advance. AND --- If there is not a match re-write/forcibly change the Caller ID to one of the above.

Lists of numbers supplied by the customer in advance shall include a recent invoice from the carrier providing those numbers on an end user service, Or other persuasive proof that additional numbers are owned by that customer as end user.

When peering with another Telecom carrier to accept incoming calls from the PSTN directed to their own customers, the Telecom carrier should be REQUIRED to specify in the agreement that all services provided to other partners, peer networks, or customers of the Peer include the same agreement, and they shall apply this same filtering to any subscriber they provide a Telephone line to.

Re:Just follow the money

[headbulb]

They know the numbers that they assigned to that line that the call is coming from. Anything not in the DID list shouldn't complete that call on that line.

While a cell phone number might be a legit callback number for that person the phone company providing the T1 doesn't know your cell number. At this point any call outgoing should send the caller id information to be able to call back on that number. Spoofing has been abused too much. Same with email address spoofing. Both have legit uses but their abuses outweigh the usefulness.

Re:Just follow the money

[anegg]

To provide further detail regarding the cost of telephone calls made in the United States:

In general (historically), the person who initiates a call (caller) pays for the cost of the call. The person who receives the call (callee) does not pay for the call. This payment relationship can be reversed if the caller requests (through an operator) a "collect call", which must be "accepted" by the callee. The fee structure for calls had (in the 1970s through 2000s) three tiers: local (handled out of the local exchange, with the cost being the cheapest, often included in the base service rate but sometimes billed on a "per call" basis (rather than per minute), toll (handled within a region, with cost sort of dependent on distance on a per-minute basis), and long distance (at a fairly high cost on a per-minute basis).

With the breakup of the massive monopoly called American Telephone and Telegraph (AT&T), which owned almost all telephone exchanges, inter-exchange circuits, and long distance circuits, long distance costs plunged due to competition between long distance carriers.

With the advent of mobile phones, a new cost component for a call was created - the "airtime" used during the call. The airtime is billed to the mobile phone owner; a caller is billed for airtime if they use a mobile phone, a callee is billed for airtime if they use a mobile phone. To the best of my knowledge, a callee is only billed for airtime if the call is "answered" by the callee (not just signaled, and not if the call goes to voicemail).

Mobile phone usage exploded in popularity in the 2000s. Incentives to gain customers ultimately resulted in many mobile phone users having nationwide calling plans whereby they could call anyplace in the continental United States [2600 miles east to west, 1500 miles north to south] at no cost other than the airtime, which in many cases is now "unlimited" at a base service cost below what it used to cost to have just the base local calling capability (in non-inflation adjusted dollars to boot). [An an example, in the late 1980s I lived in Tennessee, paying about $35/month for phone service to my house. My long distance bill was about $100/month, as I called my (divorced) parents in New England (about 846 "crow flies" miles ) once/week. I now have mobile phone service through a Sprint MVNO (Tello) that costs $15/month (including taxes) for unlimited nationwide calling. Since $135 in 1990 US$ is worth $260 in 2018 US$, getting the same capability for only $15 (less than 6% of the 1990 cost) today is incredible.

Land-line subscribers in urban and suburban areas are now generally offered nationwide calling plans at base service rates comparable to mobile phone service. Rural areas may be more expensive (I do not have any experience in those area).

So... in the United States, not only does the recipient NOT pay for a call, the caller in many (most?) cases isn't paying for the call on an individual basis, but as part of a nationwide calling plan with unlimited calling, and at a very attractive rate assuming the caller has chosen their phone service provider carefully.

Incidentally, from the United States, I find the UK practice of charging people a license fee for having a radio frequency receiver (television/radio) unbelievable to the point of insanity.

Re:Just follow the money

[omnichad]

They know the numbers that they assigned to that line that the call is coming from. Anything not in the DID list shouldn't complete that call on that line.

This is the fundamental disagreement. If I want to try out a new terminating provider for outbound calls, I shouldn't have to port my number. Google Voice entirely relies on call spoofing in both directions as well - they spoof incoming calls to match the number of the original caller rather than show your GV number on the caller ID.

The problem is not domestic. The problem calls with spoofing are not happening here - the laws take care of that just fine. The problem is overseas call centers that are tied to scammers and not legitimate businesses here. So the solution should not harm domestic usage either.

Re:Just follow the money

[djinn6]

My point is that it's entirely possible to deal with. Every phone call is made from some telecom's customer base. If someone makes too many spam calls, they can be blacklisted. It's up to the telecoms to decide how to pass spam information back and forth, but they can certainly do it. It could even be as simple as a line in their peering agreements (or whatever it's called in telecom land) that says "for every spam call my customers receive from your customers, you pay $0.05".

Re:Just follow the money

[nukenerd]

Thank's for that informative post. I don't know why someone modded it as funny.

WRT the UK TV licence, it does not apply to radios. Many here think it is insane too, but it is a way of paying for the BBC TV service - a method that was established in low-tech days. Today there is no good reason why it cannot be made a subscription service like some other TV channels. The BBC licence scheme has got a bad name largely through the way that it is "enforced" - goons are employed to harass any householders without a licence.

Re:Just follow the money

[dcw3]

Just a point missed above. Back in the day, the telephone company owned the phones in your house. With mobile phones, you're now paying typically hundreds of dollars for the cost of the phone, now that most providers have gone away from locking you into a contract. So, that new iPhone can raise the price of his $15/mo bill up to $56/mo for a $1000 phone over two years. Clearly, you can go with a cheaper phone, but let's be aware of the TCO.

Re:Just follow the money

[dcw3]

Yeah, not gonna happen. As soon as you do that, you'll have people signing up just to get robo calls, and a payday.

Re:Just follow the money

[anegg]

Good point - I left out a discussion about total cost of ownership because the post was already rambling on too long. So a little more geezin' -

Back in the day (let's say 70s through 80s) you had to "rent" each of the voice-only phones you had in your home from the phone company - they were not provided as part of the base service price (so many homes only had one phone, while others had "illegal" self-installed wiring and "black market" [stolen/liberated] phones). This rental went on forever - you never came to own the device, and if you didn't turn it back in when you terminated your service, you were hit with a charge of $100s of dollars for the unreturned equipment. You also paid extra if you wanted "touch tone" dialing instead of rotary dial service, and even more for an "unlisted" (anonymous) or "unpublished" (not listed in the directory, but not anonymous) number. So I may have understated the cost of original voice services from "the phone company."

The phone that costs $1000 today isn't just a voice communications terminal: it is a multi-processing computer that provides interactive voice/video terminal services, streaming media endpoint services, information access, personal digital assistant services, and more. I left out the cost of today's data services to support the $1000 smart phone out of the comparison, as none of that was available "back in the day" from the phone company. When Internet connectivity first emerged as something you could access through a phone line, one would pay $1,000s for the computer and $100s for the modem just to get started, in addition to the $15-$35/month (best recollection, not fact-checked) for the ISP. And today you don't *have* to spend anywhere near that $1000 smartphone price to get a decent device; I just picked up a 1-year old iPhone SE 64GB for $230 off of Swappa - I expect to use it for at least four or five years like the iPhone 5 I just decommissioned.

A basic voice-only cell phone today costs about the same as a wired voice-only phone did when they were first available for purchase (rough order of magnitude), so I don't think I missed too much in the voice-only cost comparison by leaving out the cost of the terminal device. For wired phone services, you can buy a 4-terminal wireless phone system today for about the same cost (again, ROM). As an aside, I think it is interesting that as costs have decreased to that "less than 6% of what they were back in the day" level, many people have vastly increased their use of services rather than bank the 94% savings. In my household alone we have one land-line plus three mobile phones supporting 4 people (at a cost that is still less than what a single phone cost me in the late '80s). We would be spending much much less if we had the equivalent service: a single voice-only phone that just sits on the counter to make/receive calls.

Re:Just follow the money

[dcw3]

All very good points. I also remember back in the 80s, living overseas I used to make several calls a week to the US at typical rates of ~$3/minute.

Bah.

[Mister+Transistor]

We don't need "encryption" or any other hi-tech horseshit.

JUST FIX THE GOD DAMNED CALLER ID. NO SPOOFING. PERIOD.

Done.

Re: Bah.

[df00z3756]

You basically canâ(TM)t. ANI and DNIS were wet by telcos historically inside the pbx. Along came SIP\voip. The PBX was vitualized and voip providers saw it fit to allow customers to set their own caller id info. Providers are all federated with the traditional telco providers. There are sip gateways all over converting signals from t1\e1\pri lines back and forth. Fixing it would basically mean re-federating across all the telco providers, and theyâ(TM)d have to audit those who they federate with. No incentive. PKI would likely be the way forward IMO.

Re: Bah.

I don't think you quite understand. If the incoming source reports a number that can't possibly originate from that source, drop the call on the floor. We don't care about the ANI or DNIS number either; use the E911 number source if you have to but get it working.

Re:Bah.

[msauve]

"JUST FIX THE GOD DAMNED CALLER ID. NO SPOOFING. PERIOD."

A baby step would be if they just got rid of the political/non-profit/charity call exemption from the do-not-call list.

Re: Bah.

POSSIBLY true of your landline, but not your cell phone. You can take your cell phone number to any other carrier that does business in the area that corresponds to the area code and exchange.

Re: Bah.

incoming calls should be free.

its a spammers wet dream system where you as receiver pay for it.

Re: Bah.

[aardvarkjoe]

incoming calls should be free.

its a spammers wet dream system where you as receiver pay for it.

It's impossible for incoming spam calls to be free. No matter what, they cost you in time and aggravation.

Re:Bah.

[grasshoppa]

Spoofing has a number of legitimate uses. My company uses it, for instance, to paste on the main # of all outgoing calls, regardless of what line is in use. I don't want my patients to see the random number of the line I'm currently on, I want them to see my main number ( all goes to the same place, mind you ).

As long as there's a way to do this going forward, I'll be happy with this change.

Re: Bah.

[rickb928]

"can't possibly originate from that source"

And how, with VOIP, would you determine the call could not 'originate from that source'?

As if you can reliably determine the source. The 'V' in VOIP seems to make that difficult to impossible.

I doubt this can be fixed, but I would be happy if it could. For now, sadly, I need to trust my carrier's call ID, and ignore the 'SCAM LIKELY' calls.

Re: Bah.

[QuesarVII]

Any given phone number *could* be registered with any number of providers. However, only 1 actually owns it at a time. If you want to spoof 1 number you do own when calling from another # you also own, that should require the 1st number being listed as an alternate (verified by them) with the 2nd provider. If the provider of the actual phone line has no evidence of you owning the # you're spoofing, it should simply be blocked.

Re:Needs a law, doesn't it?

[LynnwoodRooster]

There is a law restricting calls to people who register their phone number on the National Do Not Call Registry. Pai is letting the phone companies know that they need to ensure this law is fully in effect for mobile phones as well.

How's that "less regulation" working out now, Pai?

[Narcocide]

Every time he's in the news now it's about him scrambling around clearly having expected that his corporate backers would be adults and protect his public image the way he protected their bottom line.

Re:Needs a law, doesn't it?

[Narcocide]

Yea, he was on record saying that a couple weeks ago when he thought he was being bribed to say it by pragmatic adults instead of psychopathic toddlers.

Hope it applies to robotexts as well

[SuperKendall]

I have gotten WAY more political texts this year, that's what I get for not turning in the ballot earlier.

Robocalls also though have been pretty bad, just over this last weekend one air duct cleaning company called 10 times in a row from different numbers in my same area code! I have exchange blocking on but I'm going to have to expand blocking rules somehow to say if I get more than two robocalls in the same day, no further calls from that area code or exchange are allowed for the day.

Probably a great blocking system would be one that called a number while they were ringing you, and if you got a message saying that number was not in service or didn't signal busy just never answer and auto-delete voice mails from it.

Re:How's that "less regulation" working out now, P

[Gavagai80]

Don't think he really cares about his image, as long as he gets his payoff.

Solution.

Dial *### (some unused combo) after a spam call and the phone company will be fined 10 cents. You get 5 cents. The feds get 5 cents.

Phone company will end all spam calls by lunchtime.

On mobile phones Whitelist known contacts

[bobstreo]

Bounce the rest (with no rings) to voicemail immediately. I don't think I've ever had a robocall leave a message.

Re:On mobile phones Whitelist known contacts

[markdavis]

>"Bounce the rest (with no rings) to voicemail immediately. I don't think I've ever had a robocall leave a message."

As I have said many times on this topic, almost HALF of my junk and robocalls leave voicemail. So in half the cases, it is even MORE annoying than answering the call and immediately hanging up without even listening. Voicemail means a long delay. Then another notification. Then you have to launch that app. Then delete the voicemail. (Especially when you have repeat reminders so you don't miss important calls/messages).

So while it might help some, it isn't a solution. And it does nothing for land lines, which 99% of businesses and a hell of a lot of homes still have and use.

* It is unacceptable that any robocalls exist at all.
* It is unacceptable that these companies can fake their numbers.
* It is unacceptable that there aren't criminal penalties for spam calls. Civic penalties are a total waste of time.
* It is unacceptable that the do not call list is ignored.
* It is unacceptable that there is no easy way to report abusers.
* It is unacceptable that there are any exemptions for "charities" and "political use".
* It is unacceptable that even what puny laws do exist are not enforced.

There are lots of problems.

Re:On mobile phones Whitelist known contacts

[Obfuscant]

Bounce the rest (with no rings) to voicemail immediately.

There's already a system problem that allows spam callers to drop directly to voicemail so you don't get the option of not answering. You just get the fun of having to play voicemail to see what's there.

I don't think I've ever had a robocall leave a message.

I have. Lots of them. It's wonderful to have to play through all the crap messages to get to the real ones, and hear the crap messages offer to put you on their do-not-call list if you "press one now". It's so much fun.

Someone else said a 'baby step' is eliminate the political etc. exemption from the DNC. YES! And prosecute for fake caller-id and fake call-back numbers. I'm getting two or three calls per day from one of our state's gubernatorial candidates. The caller ID is either completely fake, or points to a commercial robocaller company that promises to "remove your number from our list" when you call it and press 1 -- but never does. The candidate is using a fake callback number in their messages, so you can't call them directly. And their website email address is unresponded to.

Someone else commented that getting these political crap calls is the payback for not voting sooner. Nope. I voted two weeks ago and I'm still getting them. They don't care.

Re:On mobile phones Whitelist known contacts

[rickb928]

* It is unacceptable that any robocalls exist at all.

  - Any such problem will arise. IF it arose this morning, did you expect a solution by noon? Substitute any time frame and explain how you can dictate the solution with your emotional response.

* It is unacceptable that these companies can fake their numbers.

- Technical capabilities care not for your emotional response.

* It is unacceptable that there aren't criminal penalties for spam calls. Civic penalties are a total waste of time.

- What prison term is appropriate for the 8 seconds I was distracted? Multiply it by 10,000 calls? Actually, you've gotten to about a day per 10,000 calls...

* It is unacceptable that the do not call list is ignored.

- Agreed. But the complaint that they are breaking a law is a certain way to impose more laws for them to break.

* It is unacceptable that there is no easy way to report abusers.

- Easy. Good idea.

* It is unacceptable that there are any exemptions for "charities" and "political use".

- Political robocalls are a First Amendment issue in America. Consider the possibilities for carriers to be discriminatory in blocking political robocalls, and the certainty that political campaigns will demand that the opposition be prohibited because they are 'abusive', 'deceptive', etc... Charities may not justify the same treatment.

* It is unacceptable that even what puny laws do exist are not enforced.

- Repeating your fourth point.

Re:On mobile phones Whitelist known contacts

[Obfuscant]

What prison term is appropriate for the 8 seconds I was distracted?

I'm glad that robocalls only last 8 seconds where you live. Here in the US they can ramble on for a minute or more. That's a minute or more that you have to listen to so you can get to the next message, which might actually be real. Nope, the same robocall again.

What prison term is appropriate for the 8 seconds that you are distracted by a mugger?

Political robocalls are a First Amendment issue in America.

No, they aren't. The First Amendment does not require that I pay for and listen to your speech. The First Amendment does not allow you to harass me by calling multiple times per day. If "political robocalls" are a First Amendment issue, then ALL of them are.

Second, the DNC exemption for political calls has absolutely no basis in the First Amendment, because the DNC is an explicit opt-in instruction telling people not to call you. The First Amendment does not mean you have the right to FORCE me to accept your speech, especially when I pay for it with my time and money, after I've told you EXPLICITLY not to speak to me.

Consider the possibilities for carriers to be discriminatory in blocking political robocalls,

The DNC list is not carriers blocking anything.

Re:On mobile phones Whitelist known contacts

[rickb928]

I only listen for 8 seconds. After that, it's a hangup.

My point about political robocalls is that letting carriers block them risks censorship. The DNC doesn't apply by law, but again, an imperfect ban of political robocalls would be indistinguishable from censorship, not intentionally, but by practice.

Hard issue, political speech. It's not as if such censorship in other media isn't practiced already, even this very day.

Re:On mobile phones Whitelist known contacts

[markdavis]

* It is unacceptable that these companies can fake their numbers.
- Technical capabilities care not for your emotional response.

Technical capabilities can and should change, then.

* It is unacceptable that there aren't criminal penalties for spam calls. Civic penalties are a total waste of time.
- What prison term is appropriate for the 8 seconds I was distracted?

It doesn't have to be prison to be criminal. It can be a fine. Say- $500 plus some small amount (like $1) for every call they made. The point is that I, as a person, am not going to "sue" each individual who breaks laws and regulations to call me. If it depends on people suing, nothing will ever change.

* It is unacceptable that there are any exemptions for "charities" and "political use".
- Political robocalls are a First Amendment issue in America.

I disagree. I consider unsolicited commercial/poll/spam phone calls (and text messages) to be a high-priority, in-my-face, invasion of privacy, almost paramount to a type of minor trespass. Phone calls and text messages should be afforded additional protections. I *pay* to have my numbers unlisted, I took time to list on do-no-call; my intent is very clear- I do not want unsolicited calls by people I don't know or didn't explicitly give permission to call me (opt-in). They have the US Mail if they want to contact me.

Re:On mobile phones Whitelist known contacts

[Obfuscant]

I only listen for 8 seconds. After that, it's a hangup.

You can call it whatever you want, but the answering machine keeps playing the entire message before it gets to the next one.

My point about political robocalls is that letting carriers block them risks censorship.

I'll say it again: the DNC is has nothing to do with carriers blocking anything. And it doesn't matter, because the carrier would be blocking them at the request of the customer. The CUSTOMER has the ultimate right to do that. It is not a First Amendment issue.

The DNC doesn't apply by law,

It SHOULD, and arguing that "letting carriers block them risks censorship" is a bullshit argument against changing the law.

Hard issue, political speech.

No, it is not. When I tell you "DO NOT CALL ME" it means "DO NOT CALL ME" no matter who you are. The law should back me up on that. The fact that politicians put an exemption for themselves into the law that allows me to tell other people not to call me is abuse on their part.

I really don't give a fuck if you want to mislabel it as "censorship" when I tell a politician not to call me. It isn't. He's got no right to harass me with his message. None. At. All.

For the record, on election day I got four political robocalls, three of which came from the same moron who I've told not to call me on a regular basis for the last two weeks. If you want to argue that it is his constitutional right to harass me that way, then I'll tell you to go fuck yourself.

Re: On mobile phones Whitelist known contacts

[rickb928]

Only four calls? I've been getting 6+ a day for a week and a half. And I've gotten 3-4 live calls, so but one spewing the script despite me telling them I've voted already...

Two questions. How would carriers identify political callers? And how do you handle changing ANI?

All outbound cold calls are evil

[thogard]

There needs to be a system so that you can buy whatever from a very obnoxious caller and then once the money goes thorough, process the entire chain of transactions under electronic wire fraud.

Companies should be required to correctly answer the question "where did you get my number from" and "tell them and everyone else they are affiliated with to remove my details" and there should be major fines for not complying.

I would be happy for just more digits on the phone number. If 212-555-1234 goes to me, I want 212-555-1234-98765 to go to my phone and all the rest to go to disappear into a "its lenny" type system.

Re:All outbound cold calls are evil

[rickb928]

I've been getting calls form a debt collection firm for a year now, and finally got an identifier that worked. A formal complaint stopped the calls.

Their excuse was that 'someone was using my number'. My response was that I had repeatedly told them I was not that person, stop using my number. Back and forth. Finally, with the corporate ID, I got them to stop for now. I know they get paid to try, but the DNC exception for debt collection doesn't cover mistaken identity, does it?

Too little, too late. Phone system is ruined

[darthsilun]

I don't answer calls from numbers I don't recognize. I must have hundreds or even thousands of numbers blocked. I hardly even use my phone as a phone any more.
You want to reach me, send me an email or text me. I suppose if I was really hip I'd be using Telegram (or some other thing.)
Which is funny because 30 some odd years ago I sent real telegrams to my friends when their kids were born. For the novelty factor. It blew their minds back then, when the telegram system was still up and running.

Re:Too little, too late. Phone system is ruined

[darthsilun]

I sent genuine Western Union telegrams back then.
I see tha itelegram.com has taken over Western Union's network and still hand delivers "telegrams".
Fucking amazing
</replying to self>

Re:Too little, too late. Phone system is ruined

[ThomasBHardy]

I have my phone configured to send all calls to voicemail unless they are in my personal contacts. never even rings. If t's important I'll see the message in the auto transcription (iphone) in my voicemail box.

I no longer get 7 calls a day about student loans (not that I've ever had a student loan)

Re:Too little, too late. Phone system is ruined

[markdavis]

>"I have my phone configured to send all calls to voicemail unless they are in my personal contacts."

As I have said many times on this topic, almost HALF of my junk and robocalls leave voicemail. So in half the cases, it is even MORE annoying than answering the call and immediately hanging up without even listening. Voicemail means a long delay. Then another notification. Then you have to launch that app. Then delete the voicemail. (Especially when you have repeat reminders so you don't miss important calls/messages).

>"I no longer get 7 calls a day about student loans (not that I've ever had a student loan)"

And many would have 3 or 4 voicemail alerts and the irritation that goes with dealing with those messages, instead. So while it might help some, it isn't a solution. And it does nothing for land lines, which 99% of businesses and a hell of a lot of homes still have and use. And it means you have to remember to add EVERYONE who legitimately might need to reach you to your contacts, or risk missing something important. I run a system just like you, at least on my cell phone. It helps SOME but also has caused me to miss very important calls, a few being urgent ones in which someone I knew called from a borrowed phone because they lost their or theirs was out of service.

I would much rather the industry fix the problem by wiping out spam calling.

Re:Too little, too late. Phone system is ruined

[ThomasBHardy]

Hi Mark.

I was responding to the above comment about using what tools we have available. Not saying that we do not need intervention to stop the robocalls. The current phone infrastructure system seems "accidentally" designed to avoid responsibility and allow abuse. I have no qualms about enforcing some regulations to reduce that abuse.

Cheers

Re:Too little, too late. Phone system is ruined

[markdavis]

>"I was responding to the above comment about using what tools we have available. Not saying that we do not need intervention to stop the robocalls. "

Sorry, wasn't jumping on you, in particular. But many have suggested that just having it not ring (and going to voicemail) results in a solution and I was trying to point out to those reading that it might help, but leaves a lot to be desired. As you can tell, I am pretty passionate about the issue :)

On my phone, I am using https://play.google.com/store/... "calls blacklist" with some success. I really wish I could have it challenge unknown callers and then deny even voicemail if they failed to prove they are not spammers (with some simple questions). Alas, Android won't "allow" that (thanks, Google).

Re:Too little, too late. Phone system is ruined

[ThomasBHardy]

You make an excellent point. I'm not an Android user, but as I understand it, neither of the primary OS providers allow for alternate apps for core Phone functionality. I really wish they could break that paradigm.

We need a quantum leap in phone applications and the app dev market can deliver a highly competitive, feature driven set of products if they were just allowed to do so. I get that phone operation is a core operation and is a notable vector for abuse. But the mass of devs in the world can bring us phone features we cannot even conceive of yet, if given the chance. A million devs hungry to make an app will out innovate 2 lethargic behemoths.

Games on my phone today are light years ahead of mobile games pre-smartphone.
Apps on my phone today are night and day different than the core apps provided by phone manufacturers when smartphones first arrived.
My phone app... well, it has transcription for voicemail.

I'm ready for seismic changes in phone apps.

Re:How's that "less regulation" working out now, P

[Narcocide]

He wouldn't be making public statements like this if he didn't care about his image.

And what do they do if they can't verify it?

[mark-t]

Block the call entirely? Say goodbye to overseas incoming calls then.

Re:And what do they do if they can't verify it?

[mark-t]

Of course, because no legitimate reason exists to engage in any international calls... nobody from outside the USA would ever have any legitimate business they wanted to conduct with someone within the USA without actually being in America while they do it.

Hell, foreign tourism alone would be rendered unworkable as nobody from outside of the country could even book a hotel until they were inside the USA.

Re:And what do they do if they can't verify it?

[tepples]

Are you in the international tourism industry? If so, ask your phone company to unblock incoming international calls.

Re:And what do they do if they can't verify it?

[jeff4747]

And nothing of value was lost.

Ok, less sarcastically, the situation is bad enough that something has to be done. I'm sure the US and overseas phone companies could come up with something that works if the alternative is no calls.

Re:And what do they do if they can't verify it?

[mark-t]

And what about those within the USA who might have a legitimate reason to accept incoming international calls?

Consumers

[dromgodis]

...and other nuisance calls received by American consumers.

Maybe that's where the problem is. You are not US citizens or residents. You are US consumers.

Public/Private Keys

[ShoulderOfOrion]

Phones, emails, fax (remember that), text, ..., they all suffer from the same problem--verification of the sender and the recepient. The solution was invented decades ago with public/private key signatures, key exchanges, and the like (PGP and equivalent tech). Universal use of this technology would solve a lot of these problems. The problem is getting the other 99.9% of the population that doesn't read Slashdot to understand and use it.

The spoofing has a legitimate purpose

[Solandri]

It's common for businesses to have multiple lines. When they call you from one of those lines, they want their main phone number to show up on caller ID, not the number for that particular line. So they're allowed to spoof the caller ID for all those lines to show as their main number.

The problem is telemarketers spoof caller ID numbers which are not theirs. And the phone companies let them get away with it because those telemarketers account for a large fraction of their revenue (they're basically accepting money to let telemarketers waste the time of their other customers). The fix is for the phone companies to allow multi-line customers to spoof the caller ID only to a number they own.

Re:The spoofing has a legitimate purpose

[aardvarkjoe]

So for 75% of all phones that make phone calls, your solution is to show nothing on caller ID instead of an actual return phone number?

That sounds pretty retarded and far worse.

Try "awesome". We would configure our phones and voicemail to drop all such calls. If somebody wants to call me, they can find a real phone.

Re:The spoofing has a legitimate purpose

[aardvarkjoe]

Yeah, you guys bring this up every single time.

And you don't seem to get that we don't care. The only way to prevent people from abusing the ability to hide their number is to absolutely prohibit it. The very dubious benefit of allowing a company to display their "main" number on the caller ID is so far outweighed by the problems of spoofed numbers that it is not worth considering.

Re:The spoofing has a legitimate purpose

[tepples]

Enjoy paying $/mo extra for "Real Phone Notification Service Surcharge".

Abuses

[DrYak]

And what is preventing you to "flag as spam" each time your mother-in-law or your ex calls you, just to annoy them ?

Re:Abuses

[qbast]

If they keep calling me after I told them to stop, it is spam.

Re:Needs a law, doesn't it?

[gtall]

No he's not. He's simply raising the price of his services to the phone companies.

The solution is simple

[VMaN]

Make it the responsibility of your phone company to block spoofed calls with a nice penalty for failing.

Problem instantly solved.

Forget spoofed illegitimate numbers

[sabbede]

What about spoofed legitimate numbers? Like mine. I'm sure I'm not the only one who's gotten the mysterious, "I just got a call from this number...", when you didn't call anybody.

Allow the receiver to charge a fee

[PacoSuarez]

Just let the receiver of the call charge a fee to the caller if they are not happy with the call. Say $1. If I receive an unwanted robocall, I dial some code on my phone after the call and the previous caller gets charged $1. It can go to the receiver's account or it can be split between the receiver and his phone company. It doesn't really matter, because unwanted calls would almost completely disappear overnight.

Given that billing for phone calls is already in place, I don't see where the obstacle to implementing something like this would be.

Re:Allow the receiver to charge a fee

[Vitriol+Angst]

The other way to see this is; how is it possible that they can bill companies and track usage if they can't know who is calling?
The companies obviously get paid and if someone were getting calls through without them knowing where to charge it would be shut down overnight.

Like other's have said; just charge a fine -- or yes, allow a charge back on unwanted calls.

We could also reserve a penny fee on all emails, and it's waived if someone wanted the email. Junk email only works in massive bulk because it costs zero but wastes everyone else's time. It would not exist if everyone had to pony up a penny.

If you know your party's extension

[tepples]

I would be happy for just more digits on the phone number. If 212-555-1234 goes to me, I want 212-555-1234-98765 to go to my phone and all the rest to go to disappear into a "its lenny" type system.

Something like "If you know your party's extension"?

Getting endless health care enrollment robocalls

[d_tschoepe]

I've been getting HAMMERED, every single day, with robocalls about health care enrollment. I had been getting tons of "This is your Google listings expert", blah, blah, blah. Now it's health insurance every single damn time. And they are calling from local numbers now in my area code and even in prefixes local to me. Something needs to be done.

No, they don't know if you forwarded a call

[raymorris]

I run a very, very simple PBX. Basically a central number for a small non-profit people can call when they are in crisis. The approximately two calls per day are forwarded to volunteers.

I set it so thay the forwarded call correctly shows the caller's number. My provider has no way of knowing that. They sent an outgoing call from my system. They don't know and have no way of knowing that the other side is an incoming call from a different provider.

Re:No, they don't know if you forwarded a call

[dgatwood]

This could be easily solved, of course. Just extend the CID protocol to include a timestamped, signed blob from the original provider that can be passed on by any forwarders and verified with the original provider for the duration of the call.

Or, for that matter, assuming your upstream provider knows what's going on, they could ostensibly just whitelist incoming calls' numbers for outgoing forwarding as soon as they come in, and remove that whitelisting as soon as the incoming call goes away.

Eh sorta. If we were designing it from scratch

[raymorris]

If we were designing the phone system from scratch, if we didn't already have a phone system, it would be easy enough to include signed token using PKI. The simplest approach, defining exactly how the encryption works, would be cracked in a few years, so really we'd want a framework for negotiating the encryption, similar to ipsec. That would certainly be doable.

The challenge is, we already HAVE the phone system. There is a trillion dollars of equipment out there designed to work with the existing standards. Changing the standards is non-trivial.

Re:Eh sorta. If we were designing it from scratch

[dgatwood]

If we were designing the phone system from scratch, if we didn't already have a phone system, it would be easy enough to include signed token using PKI. The simplest approach, defining exactly how the encryption works, would be cracked in a few years, so really we'd want a framework for negotiating the encryption, similar to ipsec. That would certainly be doable.

Meh. The simplest approach is for the owning phone company to generate a random 128-bit number for each call, store it in a database along with a time stamp, and send the time stamp and random number. This approach can never be "cracked", so long as the phone company deletes the entry when the call is completed.

The actual contents of the token, including how to verify it, should be left as an implementation detail for the company that owns the phone number. As far as everyone else along the line is concerned, it is an opaque authentication token, and when they ask the owning company whether it is valid or not, they get back a boolean.

Maybe someone could actually investigate

[Headw1nd]

The thing that seems to be lost in these discussions is that it wouldn't be difficult for the FBI or someone to actually investigate the scammers and put a stop to it that way. If the scammers are receiving money then there has to be a way to trace it back to them. I strongly suspect there are far fewer scammers than one would imagine, as I recall a huge volume of scam phonecalls were traced to one guy in Florida.

Send it where?

[raymorris]

> send the time stamp and random number.

Send it where? By mail? If we were designing a new phone system, we'd do it as a packet-switched digital network and have fields in the ring packet for that. The POTS is a circuit switched network. There are no fields, much less an easy way to add new fields.

> everyone else along the line ... ask the owning company whether it is valid or not

So each call from one person to another requires four or five callbacks to the claimed originator SP. Congrats, you've just created an amplification attack.

> This approach can never be "cracked"

Well you already designed in an obvious security problem, so ...

Re:Send it where?

[dgatwood]

Send it where? By mail? If we were designing a new phone system, we'd do it as a packet-switched digital network and have fields in the ring packet for that. The POTS is a circuit switched network. There are no fields, much less an easy way to add new fields.

As I said in the original post, extend the CID/CND protocol. The caller ID message starts with a byte that tells that it is a caller ID blob. I'm assuming that not all 256 possible codes are currently used, so you could send a second blob right after or before it with a different code that contains a caller ID authentication token, and specify a different message type code.

This problem has a trivial fix

[PJ6]

which doesn't involve any technology or new regulation.

These calls are made because they make money. Just have law enforcement take some of the calls and buy whatever they're selling.

Follow the money, see where it lands. Punish everyone in the transaction chain.

If I get a robocall for insurance, and they sell me insurance X, insurance X should get punished. And the call center. And everyone in between.

It's not hard.