US Regulator Demands Companies Take Action To Halt Robocalls

FCC Chairman Ajit Pai on Monday wrote the chief executives of major telephone service providers and other companies, demanding they launch a system no later than 2019 to combat billions of "robocalls" and other nuisance calls received by American consumers. Reuters reports: In May, Pai called on companies to adopt an industry-developed "call authentication system" or standard for the cryptographic signing of telephone calls aimed at ending the use of illegitimate spoofed numbers from the telephone system. Monday's letters seek answers by Nov. 19 on the status of those efforts.

The letters went to 13 companies including AT&T, Verizon, T-Mobile, Alphabet, Comcast, Cox, Sprint, CenturyLink, Charter, Bandwith and others. Pai's letters raised concerns about some companies current efforts including Sprint, CenturyLink, Charter, Vonage, Telephone and Data Systems and its U.S. Celullar unit and Frontier. The letters to those firms said they do "not yet have concrete plans to implement a robust call authentication framework," citing FCC staff. The authentication framework "digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it," the FCC said.

Just follow the money

[Koby77]

How is it that a phone network would know who to bill for a call, but would not know who placed the call?

Re:Just follow the money

[Drishmung]

A phone network knows the numbers in its own network, but relies on the networks it peers with to supply correct information.

If Verizon passes on a call from Cox, it trusts the number Cox says originated the call. In terms of billing, Verizon doesn't care. It doesn't send a bill to the originating caller (Cox's subscriber), it sends it to Cox, with appropriate call details (time of day, duration, A & B numbers, etc.)

Given that every telco doesn't peer with every other telco, that trust then gets distributed---and diluted.

As networks get huge, and hugely complicated, bad actors can spoof their numbers. Or, they may just steal them (hack into someone's PBX and jump off from its number).

Re:Just follow the money

[Koby77]

Then it seems to me that no endpoint authentication is required. Simply mandate that the originating network, which of course knows the caller ID of its own subscriber, to pass along the correct caller ID. Otherwise there shall be statutory fines. Such statutory fines are already commonplace in other industries for violators.

Re:Just follow the money

It is 100% controllable by the phone companies.

I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

Re: Just follow the money

[Drishmung]

Alas, it's more complicated than it appears. Way more complicated

The FCC proposal seems stupidly complex on the face of it, but it might be the simplest solution. (Might, I don't know.)

Re:Just follow the money

[pushing-robot]

If they can't verify it, pass that knowledge along to the user. Smartphones could easily show a trust banner for phone calls like browsers do for web sites. Most people rarely get random calls from outside the country, so it would be an immediate red flag.

Re:Just follow the money

[ShanghaiBill]

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

You don't. You just fine the telecoms a significant amount of money for every spoofed robo-call. Let them worry about how to fix the problem.

Once the fines start, I predict they will come up with a solution in about five minutes.

Financial incentives work better than regulatory micromanagement.

Re:Just follow the money

[tlhIngan]

It is 100% controllable by the phone companies.

I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

And some providers do. We switched landline providers and our new one filters the caller IDs we tell it. Our old one didn't, but the new one knows which phone numbers belong to us and does a quick lookup to make sure the number we pass it is one of ours. (We have something like 100 phone numbers, but we only have around 15 connections on a fractional).

The biggest source of the spoofs really is VoIP - and it's going to be hard to source filter those because many VoIP providers have large pools of numbers that they peer with everyone, so those lists need to be shared with all their connection providers. But that's becoming a fancy form of spoofing if your provider can simply acquire a number (from somewhere other th an you) and say it's theirs.

Perhaps all the VoIP providers need to get together and actually list out who owns what number in a centralized directory that can be consulted/ And if it's not there, then show up as 000-000-0000 or something to show an obviously invalid number and to hang up on them. But sucks to be on VoIP...

Re:Just follow the money

[Drishmung]

That's actually the reason. The Internet is a medium with zero trust. It's also unreliable. Therefor, the end-points have had to ensure trust and reliability themselves.

The telco world evolved on the premise that its network was secure and reliable (objective evidence to the contrary). Its protocols assume secure/reliable transport, and DON'T put any checks in themselves. Over the years, as the protocols have evolved, the mindset has still been one of a centralised cabal of trusted providers. If something does go wrong at the transport layer, the endpoints don't and can't do anything about it. That means that there have to be fundamental changes in order to do authenticated calls. But, after over a century of incremental modification, the natural path (natural for the telco mindset), is to do more tweaking; to add more complexity to the twisty maze of interconnect protocols. Instead, the correct thing to do is to replace with a new, Internet based app. All the while navigating more than a century's worth of laws, regulations, established best practice, and without breaking established services.

Re:Just follow the money

[anegg]

To provide further detail regarding the cost of telephone calls made in the United States:

In general (historically), the person who initiates a call (caller) pays for the cost of the call. The person who receives the call (callee) does not pay for the call. This payment relationship can be reversed if the caller requests (through an operator) a "collect call", which must be "accepted" by the callee. The fee structure for calls had (in the 1970s through 2000s) three tiers: local (handled out of the local exchange, with the cost being the cheapest, often included in the base service rate but sometimes billed on a "per call" basis (rather than per minute), toll (handled within a region, with cost sort of dependent on distance on a per-minute basis), and long distance (at a fairly high cost on a per-minute basis).

With the breakup of the massive monopoly called American Telephone and Telegraph (AT&T), which owned almost all telephone exchanges, inter-exchange circuits, and long distance circuits, long distance costs plunged due to competition between long distance carriers.

With the advent of mobile phones, a new cost component for a call was created - the "airtime" used during the call. The airtime is billed to the mobile phone owner; a caller is billed for airtime if they use a mobile phone, a callee is billed for airtime if they use a mobile phone. To the best of my knowledge, a callee is only billed for airtime if the call is "answered" by the callee (not just signaled, and not if the call goes to voicemail).

Mobile phone usage exploded in popularity in the 2000s. Incentives to gain customers ultimately resulted in many mobile phone users having nationwide calling plans whereby they could call anyplace in the continental United States [2600 miles east to west, 1500 miles north to south] at no cost other than the airtime, which in many cases is now "unlimited" at a base service cost below what it used to cost to have just the base local calling capability (in non-inflation adjusted dollars to boot). [An an example, in the late 1980s I lived in Tennessee, paying about $35/month for phone service to my house. My long distance bill was about $100/month, as I called my (divorced) parents in New England (about 846 "crow flies" miles ) once/week. I now have mobile phone service through a Sprint MVNO (Tello) that costs $15/month (including taxes) for unlimited nationwide calling. Since $135 in 1990 US$ is worth $260 in 2018 US$, getting the same capability for only $15 (less than 6% of the 1990 cost) today is incredible.

Land-line subscribers in urban and suburban areas are now generally offered nationwide calling plans at base service rates comparable to mobile phone service. Rural areas may be more expensive (I do not have any experience in those area).

So... in the United States, not only does the recipient NOT pay for a call, the caller in many (most?) cases isn't paying for the call on an individual basis, but as part of a nationwide calling plan with unlimited calling, and at a very attractive rate assuming the caller has chosen their phone service provider carefully.

Incidentally, from the United States, I find the UK practice of charging people a license fee for having a radio frequency receiver (television/radio) unbelievable to the point of insanity.

Re:Just follow the money

[dcw3]

Just a point missed above. Back in the day, the telephone company owned the phones in your house. With mobile phones, you're now paying typically hundreds of dollars for the cost of the phone, now that most providers have gone away from locking you into a contract. So, that new iPhone can raise the price of his $15/mo bill up to $56/mo for a $1000 phone over two years. Clearly, you can go with a cheaper phone, but let's be aware of the TCO.

Re:Just follow the money

[dcw3]

Yeah, not gonna happen. As soon as you do that, you'll have people signing up just to get robo calls, and a payday.

Re:Just follow the money

[anegg]

Good point - I left out a discussion about total cost of ownership because the post was already rambling on too long. So a little more geezin' -

Back in the day (let's say 70s through 80s) you had to "rent" each of the voice-only phones you had in your home from the phone company - they were not provided as part of the base service price (so many homes only had one phone, while others had "illegal" self-installed wiring and "black market" [stolen/liberated] phones). This rental went on forever - you never came to own the device, and if you didn't turn it back in when you terminated your service, you were hit with a charge of $100s of dollars for the unreturned equipment. You also paid extra if you wanted "touch tone" dialing instead of rotary dial service, and even more for an "unlisted" (anonymous) or "unpublished" (not listed in the directory, but not anonymous) number. So I may have understated the cost of original voice services from "the phone company."

The phone that costs $1000 today isn't just a voice communications terminal: it is a multi-processing computer that provides interactive voice/video terminal services, streaming media endpoint services, information access, personal digital assistant services, and more. I left out the cost of today's data services to support the $1000 smart phone out of the comparison, as none of that was available "back in the day" from the phone company. When Internet connectivity first emerged as something you could access through a phone line, one would pay $1,000s for the computer and $100s for the modem just to get started, in addition to the $15-$35/month (best recollection, not fact-checked) for the ISP. And today you don't *have* to spend anywhere near that $1000 smartphone price to get a decent device; I just picked up a 1-year old iPhone SE 64GB for $230 off of Swappa - I expect to use it for at least four or five years like the iPhone 5 I just decommissioned.

A basic voice-only cell phone today costs about the same as a wired voice-only phone did when they were first available for purchase (rough order of magnitude), so I don't think I missed too much in the voice-only cost comparison by leaving out the cost of the terminal device. For wired phone services, you can buy a 4-terminal wireless phone system today for about the same cost (again, ROM). As an aside, I think it is interesting that as costs have decreased to that "less than 6% of what they were back in the day" level, many people have vastly increased their use of services rather than bank the 94% savings. In my household alone we have one land-line plus three mobile phones supporting 4 people (at a cost that is still less than what a single phone cost me in the late '80s). We would be spending much much less if we had the equivalent service: a single voice-only phone that just sits on the counter to make/receive calls.

Bah.

[Mister+Transistor]

We don't need "encryption" or any other hi-tech horseshit.

JUST FIX THE GOD DAMNED CALLER ID. NO SPOOFING. PERIOD.

Done.

Re: Bah.

POSSIBLY true of your landline, but not your cell phone. You can take your cell phone number to any other carrier that does business in the area that corresponds to the area code and exchange.

How's that "less regulation" working out now, Pai?

[Narcocide]

Every time he's in the news now it's about him scrambling around clearly having expected that his corporate backers would be adults and protect his public image the way he protected their bottom line.

Hope it applies to robotexts as well

[SuperKendall]

I have gotten WAY more political texts this year, that's what I get for not turning in the ballot earlier.

Robocalls also though have been pretty bad, just over this last weekend one air duct cleaning company called 10 times in a row from different numbers in my same area code! I have exchange blocking on but I'm going to have to expand blocking rules somehow to say if I get more than two robocalls in the same day, no further calls from that area code or exchange are allowed for the day.

Probably a great blocking system would be one that called a number while they were ringing you, and if you got a message saying that number was not in service or didn't signal busy just never answer and auto-delete voice mails from it.

Re:How's that "less regulation" working out now, P

[Gavagai80]

Don't think he really cares about his image, as long as he gets his payoff.

All outbound cold calls are evil

[thogard]

There needs to be a system so that you can buy whatever from a very obnoxious caller and then once the money goes thorough, process the entire chain of transactions under electronic wire fraud.

Companies should be required to correctly answer the question "where did you get my number from" and "tell them and everyone else they are affiliated with to remove my details" and there should be major fines for not complying.

I would be happy for just more digits on the phone number. If 212-555-1234 goes to me, I want 212-555-1234-98765 to go to my phone and all the rest to go to disappear into a "its lenny" type system.

Too little, too late. Phone system is ruined

[darthsilun]

I don't answer calls from numbers I don't recognize. I must have hundreds or even thousands of numbers blocked. I hardly even use my phone as a phone any more.
You want to reach me, send me an email or text me. I suppose if I was really hip I'd be using Telegram (or some other thing.)
Which is funny because 30 some odd years ago I sent real telegrams to my friends when their kids were born. For the novelty factor. It blew their minds back then, when the telegram system was still up and running.

Re:Too little, too late. Phone system is ruined

[darthsilun]

I sent genuine Western Union telegrams back then.
I see tha itelegram.com has taken over Western Union's network and still hand delivers "telegrams".
Fucking amazing
</replying to self>

Re:Too little, too late. Phone system is ruined

[ThomasBHardy]

I have my phone configured to send all calls to voicemail unless they are in my personal contacts. never even rings. If t's important I'll see the message in the auto transcription (iphone) in my voicemail box.

I no longer get 7 calls a day about student loans (not that I've ever had a student loan)

Re:Too little, too late. Phone system is ruined

[markdavis]

>"I have my phone configured to send all calls to voicemail unless they are in my personal contacts."

As I have said many times on this topic, almost HALF of my junk and robocalls leave voicemail. So in half the cases, it is even MORE annoying than answering the call and immediately hanging up without even listening. Voicemail means a long delay. Then another notification. Then you have to launch that app. Then delete the voicemail. (Especially when you have repeat reminders so you don't miss important calls/messages).

>"I no longer get 7 calls a day about student loans (not that I've ever had a student loan)"

And many would have 3 or 4 voicemail alerts and the irritation that goes with dealing with those messages, instead. So while it might help some, it isn't a solution. And it does nothing for land lines, which 99% of businesses and a hell of a lot of homes still have and use. And it means you have to remember to add EVERYONE who legitimately might need to reach you to your contacts, or risk missing something important. I run a system just like you, at least on my cell phone. It helps SOME but also has caused me to miss very important calls, a few being urgent ones in which someone I knew called from a borrowed phone because they lost their or theirs was out of service.

I would much rather the industry fix the problem by wiping out spam calling.

Re:On mobile phones Whitelist known contacts

[markdavis]

>"Bounce the rest (with no rings) to voicemail immediately. I don't think I've ever had a robocall leave a message."

As I have said many times on this topic, almost HALF of my junk and robocalls leave voicemail. So in half the cases, it is even MORE annoying than answering the call and immediately hanging up without even listening. Voicemail means a long delay. Then another notification. Then you have to launch that app. Then delete the voicemail. (Especially when you have repeat reminders so you don't miss important calls/messages).

So while it might help some, it isn't a solution. And it does nothing for land lines, which 99% of businesses and a hell of a lot of homes still have and use.

* It is unacceptable that any robocalls exist at all.
* It is unacceptable that these companies can fake their numbers.
* It is unacceptable that there aren't criminal penalties for spam calls. Civic penalties are a total waste of time.
* It is unacceptable that the do not call list is ignored.
* It is unacceptable that there is no easy way to report abusers.
* It is unacceptable that there are any exemptions for "charities" and "political use".
* It is unacceptable that even what puny laws do exist are not enforced.

There are lots of problems.

Consumers

[dromgodis]

...and other nuisance calls received by American consumers.

Maybe that's where the problem is. You are not US citizens or residents. You are US consumers.

The spoofing has a legitimate purpose

[Solandri]

It's common for businesses to have multiple lines. When they call you from one of those lines, they want their main phone number to show up on caller ID, not the number for that particular line. So they're allowed to spoof the caller ID for all those lines to show as their main number.

The problem is telemarketers spoof caller ID numbers which are not theirs. And the phone companies let them get away with it because those telemarketers account for a large fraction of their revenue (they're basically accepting money to let telemarketers waste the time of their other customers). The fix is for the phone companies to allow multi-line customers to spoof the caller ID only to a number they own.

Re:The spoofing has a legitimate purpose

[aardvarkjoe]

Yeah, you guys bring this up every single time.

And you don't seem to get that we don't care. The only way to prevent people from abusing the ability to hide their number is to absolutely prohibit it. The very dubious benefit of allowing a company to display their "main" number on the caller ID is so far outweighed by the problems of spoofed numbers that it is not worth considering.

Abuses

[DrYak]

And what is preventing you to "flag as spam" each time your mother-in-law or your ex calls you, just to annoy them ?

Allow the receiver to charge a fee

[PacoSuarez]

Just let the receiver of the call charge a fee to the caller if they are not happy with the call. Say $1. If I receive an unwanted robocall, I dial some code on my phone after the call and the previous caller gets charged $1. It can go to the receiver's account or it can be split between the receiver and his phone company. It doesn't really matter, because unwanted calls would almost completely disappear overnight.

Given that billing for phone calls is already in place, I don't see where the obstacle to implementing something like this would be.