US Regulator Demands Companies Take Action To Halt Robocalls

FCC Chairman Ajit Pai on Monday wrote the chief executives of major telephone service providers and other companies, demanding they launch a system no later than 2019 to combat billions of "robocalls" and other nuisance calls received by American consumers. Reuters reports: In May, Pai called on companies to adopt an industry-developed "call authentication system" or standard for the cryptographic signing of telephone calls aimed at ending the use of illegitimate spoofed numbers from the telephone system. Monday's letters seek answers by Nov. 19 on the status of those efforts.

The letters went to 13 companies including AT&T, Verizon, T-Mobile, Alphabet, Comcast, Cox, Sprint, CenturyLink, Charter, Bandwith and others. Pai's letters raised concerns about some companies current efforts including Sprint, CenturyLink, Charter, Vonage, Telephone and Data Systems and its U.S. Celullar unit and Frontier. The letters to those firms said they do "not yet have concrete plans to implement a robust call authentication framework," citing FCC staff. The authentication framework "digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it," the FCC said.

Just follow the money

[Koby77]

How is it that a phone network would know who to bill for a call, but would not know who placed the call?

Re:Just follow the money

[Drishmung]

A phone network knows the numbers in its own network, but relies on the networks it peers with to supply correct information.

If Verizon passes on a call from Cox, it trusts the number Cox says originated the call. In terms of billing, Verizon doesn't care. It doesn't send a bill to the originating caller (Cox's subscriber), it sends it to Cox, with appropriate call details (time of day, duration, A & B numbers, etc.)

Given that every telco doesn't peer with every other telco, that trust then gets distributed---and diluted.

As networks get huge, and hugely complicated, bad actors can spoof their numbers. Or, they may just steal them (hack into someone's PBX and jump off from its number).

Re:Just follow the money

[Koby77]

Then it seems to me that no endpoint authentication is required. Simply mandate that the originating network, which of course knows the caller ID of its own subscriber, to pass along the correct caller ID. Otherwise there shall be statutory fines. Such statutory fines are already commonplace in other industries for violators.

Re:Just follow the money

It is 100% controllable by the phone companies.

I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

Re: Just follow the money

[Drishmung]

Alas, it's more complicated than it appears. Way more complicated

The FCC proposal seems stupidly complex on the face of it, but it might be the simplest solution. (Might, I don't know.)

Re:Just follow the money

[ShanghaiBill]

How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

You don't. You just fine the telecoms a significant amount of money for every spoofed robo-call. Let them worry about how to fix the problem.

Once the fines start, I predict they will come up with a solution in about five minutes.

Financial incentives work better than regulatory micromanagement.

Re:Just follow the money

[tlhIngan]

It is 100% controllable by the phone companies.

I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

And some providers do. We switched landline providers and our new one filters the caller IDs we tell it. Our old one didn't, but the new one knows which phone numbers belong to us and does a quick lookup to make sure the number we pass it is one of ours. (We have something like 100 phone numbers, but we only have around 15 connections on a fractional).

The biggest source of the spoofs really is VoIP - and it's going to be hard to source filter those because many VoIP providers have large pools of numbers that they peer with everyone, so those lists need to be shared with all their connection providers. But that's becoming a fancy form of spoofing if your provider can simply acquire a number (from somewhere other th an you) and say it's theirs.

Perhaps all the VoIP providers need to get together and actually list out who owns what number in a centralized directory that can be consulted/ And if it's not there, then show up as 000-000-0000 or something to show an obviously invalid number and to hang up on them. But sucks to be on VoIP...

Re:Just follow the money

[anegg]

To provide further detail regarding the cost of telephone calls made in the United States:

In general (historically), the person who initiates a call (caller) pays for the cost of the call. The person who receives the call (callee) does not pay for the call. This payment relationship can be reversed if the caller requests (through an operator) a "collect call", which must be "accepted" by the callee. The fee structure for calls had (in the 1970s through 2000s) three tiers: local (handled out of the local exchange, with the cost being the cheapest, often included in the base service rate but sometimes billed on a "per call" basis (rather than per minute), toll (handled within a region, with cost sort of dependent on distance on a per-minute basis), and long distance (at a fairly high cost on a per-minute basis).

With the breakup of the massive monopoly called American Telephone and Telegraph (AT&T), which owned almost all telephone exchanges, inter-exchange circuits, and long distance circuits, long distance costs plunged due to competition between long distance carriers.

With the advent of mobile phones, a new cost component for a call was created - the "airtime" used during the call. The airtime is billed to the mobile phone owner; a caller is billed for airtime if they use a mobile phone, a callee is billed for airtime if they use a mobile phone. To the best of my knowledge, a callee is only billed for airtime if the call is "answered" by the callee (not just signaled, and not if the call goes to voicemail).

Mobile phone usage exploded in popularity in the 2000s. Incentives to gain customers ultimately resulted in many mobile phone users having nationwide calling plans whereby they could call anyplace in the continental United States [2600 miles east to west, 1500 miles north to south] at no cost other than the airtime, which in many cases is now "unlimited" at a base service cost below what it used to cost to have just the base local calling capability (in non-inflation adjusted dollars to boot). [An an example, in the late 1980s I lived in Tennessee, paying about $35/month for phone service to my house. My long distance bill was about $100/month, as I called my (divorced) parents in New England (about 846 "crow flies" miles ) once/week. I now have mobile phone service through a Sprint MVNO (Tello) that costs $15/month (including taxes) for unlimited nationwide calling. Since $135 in 1990 US$ is worth $260 in 2018 US$, getting the same capability for only $15 (less than 6% of the 1990 cost) today is incredible.

Land-line subscribers in urban and suburban areas are now generally offered nationwide calling plans at base service rates comparable to mobile phone service. Rural areas may be more expensive (I do not have any experience in those area).

So... in the United States, not only does the recipient NOT pay for a call, the caller in many (most?) cases isn't paying for the call on an individual basis, but as part of a nationwide calling plan with unlimited calling, and at a very attractive rate assuming the caller has chosen their phone service provider carefully.

Incidentally, from the United States, I find the UK practice of charging people a license fee for having a radio frequency receiver (television/radio) unbelievable to the point of insanity.

Bah.

[Mister+Transistor]

We don't need "encryption" or any other hi-tech horseshit.

JUST FIX THE GOD DAMNED CALLER ID. NO SPOOFING. PERIOD.

Done.

All outbound cold calls are evil

[thogard]

There needs to be a system so that you can buy whatever from a very obnoxious caller and then once the money goes thorough, process the entire chain of transactions under electronic wire fraud.

Companies should be required to correctly answer the question "where did you get my number from" and "tell them and everyone else they are affiliated with to remove my details" and there should be major fines for not complying.

I would be happy for just more digits on the phone number. If 212-555-1234 goes to me, I want 212-555-1234-98765 to go to my phone and all the rest to go to disappear into a "its lenny" type system.

Too little, too late. Phone system is ruined

[darthsilun]

I don't answer calls from numbers I don't recognize. I must have hundreds or even thousands of numbers blocked. I hardly even use my phone as a phone any more.
You want to reach me, send me an email or text me. I suppose if I was really hip I'd be using Telegram (or some other thing.)
Which is funny because 30 some odd years ago I sent real telegrams to my friends when their kids were born. For the novelty factor. It blew their minds back then, when the telegram system was still up and running.

Consumers

[dromgodis]

...and other nuisance calls received by American consumers.

Maybe that's where the problem is. You are not US citizens or residents. You are US consumers.

Allow the receiver to charge a fee

[PacoSuarez]

Just let the receiver of the call charge a fee to the caller if they are not happy with the call. Say $1. If I receive an unwanted robocall, I dial some code on my phone after the call and the previous caller gets charged $1. It can go to the receiver's account or it can be split between the receiver and his phone company. It doesn't really matter, because unwanted calls would almost completely disappear overnight.

Given that billing for phone calls is already in place, I don't see where the obstacle to implementing something like this would be.

Re:The spoofing has a legitimate purpose

[aardvarkjoe]

Yeah, you guys bring this up every single time.

And you don't seem to get that we don't care. The only way to prevent people from abusing the ability to hide their number is to absolutely prohibit it. The very dubious benefit of allowing a company to display their "main" number on the caller ID is so far outweighed by the problems of spoofed numbers that it is not worth considering.