Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Regulator Demands Companies Take Action To Halt Robocalls (reuters.com)

Posted by BeauHD on from the can't-come-soon-enough dept.

FCC Chairman Ajit Pai on Monday wrote the chief executives of major telephone service providers and other companies, demanding they launch a system no later than 2019 to combat billions of "robocalls" and other nuisance calls received by American consumers. Reuters reports: In May, Pai called on companies to adopt an industry-developed "call authentication system" or standard for the cryptographic signing of telephone calls aimed at ending the use of illegitimate spoofed numbers from the telephone system. Monday's letters seek answers by Nov. 19 on the status of those efforts.

The letters went to 13 companies including AT&T, Verizon, T-Mobile, Alphabet, Comcast, Cox, Sprint, CenturyLink, Charter, Bandwith and others. Pai's letters raised concerns about some companies current efforts including Sprint, CenturyLink, Charter, Vonage, Telephone and Data Systems and its U.S. Celullar unit and Frontier. The letters to those firms said they do "not yet have concrete plans to implement a robust call authentication framework," citing FCC staff. The authentication framework "digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it," the FCC said.

9 of 161 comments (clear)

  1. Bah. by Mister+Transistor · · Score: 5, Informative

    We don't need "encryption" or any other hi-tech horseshit.

    JUST FIX THE GOD DAMNED CALLER ID. NO SPOOFING. PERIOD.

    Done.

    --
    -- You are in a maze of little, twisty passages, all different... --
  2. Re:Just follow the money by Drishmung · · Score: 5, Informative
    A phone network knows the numbers in its own network, but relies on the networks it peers with to supply correct information.

    If Verizon passes on a call from Cox, it trusts the number Cox says originated the call. In terms of billing, Verizon doesn't care. It doesn't send a bill to the originating caller (Cox's subscriber), it sends it to Cox, with appropriate call details (time of day, duration, A & B numbers, etc.)

    Given that every telco doesn't peer with every other telco, that trust then gets distributed---and diluted.

    As networks get huge, and hugely complicated, bad actors can spoof their numbers. Or, they may just steal them (hack into someone's PBX and jump off from its number).

    --
    Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
  3. Re:Just follow the money by Koby77 · · Score: 5, Insightful

    Then it seems to me that no endpoint authentication is required. Simply mandate that the originating network, which of course knows the caller ID of its own subscriber, to pass along the correct caller ID. Otherwise there shall be statutory fines. Such statutory fines are already commonplace in other industries for violators.

  4. Re:Just follow the money by Anonymous Coward · · Score: 4, Insightful

    It is 100% controllable by the phone companies.

    I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

    My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

    Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

  5. Re: Just follow the money by Drishmung · · Score: 4, Informative
    Alas, it's more complicated than it appears. Way more complicated

    The FCC proposal seems stupidly complex on the face of it, but it might be the simplest solution. (Might, I don't know.)

    --
    Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
  6. Re:Just follow the money by ShanghaiBill · · Score: 4, Interesting

    How exactly do you mandate endpoint authentication for calls originating from Canada, Latin America, South America and overseas?

    You don't. You just fine the telecoms a significant amount of money for every spoofed robo-call. Let them worry about how to fix the problem.

    Once the fines start, I predict they will come up with a solution in about five minutes.

    Financial incentives work better than regulatory micromanagement.

  7. Re:Just follow the money by tlhIngan · · Score: 4, Interesting

    It is 100% controllable by the phone companies.

    I work with SIP and PBX professionally. I can pass anything I want out to my provider, but you can be assured that they know with absolute certainty what DIDs I SHOULD be passing out legitimately.

    My provider could stop all spoofed numbers from me before they go out anywhere, and eliminate ~90% of all this scam/spam/spoofing overnight. Providers only need to police their own networks to reduce spoofing and all the crap that comes with it.

    Any legitimate need to spoof a number (which are a vanishingly small number) should be documented and legally approved.

    And some providers do. We switched landline providers and our new one filters the caller IDs we tell it. Our old one didn't, but the new one knows which phone numbers belong to us and does a quick lookup to make sure the number we pass it is one of ours. (We have something like 100 phone numbers, but we only have around 15 connections on a fractional).

    The biggest source of the spoofs really is VoIP - and it's going to be hard to source filter those because many VoIP providers have large pools of numbers that they peer with everyone, so those lists need to be shared with all their connection providers. But that's becoming a fancy form of spoofing if your provider can simply acquire a number (from somewhere other th an you) and say it's theirs.

    Perhaps all the VoIP providers need to get together and actually list out who owns what number in a centralized directory that can be consulted/ And if it's not there, then show up as 000-000-0000 or something to show an obviously invalid number and to hang up on them. But sucks to be on VoIP...

  8. Allow the receiver to charge a fee by PacoSuarez · · Score: 4, Interesting

    Just let the receiver of the call charge a fee to the caller if they are not happy with the call. Say $1. If I receive an unwanted robocall, I dial some code on my phone after the call and the previous caller gets charged $1. It can go to the receiver's account or it can be split between the receiver and his phone company. It doesn't really matter, because unwanted calls would almost completely disappear overnight.

    Given that billing for phone calls is already in place, I don't see where the obstacle to implementing something like this would be.

  9. Re:The spoofing has a legitimate purpose by aardvarkjoe · · Score: 4, Insightful

    Yeah, you guys bring this up every single time.

    And you don't seem to get that we don't care. The only way to prevent people from abusing the ability to hide their number is to absolutely prohibit it. The very dubious benefit of allowing a company to display their "main" number on the caller ID is so far outweighed by the problems of spoofed numbers that it is not worth considering.

    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?