FCC Chairman Warns of 'Regulatory Intervention' as He Criticizes Carriers' Anti-Robocall Plans

The Federal Communications Commission will consider "regulatory intervention" if the major telecommunications carriers don't set up a system this year to stop spoofed robocalls, FCC chairman Ajit Pai said Wednesday. "It's time for carriers to implement robust caller ID authentication," Pai said in a statement, noting that some companies have already committed to carrying out protocols, known as the SHAKEN/STIR framework, in 2019. A report adds: Pai sent letters to major wireless carriers in November demanding that they adopt industry-wide frameworks to crackdown on the practice of "spoofing," where robocallers mask a call's origin with a fraudulent number on their caller ID. On Wednesday, the FCC chair followed up with another demand that they implement caller authentication systems this year and a threat over the repercussions if they don't comply. You can read responses from carriers FCC's website.

Uh-oh

[lgw]

Uh-oh. What will Slashdot do now? Pai made a statement that the hive mind agrees with. The cognitive dissonance will be terrible.

Re: Uh-oh

Haha yeah, if someone can think of an ulterior motive for this please help, my brain is already heating up.

Re:Uh-oh

That's why msmash went out of their way to NOT cite his name in the headline.
Just some nebulous FCC Chairman is doing something about robocalls.

Re: Uh-oh

Believe it when it happens?

Re:Uh-oh

Cognitive dissonance would be if he was doing it for the public good instead of for the bottom line of the people who are really buttering his bread.

Robocalls have gotten to such an epidemic proportion that people pretty much ignore any phone call that don't come from someone they personally know, and that's bad for business if you're a telecom.

Re:Uh-oh

It annoys the wealthy, so of course he's moving to eliminate it. There's no dissonance.

Re:Uh-oh

[Ol+Olsoc]

Uh-oh. What will Slashdot do now? Pai made a statement that the hive mind agrees with. The cognitive dissonance will be terrible.

Meh, The Republican plan will be for consumers to pay 50 dollars extra to get rid of Robocalls, Trump will refuse to enact it unless we get a Canadian Wall, and arrest Hellery.

Re:Uh-oh

[110010001000]

I think that Ajit Pai doesn't want me to get the back brace support I need, a vacation to Disneyworld, and help me pay off my student loans!

Re: Uh-oh

Believe it if it happens?

FTFY

Re:Uh-oh

^ This is the right answer, sadly.

Re: Uh-oh

Dems ascension.

Re:Uh-oh

[lgw]

We need a Canadian wall! Made of ice and 100 yards tall! It's the only way to keep the White Walkers out,

Re:Uh-oh

They'll write the title so it implies the exact opposite of what is actually going on.

Re:Uh-oh

Your mother? (plays laugh track)

I think this is about 2 or 3 years overdue and I hope something is done about the robocalling. I don't know who's going to flip out first. The "liberals" who may agree with Pai, or the "conservatives" who will have to admit that government regulations aren't some pinko plot.

Re:Uh-oh

[BringsApples]

I think America needs a dome. Fuck other countries. Fuck Nature (and it's global warming lies). All we need is that dome, and 99.99% of the people working hard to keep it running normal for the elite 0.01%. Then things will be perfect.

Re:Uh-oh

Even a blind squirrel happens upon an acorn once in a while.

Re: Uh-oh

Weak ass midterms and hilarious party infighting is a curious idea of ascension. Then again, I suppose crawling into the shit-filled toilet from the sewer is technically ascending.

Re:Uh-oh

[thebryce]

I never really thought about it before, but "robust caller ID authentication" is all of a sudden striking me as an authoritarian choke point that *could* be used to prevent the politically disfavoured from communicating. I get a lot of spam calls so it's annoying. But is that the right solution?

Re:Uh-oh

[lgw]

You do get that the 0.01% are the ones that benefit from globalism, right? The more workers, the less they get paid. All that "race to the bottom" happening in other countries only helps the 0.01% here to the extent they can ship the work there. For maximum profit, we need the race to the bottom happening here.

Re:Uh-oh

[bobby]

Resistance was futile. He has been assimilated.

Re:Uh-oh

Uh-oh. What will Slashdot do now? Pai made a statement that the hive mind agrees with. The cognitive dissonance will be terrible.

Even a stopped clock is right twice day.

Re:Uh-oh

[pr0fessor]

You forgot pay off your student loans, get a lower interest rate, or extend your cars warranty.

We've been trying to reach you about your cars extended warranty... Yes, can you extend the warranty on my 1969 Chevelle? (it's going to need an entirely new power train soon it's only got like 200k miles on it)
 

Re:Uh-oh

[Sarten-X]

Personally, I'm opposed to the idea that anybody's purely evil. I think people are driven by motivations we just don't understand or don't agree with.

From that perspective, I'll wildly speculate with no evidence or context! That's what Slashdotters do best!

By threatening regulation instead of actually proposing regulation, Pai has actually opened the door for carriers to avoid compliance. They can present timelines pulled from dark and smelly orifices, promising that they'll be compliant sometime in 2083, and Pai can then turn around and issue statements that the FCC is now working "for the people" and "working with carriers to ensure timelines are met". Any further push by the public to accelerate the standards' implementation will just be called political posturing, led by the Deep State to undermine the FCC's authority.

Meanwhile, the big carriers will demand subsidies to implement this new standard, and in the name of system-wide compatibility, they will insist the government adopt (and mandate) another new standard, conveniently authored by several industry insiders, and which relies on a software patent with exorbitant licensing fees, just-so-unfortunately out of reach for a startup carrier's budget.

To be clear, this post is intended to be modded "Funny". Please do not let it be "Insightful". For the sake of all Americans, I hope to be completely wrong.

Re:Uh-oh

It annoys the wealthy

You really think the wealthy bother answering phones with numbers that these people can get hold of? I'm not wealthy and I've an old clam shell that I use daily for voice and text that gets less than ten of these a year. My landline on the other hand gets a few each day that nomorobo typically handles.

Re: Uh-oh

[HiThere]

Well...there's also the question of exactly WHAT will get implemented. Just because we're told that a regulation will do something we desire doesn't mean it won't do a lot of things we don't desire, even if it actually does do what we desire. I don't know the SHAKEN/STIR framework, and I certainly haven't analyzed how it works, or in what ways it could be manipulated.

Re:Uh-oh

[140Mandak262Jamuna]

Mod Parent Up, ++ insightful

Re:Uh-oh

[Sarten-X]

...

...Jackass.

Re:Uh-oh

[budsetr]

Wait, are you trying to insinuate that the "wealthy" have their own national phone system completely separate from the rest of us? Staggering. "Hey Bob, new rich guy, yup just hit the 15 million mark. We gotta install all that extra cabling to his house, and plumbing too. Crap! We also have to reprogram another group of servants to never ever ever ever ever ever EVER say a word about any of this. Oh jeez, we also have to train that schmuck on proper Rich Person Telephone Network use. I wonder if anyone let the Rich Person IT department know yet."

Re: Uh-oh

Yes. Have you noticed that the rich follow a couple of very simple rules like avoid cell phone contracts that make them as footloose and fancy free as they are?

Re:Uh-oh

[Ol+Olsoc]

We need a Canadian wall! Made of ice and 100 yards tall! It's the only way to keep the White Walkers out,

Could we make it of Molson?

Re:Uh-oh

^ This is the right answer, sadly.

ACTUALLY, you are right but the QUESTION is who is the wealthy? If you start asking questions when the "tax the rich" ideas start to flow like the green ink over at Engraving and Printing, you may discover YOU are actually part of the rich, especially when they are actually trying to raise more than just a token amount of tax revenue.

But you are talking about donations to the various political campaigns and the effect of lobbyists on this whole crazy system Congress built, where it commissions "experts" to manage the regulations, so Congress can ignore them and not get bogged down in all the little details of things. Problem is that Congress has abrogated it's authority, passing it off to the likes of the FCC, to be used and abused by political forces for political reasons.

Personally, I think Congress should take their authority back and make it so the FCC (and it's siblings like the EPA) can only suggest laws to be written by writing the bills that congress must pass and the president must sign before they are given the force of law. Congress should take back control.

Re:Uh-oh

[dcrisp]

That is a really insightfull view of the situation. I think we need to closely consider this.

Re:Uh-oh

[Shikaku]

I would bet some hard cash that they use either a whitelist or some program that enables a whitelist because they would be bombarded by sheer quantity otherwise.

Re:Uh-oh

The interesting thing is Pai explicitly mentioned wireless phone carriers.

All of our cellular hardware from the radios on the tower to the software managing the infrastructure came from Huawei.

Our government has already banned themselves doing business with Huawei, and are pushing pretty hard to try and extend that ban to US companies as well, or at least any company involved with "national security" such as our critical infrastructure. At least some in the government count the countries cellular network as such.

In essence Pai is telling carriers to replace all of their hardware and software with newer versions to support this new caller ID, all while only one company sells such hardware and the government doesn't want anyone purchasing from that company.

It's a little hard to believe Pai doesn't know this.

Re:Uh-oh

[lgw]

Ah, you're thinking of putting the wall on the Canadian side to keep the US out. Fair enough.

Re: Uh-oh

[sconeu]

The SHAKEN/STIR framework involves sharing Vodka Martinis with the CEOs of various telecoms.

Re:Uh-oh

[Ol+Olsoc]

Ah, you're thinking of putting the wall on the Canadian side to keep the US out. Fair enough.

I knew as soon as I posted it that Molson was a lame choice. If I drink Canadian beer, It's Maudite - even if it comes from Quebec.

How about a wall of Resin IPA from Sixpoint? If you haven't tried that (and like IPA) I highly recommend it: https://sixpoint.com/beers/res...

Re: Uh-oh

Right on.

Re:Uh-oh

[shanen]

Deserves a Funny mod, but I never get any to give.

Re:Uh-oh

[bjdevil66]

Uh-oh. What will Slashdot do now?

Naively wait and hope - for Ajit Pai to push as hard for this as he did to bring down Net Neutrality.

Re:Uh-oh

Congress should take back control.

That would mean taking back responsibility, so it's not going to happen.

Re:Uh-oh

[DaveSewhuk]

That you need to pay an extra fee to take advantage of. FTFY.

Re:Uh-oh

idk. i'm starting to believe the democrats are truely evil.

hollywood, pedowood, illegals, roman polanski defenders, ms13, more illegals, criminal illegals, the clinton dead pool.

And consider.
The republicans didn't want to confirm someone. They just refused to vote.
The democrats didn't want to confirm someone. They accused him of gang rape 40 years ago with no evidence at all.

big difference.

Re:Uh-oh

[Major_Disorder]

We need a Canadian wall! Made of ice and 100 yards tall! It's the only way to keep the White Walkers out,

As a proud Canadian I support the building of a Canadian wall to keep the orange one out of my country.

Re: Uh-oh

maudite taste like shit try a pit caribou

Re:Uh-oh

Mod parent +++Funny!

Re: Uh-oh

[LostMyBeaver]

It affects him directly.

I turned on my American telephone for my upcoming US trip next week. Since I've turned it on, I've signed up for the "Do not call registry" which I'm quite sure does nothing. I've been receiving on average 3-5 phone calls a day from Kissimmee Florida to inform me that my medicare will not cover a hip some surgery if I wait any longer. Every call claims quite forcefully that "This is your last warning" of which I keep hoping it is true... it's not. If I press 2, it should add me to the "Do not call list" and I've pressed it a few times only to be transferred to a sales person. At which time I ask to be removed from the list... and I'm not.

It is quite impressive to see how poor the state of the US is in. Only in India, the UK and the US have I ever seen so many people blatantly trying to take advantage of other people. It's absolutely horrifying that the regulatory committees are unable to control this problem. When an American company calls and American telephone number and the owner of that number contacts the FTC to report a violation, the FTC should be knocking on their door within a week. Instead, the FTC doesn't seem to do anything about it... all the scam calls I've received are long time members of a list of known scammers. It also appears that these people know they are safe. What's worse is that there are people working for these companies who knowingly violate the "Do not call" registry. After all, Robocallers should have access to a database which makes it clear who they can call and who they can't. If these companies violate that, they should be shutdown or fined severely on early offenses and punished with prison on repeat offenses.

I'm very sad to know just how low the people of America have declined to.

Re:Uh-oh

[Uberbah]

Same reason Bernie Madoff went to jail - he stole from the rich. If he had just done what Wells Fargo or Steve Mnuchin did and stole from working stiffs, he'd probably have a job at the White House - under either a Dem or GOP administration.

Re:Uh-oh

False dichotomy. Just because we disagree with some of the things that Pai does doesn't mean we have to disagree with everything he does. Your black and white worldview is ignorant and childish.

Re:Uh-oh

numbers that these people can get hold of

*facepalm*

You naive child. The scammers and spammers don't "get hold of" numbers, they mass dial them. That means _everyone_ gets hit, regardless of your social or financial status (unless you're homeless and simply don't have a phone, but even then homeless people can easily have phones due government handouts).

Re: Uh-oh

no u r.

Re:Uh-oh

Wait.

Rich people use land lines?

I *think* this *might* be about the businesses that use robocalls and not the people who use land lines, and I*think* those businesses *might* be owned by people with slightly more money than average.

I *might* be wrong.

You, however, are an asshole.

Re:Uh-oh

[geoscodin]

I got those car warranty calls all the time so I would open by telling them that I had 220,000 miles on my car and THEY started hanging up on ME. On the rare occasion someone stayed on, I would ask them to remove me from their list. I guess it was a good strategy because they never call me anymore.

Re:Uh-oh

[mjwx]

Wait, are you trying to insinuate that the "wealthy" have their own national phone system completely separate from the rest of us? Staggering. "Hey Bob, new rich guy, yup just hit the 15 million mark. We gotta install all that extra cabling to his house, and plumbing too. Crap! We also have to reprogram another group of servants to never ever ever ever ever ever EVER say a word about any of this. Oh jeez, we also have to train that schmuck on proper Rich Person Telephone Network use. I wonder if anyone let the Rich Person IT department know yet."

I get the joke... But some of it is closer to reality than you think.

Rich people do have separate communications networks, maybe not based in wires, in fact a lot of it is person based to ensure that not any idiot can accidentally call the Queen of England (I believe Prince Charles has an exception). Often rich or important people will not have a direct line that doesn't go through at least one form of filter, usually this is a person who redirects or dumps your call but now we've got heuristic programs to filter and VPNs to isolate networks.

Re:Uh-oh

We need a Canadian wall! Made of ice and 100 yards tall!

Have you seen Minnesota lately? Done!

Re: Uh-oh

[dwillden]

Funny you blame Americans but invariably when they do manage to track down one of the spam call groups they are operating from overseas. The last big one was based out of India. Yes there is a problem with the US phone system and it should be quite simple to fix. Prohibit number spoofing. The carriers can implement systems to prohibit any call not originating from the claimed number. But for some reason they refuse to do so leaving us subject to this never ending flow of spam phone calls.

And as I stated before, these scams are not originating in the US.

Re:Uh-oh

[dwillden]

Yes we can, for only $1000 per year since the original warranty expired. (payable up front of course). And while you are paying that we also need you to pay for your Taxes or else the Sheriff is standing on your front porch to arrest you.

Re: Uh-oh

[apoc.famine]

The issue is that a ton of companies have moved to VOIP, and/or have a lot of internal numbers but want calls to appear to becoming from the official, published business number so they look legitimate. It's going to be harder to google one of a thousand numbers to see if they are legitimate than one main business line.

Legitimate companies do have some fairly solid reasons to spoof their numbers.The big problem is that instead of putting any sorts of controls on this, the telecos took the cheap, easy way out and just threw up their hands and said, "whatever".

The big companies that want to do this pay the bills. The average residential customer can either accept getting shit on, or not have a phone number.

Re: Uh-oh

[green1]

Spoofing isn't the problem. Unauthenticated spoofing is the problem. The CID needs to be taken out of the hands of the businesses, and put in to the hands of the telecoms. They can then work with the companies to present the appropriate CID. It would be no problem for a company to register their main number, and say "calls from all these other numbers should appear to come from this one, here's proof we own this one" It's that proof part that we're skipping.

It always surprises me how quickly idealistic engineers design systems that fail to include ANY security/authentication system, and expect that humans will play nice. We know that simply doesn't work, it's been proven repeatedly for pretty much as long as humans have existed. It's not hard to authenticate ownership of the main number, phone it! There's no reason why the end user needs to be able to spoof any number they please without proving first that they own that number.

Re: Uh-oh

[Immerman]

>But for some reason they refuse to do so leaving us subject to this never ending flow of spam phone calls.
Ask yourself one question: aside from the scammers themselves, who profits from the phone-scam industry?

Re:Uh-oh

[Immerman]

How would the inability to spoof your caller-id information prevent you from communicating with anyone who wanted to hear from you?

Granted, there may be implementation details that could be easily abused for other purposes - can't say I've even glanced at any of the recommended solutions.

Re:Uh-oh

[budsetr]

That sounds suspiciously like a secretary.

Re: Uh-oh

Get with the times grandpa. The new plan by the repubtards is to just stomp their feet and shut down the govt if they don't get their way. Like children. Indeed.

Re: Uh-oh

[Ol+Olsoc]

maudite taste like shit try a pit caribou

Fortunately, I have no idea what shit tastes like, and have no intention of learning.

Maudite is a malt heavy, high gravity beer, and a decent example of the genre. I'd be surprised if it actually tastes like feces, but will defer to your experience.

Re:Uh-oh

[mjwx]

That sounds suspiciously like a secretary.

Closer to a PA (Personal Assistant) and that is pretty much it and how it's been done for decades. Rich people would hire people to take their calls, answer the door, et al 24/7. We also call them valets (calling them a butler is incorrect, butlers manage the household staff, a valet sees to his lordship's person).

My experience is in working in state government (in Australia). It's very, very hard to get through to a senator if you're not on his whitelist. Any unidentified number will be dropped or ignored. Public numbers for senators will go to their office where they'll get answered by receptionists (its a legal requirement for any politician in Australia to have a public number... but not for them to answer it personally).

Re:Uh-oh

[BringsApples]

I've read this a few times, and I can only conclude that you're explaining my joke to me.

Isn't Pai supposed to be eeeevil?

Doesn't seem to fit his Slashdot reputation.

Re:Isn't Pai supposed to be eeeevil?

[green1]

The summary states that some companies are already in compliance, and he's threatening the others with regulation. That tells me that it should be easy enough to see which companies are paying him. It's the ones who are already in compliance and just want to make sure their competitors are hit with more cost.

"Who are you...?"

[TigerPlish]

..."And what have you done with Chairman Pai?"

Re:"Who are you...?"

..."And what have you done with Chairman Pai?"

They've encased him in carbonite!

This was never part of the deal!

I am altering the deal.... Pray I don't alter it further. It would be a shame if I had to leave a garrison here...

Re: "Who are you...?"

+many points funny

Re:"Who are you...?"

[apoc.famine]

He's just learning how to better play the game. He can issue regulations. But did he? No. He said he might at some point in the distant future if telecos don't say that they're working on something that they'll implement sometime after that distant future.

"Tell me you're going to do something, and all is well." is vastly different than, "You are hereby ordered to do this, on this timeline, with this punishment if you don't comply. No extensions."

I can see why it's taking so long, though

[93+Escort+Wagon]

After all, they had to devote significant time into coming up with that acronym.

is "regulatory intervention"

the code word for "properly placed bribe"

Finally Ajit Pai does something for consumers

[HalWasRight]

Finally the FCC does something for consumers. I get as many as five robocalls a day with spoofed caller id on the T-Mobile network. The telcos need to secure their networks to stop devaluing the money I pay them. Since consumer complaints haven't gotten any action, at least the FCC is finally doing something. BTW: I got another robocall with spoofed caller ID while typing this ... I wonder if the vmail will be in mandarin, which has been a new development.

Re:Finally Ajit Pai does something for consumers

Yeah, but only because it serves him - if you read his own statement, it's obviously he only cares because it affects him directly:

"American consumers are sick and tired of unwanted robocalls, this consumer among them," Pai said in a statement on Wednesday.

Re:Finally Ajit Pai does something for consumers

Wildcard blacklisting whole area codes, toll frees, and one's own exchange (to deal with neighbor spoofing) can have excellent results. I still get a few locally sourced spam calls weekly, and I've only blocked a few dozen exchanges and area codes. While inconvenient, you can whitelist others in your exchange by creating multiple rules to avoid blocking specific numbers. Inconvenient, initially, but worth it IMO. Probably not a good choice for a business phone, but seems acceptable for a private phone.

Re: Finally Ajit Pai does something for consumers

And half of them seem like human calls until you try to talk to them. Itâ(TM)d be interesting if they reacted to the sexual insults all of us throw at them.

Re:Finally Ajit Pai does something for consumers

[AmiMoJo]

I only answer calls from numbers I know now, or if I'm expecting a call from that organization. Disabled voicemail completely. SMS doesn't generate a notification any more.

Don't answer

It's gotten so bad that I no longer answer calls from unknown and random numbers anymore. If they want to talk, leave me a voicemail.

Re:Don't answer

[budsetr]

What is voicemail?

Robo call companies

will flood the FCC with robo-calls/emails to support their existing ability to spoof as a service to the world. Ajit will believe it especially when the emails come with access to some bitcoins and numbers for free hookers. He'll make a statement about how he was wrong all along and the robo calls will continue.

Re: Robo call companies

I doubt he is stupid enough to do that without some initial concession from the carriers. In other news, slashdot has become incredibly boring and repetitive. Thus, in my less than infinite wisdom, I will henceforth write a post every day containing a love letter to our imaginary friend Creimette. Each will be designed to praise some part of her body or mind, or sexual prowess, or ability to pull the spine out of a bogeyman in one move. You will are all invited to say something like amen after each post. Now where did I put my drink?

Why is number spoofing even possible?

[budsetr]

How are they even spoofing in the first place? Shouldn't we just remove that ability?

Re: Why is number spoofing even possible?

Is calling from a bank of phones with dialable numbers spoofing just because you see a different number every time?

Re:Why is number spoofing even possible?

[nerdonamotorcycle]

Same reason a lot of attacks on the Internet are possible: the network was designed and constructed at a time when only trusted parties were connecting to it. It wasn't designed to be secure because at the time it was relatively easy to identify bad actors and disconnect them from the network.

Re:Why is number spoofing even possible?

even creimette spoofs and cheats all the time and we can't seem to be able to stop him. How do you think we can manage to stop them?

Re:Why is number spoofing even possible?

[Shikaku]

Mostly because businesses now run a VOIP system that translates a bunch of machines into a business account and they need to be able to set their public caller ID as their main business number that can direct your call to who you need and not some random VOIP address of X person trying to call you which might not even be a valid number at all, or just a number of that specific caller in Y department.

The issue has been already solved but in a different format: domain registrars for web addresses with SSL certificates, so a system like that but for phone numbers would be a good start perhaps?

Re:Why is number spoofing even possible?

[Doke]

I tried this when we first got a PRI into our VoIP system. Our provider would only accept caller id numbers in the range they assigned/routed to us over that PRI. I could spoof any of our numbers, but not anyone else's. I don't understand why other providers allow spoofing of numbers that aren't routed to that trunk. Payouts? Graft?

Re:Why is number spoofing even possible?

[coryhamma]

Your provider is taking steps on their own to ensure that their customers are following the rules. Imagine if you are a carrier who often works with multi-state corporations who have a huge number of phone numbers allocated to a global system, this might get unruly pretty quickly, and it would be much easier if you just accepted anything they sent you.

Now imagine that you are an enormous phone company (ILEC) that sells service to many, many smaller phone companies (CLECs), and with number porting, the phone numbers keep changing. It's expensive for the ILECs to keep track of a master list. Therefore, they just let the phone traffic pass without checking caller-ID info. I'm sure there is something in the agreement about the maximum acceptable number of robocalls blah blah blah but it's like a maximum acceptable number of rat turds in your chocolate bar. You would prefer that to be zero telemarketer robocalls.

Maybe these CLECs have some sleazy salespeople who are willing to hook up known offenders to get their sales bonuses. Maybe the CLEC is having trouble paying their bills -- easier to say I'm Sorry for the Robocalls" months/years later than to go out of business. Plus, with the regulations, the ILECs may not be allowed to disconnect the CLECs for sending mass robocalls if there is also real people's phone lines that could get disconnected. They must issue notices and warnings and all that.

Nobody wants grandma's phone to get cut off because her sleazy phone company was allowing telemarketer robocalls through. The fines and investigations put forth by the FCC are clearly not effective. The FCC is a slow moving dinosaur, and when they make a change, there are always unexpected repercussions. Therefore, Ajit is trying to squawk loudly in hopes that the ILECs will at least put some kind of a check system in place.

Re:Why is number spoofing even possible?

[drinkypoo]

It's expensive for the ILECs to keep track of a master list.

How much does it cost to have a database with a few million rows these days?

Re:Why is number spoofing even possible?

[coryhamma]

The database is the cheap part. The Expensive Part is maintaining the records in the database, dealing with conflicts, educating staff on this new system they must now use, ensuring they are not violating any laws with the implementation of the system, etc.

Re:Why is number spoofing even possible?

So all the tech CEOs can work from home and airplanes, but never have their real numbers show up in any records. Such is the magic of SIP and SS7.

Plus govts like to use ss7 to intercept calls around the world and listen in.

Why else would China Telecom have 4 huge telecom data centers located inside the USA? At least the Russians hide their "clandestine" ss7 acts a little better.

ss7 hacking has been around and understood for a very long time. It isn't any secret and has never been a secret inside telecom companies.

Re:Why is number spoofing even possible?

Yup, this is the simple solution, only allow spoofing to numbers you control.

Re:Why is number spoofing even possible?

[green1]

Why do idealistic engineers always fail to account for human nature?

The security aspects of this are not technically difficult in the slightest, and yet instead the system was designed to trust everyone. Imagine designing a large corporate network that way: "I get root, you get root, he gets root, everybody gets root!", and that's also a place where bad actors are easily detected and "disconnected", yet no company would ever allow their admin to do that. Any system that gives full authority to every user WILL be abused, if not now, then later.

WHAT WE NEED

[JimSadler]

We need a number number added to our phones which blocks 100% of all charities, appointment setters, and any sales related call . It must carry a serious prison sentence for the person that dials, the room manager and the owners of a business if even one call is made. In other words a total death for all types of phone sales and solicitations is what I seek. Why would I seek that? At 7:20 this morning I was awakened by a stupid call with the Microsoft services scam .This is despite the fact that i have not touched a Microsoft product of any type for over 20 years. Following that i received four more calls trying to send me Medicaid braces before noon. That particular day i received over 12 bullshit phone calls. I now sometimes explode and use the most vile tactics that i can to get rid of these creeps.

Re:WHAT WE NEED

[Obfuscant]

At 7:20 this morning I was awakened by a stupid call with the Microsoft services scam . ... Following that i received four more calls trying to send me Medicaid braces before noon.

And you think a law banning all sales calls would stop that? You think it was a sales call, and that it was made from someone in the US subject to US law?

Wow. No wonder you get so many scam callers. You must be the most naive person on the planet. You're a prime target.

Good start, but far from effective

[markdavis]

Trying to force accurate caller ID is a good START, if it ever happens. However, it will not STOP the calls from occurring. It might help us DEAL with the calls. It might help report calls (if there was a way to do so). But as long as there is no enforcement and no tools for consumers and no criminal penalties, the calls will just keep right on coming. I don't know about you, but having an accurate ID on my home phone does nothing to prevent such calls from: Irritating me. Interrupting me. Waking me up. Forcing me to drop what I am doing to see who is calling. Or having to ignore the ringing and then put up with the 50% chance of then dealing with a spam voicemail I have to then play and erase. Or dealing with those messages when I get home. Similar issues with cell phone, although I have a bit more control on that. It is still no less annoying.

I want a way to press a button and report the call immediately to the police/enforcement agency/whatever, and then after they get X reports they get fined/shutdown/thrown in jail or something like that. If there are no real consequences, nothing will really change much.

Re: Good start, but far from effective

Exactly. You can try to apply pressure to these guys but they are basically Teflon and they dont care at all when agency types try to trick them into making special rules for their corporate masters. Even if they did they still would be abusing regular customers

Bummer

[gumpish]

The calls which spoof your exchange were easy to spot. Now it will just go back to being numbers I don't recognize from other area codes. Seems criminal that Android doesn't have a standard option to use whitelisting for phone calls and disable alerts for voice mail left by numbers not on the list.

Re:Bummer

Wildcard blacklist + specific/wildcard/contacts whitelist would be a killer feature.

Idea for robust caller ID

[mark-t]

First of all, it is important to realize that there can, in fact, be legitimate reasons to spoof a phone number... for example, calling from a direct dial out line for a business, but wanting the main business head office number to show up on the caller ID instead, which might even be located in a different country or state.

So given that, much of the problem becomes how to enable spoofing where it is legitimate, but to not present a spoofed number as the caller when it is not.

A carrier, when receiving a call that is on its own exchange always knows the exact number that is being called from (we will call that phone number A), the number that is being called (we will call that phone number B), and also knows what number the caller is wanting to spoof as (if any, which we will call phone number C). Whether the caller is trying to spoof or not, the carrier for A adds a temporary entry int a local cache that tracks outgoing calls, indicating that it is making a call from A to B. This entry is kept alive only for a minute or two at most before being deleted.

If the caller does not want to spoof, then assume that C = A, and the remainder of this paragraph can be ignored. If the caller wants to spoof, then the following additional steps must be performed. The carrier for A tries to tell the carrier for C that it wants to use that carrier to spoof to spoof, making a call to #B. This request might pass through a number of other carrriers, so let us assume that the carrier for C sees the number that is calling it as X, since it is possible that the carrier for A, or any intermediate carrier might be conspiring to spoof. If the carrier for C allows the number X to be spoofed with C, then the carrier for C will then ask the carrier for X if it is presently making a call from X to B. If it does, then it adds an entry in its own cache that it is making a call from C to B. If the carrier for C does not recognize X as a number it can spoof for, then the request is ignored entirely, and the carrier for C will not do anything. Please note, that if X has been illegitimately spoofed, but X is still legitimately recognized by C as being a number it can spoof for, then the carrier for X as reached by C will not issue any response, so C doesn't have any obligation to add an entry to its table in that case.

Whether or not the caller from A is trying to spoof, the carrier for A concurrently rings the carrier for B. The carrier for B, seeing the number C as being the number claimed to be called from, asks the carrier for C (as seen from B) if it is currently making a call to B. If the answer is yes, then the number shown in call display can be assumed to be valid. If C does not respond, then no number should show up.

This whole verification process should take a few seconds at most, and can happen concurrently with the ringing of the line. A person who answers quickly might not get a verified caller ID until after they have already picked up the phone.

The cached entries, as I said, are temporary, and are individually deleted after being present for a short time (one or two minutes would likely be enough time to be sure that the call is really valid).

This is just something I came up with when I had some spare time and thought about it while I was taking the bus to work one day.... there might still be vulnerabilities, but I wasn't able to find them..

Re:Idea for robust caller ID

[mark-t]

Oh, as a caveat... this could be worked around if the caller spoofed its number as a number on the same exchange as its own, and the caller's carrier was willing to always answer "yes" to any query, but because these calls can be isolated to always being from particular carriers, they should be fairly easy to filter out.

Re:Idea for robust caller ID

[mspohr]

Much simpler (but it will require the telcos to do some WORK) is just require legitimate businesses that want to spoof their legitimate head office number to register the spoofed numbers with the telco. The telco can then certify that the spoofed numbers are legitimate. Telcos could even charge money for this service.

Re:Idea for robust caller ID

[mark-t]

What stops somebody else from using some known head office number as their own spoofed number?

You need some kind of reverse lookup to verify that the call is really coming from where it appears to be, otherwise it can be too easy to spoof.

Re:Idea for robust caller ID

[mspohr]

The local exchange knows the real number originating the call. If that caller wants to spoof a different number, they need to register with the local exchange. If there is no registered spoof number, then no spoofing.

Re:Idea for robust caller ID

[aaarrrgggh]

It gets a lot more complicated when your business works with SIP trunks. Adding/deleting/modifying DIDs can be done pretty much in real time. Traffic also might not be routed to the expected endpoint, although it is still valid.

Re:Idea for robust caller ID

[mark-t]

Okay, that would work... it cuts out the middleman needed for legitimate spoofing.

Re:Idea for robust caller ID

First of all, it is important to realize that there can, in fact, be legitimate reasons to spoof a phone number... for example, calling from a direct dial out line for a business, but wanting the main business head office number to show up on the caller ID instead, which might even be located in a different country or state.

Yes, that sounds fully sensible: someone calls a (potential) customer, only to have that (potential) customer, when he calls back, land somewhere far away from the caller.

I don't know about you, but if the caller doesn't actually want to get contacted by its (potential) customer than it has all the stink of a spam run ... Yuck.

And the solution is simple: If the return call needs to go to a specific location than route the call thru that locations own switchboard. Yes, that means that such a connection will cost twice the normal price for the company (once to the switchboard, once to the client), but I consider that a win (the caller might decide to use a non-spoofed number instead, or won't make the (nuissance) call to begin with).

Another solution, but now putting the burden onto the phone companies: if the telephone exchange company, when challenged, cannot verify that the "spoofing" is legitimate than it gets fined for it. I think that that will very quickly cause a change there. And yes, I mean that for all of the telephone exchange companies in between the customer and the number spoofing caller. They might even get a 10% deduction of their fine if they can point to whom they got the spoofed call from. :-)

Yet another to minimize the use of, legal or not, "spoofed" phone numbers is to either mark them as such (on the caller-ID display), or even pre- or postfix them with the origional number. Either is good, as long as it makes clear which phone numbers can be trusted on sight (will directly lead back to the caller), and which ones do not.

Bottom line:
allowing callers to manage their own spoofing should never been allowed to begin with.

But hey, as long as telephone exchange companies only reap from it without having any responsibilities in that regard its no wonder that it has become rampant.

Re:Idea for robust caller ID

[mark-t]

Yes, that sounds fully sensible: someone calls a (potential) customer, only to have that (potential) customer, when he calls back, land somewhere far away from the caller.

Sarcasm noted.

However, yes... it is fully sensible. There is nothing wrong with a company wanting its 1-800 number to show up instead of some direct-dial line. And if the caller's direct dial-out line might not even be in the same city as the recipient, how would presenting that number be a win for the receiver? The idea of routing a call through that location's own switchboard would only be practical for very small numbers of calls. Ultimately, I'm afraid it would not very scalable to handling commercial call volumes, because it would invariably overload the call centers where the main office is, since all calls would have to be routed through it, and that burden would have to remain for the duration of the entire phone call, as opposed to just a few moments of brief data exchange needed by the system I described.

And note that in the system I described while allowing such spoofing introduces much more complexity (in particular, it requires that the spoofed number exchange, if any different from the caller, the caller's exchange, and the receiver's exchange all support the protocol), it closes virtually all and does not further introduce any additional vulnerabilities to illegitimate spoofing. If the carrier that is directly connected to the caller is still going to allow illegitimate spoofing, then there is nothing that can be done directly, but the only numbers it will be able to spoof are those that would be routed through it if the destination were to call the number that is being presented as the caller. Since the caller cannot actually control that route, the only exchange this could safely be in all cases is going to be a real phone number that is directly connected to the same exchange as the actual caller (since if it is not a real phone number, there is no guarantee that the reverse lookup would pass into the same exchange). This would tend to place a hard cap on the number of phone numbers that could be so spoofed, and they could eventually be easily filtered or blacklisted.

Re:Idea for robust caller ID

[mjwx]

First of all, it is important to realize that there can, in fact, be legitimate reasons to spoof a phone number... for example, calling from a direct dial out line for a business, but wanting the main business head office number to show up on the caller ID instead, which might even be located in a different country or state.

Already sorted in two ways in the UK.

1. We did away with regional number codes years ago, 0141 does not mean the originator is in Glasgow any more. Modern packet switched networks have made this redundant. By modern I mean the one's we've had installed for over 25 years.
2. Businesses do not buy a direct line for every single employee. They install what are called PABX (Private Automatic Branch Exchanges) which means you only need to plug 1 line in (but often will have more). So the person dialling out from that company can easily ID as the company's main number without spoofing.

There is no legitimate case for caller ID spoofing that cannot be solved though another method.

Re:Idea for robust caller ID

There is nothing wrong with a company wanting its 1-800 number to show up instead of some direct-dial line.

No, there is nothing wrong with that.

Yes, there are all sorts of wrongs with us seeing phone numbers that are not in any way connected with the person or company origionating a call - which is what we are trying to solve here.

And yes, I consider being hired to perform some service (1) for a company as being "connected" too (as long as they have proof on file ofcourse). I may be daft, but not that much. :-)

(1) even if its for a spam^wcold call run.

Ultimately, I'm afraid it would not very scalable to handling commercial call volumes, because it would invariably overload the call centers where the main office is, since all calls would have to be routed through it,

I wasn't thinking about those "commercial call volumes" there. Just the "work from home" and "small locations" spoofers.

Remove them from the equation and it leaves the "big players". Which are much easier to monitor.

But if that is too hard than take the second suggestion: have them send their calls to the telephone exchange company in bulk (something they most likely already do), which than does the spoofing for them.

Yes, that would mean that there is some kind of coordination necessary, or, if the involved company proves to be trustworthy, maybe even a computer link to the telephone exchange company equipment so the spoof numbers can be adjusted when needed.

But as the telephone exchange company now exactly knows which spoofed numbers are used I don't think that, in combination with my other suggestion, that will be abused much anymore.

And note that in the system I described while allowing such spoofing introduces much more complexity

Exactly. Instead you should (at least try to) K.I.S.S it.

And now I think of it, the above (the telephone exchange company does the spoofing) can as easily be used for singular persons as for those "commercial call volumes" companies ...

Re:Idea for robust caller ID

[Obfuscant]

which means you only need to plug 1 line in (but often will have more). So the person dialling out from that company can easily ID as the company's main number without spoofing.

As soon as you "plug" a second line into a PBX you have a reason and a need to "spoof". Having a PBX makes it more important to be able to spoof, not less.

There is no legitimate case for caller ID spoofing that cannot be solved though another method.

Most blanket absolute statements are false.

Re:Idea for robust caller ID

[mark-t]

I will agree that ideally we want to a K.I.S.S. approach, but in actuality the solution I suggested has only one extra level of complexity over even a straight reverse lookup approach. This complexity is only required because there are lawful and legitimate uses for spoofing, as I mentioned previously, and that the admittedly much more straightforward approach of just routing through the spoofed exchange would place an additional burden on that exchange because it must manage that connection for the duration of the entire call instead of only for a few moments which would not be scalable to handling commercial call volumes.

Obviously a small mom and pop shop would not have a problem with it, but then the small mom and pop shop isn't going to generally have to be spoofing a number that isn't on their own exchange in the first place. If they are, then then the distant exchange is still going to need to verify that the caller that wants to route through it is coming from where they say are, which requires an additional reverse lookup at that location, and is actually no simpler than the system I described anyways.

The scammers, meanwhile, are left quite high and dry. They cannot forge a number that you cannot call back, since a reverse lookup would fail, and they cannot forge a real number that isn't actually on the exact same directly connected exchange as they are, because otherwise when your exchange does the reverse lookup, it wouldn't get any response from the exchange that it tries to talk to.

Re:Idea for robust caller ID

because it must manage that connection for the duration of the entire call instead of only for a few moments

I'm not at all sure what you are talking about here.

I thought it was about the caller ID. And that gets send before the targets phone even rings (and normally accepted only than).

If they are, then then the distant exchange is still going to need to verify that the caller that wants to route through it is coming from where they say are

Impossible, without verifiable correct list of who owns - or has the right to use - which phonenumbers. And that would need centralized databases and a lot of continuous communication (if only for the transient usage of spoofed numbers by all those callcenters) with it - which would be a weak spot in itself.

In the end it would be a case of the database either trusting what it gets offered, or the telephone exchange company starting to ignore the database because its unworkable.

Having the telephone exchange companies create a peer-to-peer trust network will be much easier - especially when they would have something to lose.

and they cannot forge a real number that isn't actually on the exact same directly connected exchange as they are

:-) You are cutting into your own fingers there: Those "hired help" callcenters might well not be connected to the exchange which owns the too-be-spoofed number.

Also: There might be several (smaller) callcenters all doing the same job, and all wanting to spoof the same telephone number - each ofcourse connected to its own exchange. Which would make a reverse lookup ... difficult.

Re:Idea for robust caller ID

[mark-t]

I thought it was about the caller ID. And that gets send before the targets phone even rings (and normally accepted only than).

Except you can't route the caller ID any differently than the phone call itself... that would require a complete overhaul of every exchange, not just those at endpoints, and would provide no useful incremental upgrade path. Until at least a majority of exchanges supported it, it would generally be completely useless. You could, as I thought you were suggesting, route the entire call through another exchange, but that's a pretty heavy load for it to carry if many other places from around the country are doing the same thing.

The mechanism I described would only require no more than the caller's exchange, the receiver's exchange, and the spoof number's exchange (if different from the caller) to be enhanced... the effects of it would be felt sooner, thereby incentivizing the necessary cash flow to complete the transition.

[Verification is impossible], without verifiable correct list of who owns - or has the right to use - which phonenumbers

Not at all... you should be, after all, able to *call* that number. If it's not a number you can call, then it shouldn't be treated as genuine.

Essentially, a reverse lookup amounts to basically making a special type of call back to the number that is being claimed... when the special reverse call reaches the final exchange, rather than replying back that the line is busy or passing this call onto an extra line that may be allocated for the phone#, this end-point exchange just looks up info in its cache to see if the caller's phone number is really being called by who they say it is. If the exchange responds with an affirmative, then it can pass on the call display info to the receiver's phone. Entries in the cache can be removed perhaps a minute or two after they are inserted, long enough to allow a call to be completed, but not so long as to cause the cache to fill up or to be unrepresentative of the calls that have recently been placed from that exchange.

And so if, for example, somebody from, say, India wants to spoof some USA number, they will have to control the exchange that governs the USA number they are trying to spoof, because otherwise when your phone does the reverse lookup, the call is going to end up at that USA exchange, and the call isn't going to be found there, meaning it issues no response.

USA exchanges that allowed such spoofing to occur using their own numbers could be flagged quite easily, and being under USA jurisdiction, the companies that maintain them could be penalized or possibly even entirely blacklisted until they are brought into compliance.

Re:Idea for robust caller ID

Except you can't route the caller ID any differently than the phone call itself

That was not what I was talking about, but instead your suggestion to do a reverse lookup: If the same number can be send from different locations, which one should it return ? Also think of the possibility that several legitimate as well as a few bad actor spoofers might be active at the same time.

Besides, how do you think you could get all exchanges - within America or not - to implement such a system ? And mind you, if only one exchange in the chain doesn't (correctly) implement it the whole lookup breaks.

In other words: Possible ? Yes. Feasible ? I don't think so.

Not at all... you should be, after all, able to *call* that number.

I take it you mean that as in "the caller who spoofed a number wants you to be able to reach him (or his principal) again". Thats not quite true. Quite the opposite even.

Spam, regardless of the type, lives by just getting its message across. It doesn't even expect a response.

Con jobs like all those "We are from MicroSoft, and we see you have a virus on your computer" do not even want to be able to be called back.

The problem is not the spoofed numbers that connect back to the calldesks principals, its the "joe jobs" among them which make our life miserable.

And so if, for example, somebody from, say, India wants to spoof some USA number, they will have to control the exchange that governs the USA number they are trying to spoof, because otherwise when your phone does the reverse lookup,

Again, why that complex ? All the phone exchange "at the border" needs to know is if the the exchange transferring those calls can be trusted. If not he can simply refuse to accept them - until they clean their act up.

the [phone exchange] companies that maintain them could be penalized

That is pretty much what I started with. Currently they enjoy the money thats coming in as a result of those bulk calls, but do not seem to have any responsibility in regard to them.

Re:Idea for robust caller ID

[mark-t]

I take it you mean that as in "the caller who spoofed a number wants you to be able to reach him (or his principal) again". Thats not quite true. Quite the opposite even.

Spam, regardless of the type, lives by just getting its message across. It doesn't even expect a response.

You misunderstand.... I am suggesting that a caller who spoofs his number and doesn't expect you to be able to potentially call that number back *should* be treated as an unverified caller, exactly as if they had sent no caller ID information at all. If your exchange can't do a reverse lookup on the caller ID info that it gets (which is what the caching mechanism I described would implement), then any claimed caller ID info would be seen as fraudulent.

Again, why that complex ? All the phone exchange "at the border" needs to know is if the the exchange transferring those calls can be trusted. If not he can simply refuse to accept them - until they clean their act up.

The decision to refuse to accept a call that does not contain trustworthy information should be left up to the recipient, not up to some intermediary... and that's why only the recipient's endpoint would technically need to have any upgrades for this to be useful. Besides, intermediary connections have no special way to know if a number that is being claimed is actually what it says it is any more than your own directly connected exchange does. You may as well put the responsibility for verification directly on the endpoints, and take a "no response" scenario to the reverse lookup as if there was no caller ID in the first place. If the caller's endpoint also had it, when a reverse lookup reaches that exact exchange, the reverse lookup succeeds and the caller. In the general case of illegitimate spoofing, if the reverse lookup reaches any other exchange other than that of the actual caller , whether that exchange has been upgraded or not, the number would not be be treated as valid. In the more specific case of legitimate spoofing, the exchange at the number to be spoofed would also be updated, and assuming that the caller's claimed number is recognized as one that the number is allowed to spoof for, this exchange would do the same verification as the recipients endpoint would before it would trust to add an entry into its own cache (since it is this spoofed number's exchange that will be reached when the recipient does its own reverse lookup).

If the caller tried to spoof a number whose own endpoint exchange was not also upgraded, in which it would not be... while if they tried to spoof a number whose own endpoint exchange could not verify that the caller was legitimately allowed to spoof that number (again, via a reverse lookup to make sure that the real caller is who they are claiming to be), then that exchange wouldn't add an entry for that call to its cache.

If you think the entire reverse lookup process I described is the part that is too complex, I'm wondering how, exactly, you think that reverse lookup could otherwise be technically performed? As I said, an exchange has absolutely no independent ability to, on its own, verify that any claimed number that is passing through it, and to which it has no direct connection, is actually coming from where it says it is, so you may as well put the responsibility of verifying the call via reverse lookup at the endpoint, rather than at some intermediary. You need additional complexity just to support the reverse lookup in the first place, and the only reason you might need anything more is to support genuinely legitimate caller ID spoofing. Note that in the system I described it is literally *impossible* for a recipient who has this system installed on their end to get a spoofed number unless the spam caller also directly controls the *endpoint* exchange for the number they are claiming to be calling from. This would place an upper limit on the number of such numbers that a spammer could practically claim t

Re:Idea for robust caller ID

You misunderstand.... I am suggesting that a caller who spoofs his number and doesn't expect you to be able to potentially call that number back *should* be treated as an unverified caller, exactly as if they had sent no caller ID information at all

Not quite. I would really like to be able to see who spoofs his number, and who doesn't.

Even though both would be unknown callers I would sooner pick up a call from the latter than from the former.

If your exchange can't do a reverse lookup on the caller ID info that it gets ... then any claimed caller ID info would be seen as fraudulent.

Yeah, I understood that part. But I already tried to explain why implementing it would be problematic.

I'm wondering how, exactly, you think that reverse lookup could otherwise be technically performed?

I don't think it can. That is what I've been trying to tell you.

if the endpoint at the caller's number as reachable by the person being called has been upgraded, the number can still show up as valid if it is not being spoofed

I'm sorry, but I can't even parse that sentence.

But I see a few problems:

First:
Your method uses the spoofed number to start the reverse lookup with (as thats the only number you got). As long as that number actually exists, how would the "endpoint" (which actually owns the number) know it was a spoofed number or legitimate one ? And if they do not know and can only say "Yes, I'm here!" than how will you know if its spoofed or not ?

In other words, it does not seem to stop anyone from spoofing an existing number.

Second:
It wouldn't stop a malicious spoofer to use a number that is his, but only valid for a short time and have you land at his own (foreign) callcenter phone exchange and thereby return the number as legitimate.

In other words: Its as bad as allowing subscribers to do their own spoofing.

Third:
Every subscriber - company and private persons alike - as well as all phone exchanges - in, but also outside the country - would need to upgrade their equipment to make your idea work.

In other words, it would need cooperation from and spending of money by lots of people - with lots of those outside the jurisdiction of the US of A, and herefore cannot be forced to do so.

Which means the "bad actors" only need to relocate to a country which does not want, or simply doesn't have the money to cooperate to continue as if nothing has changed.

Again: Possible ? Yes. Feasable? I don't think so.

Re:Idea for robust caller ID

[mark-t]

Your method uses the spoofed number to start the reverse lookup with (as thats the only number you got). As long as that number actually exists, how would the "endpoint" (which actually owns the number) know it was a spoofed number or legitimate one ?

Well, first of all, the endpoint would recognize it as a number that actually belongs to that exchange.

Secondly, when the caller places an outgoing call from an updated exchange, that caller's endpoint adds an entry into its temporary cache that it is making an outgoing call. If or when the reverse lookup happens, the caller's endpoint will see that indeed there is an entry for that number, and respond with an acknowledgement. Entries in this cache are, as I said, removed after being present for a minute or two... long enough to complete a call, but not so long as to be unrepresentative of what calls were recently outgoing from that exchange.

If the caller tries to place a call from a number that is spoofed, however, the reverse lookup wouldn't generally end up at the same exchange as the outgoing call, no entry would be found, and the call could be assumed to contain unverified caller ID information. Without making prior arrangements with whatever endpoint *is* going to be reached when a reverse lookup happens (which would be the case, for example, with legitimate spoofed outgoing calls where the caller wants the company's 1-800 number to show up at the recipient), the would-be spammer is going to be left with very few options for remaining undetected... in the end, they would have to settle for being classified the same as if there were no caller ID at all.

Not quite. I would really like to be able to see who spoofs his number, and who doesn't.

I suppose you can display that a caller has spoofed their number but that number could not be verified, although that might be of limited use, since it won't help you identify who the actual caller is. Effectively, it's the same as if they had not transmitted any caller ID information at all.

And without doing a reverse lookup, there's no way to know if the caller is actually calling you from the number that is being sent as their claimed number... remember, you never can known where the caller is actually from, all you can ever know is the number that they *claim* to be from, because there is no way for an exchange to know whether the originating number is genuine for any call that does not actually begin at that particular exchange (short of doing the same reverse lookup that I described previously, but then why not just do that at the endpoint instead of making each and every exchange do it?)

Every subscriber - company and private persons alike - as well as all phone exchanges - in, but also outside the country - would need to upgrade their equipment to make your idea work.

Perhaps it has evaded your attention that caller ID itself is a fairly recent innovation, and until a significant percentage of the country had been upgraded, a recipient would not tend to receive any caller identification at all.

The idea works just fine before a majority of the country has been upgraded... if the person being called doesn't have an upgraded exchange, then they have no way to verify the caller ID as genuine. If the caller doesn't have an upgraded exchange, then the recipient has no way to verify the caller ID is genuine. This is absolutely no different than the telephone landscape as caller ID itself was being first introduced. Meanwhile, upgraded exchanges that *are* making phone calls to eachother can enjoy the improved verification system, and as more participate, more numbers can be verified.

Which means the "bad actors" only need to relocate to a country which does not want, or simply doesn't have the money to cooperate to continue as if nothing has changed.

And the recipient of calls from such places would see that there is no verified caller ID information in that call, and they could choose to ignore it.

Re:Idea for robust caller ID

Well, first of all, the endpoint would recognize it as a number that actually belongs to that exchange.

You are not actually listening to anything I said, do you ? I already pointed the problem out with that. Twice.

Goodbye.

Re:Idea for robust caller ID

[mark-t]

No, actually, you didn't... it seemed to me that you suggested that what I was describing wouldn't work just because the exchange that the number is actually coming from had spoofed the #, so you can't rely on its validity, but in general, that won't actually work because when the reverse lookup is done on the number, it would end up at a *different* exchange than the caller.

Conspiring with another exchange to permit number spoofing would still necessitate that the spammer have complete control over how a call gets routed, to ensure that their spoofed number actually gets routed to that exchange.

Essentially, it become roughly on par with faking an IP address, which works if you aren't expecting any sort of return data, but when a reverse lookup happens, per the protocol I described, any claimed caller ID information can be seen as valid.... or not verified. Yes, it does require a significant percentage of the exchanges to be updated before a significant number of calls will be recognized with the new protocol. but that's absolutely no different than when caller ID was first created.... most exchanges needed to be updated to support it before you would get caller ID info for most calls, even if you had a caller ID box on your phone.

Move To Australia

[labnet]

We implemented a Do Not Call register backed by legislative penalties ages ago and I've never had a robocall on my mobile (cell). .. and there are other benefits...
Universal Healthcare
Never seen a gun in public in 50 years unless it was on a policeman or security guard
Metric!
Proper coffee.
Kangaroos!
Drop Bears...
Rugby... not that costume game you play..
No Ajit Pai
you do have cool rockets though... we don't have rockets...

Re:Move To Australia

[ItsJustAPseudonym]

I'd also give you Victoria Bitter.

Re:Move To Australia

[labnet]

The locals won't even drink that poison... I think we ship it all to the USA

Re: Move To Australia

Meanwhile Townsville is flooded and Tasmania is combusting. The south has heatwaves that are unlivable and drought will stop civilization.

And your stupid PM denies AGW.

Coal, baby, coal!

Re:Move To Australia

and there are other benefits...

Like no privacy to speak of.

Your gouverment has, in the last few years, taken the right to invade all your communications and computers at will, and for any reason. All in the name of keeping the country safe from "bad guys" ofcourse.

I thought America was bad in that regard, but you guys really cream the top.

So thanks, but no thanks.

Slow Learners

You still cheer the Obama administration to force CALEA onto the internet, by calling the ISP's a "voice service" instead of a "data service". You naïve fools. Pai was very clear. The Obama admin's decree wasn't legal, and he rolled it back.

A joke?

There are already sufficient regs with the do not call registery.
  These cost real money

If the carriers choose to remove the accountability necessary to enforce these costs, then the carriers should be required to cover the violation costs that these callers are able to avoid.

So what is the sequence I need to do collect these?
Record me telling the daily caller do not call.
Record a few calls.
Ask the carrier who to send the bill to
With no answer, send the bill to them?

Doesn't bother me

[p51d007]

Number isn't in my contact list, I just don't answer it. If it IS someone trying to reach me, they will leave a voice mail, and they get added to my contact list. If they don't, they go into my spam blocker. Problem solved.

Re:Doesn't bother me

[bjdevil66]

You've minimized the inconvenience in your case, which is great. With a better system, however, you'd never have had to put in any effort to setting your system up - or be distracted again by future spoofed calls. THAT'S how it should be.

Re:Doesn't bother me

the problem is exactly why they spoof local exchange numbers is that they're playing the odds on it matching a number in your contact list

Re:Doesn't bother me

[zaq1xsw2cde9]

Problem with this method is, putting them in your spam blocker is bad for you, not them. They use a random number every time. Since they don't use the same number again anyway, you've just blocked a potential legitimate caller in the future, and not them. Spammer's next call will be from a different number.

Your Problem is not solved. You've created another one for yourself in the future when you meet a new friend, or try to do business with someone else, and they are blocked and you don't even know it.

Re:Doesn't bother me

This is trivially remedied by reversing the blocking order and only allowing numbers on your contact list to actually ring your phone with all other calls being sent straight to voicemail. This is how I personally run things and it serves me well. Anyone with an important enough reason to contact me will leave a message and anyone else isn't worth my time.

Will it work as poorly as Do Not Call registry?

Unfortunately whatever they implement will be about as effective as the Do Not Call Registry was.... not at all. The scammers always find a way around rules and they count fines as the price of doing business.

Iâ(TM)ll eat your shoes

If this actually happens this year. Thereâ(TM)s no fucking way it will happen. Period.

A solution, though not for everyone

There are apps that block all calls not already in the contacts. Since these calls go to voicemail, it's still possible to get in touch with the occasional valid caller who's not already in the contacts. At the very least, this eliminates interruptions from these scammers and I'm finding that most of them don't leave messages.For me, this solution works nicely. I pity those people who regularly get random callers. For you, I don't have a suggestion

Finally something Pai and I agree on.

[TomBauserman]

If he can come up with an actual plan and not just a bunch of hot air.

Re:Finally something Pai and I agree on.

And that's the problem with Pai - all he does is talk. He spends more time giving speeches than he does implementing what he's thinking about threatening to do. Frankly, he's spouting nothing but flatulence at this point.

Meanwhile, when a robocaller tells me to hit '1' for more information, I do - and yell "BANG!" at the top of my lungs when the call is forwarded via a throw-away cell number to some dumb schmuck who couldn't get a job bagging groceries. If they don't like it, then they can (try to) sue me, and we'll have fun in court.

When did that "Comments Filter" with tabs appear?

[shanen]

A few minutes ago I noticed the "Comments Filter" below the post button. It has tabs for the primary dimensions of moderation, so (for example) clicking on the "Funny" tab immediately shows the current 2 funny comments on this story.

Is this a new feature? Or have I been blind, and if so, for how long? Now I don't have to waste time with the text searches on "funny"? Fewer annoying false positives (as distinct from actually bad moderation)?

By the way, the "Funny" comment to which this reply is attached is not very funny. At all. But that's just part of the general brokenness of the moderation system.

I still can't get over the possibility that an actual change has occurred. A new feature?

Naw, I must have been blind and just never noticed it. Probably been there for years if not decades.

Paper Tiger

This is a diversion by Ajit Pai, a paper tiger.

He has no intentions of following through, I'd bet a day's pay. Hell, make that a month's pay.

At best, and this is the very best we can hope for, he'll issue a statement like the following: "The FCC has considered a regulatory intervention, but regulations are strangling our glorious US businesses. Hail to our glorious leader, Donald Trump! The telcos solved the problem through the magic of market forces. Job done, mission accomplished, backslaps all around."

Wrong framework

SHAKEN/STIR (Secure Handling of Asserted information using toKENs/ Secure Telephony Identity Revisited) is the wrong framework to use.
It should be VODKA/MARTINI (Voice Of DaleK Advertiser/MAndate Real Telephony Intrudes NIghtly)
or CHUGBEER (CHop-Up Goolies Belonging to Each and Every Robocaller)

I ain't saying he's a gold digger.

I'm just saying he ain't messing with no broke tax payers.

It's all about the Benjamins

Since the carriers make a lot of money from the spoofers (phone accounts every month), it would be against their best interests to stop spoofing.
Otherwise, the carriers would have never allowed this in the first place. Tampering with their networks, and such.

Ajit Pai just has not sold out yet.

[bussdriver]

Robocallers FAILED to purchase Pai and now they will pay the price.

Don't expect a fully working solution because that likely would upset Pai's owners.

It says something is wrong when officials replace citizen with consumer and it DOES impact thinking to do so. I am NOT a consumer, I am a citizen, a human and not merely a cog in your machine.