FCC closes a robocaller's loophole

Originally published at: FCC closes a robocaller's loophole | Boing Boing

…

Why would illegal robocallers have any desire or compunction to follow protocols and procedures suggested by the FCC?

Huh? These are regulations on the carriers to implement technical changes to their Caller ID implementations to prevent spoofing.

My bad, haven’t had morning coffee yet

We’ve all been there.

by requiring small phone companies to implement the caller ID authentication technology known as STIR and SHAKEN.

Bond Telecom uses only one of these technologies and refuses to implement the other.

Has every country’s telecommunications infrastructure been rendered near-useless by robocalls over the last few years or is this largely an American thing?

The fact that ‘gateway providers’ are still exempt until 2023 is of concern; that means a nontrivial chunk of the offshore ones who are also de-facto legally untouchable remain technically unhindered.

Well, old networking guy here, used to work on early IP telephony stuff a bit and still read the industry rags. Currently, about a quarter of all calls in the UK and Spain are spam/robocalls, while only about 10% of calls in the US are, and most of the rest of the world is well under 10%. Which makes sense – the wealthiest, easiest to data-mine, and least protected are the most attacked, and places where there’s still a central government owned and run telecom infrastructure at the carrier level (i.e. no small or independent baby bells) and which have fewer phones/capita and less wealth to scam people out of don’t get as many. Still, it’s a global issue, and its good to see the US acting on this issue.

You may be the perfect person to explain to a completely technically incompetent nincompoop like myself why it isn’t possible for the carriers to simply eliminate robocalls which use spoofed numbers? Is it not possible to verify that a call originates with the actual number holder before allowing it to go through?

I recently changed a number that I had had from the days of the bag phone (remember those?) to try to reduce robocalls. It was less than 30 minutes before I had the first robocall to the new number, so obviously it is possible to just spoof calls to every possible combination of numbers until one goes through. I have never ever responded to a robocall, and yet I still receive a couple a day. And now robotexts as well.

In the Netherlands here - I have a land-line that gets a spam call once every couple of months and mobile phones that have never gotten a spam call in 10+ years.

For those that don’t know, the US caller id system is in the process of a forced upgrade intended to move from a legacy system that made spoofing numbers easy, to something that will supposedly prevent that.

I have noticed that my spam voicemails these days are always for car warranty. Maybe that is a sign of progress that the other scams are finding it harder to contact me?

At any rate, until this gets resolved I am keeping my cell area code from where I used to live. Makes it trivial to identify spam calls since anyone from that area code that I want to talk to is in my contacts.

Here in France, the government broke up and privatised the France Telecom (aka Orange SA) monopoly a few years ago, and one of the side effects was that they stopped dealing aggressively with phone and SMS spam. Yet the French government remains one of the largest investors in the rebadged Orange. So now it’s not as bad here as it is in the US, but it’s definitely a problem. Moreso on mobile than on landlines/VOIP. I’ve heard that other mobile vendors are even worse. Most people use apps or some kind of management schemes to mitigate the problem.

It was much less of a problem when we lived in Belgium. I don’t know if that’s because they did a better job or the problem is much worse now.

Well, is it possible? Maybe, but it’ll never be done with the old systems. Now, my information is a bit old, but back in about 2003 I helped set up a digital phone switching center for a company that was changing from an ISP to a VOIP carrier. While all I did was the networking stuff (as in plugging in cables and making sure the servers were properly IP’d and routed), I did chat with the VOIP crew about how all this stuff worked. As they explained it, if I’m remembering properly, the role of a VOIP carrier is to offer to move calls with a certain quality and latency, for a certain price, between the endpoints. In that era at least, when you made a call, your cell carrier would want to get that call off their network as soon as possible, and make someone else pay for it. Similarly, the other end’s carrier wants to get the call as close as possible to the end user. This resulted in a market where different carriers would bid for traffic, with the lowest price winning. There are many other variables – which codec, international taxes, how much other traffic is being passed and its price, and so on, but in essence in that first few moments between hitting dial and the first ring, an entire reverse auction takes place between the various carriers servers, and the low price wins but only for a very, very short window. Oh, and the servers don’t get the actual phone numbers (that would be a potential breach of privacy) just a weird account number. If you’re doing research to see if you’re being spoofed, the window will close (it’s just a few hundred milliseconds). But that may be a decade or more out of date.

England isn’t anywhere near as bad, at least my experience of it isn’t.

Congresspeople also get an exemption. Of course.

Caller ID spoofing is a feature, not a bug. It’s there so corporate phone systems can have an external number showing that is a main switchboard or other central number, but the call can be coming from anyone’s desk within the company.

Way too much of corporate communication depends on this feature to remove it, I think. So the carriers are left trying to distinguish fake spoofers from legit ones.

Exactly.

Any legislation and policy would need to frame the language of the bill/law/regulation with “intent to mislead, defraud, or otherwise obscure the call origin inconsistent with the nature of the calling party…shall be a felony…under the wire fraud statutes.”

I’m in the U.S. My wife and I get very few spam or robocalls on the landline. Our cell numbers, however, are under constant assault, not just by robocalls, but spam and scam text messages as well. Thankfully, we don’t have cell coverage at home, so all of my spam voicemail, junk texts, and “missed call” notifications arrive about once a week when, I go to the grocery store.

The caller ID spoofers don’t even try very hard. Often, the displayed number isn’t even a valid phone number. I would think those would be easy for the phone company to identify and block.

Thanks. I hadn’t thought about the origination of the feature.