The real problem is the lack of security and authentication on telephone networks, which enables number spoofing with virtually no chance of reprisal -- foreign callers (realistically out of the FCC's jurisdiction) use VoIP services to create calls that originate from an IP address from the telephone network's perspective, and the phone network makes no attempt to authenticate the metadata (like the phone number that is calling) before forwarding it on.
The 'neighborhood scam' is one which I am frequently subject to, and there is virtually nothing I can do about it (except block all the numbers with the same prefix as my own, but even this only covers the cases where they restrict their spoofed numbers to that small range).
Domestic callers like the one described in this article seem like a very small part of the problem, since they can be tracked and prosecuted. Foreign callers never pay the penalty with our current system, and I suspect they are more numerous based on the accents of most robocall operators I've gotten on the line.
What I don’t understand is why no major mobile carrier is offering a solution to this. It’s a pretty competitive market and this could be a big selling point.
When the isp wars were going strong, before broadband put everyone under the thumb of monopolists and also before gmail, spam filtering was a serious competative advantage.
Why can’t phone companies take an RBL like approach? If your VoIP service garners too many complaints because you are selling to robocallers then you don’t get to have calls delivered to e.g. ATT mobile customers anymore?
Are there legal or technical interconnection requirements that would make such a thing impossible?
2% monthly churn is not low. That annualizes to ~25% which is significant. The cost per acquisition of getting a new customer is actually quite high so their churn numbers definitely hurt them.
When there are only 4 carriers in the US, it doesn't really matter. AT&T will lose a customer to Sprint, Sprint loses one to T-Mobile, T-Mobile loses one to Verizon, and Verizon loses one to AT&T. No one is getting rid of their cell phones.
T-Mobile offers it as a free option with two levels: labeling the call as Scam Likely and blocking it outright. The latter is quite effective - I was getting 5+ calls per day and it’s now 1-2 per week.
The “Spam Likely” determination is fairly unreliable, IMO. They have labeled my doctors office “Scam Likely”, while many “Scam definitely” calls have not been labeled.
T-Mobile's handling of "Scam Likely" seems to be spotty at best, with quite a few false positives. Additionally, their 3rd party vendor seems to be wanting to audit businesses that are mis-identified: https://feedback.fosrvt.com/
I haven’t had a single false positive. I get 1-2 false negatives per week but haven’t found an iOS call blocker which had comparable or better accuracy.
That’ll probably require fixing the broken design of the telephone system.
Only for postpaid accounts. T-mobile treats its prepaid customers like garbage. They even refuse to register correct callerID info for numbers they assigned in violation of E911 requirements.
Blocking calls from certain VoIP services is almost certainly going to be a violation of common-carrier rules (which still apply to phone service no matter what happens with broadband).
At a technical level, spam filtering relies heavily on analyzing email text. Doing similar analysis on voice calls is way harder. Also, there's UI issues. You can redirect suspected spam emails to a folder the user can inspect for false positives. What do you do with a call that hits the robocall filter?
It's worth reading Pai's actual dissent: https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-72A5.pd.... Among his reasons for dissenting is that the Commission was unwilling to "establish[] a safe harbor so that carriers could block spoofed calls from overseas without fear of liability."
All this occurs against the background of the Communications Act's common-carrier obligations, and the FCC's call-completion rules, which generally prohibit blocking calls. What the FCC did in the order you linked is to simply say "nothing in the Communications Act or our rules or orders prohibits carriers or VoIP providers from implementing call-blocking technology that can help consumers who choose to use such technology to stop unwanted robocalls."
Is that a safe harbor? No, as the next sentence clarifies, what can be blocked depends on the nature of the call: "Additionally, in the interests of public safety, we strongly encourage carriers, VoIP providers, and independent call-blocking service providers to avoid blocking autodialed or prerecorded
calls from public safety entities, including PSAPs, emergency operations centers, or law enforcement
agencies; blocking these calls may compromise the effectiveness of local and state emergency alerting
and communications programs."
As explained in other posts here, it's hard for a carrier to tell what is a robocall. What is an "unwanted" robocall is even harder--it's a heavily-litigated issue in the TCPA context. (In fact, the rest of the order was about expanding what counts as an unwanted robocall in violation of the TCPA).
That leaves carriers between a rock and a hard place--it they block over-inclusively, businesses who think they fall into a TCPA exception could sue them for violating their common-carrier obligations. Then they get to litigate whether that business falls within the scope of the "unwanted robocalls" the FCC referred to (but did not define). Carriers have a huge incentive to not wander into that morass by offering call-blocking features.
> so that carriers could block spoofed calls from overseas without fear of liability
I don't really want my carrier deciding what calls to block. I just want them to ensure the veracity of caller ID data so that I can perform useful blocking at my end. There shouldn't be anything stopping them from removing fraudulent and unverifiable caller ID info from the calls they route my way. That leaves me free to block calls that lack caller ID info, and I'm assuming all the risks that entails.
Later on spam filtering relied on analyzing email text, but before that was available there was the blunt instrument of blackholing ISPs that refused to police their users.
I remember Bayesian spam filters being the first widely used ones. But it was a long time ago.
It’s not clear to me that carriers would be allowed to do that, especially accounting for situations where VoIP traffic is laundered through a legitimate service (so the entity at the exchange boundary with the end-user carrier is a legitimate one).
Could they get around common carrier restrictions by offering that service as opt in? I’m not so sure about that either.
Should be technically possible to have ”these numbers can originate from this operator”. I’ve learned that if a phone looks to be from my area code, it’s actually from China. No idea what the robocaller is saying.
My operator should be able to have a short list of teleoperators in this zip code, and drop other calls.
I've had the same phone number for over 20 years now, since LNP became a thing I've moved it a couple of times to different providers. Most recently I've parked it with a non-local voip provider which gives me a great deal of flexibility. It sounds like under your proposal no one would receive my calls?
No matter what solution is proposed, there's always a subset of people who depend on that very behavior (see https://xkcd.com/1172/ ).
I think no-one receiving calls from parked non-local voip numbers would be an acceptable price to pay for the elimination of voip spam. You are free to disagree, tech is all about making compromises.
Incidentally, this quickly follows the path we took with SMTP. I can no longer telnet into a random SMTP server and dump incoming mail, which no doubt ruined the carefully honed scripts of many sysadmins.
Something that helps is having an "undesirable" area code.
Telemarketers have learned that certain area codes convert at much higher rates than others. 202, 203, 212, 213 are prime targets. 242, 246, 406 and 701? Notsomuch.
If your NPA isn't important to you, get a number in those areas. (Some carriers will let you choose your area code as long as you're within the same billing center.)
I'm feeling very grateful for sticking with the same phone number I've had since high school in rural Minnesota. 100% of numbers I receive from "my" area code that aren't my mother, are spam. :)
I get almost no spam calls now, Google has call spam blocking built into Pixel phones and I went from a few spam calls a week to maybe 1 or 2 a month. And those 1 or 2 calls ring with a red warning that they're potential spam calls.
For reference, I've had the same New Jersey mobile number since 2001.
Thanks, looking into it now. iOS and Android app. I'm curious to see how this works. Probably can't get in the way of the calls on the device itself; pushes changes to the network maybe?
Some of it is just a matter of associating the name “Telemarketer” with a phone number. I still see those calls, but can immediately identify them.
Stuff it’s more confident about gets blocked outright. I think they’re automating what they’d do if you went into your account and manually blocked a number.
I already have a /dev/null contact with a silent ringer but the telemarketers (especially the neighbor dialing) almost never uses the same number twice. Still hopeful the ATT app helps though.
Their list automatically updates based on whatever mysterious processes happen in their end, so it should be an improvement over manually blocking numbers after you get a spam call. Hopefully it will help a little bit. It's definitely not a cure, but we have to take what we can.
> What I don’t understand is why no major mobile carrier is offering a solution to this.
Carriers have no economic incentive to do this. Most people on AT&T aren't going to jump to Verizon because of the number of robocalls they get on AT&T. It's not worth the hassle of changing.
>What I don’t understand is why no major mobile carrier is offering a solution to this.
I remember at one of the WWDC keynotes, Tim Cook announced this as a new iPhone feature. But he also noted that it was only available in China. I wonder if whatever the Chinese carriers have done can be imported to the United States.
My wife's iPhone will occasionally get an incoming call with small text below reading "Possible spam." She never uses her phone for voice, so she never answers the phone anyway.
I've suggested in the past that every instance of provable spoofing where they did not control the claimed number should result in a fixed fine. $100 sounds about right.
Every phone network will then quickly begin passing on that cost to anyone they "peer" with and it will be a non-issue soon enough.
Is there a compelling reason to allow such spoofs?
>Is there a compelling reason to allow such spoofs?
A few use cases to spoof the number:
* Appointment reminder systems - if I see the caller ID is from my doctor's office, I'm going to pick it up and hear the reminder. When the calls come from some other number, people think it's spam. People still expect reminder calls even if you/HN crowd would prefer an email/text.
* Outbound call centers on behalf of others companies (same reason as above)
* People who work from home but want to make business calls from a personal phone
If no one could spoof, it probably result in a huge uptick of people claiming spam calls since they would be getting tons of calls from numbers they didn't know.
There really needs to be an SPF, DKIM, DMARC for VOIP. I don't think a no spoofing policy would go over well for businesses or consumers.
The question wasn't about why spoofing exists at all. It was about spoofing where they did not control the claimed number.
If you want to place a call with spoofed caller ID info, your provider should require you to prove that the spoofed information is legitimate, not fraudulent. Otherwise, the telco should be obligated to strip the suspect caller ID information from the call so that the recipient can properly identify the call as fishy.
There's no need for any complicated cryptographic solution. Telcos should just be required to know their customer, much like banks, before allowing them to do certain things.
Yeah. I'm perfectly fine with e.g. Twilio being able to tell Verizon "oh, we have authorization to send from $x", Verizon going "uh huh, go ahead" because they trust Twilio not to mess around. But then, if there does turn out to be an issue, Verizon is on the hook, and they'll turn around and charge that to Twilio. So, they'll be fine with letting large companies like Twilio spoof on their network, but they're not going to let RandomCo spoof.
So forcing the fine on the last step in the chain forces everyone to carefully consider who they trust, which is as it should be. Nothing wrong with trust between trusted parties, but clearly the current system has untrustworthy parties given too much power.
That's the thing though, a lot of times they don't control the spoofed number, but there's a legitimate use case for spoofing it. Authorization to spoof is not the same as having control of a number.
A cryptographic solution is absolutely necessary. Most reputable telcos already restrict spoofing or require tons of paperwork to prove you own the number before allowing you to use it as caller ID (like Twilio for example).
The issue is that the PSTN is essentially a huge, worldwide message queue to which pretty much any telco can connect around the world, including shady ones - even if US law actually does fight spoofing, how do you prevent telcos from other countries from continuing the abuse?
Cryptography is needed - when a carrier leases you a number, they give you a certificate with which you can sign other carrier’s certificates if you want to let them use that number as caller ID. Every carrier on the call chain should verify call’s signatures against that and discard any calls with missing or invalid signatures. That will stop malicious spoofing while allowing its legitimate use, just like email where you can use SPF and DKIM to nominate any email provider to be able to send on your domain’s behalf.
A certificate system could work, but really all that's needed is traceability.
If I complain about a call, that should be trackable to the origination carrier and account, and if either one gets too many complaints, it gets thrown off the network (and other penalties).
Actually there is some standardization activity trying to do this. It does not solve the main problem: if you let the originating carrier sign the caller id, you still have to trust that carrier to really check if the caller is authorized to use it. Number portability prevents you from using certificates older than 24h.
In all of those scenarios, one could prove they controlled or had authorization for the spoofed number, hence it would not be eligible for my proposed fine.
I'm not suggesting no spoofing, I'm suggesting a fine on the carrier for unauthorized spoofing, which will force them to actually verify that there is authorization.
You didn't make this clarification in your first post. In the first two examples, they don't control the claimed number, which is what I was responding to.
>I'm suggesting a fine on the carrier for unauthorized spoofing, which will force them to actually verify that there is authorization.
This makes sense. Legitimate companies will get authorization agreements signed etc.
> Is there a compelling reason to allow such spoofs?
It makes telcos money. That's reason enough, since there are no economic downsides to the network operators that enable these crimes. If companies like AT&T and Verizon were also being subject to this $120M fine, we might see them decide to make caller ID trustworthy so that it could be used to block robocalls.
No, this occurs at the telco level. When a call is placed, only the number is sent. The receiving exchange must look up that number to get the name, and that lookup costs some fraction of a cent. This is why Caller ID with name costs extra money.
I'm afraid I didn't read TFA, so apologies if I'm getting the wrong end of the stick. Also it's been 20 years since I worked in PSTN stuff. But at least at that time, the security in the protocol was ridiculously lax. IIRC, with PRI there was literally a bit that you set to say that the originating number was checked and was legitimate. Every other switch on the way through would accept it blindly.
In most areas it was illegal to set that bit unless you were a telco. It was also illegal to sell equipment that set that bit unless you were selling it to a telco. But... it's not that hard to hack.
Someone who's more current can probably give you better information. As to why nobody does anything about it... well.. why should they? They literally don't care. The equipment manufacturers aren't going to change the specs (because it's pretty darn hard to change specs and they are all trying to screw each other over in the specs anyway). The telcos aren't going to demand that the specs are changed because people are making telephone calls -- exactly what they want. It's only if the governments demand the change -- and it will take laws to do that (even then, I imagine that it's cheaper to lobby against the law than to change the equipment -- you have absolutely no idea how crappy those systems are).
There are legitimate reasons for spoofing to work given how fucked up the PSTN is.
Mobile roaming is one for example - when you roam on another carrier and place a call, that carrier directly originates the call and “spoofs” your caller ID to make it look like the call originated from you.
Some companies may use different carriers for either load balancing or least-cost routing and so both of these carriers are required to “spoof” the company’s caller ID.
This can definitely be fixed with a CA system and “delegation” where the main carrier who owns the number can issue certificates for any other carrier you’d like to use to temporarily allow them to use a particular caller ID, and each call request should be signed with that certificate and the signature should be verified by call intermediate carriers down the chain, and the call dropped if the signature is missing or invalid.
I think the correct approach is economic, not technical. Make a rule that, if you get a spoofed call, then your telco owes you $100, not subject to any arbitration clause or other contractual waiver. Give a way out to avoid actually killing the telcos: annual penalties are limited to a few percent of annual gross revenues.
The telcos will find a technical solution real fast.
Or just let telephone users set a price, for someone not in there contact list, to call them. Set it at 5 cents by default. Problem solved for the most part. People that don't know you can still call you (like the person who you left your curtains at for repair) but most robo call campaigns won't be worth it. If you really hate spam, set your price to $10.
If an incoming call is saying it's coming from 555-1234 and telco owns 555-1234 and it's not one of their authorized income points then the call should get dropped.
Or if they don't own it then it's on who's inserting the call into the system.
Telco systems are fun. And by fun I mean it's a complete mess. ISDN is hard and full of caveats (look at SIP for a taste of what it involves).
How? Even in the same city, cellular and land lines aren't always serviced by the same company. In most places I'm pretty sure it's illegal for phone companies to be swapping call data. Or are you suggesting I call back all the numbers that call me to compare bills with the owner on the other end? This plan is not going to work out.
The reason I would agree with a fine is not because a caller's identity cannot be unmasked, but because phone numbers are so closely connected with identity that robocallers are essentially engaging in identity theft and slander when they use people's legitimate numbers to spoof their calls.
I had someone call me once, claiming I had just called them. I hadn't of course, so the only thing I could think of was that someone had used my phone number for spoofing.
The FCC at some point considered requiring authentication numbers or attaching names to numbers. They ultimately rejected the idea. There were multiple reasons why they rejected it, but from talking to someone at the FCC one of the reasons they rejected connecting numbers to identities too strongly is that victims of domestic abuse may need to call their abuser (eg about child support), but do so without giving away too much information (like address).
Doesn't ANI work? When I worked at a business with a phone system used for time tracking we relied wholly on ANI as caller id is what is spoofed. However I am not sure if the ANI information is a paid for service or is it being spoofed as well? Caller ID data was always malleable and never to be trusted
ANI does not typically come with end-user lines, and is (sadly) also spoofable. There are already some systems for fraud analytics, but thye have their own issues.
A user can request a "trace" (usually by dialing a feature code), but not only does this hit the user with a ~$20 fee each time, but the information gathered can only be released to law enforcement, and since local law enforcement would need to make the request, it rarely happens.
The telephone system, in the US at least, could charge people extra for calling a number with the extra charge going to the person/company that was called (those famous 900 numbers, now gone, that kids would call and rack up $10000 phone bills.) It seems to me that it would be pretty easy to set up a system where, if a person is not in my contact list, they get charged some amount of money to call me. Setting it at 5 or 10 cents would be enough to kill almost all of these spam calls and not deter a real person from calling you.
We (Nomorobo) protect you from both neighbor spoofing as well as "standard" robocalls. We add over 1,300+ new robocaller numbers every day. It's pretty crazy out there.
I used Nomorobo for 6 months and it was NOT useful, i have a phone number from a area code + prefix that i dont live at, yet I get about 5-10calls/day from similar looking numbers. Nomorobo would mark them as ‘unblockable’ because of the areacode+prefix match, so i would have to manually block each one.
I switched to ATT Call Protect which works much better. Now i get 1-2 calls/week. I would go back to nomorobo if it worked better.
We used to show "unblockable" because there was a problem with false positives. Lots of families had sequential numbers that were accidentally getting blocked.
Now, if you give us access to your contacts (local processing only, never transmitted to our servers) we can completely block them.
> a technology designed to prevent robocalls altogether, recommended in a report more than a year ago and currently set to be implemented in Canada in 2019, has no such date here in the States.
”STIR and SHAKEN use digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. Each telephone service provider obtains their digital certificate from a certificate authority who is a trusted authority. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed.”
Some of the scammers have run shady phone companies like CallerID4U [0] specifically meant as "bulletproof hosting for robocallers". I could see them branching out into the CA business.
CallerID4U seems to have gone (has been put?) out of business, at least. My Asterisk box hasn't received calls from their prefixes (which I blacklisted) since 2015, and their website's main page returns a 403 Forbidden. [1] It took a bit of hunting with the Wayback Machine to find a good shot of their page. [2]
Spot-checking on telcodata.us, it looks like their prefixes/thousands groups have gone to others as well. 253-245-2xxx now belongs to CenturyLink, for instance, and 425-336-8xxx is unassigned.
Much like "unsubscribe" links in spammer emails, they even had a helpful "Click here to register a complaint and put your phone number on the DO NOT CALL (DNC) list" item on their web site.
Can we please get phone OEMs to enable a feature to only allow calls from people in our contact list? Baked in. No apps that scrape your phone book to do it. If you're not on my contact list, go to voicemail and I'll decide if you're legit. And have an option like DND where if you call in rapid succession then I'll pick up.
I'd prefer an open source software solution but, either way, they'd start leaving voicemails, which is still annoying to manage. However, a lot of them already leave a 3 second blank voicemail, so that would at least eliminate the ignore/reject call step and the rude interruption.
I stopped using voicemail due to the shitty UI back when I had a dumb phone- I didn't want to spend 5-10 minutes waiting to listen to all my voicemails and sit through a robotic dialog.
Today, I use an iPhone and now use voicemail as a basic call filter. If I get a call from a number I don't recognize I immediately let it go to voicemail. At my leisure later in the day I can check the transcription service to see if it's spam.
I find it bizarre that the feature fell out of use for me, and came back into it because of this recent spate of spam phone calls.
That would be nice too. And locally run software should be able to handle it, so you don't have to hand all your voice mail over to a third party. Even 3 seconds of not silence is probably "It's me. Call me back when you get a sec." which the missed call notice already handles. I don't waste time listening to them any more, but clearing the notice and deleting the message is annoying.
That sounds like a great idea. Right now I'm using an app that just blanket-blocks area codes. I got a number in an area code I never go to or know anybody from. Almost all the spam calls are from around there and I block them all. It's not ideal.
I really wish they'd just make some kind of system or authority to keep VOIP from spoofing numbers. It's ridiculous. There's gotta be a way for them to secure that shit. I guess they're just inept.
The FCC has dragged their scapegoat into the public square to torture in a big show for the brutalized masses. But how effective has the FCC been at actually curtailing the problem of robocalls?
This FCC won't do anything meaningful because they've been bought off by the telecoms, and the telecoms make money hand over fist on robocalls:
"The problem," he said, "is that for the carriers, it's a conflict of interest. All of these robocallers represent billable minutes. From a revenue standpoint, anything they do to crack down represents a reduction of billable traffic on their networks."
Same way this FCC's purported "deregulation" of net neutrality is a sham which rigs the game so that the telecoms can leverage their market dominance in more verticals.
We know what the technical solutions are for the problem of robocalls. Corruption and legalized bribery are preventing the application of those technical solutions.
Do you have a source that’s not an offhand quote suggesting that carriers make any significant revenue from robo calls? Also, most robo calls are made through VoIP services. Aren’t they the one with the most financial incentive to keep robocalls going, and the ones that could most easily detect them? By the time the robocall gets to a carrier’s network, its already been mixed with tons of legitimate traffic from VoIP users.
The billable minutes thing is absolutely true. You might not directly pay for them as a customer, but carriers pay each other for inbound calls, so whatever carrier that is originating the robocalls is paying the next carrier in the chain, and that one pays the next, and so on until it finally reaches your phone. We’re not talking much on a single call (the prices are often around 0,01$ or even less) but when you take all the robocalls originated in a single day that adds up to quite a bit.
I believe that for some carriers the billable minutes thing is significant. But what I'm really skeptical of is rectang's assertion that the FCC has been bought off by the same carriers for whom this is significant revenue.
I certainly believe that the FCC is too influenced by large telcoms companies. As we see with the Michael Cohen thing, large companies believe they can buy influence. But those same companies that are receiving the calls are mainly paid by consumers. Is TMobile really willing to risk losing my ~$100/month to get whatever they do for calls I don't answer?
I'm sure there are carriers for whom the robocalls are a major slice of revenue. But are any of them nearly as big as the consumer-focused telecoms companies?
It’s not really been bought off by those exact carriers, but by the telco industry as a whole.
The industry is honestly shady as fuck. They’re being pushed into irrelevance by the internet and VoIP (where there’s no such thing as paying for minutes, thankfully), have thousands of employees to pay (despite not doing much, as they became irrelevant over time), and so while incoming call revenue is maybe 1% of total revenue for someone like T-Mobile, it’s still paying for some useless people’s pay checks, so of course those are gonna fight back.
Now aggregate that across the entire industry - everyone fighting for their 1% of total revenue - and you’ve still got a strong pushback.
Finally your carrier knows they’re not going to loose your 100$/month over robocalls because you have nowhere to go. The situation might change if one carrier bites the bullet and implements a working solution (but good luck given that it requires industry-wide cooperation), then the other carriers will wake up as they now know customers actually have a competitor to go to.
T-Mo has two larger and one smaller national competitors. Do they want the $0.50 they get from robo callers more than the $70 they get from luring a user away from Verizon or AT&T?
Even if they wanted the 70$, at the moment there’s nothing they can do about robocalls without cooperation from the entire industry. A robocall doesn’t look any more shady than a normal call from a receiving carrier’s perspective; whatever solution they come up with will have tons of false positives.
> A robocall doesn’t look any more shady than a normal call from a receiving carrier’s perspective; whatever solution they come up with will have tons of false positives.
Doesn't that undermine a major premise of the OP's post? That one should assume corruption, because it's technically easy to filter robo calls and carriers don't do it only because they love the sweet, sweet, robo call inter-exchange fees?
It sounds like filtering robo calls would require cooperation not only among telcos, but also with the VoIP providers that originate these calls.
While you cannot say for certain that a particular call is coming from a robot, being a major network you can make a very good guess. E.g. when the same origin hits every number with a caller ID in that number's exchange just block that origin from your network. If there is a legitimate reason for this - they will contact you immediately and sort it out. Bonus point - spammers will hit the competitors networks with more bandwidth and force even more people to consider switching.
The current situation is the one, which requires cooperation of the whole industry, actually. It's a prisoner's dilemma in the sense that the first one to implement anti-spam will gain a temporary advantage but eventually everyone will have to implement it and keep up with the spammers who will be finding new ways to circumvent these measures. As it stands now - nobody gains advantage and nobody has to spend money on anti-spam and lose revenue from spam at the same time. As little as it is, taking your $70 and $0.05 from spammers is a lot better than taking your $70 and zero from spammers.
There is no real concept of "origin". Unless you're the direct upstream carrier of the originator of the robocalls, the robocalls will be diluted with legitimate calls in such a way no single inbound carrier stands out.
I see, are there second layer provides agregating multiple VoIP retailers? I thought VoIP route directly to the big telcos networks. But even in this case - just drop the whole 2nd layer provider and they will quickly deal with their spammer clients.
Big carriers* often route directly, but even then, it's not guaranteed (they could use a third-party or even a competitor as a fallback in case their own interconnect goes down), and to be fair, big carriers (Twilio, etc) are decent at fighting abuse - it's not them we need to worry about.
Small & shady carriers are where the problem is, and those often just resell capacity from bigger carriers (some of which in turn resell even bigger carriers), or sometimes even resell illegal "black" or "grey" routes as they're called, could even be compromised servers from legitimate customers of big carriers.
In the end this entanglement mixes legitimate calls with malicious ones by the time they reach the destination (final) carrier, making it impossible for them to drop malicious calls without impacting a lot of legitimate usage.
*I avoid saying VoIP retailers because it doesn't really mean anything; carriers often allow you to use different interconnects, and VoIP is just one of many.
>In the end this entanglement mixes legitimate calls with malicious ones by the time they reach the destination (final) carrier, making it impossible for them to drop malicious calls without impacting a lot of legitimate usage.
No, I did not say "drop calls", I said drop the source. If Twilio got blocked on T-Mobile it would found which re-seller is responsible in no time. If it was their hacked server - they, again, would have found it and patched. It's no different from e-mail spam in early 2000s - all e-mail from a server sending spam would have been blocked, including legitimate e-mail.
On the revenue side, robocalls provide telcos with lots of business opportunities. Start with the "billable minutes".
Consider also that the telcos offer premium services to counter robocalls. Verizon "Caller Name ID" is priced at $2.99/month; for their landlines they sell hardware such as the "Call Blocker Shield". Sprint "Premium Caller ID" (which includes blocking capabilities) costs $2.99/month. T-Mobile "Name ID" is $4/month.
Consider as well that many cell-phone plans are not unlimited and that depending on the plan, incoming calls may count against monthly minute quotas.
On the cost side: the technical solutions to tighten up the network cost money, whether it's implementing heuristic filtering on the existing unreliable network, or working to make the origins of calls reliably identifiable.
Between the revenue and the cost telcos thus have significant incentives to avoid solving the problem of robocalling.
The staggering negative externalities of robocalls, though, are borne by the public. We have a huge collective incentive to see the problem of robocalls solved.
Ajit Pai's FCC won't help the public, though -- it's fine with telcos privatizing profits and socializing losses.
The inter exchange fees are a way to divvy up the revenue collected at the call originator. At the end of the day, the total amount of revenues once all those payments are netted out is going to be limited by how much the robocaller companies are paying for phone service. Is there any evidence that is a lot of money that creates incentives for corruption, as OP implies?
Regulatory capture ("corruption and legalized bribery" in other words) is the critical point that should be raised in every discussion regarding FCC. Without addressing this formative power dynamic, there can be no meaningful progress.
Damn, good point. I figured this should be an easily solvable problem. Stands to reason that the FCC is just letting it happen because they're hilariously corrupt. Definitely one of the most successfully captured regulatory bodies.
But what if the Robocaller wanted to talk to my Google Duplex assistant? It is a pretty boring life for my Duplex. Getting a few phone calls from fellow beings is the bare minimum she deserves!
That one bugs me a lot. I get a credit card call every day from a different number that's close to my phone number.
I wish credit card issuers would end their affiliate programs.
If they don't want to end the programs, they could at least clean them up. If I answer one of the Rachel calls and take them up on their offer for a different card, the credit card company should be able to track who referred me to them and close their account. But the incentives are all wrong.
One technique I use is my phones have an area code from another state that I never get calls from. (South Dakota). If I get a call from this area code I know it’s spam.
One potential flaw of this approach is that there are potentially legitimate services that bridge internet calls to local numbers. IIRC, Skype worked this way, and I assume other things like Google Hangouts and Twilio do, too.
I've permanently turned on Do Not Disturb and configured it to allow calls from people on my contact list. This won't work for everyone but it works really well for me. I no longer get unwanted calls. People I don't have in my contact list are forced to leave a message without my phone ever ringing.
Me too. It's a shame its gotten to this point though. But even worse than a spam call is a spam call from someone's legitimate number. For a period, someone was making sales calls from my Mom's number. She ended up getting about twenty angry return calls a day and had to explain to everyone she didn't call them. She wasn't aware of any alternative, so she changed her number. Sad!
This is the only realistic practical solution we have so far. The other ideas here cannot be done because incentives are not aligned properly. Fining telcos? With the FCC and most lawmakers in the pockets of telcos, this is not going to happen. Cryptographically secure CallerID? Who would pay for this? Telcos cracking down on robocallers themselves? No chance, since they make money from robocalling.
It's like asking the post office to solve junk mail. Where's the incentive?
That's what I do. If I am expecting a call from a non-contact I just disable it for an hour. Everything else gets sent straight to voicemail after a 4-ring wait.
So, if you take any notice of anything on this web site, you will see that even after the page has loaded, it keeps on making loads of network connections to all sorts of servers. For ever. This is now a browser-hostile web site.
PrivacyBadger blocks all of these but you're right, it does seem hostile. I figure most US companies that run ad's have similar setups. After about 10 blocked calls to geo.yahoo.com it stops making the requests.
With PrivacyBadger disabled the connections keep on coming; especially as you scroll the page up and down.
Running NoScript in default deny JS mode results in the page loading, with no further requests occurring while you read the page (because none of the javascript that is making the requests is allowed to run).
For us, the most frequent issue on our land line are out-of-country calls (so out of jurisdiction) trying to sell duct cleaning services. We've gone as far as booking a couple of appointments to identify the local businesses that use these providers, but nothing comes of the reports. Where the origin is foreign, there are still avenues for domestic enforcement but authorities appear uninterested - to me this is an easy way to increase the effective cost of foreign call centers that don't obey local laws.
I got an angry call from a real person the other day yelling at me for calling them so many times. I tried to explain to them, it wasn't me, but they hung up after they said what they had to say.
Has anyone else had similar happen? For some naive reason I just figured the spoofers were using blocks of unused numbers, not live ones.
They're using live ones, all right. Their latest tactic is to use random numbers in the same prefix as your phone, or use prefixes in nearby rate centers.
Yes, this happened to me a few years back. I was waiting on an important phone call, so I had to answer. Turns out some guy was swearing up and down that I called him the day before.
There should be another fines in the future. Also, there should be asset seizures and long jail time if we want to see these crimes stop their harassment on us. I have just read an article that also talks about robocalls at https://www.lemberglaw.com/what-are-robocalls/. Hope the law enforcement will think seriously about this problem.
Some marketers perform lookups to remove inactive / non-cellular numbers from their lists in order to save on costs/time. I believe Google Fi and Google Voice are marked as VoIP in these lookups.
Robocallers seem to be getting a bit more savvy too. I just got one today, articulately told it "fuck off", and it actually immediately stopped! I just thought that was cool.
I treat phone almost like email, by not picking up any calls that I don't recognize. If its important, caller leaves voicemail, and I call back immediately.
i wonder how a proof of work scheme, a la hashcash, would work for call spam. it was originally designed to reduce email spam: https://en.wikipedia.org/wiki/Hashcash
it could be possible to have different PoW requirements for different callers. perhaps you could require a higher PoW for an unknown caller, and no requirement for someone you know.
The FCC can go after robocalls because the law allows them to.
Back in the day, when there were proposed laws to make SPAM similarly illegal, the Direct Marketing Association (DMA) lobbied hard to get exceptions that would allow SPAM. And the rest is history.
I don't get any on my Danish or British phone numbers. Perhaps one per year on the British one.
It would be interesting to know what's different about the systems in the USA, as I don't imagine robocalling Britain would be somehow less profitable except by regulation or technical measures.
I don't know why you were downvoted so much. I agree that being unable to spoof caller ID would go a long way to allowing enforcement of existing laws to work.
This is whataboutism. Choosing one method is not saying 100% of enforcing with only one method. 100 million calls means statisticaly one of 3 usa readers got a call frim him. Thats alot.
The 'neighborhood scam' is one which I am frequently subject to, and there is virtually nothing I can do about it (except block all the numbers with the same prefix as my own, but even this only covers the cases where they restrict their spoofed numbers to that small range).
Domestic callers like the one described in this article seem like a very small part of the problem, since they can be tracked and prosecuted. Foreign callers never pay the penalty with our current system, and I suspect they are more numerous based on the accents of most robocall operators I've gotten on the line.