FCC Announces Action and Legal Framework To Fight Robocalls (axios.com) 104
Federal Communications Commission Chairman Ajit Pai proposed a ruling Wednesday that would combat robocalls that spoof legitimate, in-service numbers and provide legal framework for phone carriers to carry out the action. From a report: The declaratory ruling will be voted on and, assuming it passes, be adopted by June 6, per the FCC. If enacted: Phone companies would be allowed to block calls for consumers by default. Consumers could "white list" their contacts and opt-in to only receive calls based on that list. Emergency and other vital calls would not be blocked. Through the notice of proposed rulemaking, the FCC will also seek comment on additional measures aimed at curbing robocalls.
John Oliver wins. (Score:3, Informative)
Not a solution (Score:5, Insightful)
So instead of holding the people who are making the calls and breaking the law accountable, it pushes the onus of avoiding the calls to the recipient. This is like giving plywood to people who are getting their windows broken by a vandal instead of going after the vandal. Blocking all calls except a white list is not a workable solution for many people. Like usual, this new rule is designed to benefit companies and hurt consumers.
Re: (Score:3, Insightful)
I'll second this. As a small business owner, I always have new clients calling me from numbers I don't recognize. I can't whitelist customers I don't know about yet.
Re:Not a solution (Score:5, Interesting)
Re: (Score:2)
Re:Not a solution (Score:5, Insightful)
So instead of holding the people who are making the calls and breaking the law accountable, it pushes the onus of avoiding the calls to the recipient. This is like giving plywood to people who are getting their windows broken by a vandal instead of going after the vandal. Blocking all calls except a white list is not a workable solution for many people. Like usual, this new rule is designed to benefit companies and hurt consumers.
Just get rid of spoofing. I know the argument that legitimate companies use it to show all outgoing calls as coming from a central number. So instead have it display both the original outgoing phone number and the spoofed number, something like "XXX-XXX-XXXX on behalf of (or as) YYY-YYY-YYYY". Would solve a lot of problems right there.
Re: (Score:2)
Then block the number by default? A legit VOIP phone would provide infos. Those that are robocall or scam or ill intention would try to hide such the infos.
Re: (Score:3)
That makes no sense. There has to be a mechanism, or else calls going the other direction wouldn't work. The verification mechanism consists of:
I'm off topic and ignorant.. :) (Score:2)
I doubt searching for dgatwood as an author would yield much that was useful.
Re: (Score:2)
Works for me (Safari and Chrome). What browser?
Re: (Score:2)
If the call is routed over PSTN, valid caller ID should be verifiable.
If you have your own phone switch and allow anonymous inbound SIP, well... you might want to think about that if you are having issues with robocalls.
Re: (Score:2)
A problem that is trivial to solve. For my UK VOIP provider, I could change my presentation number only after verifying my ownership of it.
Re: (Score:1)
No, its not.
There is no legitimate reason to not, by default, provide a direct call-back number for if you get accidentally disconnected, and there is no legitimate reason to call somebody without the expectation that they could call you back when this happens.
Saving a few dollars is not a legitimate reason to degrade the network effects that make the phone network more valuable to everyone.
Re:Not a solution (Score:5, Interesting)
Exactly. A better solution would be to keep robocalls from spoofing numbers when the company doesn't own the number. For example, if Big Corp X doesn't want their 555-867-5309 internal number published via caller ID, they can have the number show a more general 555-867-0000 that the company also owns. However, RoboCall Company Y couldn't make their 666-616-3845 number appear as 555-867-0000 because they don't own that number.
Re:Not a solution (Score:5, Interesting)
Since Verizon did this by default, I believe any carrier can do it. I think the unscrupulous carriers must be accepting money (bribes) to allow the spoofing. That is what should be made illegal.
Re: (Score:2)
Pretty much any VoIP POP provider will let you do whatever you want with caller-id. They'll let you do whatever you want with E-911 as well. There's nothing in the system to prevent anyone from doing it.
They'll do it for you, me, or anyone else for less than the cost of a Big Mac.
There's a reason "SWAT"ting is a thing...
Even Better Solution (Score:1)
Remember when we set a drop dead date for analogue TV? It is time that we kill SS7 and IPv4 addresses. Bear with me.
The reason that we can't trace these calls back to their VOIP servers is similar to NAT, where we don't know which client behind the translation is sending the message without accessing the router/server translation logs. When our phone receives the call, they can not trace back the IPv4 address.
With IPv6, we can stop translating numbers. Users would not know the difference because their S
Re: (Score:2)
But at the termination level, that’s when you drop a call onto the PSTN, you set the calling ANI then. At the carrier level I am dropping calls I want to networks and not routing them through the same origination carriers. Therefore they have to implicitly trust the ANI. This gets even more complicated if you implement call forwarding because then the call is forwarded, and ideally, preserving the original callerID. If you wrote an intervention, at the customer layer, that prevented setting cal
That wouldn't stop any robocalls at all, zero (Score:4)
You may notice that even if you *could* somehow validate caller ID info (you can't in the general case), that would not stop any robocalls whatsoever. You'd only have the phone number that the robocaller was using that day.
Which isn't to say it's useless, but it doesn't stop any calls from being made. That's one reason CID validation isn't a "better solution", but is only one of several layers the FCC is implementing.
Both the technical protocols of the phone network and the basic logic - stations, services and DIDs (phones, people/companies, and phone numbers) mean there is NOT a 1-to-1 mapping between people and phones, or companies and phones, or DIDs and phones, or DIDs and people, or ... Caller ID checks can only ever say that the caller ID info *could* be correct, or could not be. There are three different phone numbers that ring my mobile phone. Which one is the "correct" one to use for outgoing calls? None of them is more correct than any other. The strongest thing caller ID validation can logically say about CID data is if the White House had registered 202-456-1414 as being used only with particular pair of transit providers they use for their PBX, and I'm not using either of those carriers, and I claim to be 202-456-1414, it can determine that can't be right. If I set a random PTSN DID (phone number) in my caller ID, there's generally nothing that can be validated about that.
Checking that caller ID data is possibly accurate helps a bit, but is absolutely nowhere near fool proof or complete. It doesn't prevent robocalls, at very best it means robocallers can't spoof certain numbers. It doesn't in any way reduce the number of calls they can make. That's why the FCC is using three different layers, three different strategies, which together make the robocaller's life harder.
Re: (Score:2)
Re:Not a solution (Score:5, Insightful)
They have never not been accountable. Fraud, harassment, etc have all been on the books for ages. And the legislation establishing the Do Not Call list all but put otherwise legitimate telemarketing operations out of business.
What's left are illegitimate operations. And the problem with them hasn't changed: you can't really go after someone in India who's using a bank account in Nigeria to buy VoIP service in Canada. These people are behind layers of obfuscation, don't want to be found, and ultimately aren't in the US's jurisdiction anyhow. So even though they're well aware that they're breaking laws, it's very difficult to hold them accountable. The law only puts fear into people who have something to lose.
The compounding factor in all of this is that POTS is not a secure system. Full stop. Each exchange implicitly trusts the exchange that routes calls onto it, and when it in turn routes calls out to yet another exchange, that exchange trusts it in turn. A technical solution would require a complete rearchitecting of POTS, and because that would have to happen on a global scale all at once, poor countries are not going to do it. And no one is going to seriously suggest balkanizing that the global phone system.
I do get the frustration. But saying that the solution is merely to "hold people accountable" vastly underestimates the problem. Just like spam, the underlying causes are far more complex. We can find ways to solve them, but they aren't going to be easy and they are going to involve monitoring, so we're going to have to make sure we don't turn POTS into a panopticon in the process.
Re: (Score:2)
Simple, hold the VOIP service accountable for what they let through. You can't tell me that they don't know what is happening.
Re: (Score:2)
So instead of holding the people who are making the calls and breaking the law accountable, it pushes the onus of avoiding the calls to the recipient.
At least it's something! Politics never produces ideal solutions. You are free to imagine an ideal world where regulating companies works as intended, without those very companies writing the regulations, but we don't live in that world.
I'll be happy with anything that has the effect of limiting robocalls. I'm not going to be picky about the mechanism.
Not instead of. FCC launching layered security (Score:2)
The FCC is launching a multi-layered campaign against robocalls. It includes prosecuting those responsible for the robocalls, using a "follow the money" strategy. It also includes requirements for carriers to support validation of CID information. Lastly, carriers have to offer whitelist and blacklist.
Neither layer is "instead of" the other; they support one another. You can't only "hold the people who are making the calls and breaking the law accountable"; most of them aren't in the United States.
You ca
Re:Nice... BUT... (Score:5, Interesting)
You'll never see Ajit Pai expose the culpability of the carriers.
I mean they could have been checking to make sure that the delivered ANI of calls entering their network matched the carrier source the calls were coming from. Yes, this makes life harder for call centers that have some legitimate claim to forging ANI but that can be dealt with.
The carriers are willing to sell connectivity to anyone and they don't care if generates robocalls because they make money either way. It's no different really than credit card fraud.
Re: (Score:2)
Passing responsibility to the consumer (Score:5, Interesting)
Sounds like this leaves the consumer still responsible. We need to whitelist numbers. We can't have a phone line like we experienced decades ago, where real people with a need to contact us could actually do so.
Unsolicited sales and marketing calls should be illegal.
Phone companies should be responsible for verifying that the CLID belongs to an actual individual. I.e. a named person with a credit card and a billing address. If they can't verify it, carry their calls but drop the CLID to "unverified" so we can send those to VM.
Add in a small per-call penalty for marketers who break the rules that attaches to the phone company if it turns out the CLID presented doesn't map back to a real person. Class actions will ensure phone companies comply.
Companies will carry each other's CLID if they cross-indemnify and companies that refuse to cross-indemnify will lose customers because they won't be able to call anyone without having their CLID listed as "Unverified". Customers would only ever have to sue either the identified marketer or their own telephone provider.
Re: (Score:3)
Because it costs me to answer the call. It takes time (usually out of my evening with family or friends). It's more likely than not something I don't want - otherwise every telesales operator would already have a bazillion dollars. You have no idea what time zone I am in (old landline numbers now ported to cell phones). I might be roaming and your call could actually be costing me $1+/min.
Filtering out junk makes actual calls more valuable to the recipient. People will be more likely to answer the phone
Re: (Score:2)
Post your number here, and we'll call and explain it to you.
Cherry or Peach (Score:3)
Chairman Ajit Pai proposed a ruling Wednesday that would combat robocalls that spoof legitimate, in-service numbers
This is just Pai in the sky if you ask me.
Simple Rules. (Score:4, Informative)
The Caller ID needs to match the number it is calling from.
If you have a good reason for the Caller ID to not match your number, you should either pay per call for the service, or have a good reason for this.
Caller ID spoofing is the biggest problem, it is too easy and cheap.
Re: (Score:2)
The Caller ID needs to match the number it is calling from. If you have a good reason for the Caller ID to not match your number, you should either pay per call for the service, or have a good reason for this.
Caller ID spoofing is the biggest problem, it is too easy and cheap.
Where I don't disagree with you, it should, we have to recognize that this is not how the system currently is designed to work. All the possible solutions here break things which are in common use and have valid reasons to exist.
What you are asking for is going to pretty much require a full revamp of the SS7 ISUP signaling protocol... A protocol that hasn't fundamentally changed in half a century for a very good reason. This won't be an easy or cheap fix. SS7 ISUP is ubiquitous in POTS networks and it'
Re: (Score:2)
"A protocol that hasn't fundamentally changed in half a century for a very good reason."
For 2/3 of this half century with this protocol, most people didn't have Caller ID as a normal feature, this only became common with Cell Phones that had screens, because old plans charged you for calling out and answering phone calls. So you needed to know if you should answer the phone or not.
No it won't be an easy or cheap fix, However this protocol is broken for the 21st century. It is like connecting to your work P
Who pays to have the robocalls made? (Score:5, Insightful)
.
Follow the money.
Re: (Score:1)
This would be a step in the right direction, but not all robocalls are from a company trying to sell you something. Yesterday I received three calls two different scam operations. While I didn't actually take the calls, they did leave part their poorly written text-to-speech prompts in my voicemail because the robot apparently wasn't smart enough to deduce that it was talking to voicemail. One call was a congratulatory call saying I had been pre-approved for a 0% interest rate loan and that I needed to pres
Re: (Score:2)
.
Follow the money.
Re: (Score:2)
Re: (Score:3)
If there were financial incentives (fines). If telco's wanted to fix this they could quickly.
Not really. SS7 ISUP is the signaling protocol most POTS calls are based on, it's been the industry standard for half a century. SS7 ISUP and many of the call features you depend on make fixing this problem impossible to fix, you will need to change SS7 ISUP with something that is sure to be incompatible. You just don't rip SS7 ISUP out, revamp it to fix these issues over night. Even if we had a version of SS7 that allowed what you want to be enforced, it wouldn't be compatible with current SS7 stacks.
Re: (Score:2)
I had an idea that I thought could work... during the initial period of adoption, it would be of limited benefit, but over time, and as it became ubiquitous, I think it would ultimately be very effective.
The general idea is to do a reverse-lookup on the incoming phone number that the caller is claiming to be from, and essentially call them back to verify that the number is really calling you. If the callback does not end at a phone number that is controlled by the caller, then it cannot confirm it is c
Re: (Score:2)
Re: (Score:2)
Not really a solution. (Score:2)
There's about a hundred reasons I can think of why whitelisting wouldn't work for the average person.
Take my bank as an example. I have a debit card through them and have, on occasion, gotten calls regarding suspicious use of my card. The bank's card security department has multiple phone numbers and I have no idea what all of them are - there'd be no way for me to whitelist them unless the bank were to provide me with a list of all of the numbers they use.. which would then open the door for scammers to co
Whitelist wouldn't work (Score:5, Insightful)
A whitelist solution wouldn't work. First of all, it puts the burden on consumers. I would need to make sure that my contacts list is up to date. If a company changes their number, I'd need to be sure my contacts entry has that updated number or I wouldn't get calls from them.
Secondly, the FCC isn't mandating that this service be free. So will I need to pay my phone company another $4.99 a month per line to keep from getting robocalls?
Third, it doesn't deal with intermittent callback situations. Suppose I drop my car off at the shop for an annual inspection. I leave and they'll call me when it's done. Do I need to add them into my contacts to be sure I get the call? How do I know what number they'll be calling from ahead of time?
Finally, it doesn't address when robocalls spoof legitimate numbers that you've whitelisted. These will still get through. How will we keep robocallers from doing this? What if a popular app goes rogue and gets your contacts list? That could be sold to robocallers who could use it to know just who to spoof for their calls to get through. What are the penalties to make this venture non-profitable? The answer is likely that there aren't any. Pai is putting it all on consumers to solve the problem and the marking it as done.
Re: (Score:3)
First of all, it puts the burden on consumers.
Welcome to 21st century, where the corporation is always right.
Re:Whitelist wouldn't work (Score:5, Interesting)
Re:Whitelist wouldn't work (Score:5, Informative)
A whitelist solution wouldn't work... Suppose I drop my car off at the shop for an annual inspection. I leave and they'll call me when it's done. Do I need to add them into my contacts to be sure I get the call?
Exactly. Or I drop off my child at daycare or kindergarten. What if there's a medical emergency and I might get a call from any one of the thirty responsible adults at the place? or from whichever hospital they've taken my child to? Heck, I don't even know if all of the responsible adults will have local phone numbers -- one might have recently come from an adjacent state, say, and still have their old number.
Then there are all the people I hire to do work - plumbers, electricians, garden people, drywall installers, ... I might have their company number, but they or their mate often call while en route from their personal cellphones. No way I'm going to have those numbers in my contacts.
Or I buy a house. I'll get unexpected calls from many different people at different agencies - realtors, bank, escrow, and so on. I'm not going to have all those numbers.
I simply don't see how any kind of "truth in customer-facing caller-id" legislation is even a step towards solving the problem.
My preferred solution would be to mandate that whenever a customer presses *123 then (1) the carrier logs the exact originator of the call including billing, (2) the carrier starts recording the message, (3) it is considered a complaint. Plus (and I'm hazy on the next bit) an auditable burden on companies that whenever an originator gets >1000 such complaints then they the originator is retrospectively billed $0.01 per complaint, half of which goes to the complainer and half of which goes to the carrier.
Re: (Score:2)
I tried to sign up for AT&T's anti-robo app, but it failed horribly. One, they want to charge per month (but my phone is a business cell so I don't have
1-800-Handgrenade (Score:3)
We will just mail a Hand Grenade with the pin pulled in a box to every Telemarketer.
That should cut it down by 50% at least.
Spoofing is Fraud. (Score:1)
I just don't understand how this isn't fraud already. I can't use someone else's name. I can't use their SSN... I can't say I'm Ajit Pai and cash his checks.... How can companies spoof and use someone else's information when they clearly aren't that person?
Garbage Solution (Score:5, Interesting)
When we have someone try a stolen credit card on one of our stores, we sometimes block the IP address. But they return a few minutes later with another IP address, possibly just incremented by 1. If that happens, we lookup the AS number and add it to the Cloudflare firewall. Now that entire AS is blocked across 20 sites (in case they tried the next store).
I've always wanted something similar for phone networks. I will block XXX-XXX1, only for them to call back on XXX-XXX2. Of course, no one at Apple or Google thought to let us block by regular expression, because that would be too awesome for people who understand it.
As long as people can spoof caller ID, this FCC announcement already has holes in it. We need to borrow technologies from BGP and IP routing, combined with other technologies, to block caller ID spoofing while at the same time allowing a company to specify a different callback number (a reception desk, perhaps) when a higher-up makes an outgoing call.
We have the means to do it, we just aren't doing it. It doesn't help that blueberry slashdot posters always bring up the "but business callback numbers". We can mitigate that. Shutup.
Vital Calls (Score:1)
Watch for political calls to magically make the list of "vital calls".
commentsubject (Score:2)
If, for a moment, you'll indulge the fantasy that this worked (sounds like a bunch of "lol fix it yourself") and pretend that it went perfectly and all phone communication is pure, you can navel-gaze on the death of phone spam. You can muse on how the call centers got greedy, they simply blazed as hard as they possibly could. No restraint, no moderation, no discretion.
There's some who reckon we learned herdship from wolves. That you don't kill off local deer; you eat but leave enough behind to breed, you cu
Exemptions (Score:3)
Re: (Score:1)
Participation in democracy is vital to a free society.
No, really, it's just that the politicians who call you also made up this law.
Er, what? (Score:2)
How is whitelisting a solution? There are already any number of apps and services that do exactly this already.
Do you really want to have to figure out every possible number that you might need to take a call from? Every work number? Every number the nurse at your kid's school might call from? Your doctor's office and pharmacy? The Uber/Lyft/delivery driver who can't find you?
verify if a call is real or if it comes from a com (Score:1)
For one reason, what contact list. I use google accounts for my contacts. Not the carriers. My phone shits it's pants, I just get a new one and use google. I switch carriers, I don't worry about my contacts.
So, I think people are over reacting. Or reading too much into an article that was obviously missi
This is backwards (Score:1)
More to the point (Score:1)
How about a proposal where they cut their balls off. Make sure it's the right one of course.
SO Frickin' tired of their crap. Spoofing other numbers, etc. Even unpublished government numbers being called from another government unpublished number. "Do you have unpaid college debt?"
Junk mail, calls, email (Score:1)
Give me 5 cents.
If it's snail mail, I'll open it if I can feel that there's a nickel or two inside. Possibly there's a way of doing this with spam email.
Junk calls could alert the caller that it will cost them 5 cents, paid to the recipient, to ring through, paid to my phone account. If I wanted the call, I could waive the charge. Or, I could just pick up the phone and tell "windows support" that they just got screwed out of 5 cents and hang up. I'd be a millionaire in short order, or junk calls would be el
ffs (Score:2)
It's VERY fucking easy, just use fucking caller ID and other mechanisms to trace them and hold them accountable with the laws we already have on the books.
All we need is to criminalize spoofing and other mechanisms used to cheat the process.
Make a robocall, you get a 500 dollar fine.
Use caller ID spoofing to hide? 2 years jail time.
Re: (Score:2)
That's not an FCC problem.
Re: (Score:2)
What's really ironic is that these offshore call centers don't even work properly anymore at their intended function: scamming you.
the last five or sot that have called, either hung up because the automated system didn't have an available operator, or once they began their recorded spiel and I pressed 1 to speak to an operator, it paused and hung up.