Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications Spam Technology

FCC Announces Action and Legal Framework To Fight Robocalls (axios.com) 104

Federal Communications Commission Chairman Ajit Pai proposed a ruling Wednesday that would combat robocalls that spoof legitimate, in-service numbers and provide legal framework for phone carriers to carry out the action. From a report: The declaratory ruling will be voted on and, assuming it passes, be adopted by June 6, per the FCC. If enacted: Phone companies would be allowed to block calls for consumers by default. Consumers could "white list" their contacts and opt-in to only receive calls based on that list. Emergency and other vital calls would not be blocked. Through the notice of proposed rulemaking, the FCC will also seek comment on additional measures aimed at curbing robocalls.
This discussion has been archived. No new comments can be posted.

FCC Announces Action and Legal Framework To Fight Robocalls

Comments Filter:
  • John Oliver wins. (Score:3, Informative)

    by olsmeister ( 1488789 ) on Wednesday May 15, 2019 @09:49AM (#58596030)
    Thanks John!
  • Not a solution (Score:5, Insightful)

    by Enigma2175 ( 179646 ) on Wednesday May 15, 2019 @09:58AM (#58596068) Homepage Journal

    So instead of holding the people who are making the calls and breaking the law accountable, it pushes the onus of avoiding the calls to the recipient. This is like giving plywood to people who are getting their windows broken by a vandal instead of going after the vandal. Blocking all calls except a white list is not a workable solution for many people. Like usual, this new rule is designed to benefit companies and hurt consumers.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I'll second this. As a small business owner, I always have new clients calling me from numbers I don't recognize. I can't whitelist customers I don't know about yet.

    • Re:Not a solution (Score:5, Insightful)

      by Nidi62 ( 1525137 ) on Wednesday May 15, 2019 @10:10AM (#58596134)

      So instead of holding the people who are making the calls and breaking the law accountable, it pushes the onus of avoiding the calls to the recipient. This is like giving plywood to people who are getting their windows broken by a vandal instead of going after the vandal. Blocking all calls except a white list is not a workable solution for many people. Like usual, this new rule is designed to benefit companies and hurt consumers.

      Just get rid of spoofing. I know the argument that legitimate companies use it to show all outgoing calls as coming from a central number. So instead have it display both the original outgoing phone number and the spoofed number, something like "XXX-XXX-XXXX on behalf of (or as) YYY-YYY-YYYY". Would solve a lot of problems right there.

    • Re:Not a solution (Score:5, Interesting)

      by Jason Levine ( 196982 ) on Wednesday May 15, 2019 @10:10AM (#58596136) Homepage

      Exactly. A better solution would be to keep robocalls from spoofing numbers when the company doesn't own the number. For example, if Big Corp X doesn't want their 555-867-5309 internal number published via caller ID, they can have the number show a more general 555-867-0000 that the company also owns. However, RoboCall Company Y couldn't make their 666-616-3845 number appear as 555-867-0000 because they don't own that number.

      • Re:Not a solution (Score:5, Interesting)

        by Doke ( 23992 ) on Wednesday May 15, 2019 @10:44AM (#58596328) Homepage
        When we first got a PRI for testing some voip gear, I played with trying to spoof my caller-id number. I never robocalled anyone, I just tried calling myself with fake caller-id. Our carrier, Verizon, would let me spoof any number that was routed down our PRI, but nothing outside that range. This seemed very reasonable to me. I could send outbound calls, and make it look like they came from a "main" number, but I couldn't pretend to be anyone else.

        Since Verizon did this by default, I believe any carrier can do it. I think the unscrupulous carriers must be accepting money (bribes) to allow the spoofing. That is what should be made illegal.

        • by sl3xd ( 111641 )

          Pretty much any VoIP POP provider will let you do whatever you want with caller-id. They'll let you do whatever you want with E-911 as well. There's nothing in the system to prevent anyone from doing it.

          They'll do it for you, me, or anyone else for less than the cost of a Big Mac.

          There's a reason "SWAT"ting is a thing...

      • by Anonymous Coward

        Remember when we set a drop dead date for analogue TV? It is time that we kill SS7 and IPv4 addresses. Bear with me.

        The reason that we can't trace these calls back to their VOIP servers is similar to NAT, where we don't know which client behind the translation is sending the message without accessing the router/server translation logs. When our phone receives the call, they can not trace back the IPv4 address.

        With IPv6, we can stop translating numbers. Users would not know the difference because their S

      • by e3m4n ( 947977 )

        But at the termination level, that’s when you drop a call onto the PSTN, you set the calling ANI then. At the carrier level I am dropping calls I want to networks and not routing them through the same origination carriers. Therefore they have to implicitly trust the ANI. This gets even more complicated if you implement call forwarding because then the call is forwarded, and ideally, preserving the original callerID. If you wrote an intervention, at the customer layer, that prevented setting cal

      • You may notice that even if you *could* somehow validate caller ID info (you can't in the general case), that would not stop any robocalls whatsoever. You'd only have the phone number that the robocaller was using that day.

        Which isn't to say it's useless, but it doesn't stop any calls from being made. That's one reason CID validation isn't a "better solution", but is only one of several layers the FCC is implementing.

        Both the technical protocols of the phone network and the basic logic - stations, services and DIDs (phones, people/companies, and phone numbers) mean there is NOT a 1-to-1 mapping between people and phones, or companies and phones, or DIDs and phones, or DIDs and people, or ... Caller ID checks can only ever say that the caller ID info *could* be correct, or could not be. There are three different phone numbers that ring my mobile phone. Which one is the "correct" one to use for outgoing calls? None of them is more correct than any other. The strongest thing caller ID validation can logically say about CID data is if the White House had registered 202-456-1414 as being used only with particular pair of transit providers they use for their PBX, and I'm not using either of those carriers, and I claim to be 202-456-1414, it can determine that can't be right. If I set a random PTSN DID (phone number) in my caller ID, there's generally nothing that can be validated about that.

        Checking that caller ID data is possibly accurate helps a bit, but is absolutely nowhere near fool proof or complete. It doesn't prevent robocalls, at very best it means robocallers can't spoof certain numbers. It doesn't in any way reduce the number of calls they can make. That's why the FCC is using three different layers, three different strategies, which together make the robocaller's life harder.

    • Re:Not a solution (Score:5, Insightful)

      by rsmith-mac ( 639075 ) on Wednesday May 15, 2019 @10:53AM (#58596398)

      So instead of holding the people who are making the calls and breaking the law accountable,

      They have never not been accountable. Fraud, harassment, etc have all been on the books for ages. And the legislation establishing the Do Not Call list all but put otherwise legitimate telemarketing operations out of business.

      What's left are illegitimate operations. And the problem with them hasn't changed: you can't really go after someone in India who's using a bank account in Nigeria to buy VoIP service in Canada. These people are behind layers of obfuscation, don't want to be found, and ultimately aren't in the US's jurisdiction anyhow. So even though they're well aware that they're breaking laws, it's very difficult to hold them accountable. The law only puts fear into people who have something to lose.

      The compounding factor in all of this is that POTS is not a secure system. Full stop. Each exchange implicitly trusts the exchange that routes calls onto it, and when it in turn routes calls out to yet another exchange, that exchange trusts it in turn. A technical solution would require a complete rearchitecting of POTS, and because that would have to happen on a global scale all at once, poor countries are not going to do it. And no one is going to seriously suggest balkanizing that the global phone system.

      I do get the frustration. But saying that the solution is merely to "hold people accountable" vastly underestimates the problem. Just like spam, the underlying causes are far more complex. We can find ways to solve them, but they aren't going to be easy and they are going to involve monitoring, so we're going to have to make sure we don't turn POTS into a panopticon in the process.

      • by rikkards ( 98006 )

        Simple, hold the VOIP service accountable for what they let through. You can't tell me that they don't know what is happening.

    • by lgw ( 121541 )

      So instead of holding the people who are making the calls and breaking the law accountable, it pushes the onus of avoiding the calls to the recipient.

      At least it's something! Politics never produces ideal solutions. You are free to imagine an ideal world where regulating companies works as intended, without those very companies writing the regulations, but we don't live in that world.

      I'll be happy with anything that has the effect of limiting robocalls. I'm not going to be picky about the mechanism.

    • The FCC is launching a multi-layered campaign against robocalls. It includes prosecuting those responsible for the robocalls, using a "follow the money" strategy. It also includes requirements for carriers to support validation of CID information. Lastly, carriers have to offer whitelist and blacklist.

      Neither layer is "instead of" the other; they support one another. You can't only "hold the people who are making the calls and breaking the law accountable"; most of them aren't in the United States.

      You ca

  • by Albanach ( 527650 ) on Wednesday May 15, 2019 @10:02AM (#58596096) Homepage

    Sounds like this leaves the consumer still responsible. We need to whitelist numbers. We can't have a phone line like we experienced decades ago, where real people with a need to contact us could actually do so.

    Unsolicited sales and marketing calls should be illegal.

    Phone companies should be responsible for verifying that the CLID belongs to an actual individual. I.e. a named person with a credit card and a billing address. If they can't verify it, carry their calls but drop the CLID to "unverified" so we can send those to VM.

    Add in a small per-call penalty for marketers who break the rules that attaches to the phone company if it turns out the CLID presented doesn't map back to a real person. Class actions will ensure phone companies comply.

    Companies will carry each other's CLID if they cross-indemnify and companies that refuse to cross-indemnify will lose customers because they won't be able to call anyone without having their CLID listed as "Unverified". Customers would only ever have to sue either the identified marketer or their own telephone provider.

  • by Sir_Eptishous ( 873977 ) on Wednesday May 15, 2019 @10:03AM (#58596102)

    Chairman Ajit Pai proposed a ruling Wednesday that would combat robocalls that spoof legitimate, in-service numbers

    This is just Pai in the sky if you ask me.

  • Simple Rules. (Score:4, Informative)

    by jellomizer ( 103300 ) on Wednesday May 15, 2019 @10:05AM (#58596110)

    The Caller ID needs to match the number it is calling from.
    If you have a good reason for the Caller ID to not match your number, you should either pay per call for the service, or have a good reason for this.

    Caller ID spoofing is the biggest problem, it is too easy and cheap.

    • The Caller ID needs to match the number it is calling from. If you have a good reason for the Caller ID to not match your number, you should either pay per call for the service, or have a good reason for this.

      Caller ID spoofing is the biggest problem, it is too easy and cheap.

      Where I don't disagree with you, it should, we have to recognize that this is not how the system currently is designed to work. All the possible solutions here break things which are in common use and have valid reasons to exist.

      What you are asking for is going to pretty much require a full revamp of the SS7 ISUP signaling protocol... A protocol that hasn't fundamentally changed in half a century for a very good reason. This won't be an easy or cheap fix. SS7 ISUP is ubiquitous in POTS networks and it'

      • "A protocol that hasn't fundamentally changed in half a century for a very good reason."
        For 2/3 of this half century with this protocol, most people didn't have Caller ID as a normal feature, this only became common with Cell Phones that had screens, because old plans charged you for calling out and answering phone calls. So you needed to know if you should answer the phone or not.

        No it won't be an easy or cheap fix, However this protocol is broken for the 21st century. It is like connecting to your work P

  • by QuietLagoon ( 813062 ) on Wednesday May 15, 2019 @10:06AM (#58596120)
    Instead of going after those who originate the calls, the FCC should go after those who pay for the calls to be made. I recently received three robocalls a day from some company trying to sell me health care insurance. It is that company that should be targeted for prosecution, e.g., the crime should be paying to have robocalls made, in addition to actually doing the calling.

    .
    Follow the money.

    • This would be a step in the right direction, but not all robocalls are from a company trying to sell you something. Yesterday I received three calls two different scam operations. While I didn't actually take the calls, they did leave part their poorly written text-to-speech prompts in my voicemail because the robot apparently wasn't smart enough to deduce that it was talking to voicemail. One call was a congratulatory call saying I had been pre-approved for a 0% interest rate loan and that I needed to pres

      • }}} This would be a step in the right direction, but not all robocalls are from a company trying to sell you something. {{{ --- That's true. But I would say that most of the robocalls are done in order for some person somewhere to make money. For example, "...One call was a congratulatory call saying I had been pre-approved for a 0% interest rate loan...," what financial entity was behind that call?

        .
        Follow the money.

    • The guy that created the Jolly Roger Phone Company that is an automated system that keeps robo-callers talking has audio of one of the supervisors after they figured out it was a bot saying "Make a note of this number so we aren't charged for this call by our service." So there's a service or services somewhere that's behind some of it.
  • There's about a hundred reasons I can think of why whitelisting wouldn't work for the average person.

    Take my bank as an example. I have a debit card through them and have, on occasion, gotten calls regarding suspicious use of my card. The bank's card security department has multiple phone numbers and I have no idea what all of them are - there'd be no way for me to whitelist them unless the bank were to provide me with a list of all of the numbers they use.. which would then open the door for scammers to co

  • by Jason Levine ( 196982 ) on Wednesday May 15, 2019 @10:18AM (#58596166) Homepage

    A whitelist solution wouldn't work. First of all, it puts the burden on consumers. I would need to make sure that my contacts list is up to date. If a company changes their number, I'd need to be sure my contacts entry has that updated number or I wouldn't get calls from them.

    Secondly, the FCC isn't mandating that this service be free. So will I need to pay my phone company another $4.99 a month per line to keep from getting robocalls?

    Third, it doesn't deal with intermittent callback situations. Suppose I drop my car off at the shop for an annual inspection. I leave and they'll call me when it's done. Do I need to add them into my contacts to be sure I get the call? How do I know what number they'll be calling from ahead of time?

    Finally, it doesn't address when robocalls spoof legitimate numbers that you've whitelisted. These will still get through. How will we keep robocallers from doing this? What if a popular app goes rogue and gets your contacts list? That could be sold to robocallers who could use it to know just who to spoof for their calls to get through. What are the penalties to make this venture non-profitable? The answer is likely that there aren't any. Pai is putting it all on consumers to solve the problem and the marking it as done.

    • First of all, it puts the burden on consumers.

      Welcome to 21st century, where the corporation is always right.

    • by QuietLagoon ( 813062 ) on Wednesday May 15, 2019 @10:41AM (#58596306)
      }}} A whitelist solution wouldn't work. {{{ --- Whitelisting also provides the phone companies with valuable "friends" data that can be sold to marketing companies.
    • by ljw1004 ( 764174 ) on Wednesday May 15, 2019 @11:04AM (#58596478)

      A whitelist solution wouldn't work... Suppose I drop my car off at the shop for an annual inspection. I leave and they'll call me when it's done. Do I need to add them into my contacts to be sure I get the call?

      Exactly. Or I drop off my child at daycare or kindergarten. What if there's a medical emergency and I might get a call from any one of the thirty responsible adults at the place? or from whichever hospital they've taken my child to? Heck, I don't even know if all of the responsible adults will have local phone numbers -- one might have recently come from an adjacent state, say, and still have their old number.

      Then there are all the people I hire to do work - plumbers, electricians, garden people, drywall installers, ... I might have their company number, but they or their mate often call while en route from their personal cellphones. No way I'm going to have those numbers in my contacts.

      Or I buy a house. I'll get unexpected calls from many different people at different agencies - realtors, bank, escrow, and so on. I'm not going to have all those numbers.

      I simply don't see how any kind of "truth in customer-facing caller-id" legislation is even a step towards solving the problem.

      My preferred solution would be to mandate that whenever a customer presses *123 then (1) the carrier logs the exact originator of the call including billing, (2) the carrier starts recording the message, (3) it is considered a complaint. Plus (and I'm hazy on the next bit) an auditable burden on companies that whenever an originator gets >1000 such complaints then they the originator is retrospectively billed $0.01 per complaint, half of which goes to the complainer and half of which goes to the carrier.

    • I'm on-call at my work every 5 weeks, for a whole week. Normally they call the helpdesk after hours, leave a message, and the voicemail is routed to me. But, on our intranet site my cell is up there for that week. This idea is saying "you will need to find every phone number of everyone that works at your job and put it into your phone's contacts".

      I tried to sign up for AT&T's anti-robo app, but it failed horribly. One, they want to charge per month (but my phone is a business cell so I don't have
  • by Zorro ( 15797 ) on Wednesday May 15, 2019 @10:18AM (#58596172)

    We will just mail a Hand Grenade with the pin pulled in a box to every Telemarketer.

    That should cut it down by 50% at least.

  • by Anonymous Coward

    I just don't understand how this isn't fraud already. I can't use someone else's name. I can't use their SSN... I can't say I'm Ajit Pai and cash his checks.... How can companies spoof and use someone else's information when they clearly aren't that person?

  • Garbage Solution (Score:5, Interesting)

    by kingbilly ( 993754 ) on Wednesday May 15, 2019 @10:21AM (#58596186)
    We need something similar to Autonomous systems.

    When we have someone try a stolen credit card on one of our stores, we sometimes block the IP address. But they return a few minutes later with another IP address, possibly just incremented by 1. If that happens, we lookup the AS number and add it to the Cloudflare firewall. Now that entire AS is blocked across 20 sites (in case they tried the next store).

    I've always wanted something similar for phone networks. I will block XXX-XXX1, only for them to call back on XXX-XXX2. Of course, no one at Apple or Google thought to let us block by regular expression, because that would be too awesome for people who understand it.

    As long as people can spoof caller ID, this FCC announcement already has holes in it. We need to borrow technologies from BGP and IP routing, combined with other technologies, to block caller ID spoofing while at the same time allowing a company to specify a different callback number (a reception desk, perhaps) when a higher-up makes an outgoing call.

    We have the means to do it, we just aren't doing it. It doesn't help that blueberry slashdot posters always bring up the "but business callback numbers". We can mitigate that. Shutup.
  • by Anonymous Coward

    Watch for political calls to magically make the list of "vital calls".

  • If, for a moment, you'll indulge the fantasy that this worked (sounds like a bunch of "lol fix it yourself") and pretend that it went perfectly and all phone communication is pure, you can navel-gaze on the death of phone spam. You can muse on how the call centers got greedy, they simply blazed as hard as they possibly could. No restraint, no moderation, no discretion.

    There's some who reckon we learned herdship from wolves. That you don't kill off local deer; you eat but leave enough behind to breed, you cu

  • by AnalogDiehard ( 199128 ) on Wednesday May 15, 2019 @10:38AM (#58596286)
    PLEASE do not exempt political campaigns. The campaign robocalls have gotten so bad that I turn off my voicemail during election season.
    • Participation in democracy is vital to a free society.

      No, really, it's just that the politicians who call you also made up this law.

  • How is whitelisting a solution? There are already any number of apps and services that do exactly this already.

    Do you really want to have to figure out every possible number that you might need to take a call from? Every work number? Every number the nurse at your kid's school might call from? Your doctor's office and pharmacy? The Uber/Lyft/delivery driver who can't find you?

  • From the linked article. I think a lot is lost due to lack of detail. But I seriously doubt that anyone would reject all calls that another individual has not whitelisted or is in their contact list.

    For one reason, what contact list. I use google accounts for my contacts. Not the carriers. My phone shits it's pants, I just get a new one and use google. I switch carriers, I don't worry about my contacts.

    So, I think people are over reacting. Or reading too much into an article that was obviously missi
  • WTH, make is simple and easy. The simple way is to allow us to report the call *11 or something, now they can research the number. If it is spoofed they can track it and stop the spoofers from using it. If it is a SCAM number not tied to any real person or company play a message that tells the caller they need to punch in a code and explain what the call is about by a real person (robocalls blocked). If it doesn't meet criteria the phone company can track them and block them. If it passes the call is passed
  • How about a proposal where they cut their balls off. Make sure it's the right one of course.

    SO Frickin' tired of their crap. Spoofing other numbers, etc. Even unpublished government numbers being called from another government unpublished number. "Do you have unpaid college debt?"

  • Give me 5 cents.

    If it's snail mail, I'll open it if I can feel that there's a nickel or two inside. Possibly there's a way of doing this with spam email.

    Junk calls could alert the caller that it will cost them 5 cents, paid to the recipient, to ring through, paid to my phone account. If I wanted the call, I could waive the charge. Or, I could just pick up the phone and tell "windows support" that they just got screwed out of 5 cents and hang up. I'd be a millionaire in short order, or junk calls would be el

  • It's VERY fucking easy, just use fucking caller ID and other mechanisms to trace them and hold them accountable with the laws we already have on the books.

    All we need is to criminalize spoofing and other mechanisms used to cheat the process.

    Make a robocall, you get a 500 dollar fine.

    Use caller ID spoofing to hide? 2 years jail time.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...