Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Cellphones Government United States

FCC Plans To Rein In 'Gateway' Carriers That Bring Foreign Robocalls To US (arstechnica.com) 63

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.

This discussion has been archived. No new comments can be posted.

FCC Plans To Rein In 'Gateway' Carriers That Bring Foreign Robocalls To US

Comments Filter:
  • Now if we can get ISPs to block spoofed outgoing packets that originate from endpoints. No need for a random residential customer to send packets with a spoofed source address
  • It has been completely ineffective. The number of calls I receive on both my actual phone number AND my google voice number hasn't changed much at all.

    Trace the locations of the actual call centers and start arresting whoever is paying those people.

  • A Radical Idea (Score:4, Insightful)

    by lrichardson ( 220639 ) on Tuesday October 05, 2021 @08:16AM (#61862801) Homepage

    Alternatively, they could actually enforce the existing laws, and fine the companies that break them.
    Perhaps increase the fine an order of magnitude each time.
    Wouldn't be long before companies either stop using robocalls, or go out of business.

    • As many scammers and shady companies are not in the United States.

      I know the Social Security officer is going to be knocking on my door any second now for the case against my number.

      As far as those in the US, first you have to untangle the labyrinth they set up to hide who is being dishonest because Company A can say "Well, we hired Company B and didn't tell them to break the law!" Just so happens company B's ownership is in a foreign country.
      • You hired a murderer, you're guilty of murder. Why doesn't it apply here?

        • Comment removed based on user account deletion
          • by dcw3 ( 649211 )

            We've lived in our home for two years now. We got a landline only because it came in a cable bundle, making the whole thing less expensive. We've literally never used the landline, I couldn't even tell you what our number is...I don't know it (though I did set it up on the national do not call list when we first got it). And yet, we've received numerous robo calls. Thankfully, nomorobo cuts them off after the first ring.

        • by dcw3 ( 649211 )

          Because now you have to prove conspiracy, which is much more difficult. And to top it off, you don't often know who actually hired them because most of the scams have nothing to do with the company they claim to represent. So, who exactly should they be going after?

          • So if I hire someone to "take care of someone" and they "misinterpret" it by offing the poor bastard, I go free?

            Asking for a friend.

    • Alternatively, they could actually enforce the existing laws, and fine the companies that break them.

      The unspoken point is that most of the robot scam calls originate in India. Good luck trying to enforce either your own law or even Indian law there.

  • A couple of pennies paid to me to ring my phone would not stop any legitimate person trying to reach me but completely change the economics of robocall.

    • And a couple of pennies per email would stop spam. Doesn't work, doesn't happen.

      • by jjhall ( 555562 )

        To be fair it's never been tried, so we don't know that it "doesn't work." When has pay-per-email ever been implemented on anything other than as proof of concept installations? There have been lots of systems proposed over the years to directly combat spam, but none of them ever really got off the ground. Instead we've ended up with a lot of workarounds that happen on the server side, and those aren't 100% effective. I still believe a true system where every email arrives with a nickel attached to it,

  • Well we have SHAKEN and STIR. Now all we need is MARTINI.

  • by MooseTick ( 895855 ) on Tuesday October 05, 2021 @08:44AM (#61862863) Homepage

    If phone companies charged one cent to initiate a call, it would fix robo-calling. And if they gave customers 300 calls/month (that averages 10 calls/day), less than 1% of users would be impacted. Few would complain but it would make robo-calling costs skyrocket and eliminate all but the most lucrative scams.

    • Better idea is to pay the customers to accept a call. You accept a call, you get paid 24 cents. If you make a call, you pay 25 cents. For most users, it will balance out . 1 $ for making 100 more calls than accepted is well worth the cost.

      With telephone deregulation, there is nothing stopping from some start up phone company offering this plan. I am sure it will get so much traction and cherry pick all customers with decent net worth, decent discretionary spending who value their time and do not want to b

      • That's $25 for making a hundred calls more than accepted, plus a cent per call for the rest. Anyway, in many parts of the world, the receiving telephony provider is indeed paid a small sum per minute of incoming calls (Termination Rates [wikipedia.org]). It does not fix the spam call problem.

    • by antdude ( 79039 )

      One penny is too low. Maybe a dollar.

  • I get so many scam calls which originate from other countries. They even use fake caller ids to randomly generate domestic numbers. I do not accept that telephone networks cannot possibly detect these patterns of scams and block the perpetrators in real time. Or provide a simple way to report them (e.g. typing #5 or something after the call ends). Or work with each other to maintain an active block list. Or cannot strip the caller id from numbers to reveal the actual source nr and not the number they're fak
    • Wildcard blocking is a wonderful thing, unfortunately not natively supported by any phones I know of. Blocking my own local exchange was highly effective a few years ago when the same-prefix spoofing was raging.

      Not a perfect solution, but the phone makers could easily be part of it.
    • With ANI it is not difficult in some ways, however places like schools and shelters and hospitals (to name but a few) have a single number they use for CID even if a different number made the call. In the case of shelters, sometimes they want to hide the true origin. For hospitals and businesses, they want people to call the right number back.

      Just saying.
      • With ANI it is not difficult in some ways, however places like schools and shelters and hospitals (to name but a few) have a single number they use for CID even if a different number made the call. In the case of shelters, sometimes they want to hide the true origin. For hospitals and businesses, they want people to call the right number back.

        None of these uses are compelling enough to justify allowing all of the spam and scams that come along with allowing spoofing numbers.

        • If I have to answer every local call on the off chance that my kid's school is calling, I'm going to have to deal with far more scams than I currently do. Instead, I can only answer when the school's main number appears on the caller ID.

          Privacy laws do not let them just leave a message for all calls.

          • If I have to answer every local call on the off chance that my kid's school is calling, I'm going to have to deal with far more scams than I currently do.

            If the spammers can't spoof numbers in your local area, then it becomes possible to answer local calls without screening them.

            Privacy laws do not let them just leave a message for all calls.

            Completely false. There is absolutely no privacy law that prevents them from leaving a message saying "This is XXX school, please call us as soon as possible."

            • If the spammers can't spoof numbers in your local area, then it becomes possible to answer local calls without screening them.

              They have options beyond spoofing. They spoof now because it's the most convenient.

              When they can't spoof anymore, they can get a local number, use it for a couple weeks, then get another local number.

              Completely false. There is absolutely no privacy law that prevents them from leaving a message saying "This is XXX school, please call us as soon as possible."

              Hmm...who to believe...random person on slashdot, or the actual principal of the school who says they can't leave messages...

              Golly, that's a tough one. Especially since your opinion doesn't actually make them leave messages.

              • Hmm...who to believe...random person on slashdot, or the actual principal of the school who says they can't leave messages...

                If true, you should have no problem finding a reference to the law that prevents a school from leaving a message requesting you to call back.

                Of course you can't. The notion that such a law would exist is absolutely absurd. The actual rules would be that they may not be able to leave a message with sensitive personal information. Either you're lying, or the principal was lying to you and you were too gullible to call them on it.

                • If true, you should have no problem finding a reference to the law that prevents a school from leaving a message requesting you to call back.

                  Whether or not I can find such a reference, the school's policy is to not do it.

                  Of course you can't.

                  Well, you haven't bothered to figure out what state I'm in, so it's pretty dumb at this point to assume you're right. 'Cause knowing which state would be the very first step you'd need to take if you actually wanted to determine this. And I kinda doubt you've familiarized yourself with the law in all 50 states, including precedents, as well as individual school district policies and interpretations of those laws.

                  But as I said

                  • I don't need to know all laws for all states to realize that your claim is completely outlandish. That any state would have such a law, or that any school district would implement such a policy, is completely unbelievable without some sort of evidence. And of course, you fall back on "well, so-and-so told me so," because you know that the policy doesn't actually exist and you don't want to admit it.

                    But as I said above, it doesn't matter what I find in the law books. The school says they can't do it because of privacy laws. Even if that is not true, they're still not going to do it. And they've explicitly told me they will not do it, so super-dumb to act as if they will.

                    I covered that:

                    Either you're lying, or the principal was lying to you and you were too gullible to call them on it.

                    I see we're going with the "too gullible" option.

                    • Either you're lying, or the principal was lying to you and you were too gullible to call them on it.

                      I see we're going with the "too gullible" option.

                      Again, the thing you are utterly missing is the school is going to follow their policy. You not agreeing with the policy doesn't mean the school is going to abandon it.

                      And hurling insults doesn't change my state's laws. There was a problem with non-custodial parents kidnapping their children. So schools have to confirm they are talking to a custodial parent or guardian, and they can't do that if they leave a message.

                      But hey, your law degree pulled from your ass must override that, right?

        • I think people running domestic violence shelters, sexual assault lines, medical providers, et al., might disagree with that assessment.
          • It's puzzling why any of those cases would have a real need to spoof numbers, but in any case, they're welcome to disagree. I contend that the harm caused by spammers is far greater than would be suffered by legitimate organizations that have a use for it.

            • In the case of domestic violence shelters and sexual assault lines, perhaps its because many so people live with their abuser.

              In the case of medical providers and hospitals, maybe it's because some fracking nutjobs get violent and shoot doctors.

              In the case of schools, maybe it's because it's an automated system hooked up to a trunk with an auto-dialer calling 5000+ parents and they don't want the parents/guardians calling back one of the 100 unmonitored numbers on a SIP trunk.

              I mean, you either can
      • by DrXym ( 126579 )
        I'm specifically referring to international calls, calls either come in through an international exchange or some international VOIP provider. In either case, the carrier should just strip the caller id out and require these callers to go through some process if they genuinely need caller id. A process which has rules about what that other number can or cannot be.
    • That's what STIR/SHAKEN does by nature. It authenticates the CID. Your provider has not started blocking failed authentication. What will happen is a rise of proper CID,using hacked boxes or foreign people using stolen cc#s with wholesale providers.
    • There is a legitimate use case for spoofing, where a company would like a single dial-in number, or their 800 number, to appear on your phone instead of the random number the call actually came from.

      However, it should be fairly easily to limit it to that situation instead of the current "just trust whatever they say" system. The phone company is already very aware of who is getting billed for the call. If you try to send a caller ID that is not billed to the same account as your real number, they should r

    • I have a VoIP line so here's a little trick. Most plans come with an auto-attendant (press one to...). Set that so anyone wanting to reach you has to be listening and press some number. Most spam calls will not get that far since they're auto-generated. The rest if it's not in my phone-book goes to voicemail.

  • . . . to suspend your social at right moment because we found many suspicious activities on your social. Before we go ahead and suspend your number please kindly call us back on our number which is . . .

  • Comment removed based on user account deletion
  • I'll believe it when my phone stops ringing.

    I find an interesting coincidence, which I've reported to the FCC and FTC, any time I get an email from an auto dealer I'll also get a 'renew your auto warranty' call from a random number the same day. Its uncanny, any interaction with the dealer and I'll get a warranty call that day.

  • As soon as the latest deadline kicked in, my scam robocalls doubled. US agencies always include loopholes because someone has influence.

    If you REALLY want to end robocalls, charge US$0.10 for every call I pick up. If I like you, I can choose to refund the $0.10.

  • by ThumpBzztZoom ( 6976422 ) on Tuesday October 05, 2021 @12:19PM (#61863523)

    I have an issue with these acronyms that use random letters in the words instead of the first, and by just ignoring words entirely (except articles and prepositions) to make the acronym. This one is especially egregious:

    SHAKEN (Signature-based Handling of Asserted Information Using toKENs)

    The words not used should be eliminated (I'll give them a pass on the hyphenated word), and correctly using the first letters gives us the more accurate acronym:

    SHAT (Signature-based Handling of Asserted Tokens)

    And SHAT STIR is a way more appropriate name for this process.

  • by arfonrg ( 81735 ) on Tuesday October 05, 2021 @08:45PM (#61865271)

    EVERY call should include the unique account number that originates the call. VOIP also.

    TELCOS: "We can't do that, we can't tell who made the call" - Bullshit. EVERY telephone company knows exactly who to bill for outgoing calls.

    TELCOS: "We can't verify that oversea calls have accurate numbers" - Fine. 1) Prefix the account number with a company code that originates the calls. 2) Allow customers to auto reject calls without the account number or from companies that pass too many spoofed calls.

    Again, EVERY telco knows exactly who to bill for an outgoing call.

    • by arfonrg ( 81735 )

      3) Allow customers to auto-reject calls from non-public (anonymous) accounts. If you can't publicly see who is calling you, you should be able to reject them.

      Caller ID is broken by design.

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...