You probably get robocalls all the time. Some pretend to be from the IRS, others come from a phone number very similar to yours. And then there’s the rash of free airline tickets/problem with your credit card/complete this short survey intrusions. If it feels like they’re cropping up more than ever, you’re right. The blocking service YouMail estimates that 2.49 billion robocalls were placed to US consumers last month, marking a 4.1 percent increase over September. This translates to 80.5 million robocalls, every single day.
Telemarketer calls to landlines have plagued consumers for decades, but the rise in mobile robocalling has made the situation freshly appalling. Efforts to contain the problem, like central Do Not Call lists, have a crucial flaw: They cut down on robocalls from law-abiding groups like charities and corporations, but they don’t deter criminal scam operations. Fortunately, the Federal Communications Commission can. And it’s finally started to take some action.
Perhaps most significantly, the FCC announced new rules last week that allow telephony providers to block some connections that are likely robocalls before they ever to get to customers—a proactive step meant to have a dramatic impact on total completed robocalls. But while consumer advocates praise the move, they caution that it won’t singlehandedly solve the robocalling crisis.
“It’s a worthwhile thing to be doing, but it’s not the be all and end all,” says Jim McEachern, a senior technology consultant at the communication industry standards body ATIS. “The catch is that if you start blocking numbers that have [certain properties], then the robocallers will just spoof different numbers.”
The FCC approved telecom companies to block calls from invalid numbers (like ones with a fake area code), numbers that aren’t linked to a service provider, numbers that aren’t currently claimed, and numbers that are only set up to receive calls not make them. This will cut down on a lot of scam robocalls at first, but attackers will probably evolve to get around the limitations. ATIS’s McEachern notes that the Canadian Radio-television and Telecommunications Commission has already had similar rules in place for years that have helped, but far from eliminated the robocalling issue.
On Thursday, the FCC also nodded to the possibility that the new rules could lead to some situations where legitimate calls get blocked along with the malicious ones. The “Report and Order encourages voice service providers that elect to block calls to establish a simple way to identify and fix blocking errors,” the agency said. And though the FCC Commissioners unanimously approved the new rules, some opposed the provision that telecoms will be allowed to charge customers for the call blocking services. “It’s a good thing that this agency is taking action,” Commissioner Jessica Rosenworcel said in a statement on Thursday. “But then [it] makes sure you can pay for the privilege. … It’s an insult to consumers who are fed up with these nuisance calls.” Verizon has been charging $3 per month for a robocall blocking service since June, but other companies like T-Mobile and AT&T have so far offered blocking services for free.
Some consumer advocates also worry that the focus on blocking nefarious robocalls could take precedent over securing and strengthening protections for consumers against other types of tormenting calls. “The Commission seems to be talking about unwanted robocalls pretty much exclusively as just the fraud robocalls, but there are as many or more unwanted robocalls that are made by banks or debt collectors or other financial institutions,” says Margot Saunders, senior counsel at the National Consumer Law Center. “There’s a big fight, and there have been a number of petitions filed to the Commission, over whether [financial institutions] should be allowed to make these calls without consent or not stop calling after the consumer says stop calling.”
Still, Saunders says that the National Consumer Law Center, which has been working on anti-robocalling initiatives for years, supports the new FCC rules and is happy the agency is taking more aggressive action. There just isn’t a silver bullet to handling unwanted calls. “It’s a great thing, but there’s a whole lot more to do,” she says.
The FCC has also been working to tackle robocalling through regulation enforcement. In August, the agency fined Philip Roesel and his company Best Insurance Contracts, Inc. more than $82 million for making a total of 21.5 million robocalls, violating the Truth in Caller ID Act. For three months in 2016 and early 2017, Roesel and his company made more than 200,000 robocalls per day using unassigned phone numbers and spoofed caller ID information. “We will do everything in our power to put you out of business,” the FCC told robocallers after the operation.
The Agony and the FTC
The Federal Trade Commission also works to stop robocalls, and began a new information-sharing initiative with telecoms in August. Through this system, the FTC sends the specific consumer complaints it gets about Do Not Call and robocall violations to telecom companies ad call-blocking solutions so everyone has the list of flagged phone numbers the FTC is constantly collecting.
The agency has also run a series of “Robocall Challenges,” awarding thousands of dollars in prize money to projects like call-blocking apps. Popular anti-robocalling services like RoboKiller and Nomorobo both came out of the FTC challenges. Apps like these often collect blacklists of robocalling numbers to block, but many also have a mechanism to pre-answer suspicious calls before they ring for the user. By picking calls up and tracking scam hallmarks—like the voiceprint of the person in the recording, or the types of spoofing an attack uses to seemingly change its phone number—the apps can then add to their lists and expand their protection.
In an attempt to go beyond the block list model, though, ATIS has been working with the Internet Engineering Task Force on a different approach. The idea is to create interoperable standards that can be adopted by all mobile and VoIP calling services to do cryptographic digital call signing, so calls can be validated as originating from a legitimate source, and not a spoofed robocall system. The protocols, known as “STIR” and “SHAKEN,” are in industry testing right now through ATIS’s Robocalling Testbed, which has been used by companies like Sprint, AT&T, Google, Comcast, and Verizon so far.
When you initiate a normal call, your phone goes through an invisible authentication process with the network to validate it for call routing. When SHAKEN detects this verification, it signs the call at your end. The provider on the receiving end can then also use the protocol to check that the call hasn’t been manipulated or bounced around in transit. Over time, the more companies that use signature-based validation, the more conspicuous spoofed robocalling will become, making it easier to detect and block. As with any telecom project, though, interoperability and backwards compatibility are a challenge, and, for now at least, SHAKEN can’t be implemented on legacy landlines that rely on older signaling protocols. ATIS says that the testbed may shut down at the end of this year if companies are ready to start deploying the protocols, or testing may continue into 2018.
The new steps the FCC is taking to block robocalls will go a long way, but the problem is so entrenched and diverse that it will take numerous technical solutions operating behind the scenes for consumers to start experiencing fewer cheery timeshare pitches. “It’s in everyone’s interest to figure this out,” ATIS’s McEachern says. “We’re getting to the point where the consumer doesn’t trust the telephone network, and that’s bad for everyone.”