The number-one complaint to US comms watchdog the FCC right now is about robocalls – a remarkable 200,000 complaints from consumers last year alone. It's for good reason: there are, according to FCC chair Ajit Pai, 2.4 billion robocalls made per month – 230 a year for every household in the US. But Pai is determined to do …
Here's a solution for the real world:
Allow us to set filters for if we care to accept or auto reject calls based on things like spoofed CID, impossible/incomplete numbers, international calls, or any call that originates from an IP address rather than a landline or cellular device.
If someone calls with a CID that claims to be from the IRS, calls with a CID claiming the number is 0-000-000-0000, is based in Outer Elbonia, or started as a VOIP call then we can have them automaticly shunted to a challenge system to prove they are whom they say they are, are Human, & have valid business with the recipient. Fail the challenge & our phone never rings. Pass & it rings. Rings & it turns out you got past even though you shouldn't have? Let us mark that caller as harrassing & force the telephone company to call the party back.
If the telephone company can't call the number back then they block the circuit from making any more calls until they visit a company office & straighten things out.
A simple box put in-line before the landline phone with a bunch of buttons, a simple menu tree, & a list of options we can toggle. Poof, the robocalls drop like plague victims.
But can we do that? No. Why? Because the telephone companies are greedy fucking assholes that deserve to have all the robocalls shunted to the private numbers of their CEO's. Don't like the sudden influx of 2Billion calls you get per year? Too bad, neither do we.
Its actually simpler than that.
Force the telcos and internet providers to offer a feature. *666 where it will report the last call to your number as a robo call. Then the phone company will look at the actual pen data and not the CID which can be spoofed while the actual number can't.
If it goes back to a SIP provider, the SIP provider will have to provide their IP logs so that the caller can be traced. (Assuming its a SIP call and not someone who set up an actual land line. Which would already be game over.)
When you trace back the robo call to its origin, you can now go after them regardless of the country and you can extradite them to the US because the US should be able to enforce the computer laws against them.
Only thing stopping them is loss of revenue ... anyone remember the pink sheet contracts ISPs had for spammers?
They have to make ALL robo-calls illegal, first. You know, like the ones from POLITICIANS...
(politicians NOT exempting themselves from robo-call restrictions - yeah THAT will happen)
I'm on the 'do not call list' and get several hangup calls per week. Part of this is my answering machine message which is something like "Hello... [pause] Friends and family thank you for calling. For the rest of you, this number is on the national do-not-call list" (and it ALWAYS goes to the answering machine)
It's amazing how many hangups happen after that message finishes. The 'hello' followed by the pause is deliberate - it's supposed to make their robo-dialers "detect an answer". Yes I'm screwing with THEM. Then, when a human hears "do not call list" he _SHOULD_ recognize the colossal waste of time of having my number on their lists. well, 'dumb and dumber' reference in the article notwithstanding...
That's funny, I must have taken a wrong turn... I thought I was on the Register but it seems I'm on a lookalike site that is absurdly, naïvely optimistic and thinks there's a 10% chance that this'll work.
Subscriber-based tools exist today, and can stop a lot of these calls. Problem is that take up is abysmal, because it relies on the subscriber doing something, and subscribers tend not to. Nomorobo is great for example but try talking Grandma through setting it up!
Network based tools exist today, and can solve it more effectively. ISVs like Metaswitch, Cequant and Hiya have dynamic spam databases that operators can hook into to do dynamic identifying of bad calls. I suspect that they will not get implemented until (a) the safe harbor rule is applied (so the telco doesn't get fined by the FCC for stopping a call that should have gone through) and, more fundamentally, the FCC allows them to charge for the service. The previous FCC regime said they could not get relief on the costs. So expect that our telco overlords will be quietly having a word with Mr Pai about that...and *then* you'll see some movement, along with a $1 charge on your monthly bill. Money solves the problem.
Update the telephone protocols (SIP?) to include the call routing with caller-ID.
Telco's know these details because they bill incoming calls. It doesn't need to be a perfect solution, it only needs the border telco in your jurisdiction to identify the previous telco and pass that on. Most robo-calls are to homes so if you aren't expecting a call from an Indian call centre, you can ditch that call. Not expecting a call from Germany? You can ditch that call too. Or you can take the call, aware it may be a scam. If it is a scam and it is a voip connection to your local telco, you can give them the time and your number and they can trace who made the call.
Making spoofing impossible is the one and only real cure. It won't ever happen - telcos would lose all those telemarketing customers.
Not necessarily - if you're a legitimate company you can (or could once), at least in the UK, arrange for a presentation number to appear as your CLI. There were proper checks by the telco that the number you're presenting is one you're allowed to use. I know that if you've got a DDI block you can spoof any number within that range - the network will just verify that it is one you're allowed to use and will pass it on. Back in the day, it would even present a number to a digital line as 0345636X150 which is its way of telling you that BT would vouch for the digits preceding the X. It was up to your software to remove the X if you wanted it to.
(All of this may still be true, but it's 20 years since I was writing software to deal with it and did all sorts of tests to see what I could present as an outgoing number.)
Example: I have a VOIP system that, under certain conditions, will forward incoming calls to my cellphone. To forward the call, the VOIP system places a new outbound call to the cellphone and connects the incoming call to the new call. When it places the call to the cellphone, it uses the caller ID from the original incoming call (which, to the provider, is indistinguishable from spoofing.) This causes the caller ID of the original call to show up on the cellphone when it rings. Without the ability to "spoof" the caller ID when placing the call to the cellphone, all forwarded calls would show up on the cellphone as coming from the VOIP line, which would be... unhelpful. (No screening calls, no automatic lookup of the caller in your address book, no call history, etc.)
Pretty sure that all call forwarding works in a similar manner.
Being able to stop caller ID spoofing while still allowing calls to be forwarded with their original caller ID information would require a non-trivial amount of changes to infrastructure. (It's a similar situation as with SPF and email forwarding.)
No details, but is there a presently legal way to use the methods of robocalling to -cost- the phone companies money? Which should encourage them to stop it.
For instance, either disable customers' service by some kind of robocall trick, leading to complaints and compensation (nb: probably very illegal); talk people into pressing some buttons to reconfigure or cancel the service from their end; or, sell customers a different company's telephone service, or Skype or something.
It may be illegal even to have these thoughts.
You may be onto something.
Perhaps every time you get a robocall, run an Asterisk script that:
(1) calls a phone number that the telco *has* to monitor (their legal, HR, or investor-relations department),
(2) using a spoofed phone number, and
(3) uses a robo-script to explain to them, at great length, the problems that robocalls cause to you, and that you'd like them to please implement a solution.
SPAM calls are killing phone usage - where I work at least 75% of the calls every day are junk or drop immediately the phone is answered. At home, everything is sent to the answering machine because our junk percentage is about 90%.
The FCC plan will not work until it's impossible to fake caller ID - that's the real secret to fixing it.
1. When a call is made the caller needs to be verified before the call goes through - is it a real number?
2. When the call goes through, the recipient can flag the caller as spam.
3. When a number gets 10 spam flags it is disabled for review.
Don't tell me that this can't be done.
I am getting quite a few robocalls every day. I saw a drop in calls from non-assigned numbers (which have a fake number that is not possible under the North American Numbering Plan), but then started getting calls from people within the same local area. Their number had the same area code, same central office code, only the last 4 digits differed from my own number. These people were asking why I called them. Uh oh.
Sure enough, I soon got another "local" call which turned out to be a robocall.
So scammers are already adapting and now randomize the CCID with a number very close to the victim's.
The only possible angle of attack is to locate and block the originating VOIP trunks.
"Instead, what a "light touch" FCC looks like is one that puts out seemingly endless calls for public input on what should happen – even when everyone knows what needs to happen and why it isn't happening."
An awful lot like Ofcom then. Wait for two years to announce a two year consultation, then spend two years considering the results before announcing the "fix" will be implemented in two years.
the real solution is to provide a WHITELIST option on phones. If a company like Blackberry would offer WHITELIST control of incomming calls -- I'd switch service Monday.
WHITELIST Control of Incomming calls: If you are not in my Contact List you call is REJECTED leaving only a log entry. It DOES NOT RING
the other feature that is really needed on phones is a 1-button vehicle mode. this to silence all ringing and let calls go to voice mail sms messages to log.
There's long been a facility in the UK to flag nuisance calls where the number is withheld. It's 1477, Automatic Call Trace. It stores the offending number at the local exchange for subsequent investigation. However, it's not available by default and you'll find it almost impossible to get it enabled - you'll be lucky to find anyone that's ever heard of it.
BT (the most expensive telco) has recently made available a free facility (BT Call Protect) that diverts known nuisance calls to voicemail and also allows users to block various categories such as withheld, international etc. It sounds like it may have some effect.
Unfortunately OFCOM (the Office of the Chocolate Teapot) has not mandated it to be offered by all other telcos. The obvious result is likely to be that nuisance callers will clear down as soon as they hit voicemail, so non-BT lines are likely to experience a massive increase in such calls.
Before long the directors of nuisance calling companies will be personally liable so they won't be able to escape ICO fines by closing down and starting a new company, so that may help. Automatic jail sentences for UK directors using overseas call centres to make nuisance calls to the UK would be even better.
For many years BT has used fake entries in telephone directories to prevent copying, and map makers have used fake streets and landmarks So why not list fake 'honeypot' numbers that route through to the ICO - make a nuisance call to one of those and you're busted on the spot !
"Rachel" from "card services" is the number one menace. But-I also get calls for "free wireless alarms" "arthritis cream" and "back braces" and, disturbingly "utility switch" and "auto warranty" extension scams along with the occasional "IRS" and "Microsoft Tech Support" idiots. The Utility and Auto Warranty folks are inner city people from here in the US. The thing to do...IF you have the time...is to string THEM along and then tell them they're busted. That often provokes an angry callback. We need to DO this or else they eventually get a Forrest Gump or Demented person who actually falls for their pitch. Alternatively, there should be affordable remote receptionists for homes as well as businesses. One person could easily cover 100 homes-after all, most of us get maybe five calls/day and three of them are spam. By the way, I CALLED Omega Auto Care at 877 850-0446 and complained to them about the spamming. (the scumbags who called me used a local, spoofed number but actually gave me the correct number. The lady at the other end said "we don't bother you every day sir, we only call you once." I told her they had NO right to call me even once, they weren't a charity or politician. and "you effin' B, effin' C-get a REAL job!" I put that number in so everyone her can call THEM up a few times/week. Then, maybe they'll get the message. Go on youtube and see how others are wasting the scammers' time.
Biting the hand that feeds IT © 1998–2020