
Ask HN: Why aren't cell carriers liable for spam calls? - heartbeats
If I get a spam call, the originator of that call is theoretically liable - typically, some VoIP centre in India. Of course, they are impossible to track down.<p>Why not shift this liability to the last mile? If my carrier connects me with a spam call, they have to pay me the $500 fine per violation.<p>They could then have voluntary agreements with whoever they are peering with to pay the fine, sort of like how the financial system works. It would then cascade until it reaches a carrier who doesn&#x27;t care, who would then be liable for the fines.<p>So:<p>1. I get a phone call. My carrier is AT&amp;T.<p>2. AT&amp;T got it from carrier C1.<p>3. C1 got it from carrier C2.<p>4. C2 got it from &quot;VoIP Solutions Inc.&quot; of the Cayman Islands.<p>5. VoIP Solutions Inc. keeps poor records or whatever.<p>Then,<p>1. I ask AT&amp;T to give me $100. They either do it immediately or lose their license.<p>2. AT&amp;T asks carrier C1 to give them $100. If they don&#x27;t, that&#x27;s AT&amp;T&#x27;s problem, but they can depeer them.<p>3. C1 in turn asks C2 to pay them $100, and they too pay up (or lose their peering with C1).<p>4. C2 asks the Cayman corporation. They refuse.<p>5. C2 absorbs the loss and fire VoIP Solutions Inc as a peer.<p>The final link will always be a carrier with poor control over who is connecting to their network - in other words, enabling crime.<p>This is perfectly incentive-compatible, and it would have worked for e-mail spam too back in the day. It&#x27;s quite trivial to implement. Why isn&#x27;t it ever suggested?
======
AdrianEGraphene
Spammers make many fiber to copper to fiber connections. Every call
essentially comes from a black box and every carrier is complicit.

So if you make a "last mile" fine, basically every carrier will be charged
"evenly". This plan wouldn't have the incentive structure needed to change
carrier behavior.

This video explains it nicely . [1]

[1] [https://youtu.be/WOAapu-
XJl8?list=LLfTvbJseqag4h_gPkk1q58g&t...](https://youtu.be/WOAapu-
XJl8?list=LLfTvbJseqag4h_gPkk1q58g&t=82)

~~~
heartbeats
Well, carriers would have to block the black boxes and only allow the good
networks on. AT&T can peer with Sprint or T-Mobile, but the shady carriers
that lets fiber terminate into copper without asking questions have to do due
diligence or get cut off.

It wouldn't be evenly distributed. Your carrier could pass on the fine at
least a few hops deep, until it reaches whoever connected the shady VoIP
company to the real network. In the video's example, it would be Google Voice,
the owner of the hacked VoIP systems' uplink provider, or the anonymous online
call services. It's rare that the spammers use payphones or prepaid cards.

Even if it's the same situation as with e-mail spam, this would also be a
workable solution for that problem.

Say I have a G-Mail account. I get spam from X@hotmail.com. Now G-Mail have to
pay me the fine, and Hotmail have to pay GMail the fine, and X has to pay
Hotmail the fine. Sure, they can't track down X, but Hotmail have to pay up
for letting bad actors on their network.

We could also generalize this to BGP, of course. I get a port 22 brute-force
attempt to my server, I contact my ISP, they pay me. They contact whoever
peered them, who pays, until we get to China, where some local ISP says that a
PC on their network was hacked. Too bad. Either the Chinese ISP pays up, or
they get depeered by their CN <-> HK ISP, or they get depeered by their
uplink, and so on.

Here is an example traceroute to the Chinese ecommerce site taobao.com from
Cogent. In my example, the fine would travel down this list until it finds
someone unwilling to pay up, who then gets depeered.

    
    
      traceroute to 140.205.220.96 (140.205.220.96), 30 hops max, 60 byte packets
       1  gi0-1-1-19.5.agr21.jfk02.atlas.cogentco.com (66.28.3.113)  0.693 ms  0.702 ms
       2  be2605.ccr41.jfk02.atlas.cogentco.com (154.54.1.153)  0.741 ms  0.759 ms
       3  be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)  6.397 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110)  6.538 ms
       4  be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)  17.340 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)  17.461 ms
       5  be2687.ccr41.iah01.atlas.cogentco.com (154.54.28.70)  31.636 ms  31.606 ms
       6  be2928.ccr21.elp01.atlas.cogentco.com (154.54.30.162)  47.240 ms be2927.ccr21.elp01.atlas.cogentco.com (154.54.29.222)  47.095 ms
       7  be2930.ccr32.phx01.atlas.cogentco.com (154.54.42.77)  55.345 ms be2929.ccr31.phx01.atlas.cogentco.com (154.54.42.65)  55.417 ms
       8  be2931.ccr41.lax01.atlas.cogentco.com (154.54.44.86)  66.946 ms  67.307 ms
       9  be3271.ccr41.lax04.atlas.cogentco.com (154.54.42.102)  67.073 ms  67.072 ms
      10  38.142.238.34 (38.142.238.34)  69.608 ms  69.608 ms
      11  202.97.50.29 (202.97.50.29)  73.785 ms  73.790 ms
      12  202.97.71.193 (202.97.71.193)  206.204 ms  206.594 ms
      13  202.97.12.193 (202.97.12.193)  200.253 ms *
      14  202.97.24.249 (202.97.24.249)  206.719 ms 202.97.62.61 (202.97.62.61)  202.714 ms
      15  101.95.120.105 (101.95.120.105)  224.543 ms 101.95.120.233 (101.95.120.233)  219.260 ms
      16  124.74.166.18 (124.74.166.18)  222.636 ms 101.95.206.14 (101.95.206.14)  230.753 ms
      17  101.95.208.10 (101.95.208.10)  233.093 ms *
      18  114.80.58.82 (114.80.58.82)  237.192 ms 180.163.38.82 (180.163.38.82)  213.441 ms
      19  116.251.88.134 (116.251.88.134)  204.868 ms 116.251.88.154 (116.251.88.154)  220.342 ms
      20  140.205.58.9 (140.205.58.9)  213.268 ms 116.251.106.190 (116.251.106.190)  197.170 ms
      21  * *
      22  * *
      23  * *
      24  * *
      25  * *
      26  * *
      27  * *
      28  * *
      29  * *
      30  * *

~~~
AdrianEGraphene
sadly, it is not that simple to determine who is a "good network". Every
carrier lets fiber route into copper.

Your logic would work, but it is a lot of work for many entities to perform.
The simple fact is that neither you nor I can control what the carriers choose
to do.

You'd have to design a network from the bottom up if you wanted to enact these
kinds of changes.

You're clearly interested in solving this spam problem and I admire the
thought you've put into it. I'd advise that you focus on solutions that can be
scaled more simply. If you think of all of the "spam calls" that happen, you'd
come to the conclusion that your traceroute would happen 10s of billions of
times a year.

My advice is to think of ways that don't require the cooperation of multiple
entities.

~~~
heartbeats
> Every carrier lets fiber route into copper.

Indeed, they'd have to stop doing that or require them to put up a security
deposit.

> Your logic would work, but it is a lot of work for many entities to perform.
> The simple fact is that neither you nor I can control what the carriers
> choose to do.

No, this should be required by law. The only one who has to be bound by it is
the last mile carrier - the rest is done as a voluntary agreement. If they
don't sign it, they can't route calls into the US.

It could be trivially automated. Carrier A sends the message "pay us $X or we
depeer you" to carrier B whenever they do not like what they got from carrier
B. Their computer system evaluates whether the fine is worth continued peering
with A. If it is, they pay, else they don't. This takes milliseconds. There is
no need for a human to evaluate the evidence because there is no evidence
needed.

Naive implementation:

    
    
      def accept_fine(this_fine, value_of_continued_peering, tot_fines):
          return (value_of_continued_peering > (tot_fines + this_fine))

~~~
AdrianEGraphene
The US infrastructure is partially made of copper. It would be very expensive
(but doable) to change that.

Laws, carriers, whatever. Doesn't make a difference, we still have no say over
enacting your suggestions. We can sit here and theorize all day about what may
work, but if you cannot implement or test your solutions in the real world,
what's the point?

That's why I suggested coming up with solutions that do not require the
participation of large entities. Although I am HIGHLY biased, since I'm
working on a peer to peer solution.

~~~
heartbeats
What do you mean? You would continue to use the copper infrastructure, but
fibre connections in to it would be regulated. A serious ISP could still do
them, but one that just allows random people to make an account wouldn't be
allowed to connect.

So, Verizon could peer their copper network with Sprint's copper network and
connect them over fibre, but if Verizon would accept fibre peering with random
VoIP providers Sprint wouldn't peer with them because they would be liable for
fines.

~~~
AdrianEGraphene
Let's just assume you've described the perfect solution.

Now, how do you make it actually happen?

What steps can you take to go beyond making theoretical comments on a online
forum, to having a working experimental version handling calls on my Android
phone?

~~~
heartbeats
It would have to be signed into law, as the title of the thread implies.

------
sarcasmatwork
We all hate them... But this year we are getting some action.

At the end of 2019, President Trump signed the TRACED Act into law allowing
the Federal Communications Commission to protect consumers from robocall
scammers.

[https://thehill.com/policy/technology/476335-trump-signs-
law...](https://thehill.com/policy/technology/476335-trump-signs-law-to-cut-
down-on-robocalls)

And for something funny, check out youtuber "Kitboga". This guy pranks the
scammers.

~~~
mtmail
The German equivalent
[https://en.wikipedia.org/wiki/Federal_Network_Agency](https://en.wikipedia.org/wiki/Federal_Network_Agency)
has such power. They receive 200.000 complains per year (nice accessible
online form) and force providers to block numbers. Also if it turns out to be
fraud, e.g. you made a contract with the fraudser over the phone, then the
contract is void and the company has no legal standing to demand money. If
they operated a premium number (calling back costs you money) the provider has
to void the amount. Pretty solid, I haven't received a spam call in 5, maybe
10 years. Of course still plenty others do, thus the 200.000 complains per
year, and foreign numbers can't be blocked or tracing the calls leads nowhere.
For the US it might be a great improvement.

