
$50K bounty for practical robocall-killing technology. - jamesbritt
http://robocall.challenge.gov/
======
astangl
I dispute their contention that an "ideal" solution would not block political
or charity robocalls. Ideally we close these loopholes in the No-Call List, so
these all are illegal.

It seems to me a lot of the problem results from allowing the caller ID
information to be spoofed. Any serious attempt to fix this problem would seem
to involve tracking down real numbers, defeating the spoofing.

Most satisfying (and effective!) thing I have ever done to eliminate a
repeated scam call (to lower credit card interest rates, never admitting who
they're with, except some vague reference to imply they're associated with the
credit card companies) is to string the guy along, when I am "going to get my
credit card", setting the phone down and going about my other business, until
it's clear he finally hung up. Then he called back, and I said "when I got
back to the phone you weren't there!", and repeated the game a bunch of times
over the day, with the guy getting more & more exasperated. Funnily enough, I
never get those calls anymore...

~~~
rhizome
Caller ID spoofing is a true misfeature. The ability should be removed, or
consumers should have out-of-band access to the real number in order to be
able to _at least_ blacklist it.

<http://www.catb.org/jargon/html/M/misfeature.html>

~~~
dangrossman
Phone numbers are to the telephone network like IP addresses are to the
internet. Caller ID is to phone numbers as DNS is to IPs. I don't think
getting rid of caller ID would really help anything, and you can't fix the
caller ID to specific numbers, as phone numbers are as transient as IPs --
they can terminate to an IP phone in Pakistan one day, and to a Twilio gateway
used by some other company's apps the next day. Blacklisting the number can be
both ineffective and harmful.

Letting the caller set the caller ID is the only way someone calling you from
Comcast about your bill can have Comcast show up on the ID. Most large
companies like that don't own the numbers they call from, or the call centers
-- they outsource both inbound and outbound phone support and sales. Typically
to multiple phone center companies at the same time, who all have to call "as"
Comcast, and ramp up or scale down with more or less phone numbers as needed.
They'll use autodialers too, with real people rather than recordings, to
minimize the delay between one outbound call ending and there being another
person for that now-available rep to talk to.

~~~
mleonhard
The ability to set caller-id is important. I was surprised by how easy it is.
With the free X-Lite SIP softphone and a flowroute.com account, I can set an
arbitrary caller-id number and place a call to anyone. This is very useful, as
it lets me place cheap VoIP calls "from" my mobile phone number. It could also
be used to get into voicemail and other systems that trust caller-id.

~~~
Shivetya
Businesses can detect your billing number, the ANI. Having been involved in a
system where employees logged in and out of work via the telephone it was very
important that we could prove where they were. We had many people attempt to
spoof it which never worked.

So the information is there. However it is worth a lot of money to the phone
company and they sometimes resell that information to others who repackage it.
They also in turn don't always give you this information even when you pay for
caller id which is similar but not the same. Originators can block paid caller
id, I have never seen a case where you can block ANI subs

~~~
rhizome
I was under the impression that ANI was forced on WATS lines, but that it
didn't necessarily exist for residential, shall I shift my understanding? I
think this could actually be a good lever, putting the problem purely into the
policy domain.

------
btilly
All that I want is this.

Right after I get a call I don't want, have another number that I can call. If
I call that number, I'm telling the government, "My last call was an unwanted
robocall."

Trace that call to its source (as best as that can be determined). If that
source has generated a lot of calls recently, and is not on a white list, it
is blocked. Any attempts from that number to make a phone call go to a
recorded message saying that it is blocked, with instructions for how to get
unblocked.

Any phone number that gets blocked several times in a week is permanently
blocked.

~~~
gshubert17
After I get an unwanted robocall, I want to dial "*RC" for "RoboCall". I get a
credit on my next phone bill for 25 cents. The phone company charges the
originator 50 cents. Now the phone company has an incentive to track all
robocalls. And I have a little compensation for my time.

~~~
greenyoda
If the phone company is going to charge the originator, they'd have to verify
that the call you reported was actually an illegal RoboCall. Some dishonest
people might report people whom they know but don't want to hear from as
RoboCalls. Others might erroneously report organizations that are legally
allowed to call them, like companies with which they had a business
relationship or political candidates. Verifying that each claim was valid
would probably cost the phone company much more than 50 cents.

~~~
cabalamat
> If the phone company is going to charge the originator, they'd have to
> verify that the call you reported was actually an illegal RoboCall

If I'm getting unwanted calls, I don't really care whether the government
thinks they are legal, I just want them stopped.

How about this solution: if the caller ID is on a whitelist, it goes straight
through. If not, the caller gest asked a question (which should filter out
robots). If there are determined human unwanted callers, a second line of
defence would be to ask them to key in a 4 digit code (and I'd only give the
solution to people who wanted to call me).

~~~
Firehed
Google voice lets you do something along those lines. I personally found it
incredibly tedious and quickly turned it off.

I think the grandparents idea of *RC is spot on. Verification can be done
through volume; i.e. a one-off may do nothing but repeated reports indicate
something is up. Just like reporting spam in email.

Along those lines, some sort of charge-to-call system may work. Like calling
collect in reverse, but the receiving party can decide to not charge the fee
if its someone they know (or flip it, hitting # within 30 seconds of an
inbound call will capture the fee and disconnect)

------
bstpierre
I don't just want robocalls killed. I don't want calls from politicians,
charities, pollsters or any other exempt organizations either. I don't want
calls from the debt collectors trying to reach the person who used to have my
number. For me, and people like me, a telco-based solution won't work because
they have to adhere to the regulations that have these giant exemptions.

In volume, you could make a device for landlines for probably <$50. Connect
the device to the primary incoming line. Connect phone(s) to the device.

User dials #4321 (some non-secret activation code, printed in instructions and
sticker on device) from house phone. Follows prompts to record (a) his name,
(b) names of other individuals at the house, (c) one or more bogus names. May
also follow prompt to enable a bypass code. May also follow prompts to add CID
numbers to whitelist (see below; this is for DESIRABLE robocalls, e.g. from
the school district in case of emergency or school cancellation). User hangs
up; device is programmed.

Incoming call, 2 rings, CID/CNAM captured (FWIW), house phones do not ring.
Device answers: "Calls may be recorded. Press 1 for Bogus John, 2 for Real
Alice, 3 for Real Bob, 4 for Bogus Carol". Caller presses 1/4, "Please leave a
message after the tone", tone plays, incoming voice goes to /dev/null for 10s,
call is dropped. Caller presses 2/3, house phones ring, stored CID/CNAM is
provided.

If the incoming caller uses the bypass code, the call goes straight through.

Bonus: distinctive ring for Alice vs Bob.

Bonus: after an annoying human caller "leaks" through, user can hang up, pick
back up, and dial #5432 [some other non-secret access code]. Incoming CID put
on block list. Calls from blocked numbers are unanswered (will go to VM if
user subscribes to VM from telco).

Bonus: similar to blacklist, user can dial #2222 (for "whitelist to Alice") or
#3333 ("whitelist to Bob") to whitelist a just-received call. Whitelisted
calls immediately go through. DR means that I don't have to check CID to know
it's my MIL calling for wife. Numbers can be whitelisted during programming
(see above) because desirable robocalls (e.g. kids' school) will otherwise
never get through and can't get #2222 treatment.

Bonus: pressing ## (or some other code) during a call starts a recording.
Saved as <cid>-<date/time>.wav to removable flash or USB on the device.

Bonus: insert flash/USB, dial #9876 from house phone. Device upgrades itself
from the flash.

------
crb3
We use an answering machine to screen calls. I put SIT tones (the tones
usually followed by a network message such as "we're sorry but the call cannot
be completed as dialed" -- google SIT.WAV) at the beginning of our outgoing
message. We don't pick up until the message ends.

We get a lot of 'ghosts', calls dropped before the message is done -- those
were automated calls. We get callers which are partway through delivering a
canned spiel at that point because their delivery system triggered on the
tones as if 'your-turn' beep -- those were automated calls intended to be left
as recorded messages.

It's not exactly what the contest is about, but it does provide some personal
relief on a landline.

------
iloveyouocean
So AT&T has the technology to bill each subscriber down to the bit of data
used, but they can't detect when an entity is making 10s of thousands of calls
. . . . ?

~~~
DanBC
10s of thousands of calls isn't necessarily illegal, nor unwanted.

Phone companies will probably claim to be just a pipe for data, and that they
cannot interfere with that data, and that regulation is for other people.
They'll stop you if you're damaging their network.

Cynically I'd say that a company making tens of thousands of calls is worth
more to the telco than me, making very few calls. (I doubt that's actually the
reason.)

------
tezza
Help me out here as a UK person: What sort of Robocalls are there ?

Here in the UK there are variants.

    
    
      1) Pause to hear you pickup, then they connect to a human salesperson
    
      2) Full blown automated call
    
      3) Human on the other end but how did they get your number ?
    
    

I have a solution, but can't enter as I'm outside the US :(

~~~
tinco
Still you choose to keep your solution to yourself? :)

~~~
tezza
I figured I'll wait until the competition is over.

When I see the announcement of the winner, it may be better than my
implementation and I will congratulate them.

If not, then I'll post mine and see.

------
ww520
There should be a Kickstart project for this. Lots of people would pitch in.
I'm sick of these daily robocalls.

------
bediger4000
Please robocall-kill "Ann from Account Services". I must get an average of 4
calls a week from that scratchy-voiced hag.

------
BryanB55
I feel like robot calls used to be much more common. I think I only get maybe
2-3 a year now. I think most recently they were from DirecTV and GNC. I tend
to give out my Google Voice phone number to businesses and non personal
contacts so I can block them if they sell my number or start robo calling it.
Although I've only had to block maybe 1 or 2 numbers on google voice in the
last few years.

I wish the iphone had a way to create a black list and block callers. I'm not
sure why they've never implemented this. I know it can be done by jailbreaking
but it seems like it should be part of the os.

~~~
dredmorbius
On Android: Mr Number and other call screening apps exist. I use this, though
the app has been getting a lot more snoopy/annoying of late.

------
ww520
Penalty should not just be on the illegal robocalling telemarketers, but
should also on the businesses contracting the telemarketers. Cut the funding
off from the sources.

------
swampthing
They should let people pledge donations to increase the bounty.

------
dredmorbius
An endpoint-based fee-collection system.

"To complete this call, a payment of $NOMINAL_AMOUNT is required. This may be
refunded at the discretion of the caller."

In actuality, you'd whitelist numbers not required to make payment, and/or
clear other numbers at the end of your billing cycle if desired. Payment
options would be provided. The call would not ring through until authorized or
paid.

This would increase the costs of phone spam markedly.

Survey organizations would have a bit of a problem. Oh well.

~~~
dredmorbius
Erm: discretion of the callee.

------
joebeeson
Would it be possible to use the same technology of SSL with phones? Have the
telco, who presumably knows the endpoint of the call can either apply an SSL
certificate (or equivalent) to the call so that the receiver can confirm their
validity?

Or, alternatively, much like how websites currently operate, the person making
the call would have to attach their certificate which the receiver could check
against CA(s). This would be nice because if certain CAs had rules where they
wouldn't sign up certain numbers (telemarketers, politicians), you simply
wouldn't use that CA to validate calls.

------
elastigirl
I definitely know where you're coming from. I get calls like that a lot and I
With all the consumer complaints these nuisance calls created, I don't
understand WHY these companies still operate!

Well, yeah, there's that thing they call the freedom to "advertise" but what
the ____?? They're already trespassing into our freedom to privacy!

I don't know anybody who'd disagree but if these companies continue this
unethical business practice, I would surely be happy to see them shut down!!!!

------
arohner
Can anyone explain why this is hard, technically?

~~~
anonymous1019
Sure. If you plan on implementing this as some sort of end-user device that
would be hooked up to a phone handset or a software "app" you would install on
a smart phone, then all you've got to work with is caller ID. Caller ID can be
blocked by the caller (e.g., by dialing *67 first) and spoofed, including the
purported outgoing number. In fact, VoIP systems like Skype have made spoofing
caller ID and now even ANI, a toll network analog of caller ID, trivial.

So even if you keep some sort of constantly updated database of numbers used
by robocallers, you are still relying on the robocallers 1) not blocking
outgoing caller ID and 2) not spoofing the numbers of legitimate users
resulting in them getting blacklisted.

~~~
hollerith
>VoIP systems like Skype have made spoofing caller ID and now even ANI . . .
trivial.

Is there any way for hardware connected to an ordinary phone line to
distinguish between an incoming call from a VoIP system versus an incoming
call from an ordinary phone line?

------
DanBC
You pass a law saying that all robocalls must comply with ROBOCALL_STANDARD.

You include a regulator in that law. The regulator is responsible for updating
the standard as needed, and for taking reports from people who receive a
robocall, and for imposing sanctions on companies who i) do the robocalling
and ii) ask other companies to do the robocalling for them.

Sanctions include fines for the companies; potential prison time for the
directors of those companies (obviously this would need to go through court)
and 'blocking of numbers by telecom companies' (not sure how realistic that
is.

The regulator has an "opt out" list. Every one with a phone who doesn't want
to receive calls registers on that list. New numbers are added by default.
(They can maintain an "Opt in" list, so people who want to receive junk calls
can).

Then the regulators set up a website. This site contains a simple report form;
the opt in and out lists; links to the current standard; links to the law;
links to previous adjudications.

If CompanyX uses a robocall company in a different country you can still go
after CompanyX. Not sure what you'd do if both CompanyX and the robocall
company are overseas with no US presence.

------
mxfh
Hey, Shazam there's an almost "free" prize waiting for you. Just make an app
that hooks into you calls on demand and records & forwards suspected
robocall's to match them against validated malicous ones. Someone else might
figure out the telco backtrace part with timestamps and so on.

------
elastigirl
And guess what? All you trespassers out there, be aware that I am reporting
your phone numbers to Callercenter.com every time you call. Just so you know,
in case you start wondering why your calls seemed to be blocked.

You want publicity by harassing me? I give you just that. Negative publicity!

------
sahaj
I believe Google Voice has already solved this problem. Just as with email,
click report spam and the whole user-base benefits. I suppose Google could
share that phone number list with others providers.

------
forgotAgain
This just reeks of the FTC abdicating its responsibilities to enforce the
existing laws. Show me the budget the FTC spends on prosecuting violators of
the law and maybe I'll change my mind.

------
stickyku
What I think would be cool is to be able to forward the call to a smart enough
bot that wastes like 5 minutes of their time every call. This will surely kill
their spammy business model

~~~
bstpierre
Robocalls aren't necessarily interactive. You can't waste their time.

------
icewater
Why does a company need at least 10 employees to compete in the Federal Trade
Commission Technology Achievement Award?

~~~
hollerith
You're reading it wrong: if the winning team has fewer than 10 employees, the
team gets $50,000. 10 or more, the team gets no cash, just bragging rights.

------
Andaith
Just ban robo-calls. Make it illegal.

~~~
civilian
They're already illegal. This is an enforcement problem.

~~~
xulescu
And why isn't this a problem in Europe? E.g. Germany? I'm not getting any
unsolicited phone calls anymore - robot or not (this used to be a problem 15
years ago, but not isn't anymore).

~~~
Sander_Marechal
There are national do-not-call registries. Companies are required to check
those before calling. If they don't then they get fined, which usually starts
at around 25,000 euro.

This is for The Netherlands, but I believe it's similar throughout Europe.

~~~
kbuck
The U.S. also has a do-not-call registry that you get fined for violating
(donotcall.gov). The problem is that they don't know who to fine, because it's
really easy to spoof caller ID and the businesses aren't dumb enough to
identify themselves.

~~~
tripzilch
How can those businesses try to sell you something without identifying
themselves?

Also, there must be some weird political or legal reason why they can't (or
won't) get the identity from the phone companies. It can't be a technical
reason, because they're already capable of tapping everything, and the phone
companies are already in full cooperation with that, even developing and
providing specific technical interfaces for law enforcement.

And, maybe someone can tell me if this is actually possible (as opposed to a
"CSI" type exaggeration): In many police series you see them requesting full
cell-phone logs of all incoming and outgoing calls to a certain phone in the
past few weeks or so.

In case that's realistic, I certainly hope that it can't be foiled by
something as simple as spoofing the caller ID? Because, you know, that'd make
it really easy to frame someone.

~~~
kbuck
I haven't seen or heard one of these calls actually play out, but they might
not even be trying to sell something - they could just be scammers out to
steal credit card information. (I get one all the time that's a prerecorded
message from "Rachel from Cardholder Services")

I'm sure telephone companies could _technically_ stop them if they really
wanted to, but telephone companies make a profit from these people. What
incentive do they have to stop them? Same with text message spam. If they
tracked it (which they surely collect enough money per message to do), they
could easily notice one number sending a hundred spam texts and stop it before
it sends tens of thousands of them. They don't, though, because each of these
messages means anywhere from another 5 to 25 cents in their pocket. Most
people don't even contest getting charged for receiving spam texts, because
who's going to argue over a quarter?

The biggest issue seems to be that all of this data is ephemeral - even if
they had a "more powerful" caller ID (which I believe 911 dispatchers do), you
would have to catch them in the act and personally have access to check where
the other end of the call is terminating, and you'd have to do it before they
hung up. For IP calls, I think it's unlikely they would even be able to fully
trace it.

~~~
tripzilch
> What incentive do they have to stop them?

That it's illegal? (the ones that are)

~~~
kbuck
It's not illegal for the telephone company to not try stopping them.

------
ruby_on_rails
"Contestant further represents, warrants, and agrees that any use of the
Submission by the Sponsor, Administrator, and/or Judges (or any of their
respective partners, subsidiaries, and affiliates) as authorized by these
Official Rules, shall not:

a. infringe upon, misappropriate or otherwise violate any intellectual
property right or proprietary right including, without limitation, any
statutory or common law trademark, copyright or patent, nor any privacy
rights, nor any other rights of any person or entity;

b. constitute or result in any misappropriation or other violation of any
person’s publicity rights or right of privacy."

(<http://robocall.challenge.gov/rules>)

I find this clause rather disturbing, I think I know what they meant to say,
but they instead wrote something so overly general, that if enforced,
effective makes this competition un-winnable. Maybe someone else can weigh in
on this.

