
FCC fines robocaller record $120M - ayanai
https://techcrunch.com/2018/05/10/fcc-slaps-robocaller-with-record-120m-fine-but-its-like-emptying-the-ocean-with-a-teaspoon/
======
lend000
The real problem is the lack of security and authentication on telephone
networks, which enables number spoofing with virtually no chance of reprisal
-- foreign callers (realistically out of the FCC's jurisdiction) use VoIP
services to create calls that originate from an IP address from the telephone
network's perspective, and the phone network makes no attempt to authenticate
the metadata (like the phone number that is calling) before forwarding it on.

The 'neighborhood scam' is one which I am frequently subject to, and there is
virtually nothing I can do about it (except block all the numbers with the
same prefix as my own, but even this only covers the cases where they restrict
their spoofed numbers to that small range).

Domestic callers like the one described in this article seem like a very small
part of the problem, since they can be tracked and prosecuted. Foreign callers
never pay the penalty with our current system, and I suspect they are more
numerous based on the accents of most robocall operators I've gotten on the
line.

~~~
bradleyjg
What I don’t understand is why no major mobile carrier is offering a solution
to this. It’s a pretty competitive market and this could be a big selling
point.

When the isp wars were going strong, before broadband put everyone under the
thumb of monopolists and also before gmail, spam filtering was a serious
competative advantage.

Why can’t phone companies take an RBL like approach? If your VoIP service
garners too many complaints because you are selling to robocallers then you
don’t get to have calls delivered to e.g. ATT mobile customers anymore?

Are there legal or technical interconnection requirements that would make such
a thing impossible?

~~~
rayiner
Blocking calls from certain VoIP services is almost certainly going to be a
violation of common-carrier rules (which still apply to phone service no
matter what happens with broadband).

At a technical level, spam filtering relies heavily on analyzing email text.
Doing similar analysis on voice calls is way harder. Also, there's UI issues.
You can redirect suspected spam emails to a folder the user can inspect for
false positives. What do you do with a call that hits the robocall filter?

~~~
afo
Actually, the FCC clarified their rules a few years back that carriers CAN
block robocalls.

More details here: [https://www.broadcastingcable.com/news/fcc-clarifies-
robocal...](https://www.broadcastingcable.com/news/fcc-clarifies-robocall-
rules-141868)

Note that Ajit Pai (then a commissioner, not chairperson like now) voted
AGAINST this.

Full disclosure: We (Nomorobo) advocated to the FCC to allow carriers to block
robocalls.

~~~
rayiner
It's worth reading Pai's actual dissent:
[https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-72A5.pd...](https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-72A5.pdf).
Among his reasons for dissenting is that the Commission was unwilling to
"establish[] a safe harbor so that carriers could block spoofed calls from
overseas without fear of liability."

All this occurs against the background of the Communications Act's common-
carrier obligations, and the FCC's call-completion rules, which generally
prohibit blocking calls. What the FCC did in the order you linked is to simply
say "nothing in the Communications Act or our rules or orders prohibits
carriers or VoIP providers from implementing call-blocking technology that can
help consumers who choose to use such technology to stop _unwanted
robocalls_."

Is that a safe harbor? No, as the next sentence clarifies, what can be blocked
depends on the nature of the call: "Additionally, in the interests of public
safety, we strongly encourage carriers, VoIP providers, and independent call-
blocking service providers to avoid blocking autodialed or prerecorded calls
from public safety entities, including PSAPs, emergency operations centers, or
law enforcement agencies; blocking these calls may compromise the
effectiveness of local and state emergency alerting and communications
programs."

As explained in other posts here, it's hard for a carrier to tell what is a
robocall. What is an "unwanted" robocall is even harder--it's a heavily-
litigated issue in the TCPA context. (In fact, the rest of the order was about
expanding what counts as an unwanted robocall in violation of the TCPA).

That leaves carriers between a rock and a hard place--it they block over-
inclusively, businesses who think they fall into a TCPA exception could sue
them for violating their common-carrier obligations. Then they get to litigate
whether that business falls within the scope of the "unwanted robocalls" the
FCC referred to (but did not define). Carriers have a huge incentive to not
wander into that morass by offering call-blocking features.

~~~
wtallis
> so that carriers could block spoofed calls from overseas without fear of
> liability

I don't really want my carrier deciding what calls to block. I just want them
to ensure the veracity of caller ID data so that I can perform useful blocking
at my end. There shouldn't be anything stopping them from removing fraudulent
and unverifiable caller ID info from the calls they route my way. That leaves
me free to block calls that lack caller ID info, and I'm assuming all the
risks that entails.

------
walterbell
_> a technology designed to prevent robocalls altogether, recommended in a
report more than a year ago and currently set to be implemented in Canada in
2019, has no such date here in the States._

What’s the technology?

Edit: [https://transnexus.com/solutions/stir-and-shaken/stir-and-
sh...](https://transnexus.com/solutions/stir-and-shaken/stir-and-shaken-
overview)

 _”STIR and SHAKEN use digital certificates, based on common public key
cryptography techniques, to ensure the calling number of a telephone call is
secure. Each telephone service provider obtains their digital certificate from
a certificate authority who is a trusted authority. The certificate technology
enables the called party to verify that the calling number is accurate and has
not been spoofed.”_

~~~
flyinghamster
Some of the scammers have run shady phone companies like CallerID4U [0]
specifically meant as "bulletproof hosting for robocallers". I could see them
branching out into the CA business.

CallerID4U seems to have gone (has been put?) out of business, at least. My
Asterisk box hasn't received calls from their prefixes (which I blacklisted)
since 2015, and their website's main page returns a 403 Forbidden. [1] It took
a bit of hunting with the Wayback Machine to find a good shot of their page.
[2]

Spot-checking on telcodata.us, it looks like their prefixes/thousands groups
have gone to others as well. 253-245-2xxx now belongs to CenturyLink, for
instance, and 425-336-8xxx is unassigned.

Much like "unsubscribe" links in spammer emails, they even had a helpful
"Click here to register a complaint and put your phone number on the DO NOT
CALL (DNC) list" item on their web site.

[0]
[https://800notes.com/forum/ta-705926565a74ba5/callerid4u-inc...](https://800notes.com/forum/ta-705926565a74ba5/callerid4u-inc-
millions-of-illegal-telemarketing-calls)

[1] [http://callerid4u.com/](http://callerid4u.com/)

[2]
[https://web.archive.org/web/20130310040410/http://callerid4u...](https://web.archive.org/web/20130310040410/http://callerid4u.com/)

~~~
afo
Agreed. We (Nomorobo) stopped seeing calls from them around the same time.

They were also known as 33 wireless and a few related companies. Here's an old
discussion about them [0]

Not sure what happened but their telephone number blocks were all reassigned
to other companies

[0]
[https://800notes.com/forum/ta-705926565a74ba5/callerid4u-inc...](https://800notes.com/forum/ta-705926565a74ba5/callerid4u-inc-
millions-of-illegal-telemarketing-calls)

------
post_break
Can we please get phone OEMs to enable a feature to only allow calls from
people in our contact list? Baked in. No apps that scrape your phone book to
do it. If you're not on my contact list, go to voicemail and I'll decide if
you're legit. And have an option like DND where if you call in rapid
succession then I'll pick up.

~~~
jasonkostempski
I'd prefer an open source software solution but, either way, they'd start
leaving voicemails, which is still annoying to manage. However, a lot of them
already leave a 3 second blank voicemail, so that would at least eliminate the
ignore/reject call step and the rude interruption.

~~~
criddell
Why do voicemail systems even notify me of a 3 second silent message? Just
delete them.

~~~
jasonkostempski
That would be nice too. And locally run software should be able to handle it,
so you don't have to hand all your voice mail over to a third party. Even 3
seconds of not silence is probably "It's me. Call me back when you get a sec."
which the missed call notice already handles. I don't waste time listening to
them any more, but clearing the notice and deleting the message is annoying.

------
rectang
The FCC has dragged their scapegoat into the public square to torture in a big
show for the brutalized masses. But how effective has the FCC been at actually
curtailing the problem of robocalls?

This FCC won't do anything meaningful because they've been bought off by the
telecoms, and the telecoms make money hand over fist on robocalls:

[http://www.latimes.com/business/lazarus/la-fi-lazarus-fcc-
ro...](http://www.latimes.com/business/lazarus/la-fi-lazarus-fcc-
robocalls-20160729-snap-story.html)

 _" The problem," he said, "is that for the carriers, it's a conflict of
interest. All of these robocallers represent billable minutes. From a revenue
standpoint, anything they do to crack down represents a reduction of billable
traffic on their networks."_

Same way this FCC's purported "deregulation" of net neutrality is a sham which
rigs the game so that the telecoms can leverage their market dominance in more
verticals.

We know what the technical solutions are for the problem of robocalls.
Corruption and legalized bribery are preventing the application of those
technical solutions.

~~~
rayiner
Do you have a source that’s not an offhand quote suggesting that carriers make
any significant revenue from robo calls? Also, most robo calls are made
through VoIP services. Aren’t they the one with the most financial incentive
to keep robocalls going, and the ones that could most easily detect them? By
the time the robocall gets to a carrier’s network, its already been mixed with
tons of legitimate traffic from VoIP users.

~~~
Rjevski
I work in telecoms.

The billable minutes thing is absolutely true. You might not directly pay for
them as a customer, but carriers pay each other for inbound calls, so whatever
carrier that is originating the robocalls is paying the next carrier in the
chain, and that one pays the next, and so on until it finally reaches your
phone. We’re not talking much on a single call (the prices are often around
0,01$ or even less) but when you take all the robocalls originated in a single
day that adds up to quite a bit.

~~~
wpietri
I believe that for some carriers the billable minutes thing is significant.
But what I'm really skeptical of is rectang's assertion that the FCC has been
bought off _by the same_ carriers for whom this is significant revenue.

I certainly believe that the FCC is too influenced by large telcoms companies.
As we see with the Michael Cohen thing, large companies believe they can buy
influence. But those same companies that are receiving the calls are mainly
paid by consumers. Is TMobile really willing to risk losing my ~$100/month to
get whatever they do for calls I don't answer?

I'm sure there are carriers for whom the robocalls are a major slice of
revenue. But are any of them nearly as big as the consumer-focused telecoms
companies?

~~~
Rjevski
It’s not really been bought off by those exact carriers, but by the telco
industry as a whole.

The industry is honestly shady as fuck. They’re being pushed into irrelevance
by the internet and VoIP (where there’s no such thing as paying for minutes,
thankfully), have thousands of employees to pay (despite not doing much, as
they became irrelevant over time), and so while incoming call revenue is maybe
1% of total revenue for someone like T-Mobile, it’s still paying for some
useless people’s pay checks, so of course those are gonna fight back.

Now aggregate that across the entire industry - everyone fighting for their 1%
of total revenue - and you’ve still got a strong pushback.

Finally your carrier knows they’re not going to loose your 100$/month over
robocalls because you have nowhere to go. The situation might change if one
carrier bites the bullet and implements a working solution (but good luck
given that it requires industry-wide cooperation), then the other carriers
will wake up as they now know customers actually have a competitor to go to.

~~~
rayiner
T-Mo has two larger and one smaller national competitors. Do they want the
$0.50 they get from robo callers more than the $70 they get from luring a user
away from Verizon or AT&T?

~~~
Rjevski
Even if they wanted the 70$, at the moment there’s nothing they can do about
robocalls without cooperation from the entire industry. A robocall doesn’t
look any more shady than a normal call from a receiving carrier’s perspective;
whatever solution they come up with will have tons of false positives.

~~~
pandaman
While you cannot say for certain that a particular call is coming from a
robot, being a major network you can make a very good guess. E.g. when the
same origin hits every number with a caller ID in that number's exchange just
block that origin from your network. If there is a legitimate reason for this
- they will contact you immediately and sort it out. Bonus point - spammers
will hit the competitors networks with more bandwidth and force even more
people to consider switching.

The current situation is the one, which requires cooperation of the whole
industry, actually. It's a prisoner's dilemma in the sense that the first one
to implement anti-spam will gain a temporary advantage but eventually everyone
will have to implement it and keep up with the spammers who will be finding
new ways to circumvent these measures. As it stands now - nobody gains
advantage and nobody has to spend money on anti-spam and lose revenue from
spam at the same time. As little as it is, taking your $70 _and_ $0.05 from
spammers is _a lot_ better than taking your $70 and zero from spammers.

~~~
Rjevski
> when the same origin hits every number

There is no real concept of "origin". Unless you're the direct upstream
carrier of the originator of the robocalls, the robocalls will be diluted with
legitimate calls in such a way no single inbound carrier stands out.

~~~
pandaman
I see, are there second layer provides agregating multiple VoIP retailers? I
thought VoIP route directly to the big telcos networks. But even in this case
- just drop the whole 2nd layer provider and they will quickly deal with their
spammer clients.

~~~
Rjevski
Big carriers* often route directly, but even then, it's not guaranteed (they
could use a third-party or even a competitor as a fallback in case their own
interconnect goes down), and to be fair, big carriers (Twilio, etc) are decent
at fighting abuse - it's not them we need to worry about.

Small & shady carriers are where the problem is, and those often just resell
capacity from bigger carriers (some of which in turn resell even bigger
carriers), or sometimes even resell illegal "black" or "grey" routes as
they're called, could even be compromised servers from legitimate customers of
big carriers.

In the end this entanglement mixes legitimate calls with malicious ones by the
time they reach the destination (final) carrier, making it impossible for them
to drop malicious calls without impacting a lot of legitimate usage.

*I avoid saying VoIP retailers because it doesn't really mean anything; carriers often allow you to use different interconnects, and VoIP is just one of many.

~~~
pandaman
>In the end this entanglement mixes legitimate calls with malicious ones by
the time they reach the destination (final) carrier, making it impossible for
them to drop malicious calls without impacting a lot of legitimate usage.

No, I did not say "drop calls", I said drop the source. If Twilio got blocked
on T-Mobile it would found which re-seller is responsible in no time. If it
was their hacked server - they, again, would have found it and patched. It's
no different from e-mail spam in early 2000s - all e-mail from a server
sending spam would have been blocked, including legitimate e-mail.

------
bhaavan
But what if the Robocaller wanted to talk to my Google Duplex assistant? It is
a pretty boring life for my Duplex. Getting a few phone calls from fellow
beings is the bare minimum she deserves!

------
pweissbrod
I really really hope this covers the infamous and elusive "Rachel from
cardholder services"

~~~
criddell
That one bugs me a lot. I get a credit card call every day from a different
number that's close to my phone number.

I wish credit card issuers would end their affiliate programs.

If they don't want to end the programs, they could at least clean them up. If
I answer one of the Rachel calls and take them up on their offer for a
different card, the credit card company should be able to track who referred
me to them and close their account. But the incentives are all wrong.

------
DEFCON28
One technique I use is my phones have an area code from another state that I
never get calls from. (South Dakota). If I get a call from this area code I
know it’s spam.

~~~
jcl
One potential flaw of this approach is that there are potentially legitimate
services that bridge internet calls to local numbers. IIRC, Skype worked this
way, and I assume other things like Google Hangouts and Twilio do, too.

------
codazoda
I've permanently turned on Do Not Disturb and configured it to allow calls
from people on my contact list. This won't work for everyone but it works
really well for me. I no longer get unwanted calls. People I don't have in my
contact list are forced to leave a message without my phone ever ringing.

~~~
fabianwatkins
Me too. It's a shame its gotten to this point though. But even worse than a
spam call is a spam call from someone's legitimate number. For a period,
someone was making sales calls from my Mom's number. She ended up getting
about twenty angry return calls a day and had to explain to everyone she
didn't call them. She wasn't aware of any alternative, so she changed her
number. Sad!

------
mnw21cam
So, if you take any notice of anything on this web site, you will see that
even after the page has loaded, it keeps on making loads of network
connections to all sorts of servers. For ever. This is now a browser-hostile
web site.

~~~
codazoda
PrivacyBadger blocks all of these but you're right, it does seem hostile. I
figure most US companies that run ad's have similar setups. After about 10
blocked calls to geo.yahoo.com it stops making the requests.

With PrivacyBadger disabled the connections keep on coming; especially as you
scroll the page up and down.

------
Sniperfish
For us, the most frequent issue on our land line are out-of-country calls (so
out of jurisdiction) trying to sell duct cleaning services. We've gone as far
as booking a couple of appointments to identify the local businesses that use
these providers, but nothing comes of the reports. Where the origin is
foreign, there are still avenues for domestic enforcement but authorities
appear uninterested - to me this is an easy way to increase the effective cost
of foreign call centers that don't obey local laws.

------
cft
Adrian Abramovich speaking to Congress:
[https://www.youtube.com/watch?v=SkeZH_gUl04](https://www.youtube.com/watch?v=SkeZH_gUl04)

------
JustSomeNobody
I got an angry call from a real person the other day yelling at me for calling
them so many times. I tried to explain to them, it wasn't me, but they hung up
after they said what they had to say.

Has anyone else had similar happen? For some naive reason I just figured the
spoofers were using blocks of unused numbers, not _live_ ones.

~~~
flyinghamster
They're using live ones, all right. Their latest tactic is to use random
numbers in the same prefix as your phone, or use prefixes in nearby rate
centers.

------
egonschiele
I also get robocalls all the time, and hardly got any till about a year ago.
What changed?

~~~
xigency
The Equifax breach leaked phone numbers along with all of the other
identifying information hence more spam calls from anyone (everyone) affected.

~~~
ryanlol
Do you have anything to back your assertion that the data from the Equifax
leak is being actively exploited in this manner?

------
tonyquart
There should be another fines in the future. Also, there should be asset
seizures and long jail time if we want to see these crimes stop their
harassment on us. I have just read an article that also talks about robocalls
at [https://www.lemberglaw.com/what-are-
robocalls/](https://www.lemberglaw.com/what-are-robocalls/). Hope the law
enforcement will think seriously about this problem.

------
vincentmarle
Curious: will Google Assistant’s new call-out feature also be considered a
robocall by the FTC?

It technically is, right? Because it will make automated unsolicited calls at
a massive scale.

------
greedo
I would be ecstatic if the next version of iOS had a whitelist feature for
phone calls and SMS/iMessage. I would pay large sums for this...

~~~
blang
You could always turn on do not disturb and allow calls from your contacts.

~~~
greedo
That disables notifications.

~~~
ddebernardy
That's a good thing if you don't want distractions until you check your
notifications, no?

~~~
greedo
I don't want to disable alerts or alarms either. I just don't want
robocalls...

------
pcunite
The annoyance of this for me could be a simple fix. If the number is not in my
iPhone contacts, send them straight to voicemail.

~~~
criddell
But make it an option! I don't want voicemails either. If you aren't in my
contacts list, you get a busy signal.

------
niyazpk
I use Google Fi (for 3 years now) and _never_ get Robocalls. Am I just lucky
or is Fi doing the spam filtering for me?

~~~
willstrafach
Some marketers perform lookups to remove inactive / non-cellular numbers from
their lists in order to save on costs/time. I believe Google Fi and Google
Voice are marked as VoIP in these lookups.

------
nsxwolf
Please tell me this guy is the one responsible for the daily calls I get from
numbers that sort-of look like mine.

~~~
degenerate
There's thousands of scammers doing the same gig. It's not just him :(

------
kj4ips
There is no way this guy can pay that, so I assume he will either:

* sacrifice an LLC (if he has one)

* declare bankruptcy

* be garnished at the legal maximum rate for the rest of his life? (little bit less than 25% of after-tax)?

I wonder if it is worth an FOIA to ask some of these high-profile agencies how
much they are raking in with garnishments from gigantic fines?

------
tracker1
As soon as the people behind the robocallers start getting introduced to
bullets it'll reduce. Until then, don't expect it to stop.

------
lopatin
Robocallers seem to be getting a bit more savvy too. I just got one today,
articulately told it "fuck off", and it actually immediately stopped! I just
thought that was cool.

~~~
e40
I always asked to be put on the DNC list, and 99% of the time they hang up on
my before I finish my sentence.

Lately, I've taken to wasting their time, and at the end, telling them if you
had put me on the DNC list, this wouldn't have happened.

------
neeleshs
I treat phone almost like email, by not picking up any calls that I don't
recognize. If its important, caller leaves voicemail, and I call back
immediately.

------
gnarcoregrizz
i wonder how a proof of work scheme, a la hashcash, would work for call spam.
it was originally designed to reduce email spam:
[https://en.wikipedia.org/wiki/Hashcash](https://en.wikipedia.org/wiki/Hashcash)

it could be possible to have different PoW requirements for different callers.
perhaps you could require a higher PoW for an unknown caller, and no
requirement for someone you know.

------
camdenreslink
These robo callers are the bane of my existence. I get at least one call per
day with the same area code and first 3 digits of my phone number.

------
partycoder
I used to receive a lot of robocalls.

I called my phone company and asked them to block all foreign calls. They did
and now I very rarely receive any robocall.

------
ErikAugust
A great caller ID app is Hiya. It will show in the Home screen during ring
whether a call is suspected spam, spoofing, or fraud.

~~~
trumped
it's great if you don't mind sharing all your calls' metadata

------
DannyB2
The FCC can go after robocalls because the law allows them to.

Back in the day, when there were proposed laws to make SPAM similarly illegal,
the Direct Marketing Association (DMA) lobbied hard to get exceptions that
would allow SPAM. And the rest is history.

Remember the aptly named "Can SPAM" act?

Can could mean:

1\. toss it out, eliminate it

2\. enable it

3\. a metal cylinder it is packaged in

------
brianzelip
Pai talking about being an “active cop on the beat” seems a bit tongue in
cheek.

------
notadoc
Is there anyone who doesn't get multiple robocalls every day?

~~~
Symbiote
I don't get any on my Danish or British phone numbers. Perhaps one per year on
the British one.

It would be interesting to know what's different about the systems in the USA,
as I don't imagine robocalling Britain would be somehow less profitable except
by regulation or technical measures.

------
trumped
If only callerID spoofing was not possible... I think that it would solve most
spam call problems because it would be easier to make them accountable.

~~~
inetknght
I don't know why you were downvoted so much. I agree that being unable to
spoof caller ID would go a long way to allowing _enforcement_ of existing laws
to work.

------
michaelcampbell
Which will dissolve and re-start within hours.

------
nahumba
This is whataboutism. Choosing one method is not saying 100% of enforcing with
only one method. 100 million calls means statisticaly one of 3 usa readers got
a call frim him. Thats alot.

