Skip to content
Naked Security Naked Security

35 state attorneys general tell FCC to pull the plug on robocalls

The AGs want the FCC to adopt SHAKEN and STIR.

A bipartisan group of 35 state attorneys general are tearing their hair out over robocallers. They’re telling the Federal Communications Commission (FCC) to implement technology that will identify illegally spoofed calls and authenticate legitimate ones, the sooner the better.
In a letter sent to the FCC on Tuesday, the AGs submitted comments in response to a public notice issued by the Consumer and Governmental Affairs Bureau seeking to refresh the record on how the FCC can further empower service providers to block illegal calls.
The AGs said that the situation is beyond what law enforcement can handle on its own. The states’ respective consumer protection offices are receiving and responding to tens of thousands of consumer complaints every year from people getting plagued by robocalls.
More often than not, such calls travel through “a maze of smaller providers,” the AGs said. If the caller can be found at all, they’re usually located overseas, making enforcement difficult. That’s why investigations and enforcement actions can’t serve as the sole solution, they said.
Last year, the FCC released the 2017 Call Blocking Order, which included rules allowing providers to block spoofed calls – as in, calls that pretend to come from consumers’ phones or, even more sneaky, from neighbors’ phones, with area codes that mirror their targets’ area codes. The order allowed providers to block calls from numbers on do-not-originate lists and from numbers that are invalid, unallocated, or unused.

967 robocalls per second

But despite the Call Blocking Order, the robocall problem is only getting worse. The AGs referenced a report from last year that found that American landline and wireless subscribers received an estimated 30.5 billion illegal robocalls, up from a 2016 estimate of 29.3 billion illegal robocalls.
As it is, last year’s average pester-people rate translated into 967 calls placed every second, adding up to well over 100 robocalls for every adult in the US during 2017. As if that’s not enough to put people off ever answering the phone, by the end of this year, the industry is anticipating a 33% increase.
Uninterrupted homework time for the kids? Tranquil dinner? A peaceful night’s sleep?
Hahahahahahahahahaaaaa! Kiss that goodbye!
But these calls aren’t just illegal and aggravating. They’re also dangerous. Reports indicate that out of the 4 billion illegal robocalls made just this past August, 1.8 billion were associated with a scam. By next year, half of all mobile calls will be scams, according to analysis by global communications platform First Orion.


A huge part of the problem is that it’s cheap and easy, the AGs said:

Virtually anyone can send millions of illegal robocalls and frustrate law enforcement with just a computer, inexpensive software (i.e., auto-dialer and spoofing programs), and an internet connection.

That’s backed up by the testimony of the “robocaller king” himself, Adrian Abramovich. In May, the FCC fined Abramovich $120 million for the nearly 97 million spoofed calls his marketing companies made to sell vacations at resorts that, surprise surprise, turned out to be so not the Marriott, Expedia, Hilton and TripAdvisor vacations initially mentioned.
In April, the Senate Commerce, Science & Transportation Committee subpoenaed Abramovich to explain exactly how easy it is to download automated phone-calling technology, spoof numbers to make it look like calls are coming from a local neighbor, and robo-drag millions of hapless consumers away from what should be their robot-free dinners.
His answer: pretty darn easy. He told senators:

There is available open source software, totally customizable to your needs, that can be misused by someone to make thousands of automated calls with the click of a button.

What do they want the FCC to do about it?

There are two protocols the AGs want to see the FCC adopt: the STIR (Secure Telephone Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) protocols. Those are frameworks that service providers can use to authenticate legitimate calls and identify illegally spoofed calls.
There has, actually, been progress on this front.
Last month, the Alliance for Telecommunications Industry Solutions (ATIS) announced the launch of the Secure Telephone Identity Governance Authority (STI-GA), designed to ensure the integrity of the STIR/SHAKEN protocols. That move paved the way for the remaining protocols to be established, and it looks like STIR/SHAKEN is going to be up and running with some carriers next year.
The FCC hasn’t issued a notice of proposed rulemaking concerning additional provider-initiated call blocking, but the AGs anticipate that there will be requests for more comments on the subject.


37 Comments

Yea! Our devices used for what we want them to be used for. Nothing like customer value!

Here’s one that nobody has had the brains to look into. My husband and I are dealing with irs issues. My husband also suffered from respiratory problems. He received a call from an irs scam telling him an arrest warrant was issued for him which resulted in him suffering an anxiety attack, hospitalization and finally he passed away 2 weeks later from respiratory failure. In effect, they killed my husband. Can homicide charges be filed against them. If I could only collect on all the money the government says I’m entitled to receive for all the calls I get each day, I’d be debt free in a week

“Here’s one that nobody has had the brains to look into. My husband and I are dealing with irs issues. My husband also suffered from respiratory problems. He received a call from an irs scam telling him an arrest warrant was issued for him which resulted in him suffering an anxiety attack, hospitalization and finally he passed away 2 weeks later from respiratory failure. In effect, they killed my husband. Can homicide charges be filed against them. If I could only collect on all the money the government says I’m entitled to receive for all the calls I get each day, I’d be debt free in a week”
I wish this would be possible, however I don’t believe these even originate in the United States, a civil case spanning the globe would be extremely expensive even if you could locate the perpetrators.
That’s why our Attorneys General are stepping in to demand Congress regulate the telcos which should be protecting us. Congress, sadly, loves lobbyist money more than they care about you.
I’m so sorry to hear this, and I hope you can find some security to come.

These robocalls with spoofed caller ID numbers are not only dangerous in the sense of causing people to get scammed, they are also dangerous to life and limb, because they contribute to traffic accidents. Many of the calls go to mobile phones, and I often receive them while I’m driving. Of course people should not answer mobile phones when it’s not safe to do so, but distracting that many drivers with junk phone calls is sure to cause some traffic accidents.

Well, to be fair, if you pick up the phone while driving (without a headset) it’s really more on you than on them. I mean, if your friend sends you a text, and you read it while driving, it’s not his fault if you crash, is it?

how about we have a civil law suite against the FCC for invasion of privacy. maybe that will get some attention. keeping the list of unused telephone numbers publicly available is just plain stupid. keeping the list of legitimate numbers indexed for routing is simply.

“how about we have a civil law suite against the FCC for invasion of privacy. maybe that will get some attention. keeping the list of unused telephone numbers publicly available is just plain stupid. keeping the list of legitimate numbers indexed for routing is simply.”
You appear to be mistaken, Robodialers just dial. The list is not being used for malicious purposes, these automated dialers just dial and know immediately if a number is not in service.

Average of three calls per day on each family members phone. The phone service call blocker is filled with numbers and there is no way to add any. We now hangup on all calls with are area code and same first three digits. Also hang up on all calls with a different area code unless is a known family member.

My solution… out of desperation and even with NoMoRobo… was to terminate landline service.

Unfortunately, it is no longer easy to differentiate cell phones from landlines (a by-product of easy transfer) and now cell phones are being inundated with robocalls.

This is good. But, the FCC shouldn’t need it. This isn’t rocket science:
Fine every robocaller the maximum allowed when they’re caught (which isn’t often, but fining them with real fines will cull the herd).
And REQUIRE providers to block calls from spoofed numbers. The technology has existed for decades.

Fining them is great, except you find them $10,000,000, but they made $100,000,000. at that point the fine doesn’t mean much.

They earn anywhere from a few pennies to a few dollars per call (depending on the product they’re hawking). $11,000 per call dwarfs that, and it is applied to all calls made, not just the ones where the victim answered the phone.

“This is good. But, the FCC shouldn’t need it. This isn’t rocket science:
Fine every robocaller the maximum allowed when they’re caught (which isn’t often, but fining them with real fines will cull the herd).
And REQUIRE providers to block calls from spoofed numbers. The technology has existed for decades.”
Telcos don’t give a shit.

robocall companies probably donatr to politicians, hence no action to stop them…just follow the money every time.

There is an easier workaround – get a cell number from an area code in which you do not live. For example, if you live in San Diego, use an area code for San Francisco. This makes it easy to spot scam calls. Even easier if you pick an area in which you have no contacts in.

Actually, I did this not for robocalls, but for privacy in general. My cell number is only known to my family and a limited number of trusted friends. Everybody else gets my Google Voice number, which is an account that says I’m 119 years old, I live in the Aleutian Islands and uses that area code. Any number with the same area code is immediately rejected. All GV calls go to voicemail, and then I deal with them at my leisure.

If everyone would answer, wait to speak with a human, and then hang up, the problem would go away. Right now they robo call because it is profitable to have a person sitting around only speaking with prospective marks. If they had to pay wages for their employees to talk to 10,000 angry consumers for every one mark, the profits would be lost.
More complicated buggy software protocols will not fix this. Our Government cannot fix this. The only fix is to make it too expensive for them to exist as a business.
I get several calls every day on my work phone and my home phone. I always press the number to speak with a customer service rep and then I keep them on the line as long as I can. Sometimes, that means I play along, sometimes I toss the phone in a drawer, but I always waste their time and eat into their margin. Speaking pig latin to them on speaker phone can be entertaining with your friends.
DAve

The fact that you still get several calls every day kinda means it’s not working too well, doesn’t it?

That doesn’t work. Once they get to a number that gets answered, they can then sell that phone number for more money.
I like Google’s idea of answering, though. Then, use AI to keep them in a conversation as long as possible. Wastes their time and costs them for the call. It might actually work.

I have a cell work phone. I always have to expect when the phone rings its an IT emergency. If I could get my hands on the person that does robo calls, I would put them in a room with a loud phone ringing noise that never stops. ala “Captured” 1998 movie

Surely coming up with a way top ensure all calls have some fee, however small, associated with them would help?

In my experience, unwanted, out-of-jurisdiction calls – such as tech support scams – almost always have *some* in-country support, such as a VoIP provider who aids and abets the deception of giving the call a local number as its origin.
I once spoke to a country’s telecoms regulator about dealing with this problem with the blunt instrument of liability – making the VoIP provider immediately and financially liable for any abuse of its service from overseas, in the same way that the owner of a car gets the ticket if someone borrows it – but the theory seemed to be that would be “too hard”, presumably for a sea of legal reasons, and because of the complexities of enforcement.
Jacking up prices to pay for the cost of abuse would, I suggest, probably be very unpopular – telephony, like digital cameras and laptops, is only ever supposed to get cheaper! – and might end up doing little more than increasing turnover for the selfsame rogue providers we want to bring to heel.

I don’t mind the idea of replacing phone fees with a 20 cent connection fee. 100 phone calls a month would mean a $20 phone bill. To me that’s a lot of calls, and a good price.
To a robo caller it means 50,000 calls a day is 10k.
Hmm that’s not enough. How about after 5k calls in one month, it goes up to $1. per call. yeah, that should work.

How about after 5k calls in one month, your service is suspended unless you can prove a valid reason and provide verifiable numbers/names lists?

My setup will not work for the majority…. I have a landline with an old fashion answering machine. I can listen to who/whatever is making the call when the machine picks up. If it is someone I want to talk to, I pick up the phone. If not, they can talk to the machine. It seems robocalls hang up when the machine answers. :)

I know a number of people who no longer answer their phone, and instead have people leave a message.
My phone has some static on the line. It would not be difficult to fix, but I’ve found that robocalls start their pitch then hang up. I think the static must come across as either an answering machine or a dead line. In any case, that advantage outweighs the annoyance of having a bit of static on the line when I’m talking to someone I want to talk to.

Execute one spam factory owner on public television every Friday night until it stops. Probably wouldn’t take long…

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?