Site icon Sophos News

US Senate passes anti-robocalling bill

A portal has been partially opened that may, just maybe, eventually, lead the country out of its robocaller misery.

The endangered species known as a bipartisan bill sailed through the US Senate on Thursday. The bill, designed to fight illegal robocalling, passed with an overwhelming 97-1 vote, and now it’s headed to the House of Representatives. From there, it’s on to the desk of President Trump.

Senators John Thune and Ed Markey introduced the bill, which is titled the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, or the TRACED Act, in January.

Markey told reporters that robocalls are driving people nuts on both sides of the aisle:

There are no red robocalls, there are no blue robocalls. There are only robocalls that drive every family in America crazy every single day.

If the bill makes it through the House and is signed into law, it will empower the Federal Communications Commission (FCC) to inflict hefty new fines – as much as $10,000 per call – for illegal robocalls. The legislation would also increase the statute of limitations for bringing such cases, thereby giving FCC regulators more time to track down offenders.

The act would also create an interagency task force to address the problem, and it would push carriers like AT&T and Verizon to deploy call authentication systems, such as the pending STIR/SHAKEN call identification protocols, into their networks.

That’s now in the works: in September 2018, the Alliance for Telecommunications Industry Solutions (ATIS) announced the launch of the Secure Telephone Identity Governance Authority (STI-GA), designed to ensure the integrity of the STIR/SHAKEN protocols.

That move paved the way for the remaining protocols to be established. Verizon announced in March that it had begun deploying STIR/SHAKEN technology: an authentication standard designed to fight call spoofing by verifying that the number on caller ID is the number that actually placed the call. Verizon said at the time that in coming months it would begin deploying STIR/SHAKEN on interconnections with other major carriers, as well.

Around the same time, AT&T and Comcast said that they had exchanged calls using the protocols.

Finally…?

There’s been a bumper crop of legislation introduced to fight the scourge of illegal robocalls. According to The Hill, there were three hearings held during the previous Congress, and 13 bills were passed to curtail illegal robocalls.

The politics-focused media outlet called the TRACED Act the most significant one so far. It’s got the backing of all 50 state attorneys general, 35 of whom told the FCC in October 2018 that they were pulling their hair out over the enormous problem and that it was beyond the scope of what their states’ law enforcement agencies could cope with.

In February 2019, FCC Chairman Ajit Pai reiterated his call for a robust caller ID authentication system to be implemented this year. Earlier this month, Pai announced a new FCC initiative to fight illegal robocalls that would assure carriers that they’re able to automatically register customers for call-blocking service. At this point, customers have to do it themselves.

The proposed rule will be taken up for a vote next month.

Yes, it is getting worse

It’s not our imaginations: the robocaller plague is indeed getting worse. According to a report from YouMail, a company that makes robocalling technology for cellphones, there were 48 billion robocalls placed in the US last year. That’s an increase of about 57% from the 2017 estimate. Scams are taking up an enormous share of that, be they health/health insurance scams, interest rate scams, student loans scams, easy-money scams, search listing scams, home-related scams, travel scams, tax scams, business-related scams, or warranty scams.

Will STIR/SHAKEN save us?

Don’t count on it. At least, the protocols won’t do it all by themselves. STIR/SHAKEN – short for Secure Telephone Identity Revisited and Signature-Based Handling of Asserted Information Using Tokens – is a pair of network protocols that use digital certificates to ensure that the calls aren’t coming from spoofed numbers.

It doesn’t actually block spoofed numbers, though. The protocol doesn’t identify bad actors. Rather, it enables carriers to authenticate calls, after which consumers will be able to tell if a number is likely to be a robocall, and it gives the FCC a head start in tracking down the callers.

Back in November, Pai slammed carriers for dragging their feet on implementing SHAKEN/STIR. Some of those carriers, however, have reservations about the protocols.

Sprint, for one, told the FCC in October that the protocols will be helpful in fighting illegal robocalls, but it’s not a “complete solution.” Nor is it cheap. From its letter to the FCC:

Sprint is also concerned about the costs of implementing the certificate management requirements of SHAKEN and encourages the Commission and industry to explore more cost-effective alternatives to the central repository process originally contemplated in the development of SHAKEN.

Carriers have also complained that SHAKEN doesn’t tell them anything about the content of a call or whether it’s legal. From Sprint’s letter:

It just authenticates origination of the call path and the Caller ID information of individual calls.

Nor will it be useful without universal adoption, Sprint wrote:

Without universal adoption of SHAKEN from originating carrier to completing carrier, call authentication will not be passed to the terminating carrier.

T-Mobile concurred, among other carriers.

Regardless, legislation marches on

Senator Thune said that he hopes the House will take up the TRACED Act soon:

It will make life a lot more difficult for scam artists and help ensure that more scammers face punishment for their crimes.

The House, however, is working on its own bill, the Stopping Bad Robocalls Act (HR 946), which was introduced by Rep. Frank Pallone Jr., the chairman of the Energy and Commerce Committee.

Exit mobile version