Skip to content
Naked Security Naked Security

Congress passes anti-robocall bill

A bill to punish robocallers has finished its passage through Congress and is expected to become law any day now.

A bill to punish robocallers has finished its passage through Congress and is expected to become law any day now.

US phones now get 200m robocalls each day, and lawmakers have had enough. They hope that the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act currently on its way to the President’s desk will put a stop to it.

The bill, introduced in the Senate on 16 January 2019, already passed a Senate vote in May before going to the House of Representatives, where it finally passed with amendments in early December. That sent it back to the Senate, which passed it with a final vote, meaning that once the President signs it, it will be law.

What will this Act do to stop robocallers from polluting US phones with timeshare offers, payday loan scams and other predatory messages? The headline is the $10,000 penalty per violation that the Federal Communications Commission (FCC) could impose on them. It would also force carriers to use a call authentication framework called Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENs (STIR/SHAKEN).

These two protocols use digital certificates to ensure that the number showing up on your phone really is the number calling you. Without that technology, it’s simple for scammers to pretend they’re calling from any number. This is a partial solution, though, as it only identifies legitimate callers, not scammers. Neither can it trace those bad actors when they do call.

To cope with the tracking problem, the Act does provide for a consortium of private companies that will focus on tracing robocalls back to their senders. The Commission can take action against voice carriers that don’t participate.

The law will also force the FCC to review its policies on how carriers sell lists of telephone numbers, examining registration and compliance obligations to avoid bad actors getting hold of number lists. It will also require the Commission to create a database of disconnected telephone numbers, to stop companies calling their new owners.

Alongside general nuisance robocallers, the law singles out some specific attacks and victims for special treatment. It explicitly calls upon the FCC to tackle one-ring scams, in which a bot calls long enough for the victim’s phone to ring just once. The curious victim then returns the call using the number that showed up on caller ID, incurring charges. The act also establishes a hospital robocall protection group to tackle the rising problem of robocalls that jam hospital lines.

The real question is whether the FCC will step up to the plate and use the law to tackle robocallers. It already imposes stiff penalties, sometimes reaching into the millions of dollars, but isn’t too keen on collecting them. A March 2019 Wall Street Journal investigation into the Commission’s follow-through on fines found that it had collected just $6,790 of the $208m in penalties that it imposed on robocallers since 2015.

12 Comments

I wish that this is true… I know that the Do Not Call list was a good idea but as this post stated the FCC was not doing it’s job. I will believe it when I don’t hear it (my phone ringing) although I will miss messing with the real people who call!!

Reply

People make a list. Of all robo calls and send them to proper channel u can also record them whit second device like me to present proof.

Reply

They passed laws against SPAM email and how did that do? i get more now than ever. if you dont go after the bad actors, laws are meaningless.

Reply

The best part about this is the STIR/SHAKEN protocols. The fines are pointless, given how many of these calls originate from offshore, but if scammers are no longer able to spoof numbers, well then that’s a huge victory in this battle.

Reply

Maybe, but SHAKEN/STIR has a real chance of giving people a chance at fighting robocalls on their own since it allows spoofed numbers to be quickly identified.

Reply

Robocallers are criminals and thieves. They are not calling to give anything of value. They call to take advantage and steal,especially from those who can least afford it. When will people wake up? If there was an organized effort by all of US (don’t expect the ineffective, flaccid, pathetic government to do it–the worthless National Do Not Call List just one example) if you do not recognize the number, if it originates from some weird place or is labeled UNKNOWN, DON’T ANSWER IT!! Every phone has a “Block caller”. Block the number IMMEDIALTELY!! And keep doing it EVERY TIME. The spineless robocallers will stop soon enough if it costs them millions to make calls to dead end numbers!!!

Reply

It’s not just hospitals that get spam calls. I’ve worked at a police department and a sheriff’s office (9-1-1 call center) and these agencies receive robocalls as well. As other readers have mentioned blocking numbers, unfortunately, the agencies don’t get that kind of leeway.

Reply

To really have guts, CallerID needs to be a standard service, not something offered by some carriers at $3.99 a month cost. Xfinity doesn’t even offer it, saying use apps that are using out of date lists.

Reply

@jim Wamsley, and everyone— if the FCC were to do its job, they would hire consultants (because they cannot think in tech terms) who can explain to them a very simple strategy :
The robocalls happen due to
1) the availability of a database of spoof phone numbers to masquerade their caller (unused)
This used to be ran by ATT, and I bet the newer rules wherein they cannot take control of available numbers allowed exploitation of those numbers. Congress and ATT were probably warning about this in the past way before the law changed.
2) the software manufacturers are a limited few – LogMyCall was one such service. They act as a valuable call logging service (IVR) for businesses but also employ a means of Ai for figuring out the beat times to mass solicit to specific marketing segments based on the analytics of the past For each zip-code And area/exchange combo.

You kill Robo calls if you both understand these above factors and rule accordingly. So for 1- put controls on the availability and sources for available and unused phone numbers, but do not punish ISP’s who need those numbers to offer VoIP services. But require how they maintain their access to these and prevent rogue partners and insecure sales databases from magically getting i to the wrong hands
2- please legal prison sentence terms on software houses that manipulate automated call soliciting. Close the businesses and make the officers and ownership pay huge consequences along the lines of mail fraud laws

Reply

What was ATT doing with a database to spoof it’s users? I imagine there is no one silver bullet that will solve this issue. Add to the fact that even when I block it, I get the voice mail??? At least on my S8, so blocking just postpones the issue. I now continually get calls from people wanting to buy my house :( Seems more of them than robo calls…
I suspect this can easily turn into another multilayer type issue when numbers and names change dynamically going into and out of ISP’s or other providers.

Reply

First they have to figure out how technology allows robo spam callers to call a phone number on the East coast using a phone number located anyplace in North America. This bill Trump signed sound good but not worth the value to the ink he used in his pen

Reply

This is the best Congress can do? There are way more important issues that they could be solving, but robocalls are what they focused on. Wake up America! Congress is supposed to represent what is best for their constituents, but they are focused on robocalls. Congress accomplished NOTHING in 2019, but instead were focused on a corrupt impeachment all year!

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!