No, this is a problem where the necessary resources used to punish white collar crime are not being allocated.
If there was a known Florida-based drug dealer that was bringing in $120,000,000 of drugs/year, there'd be dozens of cops working around the clock to bring him in.
A Florida-based robo-caller, fined $120,000,000, who isn't paying a penny? Nobody cares.
I understand lack of enforcement against some robocall firm incorporated on Mars, or somewhere else beyond the reach of law enforcement. I don't understand the lack of enforcement against ones based in the US. Jail them, take their homes and cars, put their kids up in foster care.
To be fair $120 million in drugs and $120 million in uncollected fines are apples and oranges. The drug money is financing murdering drug cartels that have brought Mexico to their knees. Robocalls are kind of not on the same level as funding human-trafficking, murderous cartels.
That's fine. We have a solution for people who don't have the full amount of a fine.
We take every penny that they do have.
Since the guy hasn't paid a cent, and is not living under a bridge, panhandling with a "Homeless veteran, please give me money for food" sign, I'm pretty sure that this is a problem with enforcement.
> You don’t need a lot of money to spam calls.
No, but you do get a lot of money from the people buying ad time from you.
I think the problem is that it's possible to spoof called ID. The fraud starts before you answer the phone.
Caller ID used to be an extra charge. The telcos needed it not to be mandatory. But now my land line is going away because it's become nothing but an annoyance. They could have prevented that but... but...
They would prefer not having to maintain their infrastructure as a utility for landlines. They would much prefer you just kept using your wireless phone where the margins are much higher.
Telcos are not incentivized to do much about this problem because they get paid by the scammers to complete their calls. As long as telcos continue to make money from these fraudulent calls, the problem will continue to exist.
I'm not even sure that raising the floor cost of making calls would help because scammers only have to swindle a single person out of thousands of dollars to offset the costs. :(
It depends on rate center - remember those free conference services - they often used rate centers which were rural so they had a higher termination charge, which meant that the service was profitable.
While I'm having trouble finding hard rates - with the big carriers, I know its not a ton of money now in any case - low enough that I dont think the financial incentive is a relevant course of action, it just subsidizes the trunking infrastructure needed to support the calls.
The technological and legislative infrastructure required to turn this into a market far exceeds what would be required for simpler anti-spam measures. It comes across as unhelpful and detached, like suggesting world peace as the solution to gang violence in your neighborhood.
There is nothing simpler, except that some very well-funded special interest groups never want to see this happen.
When I was on a limited plan, the amount of spam messages and calls were virtually zero because the limit would run up and be charged against the caller (internationally).
The month I switched to an unlimited, I started getting spammed.
Now much of the spam is domestic, but I fail to see how this is possibly unfeasible technically.
Why should we artificially charge law abiding people for making a call? Why not disallow call spoofing? Why should we allow telecom fraud, especially when there are obvious technical solutions?
And what well-funded SIGs are our to get your phone call tax plan?
I think the major fault with this reasoning is that the exact same solution has been proposed many times for e-mail, going back decades, and has never come even close to catching on. I think that applying a cost - whether time or money - to producing phone calls would fail for the same reasons. Namely, the significant difficulty in making significant changes to the telephone system (e.g. changing requirements to make a call, something which has almost never happened in the history of the phone system) and the lack of incentives for the telcos to do so, considering that they make termination fees off of these spam calls.
Yes, but these charges were all imposed by the telco for end users, and special arrangements for large customers have been the norm since the AT&T breakup. There is no facility to ensure that _all_ calls have paid a fee because many customers have, for decades, had arrangements to make calls with no fee required, and in general there has been no reason for a telco to have a mechanism to monitor another telco's billing practices.
In other words: yes, and many people also paid for their email accounts for some years. Yet here we are...
I agree with your basic point: that this is a problem that's enabled by low-cost telecoms. We already saw that movie, in the 1990s, in Usenet and Email spam. And we know how it ends. Spoilers: everyone dies.
The problem with your proposed solution is that you're going to have an awfully hard time rebottling that genie. We've got low-cost comms. And within the triple entente of costs, infrastructure, and network effects, you're going to see those re-emerge, whether on the PSTN old-school phone network (inclusive of mobile and VOIP), or on some replacement.
Infrastructure, because you're talking about billions of subscribers. Even a limited network is tens to hundreds of millions. (Numbers for online community services are similar.)
Costs, because users will migrate to the low-cost solution, all else being equal. If regulation requires a cost floor on one network, you'll see migrations elsewhere, and legislation and regulation virtually always lag.
Network effects, because an effective and attractive network is either extraordinarily selective (The Harvard Face Book), or universal (Facebook). Much of the actual systemic value comes not from what the vendor or service provider, er, provides, but from what the users bring to the network. And a large network makes up for a lot of crud in other areas.
(Corollary: the replacement service is almost certain to emerge within some elite niche, and then spread out, as did writing, literacy, publishing, telephony, the Internet, mobile phones, smartphones, and social networking.)
(Corollary: alternatives which start out with the spammers and marketers already on-board and running rampant will likely fail to make the cut.)
Increasing costs across the board won't work.
Oh, and you've got a whole mass of vested interests propping up the current system. I've already linked Bernhard J. Stern's "Resistances to the Adoption of Technological Innovations", but the logic expressed there largely applies, and the paper itself includes several comms-based examples.
Increasing costs for malfeasance, most especially at the service provider level, probably through some charge-back or penalty scheme, with (excellent suggestion from, er, you, by the way: https://news.ycombinator.com/item?id=21494014) a bounty available to third parties, could well be part of that.
A basic outline which you'll also find widely repeated through history.
Markets caused this problem through externalities, informational asymmetries, vested power relationships, sunk costs, network effects, and perverse incentives. You're not going to solve the problem by marketing it harder.
I did mean Christian Slater. Although after being blown away by Bacon's performance in White Water Summer I can't help but wonder how much darker Pump Up the Volume would be with Bacon cast as the lead.
I love listening to people speak that are just learning English and don’t have all of the idiosyncrasies/ vernacular down. Little things like saying ‘today morning’ instead of ‘this morning’, gives you a glimpse of a simpler, more logical version of the language.
EDIT: After doing some web searches, it seems that this myth, just like robocalls, is also a uniquely U.S. phenomenon, possibly caused by the fact that U.S. geography causes many (possibly most) U.S. rivers to run southwards, even though contrary examples (even within the U.S.) are legion.
In vernacular speech, "have" is just contracted left and right; I can actually remember when I realized "'ve" was different from "of", and it wasn't "should of, could of, would of" but "should've, could've, would've".
"That better've not been my cupcake you ate."
"Do you think you should maybe've put your name on it?"
In dialup, you (or your modem) would dial a POP server, or point-of-presence. That was a modem bank on one side, and Internet backbone link on the other, generally as a local call. The website was reached via the POP, but you could reach any website anywhere on the public Internet without having to dial up each individually.
More specifically, PSTN is a public, switched, telecommunications network, in which each communication occurs over a direct, and until recently physical, circuit.
The "switches" refer to how those circuits are set up and broken down. By contrast the Internet is packet routed; each data packet is routed across the network by the best available route. Users don't have dedicated circuits (though there are dedicated addresses), but rather data from multiple communications is commingled on common transmission channels.
There were BBSes which you'd call directly (the job board DICE ws initially a BBS), but BBS != website. Similar in ways to today's SPAs though.
That's impressive how POP servers communicated across the Internet backbone considering some websites were long distance. I get to read about Erlang now. Carrier-grade NAT in regards to ip addresses reminds me of my grandparents had a shared phone-line for their neighborhood. It's funny you mentioned BBS, I think that's what I was initially unclear about. That answers many of my questions, ty for the time.
There needs to be postage imposed on connecting calls between systems, payable to the person called, and potentially refundable upon lack of complaint for being unsolicited.
This could work for email spam, as well.
Bonus if people get to set their own postage rates.
Well there was a guy in the UK who set up a premium number after getting sick of cold sales calls. All companies get his 10p/minute number as contact (he gets 7p of that). Only friends and family get the real underlying number.
There are few available phone numbers which aren't already on numerous telemarketing / robospam systems. Exhaustive wardialing is highly tractable.
I've had numerous recent mobile and/or office numbers beseiged by dunning and marketing calls, apparently aimed at earlier holders (if even targeted at all).
It's called a termination fee, and it already exists. Alas, it's payable to the receiving operator, not the receiving person - meaning that your telco actually makes money on every single spam call you get. Talk about perverse incentives!
What I'm describing would need to be large enough to be a deterrent, in regards to being truthful or not (or solicited vs unsolicited). That's why I like the idea of something pre-paid but refundable.
There might also be something of value in only refunding the fee to the CNAM entity, which would at least offer some incentive to not lie about being associated.
One dollar being one vote is a cliché that refers to the wealthy having the most say in governance, not that US elections are literally the process of counting the individual candidates donations and declaring the candidate that got the most the winner. Also, stop playing the victim.
Tyre didn't provide data, and neither did you. The 2016 election was complex, especially due to the foreign influence, campaign hacking, fraudulent spending, and free coverage from media. The fact that both the president's campaign manager and his personal lawyer (also RNC finance chair) are currently in prison points to there not being clear visibility into his campaign spending to this day.
This doesn't refute the fact that wealth correlates with influence in U.S. politics, in fact, you could even say that a billionaire winning an election supports it.
Also, why did you create an account for just this comment?
Even more complex as the Clinton campaign colluded with the media to deliberately elevate Trump as part of their "pied piper strategy" to promote candidates they perceived as easy-to-beat.
Hillary Clinton is currently not the president, and those surrounding her campaign are not currently in prison for fraud. Please stop deflecting to conspiracies that are not relevant.
Did you read the linked document? It is an internal document from HRC's campaign.
If you're analyzing why Trump won, knowing that her campaign intentionally elevated his campaign is certainly relevant.
I hope our country can take off the hyperpartisan tribalist blinders and address the reality of why Trump won so we don't end up with another 4 years of him.
When its plastered all over TV. We just had elections days ago - obviously turnout is even worse than year than last where the national average was 50%. But nobody was voting emotionally there because largely you weren't voting for people or even positions you knew or recognized. You voted for the names you were familiar with - put in your head by advertising. Because there isn't a large central institution around your county commissioner election where media will give all candidates ample airtime to actually know who they are.
I remember last year my district had a major election for the federal house - I live in PA and due to redistricting by the state supereme court we were having an election without an incumbent. Only 3,000-25,000 people in a district of 250,000 adults watched their public TV debate. The winner was just the guy that outspent his opponent by an order of magnitude via local companies subsidizing his campaign with 10 million bucks.
As someone with a heavy background, it would break a fair bit of the PSTN - while moves are in place to change the technical limitations of the PSTN that prevent this kind of verification, they're not complete yet, and will take several more years to implement fully.
Any chance you can explain what the PSTN is and why it is important? I tried reading the wikipedia article[1] but I still feel like I don't have enough telecom domain knowledge to understand it.
I already see support and customer service offered through WhatsApp or emphasizing chat/email. The switch doesn't have to be frictionless, it just has to be less painful than spam. It doesn't need to happen all at once, either. We're already seeing early adopters walk away from PSTN, so unless they can fix the spam situation before the alternatives hit an inflection point, PSTN is doomed.
I'm sure it will live on in many places that aren't concerned with customer satisfaction, though.
Let's give Facebook full control over worlds communication? And allow them to cut people off from communicating with anyone? I don't think it's great idea.
Yes, there are downsides to federation, but I would argue spam is not inherent to federated communication.
There are many ideas to stop spam like proof of work.
Main reason for spam in email and PSTN is legacy protocols, which were created long time ago and cannot be significantly improved without breaking compatibility.
One can also use voice recognition to send texts if talking is more appealing as an input method.
I previously thought of this as something old people do because they can't type on a phone, but I tried it, and it does provide a more rapid, conversational way of creating text.
Okay, so the PSTN has two things in it, ANI and Caller ID - and they're not related, the ANI will reflect the actual account that the call comes from (Often its passing the BTN (billing telephone number)), and the Caller ID is either a Telco set, or user set number string (ISDN NI-1 for example you can't send a CID string, NI-2 you can, SIP you also can).
Now, most calls, the BTN/ANI and CID are the same number string, but when you start looking at call center operations, calls from PBX's, anything with backup trunking arrangements - that gets less and less true. Another wrinkle in this whole mess, is that with LNP (local number portability) you can have a number that on paper is owned by carrier Y (by assignment) but has actually been ported to carrier X (there is a database however that carries this information).
The issue as it comes down, is there is no central database to show that Caller ID string X is valid for trunk/line Y, for the most part customers were trusted to not be malicious and follow the rules. Once we got into a world where a SIP trunk could be had for free, and usage was a minor incremental charge, that whole system broke down.
The good news in all of this is that the FCC has mandated a move to authenticated CID (https://www.fcc.gov/call-authentication), but much of the equipment in play here is decades old, and will take time to be upgraded - but it's happening and happening pretty quickly for an industry that normally moves at a near glacial pace.
I think your estimates are highly optimistic, by perhaps upwards of an order of magnitude. I expect the telephone number to be replaced by something else, but the concept itself won't go away.
Don't forget the PSTN, includes cell phones, SMS/MMS, and the entirety of the 911/999/112 systems too. It's not just a POTS line hooked up to a 2500 set anymore.
My sense is that once critical users/subscribers move elsewhere, the decline will come rapidly.
By "dead", I don't mean PSTN won't exist at all. But its status will be like Usenet or IRC: a system which technically still functions, but is a wasteland of deserted spaces and/or spammers and scammers, while the hub of discussion and commerce is found elsewhere.
There's a tremendous foment of alternative systems, though it's not clear if any one of these will emerge ascendant. It's quite possible that you'll see splits among major usage bases, particularly in business/commerce and/or personal messaging. The usurpation of direct realtime voice comms by texting for many (though certainly not all) uses is also a part of this.
A key point to remember is that once a large network with network effects enters into a death spiral -- positive feedback loop of decreasing value and increasing costs -- the end comes surprisingly quickly. And in both news and conversations I'm having with any number of people and organisations, dissatisfaction with the existing phone system is rampant.
The fact that what most people consider as "phones" are actually relatively general purpose computing, information, and comms devices, on which any arbitrary protocol can be layered, may actually be the kiss of death for PSTN. You won't need to buy a new device, only install a new app (or use the one that's been pushed to your device by the vendor).
For home and office users, the final merger of comms to the desktop (or laptop) system is likely to occur. Some mechanism for patching existing infrastructure to the new system(s) may work for older / hard-wired legacy installations.
What the replacement system offers, its specific capabilities, and how directories are handled, remain interesting questions. There should be both past examples of similar transitions (telegraph and TELEX to voice and computer messaging, particularly) which offer clues. We're probably staring at most of the pieces if not the complete system presently.
When you can't rely on the fact of any arbitrary business, organisation, and/or person having PSTN service through which they can reach you or you them, the end will be well in sight.
Even that wouldn't be necessary. Here's an idea – when receiving a call, the receiving network could separately connect to the claimed number and verify its authenticity. No match? Reject the caller. The owner of a number (and thus its cryptographic identity) could then delegate other agents to use its keys, its phone number, and most importantly, its reputation. Cryptography has come a long way since the days of rotary phones. The entire handshake could happen in under a second. The majority of calls these days are VoIP anyway. In fact, maybe we only implement this for VoIP and finally force the world to upgrade.
I remember the days before HTTPS was widespread. I watched as Google and other players systematically adjusted incentives, slowly but surely over many years, to reach where we are today: 90% of all web traffic is encrypted.[1] There's no reason the same couldn't happen with phone calls, other than perverse incentives.
Someone get me in a room with Ajit Pai and the CTOs of the major US carriers, I could have a system in place in five years, tops. Unfortunately there's no incentive for them to fix this, because (1) upgrading infrastructure costs money, and (2) carriers large and small are making BANK off these robocalls. ITSPs do typically charge to route calls (similar to internet peering), and robocallers are happy to pay because they're making so much money.
Thanks for the link! It looks like it's on track to be implemented this year. I must admit I am _very_ pleasantly surprised to see a project of this scale on track to be completed in under two years (knock on wood). For everyone's sake, I hope it works as advertised!
I enabled the Silence Unknown Callers feature [0] in iOS and haven’t answered a spam call since. The downside is that it sends every call from unknown numbers to voicemail, including legitimate ones. It’s a worthwhile trade-off.
I tried it, and within a week I missed an important call. I was waiting by the phone, and it just never arrived. I realized too late that it had been silenced. It's very frustrating that we can't just get something like a spam filter, rather than a blanket "silence everything unknown."
T-Mobile does spam filtering; not sure about other carriers. The default configuration (or at least I think it is, because I don't remember changing it) is to tag the calls by setting the Caller-ID to the name "Scam Likely". You can then configure your phone to respond differently to calls from that ID (e.g. disable ringer). Alternately, if you trust their filtering enough, you can have those calls blocked so they don't ring through to the phone at all. I think it's been working fairly well for me, but I also rarely get legitimate calls from anyone other than a handful of friends/family who are in my contacts list, so I can't be too sure of the false-positive rate.
Unfortunately when I use our conference system’s “call my phone” feature it almost always shows the number as “scam likely”. So I guess the scammers are using the same block of numbers as the conference system.
Try Nomorobo - took robocalls down by at least 90% for me,
and I gladly pay ~$20US / year to not have flow interrupts.
Works on iOS, free for VOIP numbers.
Yeah part of the problem is there are tons of legitimate businesses out there that will do important things only over the phone, from obviously an unknown number, where if you miss the call it becomes a big hassle to get back in touch with them. Happens with banks and other financial institutions, doctors offices, deliveries and all kinds of other services.
It would kind of solve the problem if a norm emerged that these types of companies first send a confirmation email with the phone number they'll be calling from so you can add it to your caller id. But it's a lot of extra work for people and I think it's probably asking too much of the average non technical user.
Even better, why couldn't we have something like SSL certificates or DKIM for phone calls? People for the most part understand the lock icon and a verified flag in a user interface. Then a call could be signed to know that it's coming from a particular entity.
It seems like some other countries have solved this problem by moving away from regular sms and phone calls and instead letting a private company own all communication, like WeChat in China. Which obviously is quite problematic in other ways, but honestly at this point that would be an improvement in my opinion, if businesses started only contacting me through Facebook Messenger or Whatsapp so I could see who every message is associated with.
I agree there’s a business here, but will walled gardens let the solution work optimally? Apple locks down their phone and messaging apis so that nobody can use them.
Basically: selling the ability for a company to make phone calls from numerous systems all of which appear to originate at a single, designated, known, and generally callee-approved, number.
Needn't be a walled garden.
Though migrations from PSTN to various alternatives is also fairly likely. Much of the present "social media" / apps space is actually probably a jostling for supremacy / positioning in this regard.
I was working on a system like this years ago. I called it choicelist, and submitted a paper to the FTC spam forum.
It was a user configurable white list solution in which an entity can specify all the ways they may contact you (numbers, addresses, and optionally signing or encryption public keys), and you can white list the organization as a whole.
Messages purporting to come from one of these organizations that fails the self specified check can be safely ignored.
At the time, blockchains didn't exist, and the missing piece of the puzzle was a distributed database not controlled by any central organization.
I updated to the beta specifically for this feature. But, like anything else like this, was worried missing important calls. I get a notification immediately about a missed call (which I'll probably soon try and turn off), I'm a lot more aggressive about adding businesses to my address book (someone else said they whitelist phone numbers you've made calls to even if they're not in your address book), and I kind of expect important calls to leave a voicemail.
Same. Honestly, I really like this as a permanent solution. I think what we need now is a plug-in that has a strict “safe list” as opposed to the way it was being treated before with block lists.
The only calls I worry about not getting are legitimate callers from callers who aren’t allowed to leave VMs.
The majority of spam calls come from the same area code as my phone number, but its not the area code that I live in. I'd love this feature to be area code specific - it would give the granularity I need to block spam but allow for unknown numbers from where I now live.
I use this too, and it's worth the trade off for me too.
I just wish that apps or services that might call you (Uber, your cell carrier etc) could/would use the iOS call identification API to allow known calls through.
I'm excited to see improvements and results to the Google Assistant's on-device call screening. It's a step up from voicemail but I'm not sure how willing people will be to participate. For example, someone calling from a doctor's office might only be able to speak to a specific person. For privacy reasons, they call from blocked number and won't specify who they are until they've at least asked that they're speaking with the right person.
Same here, I was so happy when I saw that they added that setting. It doesn't send unknown numbers to voicemail if you've called them in the past. It's a pretty good heuristic. It solved the problem for me. If some doctor's office really needs to reach me and I have never called them first, I guess they can leave a voicemail.
I signed up with a SIP provider, Anveo, and set up an incoming call flow that’s very close to what Google Voice does - with one change, that being incoming callers who are unknown must press any key to be connected. Robocallers will never do this, humans will, so I’ve got a 100% reject rate on robots.
Sssssorta. The cool thing is you need no familiarity with the SIP protocol.
What you'd do is port your cell number to the provider, get a new cell number, and then set up a call flow that answers the number, eventually forwarding to your real phone after the caller has a chance to record their name and hit a key.
That is an option - the other thing you can do is get a Softphone app on your phone and log into the service with it. They work with text messages as well.
That is the one downside of this is now having two numbers to deal with. I was getting so many garbage calls though, the trade off has been worth it.
Yes, but once you've got this "call screening" set up on your formerly primary phone number, you can safely set your phone to discard all calls from people not on your contacts list.
This introduces two ways of working with the service - either you set the service to show "your" phone number as the calling party, and then listen to the name when picking up, or you ignore this and use the softphone app for all calls.
No one worthwhile even calls me that is not in my contacts. If I have a new friend, I text them, we add as contacts, boom that person will always be a contact. For business related calls, I'm always fine with those going to Voicemail and responding when convenient.
I highly doubt Twilio knowingly allows this to happen. Furthermore, if anyone linked their card with Twilio, it would not have been hard to track down who is doing this and freeze their assets (from a fed agency perspective) or at least block their account (from Twilio's mod team perspective).
I've been a Twilio customer for a long time. They don't allow you to spoof caller ID. You can only set outgoing caller ID to a real number that you own or have access to.
How does not allowing spoofing caller ID help defeat robocallers.
People use twilio to robocall individuals from their same area code. No “spoofing” caller ID is needed. Twilio makes is stupid simple for robocallers and I can speak with authority on this matter hence why this is a throwaway account.
Does anyone familiar with the law know why these fines couldn't be converted to tax liens or some other legal device that could be used to go after the offenders?
Then the IRS could garnish wages or prevent loans to the businesses until the liens are paid, or do all kinds of things to throw a wrench in their plans and make robocalls too much of a hassle to be lucrative.
I'd assume they're mostly fines against foreign or shell companies. What's effectively a shell company is set up to forward calls, then goes out of business when caught.
I see people here saying that spoofed numbers is the problem. Maybe it's a big part of it, but at the end of the day, the phone companies are complicit with the criminals because there's no good reason that these robocalls can't be treated like a DoS attack.
These crooks make millions, of calls every year. My first employer was apparently making robocalls, though none of us were aware of it(there was a call center with actual human beings), and they were cracked down on by the FTC a few years ago.
The way I see it, there's no good technological reason why a system couldn't detect millions of calls coming from one place, compare that with the number of complaints and number-spoofs, and trigger an investigation. The dinosaur phone system needs to either go extinct or be reformed, and the telecom companies don't give a fuck. Every time I've asked either T-mobile or AT&T to block the relentless robocalls, they tell me to install some 3rd party Android app that fails to effectively block calls.
This doesn't appear to be universal then, because I've been told by Telcos in the UK and France that they will not block calls even when the presented number is impossible.
It was made clear that any call that was made to one of my numbers would be delivered irrespective of any faulty components visible to me in the SIP header.
e.g. the CRTC has policy 2018-484, Implementation of universal network-level blocking of calls with blatantly illegitimate caller identification: https://crtc.gc.ca/eng/archive/2018/2018-484.htm
CRTC gave telcos twelve months to implement, and it seems to have largely been implemented within that time frame.
If I need a phone number (and a phone), I go to T-Mobile, sign up with my credit card and get a phone number. Whoever is giving me this phone number, I think, should be held responsible if I'm doing stupid calls.
The companies issuing the ability to robo-callers to do their work are enabling robo-callers to do their work (scams).
Last time I tried to trace down a call, I stopped at a company called OnVoy and got distracted with other issues...
If I need a phone number (and a phone), I go to T-Mobile, sign up with my credit card and get a phone number. Whoever is giving me this phone number, I think, should be held responsible if I'm doing stupid calls.
Not a good idea. I get where you’re coming from, but we don’t hold ISPs accountable for people using the internet badly. That would be a change for the worse.
Imagine if Comcast had to terminate your service due to something someone posted while using your wifi.
I think corporations should not be treated as people. No carrier should be able to block me if I’m being an asshole, but they definitely should if I’m a corporation and harassing their customers for a living.
The question isn't "can this be done?" It is: can this be done, fairly, effectively, reasonably, and with appropriate safeguards?
The fundamental principle of regulation is that it applies methods and actions which can be harmful if misused. The key is to ensure they're not misused. Not to ban the concept of regulation entirely.
I'd be happy with at least providing the actual source name and number, in addition to the CNAM. CNAM must still be associated with the same source account (and ideally enforced, somehow).
The middle (ntt, gtt, tata, etc) of the internet doesn't know what is or isn't spoofed. The folks at the edge own that responsibility and most colo/hosting shops allow their customers to spoof. Their upstreams are powerless against them since they'll take their money elsewhere.
Not talking about peering. Talking about transit-customer relationships. Think large hosting shops who say they can't afford to do uRPF on their customers because they've got so many multihomed users and the IP address space is fluid. Or smaller regional networks selling low cost transit. Some folks just have arbitrary limits (you must have x asns behind you for us to remove urpf)
Yeah, one would think that a national phone carrier would only send through properly sourced data. But I can tell you from experience that no, they let through garbage. I regularly see "phone numbers" like "11111111111111" or "0000000000" or even "01120155512121234". They act like they're the phone company and don't have to care ...
It’s possible, but telcos won’t do anything without a regulation, and because a few politically influential companies in tiny states make a lot of money, that won’t happen.
I don't know how Google Voice did it, but I rarely if ever got a robocall when I had Google Voice. After leaving Sprint (and losing Google Voice after years of having it) I get them all the time. T-Mobile catches a few here and there, but I get so many damn spam calls. I just have my phone on mute.
GV's block of phone numbers is probably considered low-value targets. Scammers get more value by talking to customers from big telcos. It's the whole "you don't have to outrun the bear, just your friend" kind of thing.
I'd say I get an equal number of robo-calls to my cell phone number, and my Google Voice number which forwards to it. Might have something to do with the area code.
That's changed- I get calls all the time on my GV number. I think the initial "success" might have been due to the number blocks being previously flagged as unused. Especially when the minimum block size was still 10,000.
The lack of political will and the form of legislation are the questions.
If the rule is that telcos must eat the cost of a scam, they will drag it out in court and the consumer must still prove it.
If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.
At some point they may even come to a consensus and protocol that protects the customer.
I prefer this option.
There may be other options. Just don’t put the burden on the individual customer.
Edit: Even better, allow bounties so that lawyers can start hunting for robocalls that went through.
Set up a government department with a dozen people and a thousand phone lines distributed around the country and with different telcos. Record every call received. Fine telco $100k for every robocall. Increase fines steeply over time.
Way too complicated. Much easier would be to get a warrant for a trap and trace on the line known to be receiving these calls. Then disconnect the robocall lines.
> If the rule is that telcos must eat the cost of a scam, they will drag it out in court and the consumer must still prove it.
> If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.
I don't necessarily see these as guaranteed outcomes. You don't see this kind of behavior for banks, which are generally the ones liable for credit card fraud.
These new telco blockers only work on VOIP lines, not copper-wire POTS phones. The service is not even available for POTS, it's only the major telcos creating a /r/selfhosted RoboKiller who make it available for the kinds of phone lines that go down in a power outage..
(US) Politicians already gave themselves a loophole into unlimited unsolicited spam. So cleaning up other spammers would strengthen the quality of their spam channel, as consumers would be less jaded/more likely to pick up.
Yes. If the content of the message is "political speech" it is exempted from CAN-SPAM (which also covers cell phone calls) as an extension of first ammendment rights, regardless of who is doing the speaking.
No, you are absolutely wrong. CAN-SPAM law for email is under the FTC's regulation and does nothing to restrict the ability of marketers to send initial unsolicited mailings. This isn't a first amendment question of exemption, the FTC is not authorized by statute to regulate noncommercial activity like a political campaign.
TCPA regulations for cellphone marketing are under the auspices of the FCC. You cannot send unsolicited commercial SMS and calls legally (there are some exemptions for pollsters and nonprofits). TCPA law also applies to political campaigns: https://www.fcc.gov/political-campaign-robocalls-robotexts
My non-tech savvy 82yo father has made a similar point to me: all these garbage phone calls that I get every day make me not trust ANY phone call that I receive. You'd think this would upset legitimate businesses that need to make calls.
Business would be a bit better if there weren’t robocalls. But free-rider/coordination challenges make it difficult for the diffuse category of all businesses to group together and fight it.
AFAIK they're not a problem here in Australia either, and the language here could (charitably) be called English. I've never received one of these calls.
Aussie here, I get the odd one on mobile, but get a couple a week on my land line numbers.
Land line numbers are also registered with Do Not Call, but doesn't make any difference.
Answer the call and there will be either:
1) a few second pause and then a person will drop in with the call centre voice noise in the background.
2) a few second pause and if there is no sound (you saying "hello") it will hang up.
Those are usually from international call centres. In terms of locally based ones, got a couple during the election with a recorded voice saying "this is an important message from XYZ politician".
Unwanted calls are an issue in France as well afaik. Not necessarily robocalls but the fact that there isn't a way to opt out from advertising calls (in contrast to Germany's Robinson-Liste) is very annoying.
The word "uniformly" is key here, and why many generalizations fail, as well as being unfair and offensive.
I'd also doubt assumptions such as people are equally likely to report, it's equally easy to report, counting is done the same way, etc., so I don't think your response is sufficient to characterize the average.
I'm in the UK. I get about 2-3 a week on the landline, 1-2 a week on the mobile. 30% "This is Microsoft/your ISP, your computer is hacked", 30% "You were involved in an accident that wasn't your fault", 10% oven cleaning services.
I suspect that English speaking scammer call centres are a reason for this.
To do that they’d have to turn the open system into a walled garden. They’d simply stop taking incoming calls from networks they didn’t trust. This would be exactly the same as saying ‘email providers can easily solve the spam problem, they should just adopt the Facebook Messenger model’.
Architecturally there's no binding between phone number and subscriber identity except at the very edge of the network, for the very smallest retail customers. There is a design to federate this binding throughout the ecosystem using a PKI called STIR/SHAKEN [0], but it's absolutely a hard technical problem to get that rolled out 100% without breaking things.
Isn't modern phone infrastructure all over IP for the backbone, anyway? I was under the impression that it was only the line to the house that was analog.
The short version is the ani/ALI is totally traceable, they don't want to be on the hook for it, and the FTC/FCC don't try very hard at all to deal with the problem.
This is exactly correct. The phone companies could charge $9/minute to any call originator who wasn't showing the actual number on the call, and this activity would stop. Conversely, the FCC could make any telco that carries a robo call 50% liable for any fines associated with that robo call. That too would stop this crap in its tracks.
"The phone companies could charge $9/minute to any call originator who wasn't showing the actual number on the call"
How could this work in the current environment, given that:
- termination rates (the rates paid to the recipient's phone company for delivering the call) are regulated, and can't be set arbitrarily high
- phone companies have no way to check whether the outbound caller ID I present is also a valid inbound number for me
- even if they did, it's cheap to get a number in every area code (maybe $1/month/number) and cheap (1 cent per minute) to have calls to that number to delivered to me via VoIP (so I can rightly claim that the outbound caller ID matches my 'actual number')
If you could enforce that the outbound caller ID matched a valid inbound number, that would solve a lot of problems. (1) if a number is used for spam a lot it’s gonna get blocked; rotating through a bunch of numbers per area code does get somewhat more expensive over time (and they could probably enforce a fee for connecting/transferring a number). (2) it solves the problem where regular people get accused of spamming because they were spoofed, (3) it solves the problem of fake law enforcement or government agencies “calling” you from legit LE phone numbers.
Sure, spammers could still get tons of numbers, but straight up spoofing would vanish, and that’s a big enough win.
> because there's no good reason that these robocalls can't be treated like a DoS attack
The problem here is that the origin can be spoofed.
You are imagining a system where a telco like T-Mobile connects the caller directly to you. That's not how it works. The connection chain could look like this.
bad caller 111-1111 -> A -> B -> C -> T-Mobile -> you 999-9999
All T-Mobile knows is that 111-1111 is calling 999-9999 and that the call was routed from C, it does not know about A, B, or the true identity of the bad caller.
That's also why spoofed attacks are also a problem on the Internet. These systems were not made with spoofing in mind, and it will cost a lot of money to get these companies to switch over to a new system seamlessly that can detect spoofing.
I agree completely. I work for a small ISP and we sometimes do the same thing for significant bad actors abusing our network. A phone call to the NOC of the ISP hosting the abuser or the NOC of their upstream transit providers usually gets the ball rolling pretty quickly.
That approach is obviously not very effective in a DDoS scenario, but as I understand it these robocalls typically originate from a handful of different VoIP termination services -- as opposed to tens of thousands of hosts in a DDoS scenario.
I think this a great challenge to propose to the HN crowd. Who wouldn’t pay for a system that truly eliminates the annoyance of spam calls? What about a private network that people could subscribe to that uses a decentralized social credit system? Or one that uses a monitoring gateway to track the number of calls originating from a number (either internal or external to the subscriber group), and treats mass callers with extreme prejudice. A blacklist of known spammers could be applied first as a default (rather than as an add-on app). If you wanted to get really creative, you could give subscribers the tools to add numbers to their own black list far more easily than they now can, and maybe even block whole geographic regions.
How does T-Mobile know there's a problem worth calling the C NOC about? One way is to see the frequency and duration of calls. Lots of very short calls indicate spammy behavior. So if you are B, you offer SIP trunking at below cost to legitimate customers, so that you can mix their call flow with the much more lucrative, 100% robocall traffic from A, and thereby stay on favorable terms with C.
I worked in this business briefly, the economics are fascinating. Your average mom and pop restaurant is very likely buying its VoIP transit from an entity like "B" in this story.
> How does T-Mobile know there's a problem worth calling the C NOC about? One way is to see the frequency and duration of calls.
Or make it easier for consumers to report spam calls. For example, dial *666 after hanging up on the spammer and it reports the last call as spam. Enough abuse reports originating from a particular carrier and T-Mobile knows there's a problem. That's basically how it works for email spam and other forms of Internet abuse.
I would pay to have a "AT&T Certified" icon on incoming phone calls. Maybe the carriers can set up peering agreements and both AT&T and Verizon work. The vast majority of people I care about are on those carriers and I can forget about the rest.
It's very hard to reform the whole system, but you have to start somewhere and this could be how.
That is a really great idea. Every time this comes up it boils down to "phones are old and complicated, and there are a billion unique telcos". Great. But if I only do legit business over 3 of them, why not indicate if I am leaving the "trusted zone"?
> I would pay to have a "AT&T Certified" icon on incoming phone calls.
Call verification is already here and rolling out progressively. System is called STIR/SHAKEN. iOS supports it as of 13.something. The UX is terrible though, all you see is a checkmark after the caller in the call log. Android might have a better situation on some phones, this system is carrier dependent. More about it here: https://www.fcc.gov/call-authentication
There are scenarios where it doesn't work. Calls routed through Google Voice to my T-Mobile line will never show this checkmark. Also, not showing it onscreen for unknown incoming calls defeats the purpose, really not sure what Apple was thinking.
I wonder if Twilio will support that. I route my GV to Twilio and then to T-Mobile to run custom logic on incoming phone calls (like filtering out all incoming calls that match the first 6 numbers of my number). Would be nice to passthrough verification.
If T-Mobile doesn't know who is really the originator, how the cost of call gets attributed? Wouldn't this mean I can just use their network without paying them as no one know how to identify me?
What's wrong with relying on your terminal device to decide whether to ring the call? That's the definition of a smartphone. In fact, Android has native spam blocking:
https://www.forbes.com/sites/brookecrothers/2018/12/30/in-20...
but it's quite reasonable for you to install whatever filtering app you choose.
If you don't feel safe installing software on your phone, that's a problem with your phone OS.
Hiding the originating number/account is the entire profit center for the LECs. My impression is that they're not going to give it up without legislation.
The problem is enforcement. Sorry, technological solutions are not workable - there's always going to be a way to get through because there's nearly no risk of enforcement, which is where the work should concentrate. The thing is that the only reason why robocalls work is because there's a nexus before the phantom callers and real businesses buying those services and those businesses have records because they are paying money. So start chasing those records using existing playbook:
Hire law firms that specialize in collecting fines. They will go through reams of paperwork and paper trails and eventually have a sheriff show up at a Thanksgiving dinner of a whoever owns the companies, after their corporate shields will be pierced, taking away chairs, pans, fridge and a turkey fryer.
When that starts happening robocalls will very quickly.
I have a question, why are robocalls such a problem in the U.S.A.? As far as I know, they aren’t in Germany (or if they are, not on that level, I never got one).
It wasn't too much of a problem, but it has escalated quickly in the last couple of years, especially with people figuring out how to change or spoof CNAM data, which is what shows up on caller ID. For a while, they'd use numbers only a couple of digits off from yours, or have a set pattern (like add 4 to each of your last 3 digits). Now people don't answer local calls, so they've moved on to neighboring area codes.
I assume that some sort of software has hit the market automating the process, but I don't know.
I looked at Wikipedia, and we have "CLIP" (Calling Line Identification Presentation) and "CLIP no screening" (essentially spoofed numbers). Spoofing a number that you don’t own the rights for is a crime.
So it looks like we have spoofing but only in a sane way, is the other kind of spoofing legal in the US? Or is there some other underlying problem?
No, there's an increase in not-spoofed (afaik) calls too. Plus some of the callers have figured out different tricks, like multiple brief calls to bypass do-not-disturb settings, or as an attempt to get the person to call back the caller ID number.
For me, at least, the calls also seem to be highly clustered, whether spoofed or not, for whatever reason.
As far as I know, spoofing is left to phone company policy, which says it needs to be an associated number, like the same company or same address. I think part of the problem is they don't have a way to actually verify this for out of system calls. And technology has made setting up spam lines on small remote systems feasable.
This is speculation, but I suspect it would be considered criminal fraud if it's done as part of a bigger crime. I don't think it's a crime in-and-of itself, but other than that, idk.
There are a lot of people living outside the USA who can speak English. Both legitimate and fraudulent English-language call centers are easier to set up internationally than German-language call centers. The robo part of the call can obviously be automated from anywhere but there are actual humans pretending to be from "Apple Support" when a target responds.
That raises another question: are other Anglosphere countries flooded by scam calls like the USA?
So it’s possible to show a local number when the call is arriving from another part of the world? That seems strange or rather insane, but would explain how the problem happens ;)
Sometimes they show up spoofed to a local area code. Sometimes they show up as from the 800 area code, which is not specific to any geographical region in the United States and is also used by legitimate call centers. My bank's customer service number is an 800 number, for example.
I don't know if easily spoofable phone numbers are unique to the US. But even if they are not, international scam-calling operations are going to predominantly target English speakers since English offers lower language-understanding barriers and a lot of high income potential victims.
Hm, guess that would be the pro/con with us not being able to easily set up virtual numbers here. But otoh I wonder why the UK doesn’t seem to suffer in the same way. Same lack of easy virtual numbers?
I might be mistaken but are not mobile numbers in the UK in their special area code/exchange so calling them costs extra? Calling landlines does not seem to be profitable anymore (my home landline gets almost 0 calls now, my work phone gets maybe 3-4 calls a week) so the scammers only want to call mobile numbers and in the US it's not different from calling a landline while it might cost extra in the UK.
They'll buy tons of phone numbers from all over so they always have local numbers to call from. They just use VOIP software to route it to wherever the call center is located. As far as their provider is concerned, they're probably just a local business. Or, at most, a local number for a foreign company.
In the parent's description, it's not spoofing at all. They've purchased real american (local) phone numbers, and are routing calls through them through other means (like internet...). There's no telephone network level trickery or spoofing going on.
Not always. They will spoof legitimate numbers that they don't own. If you call them back you'll usually get some very confused person who just got a bunch of calls accusing them of making spam calls.
Phone numbers can be spoofed, anyway. If you call back a robocall spam number, you'll reach a very confused human. And I've received a bunch of robocalls from my own number.
Canada definitely is. It is clustered, but there are days when there are a dozen scam calls (a recent one outright spoofs the governments phone number, and then calls you back with a spoofed police number).
I get some of it in Norway. English speaking call centers running scams. A lot of it comes from foreign numbers though, so it is easy enough to at least ignore.
Yep, I'm one of the people in the US that gets those. It's about an even split between those and calls about my bank account (for a bank I have no account at), with only a tiny number of others.
Could be a matter of population. 300 million residents vs 83 million means they have a larger pool of gullible people to target. I don’t mean that to sound mean, really. It’s just a fact that this is a numbers game for these scammers and they want to find the most number of people who will fall for what they’re peddling and milk them for everything they can.
Lots of these robocalls are fraudulent. They say nonsense like they're the FBI acting on behalf of the IRS, with a warrant for my arrest. If somebody ran a scam like that through the USPS, they'd become a guest of the US Bureau of Prisons for a few years. Internet DoSers get prison time too. But not these parasites.
If the scammers are offshore, an arrest or two in the customs hall at an airport will get peoples' attention.
Prison time, big fines, and restitution will be a more effective deterrent than what we have today. The American Graffiti (1974) writers correctly described the current system of uncollected fines. https://getyarn.io/yarn-clip/6cac9bde-4762-41c2-8b76-264eba9...
Even if hard time doesn't deter these people, a few big cases will at least let the federal government project the illusion they're doing something about it.
Sure we can... with drone strikes! I'm sure dead phone spammers would have 90% support from the public. The other 10% can cry their salty tears and pretend they're getting spammed to feel better!
I have build and managed several voice systems witch all could easily be transformed to robocall machines. The biggest money makers on all those services, incoming and outgoing calls has always been the telcos.
The solution is simple, and I've proposed it before.
If someone used spoofing to break the law, there's strict liability for some kind of statutory damages, say $100, applicable to everyone across the chain. I.e. I can sue Verizon for sending the call to my phone, Verizon can sue whoever connected to their network, they can sue whoever spoofed on their network, etc.
This will quickly lead to networks requiring proof of authorization or at least posting some kind of bond to be allowed to spoof numbers.
And there's no real downside. Nobody has a pressing need to spoof but not enough to post a bond convincing the phone networks that they won't break the law.
I agree, anyone, everywhere and anywhere in "the chain" is liable immediately - - that will change things promptly as Telecoms will not allow themselves to be liable . . .
Things don't happen in a vacuum, don't be so dismissive. There would probably have been put something in place to stop a $20 sim from doing these things in the first place.
Yeah, a fail2ban would be great. Bell labs ushered in a lot of our infrastructure, it isn't like baby bells haven't been involved in the ecosystem that creates these tools, it looks like they aren't willing to lose any traffic.
Yeah, let's throw out the entire idea, because it is not perfect. Spoofing is the main problem here. If that was blocked the $20 disposable phone would be much harder and more expensive to exploit (his many disposable phones they would have to use to perform a single successful campaign?
You could, but you also need to take into account the number travels with the SIM, not the handset.
The SIM is you. People already buy burner SIM's, and many countries have started to implement tighter controls on SIM purchasing in order to aid law enforcement's ability to track down telephony enabled crime.
> The solution is simple, and I've proposed it before.
Actually, I think the solution is even simpler, and is already in place here in Europe: Make all calls cost a minimum of $0.25 to the caller.
The issue right now is that having a robot call a million phone lines costs basically peanuts. If a million phone calls cost $250,000 instead, then this sort of spam calling wouldn't be effective anymore.
And you don't have to wonder what it looks like. In Europe and the UK, the caller has always paid for the entire connection, including the airtime of mobile phones. It doesn't cost you a dime to receive calls on your mobile phone in the UK; but it costs the caller around 20p per minute. As a result, robocalling mobile phones is not cost effective.
No need for complicated regulatory intervention in this case.
How do I set up a system that has the phone company bill incoming callers on my behalf? I'll answer every call if I can charge them for the privilege of talking to me.
"Many of the spoofers and robocallers the agency tries to punish are individuals and small operations, he added, which means they are at times unable to pay the full penalties." - cant pay the fine? Go to jail, you are breaking the law.
Yet another example of the incompetence of the FCC and Pai
The US' political system and law enforcement only serves businesses and not its citizens. Until that stops this is just another symptom of the problem.
My VOIP vendor provides a spam-scoring system for inbound calls from an outfit called TreCNAM. Needs more participation to be highly effective, but it's an idea!
The VOIP vendor also enables call treatments that can require a caller to press a specific number after the call is connected, before it actually rings, and to whitelist specific legitimate callers. Together, those phone screening tool reduced rings from robocallers on my VOIP phone to a very rare event.
While robocalls are annoying, what's the moral justification for making this illegal? If a person is allowed to call you, why can't a computer? Also the line is getting blurred recently, so it seems like a problematic distinction at this point in time.
That’s nor a good moral justification. Most people using Tor are probably doing something illegal, but it wouldn’t follow that Tor should be illegal, would it?
Because abuse by a very few destroys trust in and value of the system to all:
[S]ince mid-2015, a consortium of engineers from phone carriers and others in the telecom industry have worked on a way to [stop call-spoofing], worried that spam phone calls could eventually endanger the whole system. “We’re getting to the point where nobody trusts the phone network,” says Jim McEachern, principal technologist at the Alliance for Telecommunications Industry Solutions (ATIS.) “When they stop trusting the phone network, they stop using it.”
That’s not a bad answer (“things that undermine trust in systems are bad”) but when generalized, can lead to undesirable results. For example using your axiom, undermining trust in a corrupt and harmful system would also be bad. Like for instance, speaking out against a repressive government regime.
Trust is one element. Common weal, the sense of acting in the common good, is the more critical element.
Trust here is a mechanism, rather than and end goal itself. Through the undermining of trust in a system for the public benefit, the common good is harmed.
Your counterexample becomes far less difficult when phrased equivalently:
Through the undermining of trust within a system opposed to the public benefit, the common good is increased.
TL;DR: you've confused ends and means.
Though generally, common good is extremely reliant on a strong social trust fabric.
(As to the question of whether or not "common good" / "common weal" is an appropriate goal value of a system, that's another discussion. I've elected to adopt for now the general idea that it is, but there are varying points of view on this point, and cases in which there is no globally beneficial outcome. Most especially where some are disadvantaged such that others, any, might survive. See also: "lifeboat ethics".)
In context, people mean "illegitimate robocalls." Nobody is proposing to outlaw legitimate robocalls (like when a pharmacy makes an automated call to notify you that a prescription is ready.)
It's mostly illegal to make human or automated marketing calls to numbers in the US that have signed up for the national Do Not Call registry. The problem is that huge numbers of illegal calls still reach numbers on the Do Not Call registry. Most of these illegal calls have no connection to any real business; they are instead trying to defraud people. I have often been called by "Microsoft Support" to alert me to Windows problems that need fixing. I don't have any Windows computers.
Misrepresentation is a commonly agreed upon morally bad thing (i.e lying). But spoofing is an issue seperate and apart from robo-calls, even if the correlation between the two is very high. So we still need to figure out what, exactly, is morally bad about being robo-called. And the answer can’t be related to spoofing, do not call lists, or whatever, as these are not related to the essence of what defines a unsolicited robo-call.
Tragedy of the commons. Unwanted bulk requests that intentionally evade automated filters are an attack on the availability of a communication network.
Small-scale spoofing, a/k/a pseudonymous / anonymous whistleblowing or commentary, can be useful, and has a very well-established tradition.
The goal of, effectively, all robocalls is fraud or value-extraction from the system. It works only because of the scale possible.
Small-scale operators (unless hugely and widely distributed) don't exhibit these characteristics. A fundamental problem of robocalls is the scale of operation itself.
Scale matters.
Countermeasures which disrupt at-scale operation whilst protecting small-scale activities are net beneficial.
431 comments
[ 4.1 ms ] story [ 327 ms ] threadMake calls cost money and the problem will naturally go away.
If there was a known Florida-based drug dealer that was bringing in $120,000,000 of drugs/year, there'd be dozens of cops working around the clock to bring him in.
A Florida-based robo-caller, fined $120,000,000, who isn't paying a penny? Nobody cares.
I understand lack of enforcement against some robocall firm incorporated on Mars, or somewhere else beyond the reach of law enforcement. I don't understand the lack of enforcement against ones based in the US. Jail them, take their homes and cars, put their kids up in foster care.
You don’t need a lot of money to spam calls.
It wasn’t always this way, and getting random BS calls almost never happened back then.
We take every penny that they do have.
Since the guy hasn't paid a cent, and is not living under a bridge, panhandling with a "Homeless veteran, please give me money for food" sign, I'm pretty sure that this is a problem with enforcement.
> You don’t need a lot of money to spam calls.
No, but you do get a lot of money from the people buying ad time from you.
This is not a law enforcement problem, because this problem only became common once phone calls were virtually free to make.
A lot of problems would be solved if phone calls are billable. Then the telcos would be fighting amongst themselves to make sure that they get paid.
Caller ID used to be an extra charge. The telcos needed it not to be mandatory. But now my land line is going away because it's become nothing but an annoyance. They could have prevented that but... but...
So even if you track someone down, what will you do if they are dirt poor?
I'm not even sure that raising the floor cost of making calls would help because scammers only have to swindle a single person out of thousands of dollars to offset the costs. :(
While I'm having trouble finding hard rates - with the big carriers, I know its not a ton of money now in any case - low enough that I dont think the financial incentive is a relevant course of action, it just subsidizes the trunking infrastructure needed to support the calls.
See Call Pumping: https://www.fcc.gov/general/traffic-pumping
I assume most calls are not successful, but over a thousand calls how much can a scammer expect to make?
There is nothing simpler, except that some very well-funded special interest groups never want to see this happen.
When I was on a limited plan, the amount of spam messages and calls were virtually zero because the limit would run up and be charged against the caller (internationally).
The month I switched to an unlimited, I started getting spammed.
Now much of the spam is domestic, but I fail to see how this is possibly unfeasible technically.
And what well-funded SIGs are our to get your phone call tax plan?
By way of indirect response, Bernard J. Stern's "Resistances to the Adoption of Technological Innovations" (1937):
https://archive.org/details/technologicaltre1937unitrich/pag...
In Markdown: https://pastebin.com/raw/Bapu75is
Free, unlimited phone calls is a fairly recent thing.
This is not a technical problem at all.
In other words: yes, and many people also paid for their email accounts for some years. Yet here we are...
The problem with your proposed solution is that you're going to have an awfully hard time rebottling that genie. We've got low-cost comms. And within the triple entente of costs, infrastructure, and network effects, you're going to see those re-emerge, whether on the PSTN old-school phone network (inclusive of mobile and VOIP), or on some replacement.
Infrastructure, because you're talking about billions of subscribers. Even a limited network is tens to hundreds of millions. (Numbers for online community services are similar.)
Costs, because users will migrate to the low-cost solution, all else being equal. If regulation requires a cost floor on one network, you'll see migrations elsewhere, and legislation and regulation virtually always lag.
Network effects, because an effective and attractive network is either extraordinarily selective (The Harvard Face Book), or universal (Facebook). Much of the actual systemic value comes not from what the vendor or service provider, er, provides, but from what the users bring to the network. And a large network makes up for a lot of crud in other areas.
(Corollary: the replacement service is almost certain to emerge within some elite niche, and then spread out, as did writing, literacy, publishing, telephony, the Internet, mobile phones, smartphones, and social networking.)
(Corollary: alternatives which start out with the spammers and marketers already on-board and running rampant will likely fail to make the cut.)
Increasing costs across the board won't work.
Oh, and you've got a whole mass of vested interests propping up the current system. I've already linked Bernhard J. Stern's "Resistances to the Adoption of Technological Innovations", but the logic expressed there largely applies, and the paper itself includes several comms-based examples.
Increasing costs for malfeasance, most especially at the service provider level, probably through some charge-back or penalty scheme, with (excellent suggestion from, er, you, by the way: https://news.ycombinator.com/item?id=21494014) a bounty available to third parties, could well be part of that.
A basic outline which you'll also find widely repeated through history.
Markets caused this problem through externalities, informational asymmetries, vested power relationships, sunk costs, network effects, and perverse incentives. You're not going to solve the problem by marketing it harder.
This was gonna cost $250M, so they decided to hire a firm to do it for them.
This firm was able to do it for $207,993,210 saving the government ~$43M.
Turned out the firm was the robocallers who got fined.
So they just called themselves 1 time, and paid the difference on the bills: $6,790!
/sarcasm
My science teacher once insisted rivers couldn't flow north because on a globe, north is up.
So, yeah, education is a bit of a mixed bag.
Did he just not consider, say, the Nile?
We pointed out the Nile on the globe. Even that wasn’t convincing apparently.
That one seems to be common, oddly enough:
http://machall.com/view.php?date=2005-04-06
EDIT: After doing some web searches, it seems that this myth, just like robocalls, is also a uniquely U.S. phenomenon, possibly caused by the fact that U.S. geography causes many (possibly most) U.S. rivers to run southwards, even though contrary examples (even within the U.S.) are legion.
In vernacular speech, "have" is just contracted left and right; I can actually remember when I realized "'ve" was different from "of", and it wasn't "should of, could of, would of" but "should've, could've, would've".
"That better've not been my cupcake you ate."
"Do you think you should maybe've put your name on it?"
- is (as in “it’s a nice day”)
- it is (a weird archaic poetic usage)
- God’s (also weird, eg ’Sblood)
- that’s e.g. ’sright
- has e.g. it’s got many meanings
- us e.g. let’s go on a walk
- his (also weird. Obsolete/dialect)
- as (eg so’s = so as)
- does when’s the band come on?
Naturally one can see several of these in one sentence, e.g. “let’s meet as soon’s Brian’s recovered from the fever he’s got.”
More specifically, PSTN is a public, switched, telecommunications network, in which each communication occurs over a direct, and until recently physical, circuit. The "switches" refer to how those circuits are set up and broken down. By contrast the Internet is packet routed; each data packet is routed across the network by the best available route. Users don't have dedicated circuits (though there are dedicated addresses), but rather data from multiple communications is commingled on common transmission channels.
There were BBSes which you'd call directly (the job board DICE ws initially a BBS), but BBS != website. Similar in ways to today's SPAs though.
https://www.techopedia.com/definition/1704/point-of-presence...
https://networkencyclopedia.com/point-of-presence-pop/
The backbone connectiin was TCP/IP, not PSTN. There are no distance charges, only bandwidth, generally at 95%ile peak "burstable" billing:
https://en.wikipedia.org/wiki/Burstable_billing
This could work for email spam, as well.
Bonus if people get to set their own postage rates.
https://www.bbc.co.uk/news/technology-23869462
But I do like the idea of giving out a 1-900 number to people. It would certainly get some interesting reactions, depending on context.
I've had numerous recent mobile and/or office numbers beseiged by dunning and marketing calls, apparently aimed at earlier holders (if even targeted at all).
https://en.wikipedia.org/wiki/Termination_rates
There might also be something of value in only refunding the fee to the CNAM entity, which would at least offer some incentive to not lie about being associated.
Yes she won the popular vote by about 3m votes but that’s hardly a dollar to vote ratio.
People vote their emotions, and emotions are surprisingly difficult to buy.
But keep on downvoting HNers, ignorance is bliss is why we come to this website after all
This doesn't refute the fact that wealth correlates with influence in U.S. politics, in fact, you could even say that a billionaire winning an election supports it.
Also, why did you create an account for just this comment?
https://wikileaks.org/podesta-emails/fileid/1120/251
Pretty depressing to consider that a portion of donations to the HRC campaign in 2015 were spent promoting Trump.
If you're analyzing why Trump won, knowing that her campaign intentionally elevated his campaign is certainly relevant.
I hope our country can take off the hyperpartisan tribalist blinders and address the reality of why Trump won so we don't end up with another 4 years of him.
When its plastered all over TV. We just had elections days ago - obviously turnout is even worse than year than last where the national average was 50%. But nobody was voting emotionally there because largely you weren't voting for people or even positions you knew or recognized. You voted for the names you were familiar with - put in your head by advertising. Because there isn't a large central institution around your county commissioner election where media will give all candidates ample airtime to actually know who they are.
I remember last year my district had a major election for the federal house - I live in PA and due to redistricting by the state supereme court we were having an election without an incumbent. Only 3,000-25,000 people in a district of 250,000 adults watched their public TV debate. The winner was just the guy that outspent his opponent by an order of magnitude via local companies subsidizing his campaign with 10 million bucks.
1. https://en.wikipedia.org/wiki/Public_switched_telephone_netw...
> As someone with a heavy background, it would break a fair bit of the PSTN
As it stands, I think quite a few consumers are ready to just walk away from PSTN unless something pretty drastic is done quite soon.
I'm sure it will live on in many places that aren't concerned with customer satisfaction, though.
We really need federated communicator.
Federation has enormous downsides: since anyone can join the network and send messages, there aren't good ways to police bad actors.
The two largest federated communications networks today are email and PSTN. They're both infested with spammers.
There are many ideas to stop spam like proof of work.
Main reason for spam in email and PSTN is legacy protocols, which were created long time ago and cannot be significantly improved without breaking compatibility.
If they still made an iPod like device that ONLY included data, I'd switch to it today. I can get my calls via any of the various online services.
As it stands, my phone is in do not disturb mode so that only calls in my address book get through.
I previously thought of this as something old people do because they can't type on a phone, but I tried it, and it does provide a more rapid, conversational way of creating text.
Now, most calls, the BTN/ANI and CID are the same number string, but when you start looking at call center operations, calls from PBX's, anything with backup trunking arrangements - that gets less and less true. Another wrinkle in this whole mess, is that with LNP (local number portability) you can have a number that on paper is owned by carrier Y (by assignment) but has actually been ported to carrier X (there is a database however that carries this information).
The issue as it comes down, is there is no central database to show that Caller ID string X is valid for trunk/line Y, for the most part customers were trusted to not be malicious and follow the rules. Once we got into a world where a SIP trunk could be had for free, and usage was a minor incremental charge, that whole system broke down.
The good news in all of this is that the FCC has mandated a move to authenticated CID (https://www.fcc.gov/call-authentication), but much of the equipment in play here is decades old, and will take time to be upgraded - but it's happening and happening pretty quickly for an industry that normally moves at a near glacial pace.
More from defections to other (more spam-averse) technologies. Remaining, if it can still compete with cable, as a data backhaul.
Slightly more fleshed out here:
https://mastodon.cloud/@dredmorbius/102357651020681668
Don't forget the PSTN, includes cell phones, SMS/MMS, and the entirety of the 911/999/112 systems too. It's not just a POTS line hooked up to a 2500 set anymore.
By "dead", I don't mean PSTN won't exist at all. But its status will be like Usenet or IRC: a system which technically still functions, but is a wasteland of deserted spaces and/or spammers and scammers, while the hub of discussion and commerce is found elsewhere.
There's a tremendous foment of alternative systems, though it's not clear if any one of these will emerge ascendant. It's quite possible that you'll see splits among major usage bases, particularly in business/commerce and/or personal messaging. The usurpation of direct realtime voice comms by texting for many (though certainly not all) uses is also a part of this.
A key point to remember is that once a large network with network effects enters into a death spiral -- positive feedback loop of decreasing value and increasing costs -- the end comes surprisingly quickly. And in both news and conversations I'm having with any number of people and organisations, dissatisfaction with the existing phone system is rampant.
The fact that what most people consider as "phones" are actually relatively general purpose computing, information, and comms devices, on which any arbitrary protocol can be layered, may actually be the kiss of death for PSTN. You won't need to buy a new device, only install a new app (or use the one that's been pushed to your device by the vendor).
For home and office users, the final merger of comms to the desktop (or laptop) system is likely to occur. Some mechanism for patching existing infrastructure to the new system(s) may work for older / hard-wired legacy installations.
What the replacement system offers, its specific capabilities, and how directories are handled, remain interesting questions. There should be both past examples of similar transitions (telegraph and TELEX to voice and computer messaging, particularly) which offer clues. We're probably staring at most of the pieces if not the complete system presently.
When you can't rely on the fact of any arbitrary business, organisation, and/or person having PSTN service through which they can reach you or you them, the end will be well in sight.
I remember the days before HTTPS was widespread. I watched as Google and other players systematically adjusted incentives, slowly but surely over many years, to reach where we are today: 90% of all web traffic is encrypted.[1] There's no reason the same couldn't happen with phone calls, other than perverse incentives.
Someone get me in a room with Ajit Pai and the CTOs of the major US carriers, I could have a system in place in five years, tops. Unfortunately there's no incentive for them to fix this, because (1) upgrading infrastructure costs money, and (2) carriers large and small are making BANK off these robocalls. ITSPs do typically charge to route calls (similar to internet peering), and robocallers are happy to pay because they're making so much money.
[1]: https://news.ycombinator.com/item?id=21421195
[0] https://support.apple.com/en-us/HT207099
Info: https://support.t-mobile.com/docs/DOC-38784
It would kind of solve the problem if a norm emerged that these types of companies first send a confirmation email with the phone number they'll be calling from so you can add it to your caller id. But it's a lot of extra work for people and I think it's probably asking too much of the average non technical user.
Even better, why couldn't we have something like SSL certificates or DKIM for phone calls? People for the most part understand the lock icon and a verified flag in a user interface. Then a call could be signed to know that it's coming from a particular entity.
It seems like some other countries have solved this problem by moving away from regular sms and phone calls and instead letting a private company own all communication, like WeChat in China. Which obviously is quite problematic in other ways, but honestly at this point that would be an improvement in my opinion, if businesses started only contacting me through Facebook Messenger or Whatsapp so I could see who every message is associated with.
Needn't be a walled garden.
Though migrations from PSTN to various alternatives is also fairly likely. Much of the present "social media" / apps space is actually probably a jostling for supremacy / positioning in this regard.
It was a user configurable white list solution in which an entity can specify all the ways they may contact you (numbers, addresses, and optionally signing or encryption public keys), and you can white list the organization as a whole.
Messages purporting to come from one of these organizations that fails the self specified check can be safely ignored.
At the time, blockchains didn't exist, and the missing piece of the puzzle was a distributed database not controlled by any central organization.
The only calls I worry about not getting are legitimate callers from callers who aren’t allowed to leave VMs.
I just wish that apps or services that might call you (Uber, your cell carrier etc) could/would use the iOS call identification API to allow known calls through.
Can it intercept calls to a cell phone with a carrier issued number?
What you'd do is port your cell number to the provider, get a new cell number, and then set up a call flow that answers the number, eventually forwarding to your real phone after the caller has a chance to record their name and hit a key.
I really appreciate the info!
I think calling folks back from a number different than what they dialed to reach me.. might defeat the purpose. Thanks for sharing your setup.
That is the one downside of this is now having two numbers to deal with. I was getting so many garbage calls though, the trade off has been worth it.
This introduces two ways of working with the service - either you set the service to show "your" phone number as the calling party, and then listen to the name when picking up, or you ignore this and use the softphone app for all calls.
People use twilio to robocall individuals from their same area code. No “spoofing” caller ID is needed. Twilio makes is stupid simple for robocallers and I can speak with authority on this matter hence why this is a throwaway account.
Then the IRS could garnish wages or prevent loans to the businesses until the liens are paid, or do all kinds of things to throw a wrench in their plans and make robocalls too much of a hassle to be lucrative.
These crooks make millions, of calls every year. My first employer was apparently making robocalls, though none of us were aware of it(there was a call center with actual human beings), and they were cracked down on by the FTC a few years ago.
https://www.ftc.gov/news-events/press-releases/2017/01/ftc-a...
The way I see it, there's no good technological reason why a system couldn't detect millions of calls coming from one place, compare that with the number of complaints and number-spoofs, and trigger an investigation. The dinosaur phone system needs to either go extinct or be reformed, and the telecom companies don't give a fuck. Every time I've asked either T-mobile or AT&T to block the relentless robocalls, they tell me to install some 3rd party Android app that fails to effectively block calls.
It was made clear that any call that was made to one of my numbers would be delivered irrespective of any faulty components visible to me in the SIP header.
e.g. the CRTC has policy 2018-484, Implementation of universal network-level blocking of calls with blatantly illegitimate caller identification: https://crtc.gc.ca/eng/archive/2018/2018-484.htm
CRTC gave telcos twelve months to implement, and it seems to have largely been implemented within that time frame.
The companies issuing the ability to robo-callers to do their work are enabling robo-callers to do their work (scams).
Last time I tried to trace down a call, I stopped at a company called OnVoy and got distracted with other issues...
Not a good idea. I get where you’re coming from, but we don’t hold ISPs accountable for people using the internet badly. That would be a change for the worse.
Imagine if Comcast had to terminate your service due to something someone posted while using your wifi.
"AT&T Threatens Persistent Pirates With Account Termination"
https://torrentfreak.com/att-threatens-persistent-pirates-wi...
The question isn't "can this be done?" It is: can this be done, fairly, effectively, reasonably, and with appropriate safeguards?
The fundamental principle of regulation is that it applies methods and actions which can be harmful if misused. The key is to ensure they're not misused. Not to ban the concept of regulation entirely.
Edit: if you're downvoting, look it up, there are convicted child sex offenders doing this.
Are you aware that the "slippery slope argument" is a logical fallacy? https://en.wikipedia.org/wiki/Slippery_slope
Best of both worlds.
Edit: At a minimum, an out of system call should display what system / exchange it originates from. That at least helps solve neighbor spoofing.
Tie the problem of robocalls to the telcos losing money, and this problem will solve itself in months.
If the rule is that telcos must eat the cost of a scam, they will drag it out in court and the consumer must still prove it.
If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.
At some point they may even come to a consensus and protocol that protects the customer.
I prefer this option.
There may be other options. Just don’t put the burden on the individual customer.
Edit: Even better, allow bounties so that lawyers can start hunting for robocalls that went through.
> If the rule is that each robocall that makes it through must be paid by the telcos (take the consumer out of this), then telcos will battle each other to try and insist that the other party is responsible.
I don't necessarily see these as guaranteed outcomes. You don't see this kind of behavior for banks, which are generally the ones liable for credit card fraud.
One of the primary users of robocalls are politicians. I'm sure they'll get right on legislating against it. /sarc
https://www.ftc.gov/news-events/blogs/business-blog/2015/08/...
No, you are absolutely wrong. CAN-SPAM law for email is under the FTC's regulation and does nothing to restrict the ability of marketers to send initial unsolicited mailings. This isn't a first amendment question of exemption, the FTC is not authorized by statute to regulate noncommercial activity like a political campaign.
TCPA regulations for cellphone marketing are under the auspices of the FCC. You cannot send unsolicited commercial SMS and calls legally (there are some exemptions for pollsters and nonprofits). TCPA law also applies to political campaigns: https://www.fcc.gov/political-campaign-robocalls-robotexts
Land line numbers are also registered with Do Not Call, but doesn't make any difference.
Answer the call and there will be either:
1) a few second pause and then a person will drop in with the call centre voice noise in the background.
2) a few second pause and if there is no sound (you saying "hello") it will hang up.
Those are usually from international call centres. In terms of locally based ones, got a couple during the election with a recorded voice saying "this is an important message from XYZ politician".
#robocall complaints (Germany, 2018): 13375
https://www.ftc.gov/policy/reports/policy-reports/commission...
https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/All...
I'd also doubt assumptions such as people are equally likely to report, it's equally easy to report, counting is done the same way, etc., so I don't think your response is sufficient to characterize the average.
[0] https://transnexus.com/whitepapers/shaken-as/
What a nonsense
How could this work in the current environment, given that:
- termination rates (the rates paid to the recipient's phone company for delivering the call) are regulated, and can't be set arbitrarily high
- phone companies have no way to check whether the outbound caller ID I present is also a valid inbound number for me
- even if they did, it's cheap to get a number in every area code (maybe $1/month/number) and cheap (1 cent per minute) to have calls to that number to delivered to me via VoIP (so I can rightly claim that the outbound caller ID matches my 'actual number')
Sure, spammers could still get tons of numbers, but straight up spoofing would vanish, and that’s a big enough win.
The problem here is that the origin can be spoofed.
You are imagining a system where a telco like T-Mobile connects the caller directly to you. That's not how it works. The connection chain could look like this.
bad caller 111-1111 -> A -> B -> C -> T-Mobile -> you 999-9999
All T-Mobile knows is that 111-1111 is calling 999-9999 and that the call was routed from C, it does not know about A, B, or the true identity of the bad caller.
That's also why spoofed attacks are also a problem on the Internet. These systems were not made with spoofing in mind, and it will cost a lot of money to get these companies to switch over to a new system seamlessly that can detect spoofing.
6 hour later, C's NOC calls B's NOC, saying to knock it off, and they have 18 hours or they're getting booted.
6 hours later, B's NOC calls A's NOC, saying to knock it off, and they have 12 hours to figure it out or they're getting booted.
In under 12 more hours, A cuts off 111-1111.
If peeringDB is to be believed, big providers all require their peers to have a 24/7 NOC number to call.
That approach is obviously not very effective in a DDoS scenario, but as I understand it these robocalls typically originate from a handful of different VoIP termination services -- as opposed to tens of thousands of hosts in a DDoS scenario.
Yet this has been going on for years, so I suspect shenanigans by providers too happy to continue charging their Tier7 peers for access.
Anyone in a region with sensible legislation.
I worked in this business briefly, the economics are fascinating. Your average mom and pop restaurant is very likely buying its VoIP transit from an entity like "B" in this story.
Or make it easier for consumers to report spam calls. For example, dial *666 after hanging up on the spammer and it reports the last call as spam. Enough abuse reports originating from a particular carrier and T-Mobile knows there's a problem. That's basically how it works for email spam and other forms of Internet abuse.
It's very hard to reform the whole system, but you have to start somewhere and this could be how.
Call verification is already here and rolling out progressively. System is called STIR/SHAKEN. iOS supports it as of 13.something. The UX is terrible though, all you see is a checkmark after the caller in the call log. Android might have a better situation on some phones, this system is carrier dependent. More about it here: https://www.fcc.gov/call-authentication
There are scenarios where it doesn't work. Calls routed through Google Voice to my T-Mobile line will never show this checkmark. Also, not showing it onscreen for unknown incoming calls defeats the purpose, really not sure what Apple was thinking.
We should use law to eliminate this problem.
If you don't feel safe installing software on your phone, that's a problem with your phone OS.
> Secure Telephone Identity Revisited) and SHAKEN (which stands for Secure Handling of Asserted information using toKENs)
The amount of bending over backwards to get that acronym to check out is impressive. It is such an engineer-named system.
Looking forward to it nonetheless.
Hire law firms that specialize in collecting fines. They will go through reams of paperwork and paper trails and eventually have a sheriff show up at a Thanksgiving dinner of a whoever owns the companies, after their corporate shields will be pierced, taking away chairs, pans, fridge and a turkey fryer.
When that starts happening robocalls will very quickly.
I assume that some sort of software has hit the market automating the process, but I don't know.
I looked at Wikipedia, and we have "CLIP" (Calling Line Identification Presentation) and "CLIP no screening" (essentially spoofed numbers). Spoofing a number that you don’t own the rights for is a crime.
So it looks like we have spoofing but only in a sane way, is the other kind of spoofing legal in the US? Or is there some other underlying problem?
For me, at least, the calls also seem to be highly clustered, whether spoofed or not, for whatever reason.
As far as I know, spoofing is left to phone company policy, which says it needs to be an associated number, like the same company or same address. I think part of the problem is they don't have a way to actually verify this for out of system calls. And technology has made setting up spam lines on small remote systems feasable.
This is speculation, but I suspect it would be considered criminal fraud if it's done as part of a bigger crime. I don't think it's a crime in-and-of itself, but other than that, idk.
That raises another question: are other Anglosphere countries flooded by scam calls like the USA?
I don't know if easily spoofable phone numbers are unique to the US. But even if they are not, international scam-calling operations are going to predominantly target English speakers since English offers lower language-understanding barriers and a lot of high income potential victims.
A huge amount of international phone traffic comes to the US every day
Interestingly, there's been an uptick lately but the recorded messages are all in Chinese.
https://www.reddit.com/r/australia/comments/bc8p2w/chinese_r...
If the scammers are offshore, an arrest or two in the customs hall at an airport will get peoples' attention.
Prison time, big fines, and restitution will be a more effective deterrent than what we have today. The American Graffiti (1974) writers correctly described the current system of uncollected fines. https://getyarn.io/yarn-clip/6cac9bde-4762-41c2-8b76-264eba9...
Even if hard time doesn't deter these people, a few big cases will at least let the federal government project the illusion they're doing something about it.
If/when they visit a country with... any... positive relations with US/Canada, pounce.
And cutoff their bankers from the US financial system.
India won’t be happy if it starts to lose its call-centre industry as a whole because of some bad actors.
India and the US have extradition treaties.
There’s a lot of ways to put on the pressure.
Sure we can... with drone strikes! I'm sure dead phone spammers would have 90% support from the public. The other 10% can cry their salty tears and pretend they're getting spammed to feel better!
If someone used spoofing to break the law, there's strict liability for some kind of statutory damages, say $100, applicable to everyone across the chain. I.e. I can sue Verizon for sending the call to my phone, Verizon can sue whoever connected to their network, they can sue whoever spoofed on their network, etc.
This will quickly lead to networks requiring proof of authorization or at least posting some kind of bond to be allowed to spoof numbers.
And there's no real downside. Nobody has a pressing need to spoof but not enough to post a bond convincing the phone networks that they won't break the law.
But whence comes the $1000 my friends are now owed, for the calls made before their complaints were filed?
That would eliminate spoofing, which would make it much easier to identify where the bad calls are actually coming from.
Spoofing is a huge security issue, robocalling is annoying.
The SIM is you. People already buy burner SIM's, and many countries have started to implement tighter controls on SIM purchasing in order to aid law enforcement's ability to track down telephony enabled crime.
I can think of no more blatant way to ruin net neutrality.
Actually, I think the solution is even simpler, and is already in place here in Europe: Make all calls cost a minimum of $0.25 to the caller.
The issue right now is that having a robot call a million phone lines costs basically peanuts. If a million phone calls cost $250,000 instead, then this sort of spam calling wouldn't be effective anymore.
And you don't have to wonder what it looks like. In Europe and the UK, the caller has always paid for the entire connection, including the airtime of mobile phones. It doesn't cost you a dime to receive calls on your mobile phone in the UK; but it costs the caller around 20p per minute. As a result, robocalling mobile phones is not cost effective.
No need for complicated regulatory intervention in this case.
Yet another example of the incompetence of the FCC and Pai
The VOIP vendor also enables call treatments that can require a caller to press a specific number after the call is connected, before it actually rings, and to whitelist specific legitimate callers. Together, those phone screening tool reduced rings from robocallers on my VOIP phone to a very rare event.
[S]ince mid-2015, a consortium of engineers from phone carriers and others in the telecom industry have worked on a way to [stop call-spoofing], worried that spam phone calls could eventually endanger the whole system. “We’re getting to the point where nobody trusts the phone network,” says Jim McEachern, principal technologist at the Alliance for Telecommunications Industry Solutions (ATIS.) “When they stop trusting the phone network, they stop using it.”
https://nymag.com/intelligencer/2018/05/how-to-stop-spam-rob...
Trust is one element. Common weal, the sense of acting in the common good, is the more critical element.
Trust here is a mechanism, rather than and end goal itself. Through the undermining of trust in a system for the public benefit, the common good is harmed.
Your counterexample becomes far less difficult when phrased equivalently:
Through the undermining of trust within a system opposed to the public benefit, the common good is increased.
TL;DR: you've confused ends and means.
Though generally, common good is extremely reliant on a strong social trust fabric.
(As to the question of whether or not "common good" / "common weal" is an appropriate goal value of a system, that's another discussion. I've elected to adopt for now the general idea that it is, but there are varying points of view on this point, and cases in which there is no globally beneficial outcome. Most especially where some are disadvantaged such that others, any, might survive. See also: "lifeboat ethics".)
It's mostly illegal to make human or automated marketing calls to numbers in the US that have signed up for the national Do Not Call registry. The problem is that huge numbers of illegal calls still reach numbers on the Do Not Call registry. Most of these illegal calls have no connection to any real business; they are instead trying to defraud people. I have often been called by "Microsoft Support" to alert me to Windows problems that need fixing. I don't have any Windows computers.
https://en.wikipedia.org/wiki/National_Do_Not_Call_Registry
If you're on well-legislated do-not-call list, a person is not allow to call you unsolicited for non-personal purposes.
The robocalls I receive are all using fake caller IDs. At that point, it's fraud, isn't it?
I wouldn't mind robocallers if they used a real caller ID. If that were the case, I could just block them and be done with it.
The goal of, effectively, all robocalls is fraud or value-extraction from the system. It works only because of the scale possible.
Small-scale operators (unless hugely and widely distributed) don't exhibit these characteristics. A fundamental problem of robocalls is the scale of operation itself.
Scale matters.
Countermeasures which disrupt at-scale operation whilst protecting small-scale activities are net beneficial.
You got a number I can send you the answers to? \s