Ask HN: Why aren't cell carriers liable for spam calls?
Why not shift this liability to the last mile? If my carrier connects me with a spam call, they have to pay me the $500 fine per violation.
They could then have voluntary agreements with whoever they are peering with to pay the fine, sort of like how the financial system works. It would then cascade until it reaches a carrier who doesn't care, who would then be liable for the fines.
So:
1. I get a phone call. My carrier is AT&T.
2. AT&T got it from carrier C1.
3. C1 got it from carrier C2.
4. C2 got it from "VoIP Solutions Inc." of the Cayman Islands.
5. VoIP Solutions Inc. keeps poor records or whatever.
Then,
1. I ask AT&T to give me $100. They either do it immediately or lose their license.
2. AT&T asks carrier C1 to give them $100. If they don't, that's AT&T's problem, but they can depeer them.
3. C1 in turn asks C2 to pay them $100, and they too pay up (or lose their peering with C1).
4. C2 asks the Cayman corporation. They refuse.
5. C2 absorbs the loss and fire VoIP Solutions Inc as a peer.
The final link will always be a carrier with poor control over who is connecting to their network - in other words, enabling crime.
This is perfectly incentive-compatible, and it would have worked for e-mail spam too back in the day. It's quite trivial to implement. Why isn't it ever suggested?
11 comments
[ 7.6 ms ] story [ 39.6 ms ] threadAt the end of 2019, President Trump signed the TRACED Act into law allowing the Federal Communications Commission to protect consumers from robocall scammers.
https://thehill.com/policy/technology/476335-trump-signs-law...
And for something funny, check out youtuber "Kitboga". This guy pranks the scammers.
So if you make a "last mile" fine, basically every carrier will be charged "evenly". This plan wouldn't have the incentive structure needed to change carrier behavior.
This video explains it nicely . [1]
[1] https://youtu.be/WOAapu-XJl8?list=LLfTvbJseqag4h_gPkk1q58g&t...
It wouldn't be evenly distributed. Your carrier could pass on the fine at least a few hops deep, until it reaches whoever connected the shady VoIP company to the real network. In the video's example, it would be Google Voice, the owner of the hacked VoIP systems' uplink provider, or the anonymous online call services. It's rare that the spammers use payphones or prepaid cards.
Even if it's the same situation as with e-mail spam, this would also be a workable solution for that problem.
Say I have a G-Mail account. I get spam from X@hotmail.com. Now G-Mail have to pay me the fine, and Hotmail have to pay GMail the fine, and X has to pay Hotmail the fine. Sure, they can't track down X, but Hotmail have to pay up for letting bad actors on their network.
We could also generalize this to BGP, of course. I get a port 22 brute-force attempt to my server, I contact my ISP, they pay me. They contact whoever peered them, who pays, until we get to China, where some local ISP says that a PC on their network was hacked. Too bad. Either the Chinese ISP pays up, or they get depeered by their CN <-> HK ISP, or they get depeered by their uplink, and so on.
Here is an example traceroute to the Chinese ecommerce site taobao.com from Cogent. In my example, the fine would travel down this list until it finds someone unwilling to pay up, who then gets depeered.
Your logic would work, but it is a lot of work for many entities to perform. The simple fact is that neither you nor I can control what the carriers choose to do.
You'd have to design a network from the bottom up if you wanted to enact these kinds of changes.
You're clearly interested in solving this spam problem and I admire the thought you've put into it. I'd advise that you focus on solutions that can be scaled more simply. If you think of all of the "spam calls" that happen, you'd come to the conclusion that your traceroute would happen 10s of billions of times a year.
My advice is to think of ways that don't require the cooperation of multiple entities.
Indeed, they'd have to stop doing that or require them to put up a security deposit.
> Your logic would work, but it is a lot of work for many entities to perform. The simple fact is that neither you nor I can control what the carriers choose to do.
No, this should be required by law. The only one who has to be bound by it is the last mile carrier - the rest is done as a voluntary agreement. If they don't sign it, they can't route calls into the US.
It could be trivially automated. Carrier A sends the message "pay us $X or we depeer you" to carrier B whenever they do not like what they got from carrier B. Their computer system evaluates whether the fine is worth continued peering with A. If it is, they pay, else they don't. This takes milliseconds. There is no need for a human to evaluate the evidence because there is no evidence needed.
Naive implementation:
Laws, carriers, whatever. Doesn't make a difference, we still have no say over enacting your suggestions. We can sit here and theorize all day about what may work, but if you cannot implement or test your solutions in the real world, what's the point?
That's why I suggested coming up with solutions that do not require the participation of large entities. Although I am HIGHLY biased, since I'm working on a peer to peer solution.
So, Verizon could peer their copper network with Sprint's copper network and connect them over fibre, but if Verizon would accept fibre peering with random VoIP providers Sprint wouldn't peer with them because they would be liable for fines.
Now, how do you make it actually happen?
What steps can you take to go beyond making theoretical comments on a online forum, to having a working experimental version handling calls on my Android phone?