How FCC tries to fight robocalls

From fake Social Security calls to crooks pretending to be Apple or Amazon, anyone with a cell phone or landline is no stranger to robocalls.

For decades, robocalls have graced phones and voicemails across the country. Between June 2020 and 2021, these scams affected more than 59 million people who lost $ 29.8 billion, according to phone number identification app Trucaller. Some caller bots seek to sell legal products like a car warranty or new roof through illegal means, while others will steal your social security number or credit card.

In an effort to combat this long-standing problem, the Federal Communications Commission requires voice service providers to implement Caller ID authentication standards through a set of known industry rules. under the name STIR / SHAKEN. The FCC has demanded that large carriers like AT&T, Verizon and T-Mobile implement the standards by June 30, although smaller carriers, with fewer than 100,000 customers, have an extension.

At the same time, voice service providers must submit a plan highlighting their robocall mitigation efforts in a recently launched database. If the plan is not in the database as of September 28, operators will have to stop accepting calls from these providers.

STIR / SHAKEN is a great start to putting an end to this ever-growing robocall issue, and while the updates slow down crooks, experts say they won’t go away.

“It’s a Whac-A-Mole game,” said Paul Schmitt, a computer scientist at the Institute for Information Science at the University of Southern California. “Callers will find other ways to do what they want to do.”

STIR / SHAKEN refers to the set of industry rules requiring voice service providers to authenticate that the call people receive is from the displayed number.

The attestation is the framework used to determine the legitimacy of the caller. It acts like a virtual signature indicating how secure a provider is that a caller is authorized to use a specific phone number. It is divided into three levels based on how much information the providers know about the caller, with the lowest level meaning the provider can verify where the call is coming from, but not the ID of the caller. appellant.

STIR / SHAKEN is pressuring national carriers to increase their protected technology, create a database and will likely push illegal domestic robocalls out of the country, said Scott White, director of the cybersecurity program and cyber academy of George Washington University.

While it’s harder to spoof or use bogus caller ID information to rip you off, it’s not foolproof. The technology verifies that the original number is what appears to the consumer, but crooks can spoof the number upfront. The system does not work on landlines.

When signing an appeal, some vendors use the highest attestation without due diligence, said Josh Bercu, vice president of policy and advocacy at USTelecom, a trade group representing telecommunications companies. If the industry obtains proof of this, the supplier could lose its ability to sign or attest.

“The industry hates these calls,” Bercu said. “We want to protect our subscribers, we are doing everything we can and the impact is really starting to be felt.”

While STIR / SHAKEN can help crack down domestically, the FCC has little overseas jurisdiction from which many calls originate. The agency can work with international partners to catch the crooks, but some countries will not cooperate. Automated calls generate billions of dollars in profit every year, and many have found ways to use artificial intelligence or data to create targeted scam lists.

Some crooks overseas will buy a block of numbers to make calls and disappear. Domestic crooks can use recent changes as an opportunity to move their operations overseas where there is less oversight, White added. Gateway operators serve as the primary form of entry into the United States for foreign calls, but many operate outside the United States

The bigger problem is that robocalls are evolving faster than legislation can keep up, White said.

Automated calls are decreasing. In August, Americans received about 4.1 billion automated calls, down 4.4% from July, which was down 4.8% from June, according to data from YouMail, a company which creates automated call blocking software.

YouMail is one of the many third-party companies like Truecaller, RoboKiller, and Hiya that offer spam blocking software. YouMail CEO Alex Quilici said the company can match audio to find repeat offenders, but only when they leave a voicemail message.

Large telecommunications companies offer customers their own automated call blocking applications, with features such as caller ID, personal block lists and number change. Some of these features cost customers additional fees depending on their plan and provider.

A spokesperson for Verizon said the company recently launched a social media campaign with a tech influencer to help consumers spot robocalls. Efforts to mitigate robocalls resulted in 500 million fewer calls per month, they added. An AT&T spokesperson said the company tagged 1 billion automated calls per month. T-Mobile checks more than 300 million calls every day of the week, a spokesperson said.

Bercu, the vice president of USTelecom, is working with suppliers and the government to trace suspicious calls to stop the crooks. Another step is to get other countries to sign on STIR / SHAKEN, said Eric Burger, a computer science research professor at Georgetown University.

Despite concerns about its effectiveness, STIR / SHAKEN is not worthless legislation, White said. The process can help businesses and government perform better analysis and collect information to use for the next attack.

“People complained and the government responded,” he said. “This is what you want to see in a democracy.”