How the FCC is fighting Robocall

Rafael Abdallahmanov | iStock | Getty Images

From fake Social Security phones to crooks masquerading as Apple and Amazon, anyone with a cell phone or landline knows RoboCall.

For decades, Robocall crooks have graced the phone and voicemail across the country. Between June 2020 and 2021, these scams affected more than 59 million people who lost a total of $ 29.8 billion, according to phone number identification app Trucaller. Some RoboCallers try to sell legitimate products like car warranties and new roofs through illegal means, while others steal your social security number or credit card.

To combat this long-standing problem, the Federal Communications Commission requires voice service providers to implement caller authentication standards through a set of industry rules called STIR / SHAKEN. The FCC has asked large carriers such as AT&T, Verizon and T-Mobile to implement the standard by June 30, but smaller carriers with fewer than 100,000 customers. Has extensions.

At the same time, voice service providers must submit plans that highlight robocall mitigation efforts in their recently launched databases. After September 28, operators will have to stop accepting calls from these providers if the plan is not in the database.

STIR / SHAKEN is a great start to ending this evolving Robocall problem. Updates slow down crooks, but experts say they won’t go away.

“It’s a mogul game,” said Paul Schmidt, a computer scientist at the Institute for Information Science at the University of Southern California. “Callers will find other ways to do whatever they want.”

What is STIR / SHAKEN?

STIR / SHAKEN refers to a set of industry rules that require a voice provider to authenticate that the call is coming from the displayed number.

Attestation is a framework used to determine the legitimacy of a caller. This acts like a virtual signature that shows how confident the provider is that the caller can use a particular phone number. It is divided into three levels depending on how much information the provider knows about the caller. The lowest level means the provider can verify the sender, but not the caller ID.

Scott White, director of the Cyber ​​Security and Cyber ​​Academy program at George Washington University, said STIR / SHAKEN is a national telecommunications operator that encourages STIR / SHAKEN to increase protected technologies, build databases and broadcast illegal domestic robocalls abroad. He said he was pressuring him.

It is difficult, but not absolutely certain, to spoof bogus caller ID information or use it for fraudulent purposes. This technology ensures that the original number is visible to the consumer, but fraudsters can spoof the number early on. This system does not work on landlines.

Josh Bercu, vice president of policy and advocacy at US Telecom, a leading trade association for telecommunications companies, said some providers use the best certificates when signing calls without due diligence. .. If the industry obtains the proof, the supplier may lose the ability to sign or prove it.

“The industry hates these calls,” Bercu said. “We want to protect our subscribers. We are doing all we can and the impact is really starting to show. “

Fight against evolving Robocall

While STIR / SHAKEN helps crack down in the domestic market, the FCC has little jurisdiction overseas, where many calls are made. Agencies can work with international partners to catch fraudsters, but some countries do not. Automated calls bring in billions of dollars every year, and many are finding ways to use artificial intelligence and data to create a target list of scams.

Some foreign crooks buy blocks of numbers to call and disappear. White added that domestic crooks could use the recent changes as an opportunity to move their businesses overseas with less oversight. Gateway operators serve as the primary form of entry into the United States for foreign calls, but many operate outside the United States.

The bigger problem is that Robocall is moving faster than the law can catch up to, White said.

Next steps to terminate Robocall

Automated calls are decreasing. According to data from YouMail, the creator of the Robocall blocking software, Americans received an estimated 4.1 billion Robocalls in August, down 4.4% from July and 4.8% from June.

YouMail is one of the third party companies that provide spam blocking software such as Truecaller, RoboKiller, and Hiya. Alex Quilici, CEO of YouMail, said the company can match voices to find the culprit multiple times, but only when they leave a voicemail message.

Major carriers offer their customers their own RoboCall blocking app with features like caller ID, personal block list and number change. Some of these features will incur additional charges depending on your plan and provider.

A spokesperson for Verizon said the company recently launched a social media campaign with tech influencers to help consumers find Robocall. They added that efforts to mitigate robocalls have reduced 500 million calls per month. An AT&T spokesperson said the company tagged one billion automated calls per month. A spokeswoman said T-Mobile checks more than 300 million calls every week.

Bercu, vice president of USTelecom, works with both the provider and the government to track down suspicious calls in order to stop the crooks. Eric Berger, professor of computer science at Georgetown University, says another step is to get other countries to join STIR / SHAKEN.

Despite concerns about its effectiveness, STIR / SHAKEN is not a worthless law, White said. This process helps businesses and governments better analyze and gather information to use in their next attack.

“People complained and the government responded,” he said. “This is what you want to see in democracy.