The Federal Communications Commission (FCC), the US comms regulator, has announced a USD37.5mn fine for Affordable Enterprises, a business that spoofed 2.3 million phone calls over a 14-month period. Some of the spoofed originating numbers were unallocated, whilst others belonged to ordinary residents of Arizona. Per the official press release:
By using these numbers, the company was able to appear to be calling from local phone numbers and to avoid receiving angry callbacks when making spoofed telemarketing calls to sell home improvement and remodeling services.
The spoofers did not care who suffered as a result of their greed.
One Arizonan received more than five calls per day on her cell phone from consumers complaining about telemarketing calls they thought she had made. Records show that Affordable Enterprises had made spoofed telemarketing calls to consumers that appeared to be coming from the cell phone of this innocent Arizonan.
The investigation of Affordable Enterprises began with a tip from a whistleblower who was a former employee. However, investigating spoofing after it occurs is far less efficient than having telcos use analytics to identify spoofing and block it automatically. The relevant rules were changed by the FCC in July, with telcos no longer held liable if they accidentally block legitimate traffic.
One of the five FCC Commissioners voiced his disquiet with the Affordable Enterprises fine, not because the spoofers did not deserve to be fined, but because it is unlikely they will be forced to pay it. Commissioner Geoffrey Starks (pictured) issued a separate statement that said:
I remain concerned, however, about our track record of actually collecting these large forfeitures we assess. I note that we should be working with the Department of Justice to establish concrete timelines and procedures for timely collection of forfeitures if these actions are going to be worth the paper they’re written on.
Starks is right to observe there is a problem with collecting fines from robocallers who always seem to declare bankruptcy and disappear long before the state catches up with them. Earlier this year Starks made a similar point after the FCC issued a record USD225mn fine to some other robocall spoofers. However, Starks is focusing on the wrong kind of solution because robocallers could simply move their operations overseas if they want to evade fines.
The FCC has already acknowledged that it needs to do more to tackle spoofed traffic originating in other countries. Automated blocking will help with that, but there remain serious gaps in the FCC’s strategy. The worst of these relates to their imposition of expensive verification technology that only works if the call is handled by IP networks end-to-end whilst offering no practical suggestions for how to verify spoofed calls that pass over a non-IP network.
