Many words are spouted about the origins of spam robocalls but very little data is revealed publicly, so it was worth examining the contents of the most recent ‘Traceback Transparency Report’ published by the USA’s Federal Communications Commission (FCC). This report, which was made public at the end of September, shows the results of traces conducted between April 1 and June 30 by USTelecom’s Industry Traceback Group (ITG) on behalf of various US federal and state authorities. As befits an organization dominated by lawyers, the FCC very clearly states that no inference can be drawn about whether the traced calls were illegal or the parties responsible broke the law, even though the whole point of the ITG is to trace illegal calls to identify who broke the law. The lawyers were also crafty enough to avoid saying whether the information is complete, which leads me to believe they have given themselves the option of withholding data they do not want included in this ‘transparency’ report. But there is one conclusion that can be safely drawn from the report: Deutsche Telekom is identified as the origin of a lot more spam robocalls than would have been expected per the way the FCC usually describes problematic foreign telcos.
Of the 844 calls listed in the report, 33 (4 percent) were traced to Deutsche Telekom. That is the third-highest tally after two little-known companies called BPO Innovate (54) and 50 Stars IT Technology (46). Deutsche Telekom features in this report more than any other major telco, though Twilio came a close second with 32 calls traced to them. The FCC humiliated Twilio earlier this year by threatening to disconnect them unless they took urgent action to reduce the number of illegal robocalls they carried. It is intriguing that no public threat has been issued to Deutsche Telekom despite the FCC repeatedly trying to shift blame for unwanted calls to foreign telcos. Could this be because there are some telcos and some countries that are too powerful to be bullied? In addition to the difficulties that would be caused by threatening to disconnect the former government-owned incumbent of a rich and important US ally, Deutsche Telekom became the majority shareholder of T-Mobile US in April.
The report states that Deutsche Telekom was the originating service provider for all of the calls traced to its network. The labels given on this ‘transparency’ report make it impossible to determine the content of these calls with absolute confidence, but industry insiders will be able to make reasonable guesses. 21 of the calls traced to Deutsche Telekom are labeled as ‘Amazon’; a wide range of scams exploit the high likelihood of a random individual having an account with the online retailer. Seven of the calls are labeled ‘Utility-30MinDisconnect’; one of the best-known scams involves pressing victims to make immediate payment to prevent their energy or water being disconnected within the hour. Three calls use a label that suggests the impersonation of Verizon. There is also one use of the label ‘bank scam’ and one use of the label ‘order scam’. In summary, it appears that all 33 robocalls traced to Deutsche Telekom were scams.
The FCC has done a good job of appearing to be transparent whilst withholding most of the information that would be needed to interpret the data in the report. For example, the traced calls are presented with unique references that are sequential in nature, but with gaps in the sequence. No direct explanation is given for these gaps. However, it is separately stated that the report excludes calls which were traced to a provider who could demonstrate that the call was legal. If this is the sole reason for omissions from the sequential reference numbers for traces then at least 228 of 1072 traces (21 percent) concluded with the call being deemed legal. This suggests that a considerable amount of time and effort is wasted because federal and state authorities are incorrectly jumping to erroneous conclusions about calls which have broken no law. A real transparency report would highlight which agencies are wasting the most resources that could be better directed at tackling real crimes.
Several comms businesses that have been prosecuted are named in this report. Five calls were traced to Avid Telecom, who are the subject of a major robocall lawsuit. The FCC says One Eye and One Owl are sister companies that both facilitate scam calls; their names collectively feature 13 times in the report. But given all the fuss about cracking down on these companies, it is intriguing to see how often major telcos are named as the origin of a call traced by the ITG. In addition to the 32 calls traced to Twilio, other calls traced back to originators within the USA include 15 from Telnyx, four from the Sinch/Inteliquent family of telcos, four from Vonage, and three that were traced to T-Mobile US. Orange were named as the source of three calls traced back to an international origin, but this just emphasizes the significance of tracing 33 international scam calls to Deutsche Telekom. There were also some well-known carriers named as providing the gateway point-of-entry for inbound international scam calls into the USA: Tata Communications (7), Lumen (5), PCCW Global (4) and Sinch/Inteliquent again (6).
If the real goal of this report was transparency then it is a failure. Most of the contents are too cryptic to draw any firm conclusions about their meaning, even for an industry insider like me. This looks like the kind of public relations exercise where somebody is keen to demonstrate that work is being done without showing useful outcomes. There are evidently problems in progressing from the suspicion of a crime to proving that a crime occurred, with the result that major telcos are not being punished when they carry illegal calls and considerable effort is wasted on calls that eventually prove to be legal. It is even possible that I am guilty of defamation by reproducing this report and drawing attention to its idiosyncrasies. The word ‘imposter’ is shown in parentheses alongside the name of Taconic Telcom, which appears in relation to 32 calls that were traced. Old sources indicate there was a genuine telecoms business with that name in the past, but the use of the word ‘imposter’ suggests that fraudsters have more recently hijacked the name for their own purposes. Repeating the name of a business whilst knowing it has been appropriated by fraudsters could be considered damaging to a genuine business still trading with that name. This also helps to explain why the FCC is caught between a desire to boast about the effort expended on protecting the public from scam calls and a reluctance to name and shame companies that may not have done anything wrong.
The pursuit of transparency would have been aided by the FCC supplying this information in a convenient format but they instead chose to publish it as a crude text file and as a PDF, with page breaks and other formatting nonsense that has to be stripped out to normalize the data… but I have done all that and made a clean version of the data available below. This is the FCC’s explanation for how the data is arranged and labeled:
The first column reflects the unique number the Traceback Consortium assigned to identify the traceback. The second column reflects the date the Traceback Consortium initiated the traceback. The third column reflects the originating, gateway, or nonresponsive provider associated with the traceback. The fourth column reflects the role of the provider in facilitating the call. A party may be either a U.S. originating provider (ORG), a U.S. gateway or point-of-entry provider (POE), or if applicable, the non-U.S. originating provider (IOR). If a provider did not respond to the Traceback Consortium concerning a particular traceback—thereby hindering the Traceback Consortium’s inquiry into the source of the call—the provider is identified as non-responsive (NR). The fifth and sixth columns reflect the campaign name and campaign label, respectively, associated with the call, both of which the Traceback Consortium ascribes in the course of its work.
You can see the data as a spreadsheet below, or click here to open it in a new window and see various options to download the data in different formats. Do not contact me if you cannot see the spreadsheet; the problem is with your browser or your corporate firewall, not with this website. But if you belong to the tiny fraction of the human race that likes to independently check sources then you will find the FCC’s original transparency report here.



