Germany’s leading telco, Deutsche Telekom, refused to provide the US Industry Traceback Group (ITG) with information about 90 seemingly illegal calls. This placed Deutsche Telekom fifth on the ITG’s list of comms providers who did not satisfy traceback requests. To put this into perspective, 100 traceback requests were ignored by Sumco, the business immediately above Deutsche Telekom on the list, and they were subsequently issued with a USD300mn fine for generating illegal robocalls.
Deutsche Telekom is far better known than any of the other telcos listed near the top of the ITG’s unresponsive list. A Latvian business, Lexico Telecom, topped the list by ignoring 190 traceback requests, followed by two US companies: Fugle Telecom (116) and Telesero/Fiducia (114).
The spreadsheet is in the public domain because of requirements written into the USA’s TRACED Act, the law which was passed in 2019 with the goal of reducing nuisance robocalls received by Americans. The TRACED Act created new burdens for telcos worldwide, as I observed at the time. However, the German telco excused their non-compliance by arguing they are also subject to conflicting rules, as described in a note in the ITG’s spreadsheet. Referring to the telco as TDG, which is short for Telekom Deutschland, the official name of Deutsche Telekom’s German operating company, the note states:
TDG traceback actions depend on the following restrictions:
1. Traceback demands are generally requested by the national regulatory authorities like Bundesnetzagentur (BNetzA) in Germany or national police,
2. TDG interconnection contracts are limited by NDA and/or compliance rules potentially avoiding a complete traceback information.
There was a degree of naivety in the US decision to unilaterally demand all telcos worldwide must assist the tracing of calls that terminate in the USA without anything being offered in return. The FCC has only issued three fines to illegal robocallers since the beginning of 2022, including the fine for Sumco. None of those fines have been collected, begging the question of what is acheived by assisting the US authorities to identify the originators of bad traffic when the likelihood of punishment is negligible.
As the Deutsche Telekom example illustrates, any foreign power which wants to frustrate the USA could simply pass a new law or impose a new regulation which prohibits a telco from complying with the US traceback process. This could easily be justified as necessary for data protection. However, the issue has not come to a head because very many telcos have simply ignored the ITG’s requests for data. Deutsche Telekom took the unusual step of providing an explanation for their non-compliance, unlike the vast majority of businesses that the ITG listed as non-responsive. The ITG names 373 businesses that did not comply with traceback requests; this total only includes a business if it has received at least three separate traceback queries.
Others will want to play down the significance of Deutsche Telekom’s non-compliance by arguing that 90 calls is a small number. However, it is not a small number in this context. ITG only has the capacity to trace about 300 calls a month. Calls are traced if they are believed to represent a sizable illegal campaign. It is significant if Deutsche Telekom is being asked to identify 10 times as many robocalls as other well-known telcos. A traceback transparency report for the second quarter of 2023 showed the ITG traced more scam calls to Deutsche Telekom than any other major telco.
Readers are unlikely to recognize the names of most of the businesses that failed to comply with ITG queries unless they have a specific interest in illegal robocalls. However, there were other big name telcos amongst the 373 businesses on ITG’s non-compliance list. These included:
- Vodafone US, with 10 non-compliances
- BICS/Belgacom/Proximus, the Belgian telcos, with eight non-compliances
- T-Mobile US/Sprint, with seven non-compliances
- Etisalat, of the United Arab Emirates, with seven non-compliances
- Tata Communications America, with six non-compliances
- TELUS, one of the big three Canadian operators, with six non-compliances
- France Telecom España/Orange España, with five non-compliances
- China Telecom Global, with three non-compliances
The FCC banned China Telecom from operating in the USA two years ago, illustrating the extreme optimism involved in expecting every telco to assist US attempts to trace calls. Other notes on the spreadsheet indicate the extent to which compliance with the traceback process necessitates significant changes in the ways telco employees think and behave. The ITG list says TELUS did not satisfy six requests, but the note on the spreadsheet says:
there is just 1 call from that a-number. the sender of the call is not a traceback member and located in Hong Kong. they don’t wish to participate so it’s not my call to add them as a new provider to the list without their ok.
You might think major US operators could be relied upon to assist, but it looks like German attitudes to supplying data have influenced T-Mobile US, which is controlled by Deutsche Telekom. The note alongside their seven non-compliances states that the request for data must go through T-Mobile’s security team.
The FCC prefers to maintain a simplistic narrative about the progress being made to reduce illegal calls. They do not like to examine the many serious obstacles to their strategy. There is a legal obligation to provide the data included in the ITG’s spreadsheet but it is telling that the FCC slipped the document out with little explanation of its contents on December 27, 2023, as an attachment to their annual robocall report to Congress.
The traceback process is one of the more successful elements of the US plan to reduce illegal calls. I am sure that the ITG must put a lot of effort into identifying the sources of bad traffic. But there are clearly problems with realizing the current objectives. The USA does not know how to compel foreign telcos to comply with traceback requests. Any legal obligation invented by the USA can easily be neutered if foreign powers choose to create opposing legal barriers. The value of the exercise is undermined by the certain knowledge that bad actors will not be punished after they have been identified. And there is a degree of hypocrisy in American demands because it is notoriously difficult for foreigners to obtain the data they need for law enforcement from US companies.
The ITG listing of comms providers who have received traceback requests can be found here.



