20.5k unique visitors in the last 3 days

Self-Regulation Has Failed: Three Reasons to Bring Commsrisk Back

Commsrisk returns with three missions that are simple, cheap and realistic but which demand urgency.

Good men, the last wave by, crying how bright
Their frail deeds might have danced in a green bay,
Rage, rage against the dying of the light.

Dylan Thomas, Do not go gentle into that good night

A month ago, I asked Commsrisk’s most hardcore followers whether this website should continue. One said ‘no’. That was nearly the end, despite the many who answered in the affirmative. You should pay attention when your best friend tells you to stop doing something. He wanted me to conclude two decades of battling, and to switch to a lifestyle that would leave me feeling happier and healthier. Why spend hours hunched over a keyboard, or waiting in lonely departure lounges for return flights from far-flung business conferences, when contentment can be attained by walking through nature, or enjoying the simple pleasure of conversation? His advice was sound, but I am not following it. If I reach the end of this year with none of my objectives accomplished, I will also reach it without any regrets. There is still a chance of success and I will pursue that chance. With your help, we might accomplish extraordinary goals that will make us all feel proud. My new objectives for Commsrisk reflect the objectives that the hardcore followers spoke to me about. Discussing those ambitions was cathartic. Now let us do what often seems impossible: transition from talk to action.

Growing older and having enough money to last until your final days makes it possible to envisage ways to sidestep the worst of the hell that is being constructed for our collective future. Privacy has already been lost, thanks to endless data breaches and overconfidence in the power of ambitious regulations backed only by trivial enforcement. Phones were made so we could connect to other people when we wanted, but that paradigm has been supplanted by the objectives of spammers, scammers and spies who decide what they want from us and when they will take it. Artificial intelligence is being added to this unsatisfactory dynamic; it will deliver incomprehensible wealth for a few at the cost of handing a superweapon to the enemies of humanity. Our species does not exist solely to consume, but the soulless pursuit of consumption has degraded the networks that enabled everybody to talk to everybody else. If left unchecked, it will consume the very things that make us human. The infinitely sophisticated networks we have constructed are becoming highways to oblivion.

But perhaps there are still ways to attach brakes before the juggernaut completely escapes our control. Here are three examples of brakes we have not yet attached to the vehicles of progress.

  1. A reliable method of determining where communications originated.
  2. The consistent identification of bad actors before they make communications in bulk.
  3. Objective measures of how well, or how poorly we have protected the public.

One of the golden rules of marketing technology is to never boast that a product is cheap. Customers infer that a product which is cheap will also be inferior. Vendors have a natural interest in maximizing their profits. But I love cheapness. To be cheap is to be inclusive. The cheaper something is, the better the prospect of it becoming universal. Now that our networks are ubiquitous, we need brakes that can be manufactured at low cost as well as being effective, so they will be implemented everywhere. If controls are too expensive to be implemented everywhere then we will only channel harmful behavior from one road to another. It is not enough to have nice designs for solutions to our problems. The solutions must be so cheap that everybody will buy them, without any exceptions. This conflicts with the behaviors we are already seeing from the comms industry, which is willing to waste money on connecting scam communications all the way from origin to destination, and then asks the recipient to pay extra to have them filtered at the very end.

These are the three missions for the remainder of whatever career I still have in the communications sector.

  1. Promote the use of GSMA Call Check, a cheap and effective way of determining if a call has been spoofed.
  2. Promote the consistent application of cheap and effective know-your-customer (KYC) checks for businesses that intend to communicate in bulk.
  3. Promote the implementation of cheap and effective phone honeypots and other objective measures of scam and spam activity.

There are many people in the private sector who will support these goals. Unfortunately, many of them are also caught in a trap. The trap door opens between the laudable goal of self-regulation and the reality of who is exerting most influence over the would-be self-regulators. Bad elements within our industry consistently hijack ‘collaboration’ to guarantee one of two dysfunctional outcomes. The most obvious abuse of collaborative programs involves the blocking of any kind of progress, leaving us stuck where we are. For example, this has been the reality for KYC for many years. Every lying ass pretends they have robust KYC, then refuses to allow this to be independently verified. Self-regulation is not delivering a process that would permit regulators to proactively identify who the worst offenders are. We need a sequence of activities where reasonable businesses will arrive at some minimum standard that can then be progressively enforced on the recalcitrant.

The other dysfunctional outcome of self-regulation is the pursuit of unnecessarily expensive and complicated methods just because they will profit some businesses by raising costs for other businesses or by increasing the unwanted marketing communications received by consumers. Regular readers of Commsrisk will have noticed me repeatedly comparing this syndrome to the failings of the US healthcare system. I use this analogy because US corporations are disproportionately responsible for pushing terrible ways of remedying problems within the global communications ecosystem just because the widespread adoption of these methods would increase the returns for their shareholders. Instead of offering proper solutions, they seek to be paid rent in perpetuity. This makes them equivalent to drug companies who want the population to be unwell so they will consume more drugs.

I am not an anti-capitalist. I have no objection to people earning money so they can provide a better life for themselves and their families. But if the US healthcare system is not proof that the profit motive sometimes delivers woefully sub-optimal results, then what is? Free markets deliver the most effective outcomes when individuals can all act independently to best realize their own interests. Healthcare systems and communications systems are more effective when they are designed to serve the community as a whole. Too much atomization in healthcare and communications leads to gross inefficiency. We know this from the recent history of telecommunications. Europeans can look enviously at the valuations of the most successful American tech businesses but the biggest event in mobile communications occurs in Europe because the European GSM technology prevailed over CDMA. GSM won because it served a larger and better connected community from the outset, whilst the US market was fractured in comparison. The US lost a lot of ground in the telecommunications race as a result, and has not recovered it since.

We need cheap and effective methods of tackling bad communications because bad communications can begin anywhere in the world. The problem is global in nature. A selfish atomized outlook is unsuited to solving it. National regulators must push back against the lobbyists who are attempting to turn consumer protection into a cash cow that will be milked from now until the end of time. National regulators must also cooperate with each other. It is pleasing to see European regulators in the vanguard of cooperation. Their cooperative approach contrasts with that pursued by the US Federal Communications Commission, which listened to US corporations that thought they could dictate the evolution of controls over telecommunications in the same way that institutions dominated by Americans have become the governors of the global internet. Everybody is deeply conscious of the intractable problems with spam, scams, misinformation and harassment on the internet; most nations will be wary of allowing telecommunications to slide in the same direction, even though the internet is replacing the previous foundations of telecommunications.

One difficulty is that even well-intentioned industry associations tend to be taken over by selfish corporate interests that do not fairly represent every country, every service and every kind of customer. As Morgan Ramsey of Vodafone has tried to highlight, these associations have not even been effective at conveying the opinions of professional fraud managers when this industry tries to make decisions about how to tackle runaway fraud. I applaud the work of the One Consortium in trying to engineer consensus on how to tackle fraud globally, but the minority of participants who are employed by telcos tend to work for Public Policy departments or are focused on wholesale products. They are not the hands-on experts in fraud and consumer services that should be influencing decisions relating to consumer scams, but who have presumably been denied permission to participate by their bosses. So even as groups like GIRAF build bridges for regulators to speak to each other and listen to the private sector, the professionals who most need to be heard continue to be excluded from the conversation.

In contrast, there was no shortage of Vice-Presidents of Business Development or former FCC lawyers that flew from the USA to Copenhagen to discuss fraud prevention at a meeting of European regulators last year. There were far fewer genuine fraud experts from European telcos, and none from Asia or Africa. The result was the absurdity of American businesspeople giving lectures to European regulators about the benefits of US stratagems that have demonstrably delivered inferior results to those observed in Europe.

These lobbyists did not even get their facts straight. One highlighted a supposed example of the FCC targeting a robocall scammer, even though that specific case was about the artificial inflation of traffic to arbitrage wholesale prices. None of the automated calls made by that person terminated on the phones of ordinary people, although the case was wrongly presented by the FCC as evidence of regulatory action to protect the public. Another American lobbyist confused an FCC-approved national voice traffic governance body with an attempt to institute a global traffic policeman. Duplicating the US national regime on a global level would be advantageous to the businesses which run it because they have already appointed themselves to the roles which would collect fees from telcos worldwide. However, the FCC clearly does not have the legal authority to delegate the powers needed to impose fees or sanctions when telcos exchange traffic within a foreign country, or between two countries outside of the USA. And the source of this confusion between national and international governance was a lawyer-turned-lobbyist who was formerly employed by the FCC!

I do not desire to be anti-American. My point is much simpler. Expertise in a field like fraud management or cybersecurity or data protection is not measured by the willingness of an employer to pay air fares so that an individual can give face-to-face instruction to foreigners. If we want genuinely robust KYC that stops bad actors originating bad traffic in Uganda, Uzbekistan and the UAE then we need to engage professionals in Uganda, Uzbekistan and the UAE. If we want to capture criminals who originate harmful traffic then we need the cooperation of the authorities in the jurisdictions where the criminals operate. A surplus of well-paid American lawyers and marketeers will never compensate for the lack of engagement from the rest of the world. Problems need to be tackled at their origin, not just at their destination. But we cannot even run an industry symposium that involves genuine anti-fraud experts from across the planet because we would never get agreement on how to cover the costs of the meeting. And with this, I hope I have demonstrated why cheapness is the most vital attribute of any solutions we may consider on a global scale.

Commsrisk is cheap. I have often joked about battles I fought against multimillion-dollar corporations using a 10-dollar website. It has to be cheap, because the product must remain free to its consumers in order to reach the maximum audience. I had hoped that Commsrisk would be a catalyst for the many good people that work across the communications sector. The ambition was for them to connect with each other, encourage each other, embolden each other, and thus gain the strength and confidence to change the world for the better. That is why I have always rejected suggestions that I impose a cost on readers. Last year the Mobile Ecosystem Forum (MEF) hired me to keep running Commrisk on their behalf; 14 weeks later they said they would no longer pay for Commsrisk because it had not been sufficiently monetized. So I resigned. MEF say they want self-regulation, but what they most want is growth of their revenues, and growth of the number of visitors to their website. That is understandable; they employ people, and you need money to employ people. However, this also creates difficulties because some of their revenue growth occurs by attracting members that are greedy corporations with zero interest in cleaning up this industry. People employed by greedy corporations tend to complain when their employers are described as greedy, even if the description is accurate. And that is another reason why self-regulation has been a failure.

Commsrisk is also expensive. It costs a lot of my time. In Outliers, Malcolm Gladwell famously argued that the key to achieving true expertise in any skill is to practice the skill for 10,000 hours. If so, then I should be an expert at writing words like these, having spent approximately 15,000 hours writing for Commsrisk. With that in mind, perhaps I can afford to expend another 500 hours writing more Commsrisk articles over the next 12 months, as I have promised to the website’s new sponsors, Oculeus and BluGem. If my skill has any value, then it needs to be realized whilst there is a willing audience. The audience accumulated over 18 years would soon dissipate if Commsrisk does not maintain a regular publication schedule. That fact weighed heavily on my thinking. However, if I am to put time into Commsrisk, I would prefer that the time is not wasted. I am cheap, but I am also mean. I want a return for my investment.

The return I seek is not monetary, unlike the returns sought by the big American corporations that are trying to dominate the nascent market for methods to control international traffic. I seek the satisfaction that will come if enough people listen, and act, and come together in common cause. And that means regulators need to find ways to engage with Commsrisk’s audience more than ever before. I can help with that, but I cannot do it all alone. My sponsors will also help; the agreements we have reached will permit me to attend more of the meetings that would otherwise be dominated by lobbyists. Telco employees should still seek to voluntarily demonstrate what can be done to reduce harm to the public. Real experts demonstrate their expertise through their actions.

Regulators are most persuaded by telcos that voluntarily succeed at meeting a communal objective, as is clear from the reaction when European telcos have shown European regulators they have reduced the number of scam calls received by consumers. I still want to encourage telco employees to make the argument for proactive solutions instead of only doing the minimum to comply with obligations. However, much now depends on intervention by regulators, because self-regulation is proving inadequate. Those regulators must understand that this audience is comprised of a much greater variety of dedicated professionals than the minority who can afford the expense of lobbying them directly. They need to believe this audience is big, is real, and it cares. They are looking for partners who will work with them. I know the audience is all of these things, but my words alone cannot convey the truth of it, especially when fighting for attention with lobbyists who claim to speak on behalf of the fraud experts that they actually ignore. I can write words about what we might do; it is up to all of us to bridge the divide and to turn good intentions into something real.

Thanks for taking the time to read this. I have asked a lot of you, the audience, by presenting you with two long articles either side of a month-long silence. The emotions involved in making the commitment to continue with Commsrisk means this was not an easy article to write. Thanks also goes to the many people who answered my question about whether Commsrisk should continue. I will give you what you want, although my best friend will be disappointed. But remember that I want something in return. The next three articles will flesh out the three missions I have adopted and will promote through Commsrisk: the adoption of GSMA Call Check; consistent KYC for bulk communicators; and phone honeypots that objectively measure scam and spam activity. After that, Commsrisk will return to business as usual, with an enhanced roster of expert contributors writing about how the communications industry can do a better job of protecting itself and its customers. Let us turn the stream of words into more action than ever before.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email