Angry, Biased and Superficial: BBC Reporting of Spoofing Fraud

We talked about CLI spoofing a few times during Season 3 of RAG TV, but I was reluctant to dedicate too many shows to a topic that has dominated anti-fraud efforts in the USA for the last four years, and where hundreds of millions of dollars of expenditure have still not delivered a combination of technology solutions and upgrades that effectively protect consumers. So you know something strange is happening when a BBC Radio 4 program covers CLI spoofing as frequently as RAG TV does, and each time they tell the British public that the UK should just copy what other countries have accomplished, when there are no countries that claim to have reduced this fraud yet.

It was only just over a month ago that I wrote about the shameless bias of the BBC’s Money Box program, which asked the UK’s top fraud cop if telcos should do more to reduce fraud, received a nuanced reply that was broadly affirmative, so turned this into the clickbait headline that telcos ‘must do more’ to stop fraud. For reasons that baffle me, the same series made a second show about CLI spoofing, although nothing changed in the meantime. Perhaps their excuse is that they were granted an interview by Huw Saunders, Director of Network Infrastructure and Resilience at UK regulator Ofcom, and who is known to be considering the adoption of STIR in the UK. Saunders may now regret giving that interview, because he was ritually slaughtered by Money Box presenter Paul Lewis, a 73 year old journalist who specializes at being angry on behalf of old people who no longer understand how the world works. Lewis proceeded to bully Saunders whilst spouting a litany of half-truths and fabrications.

We’ve reported before on Money Box that caller ID is being routinely hijacked by thieves

Indeed. So why not explain the reason to talk about it again? No new information was presented in this show.

…but if the telecoms industry stopped caller ID being hijacked it would save tens of thousands of people the anguish of losing tens of thousands of pounds each

This is not supported by police data, and certainly not by any information collated by the BBC’s trivial research. It is regrettable whenever any individual is conned. However, interviewing a few victims for the human interest stories presented on a radio show does not demonstrate that ‘tens of thousands’ of Brits are being cheated out of amounts of money like this. Nor does it demonstrate that CLI spoofing was essential to each fraud. How are we supposed to determine the difference made by CLI spoofing when so many phone scammers succeed without using this technique?

I asked [Huw Saunders] why the telecoms industry is allowing thieves to use their networks to display false phone numbers to help them steal people’s life savings

The framing of this statement is so slanted that it does not deserve comment.

But isn’t it right that other countries are dealing with it much more quickly than we are?

No, that is not right, though Saunders lacked the courage to say so. If this were true then Lewis should name those ‘other countries’ that the UK should emulate. He did not do so, because the list would be both comically short and highly tendentious, given the delays and limited results in the few countries he could possibly be referring to.

…in 2020 half a billion pounds was stolen from 150,000 people and a lot of that theft used number spoofing to give victims a sense of security, so by not doing this the telecoms system is complicit in half a billion pounds of theft. You’ve told me it can be done. It just can’t be done quickly enough.

Lewis used his righteous fury to disguise the otherwise blatant switch from real numbers to unfounded estimations. If Lewis knows that ‘a lot’ of crime involves number spoofing, then why not tell us how much? And how did Lewis make the logical leap from blaming telcos for ‘a lot’ of crime, to making them complicit for all of it?

This show’s limited interest in facts was perfectly illustrated after Saunders explained the UK has already enjoyed considerable success through the use of its Do Not Originate list. Rather than simply accepting that this method addresses the most common types of imposter fraud, Lewis asked the following ridiculous question.

Has it stopped a single crime?

As much as I like to criticize Ofcom, I can hardly blame their employees for not being able to answer a question like this. Nobody could possibly know how many crimes are prevented by it not being possible to spoof specific phone numbers. Should Ofcom interview hardened fraudsters and ask them to estimate how much more crime they would have committed if fewer obstacles had been put in their way?

BT alone made two and a half billion pounds of profit…

No they did not. BT’s 2020 profit was GBP1.7bn. Their 2021 results were not published until after this interview, but unsurprisingly BT’s profits fell to GBP1.5bn as a result of the pandemic. How can professional journalists be so cavalier about basic facts?

…if as the regulator you told them to do it, by the end of this year, and fined them if they didn’t, wouldn’t that really concentrate their minds on it?

I suppose if you threatened to fine BT for not launching a manned mission to Mars by the end of 2021 then that would also concentrate their minds. It would concentrate their minds on how hard it is to accomplish things in real life when it is so much easier to just rant about other people needing to do it, and threatening fines if they do not. No amount of past shame has stopped the BBC suffering yet another sexual harassment scandal in recent weeks, although ending sexual abuse should be at least as important as tackling financial crime, and the BBC should have far more control over their staff than BT will ever have over other telcos. And why do fines, fines, fines, and fines never seem to fix the BBC’s many problems?

Saunders let Ofcom down by stammering his way through unhelpful metaphors instead of taking a deep breath and giving a simple but literal explanation of how technology really works. Then he would have been able to explain why one business is not responsible for the actions of every other business it must engage with. However, it was apparent that Lewis was divorced from any real interest in the subject matter, because even a superficial analysis of the ‘other countries’ he lauded would have highlighted how long they have taken, and how much they have spent whilst delivering no reduction in crime so far.

You say you found a solution, it will take four or five years to implement, might there not be another solution if it became the telecoms companies that lost money rather than these hapless individuals who are losing half a billion pounds a year?

At what point should a regulator intervene because so-called public service broadcasting is just an excuse for one old man spouting off in ignorance of the subject he is talking about? Lewis asks no real question here, nor does he expect a genuine answer. He is hectoring his victim instead of offering any meaningful analysis, and notice how he treats his bogus half-a-billion-pound statistic as if he somehow made it genuine by repeating it.

I can hear the thieves cheering as they listen to this interview

Lewis dropped the pretense of seeking information and resorted to demeaning Saunders. Then he planted the clickbait headline he always intended to plant, just as he did when he planted the headline for a previous show by asking if telcos should do more to stop fraud. This was Lewis’ final question to Saunders:

You… are telling people “don’t trust caller ID”?

What a waste of time. Please do not listen to the recording of this show, as it will only encourage the pompous twits who made it, although I include the link here for reference.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.