Long-standing readers of Commsrisk will know that the US government has a bad habit of pouring money into the pockets of fraudsters that abuse subsidies for comms services meant for poor people. However, the most recent advisory concerning fraud and the Affordable Connectivity Program (ACP) suggests the government is incapable of learning from past mistakes. There has been much trumpeting of the rapid approval of USD14.2bn of government funding for ACP. The core justification was plain: children needed access to the internet during the pandemic. Even after the pandemic was over, the lack of internet access is known to harm the education of children living in poorer households, so it is vital that kids can access the internet from home to avoid suffering a lifelong disadvantage. However, the implementation of controls to prevent waste and abuse have lagged behind the speedy approval and implementation of ACP. There are not even effective controls to prevent the same child’s details being used to obtain subsidized mobile phones and internet access for hundreds of separate accounts in hundreds of separate homes.
A memo from the Office of the Inspector General (OIG) for the Federal Communications Commission (FCC) says:
OIG’s analyses… clearly show that a number of providers and their agents have enrolled many households into the ACP based on the eligibility of a single BQP [Benefit Qualifying Person].
In the most egregious example identified, more than one thousand Oklahoma households were enrolled based on the eligibility of a single BQP, a 4-year old child who receives Medicaid benefits.
Three separate service providers registered accounts whose eligibility related to this same child. They collectively received USD365,324.13 in government subsidies as a result. OIG also listed 11 similar cases involving a single person’s details being used to obtain hundreds of subsidized accounts each. A total of 6,046 subsidized accounts were created ostensibly for the use the households of the 12 listed beneficiaries, at a combined cost to the US taxpayer of USD1,416,809.76.
The cases described in the OIG memo may represent the most egregious frauds they have identified, but they also indicated there were many other instances of smaller frauds involving the reuse of an individual’s details. The total cost of this kind of fraud could reach tens or hundreds of millions of dollars. Perhaps the most worrying aspect of the OIG memo is that they did not even seem certain about the number of service providers guilty of enabling fraudulent claims, saying it was ‘approximately a dozen’.
It cannot be that difficult for a US federal agency to log each name, birthday and social security number used to claim subsidies so that duplicates are identified in advance of making payment. Both crooked and lazy service providers would soon implement better controls if they feared they would be out of pocket because the government refuses to reimburse obviously suspicious claims, instead of the current approach of making the payment first, then checking the validity of the claims much later.
Per the FCC’s instruction, the USA has collectively spent half a billion dollars on applying digital signatures to phone calls to supposedly stop scammers and spammers. They also claim their robocall mitigation database will be used to log and review controls implemented by thousands of telcos around the globe. However, this same agency lacks the drive and the wherewithal to maintain a simple register that would prevent repeated examples of subsidy fraud.
The OIG’s ACP fraud warning can be found here.