FTC ‘Ramps Up Fight’ on Illegal Robocalls by Publicly Naming 24 Telcos They Have Warned

On April 11, the US Federal Trade Commission (FTC) issued a press release regarding Project Point of No Entry (PoNE) targeting…

…‘point of entry’ or ‘gateway’ Voice over Internet Protocol (VoIP) service providers and warning they must work to keep illegal robocalls out of the country.

The FTC previously sent letters to twenty-four service providers identified in traceback data for calls between 2021 and 2023, with five letters sent in May 2022, nine letters sent in August 2022, nine letters sent on March 17, 2023, and one letter sent on April 4, 2023. The first five letters in May 2022 were described as warning letters, with the remaining letters described as cease and desist demands.

The press release celebrates the successful actions of the twenty-four service providers to reduce illegal calls on their networks and attributes those reductions to the providers’ receipt of the FTC letters, citing that:

Before being contacted by the FTC, the targets had a combined total of 1,043 tracebacks. After being contacted and warned about their possibly illegal conduct, that number dropped to 196, illustrating Project PoNE’s effectiveness at stopping illegal robocalls before they could enter the country. Of the 196, 147 are linked to two uncooperative providers, one of which is subject to an FCC law enforcement action.

Along with the press release, the FTC published the names of the twenty-four service providers and for each provider, copies of the FTC letters and a few sample audio recordings of calls presumably associated with call campaigns carried over the provider’s network.

Naming and Shaming Doesn’t Foster Cooperation or Consumer Education

The FTC unquestionably has the good intention of stopping illegal calls and protecting US consumers. The data gathering behind the letters represented considerable work, and any progress made by service providers to reduce tracebacks on illegal call campaigns traversing their networks should be applauded. To the extent the FTC’s letters were responsible for those actions, it is absolutely understandable that the FTC should be pleased with those results.

What is unclear is why the FTC chose to publicize specific parties that were contacted over the previous two years, and what prompted them to do so now. I am also sympathetic to the twenty-four service providers and in some of their shoes I would be very surprised and upset by this press release. By the release’s own narrative, this is a success story of these providers taking action to clean up their networks, likely at great monetary cost. Despite those actions, the FTC made the decision to out the providers by name after the fact. No reasons were stated beyond a note about releasing the robocall recordings for consumer education.

Publishing the letters and provider names has no impact on consumer education. The impact is to harm these providers’ reputations after they have already made strides to address the problem. The majority of readers are likely to interpret the press release as the FTC condemning the listed service providers. Further complicating the message received by the public, the call recording files are listed as “[Provider Name] robocall” as though an employee of the service provider is recorded when (as the FTC knows) that is not the case.

If the FTC’s goal was truly consumer education, it could have just published a databank of unnamed recordings without perpetuating consumer misunderstanding — it intentionally chose to name and shame the providers that it simultaneously praises and whose actions it claims as a testament to Project PoNE’s success. I can only speculate that there were other internal FTC motivations to publish or that this may have been a decision by leadership after the fact.

In fairness, a few of the named service providers have separately been named in enforcement actions by multiple agencies with serious allegations of negligence. These providers have likely folded most of their operations after other businesses refused or were ordered to block their traffic. So while their inclusion in the named providers may not serve as a great example of the effectiveness of Project PoNE versus other enforcement efforts, for these few providers there may be no reputational damage done that wasn’t done already.

For many of the providers, however, that is not the case. Inteliquent, for example, is a standout. Inteliquent (acquired by Sinch in 2021 but still operating under the Inteliquent name) is a well-known service provider with over 400 employees. Inteliquent’s wholesale voice business bears the risk of carrying bad calls. I cannot speak to its internal practices, but when pushed, I’ve seen Inteliquent make big moves to kick off large customers. Inteliquent received a letter from the FTC in May 2022 regarding tracebacks largely from 2021. I would bet money they were one of the providers that fired customers and made changes following the notice, but a year later their name has been grouped with entities that have been prominently condemned by enforcement agencies and news media. If I were their Head of Compliance, I would be very displeased.

Measuring the Effectiveness of PoNE

Was the FTC’s PoNE program effective? The data provided in the press release doesn’t make a clear argument for its effectiveness, because the numbers provided aren’t specified in detail and the dates do not clearly align with the results claimed.

Ten of the twenty-four letters were only very recently issued on March 17, 2023, or in one case, April 4, 2023. And yet, the FTC says in its release dated April 11, 2023:

Before being contacted by the FTC, the targets had a combined total of 1,043 tracebacks. After being contacted and warned about their possibly illegal conduct, that number dropped to 196, illustrating Project PoNE’s effectiveness at stopping illegal robocalls before they could enter the country.

It seems unlikely that much contribution to this reduction came from the providers who were contacted in the weeks immediately before this press release issued. What is the time period on 1,043 vs 196 tracebacks? Did the providers just have 196 tracebacks last month but 1,043 in the previous forever? The FTC does not say.

I was unable to find any public mention of Project PoNE that predated this FTC press release. The letters attributed to the project date back to May 2022, but none of the letters I reviewed made reference to the project. Did Project PoNE begin in May 2022 or is it a new concept retroactively conceived to celebrate former victories? It is unclear, but I suspect the latter.

We Need Public Policy in Addition to Enforcement

I welcome the FTC’s involvement in the fight against illegal calls. We need more resources and more voices capable of approaching the problem and promoting solutions from a variety of angles. Enforcement is important, and some providers should be shut down. Many can and should make some changes to their policies, especially with regard to their know your customer (KYC) requirements. However, there is currently no universally adopted policy framework for KYC. I have proposed solutions, and I am eager to continue discussing these with policymakers.

Service providers cannot solve the problem of illegal calling on their own. It does not matter how much they wish to avoid being sued or jailed because effective solutions require systemic change that cannot be delivered by service providers working in isolation. The US state and federal law enforcement organizations that specialize in illegal calls cannot cope with the revolving door of new service providers associated with shell companies. They are absolutely exhausted with pursuing enforcement. We have to focus on policy changes that allow us to determine the true identity of any business seeking to become a US service provider before we turn towards verifying the identities of callers. Doing this will require expertise, perspective, resources, cooperation, and authority that individual service providers simply can’t possess or manifest individually.

While Project Point of No Entry seeks to solve important problems, it perpetuates the theme of securing the phone network by applying more pressure to service providers. As someone that has done the same in the name of reducing fraud, I understand and empathize that it can be necessary, but pressure tactics also lead to collateral damage. More importantly for the FTC, its staff will be increasingly overwhelmed by enforcement work unless we create systemic policy changes. I hope to see a future Project Point of No Entry that pursues a policy roadmap for the qualification of US service providers such that we can effectively identify, credential, and oversee the entities authorized to offer US voice services. Further elaboration on what this might look like is beyond the scope of this article but I will continue to discuss this topic, and I invite collaboration with colleagues and experts across our industry.

Sarah Delphey
Sarah Delphey
Sarah is the Vice President for Trust Solutions at Numeracle, the experts in identity management. She joined Numeracle in 2022 after gaining 7 years of experience at Bandwidth in a series of roles relating to risk management and legal compliance, ultimately serving as their Director of Abuse and Risk Operations. Sarah has a deep understanding of Know Your Customer processes which then gets applied to weeding out scam and spam calls whilst ensuring clients can demonstrate their traffic is trustworthy.