i3forum Bids to Unite Carriers and Resolve the Global Spoofing Crisis

A nonprofit association of many of the world’s leading wholesale carriers has launched an initiative to address one of the most daunting challenges faced by the comms sector: how to tackle the escalating abuse of networks and customers enabled by the systematic spoofing of calling line identification (CLI). Their plan is to bring international carriers together so they can speak with one voice when negotiating viable anti-spoofing strategies that will be supported by national regulatory authorities (NRAs) in different countries.

The spoofing of an originating number has been made much easier by the transition to the internet, and is used to cause harm to both telcos and ordinary people. Telcos can be fooled into charging other telcos the wrong amount for voice traffic, and presenting a misleading number can help scammers to trick the recipients of an unsolicited call. Spoofing also facilitates telemarketing spam by making it harder to determine where it came from. However, there has been a notable lack of coordination between national regulators and international carriers. The result has been a mess. There have been too many incompatible proposals that compete for attention. Associations whose members only represent a small portion of the global industry have pushed complicated and fragile technical specifications that do not work across borders. Worst of all, some national regulators have indulged fantasies about obligations they would like to impose across the whole planet although they do not meaningfully enforce them at home. The i3forum, a global association that includes such heavyweights as Vodafone, Orange, Telefónica, Twilio, BICS, Tata Communications, PCCW Global and iBasis, plans to take charge through the launch of ‘One Consortium’, a body that will coordinate and represent the anti-spoofing interests of the entire international communications industry.

The mission statement for One Consortium says membership will be free, and is not limited to existing i3forum members. It will be run on a not-for-profit basis, and led by comms providers who carry international traffic. Vendors and other organizations may join, but will not be able to lead. One Consortium would hence provide every national regulator a single entity to negotiate with when deciding how to reduce the spoofing of inbound calls to their country. As a consequence, One Consortium should help to reduce problems caused by national regulators failing to align with each other. It will also counter the tendency for regulators to only solicit the opinions of domestic telcos. This has led to inadequate consideration of the needs of international carriers which require technologies that will work across borders and laws that can be respected without any conflict between jurisdictions.

Anyone wishing to become a member of One Consortium is invited to participate in an open online meeting that will occur on September 7 at 11am UTC. It is unclear what limits may be placed on who can join or speak at the meeting, nor has the format of the meeting or its agenda been publicized yet. The current priority is evidently to canvass for the broadest possible support. This will include appealing to big carriers like Deutsche Telekom that are not currently members of i3forum. Whilst the outcome is uncertain, the organizers have listed some of their ambitions.

Together, we will build a framework for standardized global guidance and industry viable solutions, such as starting with international calls with National CLI inbound to country level.

This approach also calls for the Industry to engage with NRAs and co-develop joint or self-regulated mechanisms to implement, operate, and enforce such a framework on an opt-in basis. It will ensure that compliance drives benefits and non-compliance causes significant negative consequences.

1. Self/Joint Regulation Framework

  • Joint/self-regulation framework to enforce unified guidance and solutions
  • Opt-in framework for Carriers and NRAs
  • Compliance at Carrier or trunk level
  • Compliance monitoring and enforcement
  • Compliance may bring “Trusted Partner” benefits from participating NRAs and fellow Industry players
  • Non-compliance results in Industry and NRAs penalties

2. Joint Governance

  • Joint overall management of the joint/self-regulation framework by NRAs and Industry
  • Jointly address NEW issues, adapting and improving framework

A good place to start is tackling immediate issues such as legitimate International Traffic using National CLI. There are several current use cases to address:

  • Roaming
  • International Call Center outsourcing
  • International DIDs

These objectives strongly hint that big carriers would be glad to play a more forceful role in policing international traffic if regulators would adopt a more consistent stance on when carriers can legally refuse to do business with telcos that are known to handle dodgy traffic. Too many regulators have a bad habit of adopting an inconsistent position depending on who they are talking to. When asked about reducing the cost of services and enabling competition, they want carriers to be forced to do business with anybody, but when consumers complain they have been scammed, regulators pass the buck by pretending carriers have complete freedom to decide whose traffic they will reject. Cynical comms providers exploit the studied ambiguity of regulators by arguing they would like to reduce fraud but are powerless to act because of their legal and regulatory obligations. Downward economic pressure on the whole of the international voice market means the big players are highly motivated to reach a consensus that will allow them to drive out competitors that boost their margins by relying on gray routes and more obviously unlawful practices.

The open letter inviting participation in One Consortium was published on the i3forum website last week, and can be found here. The registration form for anyone wishing to attend the consortium’s September 7 online meeting is here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.