More than 5 Billion Robocalls for Americans in August

Commsrisk keeps publishing headlines about the dire number of nuisance robocalls in the USA for two simple reasons.

  1. Despite many promises that the number was falling, the problem keeps getting worse.
  2. The people who promised that the number was falling have never once admitted that they misled the US public.

There has recently been another wave of gaslighting as mainstream journalists repeat claims that yet another FCC deadline for compliance with STIR/SHAKEN will finally cause the US telecoms sector to turn the corner. This was the third and final time we will hear a trumped-up pledge that the enormously expensive deployment of STIR/SHAKEN will reduce unwanted and illegal robocalls. The deadline imposed two years ago required the biggest US telcos to implement STIR/SHAKEN on their IP networks; we were told this would lead to an improvement that never materialized. The deadline last year applied to some other, not quite so big telcos, and we were again told there would be an improvement that never materialized. This year’s deadline means STIR/SHAKEN is now mandatory for every US telco with an IP network, and we were once again told that this would lead to a downward turn in the number of spam and scam robocalls. But the graph above plots the number of US robocalls each month since the first of those STIR/SHAKEN deadlines, per data supplied by the YouMail Robocall Index, the most reliable measure of robocalls in the USA. The lies kept saying that robocalls are falling; the trend line shows robocalls keep rising. Immediately prior to the implementation of STIR/SHAKEN, the number of US robocalls was hovering around 4 billion per month. During August it exceeded 5 billion for the second time in four months.

The reasons for STIR/SHAKEN’s failure in the USA are so obvious that it becomes tedious to recount them. A prohibitively costly but fragile technology was implemented in advance of any serious attempt to improve the quality of know your customer (KYC) controls, making it too easy for bad actors to obtain STIR/SHAKEN signatures for calls that should never have received them. STIR/SHAKEN was implemented only for the minority of domestic US calls that are conveyed on IP networks from end to end, making it useless for reducing robocalls which pass over a non-IP network at any stage. The national regulator bleats about the number of robocalls that originate overseas, but unilaterally implemented a technology to tackle robocalls in full knowledge that it would not be supported by other countries. Even Canada, the only country which supposedly implemented STIR/SHAKEN in unison with the USA, has failed to apply STIR/SHAKEN signatures to more than a trivial portion of cross-border traffic.

Meanwhile, most other countries are ignoring STIR/SHAKEN and favoring cheaper methods that can block the majority of inbound international spam and scam calls. Ireland’s regulator is the most explicit when explaining why STIR/SHAKEN cannot be effective unless every other country has already committed to using it cooperatively. This simple but accurate observation led them to prioritize other techniques that will protect consumers much sooner than STIR/SHAKEN ever could. Meanwhile, Brazil’s regulator is choosing to adopt STIR/SHAKEN because they are not troubled by inbound international robocalls, but they will not replicate the US experience because their version will not depend on IP networks. The IP-only implementation of STIR/SHAKEN in the USA increasingly looks like a trojan horse, presented as a means to protect consumers but actually motivated by the desire to accelerate capital expenditure on the transition to IP networks.

If India can implement a universal system to register each individual’s choices of which telemarketing calls they will receive or refuse, and Brazil can implement a version of STIR/SHAKEN that works independently of whether the call is conveyed by IP networks, and Ireland can implement other controls that will automatically block inbound international calls that spoof domestic numbers, then why did the USA spend vast amounts on their IP-only version of STIR/SHAKEN whilst choosing not to spend money on cheaper, simpler technologies that are likely to protect consumers sooner? Does an excess of national pride make decision-makers blinkered to better ways of reducing spam and scam calls that have been tested and found successful in other countries? Or was the real motivation for their version of STIR/SHAKEN unrelated to the goal of protecting ordinary Americans?

Some readers may think I exaggerate the scale of the failure of STIR/SHAKEN in the USA. Judge its success not by my observations, but by the words used by its advocates. In February 2019, industry insiders painted such a rosy picture of the effectiveness of STIR/SHAKEN to journalists working for New York Magazine that they already claimed it was ‘the beginning of the end of robocalls’.

Adam Doupé is an Associate Professor at Arizona State University who will supply quotes to anyone who wants praise for STIR/SHAKEN. In 2019 he told CNN that anti-robocall apps will become more much effective once STIR/SHAKEN authentication had been implemented. That did not turn out to be true; there is now a scandal that analytics firms are incorrectly labeling authenticated calls as spam. But people who should know how to read a graph keep returning to Doupé for his invariably upbeat forecasts about the effectiveness of STIR/SHAKEN. Perhaps the nadir of positive thinking trumping objective data came in August 2022, when despite the clear trend line in the graph above, Doupé still concluded “I think we’re slowly getting there” for an atrocious puff piece published by Scientific American. How can any competent scientist conclude that anti-robocall efforts are ‘getting there’ when the number of robocalls keeps rising?

Shills for STIR/SHAKEN have formed an unholy alliance with politicians who were persuaded that the problem of robocalls could be solved by throwing a lot of money at it. Neither the shills nor the politicians care to admit that better results would have been delivered if they had applied some intelligence first. The absence of intelligence is demonstrated by the refusal to engage with objective facts. This is what FCC Commissioner Geoffrey Starks said about the number of robocalls in an open FCC meeting in May 2022.

Now is not the time for us to take our foot off the gas because, according to YouMail, there were 3.9 billion robocalls placed last month, far too many, but positive signs are that the numbers are trending downwards from last year.

Starks was wrong to claim there was a downward trend when he uttered those words. The data available at that time suggested a flat trend line at best. With the benefit of hindsight, we can all now see that Starks and other leaders of the FCC have routinely exaggerated the successfulness of their efforts to curb robocalls because they do not want to admit to past mistakes. The refusal to acknowledge the truth means they keep making the same mistakes because they cannot change course without losing face.

Has the FCC kept its metaphorical foot on the gas? They are taking action but they are not moving forward. It rather seems that the FCC is stuck doing the same things it did before, making the same excuses as before, and latching on to any meager example of success to distract from a lot more evidence of failure. This is because it would be too painful to admit repeated lies about ‘taking a step in the right direction’ have consistently been followed by results that went backwards.

Unwanted and illegal robocalls can be reduced. Consumers can be better protected. This can be accomplished sooner, and more cheaply. Other countries have proven this is true by delivering impressive reductions in the number of spam and scam calls. The reason the situation keeps getting worse in the USA is that too few industry leaders are willing to admit they have been going the wrong way. The further they go, the harder it is to admit the need for a new roadmap. Meanwhile, it is ordinary Americans who suffer the consequences.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.