Plans to tackle scam calls and texts sometimes falter because of objections from stakeholders. So it is not surprising that many questions were asked in response to extensive anti-scam proposals published by ComReg, Ireland’s comms regulator, during June. ComReg took the unusual step of allowing extra time for any interested party to ask for clarifications, and have now published answers to an additional 32 questions that were asked during this period. One query from Twilio stands out because it demonstrates the impossibility of keeping everyone happy. Like many other countries, ComReg has realized that the simplest and quickest way to reduce scams involves blocking inbound international calls that have spoofed a domestic phone number. However, Twilio clearly hoped for an exemption from this rule.
Where ComReg refers calls from overseas branch offices or call centres, can this be interpreted as including remote/home workers of the companies and call centres concerned? If not, could the text be extended to explicitly cover widespread practices (e.g. especially since the COVID-19 pandemic, many organisations and call centres have continued to allow telework, and many people continue to effectively do so)?
ComReg were not willing to entertain the creation of a loophole that might be exploited by bad actors.
The fixed CLI blocking intervention is to apply without exception to all international voice traffic at the point of ingress to the Irish PSTN and as such would block all such international calls presenting with Irish fixed CLIs (i.e., this would include remote/home workers of the companies and call centres concerned). ComReg proposes to end any use of Irish fixed CLIs on calls from non-Irish PSTN to Irish PSTN so as to protect Irish telephone users from fraudsters who use CLI spoofing in this manner. Therefore, all relevant organisations, together with their operator, should ensure that calls using Irish Fixed CLIs originate on the Irish PSTN regardless of the specific end user case.
This small exchange of opinions reflects a more fundamental contrast between cultures on either side of the Atlantic. North American business culture has wholeheartedly embraced both telesales and offshoring. Europeans have far less tolerance for either. Ireland has strong ties to the USA, and many US multinationals have sited their European headquarters in Ireland, but it is always a mistake to overestimate the similarity between cultures, and expectations regarding working practices and how people communicate will always be heavily influenced by culture. It is very obvious why big US banks favor elaborate technologies like STIR/SHAKEN over straightforward controls that prohibit the use of domestic phone numbers for calls originating overseas. They want the benefit of paying lower wages to staff in countries like the Philippines whilst still being able to reach US customers who may reject calls from a mysterious foreign number. But the interests of big US businesses are not aligned with the interests of the rest of us. ComReg is effectively drawing a line in the sand and asserting that if you want to make a business call to Ireland then you have to respect the Irish way of doing things, and that means an Irish phone user receiving a call from an Irish number can reasonably anticipate they will speak to somebody who is actually in Ireland.
Readers with a deep interest in scam prevention should also take a look at the other queries put to ComReg. Regulators struggling with the detail of how to implement a Sender ID registry for SMS messages or how to define limits for the sub-allocation of phone numbers should pay particular attention. Any national comms regulator would be wise to emulate the anti-scam plans of ComReg but they will likely face similar questions about policy details.
The clarification questions and answers for ComReg’s anti-scam plans have been published here.
