As mobile operators go, Mobily is no pipsqueak. Their most recent investor pack said their customer base has grown to almost 12 million subscribers, and they also provide fiber to the home for 293,000 households. This gives them about a quarter of the Saudi Arabian market, placing them behind incumbent operator stc, but ahead of Zain. Despite Mobily’s size and the importance of Saudi Arabia as a US ally and home to a US Air Force Central Command wing, this particular telco is one of a very few businesses that has been effectively blacklisted by the US comms regulator, the Federal Communications Commission (FCC), for supposedly failing to have adequate anti-robocall controls. Mobily’s blacklisting appears to have no operational significance; they have been excluded from the FCC’s Robocall Mitigation Database (RMD) but telcos only need to be listed in the RMD if they terminate calls within the USA or have a direct interconnect with a telco that terminates calls in the USA. As a mobile network operator, Mobily almost certainly relies on other legal entities to carry traffic between Saudi Arabia and the USA. Even so, it is worth questioning why the FCC rejected Mobily’s attempt to re-register with the RMD on June 3, 2024, and why the decision to block this particular submission was not publicized like an earlier decision to eject Mobily from the RMD after they had already been listed for several years.
Questions like these need to be answered because somebody somewhere needs to reconcile the pompous bluster about robocall mitigation that the FCC routinely feeds the American public with the absence of practical advice for foreign businesses that do not want to employ a legion of lawyers just to understand what the FCC really wants. Many people know the FCC expects telcos to have robocall mitigation plans. Nobody can tell you what needs to be included in these plans. The refusal to communicate minimum expectations exacerbates the gross overoptimism of the FCC’s strategy, which is that telcos everywhere should protect US consumers from harm even though the US State Department is so weak that it does not sanction countries where thousands of human beings have been enslaved and forced to scam victims in the USA and elsewhere. If a big, legitimate telco like Mobily seeks to register with the RMD, despite not really needing to register, they are obviously trying to help the FCC. Preventing Mobily from registering, without transparently explaining that decision, will make no difference whatsoever to the service received by 12 million Saudis, but it justifies cynicism about how the FCC is pursuing its stated goals.
Sadly, US tech journalists never check the details surrounding an FCC decision like this. They unquestioningly repeat every FCC press release as if it has been carved in stone and carried down from Mount Sinai by Moses. However, I find the RMD to be full of crap. There are many obvious omissions and errors in the data contained in the RMD. And when I state this is ‘obvious’, I mean even a person with only a trivial understanding of data quality or the telecoms industry could tell there is a lot that is wrong in that database, if they bothered to check its contents. The dire state of the RMD would be considered a serious problem, if any serious people actually cared about it. The FCC keeps telling the press — and note here the significance of journalists just repeating what they are told without question — that the RMD is used to protect Americans from bad calls. If the RMD is full of crap, that would imply Americans are not being protected all that well.
However, if I just tell people that the RMD is full of crap then they may not choose to believe me. This is partly because they lack the imagination to believe a US government agency could ever fail (!), partly because they are too lazy to check for themselves, but mostly because they are suck-ups who hope to get favorable treatment from the FCC in future. So our team began downloading the full RMD every week in order to identify anomalies in the data and hence prove how flawed it truly is. And that leads us to the topic of this article, which is an exploration of why the FCC publicly announced that Mobily had registered with the RMD a few weeks ago, only for Mobily’s entry to be deleted again almost as soon as it was added, with no subsequent announcement to state that it had been deleted or to explain why.
Hello,
As of 11 AM EST on Tuesday, June 4th, 2024, the following changes have been made to the Robocall Mitigation Database:
So began an email sent by the IT Service Desk of the FCC. As you might have already deduced, it was sent at 11am, US Eastern time, on June 4.
Creations:
…
RMD0021709 TCRF Group Inc
RMD0021741 Ettihad Ettisalat Mobily
RMD0021717 Framework IT, LLC…
The addition of Etihad Etisalat Mobily, to use their full name, was interesting for reasons that will be further discussed below. So I immediately went to check the details of RMD entry 0021741. And that was when I discovered the entry was not in the database after all. The entry for TCRF Group was in the database, and remains in it. The entry for Framework IT was in the database, and remains in it. But there was no entry matching Mobily’s name, or matching reference 0021741. If you do not believe me, check the database yourself; sometimes I wish people would. RMD entry 0021741 had evidently been deleted, but you would never know that from reading the announcements of the FCC’s IT Service Desk, because entry 0021741 has not been included in any of the announced deletions, despite new deletions being announced each week.
(Before anyone starts quibbling about spellings, Etihad Etisalat is the same as Ettihad Ettisalat because both are transliterations from Arabic into a name that has been written using the English alphabet. Some allowance must be made for choices in spelling when transliterating from one alphabet to another, just as different users of the English language are often free to choose between several different but correct spellings of the same word.)
Readers might speculate that Mobily’s name was only included in that email because it was written by some idiot who had a brain freeze that morning. However, by a quirk of timing, our weekly automated download of the entire RMD database captured entry 0021741 before it was deleted, and before it was announced. This is what that entry said:
RMD Number: RMD0021741
FRN [FCC Registration Number]: 35505692
Business Name: Ettihad Ettisalat Mobily
Business Address: Riyadh CT4 Building, Riyadh, Saudi Arabia
Foreign Voice Provider: Yes
Country: Saudi Arabia
Other FRNs: none
Other DBA Names: none
Previous DBA Names: none
Robocall Mitigation Contact Name: ITM
Contact Title: ITM
Contact Department: WS
Contact Business Address: Mobily CT5 Building, 2rd (sic) Floor, Alsulaimaniyah District. Riyadh 12245
Contact Country: Saudi Arabia
Contact Telephone Number: +96656031 [final four digits redacted from this article]
Contact Phone Extension: [blank]
Implementation: No STIR/SHAKEN Implementation – Performing Robocall Mitigation
Voice Service Provider: Yes
Gateway Provider: No
Intermediate Provider: No
Last Updated: 2024-06-03
Filing URL: https://fccprod.servicenowservices.com/rmd?id=rmd_form&table=x_g_fmc_rmd_robocall_mitigation_database&sys_id=c0f7e9b9936e025063defb786cba10b2&view=sp
If you were paying attention then you will already understand why the final URL will not take you to a webpage that repeats Mobily’s details. And some of you will have noticed deficiencies and likely errors in this filing, such as the fact that Mobily is almost certainly not seeking to become a service provider in the USA, and that ‘ITM’ was not the kind of answer that the FCC was looking for when they asked for the name of somebody they could contact. But otherwise this looks like a genuine attempt to comply with a stupid American diktat, especially as some people who live and work in Saudi Arabia may not speak English as well as the typical US bureaucrat. So why was this innocent-looking entry added to the database, included in the weekly notification of changes circulated the next day, but then deleted before anyone had read that notification? It may have something to do with the following announcement made on October 16, 2023.
FCC SEEKS TO REMOVE COMPANIES FROM KEY DATABASE FOR NON-COMPLIANCE WITH ANTI-ROBOCALL RULES
If Removed from the Robocall Mitigation Database, Companies Can No Longer Hand Off Call Traffic to Other Networks…FCC Leadership:
Chairwoman Jessica Rosenworcel: “Robocalls are a plague on our phones. From auto warranty scams to package delivery scams, consumers are sick and tired of these fraudulent calls. That is why we are taking this action today and won’t stop looking for new ways to get this junk off the line.”…
…What’s New:
Today’s Enforcement Bureau orders demanded that the following 20 non-compliant companies show cause within 14 days as to why the FCC should not remove them from the database for deficient filings:
…Etihad Etisalat (Mobily)
The problem with the FCC grandstanding about how it is protecting the American public ‘from auto warranty scams to package delivery scams’ is that Saudi Arabia’s second largest telco has nothing to do with that problem. Most of the scam calls traced by the US traceback group are originated by US companies with US addresses. The biggest foreign source of the calls they trace is usually Deutsche Telekom. Taking this bogus ‘action’ against Mobily accomplished nothing, except to generate some unjustified praise for the FCC from brain-dead journalists who are too ignorant to appreciate that Mobily is a major telco in Saudi Arabia, and who never think to question any of the really stupid things that the FCC includes in its press releases from time to time.
Some criticism can be directed at Mobily too. Even though the FCC refuses to state expectations for what should be in a robocall mitigation plan, it should have been obvious that their original RMD filing was not in full compliance. As vague as the FCC’s requirements are, no sensible person would believe the FCC wants to see a ‘robocall mitigation plan’ which consists of a completely blank piece of paper except for one horizontal line drawn across it. And to be clear, I am not stating a hypothetical here, because Mobily’s original submission to the FCC attached a supposed robocall mitigation plan which was the PDF scan of a blank piece of paper. And in case you still do not understand, if you clicked the link in the previous sentence, then that really was the actual file attached to Mobily’s original RMD filing. So now you better appreciate why I warn that the RMD is full of crap.
Apologists for incompetent regulators might now argue that the FCC is improving the RMD by rejecting filings like that from Mobily. There are three ways to respond to this.
The first response is to observe that Mobily is trying to be helpful. That they tried to file a second time shows they want to be helpful. Unlike American bureaucrats, I have sympathy for people who do not speak English as a first language, do not have time to waste on idiot American rules that make no sense anyway, but who know they have to attach a PDF file to complete the online form that their boss probably told them to fill out. So if you do not know what to write in a robocall mitigation plan — and the FCC certainly had no clue about what they wanted before they began reverse-engineering their expectations from actual plans that were submitted to them — then it will be tempting to just file your contact details and a minimalist mitigation plan, then wait for the FCC to get in touch.
The importance of the next response should not be understated. If it was crucial to kick Mobily off the RMD in order to protect Americans from scam calls, then maybe the FCC should not have taken 26 months from the date when Mobily made their original filing just to observe that a blank piece of paper is, per the terminology of FCC lawyers, a ‘deficient’ robocall mitigation plan. To reiterate, Saudi Arabia’s second largest mobile operator said their way of stopping robocalls is a blank piece of paper, and the FCC took ‘action’ about this blank piece of paper over two years later. A lightly-trained chimpanzee could have spotted the difference between a blank piece of paper and a genuine robocall mitigation plan in less time than it took the FCC.
And the third point is important too. The RMD is still full of crap, even if they rejected Mobily’s submission. There are many examples of crap in the RMD, but one straightforward example will suffice for now. Mobily is part of the Etisalat Group, and Etisalat has also submitted a filing to the RMD, which presumably is deemed adequate because the database entry remains. The Etisalat filing remains lodged with the RMD, unchanged since it was submitted on June 28, 2021, and their robocall mitigation plan is expressed in just 37 words.
As of now, the suspected numbers are being blocked based on the various alerts configured
Currently looking at the feasibility to test and activate STIR/SHAKEN policy for the calls, wherever possible. It is still under testing.
Everybody can understand why a blank piece of paper is a deficient robocall mitigation plan. But who thinks a 37-word plan is sufficient? Show me the FCC employee who thinks a 37-word document that was written three years ago is enough to determine the adequacy of a telco’s anti-robocall controls and I will show you a lightly-trained chimpanzee who disagrees. So why is one company still listed in the RMD when the other has been rejected? The most plausible explanation is that the FCC has no competent and systematic process for reviewing RMD entries because nobody in the FCC has the courage to articulate the difference between what is an adequate robocall mitigation plan and what is a deficient robocall mitigation plan. This remains the case despite the FCC having three years to learn from all the plans that have been submitted since they first demanded that thousands of companies must file their robocall mitigation plans with the RMD. The FCC cannot reliably distinguish between an adequate plan and an inadequate plan even though it has already begun using its powers to effectively prevent telcos from connecting to US carriers on the grounds that their robocall mitigation plans are not good enough.
I could have tried to contact the FCC about Mobily’s filing, but that would have been a waste of time. They would never have responded to somebody like me, especially as they would need to defend the flaws and absurdities of a consumer protection program that so obviously fails to protect the American public. So I took a different option, and tried to contact some people who had already shown signs of wanting to be helpful. One of the most obvious purposes of the RMD is to collect the contact details of people who will respond to queries about robocalls, which is another reason why useful information should still be recorded even if a robocall mitigation plan is deemed deficient. You cannot look up their phone number because Mobily’s entry is not in the current version of the RMD, but I could look it up from the previous versions of the RMD that we saved, and the first thing I noticed was that the same contact details were given in each submission. I got through to a very helpful Mobily employee, whose name will remain off the record, and he told me that:
- the FCC did not communicate why Mobily’s new RMD submission of June 3 was deleted from the database;
- the blank robocall mitigation plan in the original RMD submission was a blunder caused by software that corrupted a document instead of correctly converting it to a PDF;
- the new submission was meant to reverse the mistake with the robocall mitigation plan; and
- they were under the impression that all telcos globally had to register with the RMD.
This sounds like the narrative of a sincere employee of a telco, speaking in a second language about trying to help a foreign regulator by complying with a rule that is not well understood.
My advice to telcos worldwide is simple: do not voluntarily try to help the FCC. You cannot help them if they lack the competence to articulate what they want. Giving bureaucrats virtual pieces of paper to push around makes them feel important and needed, but it does not mean they satisfy any useful purpose. The FCC may slowly gain some competence over the course of the next five or ten years of failing to clear up all the scumbag telcos that continue to originate illegal calls within the USA. After the US comms regulator has worked out how to regulate US comms companies they may finally elaborate reasonable expectations for what they want from the rest of the world. Until then, the less time you spend trying to please the FCC, the more you can devote to doing something useful instead.



