Our team has been extracting and analyzing data from the US Robocall Mitigation Database (RMD) to see if its actual contents are consistent with the claims made publicly about it. Based on what we have seen so far, I doubt that many of the individuals who sing its praises have any familiarity with the actual database; they are just repeating what they heard from somebody else. I will write more about that topic after our analysis is complete, but an interesting early finding illustrates why the RMD cannot accomplish the ambitious goals set for it.
There was an obvious flaw when the Federal Communications Commission (FCC) first ordered telcos to submit their robocall mitigation plans to the new database by June 30, 2021. If a regulator creates a rule that says thousands of telcos must submit a document by a deadline, but that rule does not specify what should be written in the document, then the regulator will inevitably receive lots of documents that are useless crap. The telco can cogently argue they complied with the rule as stated. But more importantly, the telco’s regulatory affairs team does not need to make that argument because neither they, nor anyone at the FCC, is inclined to sweat the small stuff. Despite all the brouhaha made about robocalls, the contents of actual robocall mitigation plans demonstrated that practical methods used to protect consumers from unwanted calls is very small stuff from the perspective of the highly-paid lawyers who run the FCC, or from the perspective of the regulatory affairs people who work for telcos. This makes sense; professionals who argue about rules and compliance tend to be negotiators and wordsmiths by nature, not practical people who want hands-on responsibility for bothersome tasks that they prefer to delegate to others. This most obvious flaw with the RMD has been essentially ignored by the FCC until recently, because their initial instruction also suffered a second flaw. Some of our recent data analysis concerns the way the FCC has addressed this second flaw.
If you were reading closely, then you saw the part where thousands of telcos needed to submit a document to the RMD by a specific deadline. So the second flaw with the FCC’s order was that there were no follow-on deadlines for updates to any of the document that were submitted. Telcos are not statues. They change over time. And you would hope their efforts to stop spam and scam calls will change, because we should want them to improve. But with no deadline for updates, it was inevitable that even good submissions to the RMD would become progressively less accurate. This would not have concerned the FCC when they first instructed telcos to submit to the RMD. The FCC did not know what telcos should be doing anyway. They wanted to trawl through thousands of documents just to discover the best examples of methods that protect the public, not because they really intended to do anything about the worst submissions. But with no deadline for updates stated in the initial instruction, and because the public had been told that the worst telcos faced a genuine threat of enforcement action, then it was inevitable that the FCC would have to issue a second order telling every telco to submit an update. That new order was issued on January 25 and it set February 26 as the deadline for updates. So submissions which complied with the first order could be 32 months out of date before amendments became mandatory. On the plus side, the FCC has learned a little by reading through the better submissions to the RMD, and hence its latest order is a bit more prescriptive about the factual information to be provided in each filing to the RMD.
Now we come to the third, unfixable flaw with the US Robocall Mitigation Database, and with the FCC’s approach to robocall mitigation more generally. These orders apply to both American telcos and to telcos based elsewhere, if they send traffic to the USA. But telcos based elsewhere are not subject to US law, no matter how much the highest-paid lawyers like to pretend their will can be enforced everywhere. Telcos based outside of the USA may not pay attention to orders issued by the FCC; regulatory affairs professionals tend to focus on demands from regulators in their own country, with little time for the hundreds of regulators found elsewhere. The differing degrees of interest in FCC stipulations is corroborated by a simple examination of who has been updating their RMD entries recently. We looked at RMD filings between February 15 and the February 26 deadline to see how many telcos have been updating their submissions. This is what we learned when we split the data based on whether the submission is from a US telco or a telco in another country.
| Total | US | Non-US | |
|---|---|---|---|
| RMD entries at Feb 15 | 8,994 | 7,337 (81.6%) | 1,657 (18.4%) |
| RMD entries updated between Feb 15 and Feb 26 | 1,436 | 1,385 (96.4%) | 51 (3.6%) |
The inference is clear. Whilst a considerable number of US telcos rushed to comply with February 26 deadline in the new order, foreign telcos are far less likely to have respected it. This cannot be explained away by guessing foreign telcos all amended their RMD entries by February 15. The new order caught us by surprise, so we did not obtain a new cut of the RMD database until February 15, but our team had retained a cut from October 23, 2023. The number of non-US telcos who amended their entries between October 23 and February 15 was just 46. Per our analysis, fewer than 100 of the telcos that are based outside of the USA and which were listed in the RMD at October 23 updated their RMD entries by February 26.
The American public is being fed a lie about the extent to which the FCC can impose its will on telcos that sit outside of US jurisdiction. In theory, the FCC can cut off foreign telcos by prohibiting US networks from taking their traffic. This ‘nuclear’ option sounds like a serious threat until you remember that even madmen like Vladimir Putin will make threats they do not intend to carry out. The USA is never going to cut off larger foreign telcos that serve millions of ordinary people because of the international row that would immediately ensue. Those big foreign mobile operators that have been ‘cut off’ per the inane misinformation fed to the US press evidently had no connection to US networks anyway, because none of them have reported problems with connecting calls to US numbers. These operators were probably overzealous when they made an RMD submission because they will actually rely on intermediaries to carry any traffic that terminates in the USA.
The inability to cut off big foreign telcos helps to explain why the FCC’s own transparency reports show that Deutsche Telekom did not help US authorities to trace an unusually large number of bad calls but nobody is threatening to disconnect their business from US networks. To do so would cause a very major diplomatic incident, not least because Deutsche Telekom owns one of the biggest mobile operators in the USA. If big foreign telcos are not going to be cut off for refusing to assist the tracing of robocalls then is absurd to think that the same punishment would be applied for failing to update RMD entries to reflect changes in fact.
The importance of this observation is clouded by a few unimportant stories involving the disconnection of foreign telcos that you and I have never heard of. The FCC can cut off trivial little firms because nobody cares about them. But the problem with blocking a trivial little foreign firm is that it does not address the real problem. Criminals set up companies that seem legitimate so they can hide behind them. If such a company can no longer terminate bad calls in the USA then the criminals who run them will just set up another company instead. They can set up new companies far more rapidly than the FCC will ever be able to cut them off. So whilst the FCC repeatedly wields the threat of disconnecting foreign telcos, the threat is empty when applied to the biggest telcos, and irrelevant to the legions of small firms owned by crooks.
For the FCC’s approach to succeed, the regulator would need the option to punish big foreign telcos without cutting them off. This could be used to cajole middlemen into refusing to carry traffic that originated with a bad actor somewhere else. However, the FCC will not impose fines on large foreign intermediary carriers because that also lies outside of their jurisdiction. Or if the US government tried to give its regulator jurisdiction over foreign telcos, they would risk retaliation from foreign governments who may impose new fines on American businesses only because they want the money, not because those firms did anything wrong.
To make matters worse, the FCC has already demonstrated how difficult it is to set minimum standards for tackling bad telecoms traffic that would stand up to scrutiny in a court of law. It has taken them almost three years just to progress from setting no expectations about the content to be included in an RMD submission, to setting very loose and vague expectations about the basic controls that should be described. When expectations are so vague, regulators may still talk about enforcement, whilst knowing they lack the legal foundations needed to take purposeful action. Regulators like the FCC use tools like the RMD to talk a lot about enforcement because they hope businesses will voluntarily choose to do the right thing, instead of testing the limits of the regulator’s power.
