Is the purchase of a little-known SMS registry by a telco headquartered in India a threat to the security of Americans? Is intervention required to ensure there will be no foreign interference in robotexts sent by candidates during the 2024 US presidential election? These are arguments currently being circulated by some US comms professionals in response to the proposed USD100mn acquisition of Kaleyra, a CPaaS provider founded in Italy and listed on the New York Stock Exchange, by international wholesale provider Tata Communications. Kaleyra is the sole owner of a Virginia subsidiary entitled The Campaign Registry (TCR), an entity that describes itself as “the reputation authority for business messaging on 10DLC”, where 10DLC stands for the 10-digit long codes used for A2P messages in the USA. Businesses need to register with TCR in order to send bulk SMS and MMS messages to customers of the biggest mobile networks in the USA. A group of Americans are using social media to call for the US government’s Committee on Foreign Investment in the United States (CFIUS) to block the sale of Kaleyra on the grounds that TCR would then be ultimately owned by Tata Communications, a foreign business, although TCR is already owned by a business founded outside of the USA.
Perhaps the most serious allegation concerning TCR was made by Alan Quayle, a self-described expert in programmable communications and the founder of the annual TADHack hackathon. A LinkedIn post from Quayle included the claim:
…election marketing messages could and have been interfered with.
Quayle has also circulated a copy of an email purportedly sent to editors at The Washington Post by Frederick Joyce, a retired lawyer who previously led the communications practices at legal firms Venable LLP and Alston & Bird LLP. The email includes the following paragraphs.
I’m writing to you because of your coverage of technology, social media, privacy and national security matters for the Washington Post. Attached to this email is an overview I have written about a tech matter that has received surprisingly little coverage in the media. The monopoly entity in the U.S. responsible for protecting all of our 10 digit mobile phone accounts from spam, a little known entity based in Reston, VA called The Campaign Registry… is about to be sold from one foreign entity, Kaleyra, Inc. of Italy, to another foreign entity, Tata Communications of India.
It is my understanding that the federal government’s CFIUS review process is likely to approve this transaction. I find it very hard to believe that no Member of Congress, let alone your average citizen, would be untroubled to know that critical decisions as to whether or not a commercial, political or not for profit text message can be sent to your cellphone will soon be made by a company based in India, just as I was troubled to learn last year that these decisions were subject to owners based in Italy. Moreover, The Campaign Registry is also responsible for deciding whether text messages can be transmitted to highly secured U.S. government cellphones; believe me, I know this to be true from company insiders.
While I have been a telecom/Internet attorney for over 30 years, I had not even heard about The Campaign Registry until last May, when a group associated with its co-founder asked me to assist them in essentially “repatriating” this company, that is, to make a fair offer to acquire The Campaign Registry from its Italian owned parent company, Kaleyra… so that the Registry would be owned by an independent U.S. entity. Since then, I have led a highly qualified group of U.S. telecom experts who had tried unsuccessfully to purchase The Campaign Registry and ensure that it would be operated consistently with U.S. privacy, national security and other applicable laws and policies. The Kaleyra Board, which consists mainly of foreign nationals, rejected our offers, indeed, they treated our offers as “hostile.”
I have to be careful when covering this story because some serious allegations have been made about national security and election interference that relate to obscure aspects of the communications industry. The public is at increasing risk because neither they nor politicians understand who is really responsible for making decisions that determine which calls are connected and which messages are seen. Correctly assessing the risks surrounding the decision-making process at TCR would require a considerable investment of time, and falls well outside of the expertise of any reporter working at The Washington Post. On the other hand, Joyce has made it clear that he sought to use public opinion to motivate government intervention to force the sale of a potentially lucrative monopoly to people that Joyce represents, possibly at a much lower price because of the prohibition of foreign bidders.
Gathering further insights is complicated by Joyce now being reportedly retired and unwilling to discuss this topic; I have reached out to him without success. His retirement must have been recent. Joyce’s email to The Washington Post was dated July 30. His LinkedIn profile states he became the CEO and General Counsel of an entity called Stop Messaging Spam LLC in May 2022, and has not been amended to include an end date. I have so far been unable to confirm any further information about Stop Messaging Spam LLC or who is now running it. Nevertheless, I concluded it was best to write something about the allegations because they also concern the management teams at Kaleyra and Tata Communications as well as TCR. This a relatively novel instance of a social media campaign being used to influence a decision that affects several businesses as well as the public who suffer spam and scam messages. The use of informal social media channels for the purpose of lobbying and awareness-raising adds to the challenge faced by any organization wanting to monitor who is saying what about whom.
Joyce’s email to The Washington Post concludes:
I’m simply asking that you look into this matter. If you are not as surprised as I am that a foreign entity will be allowed to continue monitoring all political and commercial text messages sent to 300 million mobile phones in the US every year, well then fine. But I believe there is a story here that needs to be told to the American public. Time is running short, if this transaction clears CFIUS review there will be very few regulatory hurdles to clear before this transaction can close.
I find Joyce’s xenophobic dog whistle to be the least persuasive element of his argument. Readers of Commsrisk will be aware of how I have charted segments of the US comms industry spreading disinformation in order to manipulate the anti-spam considerations of foreign countries. These efforts are seemingly supported by US federal agencies because they will extend US influence over whose calls will be permitted and whose will be blocked. One of the worst aspects of this is the naked desire to construct new monopolies in foreign countries that would deliver guaranteed profits for whichever US companies obtained the rights to run them. There is also a recurring problem with the US comms industry concentrating power and revenue-generating opportunities in monopolies and oligopolies that the public knows nothing about. That deficiency is not unique to 10DLC messaging. American ownership of these monopolies is no guarantee that they will serve the interests of ordinary Americans.
Joyce’s argument is also undermined by the lack of specificity about who he was representing when he wrote to The Washington Post. Not every American is more trustworthy than every foreigner. The public should know which Americans wish to own TCR as well as the fact that they are Americans. Joyce undermines his appeal for greater transparency by stating that he represents unnamed experts instead of simply naming the people he represents. India is not the closest ally of the USA but it is not an enemy of the USA either. I will not repeat some of Joyce’s sillier insinuations about India colluding with China to undermine US security. His conspiracy theorizing is distasteful and lacks substance. India has a tense diplomatic relationship with China that sometimes results in military confrontations. Joyce was fearmongering when he tried to persuade Washington Post journalists that a messaging registry owned by Tata would then be manipulated by China to undermine the USA’s democracy. This cynical gambit reminds me of the reasons I generally maintain a low opinion of lawyers.
However, the progress made by TCR in protecting the American public from nuisance messages is poor according to several industry insiders who have separately briefed me in recent months. Kaleyra’s record as a business was tarnished earlier this year when they were prosecuted by the Irish comms regulator for allowing thousands of phone numbers to be wrongly signed up and billed for premium rate services. And there are genuine reasons to question the potential conflict of interest where an organization that decides which messages are trustworthy is subordinate to a business that generates revenue from sending messages in bulk.
A recurring pattern of failure in spam management justifies closer public scrutiny of the process that will decide which communications are going to be blocked. For example, a scandal has recently erupted over the apparent conflict of interest surrounding an oligopoly of big US analytics firms that are mislabeling voice calls as spam. It is easy to see many similarities between the dynamic surrounding anti-spam controls for voice and the dynamic surrounding anti-spam controls for SMS. Both suffer from the apparent complacency of the USA’s big three mobile operators, who all seem to be more interested in reducing their employee headcounts than taking hands-on responsibility for reducing nuisance calls and messages. Institutions which are supposed to represent the interests of ordinary Americans should have questioned the desirability of know-your-customer controls and other decisions about the reputations of customers being outsourced when it can be argued that the biggest telcos are best placed to identify rogue elements in the telecoms ecosystem.
So please treat this article as the start of a story, with no conclusions available yet. More articles will be written as I prompt and prod various individuals to tell me more about the way A2P messaging services are overseen in the USA. It is evident that there are problems with the way robotexts are managed in the USA, but I am loathe to make assumptions about who should be trusted to improve results. Central control of who can use comms services could easily lead to censorship. This may not even be intentional; research has already shown that email spam filters introduce significant political bias to the kinds of messages that people receive. The only safe observation I can currently make is that there is a lack of transparency surrounding the process for filtering messages and other communications. Limited external scrutiny increases the risk of businesses shirking their responsibilities or profiting themselves at the expense of the rest of society. Those are already serious dangers as telcos and regulators worldwide adjust to the expectation that many more communications should be blocked. The dangers will grow worse as we place increasing reliance on machines and administrators to weed out bad traffic from good.



