US Records Worst Month for Robocalls Since Adoption of STIR/SHAKEN

Residents of the USA received 4.48bn robocalls during the month of August per the YouMail Robocall Index, the most reliable measure of US robocall activity. This is the highest monthly total since the STIR/SHAKEN anti-spoofing technology, the centerpiece of the US strategy for robocall prevention, became mandatory for IP networks operated by larger telcos; see the blue line in the graph above. August’s total eclipses the 4.33bn robocalls recorded for June 2022, and even surpasses the 4.44bn robocalls received in June 2021, the month before STIR/SHAKEN became mandatory. You have to go back to March 2021 to find the last time robocalls were this bad.

For many years the US telecoms industry has promised robocalls will be reduced, though always caveated with the phrase ‘there are no silver bullets’. This latter phrase has been used with such regularity that I must question why anyone should think STIR/SHAKEN is a sensible investment if the keenest advocates for the technology keep emphasizing how little will be delivered, and then refuse to explain why it will deliver so little. We can count robocalls. We believe we have automated intelligence that can distinguish good calls from bad calls. Real people distinguish the good and the bad calls they receive, which when aggregated over a large enough population becomes the foundation for a measure like the YouMail Robocall Index. This topic should be susceptible to numerical analysis. It should be possible to set targets, and to compare real-life performance to the targets. The value of a target is that it may later reveal a flaw in the plan so we can do something about fixing the flaw. Reiterating over and over that ‘there are no silver bullets’ is a dodge. It is a euphemism for saying the results to be delivered will not be 100 percent. But the audience assumes it will not be 0 percent either. So we are presented with a false dichotomy between 100 percent success and 0 percent failure in lieu of a proper answer as to the targets that should have been set. Should the number of robocalls have been reduced by 10 percent by now? Or by 40 percent? Or by 70 percent? Nobody knows, because all we keep hearing is that ‘there are no silver bullets’. So nobody can analyze how far the actual results have deviated from the plan, even though they must have deviated because the plan was surely not for robocalls to go up.

We know the US strategy has a problem with setting targets because it has already missed target after target, when those targets are expressed as dates and deadlines. The delivery of STIR/SHAKEN has been late, late, and late again. Now people keep saying it still has not been delivered, or that much more needs to be delivered before we will start to see benefits. This should also be susceptible to numerical analysis. If STIR/SHAKEN is only implemented for 25 percent of calls, then how much difference will be made if it was extend to 50 percent of calls? If the benefit is only an X percent reduction in robocalls when implemented in one country, then what is the additional Y percent delivered by the next country, or the one after that? Nobody has seemingly sat down or done any of this analysis, even though the essence of planning starts with determining whether the anticipated benefits will outweigh the costs.

We do know some figures; there is a cost associated with implementing the technology. That amount will be clear to anyone who pays it, though the US telecoms industry is shy about totaling this cost. The stock response is to assert any amount is worth spending on tackling robocalls because the harm done by robocalls is so great. But that is not true. There is a limit to how much can be spent on solving any problem. Robocalls cost us money too, as measured in the dollars lost by ordinary people, by businesses, and by the government. We can compare the amount lost and divide it by the number of robocalls to get the average loss per a single robocall. We can compare the amount being spent on preventing robocalls and divide it by the number of robocalls prevented to get the average cost of preventing a single robocall. If the cost of preventing a robocall is higher than the amount that would otherwise have been lost then the cure is more expensive than the disease. But we have none of these figures because seemingly nobody thought to weigh up the costs versus the benefits, or to set targets so we can see how actual results compare. We are forced to infer from the loose and vague words that the US industry did not expect to have spent so much by now, only for the total number of robocalls to be higher now than it was a year ago.

The economic analysis mentioned above is not drawn from the realm of science fiction. Robocalls supposedly cost Americans billions of dollars. Over time, the US will cumulatively spend billions of dollars on reducing robocalls. And the US plan hinges on persuading every other country to spend billions of dollars. These are circumstances where it is appropriate to briefly employ an economist to answer the simple question: will the benefits outweigh the costs?

I have written elsewhere about the flaws in the US strategy. Like many flawed strategies involving the use of new technologies, most of the problems are due to an irrational belief that the technology will address issues that no technology could ever address. STIR/SHAKEN has some utility when seeking to distinguish good calls from bad, if only the good calls receive appropriate signatures. The US has failed to properly limit the use of STIR/SHAKEN, and the consequence is that bad calls also receive signatures that imply they are good. Meanwhile, no progress has been made with punishing the people responsible for bad calls, a deep-rooted institutional problem that long predates the development of STIR/SHAKEN. In the absence of a credible strategy to impose more rigorous know-your-customer controls, and the absence of a credible strategy to punish those responsible for bad calls, the implementation of this additional technology loses all coherence.

STIR/SHAKEN is a tool. Like any tool, it can be used well or it can be used poorly. The US telecoms industry has spent half a billion dollars engineering a tool that has been badly misused, and it seems few know why that is. Like a driver who sets out on a journey across the country without possessing a roadmap, there is no way to compare how many miles will be driven to how many might have been driven if the best route had been taken. There is no estimated time of arrival because nobody performed a worthwhile calculation of how long the journey would take. Falling years behind schedule also has a cost and those costs keep rising if you never attempt to understand why the previous deadlines were unrealistic. We can only guess if the driver is generally going in the right direction, not least because the destination is vague, and nobody has identified a route. STIR/SHAKEN is in many respects like an exotic race car. It can be admired as a tremendous feat of engineering. But it is being driven on bumpy, cracked and potholed country roads in the middle of the night by people wearing sunglasses. Fabulous engineering only represents a sound investment if you have the infrastructure and the motivation to utilize its full power.

The most depressing observation is that this fiasco allows me to keep growing my audience by simply reading out the figures from a chart on a regular basis because so few others are publicly admitting the line is not going in the direction it was supposed to go. The formulation of the US strategy has been dominated by a closed loop of government appointees and industry experts whose status depends on getting along with each other. I will not question their sincerity or their skills. But they did not possess the right range of skills, and that means they cannot critique why they fail. Sometimes you need somebody from outside of your circle to point out the skills that the group lacks. The plan is incomplete. It has not been challenged by those who understand economics, or those who understand criminal behavior, or even by those who understand negotiation. So a US strategy that involves spending billions on technology, to tackle devious career criminals, who are almost never punished when caught, supposedly hinges on persuading the rest of the world to follow the same plan.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.