US Reg Challenges CEOs to Prevent Caller ID Spoofing

You could call it a hint. A regulator can adopt a new rule which forces telcos to do something by a certain date, or can simply ask when action will be taken. Ajit Pai, Chairman of the Federal Communications Commission (FCC), the US comms regulator, has written to the CEOs of America’s biggest telcos, asking when they expect to implement signed digital certificates that will protect customers by confirming if they are seeing an accurate CLI for the calls they receive. Pai also wants to know what information will be presented to customers to help them tell the difference between good calls and bad calls. The telco CEOs have until November 19th to respond. In other words, either they volunteer to take action soon, or the FCC will start dictating what they need to do.

14 letters were sent by Pai, addressed to the bosses of: AT&T, Bandwidth.com, CenturyLink, Charter, Comcast, Cox, Frontier, Google, Sprint, TDS, T-Mobile, US Cellular, Verizon, and Vonage. The FCC’s goal is to encourage every US telco to adopt the SHAKEN/STIR framework, a protocol that would mean electronic signatures would be created by legitimate telcos, thus indicating if the reported caller ID matches the genuine source.

The need to combat the spoofing of caller IDs has grown significantly, alongside an explosion in the number of robocalls, which are often generated by fraudsters. A robocall index maintained by anti-robocall software firm YouMail estimates that Americans now receive a total of 5 billion robocalls every month; at the beginning of 2018 the figure was still less than 3 billion per month.

On the same day the FCC wrote separate letters to voice providers who do not assist the Industry Traceback Group run by trade association USTelecom. This group facilitates the exchange of information between telcos in order to identify the source of illegal calls. The letters were sent to IP Link Telecom, R Squared Telecom, Talkie Communications, Thinq, TouchTone Communications and XCast Labs, and were signed by both FCC CTO Eric Burger and FCC Enforcement Bureau Chief Rosemary Harold. Recipients were given until November 20th to respond. The reason for further industry cooperation was explained by Burger:

We hope all carriers and interconnected VoIP providers will join these traceback efforts and implement tools to speed the traceback process, such as deploying a robust call authentication framework. In my experience, strong enforcement is the best tool against bad actors, and improved traceback is a critical tool for finding scammers.

Eric Burger spoke at last month’s RAG Kansas conference (pictured above) about the need for the private sector to engage with consumer protection issues. I share his belief that telcos and their suppliers are best placed to devise ingenious, creative and efficient solutions to seemingly intractable problems. This means telcos must have the freedom to explore which methods are most effective in practice, and they should be given some latitude to learn from trial and error. However, this also means telcos must strive to come up with answers, no matter how challenging the issue.

We should be frank when the telecoms sector lets people down. When telcos criticize regulators for imposing sub-optimal consumer protection regulations this often follows a period when the industry showed no leadership and little willingness to address genuine customer concerns. Like naughty children, we get upset at being told how to behave, but have not considered how our actions – or our indifference – can result in harm to others. The surge in robocalls and caller ID spoofing means they must be given the highest priority, and the onus is on the telecoms industry to deliver results that will reduce the pain and nuisance caused to customers. There are leaders in US telcos who are working hard to reduce the plague of robocalls and the scams which come with them. It was my pleasure to meet some of those people at RAG Kansas. These leaders are setting a good example, and others should now follow willingly, because they may not like the inevitable alternative.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.