The comms regulators of Australia and the USA have agreed a memorandum of understanding that promises collaboration on the enforcement of anti-spam rules… or not, if you read the actual wording of the document. The associated press release, which will be dutifully copied by brain-dead journalists, has the leaders of both regulators hailing the benefits of this new agreement whilst using many fine words like ‘international cooperation’, ‘crack down’ and ‘enforcement’. I expect fawning media coverage for the MoU’s signatories, who are Jessica Rosenworcel, Acting Chair of America’s Federal Communications Commission (FCC) (pictured left), and Nerida O’Loughlin, Chair of the Australian Communications and Media Authority (ACMA) (pictured right). However, a close inspection of the deal suggests it will serve little purpose beyond encouraging docile journalists to exaggerate the extent to which organized criminals are pursued in practice.
The US-Australian agreement is so full of caveats and get-out clauses that it was clearly written by lawyers whose main interest was in avoiding any legally enforceable obligations being placed on either the ACMA or the FCC. The absence of any new obligation is also confirmation that no previous legal impediments prevented the ACMA and FCC from doing the things they now promise to do. Here are some excerpts from the MoU that illustrate how vacuous it really is:
This Memorandum does not create rights or legally binding obligations under international or domestic laws.
The Participants recognize that it is not feasible for a Participant to offer assistance to the other Participant for every Covered Violation.
The Requesting Participant may request the reasons for which the Requested Participant declined or limited assistance.
Nothing in this Memorandum is intended to… Create binding obligations, or affect existing obligations, under international or domestic law.
The lawyers were so keen to avoid creating any genuine obligation to cooperate in law enforcement that they literally stated it twice. But putting this niggle aside, what does the agreement suggest the two regulators might actually do in future, which they have not done previously?
…sharing complaints and other relevant information and providing investigative assistance…
…facilitate research and education…
…facilitate mutual exchange of knowledge and expertise through training programs and staff exchanges…
…inform each other of developments in their respective countries…
…participate in periodic teleconferences…
Forgive me if I fail to treat any of these clauses as evidence of a ‘crack down’ on crime. It sounds like far more money will be spent on flying regulators between Australia and the USA than on flying arrested criminals to face justice in either country. The only clause that I take seriously is the following:
…collaborate on initiatives to promote technical and commercially viable solutions to unlawful robocalls and caller ID spoofing
In other words, Australian telcos will be encouraged to buy technology solutions that were designed by Americans, were mandated by the FCC, and which are supplied by US vendors. It is not as if anyone at the FCC is seriously considering whether they might change the anti-spam technology they have just forced US telcos to purchase at a collective cost of half a billion dollars!
The promises now being made by the ACMA and FCC would have been more convincing if either regulator could offer any historic examples of the arrest and punishment of organized robocall criminals based in foreign countries. Nothing will be done following this agreement that could not have been done before it was signed. But that will not stop this deal being treated at a template for a likely string of agreements between the FCC and other regulators in Western countries.
Western countries like the USA and Australia have seen a rise in fraud and spam relating to automated call generation equipment but have lacked the strategic cojones to do much about it. Their approach has accentuated consumer education and the implementation of technologies to identify undesirable calls without any serious attempt to locate and punish the criminals who are ultimately to blame. This means the criminals will go on and on and on. Why would they stop if there is no risk of them ever been punished? They already spent serious money to obtain autodialers and establish call centers. Their approach already depends on finding ways to climb over or work around any obstacles placed in their path. The only way to actually stop the crimes is to put the criminals in prison.
The current US problem with telecoms crime is analogous to the problem that the US faced with bank crime a century ago. It does not matter how much you spend on employing guards or building secure bank vaults if gangsters like John Dillinger can simply try their luck by raiding a branch of a bank, then hop into a fast car, drive over a state line, and so repeatedly evade capture. Those bank robbers kept robbing banks until the national government made the effort to track them and arrest them… or to shoot them. Now there is the same problem with telecoms crime, except the criminals cross international electronic borders, and so have no need for a getaway car.
The moribund thinking of Western regulators contrasts vividly with the aggressive approach adopted by some East Asian law enforcement agencies. For example, China has spent the last five years actively locating and arresting telecoms gangsters both at home and abroad. It is notable that different language groups have taken a fundamentally different approach to tackling crimes that are identical in every respect except for the language being used to trick victims. Perhaps English-speaking regulators would learn more by reading the translation of the strategies adoption by East Asian authorities than from conversations with other English-speaking regulators. The East Asian approach has not ended crime, but it has proven so successful that organized gangs now resort to trafficking native Chinese speakers to scam call centers as far afield as Turkey.
The problem faced by lawyers working for national comms regulators is that their training leaves them singularly unsuited to a world where problems are caused by people who speak the same language, but who live in another country and who have no respect or fear of the law. It would be better if milquetoast regulators stepped aside and passed responsibility for international telecoms crime to national security agencies that know how to go on the offensive. Employing one skilled hacker to find telecoms fraudsters would accomplish more than a hundred staff exchanges between the FCC and the ACMA. Nobody participating in the ACMA-FCC ‘periodic teleconferences’ is going to learn one tenth of what we all learn by watching the YouTube videos of amateur vigilantes who prove themselves capable of pinpointing the location and identity of foreign telecoms fraudsters.
I suspect the real motive for this ACMA-FCC agreement is that the FCC is a highly politicized regulator that is under a lot of pressure to curb robocalling but does not know how to do it. The FCC will make grand claims about international cooperation, as supported by various pieces of paper it will sign with other countries in the Five Eyes security alliance. The downside to this approach is that the scams which hurt US residents need not originate in countries amenable to helping the FCC pursue crimes against Americans. Why would we even think that Australia is more strategically important to protecting Americans from fraud than the dozens of countries that share the same international dialing code as the USA? Is it because none of those Caribbean islands are rich enough to spend the extortionate amounts that the USA has spent on STIR/SHAKEN? If so, how will the FCC square a strategy that will only work for rich countries with the obvious fact that scam call centers are most likely to be located in poor countries? Are they going to provide financial aid to telcos based in other countries within the North American Numbering Plan, or are they afraid to do so after providing no aid to US carriers?
The more I look at the US strategy for scam and fraud prevention, the more I believe the FCC is already engaged in a systematic program to disguise its obvious failings because they lack the ingenuity and acumen to do better. They think that press releases about task forces and international memorandums of understanding will lead the public to forget how often they are called by criminals. That is folly. US telcos have spent half a billion dollars on STIR/SHAKEN, the most expensive ‘technical and commercially viable solution’ that the US has adopted in order to reduce robocalls. That is a very costly approach, especially when the people behind STIR/SHAKEN refuse to call it a solution because they want to present it as one of many tools. That makes the argument for STIR/SHAKEN tantamount to a bait and switch. No rational industry chooses to spend half a billion dollars on a single tool without first acquiring many other cheaper tools.
STIR/SHAKEN becomes mandatory for all the big US telcos at the end of this month. If it was worth half a billion dollars then we should soon see a noticeable impact on the amount of fraud that Americans suffer. If there is no impact then it is time to stop playing politics and to refocus international efforts on capturing and punishing criminals whilst priortizing those consumer protection methods that provide the most protection for the least cost. That is the only rational strategy in a world where a rich Western club cannot enjoy success in preventing international crime without the help of all other countries, both rich and poor.
You can find the full text of the ACMA-FCC memorandum of understanding by looking here.