The extent of scam and spam calls in India is so great that well-known caller identification and blocking app Truecaller generates 70 percent of its 100 million dollar annual revenues from the Indian market despite being a publicly listed company in Sweden that has 330 million monthly active users worldwide. The Indian government reportedly lost patience with the country’s spam crisis during May, and they instructed the Telecom Regulatory Authority of India (TRAI) to investigate how to display the name of the originating party on the handset of the person receiving a call, thus reducing the risk that the recipient will be fooled by scammers pretending to work for the recipient’s bank or other institutions. The intention behind the new national scheme is to leverage registration information already collected by telcos whenever a subscriber obtains a new SIM. But will the new regime have a significant impact on the extent of scams, and how much will it affect private sector firms who address the same problem?
Indian press speculation about the new caller identity system recently went into overdrive with several publications quoting TRAI chairman PD Vaghela (pictured) as saying the system would go live within the next few weeks. However, TRAI has not made any official announcement. Those few publications which indicated a source for their story ultimately pointed to the Hindustan Times although I was unable to find any relevant article by that newspaper. An earlier story in The New Indian Express said only that TRAI will soon publish a consultation paper on the subject. The absence of any real details about how such a system might work is evident from journalists repeating phrases like ‘know your customer’ without ever explaining how the system knows about phone users, who will be responsible for maintaining the data, or how the data will be transmitted to telcos for presentation on handsets. Based on the descriptions of how it will work, the likeliest possibility is that the system will emulate the Caller Name Delivery (CNAM) approach used in North America. However, TRAI must be conscious that CNAM has proven not to be a reliable way of protecting US and Canadian consumers from scammers, with the result that both countries have invested heavily in using STIR/SHAKEN to authenticate the A-number associated with each call.
TRAI has also prominently boosted innovation to tackle spam, including the use of blockchain and machine learning. However, this has not always proven as successful as initially hoped. Last year a blockchain-based safe list designed to reduce SMS spam had to be suspended soon after launch because many organizations that send A2P SMS messages had failed to add their data to the blockchain by the widely-publicized deadline. Nevertheless, the extent to which India faces teething troubles with new technology also shows the authorities are willing to learn by taking action and are not just waiting to copy methods developed in other countries. However successful a new national identification system may prove to be in practice, it is evidently a threat to anti-spam services created by the private sector, as demonstrated by the speed with which firms insist it is not a threat. The reporting of the Indian government’s intervention in May prompted Truecaller to urgently issue a lengthy press release in response.
This is one of several similar initiatives from TRAI over the past ten years, and Truecaller welcomes all attempts aimed at helping in the mission to make communications safer and more secure. If the service described was to be developed, the assessment is that its implementation would take many years and require a successful collaboration with all major telecom operators.
Truecaller’s prediction that the new Indian identity system needs ‘many years’ of implementation work will be proven wrong if recent press reports are to be believed. Irrespective of the date on which the new system will go live, the only possible reason to tell shareholders that public sector alternatives are years away is to provide reassurance about the company’s profitability in the meantime.
Pro-business economies like the USA provide fertile territory for firms that aggregate data from many phones in order to identify spammers and scammers. These businesses would like to be one wing of a dual strategy that marries authentication to analytics. However, India is hinting that it is not really necessary to outsource data analysis and processing to for-profit companies, especially in countries where know your customer controls are strictly enforced as part of a national security strategy. If the state already knows the identity of everybody with access to communications services, it follows that they can solve the problem of spammers and scammers faking their identities more readily than any business which does not have access to the information in the state’s possession. Western companies whose business models assume there will always be a void to be filled because of the reluctance of governments to monitor citizens will likely find Western norms will not apply to the security of phone users elsewhere.