The concept of institutional racism is receiving more attention as societies recognize there may be systematic differences in how people are treated even when nobody is guilty of conscious discrimination. With this in mind, I listened to the SIP Forum’s SIPNOC 2020 webinars on the deployment of STIR/SHAKEN, the US-driven protocols for preventing the spoofing of caller IDs, and found myself increasingly concerned about the danger of unintentional but systematic discrimination in how these protocols will affect phone users in real life. To be clear, I am not accusing anyone in the SIP Forum or any participants in their webinars of being racist. However, I think there is a point when it becomes necessary to question if all the potential downsides to a technology that will systematically influence the blocking of calls have been identified by a group of people who are almost uniformly white North Americans.
To provide some context, we should be clear what is meant by institutional racism. The UK’s landmark inquiry into the murder of Stephen Lawrence, an 18 year old black man killed by a vicious group of thugs in an unprovoked attack, found that London’s Metropolitan Police was institutionally racist, and provided the following definition of the term:
The collective failure of an organization to provide an appropriate and professional service to people because of their colour, culture, or ethnic origin. It can be seen or detected in processes, attitudes and behaviour that amount to discrimination through prejudice, ignorance, thoughtlessness, and racist stereotyping which disadvantage minority ethnic people.
The issue of discrimination in technology has come to the fore with researchers arguing that big data and artificial intelligence can also deliver results that are detrimental to minorities. Recently a respected computer scientist described Google as institutionally racist following claims she was dismissed after writing a paper about bias in systems. Disproportionately blocking phone calls to or from people of a particular race or origin would also fit the definition of institutional racism. Ignorance and thoughtlessness could be the primary causes of this discrimination. It follows that there is a risk of racism if STIR/SHAKEN can be implemented in a fashion that leads to more blocking of legitimate phone calls involving ethnic minorities than of calls involving white Americans. But how might this occur?
The chief clue that this could happen in practice occurred during a SIPNOC 2020 webinar dedicated to the adoption of STIR/SHAKEN in Canada. The Canadian Radio-television and Telecommunications Commission (CRTC), Canada’s comms regulator, is currently alone in following the lead of the USA by making STIR/SHAKEN mandatory for Canadian telcos. Theirs is a special case because North America has an unusual dial plan that applies to both countries. Alain Garneau, a compliance and enforcement director at the CRTC, was asked by an unnamed viewer of his webinar whether most spam robocalls are recorded in English or French. It seemed to me that Garneau did not know the answer, though he plausibly bluffed that English would be the most common language because many more Canadians speak English than French. What matters in this instance is that the answer to questions like these can be unknown to important participants in the telecoms ecosystem even as we acknowledge that spam and fraudulent calls can be made in any language, and hence target different sections of society.
As recently reported in Commsrisk, researchers from North Carolina State University used the largest ever robocall honeypot to receive 1.48mn spam calls during 2019 and 2020. Their methods automatically identified and counted repeated instances of the same scams without needing to understand the language of the scammer’s recording. They felt it important to be agnostic about language to avoid introducing bias into their work. As a consequence, one of their key findings was that:
Finding 24: We uncovered two large scale robocalling campaigns that selectively target the Mandarin speaking Chinese population in North America.
There is also plenty of anecdotal evidence about other robocall scams targeting language minorities in North America and elsewhere. Minorities may be especially vulnerable to scams propagated in their native language because societal barriers may mean they have poorer access to reliable information, especially with respect to their legal and tax obligations. If the Canadian regulator wants to protect Canadians from scams, and encourage Canadian telcos to block calls, then it should understand who is being targeted. According to the 2016 census, 21 percent of Canadians speak a first language that is neither English nor French. To put that into perspective, that is greater than the proportion that said French is their first language. Chinese languages are widely spoken in Canada, and over half a million Canadians speak Mandarin as their first language. Canada exhibits a lot of language diversity, and Mandarin’s rapid rise is seen in statistics about which language is spoken in the resident’s home.
Anyone paying attention to telecoms fraud on a global level will not be surprised that many scam calls are perpetrated in Chinese languages. The Chinese government began cracking down on telecoms imposter fraud in 2016 and has since pursued an active policy of extraditing scammers from other countries. It follows that a criminal who is capable of calling the Chinese mainland from Malaysia or Indonesia is also capable of calling victims in the USA.
These kinds of fraud have an international aspect. Even if a national regulator succeeds in stopping all spoofing within their country, they will not have stopped the spoofing of calls that originate overseas, and which are destined for consumers in its country. However, the US policy is utterly confused when it comes to international robocalls. Nobody seemingly knows if the objective is only to block and eradicate spoofed calls that both originate and terminate in North America, or whether it is also to reduce the number of spoofed calls received by Americans that originated elsewhere. This uncertainty was a recurring theme of the SIPNOC 2020 webinars.
A certain air of ambivalence overtook proceedings whenever the international aspect to robocall fraud was discussed in the SIPNOC 2020 webinars. Participants who had quoted chapter-and-verse from dreary regulatory reports suddenly discovered the merits of being vague in their choice of words. The mood was to ‘wait and see’ what would happen in the international realm, mixed with some weak assurances that the industry and/or regulator ‘will get around’ to dealing with international traffic once all the technical problems with deploying STIR/SHAKEN had been resolved. This is how people behave when they have other priorities and so refuse to focus on giving a proper answer to a proper question. But the US needs to deliver some proper answers to genuine questions about international compliance to its robocall rules. That begins by clarifying what the goals really are.
Is the objective of current US policy to stop the origination of spoofed calls in the USA? Then it should not matter whether international carriers will implement STIR/SHAKEN. There are already obvious reasons to be suspicious about any call that presents a North American originating number but which comes into North America via an international gateway. You do not need foreign telcos to attach digital signatures to calls to identify and act upon that kind of disparity. So why are US authorities and businesses also suggesting that foreign telcos should choose to adopt STIR/SHAKEN and make it interoperable with the systems implemented in North America? Foreign regulators could mandate the use of the same technology to stop the origination and termination of fraudulent calls within their country, but that would not require the signature be validated by a US authority. Passing signatures from a foreign telco to a US oversight body only makes sense if there is an expectation that the US will also police calls with originating numbers that belong to foreign dial plans.
No vendor is going to discourage a telco from buying an expensive technology already developed for a different market. No national regulator is going to discourage another national regulator from following its example. But vaguely wanting others to copy your approach is not the same as making a rational and persuasive argument for why they should spend millions of dollars on doing so. Telcos in Bolivia, Bahrain and Brunei are not going to buy expensive technology to add digital signatures to voice calls just because US politicians want to claim their decisive action has reduced robocalls.
The international aspect of the North American robocall strategy falls between two stools. It goes beyond what is strictly required to stop spoofing that wholly occurs within North America. This may be because of a rational fear that any reduction in domestic robocalls will be offset by an increase in robocalls that originate elsewhere. But the US strategy is far too weak to be taken seriously as a global plan of action. That is why speakers in the SIPNOC 2020 webinars preferred to ruminate on the possibly of only a few international providers, such as BT and France Telecom, choosing to adopt STIR/SHAKEN. Had they been asked if they expect China Mobile or MTN Group to adopt STIR/SHAKEN then any ‘wait and see’ musings would have been discounted immediately.
There are other reasons why a predominantly white professional community might prefer to talk to BT and France Telecom about STIR/SHAKEN. The international roll-out plan for STIR/SHAKEN, as far as it exists, seems to be aligned to the comfort and connections of North American professionals. They may know people in BT and France Telecom. They probably have fewer connections in other countries. This leads to a kind of bias that is obvious within our profession: white people in white countries favor other white people in other white countries. Some white people pretend not to notice, but should be ashamed of themselves. As I noted above, a Chinese immigrant may also be targeted by criminals, and China’s government has gone to great effort to arrest and punish Chinese-speaking scammers. If the priority was to protect ethnic Asians living in North America then it would make no sense to suggest STIR/SHAKEN should first be adopted in Britain and France.
One thing that was notable about the SIPNOC 2020 panel for international service providers is that it had so few international service providers on it, apart from Sheba Chako, Chief Regulatory Counsel of BT Americas. She said that ‘one of’ BT’s entities will register with the US anti-robocall database, implying that the other BT entities will not. But what was most telling in Chako’s contribution was that she suggested BT’s British subscribers should be given a privileged status per the three-tier attestation levels baked into STIR/SHAKEN. These attestation levels show the extent to which a user’s originating number has been confirmed or not. A-attestation means the signature for the specific originating number is confirmed, B-attestation means the caller is trusted but the specific number has not been confirmed (as could occur in an enterprise with its own PBX), and C-attestation means the telco that provided the call is known but nothing else. If BT does not adopt STIR/SHAKEN then no calls from BT customers to US numbers could receive anything more than a C-attestation. However, Chako suggested that BT knows its customers, and so deserves better treatment than that.
Without wanting to argue about the strengths and weaknesses of BT’s business, there are obvious problems with a US-centric scheme deciding if some international telcos have customers which can be trusted more than others. What happens when Americans are told by their handsets that calls from their British relatives are more reliable than calls from their relatives in Somalia? The potential racial angle should now be obvious. This would be compounded if the level of attestation influences the chances of a call being blocked.
The most dangerous aspect of the US strategy is the vague intimation that attestation levels will influence algorithms that decide which calls are blocked. As noted above, there are already serious researchers who argue artificial intelligence can lead to decisions that are unfair to minorities. If attestation levels change the probability of a call being blocked, and attestation is linked to the ability of a foreign telco to comply with US requirements, or the perceived closeness of that country to the USA, then genuine callers are more likely to be blocked in some countries than others. Nobody who supports the US strategy is talking plainly about who will be blocked and why. Partly this is because they want to get more data before they make a decision. But it would be morally wrong to pressure foreign countries and telcos to make expensive investments in STIR/SHAKEN by hinting they may otherwise find their calls are blocked.
Chris Oatway, Associate General Counsel at Verizon, mentioned during his SIPNOC 2020 webinar that the US strategy for robocalls “didn’t make news internationally”. He is right. Whilst North Americans have done a good job of talking to each other about robocalls, they hardly seem to have asked for input from anyone working on a different continent. The result is an impoverished, skeletal understanding of the role of foreign telcos in supporting North American ambitions.
The output of the Federal Communications Commission (FCC) shows plenty of concern about legitimate North American callers being blocked, and what can be done to prevent that from happening or to provide redress when it does happen. I can find no similar interest in protecting the rights of overseas callers, and hence the rights of North American residents who need to communicate with relatives, friends and business connections in other countries. What I find instead is vendors arguing for the merits of adopting STIR/SHAKEN with such ominous phrases as “there’s a greater risk that authentic business calls from carriers that have not implemented STIR/SHAKEN will be blocked”. If that statement is false then it is wrong for a vendor to use scare tactics to promote sales of this technology. If that is true then it sends a worrying signal that North Americans expect to block a greater number of legitimate calls that originate overseas.
The US has a bad history for securing the electronic communications rights of minorities. 12 years ago I wrote for Commsrisk about the shocking abuse of immigrants in the USA by telecoms firms that mis-sold prepaid international calling cards. The Hispanic Institute, a nonprofit advocacy group for Latin American immigrants in the USA, commissioned independent test call experts who proved that the vast majority of calling cards were cheating customers by giving them fewer minutes than were advertised. The effective call duration of many of these cards was less than half of what was promised. The FCC should have been responsible for protecting these consumers too, but waited for others to defend the interests of immigrants. Now I worry about political imperatives leading to a similarly complacent attitude to minorities adversely impacted by STIR/SHAKEN and the blocking of legitimate calls.
The success of the US robocall strategy should not just be measured for the ‘average’ American. The interests of immigrants and ethnic minorities should be given special consideration in any plan that affects international voice traffic. But I fear the dangers of institutional racism will continue to be ignored until more people question the lack of diversity within the professional circles responsible for formulating and implementing these plans.