Re: FCC proposes $10 Million fine for spoofed robocalls

[Brian J. Murrell]

On Sat, 2020-01-04 at 16:32 +0200, Max Tulyev wrote:
> 
> Also, we implemented immediate answer and voice menu option, it says 
> "Welcome, press ... to reach ...!" and circles. So me (as the telco 
> operator) receive the money for call termination, and real customer
> do 
> not get a spam call. Looks like captcha in the Internet!

Ha!  As discussed earlier in this thread, I have implemented the same
thing.  But I am just a single end-user, not a telco.  It's so
incredibly effective that I have wondered often if any telcos had
actually implemented such a thing for their customers, even as an
option, or even a paid service.

I have also wondered though how ineffective it might become with wide
deployment effectively upping the ante in the arms race.  The captcha
would have to get more difficult.  "Enter the result of 1+3 to
reach...".  I wonder how many real people that would trip up though
with "WTF?".  Lots would probably try to press 1 and then 3, etc.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: FCC proposes $10 Million fine for spoofed robocalls

[Max Tulyev]

Not only international call costs money (yes, it is extremely cheap SIP 
nowdays), but the time of call center operators costs money as well, And 
it is really not so cheap for the end customer (i.e. spammer), even in 
India.


20.12.19 19:56, Mark Milhollan пише:

On Thu, 19 Dec 2019, Keith Medcalf wrote:

You should ALWAYS talk to the call center behind the robocaller.  The 
robocaller (the one playing the message) is relatively local and the 
cost of that call is minimal.  When you select to talk to the 
robocaller, that generates an international handoff to a call center 
in India.


Generally the call center phone number is also "local" even if the warm 
body is in some other country as that usually occurs via SIP.



/mark

Re: FCC proposes $10 Million fine for spoofed robocalls

[Max Tulyev]

I do that every time ;)

As the owner of telco, I even get small money for this call termination.

Also, we implemented immediate answer and voice menu option, it says 
"Welcome, press ... to reach ...!" and circles. So me (as the telco 
operator) receive the money for call termination, and real customer do 
not get a spam call. Looks like captcha in the Internet!


20.12.19 02:09, Keith Medcalf пише:


This, of course, will do no good.  These so called "Robocalls" are exactly 
that.  They generate a random number to call and play the silly canned message.  If you 
press whatever the code is to talk to the idiots, they then hand off the call to a call 
center.

You should ALWAYS talk to the call center behind the robocaller.  The 
robocaller (the one playing the message) is relatively local and the cost of 
that call is minimal.  When you select to talk to the robocaller, that 
generates an international handoff to a call center in India.  This costs more 
money (it costs THEM more money).  The longer you can keep the bastards talking 
on the phone, the MORE it costs them.  It can also be quite entertaining and 
you can keep them on the line for HOURS with enough practice.

If you do this EVERY SINGLE TIME then in rather short order your telephone number will be fed back 
to the company doing the "robocalling" as a "bad target" and you will get no 
more robocalls (since there are only two or three companies in the whole world who run the front 
end for a whole shitload of scammers).

Conversely if you do not answer or hang up on the robo-message, you will be classified as 
an "excellent target" and you will get MORE calls.

RE: FCC proposes $10 Million fine for spoofed robocalls

[Peter Beckman]

On Fri, 20 Dec 2019, Keith Medcalf wrote:


On Friday, 20 December, 2019 10:57, Mark Milhollan wrote:

On Thu, 19 Dec 2019, Keith Medcalf wrote:



You should ALWAYS talk to the call center behind the robocaller.  The
robocaller (the one playing the message) is relatively local and the
cost of that call is minimal.  When you select to talk to the
robocaller, that generates an international handoff to a call center
in India.



Generally the call center phone number is also "local" even if the warm
body is in some other country as that usually occurs via SIP.


Be that as it may, every minute you keep the call center person on the
line is a minute they are not busily scamming someone else.
Furthermore, while it is merely anecdotal, I can indeed report that
since instituting a policy of ALWAYS answering robocalls and ALWAYS
keeping them talking as long as possible, the number of such calls has
decreased markedly, from several per day to now only one every couple of
weeks / month.

Because there *is* a cost associated with robo-scams, they must keep
score in order to maximize return for the resources consumed (unlike
e-mail spam scams which have effectively no need to prune the potential
target list) you simply have to make the "cost" of dialing your
telephone more expensive that the other couple billion potential
targets.  Its like being in a group being chased by a bear.  You needn't
run faster than the bear, merely faster than the slowest in the group.


This assumes my time is worth less than nothing, which is not the case, and
that my time will make a material negative impact on these operations,
which it will not.

I do not believe that all people receiving these calls will spend the time
to screw with them at a high enough rate to make it cost-ineffective for
the scams to continue, unfortunately due to the high enough rate of success
that keeps them in business.

---
Peter Beckman  Internet Guy
beck...@angryox.com http://www.angryox.com/
---

Re: FCC proposes $10 Million fine for spoofed robocalls

[bzs]

On December 20, 2019 at 08:00 na...@ics-il.net (Mike Hammett) wrote:
 > I can't imagine many telcos are making a lot of money from voice anymore.

They may not be making a huge amount anymore which may be why they're
now allowing (i.e., not fighting/lobbying) these folks to be thrown
under the bus before someone shines a light on them.

 > 
 > 
 > -
 > Mike Hammett
 > Intelligent Computing Solutions
 > http://www.ics-il.com
 > 
 > Midwest-IX
 > http://www.midwest-ix.com
 > 
 > ━━━
 > From: b...@theworld.com
 > To: "nanog" 
 > Sent: Thursday, December 19, 2019 5:11:17 PM
 > Subject: RE: FCC proposes $10 Million fine for spoofed robocalls
 > 
 > 
 > They should be fining the telcos, they're making a lot of money on
 > these calls.
 > 
 > And if you believe otherwise (e.g., that it's like email spam) you've
 > been duped by telco PR.
 > 
 > Unlike spam when was the last time a telco failed to bill you for a
 > billable phone call? Never.
 > 
 > They know exactly who is using their system. And they get paid for
 > it. And these junk callers are making millions of calls per hour when
 > they're active.
 > 
 > The entire telco infrastructure has been described as a billing system
 > with some added voice features.
 > 
 > Try devising a box which makes millions of voice calls per hour and
 > see how long it takes before you're stopped dead until you agree to
 > pay the telcos for those calls, or get arrested.
 > 
 > --
 > -Barry Shein
 > 
 > Software Tool & Die| b...@theworld.com | 
 > http://www.TheWorld.com
 > Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
 > The World: Since 1989  | A Public Information Utility | *oo*
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: FCC proposes $10 Million fine for spoofed robocalls

[Paul Timmins]

On 12/20/19 9:00 AM, Mike Hammett wrote:

I can't imagine many telcos are making a lot of money from voice anymore.


We are. Not as much as the olden days, but we are. And a lot of 
companies charge surcharges to customers who have tons of short duration 
calls. Do the math on why, and who they're targeting for a little extra 
income.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/20/19 11:46 AM, Christopher Morrow wrote:

On Fri, Dec 20, 2019 at 1:40 PM Michael Thomas  wrote:


SHAKEN is trying to solve e.164 problem which inherently hard and
subject to a lot of cases where it fails. Their problem statement is
worth the read if you're interested.

I'll have to go read, I didn't pay attention much to stir/etc after
the first meeting when it was made very clear that they really didn't
want opionions from outside their group (at that time) or
thoughts/ideas that came from outside the bell-shaped-head space. is
fine, I had many other problems to solve.



I know most of the people who worked on this, and it definitely seems 
like it got wrapped around a bell shaped axle. But P-ASSERTED-IDENTITY 
was always about telco stuff, not internet stuff, so it's unsurprising 
that trying to get a workable version of P-ASSERTED-IDENTITY wouldn't be 
receptive to solutions for other problems.




And since we've been told that 5G is a magic elixir that will wash our
clothes and dress our dogs, our new phones can just be SIP UA's instead
of going through the PSTN nonsense at all.


the think is.. SIP doesnt' matter here.. not really.
or I don't care about the carriage, as long as I can say: 'the think
I'm talking at on the 'far end' is whom they say they are...
verified... no one else can pretend to be that thing/person/etc"

To know *exactly* who's at the other end of the line is an extremely 
hard problem. But if are willing to relax that a bit and say that I can 
know for certain the *domain* that sent it, we definitely know how to do 
that, and happens billions of times an hour. For example, I can be 
pretty sure that morrowc.li...@gmail.com is probably the whoever owns 
that account since google is very strict about smtp auth, and i know 
that gmail.com sent the message. And obviously with a domain identifier, 
you can be held accountable by blacklist services, etc.


But my main point is that with 5G there's really no reason to keep the 
legacy PSTN stuff there. Why do I want to be beholden to legacy telco 
stuff when everything can do voip these days? E.164 needs to sail into 
the west.


Mike

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

On Friday, 20 December, 2019 10:57, Mark Milhollan wrote:

>On Thu, 19 Dec 2019, Keith Medcalf wrote:

>>You should ALWAYS talk to the call center behind the robocaller.  The
>>robocaller (the one playing the message) is relatively local and the
>>cost of that call is minimal.  When you select to talk to the
>>robocaller, that generates an international handoff to a call center
>>in India.

>Generally the call center phone number is also "local" even if the warm
>body is in some other country as that usually occurs via SIP.

Be that as it may, every minute you keep the call center person on the
line is a minute they are not busily scamming someone else.
Furthermore, while it is merely anecdotal, I can indeed report that
since instituting a policy of ALWAYS answering robocalls and ALWAYS
keeping them talking as long as possible, the number of such calls has
decreased markedly, from several per day to now only one every couple of
weeks / month.

Because there *is* a cost associated with robo-scams, they must keep
score in order to maximize return for the resources consumed (unlike
e-mail spam scams which have effectively no need to prune the potential
target list) you simply have to make the "cost" of dialing your
telephone more expensive that the other couple billion potential
targets.  Its like being in a group being chased by a bear.  You needn't
run faster than the bear, merely faster than the slowest in the group.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven
says a lot about anticipated traffic volume.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Christopher Morrow]

On Fri, Dec 20, 2019 at 1:40 PM Michael Thomas  wrote:
>
>
> On 12/19/19 9:14 PM, Christopher Morrow wrote:
> >> Plus if it didn't work well/too cumbersome/etc with email, it probably
> >> won't be any better with voice. We have lots of experience with what
> >> doesn't work for email.
> > I sort of figured that the shaken/stir model that ( i happened to
> > propose in their first meeting) of:
> >"get the originator (handset, ebony phone, call-warehouse) to
> > digitally sign the call initiation, propagate that through the network
> > to the receiver (so they could associate the
> > md5/sha256/cert-signature/etc with an identity, and let the receivers
> > decide: 'Not in my known callers list, no answer'"
> >
> > was a great plan... that the folk in the room basically didn't
> > understand (or even want me to voice, actually)... It's a shame that
> > something like this wasn't created instead of shaken/stir. You could
> > check the signature at any of the hops, start failing calls earlier as
> > rates of completion didn't stay at some standard level. All sorts of
> > options would be available, and really the callers could be identified
> > (at least by endpoint) more quickly.
> >
> > oh well. glad we got shaken / stir though? :)
>
>
> SHAKEN is trying to solve e.164 problem which inherently hard and
> subject to a lot of cases where it fails. Their problem statement is
> worth the read if you're interested.

I'll have to go read, I didn't pay attention much to stir/etc after
the first meeting when it was made very clear that they really didn't
want opionions from outside their group (at that time) or
thoughts/ideas that came from outside the bell-shaped-head space. is
fine, I had many other problems to solve.

> But the reality is that it's a pretty SIP-y world these days, and the
> proper identity for SIP is the From: address, not the e.164 address.
> Since From: addresses contain domain names, you can tie identity to the
> domain itself, instead of trying to make sense of telephone number
> delegations. It would be trivial to attach a signature to the SIP
> INVITE's -- we've been doing that for 15 years with email, and then you
> at least know that the INVITE came from the domain it purports to be
> from. It works even for PSTN last legs because the PSTN headend can
> place the From: address in the caller id. Armed with that knowledge, you
> can filter to your heart's content.
>

this is sort of what I was imagining, except that the caller's handset
(or copper receiver at the end of my ebony phone (in the CO)) could
stamp my call with the correct signature for 'me'.

Ideally 'number' or 'person face' or 'video dancing hamster' makes no
difference here.
Oh my handset I see a picture of your smiling face (or randys or even
seans...) and I (if I agree that's whom I'm talking to) I click the
'verified' button and now only that sent 'certificate' can pretend to
be the person I'm talking to.

Setup some call screening system at the telco, people that last can
get 'verified' by the reciever.. bob's yer auntie and robo callers go
away.

> And since we've been told that 5G is a magic elixir that will wash our
> clothes and dress our dogs, our new phones can just be SIP UA's instead
> of going through the PSTN nonsense at all.
>

the think is.. SIP doesnt' matter here.. not really.
or I don't care about the carriage, as long as I can say: 'the think
I'm talking at on the 'far end' is whom they say they are...
verified... no one else can pretend to be that thing/person/etc"

> STIR/SHAKEN seems like a solution to a problem whose time is way overdue
> to be retired.

maybe.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/19/19 9:14 PM, Christopher Morrow wrote:

Plus if it didn't work well/too cumbersome/etc with email, it probably
won't be any better with voice. We have lots of experience with what
doesn't work for email.

I sort of figured that the shaken/stir model that ( i happened to
propose in their first meeting) of:
   "get the originator (handset, ebony phone, call-warehouse) to
digitally sign the call initiation, propagate that through the network
to the receiver (so they could associate the
md5/sha256/cert-signature/etc with an identity, and let the receivers
decide: 'Not in my known callers list, no answer'"

was a great plan... that the folk in the room basically didn't
understand (or even want me to voice, actually)... It's a shame that
something like this wasn't created instead of shaken/stir. You could
check the signature at any of the hops, start failing calls earlier as
rates of completion didn't stay at some standard level. All sorts of
options would be available, and really the callers could be identified
(at least by endpoint) more quickly.

oh well. glad we got shaken / stir though? :)



SHAKEN is trying to solve e.164 problem which inherently hard and 
subject to a lot of cases where it fails. Their problem statement is 
worth the read if you're interested.


But the reality is that it's a pretty SIP-y world these days, and the 
proper identity for SIP is the From: address, not the e.164 address. 
Since From: addresses contain domain names, you can tie identity to the 
domain itself, instead of trying to make sense of telephone number 
delegations. It would be trivial to attach a signature to the SIP 
INVITE's -- we've been doing that for 15 years with email, and then you 
at least know that the INVITE came from the domain it purports to be 
from. It works even for PSTN last legs because the PSTN headend can 
place the From: address in the caller id. Armed with that knowledge, you 
can filter to your heart's content.


And since we've been told that 5G is a magic elixir that will wash our 
clothes and dress our dogs, our new phones can just be SIP UA's instead 
of going through the PSTN nonsense at all.


STIR/SHAKEN seems like a solution to a problem whose time is way overdue 
to be retired.


Mike

RE: FCC proposes $10 Million fine for spoofed robocalls

[Mark Milhollan]

On Thu, 19 Dec 2019, Keith Medcalf wrote:

You should ALWAYS talk to the call center behind the robocaller.  The 
robocaller (the one playing the message) is relatively local and the 
cost of that call is minimal.  When you select to talk to the 
robocaller, that generates an international handoff to a call center 
in India.


Generally the call center phone number is also "local" even if the warm 
body is in some other country as that usually occurs via SIP.



/mark

Re: FCC proposes $10 Million fine for spoofed robocalls

[Dan Hollis]

On Fri, 20 Dec 2019, Mike Hammett wrote:

So send them all to Lenny?


I wish there was a phone app to do this.

-Dan

Re: FCC proposes $10 Million fine for spoofed robocalls

[Dan Hollis]

On Thu, 19 Dec 2019, Paul Timmins wrote:

The people handling these calls know exactly who their customers are,


yep


and they'd remove them in hours if a legal mandate came down to provide
passthrough penalties for providing service to these people.


the only penalties that would motivate them is prison terms.

financial penalties will be ignored.

-Dan

Re: FCC proposes $10 Million fine for spoofed robocalls

[Mike Hammett]

So send them all to Lenny? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Keith Medcalf"  
To: "North American Network Operators' Group"  
Sent: Thursday, December 19, 2019 6:09:32 PM 
Subject: RE: FCC proposes $10 Million fine for spoofed robocalls 


This, of course, will do no good. These so called "Robocalls" are exactly that. 
They generate a random number to call and play the silly canned message. If you 
press whatever the code is to talk to the idiots, they then hand off the call 
to a call center. 

You should ALWAYS talk to the call center behind the robocaller. The robocaller 
(the one playing the message) is relatively local and the cost of that call is 
minimal. When you select to talk to the robocaller, that generates an 
international handoff to a call center in India. This costs more money (it 
costs THEM more money). The longer you can keep the bastards talking on the 
phone, the MORE it costs them. It can also be quite entertaining and you can 
keep them on the line for HOURS with enough practice. 

If you do this EVERY SINGLE TIME then in rather short order your telephone 
number will be fed back to the company doing the "robocalling" as a "bad 
target" and you will get no more robocalls (since there are only two or three 
companies in the whole world who run the front end for a whole shitload of 
scammers). 

Conversely if you do not answer or hang up on the robo-message, you will be 
classified as an "excellent target" and you will get MORE calls. 

-- 
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume. 

>-Original Message- 
>From: NANOG  On Behalf Of Chad Dailey 
>Sent: Thursday, 19 December, 2019 16:38 
>To: nanog@nanog.org 
>Subject: Re: FCC proposes $10 Million fine for spoofed robocalls 
> 
>Perhaps list the phone number of your representatives or your state 
>attorney general's office in your domain contact info. 
> 
> 
>On Thu, Dec 19, 2019 at 5:28 PM <mailto:b...@theworld.com> > wrote: 
> 
> 
> 
> If you want to end robocalls then every time you get one call your 
> local congress person's or senator's main phone number and say "I 
>just 
> got another robocall (perhaps characterizing it like 'for auto 
> warranties' or 'for IRS fraud')". 
> 
> Everyone. Every time. 
> 
> -- 
> -Barry Shein 
> 
> Software Tool & Die | b...@theworld.com | 
>http://www.TheWorld.com 
> Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD 
> The World: Since 1989 | A Public Information Utility | *oo* 
> 

Re: FCC proposes $10 Million fine for spoofed robocalls

[Mike Hammett]

I can't imagine many telcos are making a lot of money from voice anymore. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: b...@theworld.com 
To: "nanog"  
Sent: Thursday, December 19, 2019 5:11:17 PM 
Subject: RE: FCC proposes $10 Million fine for spoofed robocalls 


They should be fining the telcos, they're making a lot of money on 
these calls. 

And if you believe otherwise (e.g., that it's like email spam) you've 
been duped by telco PR. 

Unlike spam when was the last time a telco failed to bill you for a 
billable phone call? Never. 

They know exactly who is using their system. And they get paid for 
it. And these junk callers are making millions of calls per hour when 
they're active. 

The entire telco infrastructure has been described as a billing system 
with some added voice features. 

Try devising a box which makes millions of voice calls per hour and 
see how long it takes before you're stopped dead until you agree to 
pay the telcos for those calls, or get arrested. 

-- 
-Barry Shein 

Software Tool & Die | b...@theworld.com | http://www.TheWorld.com 
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD 
The World: Since 1989 | A Public Information Utility | *oo* 

Re: FCC proposes $10 Million fine for spoofed robocalls

[Valdis Klētnieks]

On Fri, 20 Dec 2019 00:14:33 -0800, Large Hadron Collider said:
> Is it legally a spoofed robo-call if I robo-call someone who has
> consented to be robo-called, with the caller-ID of a number that is
> affiliated with me but not with the telco I'm calling from?

Every 8 weeks, the vampires at the American Red Cross call me to schedule
another blood donation, and I'm sure that the number on my caller-ID isn't the
actual phone number attached to the specific seat at the call center.

And I'm pretty sure that until I answer the call, there's no really good way to
distinguish between a robo-call with a recorded message and a robo-dialed
call with an actual carbon-based lifeform at the call center on the call...

(If I'm wrong on that one, feel free to enlighten me.. :)



pgpgLCWaxCcdR.pgp
Description: PGP signature

Re: FCC proposes $10 Million fine for spoofed robocalls

[Jared Mauch]

There's a lot fewer cell companies than email providers. This may work to the 
advantage of consumers. 

Sent from my iCar

> On Dec 19, 2019, at 3:57 PM, Michael Thomas  wrote:
> 
> Plus if it didn't work well/too cumbersome/etc with email, it probably won't 
> be any better with voice. We have lots of experience with what doesn't work 
> for email.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Large Hadron Collider]

Is it legally a spoofed robo-call if I robo-call someone who has
consented to be robo-called, with the caller-ID of a number that is
affiliated with me but not with the telco I'm calling from?

On 19-12-19 09 h 09, Andreas Ott wrote:

On Thu, Dec 19, 2019 at 11:16:08AM -0500, Christopher Morrow wrote:

How is it envisioned that this will work?

My prediction for 2020: it still won't work, like in 2019 and the years
before that. A call originated, transported and delivered equals revenue
for all involved parties, so it is in their best interest not to block
them, unless the fines are really magnitude(s) higher than the revenue.


I mean, I'm all for less spam calling... and ideally there would be
some form of 'source address verification' on the PSTN/phone
network... but in today's world that really just doesn't exist and the
motivations to suppress fake sources are 'just as good' as they are on
the intertubes. (with crappier options in the gear - SHAKEN/STIR are
really not even available in the majority of the switch 'gear' right?)

When I tried to pay my AT uverse VOIP "landline" bill this morning they
offered me a free "CallProtect App" but when I click on more info it's
in fact only a link to open their "control call forwarding and blocking"
part of the home phone features web site.  All their suggested controls
are enabled, still I am receiving only unwanted calls on this line.

In the call and voicemail history list for my number I have at least these
examples for you to laugh at. Hint: look at the numbers. and I have also
been told that there is no equivalent of uRPF in the phone world.

NameNumber  WhenLength  Actions
Suspected Spam  888-194-124211-30-19, 10:56 AM  0:00Add to Address 
Book

FromNumber  WhenSize
NAME NOT FOUND  408-145-134108-12-19, 09:14 AM  29 Kb
NAME NOT FOUND  213-141-516305-17-19, 10:22 AM  353 Kb


-andreas

Re: FCC proposes $10 Million fine for spoofed robocalls

[Christopher Morrow]

> Plus if it didn't work well/too cumbersome/etc with email, it probably
> won't be any better with voice. We have lots of experience with what
> doesn't work for email.

I sort of figured that the shaken/stir model that ( i happened to
propose in their first meeting) of:
  "get the originator (handset, ebony phone, call-warehouse) to
digitally sign the call initiation, propagate that through the network
to the receiver (so they could associate the
md5/sha256/cert-signature/etc with an identity, and let the receivers
decide: 'Not in my known callers list, no answer'"

was a great plan... that the folk in the room basically didn't
understand (or even want me to voice, actually)... It's a shame that
something like this wasn't created instead of shaken/stir. You could
check the signature at any of the hops, start failing calls earlier as
rates of completion didn't stay at some standard level. All sorts of
options would be available, and really the callers could be identified
(at least by endpoint) more quickly.

oh well. glad we got shaken / stir though? :)

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/19/19 6:52 PM, Keith Medcalf wrote:

On Thursday, 19 December, 2019 19:07, Valdis Kletnieks 
wrote:


On Thu, 19 Dec 2019 16:02:42 -0700, "Keith Medcalf" said:

That stupid people do stupid things has no bearing on me.  If there

is

a legal requirement for these people to be "notifying" then they are
required to notify.
I do not want to receive robocalls period.  End of Line.  No

Exception.

Ever.  For any reason.

So... what do you recommend if it's a legally mandated robocall that
says "shelter in place - active shooter" or "tornado alert"?

Then they can pay for the phone line to be used for that purpose.  I
will rent them the space necessary to house the phone and its
accoutrements, but I will not guantee that I will ever answer it.  That
will cost my usual rate of $750.00 per hour, with a four hour minimum,
paid in advance.  If whomever did the "legally mandating" failed to
account for the cost of their "mandating" that is not my problem.

If I am paying for the phone line then I get to choose what calls I will
accept.



Surrender Dorthy.

Pathetic.

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

On Thursday, 19 December, 2019 19:07, Valdis Kletnieks 
wrote:

>On Thu, 19 Dec 2019 16:02:42 -0700, "Keith Medcalf" said:

>> That stupid people do stupid things has no bearing on me.  If there
is
>> a legal requirement for these people to be "notifying" then they are
>> required to notify.

>> I do not want to receive robocalls period.  End of Line.  No
Exception.
>> Ever.  For any reason.

> So... what do you recommend if it's a legally mandated robocall that
> says "shelter in place - active shooter" or "tornado alert"?

Then they can pay for the phone line to be used for that purpose.  I
will rent them the space necessary to house the phone and its
accoutrements, but I will not guantee that I will ever answer it.  That
will cost my usual rate of $750.00 per hour, with a four hour minimum,
paid in advance.  If whomever did the "legally mandating" failed to
account for the cost of their "mandating" that is not my problem.

If I am paying for the phone line then I get to choose what calls I will
accept.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven
says a lot about anticipated traffic volume.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Valdis Klētnieks]

On Thu, 19 Dec 2019 16:02:42 -0700, "Keith Medcalf" said:

> That stupid people do stupid things has no bearing on me.  If there is a
> legal requirement for these people to be "notifying" then they are required to
> notify.

> I do not want to receive robocalls period.  End of Line.  No Exception.
> Ever.  For any reason.

So... what do you recommend if it's a legally mandated robocall that
says "shelter in place - active shooter" or "tornado alert"?




pgpyacpY95WDK.pgp
Description: PGP signature

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

This, of course, will do no good.  These so called "Robocalls" are exactly 
that.  They generate a random number to call and play the silly canned message. 
 If you press whatever the code is to talk to the idiots, they then hand off 
the call to a call center.

You should ALWAYS talk to the call center behind the robocaller.  The 
robocaller (the one playing the message) is relatively local and the cost of 
that call is minimal.  When you select to talk to the robocaller, that 
generates an international handoff to a call center in India.  This costs more 
money (it costs THEM more money).  The longer you can keep the bastards talking 
on the phone, the MORE it costs them.  It can also be quite entertaining and 
you can keep them on the line for HOURS with enough practice.

If you do this EVERY SINGLE TIME then in rather short order your telephone 
number will be fed back to the company doing the "robocalling" as a "bad 
target" and you will get no more robocalls (since there are only two or three 
companies in the whole world who run the front end for a whole shitload of 
scammers).

Conversely if you do not answer or hang up on the robo-message, you will be 
classified as an "excellent target" and you will get MORE calls.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

>-Original Message-
>From: NANOG  On Behalf Of Chad Dailey
>Sent: Thursday, 19 December, 2019 16:38
>To: nanog@nanog.org
>Subject: Re: FCC proposes $10 Million fine for spoofed robocalls
>
>Perhaps list the phone number of your representatives or your state
>attorney general's office in your domain contact info.
>
>
>On Thu, Dec 19, 2019 at 5:28 PM <mailto:b...@theworld.com> > wrote:
>
>
>
>   If you want to end robocalls then every time you get one call your
>   local congress person's or senator's main phone number and say "I
>just
>   got another robocall (perhaps characterizing it like 'for auto
>   warranties' or 'for IRS fraud')".
>
>   Everyone. Every time.
>
>   --
>   -Barry Shein
>
>   Software Tool & Die| b...@theworld.com |
>http://www.TheWorld.com
>   Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
>   The World: Since 1989  | A Public Information Utility | *oo*
>

Re: FCC proposes $10 Million fine for spoofed robocalls

[Chad Dailey]

Perhaps list the phone number of your representatives or your state
attorney general's office in your domain contact info.

On Thu, Dec 19, 2019 at 5:28 PM  wrote:

>
> If you want to end robocalls then every time you get one call your
> local congress person's or senator's main phone number and say "I just
> got another robocall (perhaps characterizing it like 'for auto
> warranties' or 'for IRS fraud')".
>
> Everyone. Every time.
>
> --
> -Barry Shein
>
> Software Tool & Die| b...@theworld.com |
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*
>

RE: FCC proposes $10 Million fine for spoofed robocalls

[bzs]

If you want to end robocalls then every time you get one call your
local congress person's or senator's main phone number and say "I just
got another robocall (perhaps characterizing it like 'for auto
warranties' or 'for IRS fraud')".

Everyone. Every time.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: FCC proposes $10 Million fine for spoofed robocalls

[Jeff Shultz]

On Thu, Dec 19, 2019 at 3:15 PM  wrote:
>
>
> They should be fining the telcos, they're making a lot of money on
> these calls.
>
> And if you believe otherwise (e.g., that it's like email spam) you've
> been duped by telco PR.
>
> Unlike spam when was the last time a telco failed to bill you for a
> billable phone call? Never.
>
> They know exactly who is using their system. And they get paid for
> it. And these junk callers are making millions of calls per hour when
> they're active.
>
> The entire telco infrastructure has been described as a billing system
> with some added voice features.
>
> Try devising a box which makes millions of voice calls per hour and
> see how long it takes before you're stopped dead until you agree to
> pay the telcos for those calls, or get arrested.
>
> --
> -Barry Shein
>
> Software Tool & Die| b...@theworld.com | 
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*

The sending telco may, but the receiving Teclco? Not necessarily - and
it's annoying to us too. A lot of this should seemingly be fixable at
the tandem.

-- 
Jeff Shultz

-- 
Like us on Social Media for News, Promotions, and other information!!

   
      
      
      














_ This message 
contains confidential information and is intended only for the individual 
named. If you are not the named addressee you should not disseminate, 
distribute or copy this e-mail. Please notify the sender immediately by 
e-mail if you have received this e-mail by mistake and delete this e-mail 
from your system. E-mail transmission cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender therefore does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. _

Re: FCC proposes $10 Million fine for spoofed robocalls

[Paul Timmins]

On 12/19/19 6:11 PM, b...@theworld.com wrote:

They should be fining the telcos, they're making a lot of money on
these calls.

And if you believe otherwise (e.g., that it's like email spam) you've
been duped by telco PR.

Unlike spam when was the last time a telco failed to bill you for a
billable phone call? Never.

They know exactly who is using their system. And they get paid for
it. And these junk callers are making millions of calls per hour when
they're active.


I work for a phone company in a senior role, and have for years. I've 
also been saying this for years. These are all half solutions. The 
people handling these calls know exactly who their customers are, and 
they'd remove them in hours if a legal mandate came down to provide 
passthrough penalties for providing service to these people. Legitimate 
callcenters don't send out tons of traffic with random source numbers 
that typically match the same first 6 digits as their caller.


It'd take the large and small companies alike maybe a day to run 
database queries to identify and shut down the callers doing this. But 
there's money to be made in prolonging the issue - they get to charge 
the caller for making the calls, and the customers to block them.


(for what it's worth, the problem ones aren't on my network. I checked.)

-Paul

RE: FCC proposes $10 Million fine for spoofed robocalls

[bzs]

They should be fining the telcos, they're making a lot of money on
these calls.

And if you believe otherwise (e.g., that it's like email spam) you've
been duped by telco PR.

Unlike spam when was the last time a telco failed to bill you for a
billable phone call? Never.

They know exactly who is using their system. And they get paid for
it. And these junk callers are making millions of calls per hour when
they're active.

The entire telco infrastructure has been described as a billing system
with some added voice features.

Try devising a box which makes millions of voice calls per hour and
see how long it takes before you're stopped dead until you agree to
pay the telcos for those calls, or get arrested.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

As long as that tactical air strike uses MIRV nuclear warheads so none of the 
little f*ckers get away ...

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

>-Original Message-
>From: NANOG  On Behalf Of
>Jeff Shultz
>Sent: Thursday, 19 December, 2019 14:59
>To: North American Network Operators' Group 
>Subject: Re: FCC proposes $10 Million fine for spoofed robocalls
>
>On Thu, Dec 19, 2019 at 1:46 PM Rich Kulawiec  wrote:
>>
>> [ Re-sent with proper headers.  My apologies for the typo'd previous
>version. ]
>>
>> On Thu, Dec 19, 2019 at 11:34:48AM -0800, William Herrin wrote:
>> > I don't want to start an arms race with the spam callers, I want to
>> > end it. That means: jump directly to something they can't easily
>> > defeat.
>>
>> It is at this point that I am reminded of the wisdom of former FTC
>> Commissioner Orson Swindle, who was testifying before Congress on
>> the subject of spam when he said "We need a couple of good hangings
>here."
>> It was true in 2003 (which is I believe when he said it) and it's still
>> true now.  Fines, whatever they are, will be evaded and bargained down,
>> companies will be dissolved and reconstituted, money will be laundered,
>> and the problem will persist.
>>
>> ---rsk
>>
>
>I've occasionally thought that a tactical air strike on a couple of
>call centers might just convince the others of the errors of their
>ways.
>
>--
>Jeff Shultz
>
>--
>Like us on Social Media for News, Promotions, and other information!!
>
>
><https://www.facebook.com/SCTCWEB/>
><https://www.instagram.com/sctc_503/>
><https://www.yelp.com/biz/sctc-stayton-3>
><https://www.youtube.com/c/sctcvideos>
>
>
>
>
>
>
>
>
>
>
>
>
>
>_ This message
>contains confidential information and is intended only for the individual
>named. If you are not the named addressee you should not disseminate,
>distribute or copy this e-mail. Please notify the sender immediately by
>e-mail if you have received this e-mail by mistake and delete this e-mail
>from your system. E-mail transmission cannot be guaranteed to be secure
>or
>error-free as information could be intercepted, corrupted, lost,
>destroyed,
>arrive late or incomplete, or contain viruses. The sender therefore does
>not accept liability for any errors or omissions in the contents of this
>message, which arise as a result of e-mail transmission. _

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

On Thursday, 19 December, 2019 14:02, Michael Homas wrote:

>There are robocalls that you want to get. Here in california, our
>wonderful electric company sends out robocalls when they are going to
>cut our electricity so they don't get blamed for burning down cities
>(and then still manage to anyway). I'm not sure if our earthquake alerts
>can robocall or not, but that would certainly be another one that you'd
>want to get. There are plenty more examples.

That stupid people do stupid things has no bearing on me.  If there is a legal 
requirement for these people to be "notifying" then they are required to 
notify.  That they chose an assinine and ineffective method of notification 
does not relieve them of their legal obligations.

I do not want to receive robocalls period.  End of Line.  No Exception.  Ever.  
For any reason.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/19/19 2:56 PM, Keith Medcalf wrote:

On Thursday, 19 December, 2019 13:57, Michael Thomas wrote:


Plus if it didn't work well/too cumbersome/etc with email, it probably
won't be any better with voice. We have lots of experience with what
doesn't work for email.

I really do not care.  It is my e-mail server.  It is my telephone.  I am 
paying for them.  If you wish to communicate with me you *will* comply with my 
rules.  Otherwise you can go stuff yourself.  I really do not care one way or 
the other -- except of course that if you go stuff yourself then I do not have 
to be bothered with you.



I have no issue whatsoever with you shooting yourself in the foot. Heck 
shoot both of them, bullets are cheap.


Mike

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

On Thursday, 19 December, 2019 13:57, Michael Thomas wrote:

>Plus if it didn't work well/too cumbersome/etc with email, it probably
>won't be any better with voice. We have lots of experience with what
>doesn't work for email.

I really do not care.  It is my e-mail server.  It is my telephone.  I am 
paying for them.  If you wish to communicate with me you *will* comply with my 
rules.  Otherwise you can go stuff yourself.  I really do not care one way or 
the other -- except of course that if you go stuff yourself then I do not have 
to be bothered with you.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Valdis Klētnieks]

On Thu, 19 Dec 2019 13:59:00 -0800, Jeff Shultz said:

> I've occasionally thought that a tactical air strike on a couple of
> call centers might just convince the others of the errors of their
> ways.

Having a US-owned A10 strafe a Philippines-based call center is probably a bad
idea diplomatically.  However, we're in an administration that doesn't avoid
ideas simply because they're objectively bad, so I'm not going to predict it
won't happen



pgpdPBgN_GOd7.pgp
Description: PGP signature

Re: FCC proposes $10 Million fine for spoofed robocalls

[Jeff Shultz]

On Thu, Dec 19, 2019 at 1:46 PM Rich Kulawiec  wrote:
>
> [ Re-sent with proper headers.  My apologies for the typo'd previous version. 
> ]
>
> On Thu, Dec 19, 2019 at 11:34:48AM -0800, William Herrin wrote:
> > I don't want to start an arms race with the spam callers, I want to
> > end it. That means: jump directly to something they can't easily
> > defeat.
>
> It is at this point that I am reminded of the wisdom of former FTC
> Commissioner Orson Swindle, who was testifying before Congress on
> the subject of spam when he said "We need a couple of good hangings here."
> It was true in 2003 (which is I believe when he said it) and it's still
> true now.  Fines, whatever they are, will be evaded and bargained down,
> companies will be dissolved and reconstituted, money will be laundered,
> and the problem will persist.
>
> ---rsk
>

I've occasionally thought that a tactical air strike on a couple of
call centers might just convince the others of the errors of their
ways.

-- 
Jeff Shultz

-- 
Like us on Social Media for News, Promotions, and other information!!

   
      
      
      














_ This message 
contains confidential information and is intended only for the individual 
named. If you are not the named addressee you should not disseminate, 
distribute or copy this e-mail. Please notify the sender immediately by 
e-mail if you have received this e-mail by mistake and delete this e-mail 
from your system. E-mail transmission cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender therefore does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. _

Re: FCC proposes $10 Million fine for spoofed robocalls

[Rich Kulawiec]

[ Re-sent with proper headers.  My apologies for the typo'd previous version. ]

On Thu, Dec 19, 2019 at 11:34:48AM -0800, William Herrin wrote:
> I don't want to start an arms race with the spam callers, I want to
> end it. That means: jump directly to something they can't easily
> defeat.

It is at this point that I am reminded of the wisdom of former FTC
Commissioner Orson Swindle, who was testifying before Congress on
the subject of spam when he said "We need a couple of good hangings here."
It was true in 2003 (which is I believe when he said it) and it's still
true now.  Fines, whatever they are, will be evaded and bargained down,
companies will be dissolved and reconstituted, money will be laundered,
and the problem will persist.

---rsk

RE: FCC proposes $10 Million fine for spoofed robocalls

[Kevin Burke]

There are laws against many of these SPAM calls today.  I suppose the agencies 
that are responsible for prosecuting these could answer some of their SPAM 
calls to see who was calling.  Same thing with SPAM faxes, we didn't get a 
technical fix, just used the law against anyone who tried.  Fax SPAM isn't 
fixed but its not being abused.

Technical fixes might will no doubt be part of the problem.  But enforcement 
will also address this.  

But yes I see everyone's lack of apathy for this problem as only accelerating 
the death of the PSTN.

Kevin Burke
802-540-0979
Burlington Telecom
200 Church St, Burlington, VT

-Original Message-
From: NANOG  On Behalf Of Troy Martin
Sent: Thursday, December 19, 2019 1:54 PM
To: Keith Medcalf ; nanog@nanog.org
Subject: RE: FCC proposes $10 Million fine for spoofed robocalls

WARNING!! This message originated from an External Source. Please use proper 
judgment and caution when opening attachments, clicking links, or responding to 
this email.

On top of that, there's also the issue of many telcos deciding that, no, you 
can't just shove whatever you want on the wire, it needs to be a DID and name 
registered on your trunk... unless you pay us an extra fee per month and say 
you'll be good, then you can spoof to your heart's content.

As far as actual enforcement of all this goes, this morning spam and robocall 
blocking legislation came into force in Canada. Coincidentally, this morning so 
far I've received six robocalls from the same "your social insurance number has 
been hacked and you are breaking the law by not paying us to fix it" scam, two 
of which were before the sun came up. Prior to today I usually got one a day on 
average.

At least one of the big three carriers has said they're going to be rolling out 
network-side call blocking "in the coming weeks" but I'm expecting my cell to 
continue to be a source of annoyance for the foreseeable future.

--
Troy Martin | tmar...@charter.ca

> -Original Message-
> From: NANOG  On Behalf Of Keith Medcalf
> Sent: December 19, 2019 9:43 AM
> To: Brandon Martin ; nanog@nanog.org
> Subject: RE: FCC proposes $10 Million fine for spoofed robocalls
>
>
> "CallerID" is a misnomer.  It is actually the "Advertized ID".  
> However, the telco's realized you would not pay to receive advertizing 
> so they renamed it to something they thought you would pay for.
>
> Pretty canny business model eh?  And apparently y'all fell for it, 
> thinking it was related to the Identification of the Caller, rather 
> than being what the caller wished to advertize.
>
> --
> The fact that there's a Highway to Hell but only a Stairway to Heaven 
> says a lot about anticipated traffic volume.

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/19/19 1:09 PM, Rich Kulawiec wrote:

Bcc:
Subject:
Reply-To:
In-Reply-To: 


On Thu, Dec 19, 2019 at 11:34:48AM -0800, William Herrin wrote:

I don't want to start an arms race with the spam callers, I want to
end it. That means: jump directly to something they can't easily
defeat.

It is at this point that I am reminded of the wisdom of former FTC
Commissioner Orson Swindle, who was testifying before Congress on
the subject of spam when he said "We need a couple of good hangings here."
It was true in 2003 (which is I believe when he said it) and it's still
true now.  Fines, whatever they are, will be evaded and bargained down,
companies will be dissolved and reconstituted, money will be laundered,
and the problem will persist.


The problem in 2003 is that we didn't have any way to get to "beyond a 
reasonable doubt". That persists with P-ASSERTED-IDENTITY and what is 
happening is exactly what I said to all of them would happen back in the 
day.


Mike

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/19/19 11:27 AM, Brian J. Murrell wrote:

On Thu, 2019-12-19 at 11:02 -0800, William Herrin wrote:

I call your phone number.
Your phone company compares my number against your whitelist. Ring
through on match.
If no match, "You have reached Name. Press 2 to leave a message.
Press
3 to enter your code. Press 0 or stay on the line for an operator."
Ring through on a valid code.
If 0, the call connects to a call center where a live operator
evaluates the call. Who am I? Why am I calling? Do I meet the
plain-English criteria you've established for calls to allow through?
If no, the operator offers to connect me to your voicemail. If yes,
the operator dials you, explains who's calling and asks your
permission to connect the call.

It really doesn't (currently at least -- until robocallers start using
voice recognition to defeat my system) need to be this complicated or
over-engineered.  A simple audio captcha works wonders.

Hello.  If you are a telemarketer, press 1.  If you want to speak to
somebody at this number, press 5.

Anyone pressing 1 gets their caller-id added to my blacklist and is
asked to add our number to their do not call list.  In reality all
telemarketers use robocallers so they don't even get that far.

Anyone pressing 5 rings through (with additional processing described
below).

There are robocalls that you want to get. Here in california, our 
wonderful electric company sends out robocalls when they are going to 
cut our electricity so they don't get blamed for burning down cities 
(and then still manage to anyway). I'm not sure if our earthquake alerts 
can robocall or not, but that would certainly be another one that you'd 
want to get. There are plenty more examples.


Mike

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/19/19 11:34 AM, William Herrin wrote:

On Thu, Dec 19, 2019 at 11:27 AM Brian J. Murrell  wrote:

On Thu, 2019-12-19 at 11:02 -0800, William Herrin wrote:

I call your phone number.
Your phone company compares my number against your whitelist. Ring
through on match.
If no match, "You have reached Name. Press 2 to leave a message.
Press
3 to enter your code. Press 0 or stay on the line for an operator."
Ring through on a valid code.
If 0, the call connects to a call center where a live operator
evaluates the call. Who am I? Why am I calling? Do I meet the
plain-English criteria you've established for calls to allow through?
If no, the operator offers to connect me to your voicemail. If yes,
the operator dials you, explains who's calling and asks your
permission to connect the call.

It really doesn't (currently at least -- until robocallers start using
voice recognition to defeat my system) need to be this complicated or
over-engineered.  A simple audio captcha works wonders.

Hello.  If you are a telemarketer, press 1.  If you want to speak to
somebody at this number, press 5.

Anyone pressing 1 gets their caller-id added to my blacklist and is
asked to add our number to their do not call list.  In reality all
telemarketers use robocallers so they don't even get that far.

Hi Brian,

I don't want to start an arms race with the spam callers, I want to
end it. That means: jump directly to something they can't easily
defeat.


Plus if it didn't work well/too cumbersome/etc with email, it probably 
won't be any better with voice. We have lots of experience with what 
doesn't work for email.


Mike

Re: FCC proposes $10 Million fine for spoofed robocalls

[Michael Thomas]

On 12/19/19 8:16 AM, Christopher Morrow wrote:

How is it envisioned that this will work?
I mean, I'm all for less spam calling... and ideally there would be
some form of 'source address verification' on the PSTN/phone
network... but in today's world that really just doesn't exist and the
motivations to suppress fake sources are 'just as good' as they are on
the intertubes. (with crappier options in the gear - SHAKEN/STIR are
really not even available in the majority of the switch 'gear' right?)

It's my opinion that STIR/SHAKEN is trying to solve the wrong problem. 
Telephone numbers are oh-so last millennia. I don't care about telephone 
numbers any more than I care about ip addresses. What I care about is 
the From: address, be it email, sip or anything else that uses an 
email-like address. Unlike the e.164 quagmire, domains can vouch that 
they actually sent a message ala DKIM (in fact, when i was developing 
DKIM, i for shits and giggles, DKIM-signed SIP messages too). If a 
message comes from gmail (and verifies), I have a pretty good belief 
that it really is that user since I know they don't allow their users to 
spoof other email accounts. Same can be done with SIP. That is the road 
forward here, not an ugly complex bandaid on an outdated form of identity.


Mike

RE: FCC proposes $10 Million fine for spoofed robocalls

[Troy Martin]

On top of that, there's also the issue of many telcos deciding that, no, you
can't just shove whatever you want on the wire, it needs to be a DID and name
registered on your trunk... unless you pay us an extra fee per month and say
you'll be good, then you can spoof to your heart's content.

As far as actual enforcement of all this goes, this morning spam and robocall
blocking legislation came into force in Canada. Coincidentally, this morning
so far I've received six robocalls from the same "your social insurance number
has been hacked and you are breaking the law by not paying us to fix it" scam,
two of which were before the sun came up. Prior to today I usually got one a
day on average.

At least one of the big three carriers has said they're going to be rolling
out network-side call blocking "in the coming weeks" but I'm expecting my cell
to continue to be a source of annoyance for the foreseeable future.

--
Troy Martin | tmar...@charter.ca

> -Original Message-
> From: NANOG  On Behalf Of Keith Medcalf
> Sent: December 19, 2019 9:43 AM
> To: Brandon Martin ; nanog@nanog.org
> Subject: RE: FCC proposes $10 Million fine for spoofed robocalls
> 
> 
> "CallerID" is a misnomer.  It is actually the "Advertized ID".  However,
> the telco's realized you would not pay to receive advertizing so they
> renamed it to something they thought you would pay for.
> 
> Pretty canny business model eh?  And apparently y'all fell for it,
> thinking it was related to the Identification of the Caller, rather than
> being what the caller wished to advertize.
> 
> --
> The fact that there's a Highway to Hell but only a Stairway to Heaven
> says a lot about anticipated traffic volume.

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

On Thursday, 19 December, 2019 12:54, Dan Hollis
 wrote:

>Fact is the telcos make lots of money off spoofed robocalls so they
have
>zero incentive to stop the practice.

That is an easy one to solve.  The telco simply needs to provide a free
"Call Screening" service that you can activate on your line such that
the telco terminates all calls with a message "Please enter  to ring the subscriber line".  No valid code,
disconnect the call.  They still get to charge a termination fee to
whomever handed the call to them.

Additional features (whitelisting/blacklisting) available for extra
charge.

>On Thu, 19 Dec 2019, Keith Medcalf wrote:
>
>>
>> "CallerID" is a misnomer.  It is actually the "Advertized ID".
>However, the telco's realized you would not pay to receive advertizing
so
>they renamed it to something they thought you would pay for.
>>
>> Pretty canny business model eh?  And apparently y'all fell for it,
>thinking it was related to the Identification of the Caller, rather
than
>being what the caller wished to advertize.
>>
>> --
>> The fact that there's a Highway to Hell but only a Stairway to Heaven
>says a lot about anticipated traffic volume.


--
The fact that there's a Highway to Hell but only a Stairway to Heaven
says a lot about anticipated traffic volume.

RE: FCC proposes $10 Million fine for spoofed robocalls

[Dan Hollis]

Fact is the telcos make lots of money off spoofed robocalls so they have 
zero incentive to stop the practice.


-Dan

On Thu, 19 Dec 2019, Keith Medcalf wrote:



"CallerID" is a misnomer.  It is actually the "Advertized ID".  However, the 
telco's realized you would not pay to receive advertizing so they renamed it to something they 
thought you would pay for.

Pretty canny business model eh?  And apparently y'all fell for it, thinking it 
was related to the Identification of the Caller, rather than being what the 
caller wished to advertize.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.


-Original Message-
From: NANOG  On Behalf Of Brandon Martin
Sent: Thursday, 19 December, 2019 10:25
To: nanog@nanog.org
Subject: Re: FCC proposes $10 Million fine for spoofed robocalls

On 12/19/19 12:09 PM, Andreas Ott wrote:

I have also been told that there is no equivalent of uRPF in the phone

world.

This is the biggest issue, and unfortunately (and my knowledge of the
PSTN is admittedly a bit lacking, here), there's likely no good way to
add it.

Calls on the PSTN are routed essentially based on "who do I feel like
handing this off to, today", and then that entity may do the same, and
so on.  It's pretty routine for an outfit to have multiple contracts for
termination that may not even be aware of the "legitimate" numbers from
which their customers might "source" a call.

Further, it's entirely normal and perfectly legitimate (to varying
degrees) for an outfit to purport in CID a number that is not directly
assigned to them nor which will actually result in a callback being
routed to them.

Think of caller ID more like reverse DNS.  It's largely advisory and,
outside some situations where you deliberately want a higher degree of
repuatation/identity verification and are willing to accept a
potentially large number of false flags, there's no real reason to rely
on it outside of human nicety.

The rough analogy to the source IP address is the ANI information that's
not even passed to most end users.  That's "who should I bill this to?".
 But even that can get overwritten sometimes during call routing, from
what I gather.  It's also rarely a valid callback number for any
non-trivial call source.  Or, at least, if you did call it, the person
who (might) answer the phone will have no idea what prompted you to do
so.

SHAKEN/STIR, the leading proposal to "fix" this, is more like RPKI in a
way albeit very much re-envisioned based on circuit switching rather
than packet switching.  Each intervening network can attest to what
degree they are able to verify the CID (and maybe ANI?) information in
the call.  Unfortunately, a perfectly valid attestation is "I cannot
verify it", and indeed that's likely to be most of the attestations
you'll see at least at first.  The best it really lets you do is figure
out some networks at which to point fingers.

When "full attestation" is present, i.e. the network operator has been
able to verify that the CID field represents a number authorized for use
by the entity originating the call, it's maybe more like DKIM in that
you can, with cryptographic certainty, know THE network at which to
point fingers as they're the ones who admitted the call into the PSTN
with authority that the CID field (among others) is "valid".

[And all the old PSTN folks will please forgive me if I'm inaccurate,
here, though corrections are welcome]
--
Brandon Martin

Re: FCC proposes $10 Million fine for spoofed robocalls

[William Herrin]

On Thu, Dec 19, 2019 at 11:27 AM Brian J. Murrell  wrote:
>
> On Thu, 2019-12-19 at 11:02 -0800, William Herrin wrote:
> >
> > I call your phone number.
> > Your phone company compares my number against your whitelist. Ring
> > through on match.
> > If no match, "You have reached Name. Press 2 to leave a message.
> > Press
> > 3 to enter your code. Press 0 or stay on the line for an operator."
> > Ring through on a valid code.
> > If 0, the call connects to a call center where a live operator
> > evaluates the call. Who am I? Why am I calling? Do I meet the
> > plain-English criteria you've established for calls to allow through?
> > If no, the operator offers to connect me to your voicemail. If yes,
> > the operator dials you, explains who's calling and asks your
> > permission to connect the call.
>
> It really doesn't (currently at least -- until robocallers start using
> voice recognition to defeat my system) need to be this complicated or
> over-engineered.  A simple audio captcha works wonders.
>
>Hello.  If you are a telemarketer, press 1.  If you want to speak to
>somebody at this number, press 5.
>
> Anyone pressing 1 gets their caller-id added to my blacklist and is
> asked to add our number to their do not call list.  In reality all
> telemarketers use robocallers so they don't even get that far.

Hi Brian,

I don't want to start an arms race with the spam callers, I want to
end it. That means: jump directly to something they can't easily
defeat.

Regards,
Bill Herrin



-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: FCC proposes $10 Million fine for spoofed robocalls

[Brian J. Murrell]

On Thu, 2019-12-19 at 11:02 -0800, William Herrin wrote:
> 
> I call your phone number.
> Your phone company compares my number against your whitelist. Ring
> through on match.
> If no match, "You have reached Name. Press 2 to leave a message.
> Press
> 3 to enter your code. Press 0 or stay on the line for an operator."
> Ring through on a valid code.
> If 0, the call connects to a call center where a live operator
> evaluates the call. Who am I? Why am I calling? Do I meet the
> plain-English criteria you've established for calls to allow through?
> If no, the operator offers to connect me to your voicemail. If yes,
> the operator dials you, explains who's calling and asks your
> permission to connect the call.

It really doesn't (currently at least -- until robocallers start using
voice recognition to defeat my system) need to be this complicated or
over-engineered.  A simple audio captcha works wonders.

   Hello.  If you are a telemarketer, press 1.  If you want to speak to
   somebody at this number, press 5.

Anyone pressing 1 gets their caller-id added to my blacklist and is
asked to add our number to their do not call list.  In reality all
telemarketers use robocallers so they don't even get that far.

Anyone pressing 5 rings through (with additional processing described
below).

But that's it.  That has blocked 100% of robocalling from actually
ringing the phones in our house for the last few years.

I couple the captch greeting system with a whiltelist (i.e. only
callers not on the whitelist get the above prompt -- callers on the
whitelist ring through directly with no greeting).  One gets on the
whitelist because (a) I add them explicitly, (b) their number was
called from our house phones (i.e. the PBX automatically adds all
outgoing numbers to the whitelist) (c) they pressed 5 at the prompt.

The result of that last one (c) is that people only ever hear that
prompt once and if they press 5, they never hear it again.  Unless of
course I remove them from the whitelist.  That has never had to be done
to the best of my recollection.

Of course I cannot know how many legitimate (robo)calls have not made
it through the gauntlet, but I also have not had anyone complain about
not being able to reach me.  I figure if it's really important, some
human from wherever the failed legitimate robocall is coming from will
eventually get in touch with me.

I do also get notified when a (i.e. a robo)caller doesn't choose either
1 or 5 and have noticed the very odd robocall that I would have liked
to have received (very few and far between -- maybe 1 or 2 a year), and
add them to the whitelist which works well since failed robocalls
typically get retried so I get it the next time around.

One might argue that having to deal with the notification on each
failed robocall washes out the value of the system, but I would argue
that reading a text message about a failed robocall, when I feel like
reading it, is a more than fair trade-off for not having to interrupt
what I am doing to answer the phone and get frustrated at another
phishing/scam/etc. attempt, and it gives me peace of mind that I will
catch (the very very few) failed robocalls that I did want.

b.


signature.asc
Description: This is a digitally signed message part

Re: FCC proposes $10 Million fine for spoofed robocalls

[William Herrin]

On Thu, Dec 19, 2019 at 9:25 AM Brandon Martin  wrote:
> Further, it's entirely normal and perfectly legitimate (to varying
> degrees) for an outfit to purport in CID a number that is not directly
> assigned to them nor which will actually result in a callback being
> routed to them.

Hi Brandon,

Correct. Consider this scenario:

You have a Vonage phone.
You use the "simultaneous ring" feature to have calls to your Vonage
phone also ring your Verizon cell phone.
I call your Vonage phone from my Verizon cell phone. Vonage initiates
a call to your Verizon phone purporting to be from my phone number.

Because, of course, it is. But Verizon receiving the call from Vonage
has no view of the original call in I made in to Vonage. To present
you with the caller ID information you want, they have to take
Vonage's word for it that the call really is from a number Verizon
itself owns.

Think of a phone call like a long chain of proxy servers and you're
being asked to accept the source claim made by the first proxy server
in the chain.


Anyway, the FCC's track record collecting fines for spam calls is even
worse than its record for imposing the fines in the first place. This
isn't a legislative problem, it's a technical one. If I had the "in"
with a call center company, I'd build a solution this way:

I call your phone number.
Your phone company compares my number against your whitelist. Ring
through on match.
If no match, "You have reached Name. Press 2 to leave a message. Press
3 to enter your code. Press 0 or stay on the line for an operator."
Ring through on a valid code.
If 0, the call connects to a call center where a live operator
evaluates the call. Who am I? Why am I calling? Do I meet the
plain-English criteria you've established for calls to allow through?
If no, the operator offers to connect me to your voicemail. If yes,
the operator dials you, explains who's calling and asks your
permission to connect the call.

You can spoof the automation but your hit rate spoofing the live
operator is not going to be good enough to keep trying. And if you do
keep trying, the operator company has lawyers and a financial
incentive to go after you.

Regards,
Bill Herrin





-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

RE: FCC proposes $10 Million fine for spoofed robocalls

[Keith Medcalf]

"CallerID" is a misnomer.  It is actually the "Advertized ID".  However, the 
telco's realized you would not pay to receive advertizing so they renamed it to 
something they thought you would pay for.

Pretty canny business model eh?  And apparently y'all fell for it, thinking it 
was related to the Identification of the Caller, rather than being what the 
caller wished to advertize.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

>-Original Message-
>From: NANOG  On Behalf Of Brandon Martin
>Sent: Thursday, 19 December, 2019 10:25
>To: nanog@nanog.org
>Subject: Re: FCC proposes $10 Million fine for spoofed robocalls
>
>On 12/19/19 12:09 PM, Andreas Ott wrote:
>> I have also been told that there is no equivalent of uRPF in the phone
>world.
>
>This is the biggest issue, and unfortunately (and my knowledge of the
>PSTN is admittedly a bit lacking, here), there's likely no good way to
>add it.
>
>Calls on the PSTN are routed essentially based on "who do I feel like
>handing this off to, today", and then that entity may do the same, and
>so on.  It's pretty routine for an outfit to have multiple contracts for
>termination that may not even be aware of the "legitimate" numbers from
>which their customers might "source" a call.
>
>Further, it's entirely normal and perfectly legitimate (to varying
>degrees) for an outfit to purport in CID a number that is not directly
>assigned to them nor which will actually result in a callback being
>routed to them.
>
>Think of caller ID more like reverse DNS.  It's largely advisory and,
>outside some situations where you deliberately want a higher degree of
>repuatation/identity verification and are willing to accept a
>potentially large number of false flags, there's no real reason to rely
>on it outside of human nicety.
>
>The rough analogy to the source IP address is the ANI information that's
>not even passed to most end users.  That's "who should I bill this to?".
>  But even that can get overwritten sometimes during call routing, from
>what I gather.  It's also rarely a valid callback number for any
>non-trivial call source.  Or, at least, if you did call it, the person
>who (might) answer the phone will have no idea what prompted you to do
>so.
>
>SHAKEN/STIR, the leading proposal to "fix" this, is more like RPKI in a
>way albeit very much re-envisioned based on circuit switching rather
>than packet switching.  Each intervening network can attest to what
>degree they are able to verify the CID (and maybe ANI?) information in
>the call.  Unfortunately, a perfectly valid attestation is "I cannot
>verify it", and indeed that's likely to be most of the attestations
>you'll see at least at first.  The best it really lets you do is figure
>out some networks at which to point fingers.
>
>When "full attestation" is present, i.e. the network operator has been
>able to verify that the CID field represents a number authorized for use
>by the entity originating the call, it's maybe more like DKIM in that
>you can, with cryptographic certainty, know THE network at which to
>point fingers as they're the ones who admitted the call into the PSTN
>with authority that the CID field (among others) is "valid".
>
>[And all the old PSTN folks will please forgive me if I'm inaccurate,
>here, though corrections are welcome]
>--
>Brandon Martin

Re: FCC proposes $10 Million fine for spoofed robocalls

[Brandon Martin]

On 12/19/19 12:09 PM, Andreas Ott wrote:

I have also been told that there is no equivalent of uRPF in the phone world.


This is the biggest issue, and unfortunately (and my knowledge of the 
PSTN is admittedly a bit lacking, here), there's likely no good way to 
add it.


Calls on the PSTN are routed essentially based on "who do I feel like 
handing this off to, today", and then that entity may do the same, and 
so on.  It's pretty routine for an outfit to have multiple contracts for 
termination that may not even be aware of the "legitimate" numbers from 
which their customers might "source" a call.


Further, it's entirely normal and perfectly legitimate (to varying 
degrees) for an outfit to purport in CID a number that is not directly 
assigned to them nor which will actually result in a callback being 
routed to them.


Think of caller ID more like reverse DNS.  It's largely advisory and, 
outside some situations where you deliberately want a higher degree of 
repuatation/identity verification and are willing to accept a 
potentially large number of false flags, there's no real reason to rely 
on it outside of human nicety.


The rough analogy to the source IP address is the ANI information that's 
not even passed to most end users.  That's "who should I bill this to?". 
 But even that can get overwritten sometimes during call routing, from 
what I gather.  It's also rarely a valid callback number for any 
non-trivial call source.  Or, at least, if you did call it, the person 
who (might) answer the phone will have no idea what prompted you to do so.


SHAKEN/STIR, the leading proposal to "fix" this, is more like RPKI in a 
way albeit very much re-envisioned based on circuit switching rather 
than packet switching.  Each intervening network can attest to what 
degree they are able to verify the CID (and maybe ANI?) information in 
the call.  Unfortunately, a perfectly valid attestation is "I cannot 
verify it", and indeed that's likely to be most of the attestations 
you'll see at least at first.  The best it really lets you do is figure 
out some networks at which to point fingers.


When "full attestation" is present, i.e. the network operator has been 
able to verify that the CID field represents a number authorized for use 
by the entity originating the call, it's maybe more like DKIM in that 
you can, with cryptographic certainty, know THE network at which to 
point fingers as they're the ones who admitted the call into the PSTN 
with authority that the CID field (among others) is "valid".


[And all the old PSTN folks will please forgive me if I'm inaccurate, 
here, though corrections are welcome]

--
Brandon Martin

Re: FCC proposes $10 Million fine for spoofed robocalls

[Andreas Ott]

On Thu, Dec 19, 2019 at 11:16:08AM -0500, Christopher Morrow wrote:
> How is it envisioned that this will work?

My prediction for 2020: it still won't work, like in 2019 and the years
before that. A call originated, transported and delivered equals revenue
for all involved parties, so it is in their best interest not to block
them, unless the fines are really magnitude(s) higher than the revenue.

> I mean, I'm all for less spam calling... and ideally there would be
> some form of 'source address verification' on the PSTN/phone
> network... but in today's world that really just doesn't exist and the
> motivations to suppress fake sources are 'just as good' as they are on
> the intertubes. (with crappier options in the gear - SHAKEN/STIR are
> really not even available in the majority of the switch 'gear' right?)

When I tried to pay my AT uverse VOIP "landline" bill this morning they
offered me a free "CallProtect App" but when I click on more info it's
in fact only a link to open their "control call forwarding and blocking"
part of the home phone features web site.  All their suggested controls
are enabled, still I am receiving only unwanted calls on this line.

In the call and voicemail history list for my number I have at least these 
examples for you to laugh at. Hint: look at the numbers. and I have also
been told that there is no equivalent of uRPF in the phone world.

NameNumber  WhenLength  Actions
Suspected Spam  888-194-124211-30-19, 10:56 AM  0:00Add to Address 
Book

FromNumber  WhenSize
NAME NOT FOUND  408-145-134108-12-19, 09:14 AM  29 Kb   
NAME NOT FOUND  213-141-516305-17-19, 10:22 AM  353 Kb


-andreas

Re: FCC proposes $10 Million fine for spoofed robocalls

[Christopher Morrow]

How is it envisioned that this will work?
I mean, I'm all for less spam calling... and ideally there would be
some form of 'source address verification' on the PSTN/phone
network... but in today's world that really just doesn't exist and the
motivations to suppress fake sources are 'just as good' as they are on
the intertubes. (with crappier options in the gear - SHAKEN/STIR are
really not even available in the majority of the switch 'gear' right?)

On Thu, Dec 19, 2019 at 10:08 AM Kain, Becki (.)  wrote:
>
> Would be nice to have these stopped.  I received 10 of them yesterday, 
> pretending to be apple icloud support
>
>
>
> From: NANOG  On Behalf Of Javier J
> Sent: Wednesday, December 18, 2019 8:38 PM
> To: Sean Donelan 
> Cc: nanog 
> Subject: Re: FCC proposes $10 Million fine for spoofed robocalls
>
>
>
> It is so bad that I am not above us bribing politicians in foreign countries 
> to crack down on this.
>
>
>
>
>
>
>
> On Thu, Dec 12, 2019 at 3:37 PM Sean Donelan  wrote:
>
>
> On Monday, U.S. FCC Chairman Pai and Canadian CRTC Chairperson Scott made
> the first official cross-border SHAKEN/STIR call.
> https://www.fcc.gov/document/pai-scott-make-first-official-cross-border-shakenstir-call
>
>
> Today, the U.S. FCC announced a proposed nearly $10 million fine for
> spoofed robocalls.
> https://www.fcc.gov/document/fcc-proposes-nearly-10-million-fine-spoofed-robocalls
>
> A U.S. telemarketing firm spoofed the caller-id of a competitor to make
> approximately 47,610 political robocalls shortly before a California State
> Assembly primary election.
>
> I think this case is somewhat unusual for robocall spoofing, because the
> alleged perpetrator, victims, and 'crime scene' occured within the same
> jurisdiction.
>
> While the FCC likes to announce large enforcement actions in splashy
> press releases, its actually bad about collecting fines. The FCC must
> rely on the Justice Department to initiate separate prosecution to
> enforce payment from non-license holders because the FCC can't do that
> itself.  So don't expect anyone to actually pay soon (or ever).

Re: FCC proposes $10 Million fine for spoofed robocalls

[j k]

~ $204 per spoofed call.

On Thu, Dec 19, 2019, 10:09 AM Kain, Becki (.)  wrote:

> Would be nice to have these stopped.  I received 10 of them yesterday,
> pretending to be apple icloud support
>
>
>
> *From:* NANOG  *On Behalf Of *Javier J
> *Sent:* Wednesday, December 18, 2019 8:38 PM
> *To:* Sean Donelan 
> *Cc:* nanog 
> *Subject:* Re: FCC proposes $10 Million fine for spoofed robocalls
>
>
>
> It is so bad that I am not above us bribing politicians in
> foreign countries to crack down on this.
>
>
>
>
>
>
>
> On Thu, Dec 12, 2019 at 3:37 PM Sean Donelan  wrote:
>
>
> On Monday, U.S. FCC Chairman Pai and Canadian CRTC Chairperson Scott made
> the first official cross-border SHAKEN/STIR call.
>
> https://www.fcc.gov/document/pai-scott-make-first-official-cross-border-shakenstir-call
>
>
> Today, the U.S. FCC announced a proposed nearly $10 million fine for
> spoofed robocalls.
>
> https://www.fcc.gov/document/fcc-proposes-nearly-10-million-fine-spoofed-robocalls
>
> A U.S. telemarketing firm spoofed the caller-id of a competitor to make
> approximately 47,610 political robocalls shortly before a California State
> Assembly primary election.
>
> I think this case is somewhat unusual for robocall spoofing, because the
> alleged perpetrator, victims, and 'crime scene' occured within the same
> jurisdiction.
>
> While the FCC likes to announce large enforcement actions in splashy
> press releases, its actually bad about collecting fines. The FCC must
> rely on the Justice Department to initiate separate prosecution to
> enforce payment from non-license holders because the FCC can't do that
> itself.  So don't expect anyone to actually pay soon (or ever).
>
>

RE: FCC proposes $10 Million fine for spoofed robocalls

[Kain, Becki (.)]

Would be nice to have these stopped.  I received 10 of them yesterday, 
pretending to be apple icloud support

From: NANOG  On Behalf Of Javier J
Sent: Wednesday, December 18, 2019 8:38 PM
To: Sean Donelan 
Cc: nanog 
Subject: Re: FCC proposes $10 Million fine for spoofed robocalls

It is so bad that I am not above us bribing politicians in foreign countries to 
crack down on this.



On Thu, Dec 12, 2019 at 3:37 PM Sean Donelan 
mailto:s...@donelan.com>> wrote:

On Monday, U.S. FCC Chairman Pai and Canadian CRTC Chairperson Scott made
the first official cross-border SHAKEN/STIR call.
https://www.fcc.gov/document/pai-scott-make-first-official-cross-border-shakenstir-call


Today, the U.S. FCC announced a proposed nearly $10 million fine for
spoofed robocalls.
https://www.fcc.gov/document/fcc-proposes-nearly-10-million-fine-spoofed-robocalls

A U.S. telemarketing firm spoofed the caller-id of a competitor to make
approximately 47,610 political robocalls shortly before a California State
Assembly primary election.

I think this case is somewhat unusual for robocall spoofing, because the
alleged perpetrator, victims, and 'crime scene' occured within the same
jurisdiction.

While the FCC likes to announce large enforcement actions in splashy
press releases, its actually bad about collecting fines. The FCC must
rely on the Justice Department to initiate separate prosecution to
enforce payment from non-license holders because the FCC can't do that
itself.  So don't expect anyone to actually pay soon (or ever).

Re: FCC proposes $10 Million fine for spoofed robocalls

[Javier J]

It is so bad that I am not above us bribing politicians in
foreign countries to crack down on this.



On Thu, Dec 12, 2019 at 3:37 PM Sean Donelan  wrote:

>
> On Monday, U.S. FCC Chairman Pai and Canadian CRTC Chairperson Scott made
> the first official cross-border SHAKEN/STIR call.
>
> https://www.fcc.gov/document/pai-scott-make-first-official-cross-border-shakenstir-call
>
>
> Today, the U.S. FCC announced a proposed nearly $10 million fine for
> spoofed robocalls.
>
> https://www.fcc.gov/document/fcc-proposes-nearly-10-million-fine-spoofed-robocalls
>
> A U.S. telemarketing firm spoofed the caller-id of a competitor to make
> approximately 47,610 political robocalls shortly before a California State
> Assembly primary election.
>
> I think this case is somewhat unusual for robocall spoofing, because the
> alleged perpetrator, victims, and 'crime scene' occured within the same
> jurisdiction.
>
> While the FCC likes to announce large enforcement actions in splashy
> press releases, its actually bad about collecting fines. The FCC must
> rely on the Justice Department to initiate separate prosecution to
> enforce payment from non-license holders because the FCC can't do that
> itself.  So don't expect anyone to actually pay soon (or ever).
>