The Do-Not-Call List Has a Gaping Hole

The “Do Not Call” list isn’t working anymore.

Sure, legitimate telemarketers will refrain from calling you if you’ve put your phone number on it. But criminal telephone spammers will call you anyway because it’s become so easy for them to evade U.S. law enforcement.

Now the Federal Communications Commission is hoping phone companies can fix the problem. “The bad guys are beating the good guys with technology right now,” FCC Commissioner Tom Wheeler said last month at the initial meeting of an industry-led team his agency has assembled to help beat back the robocall “scourge.”

Illustrations by Nicholas Little

Unwanted calls are the top source of consumer complaints to the FCC, with the agency fielding more than 200,000 a year, according to Wheeler. In one common illegal robocall, “Rachel from card services”—just an automated voice—says you qualify for a new credit card in an attempt to get financial information out of you. In one common extortion scheme, a voice claims to be from the Internal Revenue Service.

These calls are easy for scammers to make thanks to inexpensive automatic dialing machines and spoofing tools that hide the source of the call from your phone company and make your phone’s caller ID display a bogus number.

The charge of the “Robocall Strike Force,” which is headed by ATT CEO Randall Stephenson and includes representatives from more than 30 technology companies, is to develop “comprehensive solutions to prevent, detect, and filter unwanted robocalls.” The group has until October 19 to submit a plan to the FCC.

We already have some tools for blocking and preventing unwanted calls. In addition to the National Do Not Call Registry (which is run by the Federal Trade Commission) there are smartphone apps that can block known spammers or send their calls straight to voice mail. If you have certain landline and mobile services, you can use a product called Nomorobo, which screens incoming numbers against a database of known spam callers.

But spammers can easily get around these defenses by spoofing other numbers, using standard software on voice-over-Internet phone systems, says Henning Schulzrinne, a professor of computer science and electrical engineering at Columbia University, who served as the chief technology officer for the FCC from 2011 to 2014 and will return to that role next year. Spoofing not only gives phony information to you, but also to the telephone service providers, who currently have no way of determining the actual source either. Complicating things further is that many spammers call from other countries, out of the reach of U.S. law enforcement.

That’s why the Internet Engineering Task Force, a group of engineers that develop and upgrade open-source technical standards for the Internet, is working with communications companies on a new way to verify the source of voice-over-Internet calls. The service provider originating the call would add a cryptographic signature to indicate that the caller is legitimately using the number. Separate carriers along the way could then validate the signature and catch spoofed numbers.

How aggressively will telecom companies work on this? Many carriers have little incentive to participate in anti-spam efforts because they profit from increasing traffic of any kind on their networks, says Gail-Joon Ahn, director of Arizona State University’s Laboratory for Security Engineering for Future Computing. But that could change, Schulzrinne says, as the number of customer complaints about robocalls keeps rising.

comments powered by Disqus