[jonathanmayer]

Hi, I previously served as CTO of the FCC's Enforcement Bureau, where I worked on then-Chairman Wheeler's Robocall Strike Force. I'd like to offer a few observations that might be of interest.

* T-Mobile, like the other carriers, is offering a numerator and not a denominator. These call filtering services are plainly valuable, but it's difficult to evaluate how effective they are based on current public evidence.

* It isn't a coincidence that the top robocall destinations include locations that are popular for retirement. These scams disproportionately target and take advantage of older customers.

* Call authentication (STIR/SHAKEN) is helping, and will continue to become more effective. The FCC did not push carriers to rapidly adopt call authentication during the last administration; Congress eventually stepped in with the TRACED Act, and the FCC has since made STIR/SHAKEN a top priority.

[ipython]

From anecdotal evidence (n=1) the call blocking feature on T-Mobile is about 70% effective. Unfortunately I don’t know of an api to pull my full phone and spam shield records but I estimate I received about 2,000 calls over the past three months. About 90% of those were spam/scam calls. Of those, T-Mobile identified and blocked about 70% of them.

It is reassuring to see the stir/shaken “checkmark” on my iPhone call log indicating that the call has been authenticated. Unfortunately as you say it’s not very effective yet.

I’ve noticed that there are carriers/voip gateway providers who are proactive on shutting down spam emanating from their networks and others who are not. Not affiliated but the list here seems to be accurate: https://scammerblaster.com/the-ultimate-method-of-scammer-pa...

[lifeisstillgood]

wait what. You recieved 540 spam calls over a quarter? (2000.9.3)

Holy crap. That's six a day. I would have thrown my phone away.

[ipython]

Correct. I think my high water mark was about 30 calls in one day. I would receive a call while messing with another, so I would sometimes conference them together for hilarity to ensue.

[lifeisstillgood]

Spam as in "want to use our website building agency?" or "want to buy this incredible new coin/NFT/pump dump stock?"

[ipython]

At some point my phone number was sold as part of a list of “old people”. So my calls consisted of a mix of Medicare supplement plans, Medicare scams (“free” diabetic supplies, something about chronic pain, and my favorite which was “a five year renewal” of my Medicare card. All they needed was all my PII, doctors name and Medicare card number!)

I also received a lot of other scam calls targeting older folks: namely callers impersonating Social security administration officials who scare you into sending thousands of $$$ to them so you avoid getting arrested - you’re told that your SS benefits are suspended and you’ll be charged with a crime because your SS# was associated with some vague crime in the “southern border of Texas”…

It’s honestly sickening to see in real time how these low lives fleece innocent people and it makes me furious. I do what I can to try and shut them down but I’m sure it’s just a drop in the bucket and they just pop back up with a different voip provider in a few days anyway.

They can be very persistent and they will track your “identity” for years. I had invented a persona back in 2015 and forgotten about it. Someone called several dozen times - very aggressively - asking for that persona. I had fun messing with him but it was scary having him pull up personal details from over 7 years ago even if it was totally fabricated.

[abdabab]

One time I received 30ish calls everyday for a few days and each one of them was from a different number but with same prefix. It bothered me that I couldn’t block that prefix.

[UncleMeat]

That’s about where I’m at. A slow day is two spam calls. A bad day is 10.

[shkkmo]

It seems ridiculous to me that I regularly receive calls that are clear indicators of illegal activity but that nobody is being held accountable.

Why is there no way to find the people who are making these calls and why are the phone companies not liable for allowing these calls to be made without accountability?

[hedora]

The phone companies standardized on a hopelessly insecure protocol in 1975, and have no financial incentive to fix it.

If the FCC mandated a $1/spam call fine for cell phone providers (automatically paid as an unbounded rebate to subscribers), I suspect they would fix it in under 12 months.

More reading on the protocol (Signaling System 7) is here:

https://en.m.wikipedia.org/wiki/Signalling_System_No._7

The fundamental issue is that is assumes 100% of global telephone exchanges are trustworthy.

[sennight]

> The phone companies standardized on a hopelessly insecure protocol in 1975...

I vaguely remember an interview with somebody involved in early ARPANET standardization efforts stating pretty definitively that the prevailing direction for network protocols was source based routing. Anybody who has ever had to write an email address parser has seen vestiges of this (multiple @, ! and : symbols). Supposedly a representative from the NSA helpfully "suggested" they abandon that line of thinking and just mimic the PSTN's approach of trusting the next hop to do the routing.

I wonder how accidental it is that SS7 was implemented in such a plainly insecure manner.

[ipython]

It’s a lot of work and honestly the telcos don’t care. Even if and when you do find them, what can you do? They’re calling from halfway around the world - so “impersonating a us government employee” is not a law you can enforce on a citizen of another country.

[shkkmo]

Why can't the telcos be held liable for routing these calls? If you get scammed and could sue the phone company, they'd very quickly find real solutions.

[AnimalMuppet]

I suspect it's that pesky "rule of law" thing. We need to change the laws to make them liable.

[KoftaBob]

Most of the scam/spam calls originate from overseas, while using American phone numbers:

"Five U.S. states, Costa Rica, Guatemala, India, Mexico and the Philippines are where most robocalls originate."

I imagine it's much more complicated to prosecute robocallers that live overseas, as you're now dealing with having to extradite people.

[imglorp]

Around 99% of calls I receive, total, are spoofed to my local area and exchange. The discrimination tech is clearly not being used. Sprint/TMO.

[msh]

A quick fix could be that you require that the phone number matches the country the call comes from.

Won't solve everything but maybe a little bit.

[codeddesign]

Then every time I travel overseas I cannot use my phone or a US phone number? What about living close to Canada, Mexico, Caribbean…etc and you pick up international towers?

It’s an easier fix, but not really a solution.

The reality is that everyone wants fairness but no one really wants government regulation (Russia is a great example of this where your phone number is essentially treated like an assault rifle. Registered, monitored, and geo-tracked).

[msh]

But that would be roaming, not a us number originating from a non us phone line.

[annoyingnoob]

Prior to VoIP it was easier to trace the source of a call. With VoIP, the call could come from anywhere. Also, that VoIP service may have been resold several times and the end of that chain might look like a shady foreign entity with fictitious names. You kill one shady reseller and 3 more pop up.

[imglorp]

Can I sue my carrier for breach of contract?

They are providing me a phone but most callers are spoofed and it can't be answered any more in the way a reasonable person would expect a phone to be useful.