Color me cynical, but I don't see how the dollar amount of the fine matters if it can't be effectively collected anyway. Recently it was revealed that the FCC had collected a few thousand dollars of $208 million levied in fines. [1] How is a bigger fine different?
Okay, so that's a kind of a long bill, so I can't verify but you make it sound a bit like the carriers will be fined. They historically directly pass-through all compliance costs to customers, so ultimately customers pay to receive the robocalls?
Yes, and to remain competitive in pricing they are incentivized to fix the problem, receiving fewer fines. Of course the tools and people attempting to stop robocall costs money, but as many things in life, there’s no free lunch. Maybe we could find another less expensive solution? Maybe that is specifically one of the cheapest ones, and that which put the onus on those who have more capacity to fix them? Maybe that will be the incentive to revamp our current calling system that basically allows anyone to call anyone at any time? Either way someone always pays.
The most interesting parts of the bill are pretty much "FCC will decide how it works", but some bits are better defined. For example the call authentication framework can add no line item to the consumer bill. Sure... they could raise the price across the board, but that's a cynical realist view :-)
> The most interesting parts of the bill are pretty much "FCC will decide how it works", but some bits are better defined. For example the call authentication framework can add no line item to the consumer bill. Sure... they could raise the price across the board, but that's a cynical realist view :-)
To be fully cynical would be to predict that in five years Congress will be calling the wireless providers to testify as to why prices are increasing at such a high rate.
What's the reason to expect that? Adding reasonable security doesn't need to add a large and increasing amount to prices, and it doesn't make sense that they need an excuse if they are able to raise prices.
And, the first carrier to effectively enforce no robocalls will receive a massive influx of subscribers, so much so it will force everyone else to get on board.
> And, the first carrier to effectively enforce no robocalls will receive a massive influx of subscribers, so much so it will force everyone else to get on board.
1. You need cooperation to ensure valid callerid (mobile telcos can't do much call authentication on their own). It will take a long time for this be fixed.
2. There was supposedly a confusion around whether they were allowed to block anything. That's gone now.
> 1. You need cooperation to ensure valid callerid (mobile telcos can't do much call authentication on their own). It will take a long time for this be fixed.
> 2. There was supposedly a confusion around whether they were allowed to block anything. That's gone now.
Under the current system, it seems 100% of spam gets through that could so easily be filtered. At an old small business I worked at, we received ~10 calls per day from an identical caller ID number robocaller and ~20 calls per day from a robocaller always using a slightly different very long string of characters. Due to the nature of the company, the main line had to be manned by a human being, so even just the time to look at the caller ID, ignore the caller, and then re-focus back on task was at least 15 minutes of lost productivity every day, yet this is about the easiest type of spammy activity to filter. No need to cooperate with anyone but your customers.
The second could be interpreted as: regulations caused the proliferation of robocalling, as we can see in the unregulated email space that far more spam is sent yet far less ever makes it through the filters. What problems will the new regulations cause?
I prefer this model. Carriers should not be permitted to have line items like this. If I buy a $40 plan, the carrier should charge $40, not $40 plus compliance costs.
Read "SEC. 4. CALL AUTHENTICATION", particularly "(C) ROBOCALL MITIGATION PROGRAM" for most of the details – IANAL but I believe the comment you're replying to is correct that the providers will be held responsible for violations that occur on their network.
I am afraid that if this is true, yes, you are right and this is ill-thought. But this is the truth with all fines. I think we have reached the point that more fangs are necessary (breaking the monopolies would be a nice start -- that way fines are effective).
> I am afraid that if this is true, yes, you are right and this is ill-thought. But this is the truth with all fines. I think we have reached the point that more fangs are necessary (breaking the monopolies would be a nice start -- that way fines are effective).
I don't think this is possible in the telecom space without some sort of complete rethinking of spectrum licensing.
I wonder what success rate it would take in order to be worth someone's time and effort to set up an agency to collect these fines, and then how big the fines would have to be to make it worth the cost of doing so.
Like if the fines hit $400 million, a group that could only deliver a 10% increase in collections might still be worth doing.
The fines attributable to a single entity another.
The collectability on those fines, the third.
By scoping responsibility to include the call recipient's telco, you'd address all three of these.
That telco could, of course, adjust its risk-management practices (who it interops with, what the conditions of those interops are, caller identity / reputation) to minimise such risks.
True. Collecting the fines from the telco and then makin g them go extract those fees from their customers would be a powerful incentive to do something. We have an idea what that should look like, but capitalism is weird and who knows what they’d actually do.
My mobile number has an area code for a place I haven't lived since 2012. I'd thought about changing it to match my new location, but then I realized that since I'm no longer in contact with anyone in my old area, I'm able to safely assume any number calling from it is a robocall.
I get several of them a day. So I think I'll keep my old number.
So I think there's a possible solution: Pick a new mobile number with an area code for a place you don't know anyone and have no reason to receive calls from.... then block/ignore all calls originating from it.
Whatever spam blocking I get from Google Fi + latest Android on a Pixel phone has completely eliminated spam calls. I went from getting 3+ per day to zero.
About 8 years ago, I wondered the same thing. I looked at the footer of the first or last page of those to find a company name or website. Opting out was very simple for all of them.
Most websites asked for an address only. Some asked for a little more information, but to my surprise, it worked. I haven't received that ream of coupons in years, and in the off-chance that something new appears (usually something credit related), I've been able to opt-out just fine.
Wouldn't that be counter-productive, by showing them "yes this address is active and someone's reading your spam" as well as potentially allowing them to correlate your mailing address with online identifiers like IP address, browser fingerprint or advertising cookies?
I've done it twice (since moving residences). I received paper spam almost daily at the first place. I contacted around 15 different companies to get it all sorted. The second place was only 5 or so.
At first I balked but then I realized somebody would probably enter every single person’s name and address in the country if they didn’t have some kind of cost associated with it.
Still stinks to pay someone not to harass you. But I guess that’s been common throughout history.
After that unsubscribe, I've had to reach out to USPS several times when they still deliver the coupons to me and those coupons have someone else's address on them. I'm unsubscribed but USPS doesn't care and delivers anyway.
There is also a USPS service called Every Door Delivery Mail (EDDM) where USPS guarantees delivery to every address in a certain area. There is no way to opt out of EDDM.
You are incorrect, but only technically. You can opt out of EDDM at the DMA website, but the whole chain of custody for handling the opt-out is so convoluted that it's effectively pointless.
What happens is that the DMA maintains an opt-out list which the mailers are supposed to check. Then they add your address to a cover sheet called a facing slip which they pass to the local USPS when they hand off the ads. The USPS is then supposed to give those addresses to the mail carrier and the mail carrier is supposed to check it when delivering the ads.
In reality, since EDDM is intended for blanket coverage of local ads, practically no local advertisers bother or are even aware of the opt-out list, and even if they did the mail carrier will probably ignore the list, so signing up has little effect.
The best way to "opt out" is to be a dick to your mail carrier. Put a sign on your mailbox that says "NO EDDM: unaddressed mail will be refused" and then follow through on your threat by forcing your carrier to take back all EDDM ads the next day. My mail carrier quickly realized that there was no point delivering EDDM ads to my house.
You just write REFUSED on the unopened letter. It's best to scribble out your address to prevent their automated system from simply re-delivering it to you. I do this on postcards as well (which cannot be opened by definition) and they will take those. If it's first class mail they'll return it to the sender, otherwise they will take it back and discard/recycle it.
Do you know if this might work for a PO Box as well? I once spoke to an agent at the window of the post office where my PO Box lives about this. I asked if I could put some sort of notice like the one you're suggesting, but the person claimed there was no way to stop receiving fliers in my box because the companies pay a lot for them to be delivered (paraphrased).
At my post office they refer to the coupon crap as ADVO. I put a NO ADVO sticker in my box. Anything that doesn't have my address on it goes into the community outgoing mail slot. It gets better for a while then someone goes on vacation or quits and we go through it again.
It works surprisingly well. A few companies like Micro Center still sends out advertisements but the vast majority of my junk mail stopped after joining the do not mail list. Works much better than the do not call list.
I did this and it was worth it. I still get a few pieces of mail spam (AT&T is literally the worst, and I have called them repeatedly) but it's dramatically better.
Entirely nonsense that there's costs and whatnot associated with it. I am sure it's a PII goldmine for some script kiddie who gets lucky.
I spent 5 years trying to get AT&T Time Warner to stop sending monthly ads for their cable internet. I finally got someone to admit that they don't maintain a "do not mail" list and that every other CSR I spoke to had lied to me. What finally worked was threatening a lawsuit and restraining order. The ads stopped immediately.
I did this years ago and it helped a lot. Most direct mailers respect the list with the exception of a few credit card companies, and insurance associated with band accounts.
Some Charities do not respect the list and send me all manner of things. (Gloves was the most egregious from a charity I haven't given too.)
You mean Physical mailbox at your house/apartment ? Good luck with that. I am willing to pay $5/Month to USPS if they stop sending paper spam to my mailbox but that's how they supposedly stay afloat today since they don't have enough funding.
Our household has been trailing PaperKarma https://www.paperkarma.com/ for a month. It thinks we have unsubscribed from a substantial percentage of mailers. The volume of mail we get next month will be a good indicator of whether it actually works..
Hi, JT from PaperKarma here. It takes about 6-12 weeks (1.5-3 months) for mail to stop once you submit an opt-out request. This is due to in progress campaigns and the fact mailers print several waves of a campaign upfront. Rest assured you are no longer on the lists the next time they go to print!
Or better, get them to abolish USPS. 99% of the things you get in the mail should be handled by email. The other 1% of critical things are frankly handled better, faster and more reliably by private carriers..
For better or worse it's almost 2020, not 1820. Let's start acting like it.
So because email is better, we should abandon the USPS? That's a ridiculous argument. Email accounts practically at the whim of big corporations. You know, the ones who ban people from their entire Google account because they posted emojis in a chat?[0] Yeah, that'll be good.
The private sector may be more efficient than the government, but that's because of bureaucracy imposed by the politicians themselves.
Tell me, how long does it take UPS or FedEx to ship a package across the US? At least 5 business days for the cheapest. USPS gets it there in 3.
Here's some more facts you may not know (that show why the USPS is good):
* The USPS, unlike UPS and FedEx, have a legal mandate to attempt to deliver every letter and parcel if it's in the US.
* Your mail sent through USPS is protected from searches without a warrant by law. You can't say the same about UPS and FedEx.
* I can send a small letter through USPS for $.55. How much does a private courier charge?
USPS regularly fails to deliver important mail to me. Like it straight up doesn't show up. Never accounted for or mentioned. Almost all of these important mailings would be handled faster, safer, more reliably and more eco friendly online.
While every carrier makes mistakes, the difference is that the USPS is legally required to deliver to you. When you don't get your USPS mail, it is a mistake, and they're required to do something about it.
When some people don't get their UPS/FedEx/etc, if you call up to complain, the answer is "Oh yeah, we don't service your address. Have a nice day."
Functioning governments really really need a way to physically deliver items to a person in a way that cannot be replaced by private carriers or email systems. This isn't about you getting your Amazon packages or your power bill. This is about the operational stability of basic government services.
There are places in the US where UPS and FedEx do not deliver, and people live there -- people who the US government is legally required to correspond with. They cannot fulfill those obligations without the USPS.
You're thinking like a lawyer. I'm thinking like a problem solver. The legal requirement (which by the way is not an absolute requirement) to deliver my mail is useless if my mail isn't actually delivered. And I mean literally useless. Let that sink in. I don't care (at all, not even a little bit) what their obligation is on paper if they can't actually do the thing we need them to do.
>When some people don't get their UPS/FedEx/etc, if you call up to complain, the answer is "Oh yeah, we don't service your address. Have a nice day."
And if you call USPS, they're just going to jump straight to "it's lost. have a nice day." I don't see how that is better.
Anyway, USPS absolutely does not deliver to every address. This is a myth that won't die for some reason.
>Functioning governments really really need a way to physically deliver items to a person in a way that cannot be replaced by private carriers or email systems.
Can you source this claim? What does my government need to mail me that can't be done by email?
>This isn't about you getting your Amazon packages or your power bill.
I don't use Amazon or get my power bill by snail mail. Not sure why you're bringing these up. They're irrelevant.
>This is about the operational stability of basic government services.
We might need a reliable parcel deliverer (ie, something other that USPS).
>There are places in the US where UPS and FedEx do not deliver, and people live there
And there are places where USPS doesn't deliver. At my house, on a regular basis for example, they don't deliver important parcels.
Also many communities around the country and outside of the country. Email fixes basically all of this.
>-- people who the US government is legally required to correspond with.
Who they should be able to correspond with by email in most cases. In other cases they could contract with a more reliable carrier or have a pared down service for those remote area.
In still more cases, the USPS doesn't service certain areas at all.
>They cannot fulfill those obligations without the USPS.
Nor can they fulfill them solely with USPS. We need to acknowledge that email is a faster, safer and more reliable source of communicating with most people. Its almost 2020.
> You're thinking like a lawyer. I'm thinking like a problem solver.
Yes, the reasons that the USPS is important are mainly legal reasons. Your personal frustrations with what I presume is commercial mail is not one of those reasons. You have alternatives for your commercial needs, and you are free to use them.
The USPS exists because the government has needs that commercial carriers simply cannot fulfill; here's the first 3 examples I could think of:
1. A guarantee of service via direct control. The federal government directly controls the USPS board. Commercial services have no obligation to fulfill any of the government's needs, and could even be legally obligated by their fiduciary duty to deny those needs, even if they wanted to do otherwise. The needs of the government are not always profitable, often they're not.
2. Proper chain of custody. Email simply doesn't address this, and is notoriously awful at it. Commercial delivery services do this better than email, but do so voluntarily, and to their own liking (see #1). On the other hand, some USPS services like Registered Mail can be used for some types of classified documents.
3. Longstanding (and strong) legal precedent regarding its use. Mail has a ton of privilege over electronic communications. It also has privilege over commercial deliveries.
I agree with the sentiment that there is not much point in delivering any sort of documents by postal mail. However, we don't have any large scale way of providing email to the masses with the same (or better) practical and legal guarantees. Practical: Not tied to a company, accessible, etc. Legal: Preferably end to end encrypted, read receipts and how to handle them, nominees and death of the mailbox owner etc. In general, I feel that it's hard and probably for the best that email doesn't become "official".
For a middle ground, I would like USPS to offer a service where they scan and send you the docs and you agree to some terms. They already scan the addresses and show you the informed mail digest. I don't care if they open it and scan it. It's all junk anyway.
Sure but here is what everyone in this thread is missing: there is nothing (and I mean nothing) inherently official or legal about mail except that the government designated it as official 100+ years ago.
If the official channel was email and I said "let's switch to snail mail" you would all rightfully call me an idiot. You/we are all wedded to a really bad paradigm.
There's nothing stopping the government from letting you opt into an official email box.
You are discounting the very thing that makes it important: the fact that it is directly beholden to the law.
If the government controlled the entire email system, like they do the USPS, it wouldn’t be email as you know it today.
But as email stands today, it relies on the voluntary cooperation of third-parties who operate on a best-effort basis. It has no governance.
That’s a show stopper, not only for the US government, but for most governments around the world. I’m not aware of any country that has found it reasonable to do as you’re suggesting. Even Estonia, which has online elections, still finds it prudent to have a national mail service.
I'm puzzled. When did handwa ING a problem, propose to abolish the existing solution and blindly hope that the market will solve it became "thinking like a problem solver".
>Email accounts practically at the whim of big corporations
As are mail boxes unless you own house outright or have a mom and pop landlord (which is really not much better).
>The private sector may be more efficient than the government, but that's because of bureaucracy imposed by the politicians themselves.
Wait what? No it's the opposite. There are ridiculous laws that attempt to protect the USPS monopoly. For example, only they can deliver to your mailbox.
Only USPS is allowed to deliver letters. USPS does not pay state or federal taxes, etc. There is all kinda of bureaucracy in place to protect USPS and still the private carriers are better.
>Tell me, how long does it take UPS or FedEx to ship a package across the US? At least 5 business days for the cheapest. USPS gets it there in 3.
Yes it's easy to be cheaper when you don't pay any taxes. Except they're not actually cheaper except for most packages between 2 and 5 pounds.
>* The USPS, unlike UPS and FedEx, have a legal mandate to attempt to deliver every letter and parcel if it's in the US.
And yet they fail stunningly at delivering things.
>* Your mail sent through USPS is protected from searches without a warrant by law. You can't say the same about UPS and FedEx.
I agree it's absurd that the law grants these special powers to USPS. All carriers' customers should get this protection.
>* I can send a small letter through USPS for $.55. How much does a private courier charge?
Wait what? It's illegal for anyone else to deliver letters. You're making my case for me.
Anyway, we need to stop sending letters. It's almost 2020.
> As are mail boxes unless you own house outright or have a mom and pop landlord (which is really not much better).
What? How? No one is legally allowed to open a mailbox that isn’t theirs. If someone is opening your mailbox that isn’t a postman, report it; it’s a federal crime.
What? If you are evicted the next tenant absolutely can and will open the mailbox. That's how mailboxes work. If you reported that you'd be laughed out of the post office.
Exactly. It's enormously insecure unless you can somehow control the next tenant or you actually think the least-enforced crime on the planet is going to stop people from invading your privacy.
If you are worried about Google kicking you off of the platform you should be terrified about what your landlord can to.
Most evictions are proper. Most tenants don't fight back, regardless. To be clear my complaints about mail are not about protecting well off yuppies who are going to be suing their landlords for improper eviction.
Many people are housing insecure, disabled, homeless, etc. You're basically removing all of these people from the system.
The issue isn't who owns the mailbox. It's whose mail is in it. You are absolutely allowed to open a mailbox with someone else's mail (even if it's extremely sensitive). It just needs to be your mailbox.
My physical mailbox is the only *mail I have that isn't overrun. I ignore spims, spams, scams 50% based on just the fact that if the Social Security Administration, IRS, or Sheriff wanted to contact me, I know they would send a letter.
Exactly. Let's make the mailbox actually useful again by removing the monopoly on it. Then banning the USPS from delivering spam would be a good next step.
Why do you keep pointing out the “monopoly” on mailboxes? Yes, only the USPS can legally put your mail in it, but you’re missing the point: a private corporation should not run something as important as mail. Yes, private couriers are a thing, but the USPS is essential.
Even today, not everyone has an email address. And those that do, they’re at the whims of the corporation. In my original comment, I mentioned google banning people’s entire accounts because they did what the streamer wanted. Would you like your email account to be inaccessible when you decide to protest that corporation?
UPS and FedEx charge too much, and I do regular media shipping, so No, do not abolish them. If I could direct all of my tax money that goes to the US military into the USPS I would do that. Give them more money.
The fact that you personally use a heavily subsidized, underpriced service is not really an argument for keeping it on a national scale.
"I personally use and like a service" is a different statement than "it's in our national interest to continue gifting that service $10b per year in subsidies and benefits".
#1 assuming I am a he, you're already off to a terrible start. #2 seemingly believing that I am the only person who uses this service #3 the point is that it's not a useless service, and real people use and need it. turn on your brain.
We need to update laws for the fact that we now live in 2020 and not 1820.
I understand that for most healthy, housed, able-bodied, privileged people, mail is a decent way to get in touch with people. For the rest of us email/web is safer, faster, more secure, less burdensome, easier to verify, better for the environment, easier to store, etc.
That’s not what you sounded like in your original post. In that, you say to abolish the USPS, not that we should update our laws because email is a thing now.
I'm not sure what your point is here. As I said in my first post, it's 2020 almost. Let's start acting like it. It has been a long long time since snail mail was the most reliable form of communication.
There are many, many things that law requires be delivered by mail. You'd have to change hundreds (thousands?) of state and federal laws before you could get rid of a semi-public mailing service.
Most of them should have a phone number somewhere on there that you have to call and ask to be taken off their list.
There are also DMAchoice and CatalogChoice to take you off, but I'm never quite sure if it's working because I still get plenty.
There is also the fun prank one guy did where he would mail back a bunch of pennies to anyone who send him an unsolicited pre-paid envelope. The postage is calculated by weight, so it's just a nice little middle finger.
That's not hard, there are many ways to get your name and address ranging from data breaches to public tax records. So what do you want to do about it? Make reselling an address illegal? Half the economy would collapse out of inability to function; your doctor couldn't pay a service to send out their bill, for example. That's a US example but there are equivalents in other countries.
How about make it so voter registration, vehicle registration, and property purchases are not public records?
There is no legitimate reason why everyone on the planet needs to have open access to all of that information AND be free to use it for commercial purposes
Quick solution: fine phone companies instead, since it's easy to collect from them. Give 'em 6 months notice and I bet spam and scam calls are nearly eliminated before the notice period's up and you barely end up collecting any fines.
It's a dangerous path when you force intermediaries to intervene and apply censorship. The path to having ML algorithms analyze every single call you make and receive is paved with intellectual laziness. Would you make the same arguments about end to end encryption? Quick, let's put backdoors in everything so we can feel safer.
Simpler solution: At the end of a call, the recipient can dial some number, like * SPAM, and the phone company who routed the call to your number is charged 25 cents. Presumably the routing phone company will pass this charge back down the chain until it reaches the caller. You must dial * SPAM within 2 minutes from the end of the call for the charge to take effect.
There is no appeal. If you don't like a call for any reason, you can dial * SPAM, and the caller is charged 25 cents. Since the report must be immediate, VOIP providers only need to require a deposit for two minutes of calling volume, and they can throttle their customers to make sure that the reserve is always present. Callers don't need to be verified or have good credit, they just need to have 25 cents.
Yup, my first thought was that I could fine my friends $0.25 for calling me... You know, just for fun. If a company calls me and I don't like what they said, $0.25 fine. Someone dials a wrong number, how dare they, $0.25 fine.
Even better, let everyone set the fee for calling them and the ability to set up a whitelist. Numbers not on the whitelist get charged (message before connecting stating the amount). I'd set it to $10. To each their own.
I like the flat 25 cents. It's not so much that if someone wants to be malicious that they can do much damage, but if robocallers have to pay 25 cents, it destroys the economics.
Since you have to object to a call within a short period of time, you could get an immediate text message that someone had flagged your call and just not call that person again.
If you were making legitimate high volume calls, you'd get a certain number of people doing this to you, and then you'd just flag it and not call them again or maybe stop doing business with them. Either it's a sign that they don't want you calling them, so you should probably stop.
Collection agencies and such would get a lot of flagged calls, but collection agencies are supposed to stop calling if you ask them to, so this is just an automated way of making that request.
The real cause of all of these robocalls is that calling has gotten so cheap. It used to cost well over $1/minute to call from say, India to the U.S. Even within the U.S., in the 80s and early 90s, it would usually cost about 25 cents a minute to make a domestic long distance call. In many places, including where I grew up, a local call to your next door neighbor cost 5 cents. If the risk of being charged 25 cents for a call is a barrier to making a call, you probably shouldn't be making it.
Yes, because it was described in a comment with only a few minutes' worth of thought. The idea is sound - there are a ton of fairly obvious ways to fix the biggest flaws and improve the system.
But it is also very dangerous to do what telco's did, they connected circuit network that was designed as a network of trusted peers to the untrusted network of public internet without implementing proper gateways and/or enforcing certain rules. So slapping them with fines is more of a reap what you sow thing than punishment.
Why on Earth do you think backdoors and ML having any part in the solution?
Telcos peer with one another and trust each other's traffic implicitly, all they need to do is stop trusting implicitly and ask for verification for things like caller id.
A Telco may not know where a call originates but they know what Telco it's coming from and can pass responsibility for fines back to that Telco.
Since no Telco wants to be saddled with fines, they'll quickly pass it off and it will eventually reveal the origination.
Requiring telcos to assist in fighting spam calls and wire fraud is not "censorship" by even the most lenient use of the word - it's saving elderly or non-techie citizens from being stolen from. Nobody mentioned backdoors or ML algorithms, either - stop strawmanning.
No it's not. Why would you want to give telcos even more power? Let dumb pipes be dumb pipes. The whole idea that telcos should moderate incoming calls is just begging for for non-call-neutrality and pay-for-play. HN is obsessed with net-neutrality but apparently the same sentiment does not extend to other communication platforms.
As someone who has been involved in telco routing / call infrastructure, I agree and disagree. Most telcos hate that their networks are being flogged by these short duration calls. When they have the engineering competence / business ethics / operational focus in place, solutions emerge and have been around for awhile. You won’t get them all but simple heuristics that’s others have described above will squash the big abusers. The problem is these spam artists, prey on the fact that like the old internet of twenty years ago, a bad actor could relatively easily exploit weaker networks. Like most things I expect the first 80% of this problem will get resolved pretty quickly and then we will see some sort of vendor driven standards that become available / implemented within the next year.
Edit: I think one interim solution could be a dcma-style process whereby carriers prove to the fcc that they maintain an auditable takedown process that can be initiated by the consumer and that the carrier is applying reasonable technological solutions to minimize / detect en masse robocalls.
To me, the obvious solution is to force providers to provide originator information (including name, number/ip, phone company, and country) to the end user to matter what. Then I can block whatever I want with a UBO style list.
This is not a problem you can solve with tech or more info for the consumer. I had an endpoint with two names, IP which could change mid-call, 3 possible origin numbers, and the "phone company" was a blurry concept in that case (ITSP, or its first upstream, or first POTS gateway?). And I was just a consumer. This gets even more complicated for any non-trivial company.
And that's still before name collisions. You can get a valid call from Bill Gates at Microsoft. Just not the one you think.
There are easier ways: whitelisting. Android and iOS already have a ton of shenanigans in their SMS apps to deal with stuff like RCS. A lot of people also now block and ignore calls not from a familiar caller id. Exchanging contacts can be tied with exchanging QR codes to allow auth, a practice that has been normalized by social media companies like Snapchat. This is relatively scalable. Same thing for corporations, they can post their codes online. For the non-technical an additional manual entry code can be added to automated telephone systems. For good or for bad, the mobile operating systems market has generally consolidated around a few big players. Stuff like Sailfish, KaiOS are still very very small players. Software updates can be easily and cheaply deployed OTA.
This is a high tech solution which just won't work for lots of people. Example: The local medical practice uses simple mobile phones. Think old Nokia with 3-line menu to display and no camera. You want a call back from a doctor on call and have no internet access. How would you do any pre-auth/whitelist in that case? How would you do it if you only had a land-line on POTS?
As a consumer, just give me the full stack, and any step that involves something sketchy means I don't want to see it. I'd block anything from outside the US, anything from a network that obscures information, and maybe all VOIP numbers as well. Then at least I'd only be contactable by people subject to United States law.
I already keep my cell phone on silent unless I'm expecting a call, and my voicemail is disabled. It would just be nice to not have to be notified about other calls when I do need to be reachable by phone.
This is not workable for an average person though. Also people just don't get how telephony works today. Here's an example: which of these is a call from out of US:
- call from a person in Canada, legally using a valid US caller id
- call from a US mobile roaming in Canada
- call originating in the US, routed via Canadian telco back to the US
- call from a US mobile in the US, using a VoIP service in Canada, legally using the same mobile's US caller id
(None of these are doing anything illegal, and are valid scenarios)
Yeah perhaps I don't need to block absolutely anything outside the US (and Canada), but clearly at some point there's an initial caller. If at any point I hit a hop that's not trustworthy, I don't want the call. If you can't reach me without resembling a telemarketer, I probably don't need the call. If legal but irritating companies find themselves unable to serve calls, I consider this to be a positive. If the phone system collapses, I consider that the be an improvement over having to sometimes be reachable over the current phone system.
Blocking all of those would be vastly preferable to what we have now. I get about 5 spam calls a day, so the only thing I can do is disable all incoming calls altogether. Blocking all of the things in your list, while hamfisted and far from ideal, is better than that.
> Over the summer, Pai announced that the Commission would be moving to make overseas robocalls and malicious text message spoofing illegal after Congress passed new rules that required them to do so in 2018.
The problem isn't overseas robocalls originating in the US - it's robocalls originating from outside the FCC's jurisdiction.
> The term “voice service”— (A) means any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user using resources from the North American Numbering Plan
Does the US care about other countries? I would be quite happy if they managed to enforce that worldwide by simply not working with the companies that don’t provide caller id.
"ensures providers make robocall-blocking services available for free"
In practice, this means AT&T outsources the blocking service to a 3rd party company.
In order to use that service you have to surrender your contact list to that 3rd party
so they can determine if someone you know is calling and understanding their EULA will make your head spin. This is what I have on my company issued phone.
As a consumer I sort of like this (I do worry about unintended consequences tho), but as a developer this absolutely sucks. It's already a massive PITA to make use of telephony (SMS/voice calls) through AWS and the like, and this will only make that 10 times worse. Even at a medium-sized company that spends 5 figures a month on AWS services we got totally burned by this.
Amazon has also done an abysmal job at facilitating between the deveopers (us) and the carriers. They will just shut down your production system without warning and yet their API will still return 200s as tho everything is fine, while silently sending your SMS to the bit bucket. Then when you open a support case it will take a while unless you pay for support, support that you only need because they are returning lies from the API and you have no way of finding out what is wrong without a support agent looking at the system. Yeah I'm still pretty pissed. I will pay more for Twilio until something drastic changes.
> Even at a medium-sized company that spends 5 figures a month on AWS services we got totally burned by this
Good! I send all calls not in my contact list to voicemail, and then rarely check the voicemails. Businesses need to find a better way to reach me than autodialing.
Firstly, our customers specifically have to enable it, and can easily disable if they don't want it.
Secondly, I don't see why the AWS returning 200s while silently discarding our stuff is the right way to handle this. If you want to block our numbers (which I aboslutely think you should be able to do) the API should return something that tells us that instead of pretending like everything is fine.
> If you want to block our numbers...the API should return something that tells us that
As a consumer, I disagree. When I send a message to spam, it doesn't let the spammer know they should switch the e-mail address they're sending from. If I block a phone number, that's not something for the dialer to know.
To be clear, it wasn't consumers that blocked our numbers, it was AWS. I wrote my previous message sloppily.
AWS was sending our messages into the bit bucket and returning 200s. Our customers not only wanted the messages, but were complaining to support that messages were not getting through.
At one point I was getting four bullshit calls a day. I'm beyond the point of caring. Charge everybody five thousand dollars per minute. Require a blood sample for every phone call. Burn the phone system to the ground. I don't care, make it stop.
There will be a lot of less secure accounts then. Even tho I don't like SMS for 2FA, it is the only thing that many consumers will use. If you want to destroy the ability to send any SMS programmatically, the loss of security will be only one unintended consequence.
We also use a robocall for the devops team when the site goes down. We can't afford to hire a human to do it, and that would be stupid anyway. That's a pretty useful feature that would suck to lose.
How will carriers determine if a phone call is legitimate? How will I be able to determine if there are false positives? How will I report false negatives?
As more time passes you just have to put your phone on do-not-disturb and only allow star'ed contacts. It might be useful to make a call forwarding service where they have to enter some number code to get transferred to you, kind of like a captcha, maybe something like plivo or twilio can do this. After putting my resume with my work number I also get a crazy amount of recruiters in India call centers using fuzzy keyword matches to recommend poorly fitting jobs.
It also looks like the spammers are picking up in sophistication. Like a prerecorded voice asks me if I want an extended warranty and a few questions to do automated voice recognition screening of the call before transferring it to the India call center for sales. You can say potatos to every question and they will still transfer you, but the call will drop if you say "no". Once the India call center collects information from you they pass you to some guys that sound like they're in the US for the final sale.
How I killed 99% of the unwanted calls to my "home" number using callcentric routing rules:
#1 - Calls from the real estate broker who wouldn't take no for an answer: number is disconnected.
#2 - Calls from Anonymous / Private numbers: number is disconnected.
#3 - Calls with "high" spam probability: number is disconnected.
#4 - Ring my VOIP gateway when I'm inclined to take calls. (Currently toggled manually).
#5 - Everyone else: Voicemail.
I had previously scripted downloading my contacts and adding a routing rule that let people in my contacts ring through but disabled that rule. Just need to update my script for google's oauth changes.
Callcentric also offers a interactive voice recording (IVR) options for things like press 1 to talk to a person or even press a randomly generated digit to talk to a person. I haven't bothered with using an IVR since this system works for me.
You can reproduce this system yourself using Asterisk or other open source PBX software if you don't want to pay callcentric for a phone number. At home I use a Gigaset voip gateway and DECT handset [1]. The nice thing about doing it that way is 1) the handset doesn't need to speak tcp/ip and so is light, cheap and the battery lasts for days, 2) if I need a second handset it's trivial to add one.
I realize the stereotype is HN readers have no use for the PSTN any more and wonder why people ever answer the phone, but I find it convenient for some things and it lets me stay in touch with older relatives who are less inclined to text / e-mail / insta / whatever-du-jour vs use voice.
Blocked caller ID is very common for follow up communications from medical practices. With this rule you may miss your lab reports or specialist referrals.
Sending everything to voicemail and periodically skimming the transcripts seems safer.
Most of the spam calls I get these days are just silence. I'll answer them occasionally and just listen, but even after 5-10 seconds no one says anything. Who benefits from that? I really don't get it.
Spoiler Alert: Don't read below if you don't want the podcast episode ruined.
You're not the one being scammed it's the telco.
From the episode:
JAMES: The way that the toll-free industry works is that it's a reverse payment system, right? So you have a toll free number, I call you, I don’t pay. Right? The--the remote end pays.
PJ: So-- so that I knew. But what I didn’t know is that when a company has a toll free number and they pay the phone company a dollar or whatever, the phone company takes that dollar, and shares it with every other phone company that helped make the connection.
[MUSIC]
PJ: So like I’m making this up but if I call Jodie right now, I’ll place the call and it’ll go to like an AT & T tower near me, and then a Verizon Tower in Manhattan, and then over to a Sprint tower to New Jersey, to Jodie.
JAMES: So there’s 1, 2, 3 hops down the chain. Each one of those, you know, for a 1 dollar phone call, is getting maybe ten cents, right? Carrier 2 is getting ten cents. Carrier 3 is getting ten cents.
PJ: So, it’s actually even less money than that. But, there’s so many of these calls happening every single day, that even though the phone companies might just be dividing fractions of penny each time, those fractions of pennies add up to like millions of dollars.
ALEX: Right.
PJ: And so what happened a few years ago apparently, is some brilliant person was like, "Huh, I would love to take some of that money." And what they did was go to some shady telecom company somewhere, like Crazy Eddie’s Phone Service and they were like, "Listen, I am going to place a ton of 1-800 calls though you, and when you get paid for them, share that money with me."
JAMES: So, the more phone calls I can make, and the longer that those phone calls stay up, the more money that I make.
PJ: OK, so how does that get us to spooky phone calls from nowhere
JAMES: Aha! So, let’s think about that, right?
PJ: OK.
JAMES: I send out a bunch of phone calls that are just silent, right? It takes you what, a second, two seconds. “Hello hello, damn it.” Hang up the phone, you’re done, you're gone. So how do you keep people on the phone, right? You appeal to their curiosity.
PJ: Right.
I do the same. My guess is that a robot is waiting for enough sound before it starts it's pitch. So if you answer, don't say anything and little noise is passing into the receiver on your phone they don't detect enough sound to start.
Just a guess because a lot of others I get just start babbling away as soon as I hit answer. I guess those detect the pick up and don't rely on an actual voice answering.
Yes. I almost set up a "phone center" with the OSS asterisk package on a raspberry-pi. Basically the raspberry takes the call and waits for a few second silently, before forwarding the call to your phone (and only then it starts ringing). This way, robocallers hang up and your phone never rings.
Instead of waiting, you can also send control sounds to make the robocall believe the call has ended.
Often they are waiting for you to say something before they start. I'm not exactly sure why but I think the strategy is to make it sound more like a real phone call.
Silence all unknown calls on the iPhone takes much of the pain away from these nuances. I just see I missed a call and if its important let me know via a voicemail.
I still have to delete these robocalls' voicemails which is annoying but less then having them ring my phone especially while I'm using it. Interrupted by a spammer it was the worst!
I know I'm repeating my argument, but why can't we create something that replaces phone number? Phone numbers are being used to track and scam people -- either through phone calls or text messages.
I wonder what sort of hoops I'll need to jump through to create an "attestation" for my SIP provider that proves the legitimate spoofing of my outbound VoIP calls (to my main business number) is okay. As of right now, they have no way to do this. I expect that my outbound VoIP calls will begin to get automatically blocked at some point...
It'd be great if there was a simple way to flag spam calls and sms, assign originating phone networks a score based on their spam flags, and disconnect bad players from the network entirely if their scores drop below a certain range.
My phone number was listed for my business about a decade ago. I get non-stop robocalls about healthcare every time open enrollment rolls around. I just block everyone that isn't on my contact list, but would love a better solution.
Because certain types of political messaging would be highly effective if carefully targeted, but would be a massive scandal if they became more publicly known.
So, the problem with targeted calls isn't the unsolicited communication, but that if politicians could send customized messages, they might sometimes send evil ones?
It is 2 different problems but if a call in unsolicited and political, it could have great consequences if they are micro-targeting millions of Americans.
How did this pass? I'm surprised like say TurboTax or other people who benefit from dysfunction didn't lobby to keep their profits. It's also humorous the related protocol is termed STIR/SHAKEN.
Being able to say "I stopped those robots from calling during dinner" has a ton of political value, and the robocallers likely have some plan ignore the new laws anyway.
Can we please just force the measure on to phone makers? You could solve this in one firmware update to add a white list. In my contacts? You get through, if not? You go straight to voicemail.
This would only cause more apps leaking contact lists. It's a temporary patch for you, but it wouldn't actually punish the callers or force them to stop in any way.
Verizon informed me of a new plan to block Robocalls, I think you can pay $5 a month to block them or something...pretty ridiculous. That doesn't include text spam.
> NO ADDITIONAL COST TO CONSUMERS OR SMALL BUSINESS CUSTOMERS.—The Commission shall prohibit providers of voice service from adding any additional line item charges to consumer or small business customer subscribers for the effective call authentication technology required under paragraph (1).
It doesn't mean they'll be blocked at no cost, but the authentication system for all parties needs to be free and the enforcement for scams is on the provider. Effectively - you wouldn't pay anything extra once this is implemented.
If the system works, then you don't need the premium blocking, and aren't required to get it either. Sure, it could be offered. What's so bad about that?
My phone company shipped a phone app in the app-stores that you're supposed to use in replacement of the default phone app. It comes equipped with collaborative filtering to weed out robocalls: when one rings your phone, the phone app displays it as such as well as the number of people who have reported it.
I used to have one robocall a day, but not anymore. It looks like this simple technology has made robocallers give up.
This is not an effective system. Caller IDs are often not verified in any way. Unless the scam/robocall requires a callback, the number will be made up. Collaborative filtering can't solve this.
I agree with this. Broadband.com has been a thorn in my side for years now because of this crap. Every single one of the non-spoofed numbers I look up are owned by Broadband.com, and I'm pretty sure the spoofed are probably flowing through them, as well.
I'm wondering if it is possible to eliminate the use of phone number altogether? It was needed in old days, but today we use apps like Whatsapp and FaceTime.
Until we start hiring mercenaries to set the law aside and hunt these people down across borders, I doubt a dollar will ever be collected. Heads on pikes optional.
Remove their common carrier status and enforce content filtering? I know this is just a knee-jerk comment, but I hope on reflection you can see how catastrophically terrible that idea is.
At some point the cure is in fact not worse than the disease. Robocalls are so bad at this point that, if I could get away with it, I wouldn't have a phone number, at all.
I also think that common carriers can still ban such activity.
The common carrier statute says carriers may not "unreasonably discriminate* against customers.
I have to imagine most sane individuals would consider cutting off customers engaged in obviously illegal activity as, in fact, reasonable.
Just like USPS can turn over packages containing drugs to the Feds.
If that were the only way of eliminating robocalls you might have a point, but I think this situation is a good example of a case where relatively targeted regulation coupled with technical progress (develop+mandate SHAKEN/STIR and allow for an ecosystem of filtering solutions based on accurate caller origin info) is preferable to draconian regulation (enormous fines are totally ignored, revoking common-carrier status/other liability changes have a fractal of side-effects).
For starters what you’re suggesting is logically equivalent to completely removing all net neutrality principles. Allowing service providers complete discretion over service discrimination.
Just think about what you’re suggesting for more than a second. Do you want your base contract to only allow you to send and receive calls within the service providers network? Do you want to have people trying to call you get caught up in an endless web of spam filters? Do want to have to pay extra for the ability to receive calls from over seas? How do you think developing economies would fare if they could essentially never make a phone call to the US again?
Because all that and worse would be an inevitable outcome of the rules you’re suggesting.
The phone system is an open and distributed system, just like email is. It’s everything HN should love. But then you get comments like this which at the first sign of a system showing its natural distributed-system-related short comings, are all of a sudden asking for centralised walled gardens.
There is a massive difference between discriminating based on who the customers are, and discriminating based on "all customers doing this one specifically completely illegal thing".
Some days my call log is a solid wall of dozens of calls coming from (ostensibly) Chad or Nigeria or whatever that are pulling the one-ring scam. The number is different every time so there’s no blocking it. It’s out of control.
It enforces the carriers to implement the authention/blocking/reporting system. It also talks about misclassification and fail-safes too. FCC should create rules:
> establishing a safe harbor for a provider of voice service from liability for unintended or inadvertent blocking of calls or for the unintended or inadvertent misidentification of the level of trust for individual calls based, in whole or in part, on information provided by the call authentication frameworks under subsection
I’m not an expert, but: Can’t common carriers discriminate if there’s compelling reason? Like, a railway can refuse to carry a passenger if they’re disruptive to others. My ISP can cut me off if I’m running DDOS attacks. Is there any reason a (common) phone carrier shouldn’t be able to refuse service to a call that they believe is illegal in nature?
They can, but if you make them liable for bad actors then you immediately force them to implement very heavy restrictions on what they carry. For instance if HN didn’t enjoy common carrier liability protections then user submitted links and comments would be pretty much impossible to implement (they’d all need to go through a moderation queue).
Section 230 of the Communications Decency Act grants common carrier liability protections to websites that publish user generated content. You’re right that they’re not common carriers (because they are in fact allowed to discriminate in any way they choose), but I was exclusively referring to the liability protections they are afforded by the law.
No, but consider something like "In order to operate as a common carrier, you must deliver accurate ANI/CID/whatever info, and you must only peer with providers who do the same. Failure to depeer violators will place your own operating license in jeopardy."
With a list of exceptions for legit stuff like setting a company's inwats number as CID even if the call comes from a branch, etc. I'm sure there's a finite universe of such cases.
The calls don't bother me so much as the spoofing does. I can do my own filtering if I have accurate info to work from. It's the havens allowing bad info into the network that we need to aggressively exclude.
This law talks the talk without walking it - many MANY fines have been distributed, but the organization issuing them has no power to actually collect them.
[1] https://www.google.com/url?sa=t&source=web&rct=j&url=https:/...