'Fines alone aren't enough:' FCC threatens to blacklist voice providers for flouting robocall rules
[...]
“This is a new era. If a provider doesn’t meet its obligations under the law, it now faces expulsion from America’s phone networks. Fines alone aren’t enough,” FCC chairwoman Jessica Rosenworcel said in a statement accompanying the announcement. “Providers that don’t follow our rules and make it easy to scam consumers will now face swift consequences.”
It’s the first such enforcement action by the agency to reduce the growing problem of robocalls since call ID verification protocols known as “STIR/SHAKEN” went fully into effect this summer.
[...]
The problem has always been solvable at the ingress provider. The problem was that there was zero to negative incentive to do that. You don't need an elaborate PKI to tell the ingress provider which prefixes customers are allow to assert. It's pretty analogous to when submission authentication was pretty nonexistent with email... there was no incentive to not be an open relay sewer. Unlike email spam, SIP signaling is pretty easy to determine whether it's spam. All it needed was somebody to force regulation which unlike email there was always jurisdiction with the FCC.
The issue isn’t which ‘prefixes’ I accept from my customers, but which ‘prefixes’ I accept from the people I peer with, because it’s entirely dynamic and without a doing a database dip on EVERY call, I have to assume that my peer or my peers customer or my peers peer is doing the right thing.
I can’t simply block traffic from a peer carrier, it’s not allowed, so there has to be some mechanism to mark that a prefix should be allowed, which is what Shaken/Stir does.
I think the point the other Mike was trying to make was that if everyone policed their customers, this wouldn’t be a problem. Since some don’t, something else needed to be tried.
Phone spam pretty much always involves the knowledge and involvement of the provider. There are no phone providers who don't know when one of their customers are making millions of robocalls.
International toll fraud also always involves the collusion of corrupt small country telephone monopolies.
So unlike email spam, where there are a million ways to send a million emails a minute without someone being aware, phone spam is definitively collisional. (Is that a word?)
The problem has always been solvable at the ingress provider. The
problem was that there was zero to negative incentive to do that. You
don't need an elaborate PKI to tell the ingress provider which prefixes
customers are allow to assert. It's pretty analogous to when submission
authentication was pretty nonexistent with email... there was no
incentive to not be an open relay sewer. Unlike email spam, SIP
signaling is pretty easy to determine whether it's spam. All it needed
was somebody to force regulation which unlike email there was always
jurisdiction with the FCC.
I think the point the other Mike was trying to make was that if everyone policed their customers, this wouldn't be a problem. Since some don't, something else needed to be tried.
Exactly. And that doesn't require an elaborate PKI. Who is allowed to use what telephone numbers is an administrative issue for the ingress provider to police. It's the equivalent to gmail not allowing me to spoof whatever email address I want. The FCC could have required that ages ago.
How often do LEGITIMATE telco customers make hundreds if not thousands
of calls per hour w/o some explicit arrangement with their telco?
As they say, a telephone company is a vast, detailed billing system
with an added voice feature.
Quite unlike email where it's mostly fire and forget plus or minus
hitting a spam filter precisely because there is no billing, no
incentive. And no voice "snowshoeing".
I doubt robocalls are ever made with anything like spam
roboarmies.
With email it's like every single computer on the net with an IP
address has, in effect, a (potentially) fully functional "originating
switch" (again, some exceptions like port 25 blocking.) People have
run spambots from others' printers etc.
Phone spam pretty much always involves the knowledge and involvement of the provider. There are no phone providers who don't know when one of their customers are making millions of robocalls.
International toll fraud also always involves the collusion of corrupt small country telephone monopolies.
So unlike email spam, where there are a million ways to send a million emails a minute without someone being aware, phone spam is definitively collisional. (Is that a word?)
All the more reason why waiting for STIR/SHAKEN was unnecessary. And yes the telephony network is a lot easier than email to police.