Архив метки: ID

FCC mandates strict caller ID authentication to beat back robocalls

The FCC unanimously passed a new set of rules today that will require wireless carriers to implement a tech framework to combat robocalls. Called STIR/SHAKEN, and dithered over for years by the carriers, the protocol will be required to be put in place by summer of 2021.
Robocalls have grown from vexation to serious problem as predictable “claim your free vacation” scams gave way to “here’s how to claim your stimulus check” or “apply for coronavirus testing here” scams.

Be on guard for coronavirus robocalls, warns FCC

A big part of the problem is that the mobile networks allow for phone numbers to be spoofed or imitated, and it’s never clear to the call recipient that the number they see may be different from the actual originating number. Tracking and preventing fraudulent use of this feature has been on the carriers’ roadmap for a long time, and some have gotten around to it in some ways, for some customers.
STIR/SHAKEN, which stands for Secure Telephony Identity Revisited / Secure Handling of Asserted information using toKENs, is a way to securely track calls and callers to prevent fraud and warn consumers of potential scams. Carriers and the FCC have been talking about it since 2017, and in 2018 the FCC said it needed to be implemented in 2019. When that hadn’t happened, the FCC gave carriers a nudge, and at the end of the year Congress passed the TRACED Act to spur the regulator into carrying out its threat of mandating use of the system.
Rules to that effect were proposed earlier this month, and at the FCC’s open meeting today (conducted remotely), the measure passed unanimously. Commissioner Jessica Rosenworcel, who has been vocal about the lack of concrete action on this issue, gladly approved the rules but vented her frustration in a statement:
It is good news that today the Federal Communications Commission adopts rules to reduce robocalls through call authentication. I only wish we had done so sooner, like three years ago when the FCC first proposed the use of STIR/SHAKEN technology.
Commissioner Brendan Starks called the rules a “good first step,” but pointed out that the carriers need to apply call authentication technology not just on the IP-based networks but all over, and also to work with each other (as some already are) to ensure that these protections remain in place across networks, not just within them.
Chairman Ajit Pai concurred, pointing out there was much work to do:
It’s clear that FCC action is needed to spur across-the-board deployment of this important technology…Widespread implementation of STIR/SHAKEN will reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help phone companies identify—and even block—calls with illegal spoofed caller ID information before those calls reach their subscribers. Most importantly, it will give consumers more peace of mind when they answer the phone.
There’s no silver bullet for the problem of spoofed robocalls. So we will continue our aggressive, multi-pronged approach to combating it.
Consumers won’t notice any immediate changes — the deadline is next year, after all — but it’s likely that in the coming months you will receive more information from your carrier about the technology and what, if anything, you need to do to enable it.

FCC mandates strict caller ID authentication to beat back robocalls

TRACED Act signed into law, putting robocallers on notice

The Pallone-Thrune TRACED Act, a bipartisan bit of legislation that should make life harder for the villains behind robocalls, was signed into law today by the president. It’s still possible to get things done in D.C. after all!
We’ve covered the TRACED Act several times previously, as robocalls are, in addition to being horribly annoying, a uniquely annoying high-tech threat. Using clever targeting and spoofing technology, scammers are placing millions of calls that at best irritate and at worst take advantage of the vulnerable.
The new law won’t end that practice overnight, but it does add some useful tools to regulators’ toolboxes. Here’s how I summarized the bill’s provisions earlier this month:
Extends FCC’s statute of limitations on robocall offenses and increases potential fines
Requires an FCC rulemaking helping protect consumers from spam calls and texts (this is already underway)
Requires annual FCC report on robocall enforcement and allows for it to formally recommend legislation
Requires adoption on a reasonable timeline of the STIR/SHAKEN framework for preventing call spoofing
Prevents carriers from charging for the above service, and shields them from liability for reasonable mistakes
Requires the attorney general to convene an interagency task force to look at prosecution of offenders
Opens the door to Justice Department prosecution of offenders
Establishes a handful of specific cutouts and studies to make sure the rules work and interested parties are giving feedback
Senate Minority Leader Chuck Schumer (D-NY) took a break from other business to laud the enactment of the law:

Americans were battered by 48 billion robocalls last year.
I get them, too. I hate them. They need to stop.
I’m so proud I fought for the #TRACEDact to protect Americans from these annoying, persistent, & dangerous calls.
And I’m so proud it’s now law.https://t.co/HgNjuRiQXe
— Chuck Schumer (@SenSchumer) December 31, 2019

And FCC Chairman Ajit Pai’s praise was effusive in a statement his office sent along:
I applaud Congress for working in a bipartisan manner to combat illegal robocalls and malicious caller ID spoofing.  And I thank the President and Congress for the additional tools and flexibility that this law affords us.  Specifically, I am glad that the agency now has a longer statute of limitations during which we can pursue scammers and I welcome the removal of a previously-required warning we had to give to unlawful robocallers before imposing tough penalties.
And I thank the American people for never letting us forget how fed up they are with scam, spoofed robocalls.  It’s their voices that power our never-ceasing push to fight back against the scourge of robocalls and malicious spoofing.
Of course the new law isn’t a magic wand; The FCC is still limited in what it can do and how quickly it can act. Even major fines like this $120 million one have had a negligible effect on the nefarious industry. “Like emptying the ocean with a teaspoon,” said Commissioner Jessica Rosenworcel at the time.
Here’s hoping the TRACED Act amounts to more than a bigger spoon. We’ll find out as regulators and the mobile industry grow into their new capabilities and begin the long process of actually applying them to the problem. It may take months or more to see any real abatement, but at least we’re taking concrete steps.

TRACED Act signed into law, putting robocallers on notice