If you think robocall scams have gotten worse lately, you’re right. By one reckoning, Americans received 48 billion robocalls last year, up from 30 billion in 2017.
But there’s good news: Major telecom companies, including AT&T;, Comcast, T-Mobile and Verizon, have announced that they will voluntarily adopt the dual technologies known as Secure Telephone Identity Revisited and Signature-Based Handling of Asserted Information Using Tokens, known collectively as STIR/Shaken.
The industrywide use of STIR/Shaken should hamper the prolific robocall industry by making it harder to fake calling from a number belonging to someone else. But will that be enough to end the onslaught of robocalls we all live with today?
The earliest iteration of the technology, which isn’t all that different from what we’re about to get, was introduced in 2006. While robocalls were getting worse and worse, the Federal Communications Commission — a government agency that is supposed to protect consumers where communications networks are concerned — was being kneecapped by a movement toward deregulation playing out in the courts and eventually within the FCC itself.
“We’re at least five years short of where we should be,” said Henning Schulzrinne, who was chief technology officer of the FCC during the Obama administration. He is also one of the architects of several key technologies, including those that underlie the Voice over Internet Protocol, or VoIP, which was made popular with Skype, Google Hangouts and FaceTime, and a key tool for robocallers. He attributes the lag to inaction at every level — from industry, to regulators and even technologists like himself. “We didn’t call up The New York Times and say there will be a catastrophe coming,” Schulzrinne said. “We didn’t raise as much hell as we should have.”
The same technology that lets grandparents video chat with their distant grandchildren makes robocalling cheap and lucrative. Robocallers — often located overseas — make thousands and sometimes millions of phone calls using VoIP. One of the reasons these calls are so difficult to police is that robocallers usually spoof their origin: They appear to be calling from a phone number they don’t actually own. It’s why you get so many unwanted calls from your own area code, sometimes only a few digits off from your own number.
Spoofing also helps robocallers evade any block lists and spam filters that the carriers use, or that you might have signed on to. To pierce the fog of spoofing, STIR/Shaken adds a layer of authentication to calls. It makes spam call filters more effective, it makes uncovering the source of a robocall easier, and it helps ordinary people who might get confused by someone pretending to call from, say, their bank’s official 1-800 number.
Things never had to get this bad. The standards body that proposed the first iteration of STIR/Shaken back in 2006 went on to identify robocalling even more urgently as a problem in 2008. By 2012, robocalling had become such a menace that the Federal Trade Commission called a meeting to develop solutions. And in 2016, the FCC, under Tom Wheeler, who was then the chairman, asked carriers to voluntarily adopt fixes. They are finally acting now.
While the government was convening meetings and was finger-wagging at companies, an ideological battle over deregulation was in full swing. Legal experts disagree as to whether the FCC has the authority to police robocalls. It’s enough of a question mark that legislation introduced by Sen. Ed Markey, D-Mass., would specifically require providers of voice services to use authentication services like STIR/Shaken.
In the wake of the companies’ action against robocallers, what’s likely to happen is that they will adjust their tactics — for example, by buying cheap, “legitimate” U.S.-based numbers in the hundreds, maybe thousands, rather than spoofing phone numbers from abroad. “The hope is that an industry-led regulatory body is nimble enough to catch spammers as they adapt, and update standards accordingly,” Jake Swearingen wrote in New York magazine.
But there's no guarantee the telecom companies will continue to fight the scammers as their shady tactics evolve. Phone calls are not the lucrative part of the current array of services the telecom companies offer and are dirt cheap to boot. Telecoms don’t lose much (if any) money on the fire hose of seconds-long spam calls that proliferate. Why invest a lot of resources in blocking them instead of, say, developing 5G networks?
Regulatory agencies exist to protect consumers when economic incentives fail them. Although communications czars under the Obama administration were less averse to regulation, even they did not do enough to stop the robocall scourge. Now a hamstrung FCC is in even worse shape to deal with agile scammers armed to the teeth with technologies that enable them to exploit and torment consumers.
This article originally appeared in The New York Times.