Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Communications Government Businesses Network United States

FCC Chair Wants Carriers To Block Robocalls From Spoofed Numbers (arstechnica.com) 178

An anonymous reader quotes a report from Ars Technica: The FCC in 2015 made it clear that voice service providers can offer call blocking tools to customers, but commissioners said at the time that more needed to be done about Caller ID spoofing. FCC Chairman Ajit Pai has now scheduled a preliminary vote for March 23 on new rules designed to solve the problem. "One particularly pernicious category of robocalls is spoofed robocalls -- i.e., robocalls where the caller ID is faked, hiding the caller's true identity," the proposal says. "Fraudsters bombard consumers' phones at all hours of the day with spoofed robocalls, which in some cases lure consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or lead to identity theft." The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid." Providers would be able to block numbers that aren't valid under the North American Numbering Plan and block valid numbers that haven't been allocated to any phone company. They'd also be able to block valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber. The proposal would also codify the FCC's previous guidance that phone companies can block calls when requested by the spoofed number's subscriber. The upcoming vote on March 23 is for a Notice of Proposed Rulemaking (NPRM), which means the rules won't take effect immediately. The FCC uses NPRMs to seek comment on proposals before issuing final rules.
This discussion has been archived. No new comments can be posted.

FCC Chair Wants Carriers To Block Robocalls From Spoofed Numbers

Comments Filter:
  • by aglider ( 2435074 ) on Saturday March 04, 2017 @08:05AM (#53975277) Homepage
    There's no reason for companies to mask or spoof their phone numbers. Yes, please, stop all that!
    • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Saturday March 04, 2017 @08:16AM (#53975315) Homepage

      That should include numbers from another country. Telephone exchanges worldwide are just special purpose computers, so there is no reason/excuse at all that numbers should not be passed onto another country.

    • by karnal ( 22275 ) on Saturday March 04, 2017 @08:17AM (#53975317)

      There is a reason for businesses to spoof a number.

      Let's say I own Bob's National Grocery chain. My internal number is 888-555-1555. When I dial out, for privacy reasons, my number shows as the internal switchboard number - 888-555-2627 ("bobs" lol). This should not be a problem, as (1) my company owns this number and (2) it is answered. The issues here are two fold:

      1. How do you determine the number I am advertising is mine? The answer here is simple - for numbers I advertise out from my phone switch, I must own these from the phone company I am peering with (first hop) or have some way to prove that I own those DIDs if I have multiple peering companies. Not a difficult hurdle to overcome.
      2. How do you determine the number I am advertising (assuming step #1 is valid) is a valid company or answered number? In the case of robocalls or spam, my company could prove I own a block - satisfying #1 above, but turn out to be a voicemail box that's full or a non-company-answered blank DID.

      About 15 years ago, I played around with a company owned phone switch setup and found that ANY number I put to advertise outbound was picked up and relayed to the target's caller id. I made a few test calls to my cell phone to validate that this was possible and then promptly reverted back to the company's owned block.

      • It also allows one company to work as another company's representative while maintaining a single point of contact.
      • by aglider ( 2435074 ) on Saturday March 04, 2017 @08:56AM (#53975411) Homepage
        YOUR phone operator knows who you are and whether your advertised number is licit or not. NO EXCUSE!
        • All I can say is: Thank goodness and it's way about time that now in 2017 this might get done.

          I see ppl complaining about collateral damage, e.g. legit uses for spoofing but I say screw it. It's not worth it. If you need those features or whatever find another way to do it. Spoofing needs to be stopped completely once and for all.

          I would also like to see more actual enforcement against spammers. Would be great to read about them being locked up which is where they belong.

      • by Ol Olsoc ( 1175323 ) on Saturday March 04, 2017 @09:34AM (#53975535)

        There is a reason for businesses to spoof a number.

        Likewise, a reason for me to ignore those calls. I understand what you say, but at this point, don't care.

        This is all much too little, much too late. Over the years of being bombarded by this worthless crap, I've just reached the point where if you aren't in my address book on my phone, it won't even ring. For me and a lot of others, the telephone has been just about destroyed as a communications tool.

      • I have a two numbers for my business. I use VOIP for a number of reasons, mostly cost and flexibility.

        I have a Toll Free (888) number, and a local number.

        My numbers are with two different providers. The reason is that I started with just a toll free because it was not possible to get a local number. A few years later I found a different provider that has numbers for my area.

        The provider of my Toll Free has cheaper outgoing calls, so I use them exclusively for outgoing calls.

        My local number is simply pointed

        • If you have real sip transit this is normal. An outbound call from my PBX goes through a number of options to get the best method and shoves whatever CID info I want. Hells a PRI will do that same thing (the pre VOIP method anything bigger than a small office used).

          • Exactly. There are legitimate uses to be able to change your CID number.

            I use a combination of VOIP.ms and MultiTel.net. Toll free is with VOIP.ms, and my local number is with MultiTel.

            I don't currently use a PBX, but I've been considering it. I only have a single SIP phone (Cisco SPA-303) at my desk. If I'm away I set the Call Forward option to my cell and it works quite well.

            I've also considered mixing in Twilio as well. They have some really useful features (TwiML, etc). I currently use Twilio for Teleph

      • by sjames ( 1099 )

        Simple enough, adopt a same origin policy. Your phone provider(s) can allow you to spoof any number that is assigned to you as long as it comes from a line that is assigned to you. If you want/need a 3rd party to spoof a number assigned to you, just sign a document in blood (figuratively) that lines belonging to 3rd party represent you for the next x days.

      • The ONLY way to fix this problem is to completely supplant the exiting carrier system. FCC is too slow moving and the carriers have too much to lose in the way of revenue. There is no technical reason that each and every call cannot be instantly traced, the calling number be authenticated, and the abuse stopped. Any carrier can today prevent a customer from spoofing a number that they do not own. It would not take much more for carriers to pass messages along with the call setup signal to affirm the leg

    • by tomhath ( 637240 ) on Saturday March 04, 2017 @08:19AM (#53975323)

      Well, there is a reason, albeit not a good one. If you knew who they are you would never answer them.

      The Do Not Call list is a joke, the proposed rule is an example of good regulation.

      • by rmdingler ( 1955220 ) on Saturday March 04, 2017 @08:35AM (#53975355) Journal

        Well, there is a reason, albeit not a good one. If you knew who they are you would never answer them.

        Actually, that's a pretty good reason. Most of us stopped answering anonymous and unrecognized calls years ago, due to the likelihood such attempts at contact would be nuisance calls.

        I run a local service company, and I'm obligated to answer the phone call when a local prefix shows up. Too often now, that winds up being an offer for a preapproved small business loan or a need to update my records for some such thing.

        With robocalls able to mimic local phone exchanges, we're back in the wild, pre-caller ID days, and might as well have to answer every phone call... what are we? Savages?

        • Most of us stopped answering anonymous and unrecognized calls years ago

          Indeed. Many people will take this to a logical extreme. My partner is a teacher and for a while she was a substitute teacher. This required her number to be listed with a myriad of people who she didn't recognise. For this she actually bought a second phone with a second SIM. She only ever answered unrecognised numbers on that phone which led to some hilarity when I was stuck in the bush without cell phone coverage but tried to collect call her from a payphone. She did answer her work phone but not her mai

          • This is a potentially dangerous consequence of this reckless behavior by telemarketers. I wonder what the social and economic impact has been over the years of all the un-answered phone calls by people assuming it was a telemarketer when it was in fact an important call that they should have taken, all because a few assholes want to abuse the system for their personal economic gain...

      • Re: (Score:3, Informative)

        by aussie_a ( 778472 )

        So which regulations will the FCC be removing in order for this one to go into effect?

        After all, Trump requires more regulations to be repealed than are added in his term (regardless of how good they are).

        • Are you seriously implying that the FCC has no useless old or even harmful regulations?
          None?
        • by SeaFox ( 739806 )

          Aren't they already removing regulations for Net Neutrality?

      • No, it is not an example of good regulation, but then we wouldn't expect otherwise from Ajit Pai. He has no interest in protecting consumers, just in giving the impression of doing so -- and that's what this regulation will do. It only takes two seconds to realize that all the scammers have to do is change to spoofing real phone numbers instead, testing each number they plan to use once first to be sure it rings. Hey presto, no reduction in spam calls and possibly an increase in phantom rings.
    • That is an idiotic thing to say.
      Said by a person that has never managed a large phone system. Changing your caller ID number has honest, useful purposes.

      Bunch of calltakers and dispatchers calling out to customers to talk to people who have ordered cabs. Do we just use the 100 + random looking DIDs we have? No. Customers do not answer random numbers. We spoof every outgoing call from dispatchers and calltakers to our highly recognized 800 number.
    • The phone companies must know who is calling, it's how they get paid.
  • ALL (Score:5, Insightful)

    by markdavis ( 642305 ) on Saturday March 04, 2017 @08:06AM (#53975287)

    Why the F would you want to block only robocalls from spoofed numbers? Let me make a better proposition:

    1) Ban/block *ALL* robocalls, period.
    2) Ban/block *ALL* spoofed numbers, period.

    • by mtmra70 ( 964928 )

      But what is a spoofed number? If I mask a DID behind a general number for the operator is that spoofing? If I mask a DID behind a 555-xxxx number to prevent call backs is that spoofing?

      I think spoofing should be defined as masking behind a range you do not own, with the exception of xxx.555.xxxx

      • by dknj ( 441802 )

        I think spoofing should be defined as masking behind a range you do not own, with the exception of xxx.555.xxxx

        What use are laws when the existing ones are not followed?

        Let's just create [slashdot.org] new laws to [slashdot.org] fix the problem. [slashdot.org]

        • What use are laws when the existing ones are not followed?

          Let's just create [slashdot.org] new laws to [slashdot.org] fix the problem. [slashdot.org]

          The existing laws are followed. The problem with those laws is that the scope of the law is wrong. All of the current restrictions on Caller ID spoofing has a long list of asterisks behind it which prevents the FCC from doing anything despite the practice ticking off millions of people. The use of a new law would be to change the scope thus allowing prosecution for a wider variety of spoofed calls.

      • by sjames ( 1099 )

        The second case should not be permitted. If you want to call me, you'd better be willing to answer when I call you. Otherwise, go away.

      • There should only be two options that are legal: for private citizens, they can chose to either block or unblock their ID (shows as their number or BLOCKED on caller ID). For businesses, your ID must show up as a number that you or your business legally owns, no blocking or spoofing allowed at all. So for example, doctors calling a patient back after hours on their personal cell could legally show as the main number for the doctors office, or blocked, since it is their personal cell if they don't want you

    • Instead of allowing carriers to block spoofed caller ids, the FCC should require them to be blocked.
    • Note that this isn't a requirement to block ANYTHING - just an allowance. The free market will take care of that, with the good providers blocking bad robocalls and thereby gaining more subscribers through their positive customer service efforts.

      Of course, this would also allow providers to block numbers that have been issuied by non-phone companies, I suppose, like Google and VoIP providers, so we can get that riff raff out of the system and start making sure you pay a real telecom provider for your servic

    • Ban/block *ALL* robocalls, period.

      I do get robocalls from my bank about suspected fraud with my Visa card. So far it was always Ok, but I would like to get these calls. And there's no need for a human to call.

      • Unfortunately, that's a common fraud call now. You're told your card is being abused, you are given a number to call to follow up about the abuse, and the call number is used to collect your bank information and even passwords.

  • Ajit is consistent (Score:5, Insightful)

    by TimothyHollins ( 4720957 ) on Saturday March 04, 2017 @08:08AM (#53975293)

    On this topic I actually feel like I can trust Ajit Pai.
    After all, there is no big company making these robocalls, hence no big bribes for Ajit to collect.
    Should Verizon or AT&T ever start the practise however, I suspect Ajit will turn the ship around on a penny like he did with net neutrality.

    There is one thing to be said for Ajit, he represent predictability and stability.

    • Re: (Score:3, Insightful)

      by DogDude ( 805747 )
      After all, there is no big company making these robocalls, hence no big bribes for Ajit to collect.

      Who allows robocalls to happen in the first place, Einstein? Who gets paid for the robocalls calls, Doctor?

      Jesus Christ.. No wonder we have Trump.
      • You're not serious, right?

        You'd have to be retarded to believe robocallers make up any relevant proportion of subscribers. Someone needs to have a serious discussion with your legal guardian.

  • User modifiability of Caller ID was put in as a convenience for businesses which want to have all their phone numbers identify as the same identity. But it's such an inconvenience to everyone else that we will have no choice but to freeze caller identities to prevent criminal spoofing.

    • If they have multiple lines that terminate at the same building, an office PBX has been able to be set to one of them for outgoing calls for decades. VoIP can have the same. But cheap businesses don't like that, or even to show a fixed line number. They'd rather advertise some NGN that costs them $5/y that means they get paid cents on the minute for every incoming call.

    • User modifiability of Caller ID was put in as a convenience for businesses which want to have all their phone numbers identify as the same identity. But it's such an inconvenience to everyone else that we will have no choice but to freeze caller identities to prevent criminal spoofing.

      I'm in good shape until they get my address book and can spoof the numbers of those who are in it.

      • And what do you do when a loved one is in an accident and the hospital or police are trying to call you to notify you Mr. Smarty pants? Your solution is not valid for the use case of the phone system... There is a valid reason for allowing in any phone that is calling yours, there is no valid reason not to have a trust/certificate system run by a non profit that ties to an actual number, an IP, a physical billing address and someone's drivers license. If you want to be anonymous, go online and use TOR fo

        • And what do you do when a loved one is in an accident and the hospital or police are trying to call you to notify you Mr. Smarty pants?

          If I get two phone calls from the same number within three minutes, it will ring through. They can leave a message as well, Mr Sweetie Pie.

          What if they call while I'm taking a dump. What if they call while I'm inside a tunnel. What if they call while I'm on the phone talking to someone else, what if what if?

          Are you one of the millenials who breaks into a cold sweat of fear when that last little bar disappears form your phone? I've worked with some who won't leave an area with cell phone coverage. Had o

          • No, I grew up well before cell phones, and I remember the days of being completely disconnected. They weren't as great as you think. When I am out in the mountains fishing or hunting, I have no service and it is no big deal, but when I am at home, people and emergency services expect to be able to reach me.

        • I'm not suggesting no Caller ID, but that Caller ID information be legally frozen when a line is provisioned and not be modifiable by the user.

  • When a call comes from a number I do not recognize, I just don't answer. Doesn't matter what it is. Once in a while if I am expecting a call I might answer an unrecognized number. Otherwise, let it go to voicemail.

    If they leave a message and it is someone I want to talk to, I add them to my contacts and call them back

    And if they robocall from the same number a few times, I add the number to the "ignore" list so I am not bothered by the sound of a ringing phone.

    • When a call comes from a number I do not recognize, I just don't answer. Doesn't matter what it is. Once in a while if I am expecting a call I might answer an unrecognized number. Otherwise, let it go to voicemail.

      If they leave a message and it is someone I want to talk to, I add them to my contacts and call them back

      And if they robocall from the same number a few times, I add the number to the "ignore" list so I am not bothered by the sound of a ringing phone.

      A pretty good mode. Self defense against the phone Visigoths at the gates. I am really surprised that legitimate business interests haven't worked on curing this along time ago. These days, charitable organizations who rely on phone canvassing are included in the listing of calls that aren't answered, that political calls are psychologically associated with fix your PC scams, or the IRS scams, or whatever other scammy crap these criminals are promoting.

    • My father likes to tell me stories about when telemarketers or scammers call him on his home phone. However, I have been unable to convince him to get a cell phone. He doesn't like the idea of anyone being able to contact him at any time no matter where he is. "You know", I said, "you don't *HAVE* to answer the phone if you don't want to". He doesn't seem to grasp the concept of ignoring phone calls. I don't get it.
      • He doesn't seem to grasp the concept of ignoring phone calls. I don't get it.

        It's a generational thing, one I had a hard time breaking myself of in fact. It's hard to explain, but when I was younger, a call wasn't normally an interruption or scam attempt. Every call was likely something that was legitimately needing attention.
        When I finally got rid of my AT&T land line, I had not received a single legitimate phone call on it for more than three years but received on average 9 calls a day, and never used

  • by crow ( 16139 ) on Saturday March 04, 2017 @09:24AM (#53975501) Homepage Journal

    As soon as they start blocking the obviously forged numbers, then all the spammers will switch to forging real numbers. Then they'll have to switch to routing-based blocking. If the number is assigned to a Verizon customer, and the call isn't being routed in a manner that Verizon uses, drop it.

    Of course, this means Verizon customers couldn't use VoIP robo-callers with their own number, at least without registering it in some database first. Those customers wouldn't like the extra step, so they'll complain and block the rule.

    What we really need is some unforgeable authentication system. This would require some trusted authority to give a public/private key pair for each phone number, so that each call would be accompanied by digitally signed Caller ID. For most customers, this would be handled transparently by their provider. Verizon and the like could even charge a fee for providing keys for use with VoIP dialers. Of course, this would be a major change in how calls are handled, so it would likely take many years and lots of equipment upgrades.

    • This is what I have been calling for for a while now. It would also address the issue of SWATing using spoofed/VOIP systems to conceal the true callers ID. The bottom line is that if you want to be anonymous, go on the internet, but for the phone system, you never used to be able to conceal your ID and because of the use case of the phone system (EMS/Police/bomb squad etc.) we need to re-add the trust and accuracy of knowing who is calling.

      If you want the hypothetical means to conceal your ID while leakin

  • Doesn't get us far (Score:5, Insightful)

    by PuddleBoy ( 544111 ) on Saturday March 04, 2017 @09:55AM (#53975577)

    So the conditions that would be blocked would be;

    --numbers that aren't valid under NANPA: foreign numbers and nonsensical numbers like 000-000-0000
    --valid numbers that haven't been allocated to any phone company: in NANPA's reserve (like bogons)
    --valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber: in a carrier's reserve

    which completely ignores all calls that spoof legit numbers that already belong to another entity, which is the most dangerous type of spoofing and the one that needs the most attention. "Hi, I'm from the IRS. See my number? I'm legit!"

    Come on, grow some teeth

    • by dknj ( 441802 )

      --valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber: in a carrier's reserve

      First let me address your quote. We broke up Ma Bell and created CLECs remember? You can get a phone number from multiple carriers. Or to make it easy, Sprint has no idea what numbers I have registered from T-Mobile.

      Now on to what really matters. When your attacker (lets call them what they really are) are coming from a foreign vpn using a legitimate US VOIP service what do you actually do? The VoIP service typically does terminate the account and moves on with their day. Now you have an entire call ce

    • Would you block foreign numbers? That would basically break the international telephone system.
      But I agree that some kind of way to test if a foreign number is legit is quite needed.

    • which completely ignores all calls that spoof legit numbers that already belong to another entity

      This type of activity is already illegal and therefor gives enforcement agencies some teeth to fight it.

    • by Megane ( 129182 )

      "Hi, I'm from the IRS. See my number? I'm legit!"

      That was so last year. Now it's "blah blah blah blah can you still hear me?" [wait for YES] [save YES recording for nefarious purposes]

      • by PPH ( 736903 )

        "blah blah blah blah can you still hear me?"

        Lenny: "Could you speak up? I can barely hear ya."

  • by methano ( 519830 ) on Saturday March 04, 2017 @09:57AM (#53975581)
    No! No! No! The only time I get a friendly call from a woman is when Heather, from Account Services, calls to offer me help on my credit card debt. I look forward to those calls every day. When I'm in a bad place, Heather calls and I say "Excuse me, I have to take this". And Heather is amazing. She really gets around. She calls from Maine one day and from Arizona the next. Once while talking to Heather on the office phone, she also called my cell. And a different number every time. Amazing woman, that Heather. Please don't take her away. Could it be I'm falling in love?
  • The phone companies limit the number of phone numbers that you can block from the end-user side. Why not let customers block an unlimited number of calls? You would still get one call but after that the number would be blocked.
  • People still use phones?

    Kidding aside, I have a cheapo ARM system with a caller ID modem and a DTMF decoder. If the number isn't one I've white listed, the DTMF board takes the call and asks for the 4 digit pin to be entered. If they give the correct one, the phone rings in the house. If they don't, they get a voice mail box which is really Dave Null.

    My cell only rings for white listed numbers. Everything else goes to the voice mail box. Oh, yeah, I should probably delete some messages so folks can leave ne

    • by Megane ( 129182 )
      The problem with ANI is depends on the originating entity being trustworthy. This is likely not the case with budget VoIP services. You could add some kind of digital certificate thingy to validate the initial entry into telephone routing, but what would you do with a blob of crypto on its own? Many caller ID devices use simple 2x16 LCD displays, if even that much.
  • I get that robocalls with spoofed numbers is adding insult to injury but is there in any* case where a machine making a voice call to a human is not an unwelcome intrusion?

    *OK, a wakeup call setup by the intended recipient is one but, really, who uses or needs a wakeup call these days?

    • by dcw3 ( 649211 )

      I get reminder calls from my doctor, dentist, pharmacy, etc. None of them are human, but all are welcome.

  • please please please finally omfg make this work

  • This doesn't go far enough and won't catch scammers spoofing using a real, valid phone number to display on your caller ID. We need some kind of trust/certificate system tied to IP and real physical address/person. Once we have that, we can systematically block all callers who spoof their caller ID or otherwise try to mask or confuse their identity over the phone networks, and we can pass a law making it a federal crime to try to do so...

  • This should be changed from "let" to "require". There's no reason carriers should be putting these calls through. I'm already paying my provider a couple of fees for blocking things, and yet they still let shit through.

    "The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid."

  • It's time to move on to more technical solutions. Specifically calls that are automatically encrypted and signed. Ones where you can be sure where they originated from. And I don't mean phones sharing private keys but rather a massive database like the DNS system where every phone is listed possibly multiple times.

    It should be trivial to include not only a telephone number but also a pass key so that you can enable a person to call you but also be able to revoke that ability. Something like a 404 error

  • block sending the caller ID tones by the call originator, if detected disconnect. Require registration before allowing a trunkline of any sort to send a caller-ID that is not the one assigned to he trunkline. Covers ISDN PRI and T1 handily. Disallow calls from out of country to have a caller name other than International. Foreign call centers can deal with it. They want an exception, they apply to the FCC and register. Then they have to have the caller name for that trunk that matches their client.

    The "Op

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (1) Gee, I wish we hadn't backed down on 'noalias'.

Working...