“Regulators and industry need better tools to protect consumers, and once again, it is time for Congress act,” Frank Pallone (D-NJ), chairman of the House Energy and Commerce Committee, said at a committee hearing on Tuesday. “There’s no one silver bullet, and that’s why it is so important that we address this problem from every side.”
“There’s no one silver bullet”
This is likely why, over the past few months, phone service providers like Comcast, AT&T, and T-Mobile have presented a new technology as the fix for robocalls. STIR/SHAKEN (short for Secure Telephone Identity Revisited and Signature-Based Handling of Asserted Information Using Tokens) is a pair of network protocols that use digital certificates to ensure that the calls a customer receives aren’t coming from spoofed numbers. Once calls are widely authenticated, consumers will know when a number is likely to be a robocall, and agencies like the FCC will have a head start in tracking the caller down.
STIR/SHAKEN won’t be enough to solve the problem on its own. The protocol doesn’t identify bad actors, and while carriers have started to implement it, it’s been a long process that involves a multitude of companies that need to partner and deploy new technology.
It’s taken years to develop the new protocols, and a combination of new telecom infrastructure and software is necessary before they’re fully deployed. The STIR/SHAKEN digital signatures are created at the start of every single call in networks where they’ve been deployed. Those signatures are then verified in the networks and sent off to a customer’s phone where they register as authentic or not.
Carriers are legally obligated to connect calls
“It’s not something you can pre-do,” said Jim McEachern, a senior technology consultant at the Alliance for Telecommunications Industry Solutions. “It’s important that you make darn sure that this is tested and double-tested and tested in the networks. Facebook goes down for a day ... it’s either annoying or a relief. If a telephone network goes down for a day, think of the economic impact that would have.”
Authenticating calls is far different than blocking them or even identifying them as scams, and it has some real limitations. STIR/SHAKEN only lets service providers identify when a call is from a real caller, not when it’s from a spammer, and that call has to be connecting two networks that have partnered to use the authentication protocol. When that happens, smartphone users will see something like “Caller Verified” in their Caller ID, assuring them that this number is coming from an authentic place. They’ll receive an unverified warning for everything else, be it a robocall or a real human calling from an unverified network.
Importantly, STIR/SHAKEN cannot block calls. Generally, carriers are legally obligated to complete calls placed within their networks. In 2017, the FCC adopted new rules that allowed carriers to proactively block some unwanted calls, like tax scam calls that don’t originate from the IRS, but so far, the agency hasn’t trusted carriers with the power to totally block calls.
This is where robocall-blocking apps come in. Apps like RoboKiller and Nomorobo have no federal mandate to connect calls, so they can stop bad calls before customers receive them.
“My concern with STIR/SHAKEN is that in the beginning it’s only going to be marginally valuable. I’m hoping that people don’t feel like the promise of STIR/SHAKEN is that we’re going to turn it on on a Monday and on Tuesday, and all the robocalls and telemarketing calls will stop,” Robokiller chief product officer Ethan Garr said. “It’s going to take a long time for it to get fully deployed and in the short and medium term it’s probably not going to have a huge impact.”
According to Garr, apps like his would be able to take the authentication data points from STIR/SHAKEN and work them into their algorithms to better account for scammy calls. In combination with apps like RoboKiller, STIR/SHAKEN could help dramatically cut down on the number of unwanted calls.
But without strict enforcement of the rules, robocallers have no incentive to hang up the phone. Over the past few years, federal regulators have launched several new initiatives that specifically target robocalls. The Federal Trade Commission incentivized entrepreneurs to develop solutions through an annual robocall competition, and the FCC has worked to fine criminal callers, but it has done little to combat the threat on its own. But they may not be enough on their own.
The FTC has brought up 141 illegal robocalling cases for $1.5 billion in judgments
Last November, FCC chairman Ajit Pai wrote letters to carriers asking them to deploy STIR/SHAKEN by the end of 2019. When carriers didn’t move fast enough, Pai wagged his finger at them for a second time this February. If the major carriers like AT&T, Verizon, and T-Mobile didn’t make substantial efforts to combat robocalls, the FCC would “have to consider regulatory intervention.”
These vague threats have lawmakers and consumer advocates eyeing ways they could give authorities like the FCC and FTC more authority to go after illegal robocallers — which could even result in jail time.
The FCC and the FTC are able to take illegal robocallers to court to fine or obtain civil penalties, but neither agency is able to pursue any legal action that would result in jail time. For that, the Justice Department has to go after robocallers — and so far, it hasn’t seen it as a priority.
Last May, the FCC hit a notorious robocaller from Miami, Florida, with a $120 million fine. In three months, Adrian Abramovich was able to place 96 million unwanted calls offering fake travel deals. Pai previously said that the decision to solicit this fine would send a “loud and clear message” to other fraudsters. But that hasn’t been the case.
The FTC has taken far more action than the FCC. According to the FTC Do Not Call program coordinator Ian Barlow, the agency has brought up 141 (127 completed) illegal robocalling cases and has sued 465 corporations or businesses and 377 individual people. In those cases, it’s obtained around $1.5 billion in judgments, but it has only collected around $124 million in total.
What the FCC and FTC can do to combat the calls is restricted. Lawmakers in both the House of Representatives and the Senate have proposed a number of solutions that would expand the authorities of the agencies and give consumers the ability to go after their scammers.
On Tuesday, Sen. Dick Durbin (D-IL) introduced a bill that would expand the Telephone Consumer Protection Act (TCPA) of 1991 and the Do-Not-Call Registry by allowing consumers to petition for statutory damages from any telemarketing calls they receive that they never consented to. That means if a scammer calls your grandma and gets her to hand over her debit card numbers, and they go ahead and order an Xbox, she’d have some course of action to get that money back.
Others, like Sens. Ed Markey (D-MA) and John Thune (R-SD), have harped on the FCC and its authority over robocalls. The TRACED Act would increase the penalty for robocalls to $10,000 per call, up from $1,000. It would also give the agency two additional years to find illegal robocallers and solicit them with fines. Currently, the agency has only one year from when the call is placed to find and fine the individual or corporation that placed it.
Those measures, combined with the new STIR/SHAKEN protocols, will help make a dent in the robocall problem, but they still won’t fix it entirely. The new tech will take time to fully deploy, and the number of unwanted calls we’re receiving every day is growing worse. Experts agree that a multipronged approach, combining the new tech, blocking apps, and legislation to strengthen enforcement, is the best course of action.
When regulators, lawmakers, and the private industry work together to stop robocalls, it not only lessens the number of calls, but it also makes it easier to adapt to new techniques to combat criminal use. According to Garr, “No matter what you do, there’s always going to be someone out there who’s trying to break that system.”