The FCC vs. The Proliferation of Robocalling


By: ShirWan Little


Lets face it, few things are as annoying as answering the phone and being immediately greeted by a recording trying to lure you into handing over your credit card information. This increasingly common situation is a result of robocalling.  Currently, robocalling scams account for over $350 million in financial losses every year in the United States.  Moreover, the robocalling scourge has become the most common complaint that the FCC receives from the public. The “Do Not Call List” was created over ten years ago to resolve this very problem.  Unfortunately, the Do Not Call list has failed miserably at this goal. Let’s dive into why the DNC List fails to stop these fraudsters, why robocalling has become so popular and what the FCC is doing to try to stop it.


Do Not Call

At the creation of the “Do Not Call List,” the majority of robocalls were legitimate telemarketers selling real products.  Against those calls, the “Do Not Call List” has remained largely effective.  However, a lot has changed since the “Do Not Call List” went into effect in the early 2000s. In particular, the widespread availability of commercial Voice over Internet Protocol(VoIP) services.  The advancement of VoiP technology made international calling, and phone spoofing (falsifying caller ID information) very cheap.  Consequently, the majority of modern day robocalls blatantly ignore the “Do Not Call List” in attempts to commit fraud.


Tricking the Caller ID

Today, anyone with a laptop and an Internet connection can flood millions of phones with robocalls from any location in the world. Spoofing is perhaps the most nefarious aspect of this type of fraud; people are more likely to answer phone calls when seemingly legitimate organizations appear on caller ID. Furthermore, caller ID is often used to verify one's identity when gaining access to banks.  For that reason, robocalling scams rely heavily on phone spoofing. For instance, one of the more notable scams entails fraudsters masquerading as IRS officials and demanding immediate payment for overdue taxes.  Over the past two years this scam alone has cost taxpayers $31 million.


"Do Not Originate" vs. Do Not Call

In spite of these findings, many in the telecom industry have been hesitant to adopt solutions to stop robocalling, citing concerns that existing alternatives will inadvertently block a portion of legitimate calls. Nonetheless, the FCC has continued to urge these companies to take action.  FCC Chairman Tom Wheeler even wrote letters to the chief executives of the largest companies in the telecom industry asking them to produce solutions to reduce robocalls. Currently, all of the notable alternative solutions fall into 3 distinct methods; "Do Not Originate" list, Authentication/ Identity validation and filtering.


The “Do Not Originate” list, basically the opposite of the Do Not Call list, would stop robocalls at the VoIP gateways that connect VoIP calls to the traditional phone system.  While VoIP robocalls can be placed from anywhere in the world, all such calls pass through these gateways to enter the traditional circuit-switched phone lines.3 This list would allow commonly spoofed entities such as the IRS, FBI and banks to register their outbound numbers in a database. Calls from those numbers that originate from certain gateways would then raise red flags and most likely be blocked. Additionally, this approach can be implemented without any changes in telephony protocols and does not require cooperation of other phone carriers. Yet it still is no substitute for authentication.


Authentication and Filtering

Authentication is the most effective way to prevent spoofing. There are a few different ways to implement this methods, one of the more promising is through the use of third party APIs to analyze the meta data of callers.  Authentication is crucial to stopping robocallers from impersonating others and to facilitate effective filtration. The main drawback of this method is that it would most likely require the difficult task of gaining the cooperation of the major telecom companies to be successful.


Filtering works by checking each incoming call against a white list of trustworthy phone numbers or a black list of numbers you should reject. Although filtering can be very helpful in reducing robocalling it still has several drawbacks. Most notably, if there is nothing in place to stop spoofing, filtering can be easily circumvented by spoofing a new number.


A Cocktail Approach

In total, the three methods complement each other very well. Each of the methods does its part to reduce robocalling in a different way; if used in combination with one another, these methods could eliminate the current robocalling epidemic. The “Do Not Originate List” eliminates the ability to spoof high-profile numbers like the IRS.  Authentication makes fraudulent calls less likely to pay off by stopping robocallers from impersonating others. Filtering can help block all confirmed fraudsters.