How about putting a small tariff on every phone call originating from countries that do not shut down these fraudulent call centers? The tariff perhaps could be as small as 2 or 10 cents per call to make these operations unprofitable. I'm sure that the telecom operators in the foreign country could easily track down (or already know precisely where to find) the call centers. Once the fraud falls below a threshold the tariff can be removed.
Punitive tariffs, quotas, bans get applied to every kind of product -- counterfeits, contaminated foods, polluting vehicles. I never heard any government agency suggest applying it to countries that are the overwhelming source of scam calls.
It may be a surprise to the HN "incentives are the only way to do anything" crowd, but there simply is not an incentive structure that will fix this problem, because nobody knows where the calls are coming from. Not the US, not the telcos, not the countries the calls are coming from, nobody. You can place the tariff on countries, and then the countries just have to accept the tariff because there's not a damn thing they can do about it as long as scammers can spoof phone numbers.
The converse of this is that it's pretty ridiculous to assume that countries have scammers in them because they're just tolerating them.
Sure, we could rush out a technical solution, but then it would run the risk of being broken rather quickly, and further it's important to not compromise the reliability of the phone system. Too many critical services rely on it. It's worth taking the time to do it right.
Last I heard, the FCC was in talks with telcos to finalize a solution, but I would expect it to take at least another year to implement and deploy it.
Until then, I guess we'll all have to deal with annoying scammers and comments by people who don't understand why spoofing makes their pet incentive idea irrelevant.
It’s not right, that a sensible comment like yours is being downvoted. Spoofing is real, and not easy to track down depending on the resources you have at your disposal. And Indian law enforcement is certainly behind the western world in that regard.
Besides, it’s not like these scammers are paying taxes to the Indian government, so they don’t have any national incentive to facilitate scammers. Tax compliance in countries like India, outside the first world, is very poor. Though the article mentions that Indian authorities are cooperating with Canadian officials, it needs to be understood that this cooperation isn’t based on any incentive structure, other than civilised societies need to crack down on crime. Crime in Canada is a low priority for Indian officials, just like I’m sure it’s the other way around.
Finally, Canada doesn’t even feature in the top 15-20 trading partners for India, last time I checked, so I don’t know what punitive incentive can be hoped for here. If you need a solution, it would be more productive to approach from a more pragmatic, cooperative point of view, rather than being all high and mighty and taking a carpet bombing style approach that affects legitimate business as well. Or, you could do that but it wouldn’t even matter.
Edit: I’d like to add that every day there is news about people, here in India also losing their life savings to these scammers. So it would be wrong to have an impression that authorities and citizens of this country take pleasure in people from richer countries being scammed. I’ve old, not so tech savvy parents myself, who I realise are pretty vulnerable to this evil.
This is mostly true, but it would be worked on a lot harder if the companies involved had a financial incentive to work on it. Currently the scammers pay their bills and the incentives work the other way - it's best for them to say they are working on it but drag their feet.
You think "people are switching away from using the traditional phone system entirely" isn't enough incentive? And how, exactly, does an Indian scammer paying a bill to an Indian telco incentivize US telcos to drag their feet? You can blame the Indian telcos, but they also don't have incentives to tolerate scammers--their business would benefit a lot more if calls from Indian numbers weren't automatically assumed to be scams.
While you don't understand the problem, you can't possibly have anything of value to say about the solution.
There may well be perverse incentives causing certain entities to tolerate scammers, but we shouldn't pretend we know what those perverse incentives are when we can't even trace the calls. On the other hand, it is much more likely that once the spoofing problem is solved, the incentives are all already in place and the vast majority of scam calls will be solved.
If a rational person only knows how to use a hammer, they pause when they come across a problem that isn't a nail. But when the HN crowd comes across a problem that isn't immediately solved by incentives, they argue that the people who actually are qualified to solve the problem with other tools, should be using incentives!
Exactly why STIR/SHAKEN is currently being deployed. That's the issue with widespread legacy systems, you can't pull it out and rebuild from scratch without causing a major disruption.
What part of "they don't know where the calls are coming from" don't you understand? Are they supposed to just close down customers at random hoping they close down a scammer by accident?
Do you really think you're smarter than everyone at the FCC, since you apparently think nobody at the FCC thought of this?
> In a press release issued Sunday, Delhi police said they had arrested 32 “white-collar criminals” and seized 55 computers along with dozens of cellphones, internet routers and “illegal software” being used in what they described as a “swanky international cheating scam call centre targeting Canada citizens.”
> All of those arrested are residents of India and between the ages of 18 and 38, according to the statement.
> The Delhi police alleged the scheme has been targeting Canadian citizens by claiming their social insurance numbers had been compromised.
> LONDON: British Police service on Monday said it had shut down two sophisticated criminal call centres in Kolkata, instrumental in defrauding thousands of victims in the UK alone, with the cooperation of Indian police.
> The call centres were raided by 50 officers from the Cyber Division of Kolkata Police last week as part of a worldwide four-year operation conducted by the UK police and Microsoft.
My understand use these call centers use VoIP providers in the country though. The traffic crossing the border is likely just an encrypted stream, indistinguishable from some VPN or other generic service.
The VoIP providers are getting paid (by the scammers), your cell/phone company is getting paid twice (by both you and the VoIP provider). It's not like customers are switching to the other spam-less phone option, or giving up having voice service entirely.
I hate to be cynical about it, but literally all the players in a position to track and shut these calls down via technical means have absolutely no tangible incentives to do so.
If you get spam calls, your carrier is liable unless they can point to the source of the disruption. If they can't point to where they got it from, they are liable, and so on. If they can identify them but they're unwilling to pay out, their link to you is still liable.
The phone system seems pretty absurd. Just the fact that we can't trust originating phone numbers seems odd. There's lots of good ideas to go around, and there's so much in internet technology that could be applied to the phone system, but I'd love to read an article on why its hard to update the phone system.
-You forward your office phone to your cell phone. You want the number of the original person calling to show up on your cell phone. This means that the office phone system needs to spoof the original caller's phone number. This could be a local call, an overseas call, etc.
This is not a simple update issue. How does the telco know that this is a legitimate spoof? Further, if this is blocked and the number is rewritten to the billing telephone number, the client will complain that they are answering outside calls, thinking it is their office calling.
-How the carriers are integrated, how do they trust the incoming call info from another carrier? Blacklists and whitelists are impossible to keep up as scammers are randomizing the data.
This is an expensive problem, and one that carriers would love to solve - there isn't a lack of incentive either. I've seen a few solutions out there, but I am not convinced they work as advertised.
If I want to call someone using a different caller ID through twilio, twilio makes me verify ownership of that number.
But of course, then twilio is only doing this to keep scammers off their own platform. Since the telcos don't validate anything, there are plenty of less scrupulous providers that don't validate anything.
So all the telcos need to do is require anyone providing access to their networks to validate their caller ID numbers.
I actually deal with (part of) this problem from the other side: I maintain text messaging for the biggest company in our sector.
Within the last few months, we've been running into issues where our phone numbers are actually being stolen by these third parties.
Service providers are SUPPOSED to receive letters of authorization before porting a number. I.e. if I want to use my phone number on Twilio, I need to provide a letter showing ownership of the number (or blocks of numbers) I wish to provision on their platform.
Twilio, BTW, is one of the good guys on this. But FWIW, if the number's already provisioned they can't really tell you when a number's been hijacked, you won't know till you try to use it and Twilio's API gives errors.
Anyway... big takeaway is our numbers keep winding up 'stolen' by another provider (not Twilio). Every time we email them, they release the numbers back to us, but asking for LOAs to see how this happened gets crickets. Oh and this process leaves the numbers unusable for 1-3 business days.
Take the difficulties of IPv6 migration and remove the ticking clock of running out of IPv4 addresses. How long would the migration take? 10 years? 10000 years? I bet it would be closer to the latter than the former.
The businesses were purchased by Avaya (enterprise) and Genband (carrier). There are support and upgrade paths available. This fact also has nothing to do with the problem.
The internet has been slowly getting better but remember that in general we can’t trust the ”from” field of an email message either. No need to even spoof it as it’s literally whatever the sender wants to put there, by design.
Things coming over lines no longer have a country. How do you determine which call are international? All of them are local and operated by foreign call center over the internet. They can easily acquire a VPN and the internet traffic will be local as well. How do you even track all that internet traffic? Are you prepared to give all your secret to government to track these things?
If connection between two nodes in the network is possible to establish, tracking it down is possible as well - giving the willing intermediaries. The fines or tariffs structure may help ensure they will be willing.
It is the same problem as with finance transactions wrt money laundering really, which is a solved problem. The only cover bad actors have is finding a sovereign state willing to cooperate.
Punitive tariffs, quotas, bans get applied to every kind of product -- counterfeits, contaminated foods, polluting vehicles. I never heard any government agency suggest applying it to countries that are the overwhelming source of scam calls.