[ If you want to stop robocalls, sign this Consumers Union Petition to demand the major telephone companies block robocalls before they get to you. It can be done! Canadian telecom companies have done this for years, but United States telecom and wireless providers refuse to do so. If you have an Internet-based VoIP phone service, you can get Nomorobo for free. For other tips on dealing with robocalls, see http://www.cbsnews.com/news/8-tips-to-stop-annoying-robocalls/ I personally wish phones had a way to dial down the volume of the ring, one of the reason I answer robocalls is to get the damn phone to stop ringing since it is so terribly loud… Below are about 8 pages of excerpts from the 88 page senate hearing. Alice Friedemann at energyskeptic.com]
July 10, 2013. Stopping Fraudulent Robocall Scams: can more be done? Hearing before Subcommittee on Consumer protection, product safety, and insurance. U.S. Senate S. HRG. 113–117, 88 pages.
- Canadian telephone companies have successfully blocked robocalls for years (with Primus telemarketing guide), but American phone companies won’t do it, and it isn’t expensive
- Law enforcement officials have estimated that telemarketing fraud costs Americans over $40 billion annually.
- The FTC received 2 million complaints between October 2011 and September 2012.
HON. CLAIRE MCCASKILL, U.S. SENATOR FROM MISSOURI. We have all been subject to the frustrations and annoyances of receiving unwanted telemarketing calls, also known as robocalls. It seems these calls always intrude at a very inconvenient time. Ten years ago, the Federal Trade Commission and the Federal Communications Commission, at the direction of Congress, established a National Do Not Call Registry so that consumers could get some peace and quiet in their homes and stop the torrent of unsolicited telemarketing calls. The idea was simple: voluntarily register your phone number on a centralized list, and telemarketers would be prohibited by law from calling you. The registry has been celebrated across party lines as a successful government program that provides real benefits to consumers.
While the National Do Not Call Registry has been effective at limiting intrusions by legitimate telemarketers, fraudulent robocalls have since filled the void and have become the source of understandable anger and frustration among the public. These automated, prerecorded telemarketing calls that often seek personal information from unsuspecting consumers are an annoyance at best, but they can be devastating for those that are defrauded by them. It is easy to see how consumers can easily be confused by these calls. One common scam involves a call from Rachel from ‘‘Cardholder Services’’ offering an easy way to reduce consumers’ credit card interest rates.
Another common scam involves robocalls warning consumers that their auto warranty is about to expire. In both examples, with the press of a button, the consumer is directed to an individual whose job is to collect financial information in an effort to defraud them. Even pressing the button they claim removes a caller from their list does nothing more than identify a phone number as valid, likely increasing the frequency of unwanted calls in the future.
USA Today outlined an example of this type of scam July 4th called ‘‘Your Money: Seniors Fight Back Against Robocalls.’’ And it gave a specific example of an automated voice that implies a doctor or a relative signed the consumer up for a free medical alert system. Authorities said that, in some cases, after consumers press a button to accept the offer, they quickly receive another call asking for personal information, including credit card numbers. This might be con artists trying to get bank or credit card information or a Social Security number to use in ID theft, or it is a way to pressure seniors into paying for equipment or services that they don’t need. The medical alert system scam is in full swing in Michigan, according to the state attorney general’s office, as well as in other states, including Pennsylvania, New York, Texas, Wisconsin, and Kentucky.
Law enforcement officials have estimated that telemarketing fraud costs Americans over $40 billion annually. So it is no wonder that robocalls consistently remain a top consumer complaint at the FTC as well as the FCC. The FTC received 2 million complaints between October 2011 and September 2012. The FTC and FCC have taken important steps to try and stop fraudulent robocalls. Both commissions have issued rules restricting robocalls, and they have taken enforcement actions to protect consumers. Since the National Do Not Call Registry started, the FTC has won more than $250 million in civil penalties and equitable relief for consumers against robocalls. But because these shady companies and individuals are often based overseas and very difficult to locate, the FTC has only been able to collect $15 million out of the $250 million that they have in fact gotten authorization to collect.
Advances in technology have made it cheap and easy for an individual anywhere in the world with a computer and a broadband connection to make thousands and even millions of robocalls at the push of a button.
Similarly, the exceptions to the Do Not Call Registry for charities, political calls, and businesses with which consumers have an existing relationship also remain a nuisance for consumers. In exploring regulatory, statutory, or technological changes to address the problem of robocalls, giving the consumers the choice to stop all unwanted calls—charities, political, and businesses with existing relationships to the consumer—stopping all of those calls, regardless of who places them, should be our ultimate goal. The choice here should rest firmly in the hands of the phone that rings.
The FTC and the FCC are actively engaged in stopping these illegal robocalls, but they have admitted to the significant challenges they face against new and emerging technologies, including sophisticated Voice-over-Internet-Protocol enabled auto-dialers and the use of fake caller ID systems. Companies using auto-dialers can send out thousands of phone calls every minute at almost no cost. Some of these companies do not screen against the Do Not Call Registry and use this solicitation to scam an individual.
LOIS GREISMAN, Assoc Director, Division of Marketing Practices, Bureau of Consumer Protection, FEDERAL TRADE COMMISSION
Fraudsters have also exploited caller ID spoofing, which induces the consumer to pick up the phone, while at the same time enabling the scammer to hide its identity and location. And, of course, with phone calls bouncing from country to country all over the world, it is now easier than ever for the robocaller to hide. With such a cheap and scalable business model, bad actors can blast literally tens of millions of illegal robocalls over the course of a single day at less than 1 cent per minute. These robocalls not only invade consumers’ privacy, quite often they pitch goods and services riddled with fraud. To meet this challenge, we stepped up our law enforcement initiatives. Looking just at the cases we have completed involving robocalls, we have shut down entities that placed billions of such calls
We have sued entities that afford access to massive dialer or voice-blasting platforms that initiate the calls. We have also sued entities known as payment processors that afford access to the financial system and enable the robocallers to process payments from consumers.
The Registry, which currently includes more than 221 million telephone numbers, has been tremendously successful in protecting consumers’ privacy from the unwanted calls of tens of thousands of legitimate telemarketers who participate in the Registry each year. Some of the Commission’s early robocall cases were against companies with household names such as Dish Network, DIRECTV, and Talbots.
Yet increasingly, robocalls that plague consumers are initiated by fraudsters, who often hide out in other countries in an attempt to escape detection and punishment. One example is the defendants in FTC v. Navestad, who the Commission successfully traced and sued even after they attempted to hide their identities through fake caller IDs, shifting foreign operations, and name changes. The court found that the defendants made in excess of eight million robocalls, and ordered them to pay $30 million in civil penalties and give up more than $1.1 million in ill-gotten gains. Unfortunately the two defendants are currently in hiding overseas.
One recent example is a concerted attack on illegal robocalls purporting to be from ‘‘Rachel’’ or others from ‘‘Cardholder Services,’’ which pitch a supposedly easy way to save money by reducing consumers’ credit card interest rates. The FTC brought five cases against companies that were allegedly responsible for millions of these illegal calls. The Commission simultaneously announced that state law enforcement partners in Arizona, Arkansas, and Florida had filed separate law enforcement actions as part of the same sweep.
First, the Commission aggressively pursues companies that provide the equipment and software necessary to send out millions of calls, sometimes referred to as ‘‘voice broadcasters’’ or ‘‘autodialers.’’ One example is FTC v. Asia Pacific Telecom, Inc., in which the FTC alleged that defendants were responsible for violating the TSR by placing billions of prerecorded phone calls on behalf of unscrupulous telemarketers. These robocalls pitched worthless extended auto warranties and credit card interest rate reduction programs while using spoofed Caller ID names—such as ‘‘SALES DEPT’’—and phone numbers registered to companies with overseas offices in the Northern Mariana Islands, Hong Kong, and the Netherlands.
The Robocall Summit made clear that convergence between the legacy telephone system and the Internet has given rise to massive, unlawful robocall campaigns. The telephone network has its origins in a manual switchboard that allowed a human operator to make connections between two known entities.39 A small group of well-known carriers were in control and were highly regulated. Placing calls took significant time and money, and callers could not easily conceal their identities. Now, communications technology is universal and standardized such that entrepreneurs can build up a viable telephone services business wherever they find an Internet connection. As a result, the number of service providers has grown exponentially and now includes thousands of small companies all over the world. In addition, VoIP technology allows consumers to enjoy high-quality phone calls with people on the other side of the planet for an affordable price. With this efficiency came other changes: instead of a voice path between one wire pair, the call travels as data; identifying information can be spoofed; many different players are involved in the path of a single call; and the distance between the endpoints is not particularly important. As a result, it is not only much cheaper to blast out robocalls; it is also easier to hide one’s identity when doing so.
New Technologies Have Made Robocalls Extremely Inexpensive. Until recently, telemarketing required significant capital investment in specialized hardware and labor. Now, robocallers benefit from automated dialing technology, inexpensive long distance calling rates, and the ability to move internationally and employ cheap labor. The only necessary equipment is a computer connected to the Internet. The result is that law-breaking telemarketers can place robocalls for less than one cent per minute. In addition, the cheap, widely available technology has resulted in a proliferation of entities available to perform any portion of the telemarketing process, including generating leads, placing automated calls, gathering consumers’ personal information, selling the products, or doing all of the above. Because of the dramatic decrease in upfront capital investment and overall cost, robocallers—like e-mail spammers—can make a profit even if their success rate is very low.
Technological changes have also affected the marketplace by enabling telemarketers to conceal their identities when they place calls. First, direct connections do not exist between every pair of carriers, so intermediate carriers are necessary to connect the majority of calls. Thus, the typical call now takes a complex path, traversing the networks of multiple different VoIP and legacy carriers before reaching the end user. Each of these carriers knows which carrier passed a particular phone call onto its network, but likely knows little else about the origin of the call. Such a path makes it cumbersome to trace back to a call’s inception. All too often, this process to trace the call fails completely because one of the carriers in the chain has not retained the records that would further an investigation.
New technologies allow callers to manipulate the caller ID information that appears with an incoming phone call. This ‘‘caller ID spoofing’’ has beneficial uses; legitimate companies adjust their caller ID information regularly so that customers will see the most useful corporate number or name, rather than the phone number from which an agent actually placed the call. However, the same functionality allows robocallers to deceive consumers by pretending to be an entity with a local phone number or a trusted institution such as a bank or government agency. In addition, robocallers can change their phone numbers frequently in an attempt to avoid detection. It is generally illegal to transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value, but many robocallers flagrantly violate this law.
Finally, new technologies help robocallers operate outside the jurisdiction where they are most likely to face prosecution.61 Indeed, all of the many different entities involved in the path of a robocall can be located in different countries, making investigations even more challenging.
If you answer a call and hear a recorded sales message—and you haven’t given your written permission to get calls from the company on the other end—hang up. Period.
Aaron Foss, Freelance Software Developer, of Free Robocaller blocking Nomorob
Here is how it works. In real-time, Nomorobo analyzes the incoming caller ID and the call frequency across multiple phone lines, and if it detects a robocaller, the call is automatically disconnected. And all of this happens before the consumer’s phone rings. So as each call is analyzed, a blacklist of robocallers is continually updated. And the more calls that come into the system for analysis, the better that the algorithm works. I actually built this system using the same technology that these robocallers are using, so it scales inexpensively to handle millions of calls. And Nomorobo works on landlines, voice-over-IP, and cell phones on all of the major carriers and does not require any additional hardware or software. All that is required by the consumer is a simple, one-time setup to enable a free feature that is already built into the switches called ‘‘simultaneous ring.’’ But, as with all new ideas, there is always some skepticism. Industry players have expressed three major concerns about robocall blocking: spoofing caller ID; violating consumer privacy; and allowing legal robocalls. So it is incredibly easy to spoof caller ID to show any phone number, and almost all of the robocallers do that.
But while you can falsify the calling number, you can’t falsify the calling patterns. So it is a red flag, for example, when the same number, whether it is spoofed or not, has made 5,000 calls to different numbers in the past hour. And it is also a red flag when the same number is sequentially calling large blocks of phone numbers. Both of these scenarios indicate robocalling patterns. And so a static blacklist of known robocallers would only work in a very limited amount of situations. But by combining the caller ID, whether it is real or faked, with real-time calling pattern analysis, robocalls can effectively be detected.
Also, with solutions like these that only look at the metadata of a call, there is no need to monitor or listen in to the phone calls, thus assuring customer privacy. The caller ID data, along with the date and time, across many phone lines, gives enough of a fingerprint to detect robocallers without having to analyze the actual content of the call.
And the final concern that has been raised is how to allow legal robocalls, such as schools and emergency notifications, to bypass robocall blocking. And this can be accomplished by building a trusted, real-time whitelist. I have already had the opportunity to speak with some of the legal robocallers, and they are very open to working on a solution that allows them to successfully deliver their calls. They want these illegal robocallers put out of business as much as the consumer does.
Senator MCCASKILL. I don’t understand. We have heard from two good witnesses that the technology is available. So why is it that Mr. Foss’s technology is not quickly being adapted in these commercial markets? And why is it that Mr. Stein’s patented product has not been licensed to an American carrier?
Michael F. Altschul, Senior Vice President and General Counsel, CTIA— The Wireless Association: We have concerns about overreaching and blocking legitimate calls. I am sure you are more familiar than you would like to be with the kind of informational robocalls and text messages you receive from airlines when flights are delayed because of weather or other events. The volume of these calls are unpredictable, and they will flood carrier networks with identical recorded messages and text messages. And they will carry a caller ID. That caller ID, if it is put on a whitelist, can then be spoofed, as I think we all agree how easy it is to spoof a number, and have the same fingerprint or pattern as other messages.
Mr. STEIN. The reality is that the system, the Telemarketing Guard system itself, will only begin to monitor and, therefore, take action once there are reports by enough people that say, this is an unwanted telemarketer. Nobody is going to call and say, the airline let me know my flight was late. That is the initial beginning of the block — a critical mass of people calling and saying, hey, these guys are trying to rip me off or sell me siding
Mr. ALTSCHUL. But my point is that that number, which is welcome and legitimate and properly described on caller ID, is basically the identifier that the carrier and the customer and Mr. Stein’s system has to track wanted and unwanted calls. Right now, there is no need for scammers to actually pick numbers that consumers would recognize as the source of messages, informational messages, they would like to receive. But there is no limitation on a fraudster’s ability to use an airline’s number to fill out the caller ID field in the robocalls and messages that they send.
Mr. STEIN. Two quick comments. First, the system is quite smart. And over the years that we have tuned it and built and enhanced it, we have built in a great many safeguards to prevent this exact thing from happening. And I won’t elaborate in full detail on all those, but if such a thing were to happen and reports were to start to come in, one would assume that at the same time the airline is using that phone number, too, and therefore a lot of those calls are getting accepted by our customers. So we would be seeing votes going in both directions, and the system becomes increasingly skeptical, and looks for what distinguishes the two types of calls, and then is able to break them down based on many of the other criteria that are no longer using just, say, the caller ID, which is the thing that is easy to spoof. There are a lot of other characteristics in a phone network that are available that we use.
Mr. FOSS. The thinking that went into it before everybody had voice-mail was that the call is going to be disconnected, you are going to lose the call forever. But now if we can just divert it to voice-mail, much like spam does into your spam filter, I think everybody would rather have a voice-mail box with five or six robocalls than five or six robocalls. It is absolutely not going to be 100 percent. But even with spam filters today, certain spam gets through, sometimes real e-mails get into your spam folder. And I think that we need to try it, and I think that we need to start somewhere.
Senator MCCASKILL. If a plane is late, we are talking about maybe 100, 200 people; we are not talking about thousands. I need to know what, if anything, these carriers are doing. And do they feel an obligation to do something?
Mr. RUPY. I think one of the points that was raised earlier by various folks on the panel here is that, under our current legal framework, regardless of whether it is a mass-calling event or sort of a standard calling volume, we are under a legal obligation to complete those phone calls
Senator MCCASKILL. Are you saying that you legally couldn’t adopt Mr. Stein’s technology? The phone call connects; it just decides whether it goes to voice-mail.
Mr. RUPY. As I understand Mr. Stein’s and Mr. Foss’s technology, to a certain degree the decision is removed from the consumer and is made by the carrier
Senator MCCASKILL. No, that is not true. That is not true. Mr. Stein, the carrier is not making the decision, is it?
Mr. STEIN. No, the carrier does not make that decision. The system doesn’t block a call under any circumstance, other than if the customer were to say, here is one given number that I don’t want, a blacklist, available on many services. In the case of Telemarketing Guard, it impedes the call and asks the caller to press a digit to record their name. But in all of those cases, those recorded names, the phone call is made, et cetera.
[Based on the testimony of Stein and Foss, plus Canada having successfully blocking robocalls for several years, I wouldn’t put much credence into the testimony below of why American telephone companies haven’t protected their customers from Robocalls by Rupy below or Altschul (wireless spokesman) above]
KEVIN RUPY, SENIOR DIRECTOR, LAW AND POLICY, UNITED STATES TELECOM ASSOCIATION
In addition to the harm they cause consumers, robocalls impact U.S. Telecom’s own member companies. Our companies’ customer service representatives represent the first line of defense on this issue. They must be well-versed in explaining to customers the difference between legal and illegal robocalls, providing them with information on how to file a complaint with the FTC, and pointing them to tools to help them mitigate these calls. Robocalls can also adversely impact our companies’ networks. Mass-calling events are typically highly localized, high-volume, extremely brief, lasting only a matter of minutes. And carriers receive no advance warning of these calls. A severe mass-calling event can result in service degradation and disruptions to phone services in a provider’s impacted area. Moreover, illegal robocalls exacerbate an already troubling problem in our industry known as phantom traffic: calls that evade the established intercarrier compensation regime.
It is unlikely that any single technological silver bullet can permanently address the robocall problem.
Significant Legal Constraints Limit Potential Robocall Deterrents. Two primary legal issues face USTelecom’s member companies with respect to remedying the robocall problem. First, under existing laws to which USTelecom’s members are subject for their provision of legacy voice service, phone companies have a legal obligation to complete phone calls. These companies may not block or otherwise prevent phone calls from transiting their networks or completing such calls. The current legal framework simply does not allow our companies to decide for the consumer which calls should be allowed to go through and which should be blocked. Second, there are substantial privacy issues that arise in any discussion relating to proposed robocall solutions. Robocalls are extremely contextual in nature. Depending on the nature of the call, certain robocalls are permitted under the law, while others are prohibited. Proposed solutions to the robocall dilemma that seek to make phone service providers the arbiter of whether a call should—or should not—be permitted to proceed skirt dangerously close to violating the privacy obligations imposed on us by law. For example, the Wiretap Act (also known as Title I of the Electronic Communications Privacy Act (ECPA) or Title III of the Omnibus Crime Control and Safe Streets Act of 1968) expressly protects wire, oral, and electronic communications while in transit and establishes that service providers are permitted to intercept those communications only as a necessary incident to the rendition of service or to the protection of the rights or property of the provider.
Today’s solution could very well turn into tomorrow’s Maginot Line, and could have unintended adverse consequences. For example, solutions that rely extensively on blocking calls populated by a blacklist could very well result in the blocking of legitimate calls from callers whose own phone numbers have been illegally spoofed. Conversely, solutions implementing call blocking features based upon a whitelist could potentially block an important— albeit unexpected—message from a legitimate caller. Even more perversely, the availability of spoofing technology can easily fool consumers into taking calls they should avoid. For example, spoofing the number of the local municipal hospital could dupe a senior citizen into believing that a fraudulent effort to sell phony medical products is actually a legitimate call from a whitelisted number. Given the open nature of the broadband network, technological solutions can be—and often are—superseded by technological countermeasures. The same increasingly appears to be the case for legislative and regulatory solutions, which regrettably do not seem capable of keeping pace with the evil genius of scammers who continually invent new ways of evading discovery and capture, much less prosecution and punishment. As noted earlier, we have been trying to legislate out of existence the problems of robocalling, spam, autodialing, and caller-ID spoofing for as long as two decades, but new technologies only seem to make the problems grow worse.
I would like to use a screenshot of a text message that I received on Monday to illustrate the difficulties we face in trying to solve this problem. And, by the way, wireless carriers do screen text messages and successfully block millions of them, I believe, every day. Voice calls have to be found at the source to be cut off. As you can see, this text message appears to be an informational text message about my account at a local financial institution. In fact, I have provided my express prior consent to the financial institutions where I have accounts, authorizing them to send me informational text message alerts about fraudulent activity, data breaches, and other time-sensitive account information. But since I do not have an account at this institution, I knew immediately it was a phishing scam that violates both the TCPA and the Truth in Caller ID Act, which prohibits the spoofing of caller IDs. Scammers, especially those outside of the United States, are not deterred from violating the TCPA or the Caller ID Act. For this phishing scam, the fraudster spoofed the caller ID of a local Washington, D.C., phone number. As it turns out, this number is not in service. It happens to be assigned and arranged so that it is assigned to a CLEC. But I called it and got a recording that the number is not service. So this is not a real phone number assigned to a user. But the fraudster could just as easily spoof the financial institution’s actual phone number or tumbled phone numbers randomly to defeat the use of blacklists and whitelists. And this is why this is such a difficult problem to solve. Carriers do not know the businesses and public agencies the customer has given express prior consent to send informational calls and messages. And even if a carrier did know this information, fraudsters can spoof whitelisted numbers and appear to be a legitimate business sending informational calls and messages to its customers. We appreciate the efforts of the FTC and others who are exploring technologies that may minimize the transmission of illegal robocalls and text messages to our customers. However, as H.L. Mencken famously observed, there is always a well-known solution to every human problem neat, plausible, and wrong. This wise counsel cautions us that any technical solutions must be subject to careful and complete consideration.