There’s a good reason you’re still afraid to answer your phone when an unknown number pops up.
For years, the telecommunications industry has been trying to curb robocalls, the frustrating and potentially dangerous spam calls that try to scam anyone who picks up the phone. But even after significant milestones in defense—including the introduction of two telecom protocols that cryptographically authenticate the source of calls—you’re probably still getting spammy calls that drive you nuts. In spite of the setbacks, though, researchers say they’ve seen real progress on reducing spam calls in the United States, and there’s potential for even more improvement.
At the RSA Conference in San Francisco last week, Josh Bercu of the trade association USTelecom and Gary Warner, director of intelligence at the security firm DarkTower, presenting findings on progress squashing robocalls and the illegal call centers they emanate from, which are predominantly located in India. And they dug into the frustrating reality that the issue is far from solved.
“I think it’s not going well at all!” Warner tells WIRED. “And people understandably wonder why the carriers don’t just block spam calls. But if you’re AT&T or Verizon or T-Mobile or whoever, it’s not in your purview to decide which conversations people are allowed to have. I don’t think people want to be in that surveillance state where carriers are in a position of deciding what is an acceptable conversation for Americans to have.”
That doesn’t mean the carriers haven’t stepped up their blocking when they see enough evidence that a call has a suspicious provenance. But USTelecom’s Bercu notes that deciding how bold to be about blocking is a delicate issue that each phone company handles differently.
“As providers have gotten more aggressive blocking or labeling suspicious calls, they’ve taken on more risk that they’ll mis-block or mislabel a legitimate call,” he says. “Maybe it really was a call from the bank or the pharmacy. There is some delicate balancing that providers have to do, and some are more aggressive than others.”
Bercu adds, too, that different carriers work with different analytics services to identify suspicious call activity. This can create situations where, as trends in robocalling techniques evolve and spammers use different strategies to bounce calls around international networks, some analytics services may be better at catching certain behavior than others.
Bercu is also executive director of the Industry Traceback Group, a neutral entity under USTelecom designated by the Federal Communications Commission to promote intelligence-sharing to trace the source of illegal robocalls and promote collaboration between carriers. The idea is to look at how robocalls circumvent existing technical defenses, identify networks where these protections haven’t been fully implemented, and work with providers to adopt stronger safeguards.
Ultimately, though, DarkTower’s Warner says that as with other digital criminal industries like email spam, business email compromise, and even ransomware, the key to limiting robocalling is to make it more difficult for scammers to operate at every level of their business. This means making it harder for them to route their calls, but also harder to recruit call agents and purchase lead lists—curated collections that claim to contain the phone numbers of targets like elderly people or people with medical issues.