“No place in our networks”: FCC hangs up on thousands of voice operators in robocall war

Everyone hates robocalls. However, it’s difficult to track down all the scammers and spammers that make them, so the Federal Communications Commission (FCC) has taken another approach: it just disconnected over a thousand voice operators from the public telephone network for not doing their part to stop the scourge.

This week, the Commission’s Enforcement Bureau removed over 1,200 voice service providers from its Robocall Mitigation Database (RMD). Created in 2020, this database is a ledger with records proving that telephony operators are taking measures to stop robocalls routing their calls through their networks. Removal from the database prevents other operators from taking a service provider’s traffic, effectively cutting it off from the US phone network.

Shaken and stirred

There’s a long road leading to this point, starting with the development of the STIR/SHAKEN protocol. Secure Telephone Identity Revisited (STIR) is a standard for ensuring that the caller ID showing up on your phone is legit. Signature-based Handling of Asserted information using toKENs (SHAKEN) is the technical tooling that lets telephony providers use the standard on their network.

Large voice telephony providers had to implement STIR/SHAKEN by June 30 2021 under the TRACED Act of 2019. Smaller providers got an extension. The RMD tracks which providers are using this system.

The Commission has been tightening the screws on companies that didn’t comply with the Act. In December, it announced that it might remove up to 2,411 companies if they couldn’t give a good reason for why they didn’t have up-to-date filings in the database.

On August 6, it began delivering on its promise, removing 185 voice providers from the database after they were found to be an originator or gateway provider for robocalls, or after they didn’t co-operate with the traceback procedures used to trace those calls.

The FCC also has support at a state level. In early August, 51 attorneys general launched Operation Robocall Roundup, which sent letters to 37 voice operators putting them on notice about illegal robocalls using their networks.

According to Commission Chair Brendan Carr:

“Robocalls are an all-too-common frustration — and threat — to Americans [sic] households. The FCC is doing everything in its power to fight back against these malicious and illegal calls. Providers that fail to do their duty when it comes to stopping these calls have no place in our networks. We’re taking action and we will continue to do so.”

Protection isn’t guaranteed

This is great, as far as it goes, but STIR/SHAKEN only works on IP-based phone networks (those that use the same protocol that the internet uses to move their digitized voice data around). Legacy phone networks that don’t use IP, such as in some rural areas, can’t use the technology. Those will fade over time, though.

Perhaps more importantly, the STIR/SHAKEN rules apply to US providers only, and it’s cheap for overseas providers to reach you. So overseas robocallers can still get to you easily via non-US operators while spoofing caller IDs.

Finally, STIR/SHAKEN only proves that the number showing up on your phone is the number that’s actually calling. The person using that number could still be a scammer.

So, you still need to do a little legwork of your own to minimize robocalls. Network providers (typically the larger ones) often run their own network analytics to root out robocallers. They frequently bundle such services. You can also set your phone to send all calls from numbers not in your contact list straight to voicemail.

If you use a landline, you can connect call blocking devices to your phone. Those use a variety of tricks, including messages that require a caller to press a specific number before the call goes through. The more action you take at your end, the more likely you are to block out automated nuisances.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.