Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

Damian Menscher damian at google.com
Sun Mar 8 16:59:07 UTC 2020


On Fri, Mar 6, 2020 at 8:05 PM Brian J. Murrell <brian at interlinx.bc.ca>
wrote:

> On Fri, 2020-03-06 at 18:37 -0500, bzs at theworld.com wrote:
> >
> > Why don't they just ask the phone companies who are billing these
> > robocallers who they are and we can arrest them.
>
> Exactly.
>
> I have always maintained that if my phone number were one of those
> "premium" numbers (1-976 -- maybe I am dating myself but you know what
> I mean -- where calls to it were billed at $5/min), I am sure that my
> telco (the one providing me the premium number on my the phone line
> that runs into my location) would always know exactly who to send the
> bill to for every call that called my number, including robocallers[1].
>
> So, if my telco can bill the callers for those premium calls, they
> surely know who they are, or at least know where they are sending the
> bill and getting payment from.
>
> But who are we kidding?  The telcos have been making money hand over
> fist with robocalls and are not really all that motivated to dry up
> that revenue stream.  Regulation (as much as I hate it in general) is
> the only solution.
>
> Making the allowing of robocalls more expensive than preventing them is
> the only solution.  Whether that is through fines as a result of
> regulation or otherwise.
>

This is similar to the BCP38 problem of spoofed packets making their way
onto the internet.  The recipient has no way of knowing which packets are
spoofed, but with (sampled) netflow/sflow, the origin of a flood of traffic
*can* be traced, even if spoofed.  And, once traced, it *can* be filtered.
The fact transit providers don't do this traceback and filtering today is
simply because it would cost money, and they make more money carrying the
traffic (and also the amplified DDoS traffic it causes).  The only solution
is to make it more expensive to facilitate criminal activity than to
prevent it.  I think we're seeing the beginnings of this in the telco
industry, and I hope it carries over to the internet.

In the robocall case, there *is* something the end user can do to fight the
abuse: answer every call, and keep them on the line as long as possible.
They are paying for connected calls, for the connection duration, and for
the humans to scam people.  If everyone tarpitted them, the business model
would fail.

Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200308/f429c2e4/attachment.html>


More information about the NANOG mailing list