<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">I thought that SCOTUS ruled years ago that telco users possess a First Amendment right to spoof Caller ID.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Matthew<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> NANOG < > <b>On Behalf Of </b>Shane Ronan<br>
<b>Sent:</b> Tuesday, October 04, 2022 11:22 AM<br>
<b>To:</b> Michael Thomas <mike@mtcc.com><br>
<b>Cc:</b> nanog@nanog.org<br>
<b>Subject:</b> Re: FCC chairwoman: Fines alone aren't enough (Robocalls)<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:13.0pt;color:#E74C3C">CAUTION: This email was sent from an external source.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Except the cost to do the data dips to determine the authorization isn't "free".<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Tue, Oct 4, 2022 at 2:18 PM Michael Thomas <<a href="mailto:mike@mtcc.com">mike@mtcc.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 10/4/22 6:07 AM, Mike Hammett wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">I think the point the other Mike was trying to make was that if everyone policed their customers, this wouldn't be a problem. Since some
don't, something else needed to be tried.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
</div>
</blockquote>
<p>Exactly. And that doesn't require an elaborate PKI. Who is allowed to use what telephone numbers is an administrative issue for the ingress provider to police. It's the equivalent to gmail not allowing me to spoof whatever email address I want. The FCC could
have required that ages ago.<o:p></o:p></p>
<p><o:p> </o:p></p>
<p>Mike<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><br>
-----<br>
Mike Hammett<br>
Intelligent Computing Solutions<br>
<a href="https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ics-il.com%2F&data=05%7C01%7CMatthew.Black%40csulb.edu%7C4f407d3657914e6e376808daa635d027%7Cd175679bacd34644be82af041982977a%7C0%7C0%7C638005047301904372%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bo0uAAYDQOW8qVLoIa1ry3XqWW1fvzQl3ekm3Db77cg%3D&reserved=0" target="_blank">http://www.ics-il.com</a><br>
<br>
Midwest-IX<br>
<a href="https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.midwest-ix.com%2F&data=05%7C01%7CMatthew.Black%40csulb.edu%7C4f407d3657914e6e376808daa635d027%7Cd175679bacd34644be82af041982977a%7C0%7C0%7C638005047301904372%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2BxqML5s%2FfiO2qJqgjTwIscrNnb%2FakGsBmNz3p07fFs%3D&reserved=0" target="_blank">http://www.midwest-ix.com</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">
<hr size="2" width="100%" align="center" id="m_5695148775473131614zwchr">
</span></div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">From:
</span></b><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">"Shane Ronan"
<a href="mailto:shane@ronan-online.com" target="_blank"><shane@ronan-online.com></a><br>
<b>To: </b>"Michael Thomas" <a href="mailto:mike@mtcc.com" target="_blank"><mike@mtcc.com></a><br>
<b>Cc: </b><a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a><br>
<b>Sent: </b>Monday, October 3, 2022 9:54:07 PM<br>
<b>Subject: </b>Re: FCC chairwoman: Fines alone aren't enough (Robocalls)<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">The issue isn't which 'prefixes' I accept from my customers, but which 'prefixes' I accept from the people I peer with, because it's entirely dynamic and without
a doing a database dip on EVERY call, I have to assume that my peer or my peers customer or my peers peer is doing the right thing.
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">I can't simply block traffic from a peer carrier, it's not allowed, so there has to be some mechanism to mark that a prefix should be allowed, which is what Shaken/Stir
does.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">Shane<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">On Mon, Oct 3, 2022 at 7:05 PM Michael Thomas <<a href="mailto:mike@mtcc.com" target="_blank">mike@mtcc.com</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">The problem has always been solvable at the ingress provider. The
<br>
problem was that there was zero to negative incentive to do that. You <br>
don't need an elaborate PKI to tell the ingress provider which prefixes <br>
customers are allow to assert. It's pretty analogous to when submission <br>
authentication was pretty nonexistent with email... there was no <br>
incentive to not be an open relay sewer. Unlike email spam, SIP <br>
signaling is pretty easy to determine whether it's spam. All it needed <br>
was somebody to force regulation which unlike email there was always <br>
jurisdiction with the FCC.<br>
<br>
Mike<br>
<br>
On 10/3/22 3:13 PM, Jawaid Bazyar wrote:<br>
> We're talking about blocking other carriers.<br>
><br>
> </span><span style="font-size:12.0pt;font-family:"Tahoma",sans-serif;color:black"></span><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">On 10/3/22, 3:05 PM, "Michael Thomas" <<a href="mailto:mike@mtcc.com" target="_blank">mike@mtcc.com</a>>
wrote:<br>
><br>
> On 10/3/22 1:54 PM, Jawaid Bazyar wrote:<br>
> > Because it's illegal for common carriers to block traffic otherwise.<br>
><br>
> Wait, what? It's illegal to police their own users?<br>
><br>
> Mike<br>
><br>
> ><br>
> > </span><span style="font-size:12.0pt;font-family:"Tahoma",sans-serif;color:black"></span><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black">On 10/3/22, 2:53 PM, "NANOG on behalf of Michael Thomas" <nanog-bounces+jbazyar=<a href="mailto:verobroadband.com@nanog.org" target="_blank">verobroadband.com@nanog.org</a>
on behalf of <a href="mailto:mike@mtcc.com" target="_blank">mike@mtcc.com</a>> wrote:<br>
> ><br>
> ><br>
> > On 10/3/22 1:34 PM, Sean Donelan wrote:<br>
> > > 'Fines alone aren't enough:' FCC threatens to blacklist voice<br>
> > > providers for flouting robocall rules<br>
> > ><br>
> > > <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cyberscoop.com%2Ffcc-robocall-fine-database-removal%2F&data=05%7C01%7CMatthew.Black%40csulb.edu%7C4f407d3657914e6e376808daa635d027%7Cd175679bacd34644be82af041982977a%7C0%7C0%7C638005047301904372%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YzrPveqbGpF%2FnpjU%2Bn9m6GTx5mhA2dG%2FzACG%2Fjmdumc%3D&reserved=0" target="_blank">
https://www.cyberscoop.com/fcc-robocall-fine-database-removal/</a><br>
> > ><br>
> > > [...]<br>
> > > “This is a new era. If a provider doesn’t meet its obligations under<br>
> > > the law, it now faces expulsion from America’s phone networks. Fines<br>
> > > alone aren’t enough,” FCC chairwoman Jessica Rosenworcel said in a<br>
> > > statement accompanying the announcement. “Providers that don’t follow<br>
> > > our rules and make it easy to scam consumers will now face swift<br>
> > > consequences.”<br>
> > ><br>
> > > It’s the first such enforcement action by the agency to reduce the<br>
> > > growing problem of robocalls since call ID verification protocols<br>
> > > known as “STIR/SHAKEN” went fully into effect this summer.<br>
> > > [...]<br>
> ><br>
> > Why did we need to wait for STIR/SHAKEN to do this?<br>
> ><br>
> > Mike<br>
> ><br>
><br>
><o:p></o:p></span></p>
</blockquote>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</body>
</html>