STIR/SHAKEN has been years in the making, with legislative and regulatory backing. One of the…
Great news from Washington: The TRACED Act and the ROBOCOP Act are pending; Congress is holding more hearings. Reflecting the mood of their constituents, lawmakers are fed up with robocalls.
So far, laws have not been very effective at stopping these calls. Those makings the calls can obscure their locations and identities. They are hard to locate, and when they are tracked down, sometimes they are outside the country. Usually they have no money (that can be found); that’s why the FCC has collected about $6 grand of the $200+ million in fines they’ve issued, according to recent headlines.
While well-intentioned, it isn’t obvious that the new laws are going to be more effective than the old ones. The new laws mandate “call authentication” (also known as STIR/SHAKEN); they extend the statute of limitations (from one year to three); they increase penalties. Look to the past; there’s no silver bullet here.
The new laws may prove incrementally helpful, so let them move forward. But what else can we do to address the problem?
Because every robocaller must place their calls through some telecommunications provider, those telcos are in a very powerful position to mitigate the problematic traffic. There’s a commercial contract between the robocaller and the telco, and the telco sets the terms and conditions under which they will carry those calls. These are typically contained in “terms of service” and/or “acceptable use policies.”
Telcos don’t need laws to back up their AUPs. It’s the same as many other businesses; look at rental cars. Hertz generally doesn’t rent to people under 25, and it doesn’t allow smoking in its cars. Neither are illegal, but Hertz figured out those restrictions work best for their business. Other rental car companies have similar rules; they aren’t colluding; rather, each decided that those rules served them (and other stakeholders, like the next person to rent the car) well.
Twilio’s AUP rules out not only illegal activity but also that which “causes a telecommunications provider to complain about your use” and it prohibits “Using the Twilio Services in connection with unsolicited, unwanted, or harassing communications” as well as a variety of other bad (even if not illegal) behaviors. As another example, Bandwidth’s AUP doesn’t allow “sending unsolicited calls, messaging, e-mailings (including, without limitation, commercial advertising and informational announcements) if such unsolicited activities could reasonably be expected to or do in fact provoke complaints.”
All telcos need to be specific with their customers about what type of traffic is and is not permissible. To address robocalling, telcos offering services that support “volume calling” or “dialer decks” or “short-duration calling” or “automated dialing” (as examples, in contrast to “conversational traffic”) need to be vigilant about who gets access to that capability. That doesn’t have to mean acting as a policeman. But just like Hertz checks your driver’s license before renting you a car, a telco needs to do some basic checks up front. And while Hertz doesn’t ride with you to make sure you don’t light up a cigarette, if the car comes back smelling like smoke, they may charge you $400 and put you on their do-not-rent list.
Remember also that when you return that smoky car, Hertz isn’t going to give you a pass if you claim that it wasn’t you doing the smoking, it was a passenger. Similarly, telcos need to be clear that all traffic sent by the customer, including that sent on behalf of others upstream, is subject to the AUP.
That can happen without any new laws.