Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

[Mike Hammett <nanog () ics-il net>]

Send them all to Lenny! 

If Apple and Google implemented a "Forward to Lenny" option in their OSes, robo calls would drop dramatically. :-) 





----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Damian Menscher via NANOG" <nanog () nanog org> 
To: "Brian J. Murrell" <brian () interlinx bc ca> 
Cc: "NANOG mailing list" <nanog () nanog org> 
Sent: Sunday, March 8, 2020 11:59:07 AM 
Subject: Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls 



On Fri, Mar 6, 2020 at 8:05 PM Brian J. Murrell < brian () interlinx bc ca > wrote: 



On Fri, 2020-03-06 at 18:37 -0500, bzs () theworld com wrote: 
> Why don't they just ask the phone companies who are billing these 
> robocallers who they are and we can arrest them. 

Exactly. 

I have always maintained that if my phone number were one of those 
"premium" numbers (1-976 -- maybe I am dating myself but you know what 
I mean -- where calls to it were billed at $5/min), I am sure that my 
telco (the one providing me the premium number on my the phone line 
that runs into my location) would always know exactly who to send the 
bill to for every call that called my number, including robocallers[1]. 

So, if my telco can bill the callers for those premium calls, they 
surely know who they are, or at least know where they are sending the 
bill and getting payment from. 

But who are we kidding? The telcos have been making money hand over 
fist with robocalls and are not really all that motivated to dry up 
that revenue stream. Regulation (as much as I hate it in general) is 
the only solution. 

Making the allowing of robocalls more expensive than preventing them is 
the only solution. Whether that is through fines as a result of 
regulation or otherwise. 





This is similar to the BCP38 problem of spoofed packets making their way onto the internet. The recipient has no way of 
knowing which packets are spoofed, but with (sampled) netflow/sflow, the origin of a flood of traffic *can* be traced, 
even if spoofed. And, once traced, it *can* be filtered. The fact transit providers don't do this traceback and 
filtering today is simply because it would cost money, and they make more money carrying the traffic (and also the 
amplified DDoS traffic it causes). The only solution is to make it more expensive to facilitate criminal activity than 
to prevent it. I think we're seeing the beginnings of this in the telco industry, and I hope it carries over to the 
internet. 


In the robocall case, there *is* something the end user can do to fight the abuse: answer every call, and keep them on 
the line as long as possible. They are paying for connected calls, for the connection duration, and for the humans to 
scam people. If everyone tarpitted them, the business model would fail. 


Damian