Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

[Ross Tajvar <ross () tajvar io>]

Well yeah, people need to take responsibility, but IMO we as engineers need
to discuss the specific circumstances and methodologies that enable that to
happen. It's easy to say "they should fix it", and you're not wrong that
they should, but how? Do you have a validation framework in mind which
carriers can implement that prevents fraudulent caller ID information from
being sent without preventing legitimate use cases?

On Thu, Jul 11, 2019, 2:46 PM Keith Medcalf <kmedcalf () dessus com> wrote:

> On Thursday, 11 July, 2019 12:38, Ross Tajvar <ross () tajvar io> wrote:
>
> > What if you use different carriers for termination and origination?
> > How does your termination carrier validate that your origination
> > carrier has allocated certain numbers to you and that you're
> > therefore allowed to make outbound calls with a caller ID set to
> > those numbers? That doesn't sound to me like something that can be
> > solved as quickly and easily as you imply.
>
> It does not really matter.  What matters is that they bear responsibility
> for an act in furtherance of a conspiracy to commit fraud.
>
> --
> The fact that there's a Highway to Hell but only a Stairway to Heaven says
> a lot about anticipated traffic volume.
>
>
> > On Thu, Jul 11, 2019, 2:33 PM Keith Medcalf <kmedcalf () dessus com>
> > wrote:
> >
> >
> >
> >       On Thursday, 11 July, 2019 11:18, Christopher Morrow
> > <morrowc.lists () gmail com> wrote:
> >
> >       >On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins
> > <paul () telcodata us> wrote:
> >
> >       >> Chris it would be trivial for this to be fixed, nearly
> > overnight,
> >       >> by creating some liability on the part of carriers for
> > illicit use of
> >       >> caller ID data on behalf of their customers.
> >
> >       >'illicit use of caller id' - how is caller-id being illicitly
> > used
> >       >though?
> >       >I don't think it's against the law to say a different
> > 'callerid' in
> >       >the call session, practically every actual call center does
> > this, right?
> >
> >       The problem is that CallerID is not really the CallerID.  It is
> > some fraudulent shit created by the caller.  This is not how
> > "CallerID" was originally sold.  It was sold as being the ID of the
> > Caller.  If it is not the ID of the Caller then Fraud is being
> > committed and the bastards should be castrated (or worse), and the
> > CEO and Directors of the carrier responsible for fraud getting
> > through to the end-user should face the same penalty.
> >
> >       See then how quickly this gets fixed.  You will fall off your
> > chair and it will be a "solved problem" before your arse hits the
> > ground!
> >
> >       --
> >       The fact that there's a Highway to Hell but only a Stairway to
> > Heaven says a lot about anticipated traffic volume.