Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

[Michael Thomas <mike () mtcc com>]

On 7/15/19 12:07 PM, Jay R. Ashworth wrote:
> ----- Original Message -----
> > From: "Christopher Morrow" <morrowc.lists () gmail com>
> > On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins <paul () telcodata us> wrote:
> > > Chris it would be trivial for this to be fixed, nearly overnight, by
> > > creating some liability on the part of carriers for illicit use of
> > > caller ID data on behalf of their customers.
> > 'illicit use of caller id' - how is caller-id being illicitly used though?
> > I don't think it's against the law to say a different 'callerid' in the call
> > session, practically every actual call center does this, right?
> I can speak to that, having originated calls from a call center.
>
> Yes, of course we sent out calls with "spoofed" CNID.
>
> But, even though only 2 or 3 or our 5 carriers* held *our* feet to the fire,
> we held the clients' feet to the fire, requiring them to prove to our
> satisfaction that they had adminstrative control over the numbers in question.
>
> But it's the carrier's responsibility, properly, to do that work.

How do the clients prove that?

Way back when when we were working on mipv6 we had to work through a 
somewhat similar problem for handoffs. The ultimate answer was a return 
routability test: that is, if you can answer on the address you're 
trying to claim "ownership" for, it's good enough.

Maybe such a thing can be done in for spoofing? Even out of band spot 
checking might be adequate to keep clients honest?

But right you are, it's ultimately the carrier who needs to care about 
this problem at or nothing gets better.

Mike