Federal Communications Commission Chair Brendan Carr told Congress the agency is looking to expand the use of call authentication protocols that help crack down on robocalling more broadly, while floating the possibility that he may ask for enhanced authorities to take bad actors to court for AI-generated deepfakes over telephone and broadcast networks.
While testifying before the House Oversight Committee on Wednesday, Carr faced questions from multiple lawmakers about how the agency was progressing on efforts to reduce the number of robocalls Americans receive every day.
Carr called the problem “exceptionally frustrating” and noted that robocalling is “probably the number one issue” he hears about from consumers.
He highlighted a number of existing challenges that make it harder for regulators to track bad actors, noting that robocallers have been notoriously adaptive to previous mitigations and that many of the calls come from overseas, where U.S. agencies like the FCC have little power.
“Once you solve one issue in terms of how these calls are coming in, it pops up in another way,” said Carr, adding that the agency was working on a “better technological system” to deal with robocalls across the board.
That technological system, called STIR/SHAKEN, predates Carr’s tenure as FCC chair, originating from a 2020 regulation that was meant to put telecommunications carriers on the hook for robocalls on their network.
Phone calls often travel across multiple carriers and networks before they reach their destination, which can make it difficult to trace a robocall back to the original source.
STIR/SHAKEN is a set of protocols that requires telecoms to formally vouch for that caller and carrier, primarily by attesting to the FCC that they have done due diligence to authenticate that caller’s identity during that handoff process.
But STIR/SHAKEN is a relatively new tool, and it only works on calls that travel over the more modern Voice Over Internet Protocol. Carr indicated a desire to change that.
“There are some gaps [in STIR/SHAKEN], including because if you’re not on a modern network, that authentication system doesn’t work, but we just saw a [public] comment on how we deal with that when [the same] calls traverse old networks as well,” Carr said. “So we’re both doing a whack-a-mole approach but also trying to put in a system-level way of addressing it, and we hear loud and clear that this is what people want us focused on.”
Carr said the FCC has spent about $250 million on STIR/SHAKEN, and the agency is also looking for ways to strengthen call blocking and authentication measures, while working with other legal and regulatory stakeholders like the Federal Trade Commission and state attorneys general.
In January, the FCC adopted new rules to tighten up reporting requirements around STIR/SHAKEN compliance, after a Texas-based telecom signed off on the Joe Biden AI robocalls sent to New Hampshire primary voters last year with the highest level of confidence for the caller’s authenticity. The company, Lingo Telecom, was fined $1 million by the FCC for the calls.
Last week, FTC Chair Andrew Ferguson told lawmakers that his agency received more than 2 million complaints about unwanted calls in fiscal year 2024, 1.1 million which were focused on robocalls.
Ferguson outlined a number of efforts to combat the problem, including by working with the FCC and law enforcement to identify and contact VOIP service providers that act as a “point of entry” for the transmission of illegal robocalls across U.S. networks, and informing them that they are in danger of triggering an investigation or enforcement actions.
Through that program, Ferguson said the FTC has sent 31 letters to VOIP providers believed to be responsible for more than 450 distinct robocalling campaigns. He also claimed that earlier rounds of communication resulted in substantial behavioral changes and a reduction in robocalls from the vast majority of contacted providers.
In an interview with CyberScoop earlier this year, Biden administration FCC Chair Jessica Rosenworcel cited two contributing factors that have tied the agency’s hands in addressing the problem: the inability to take bad actors to court to enforce fines, and a 2021 Supreme Court ruling that “radically narrowed our ability to go after bad actors with robocalls” by defining autocallers “in a way that froze the definition of the technology in 1991.”
In his testimony, Carr floated the idea that the FCC may ask for similar authorities to take companies to court, though it was in the context of enforcing regulations against AI and deepfake technologies.
But some stakeholders have been critical of the agency’s lack of action across both parties.
David Frankel, who created RRaptor, one of the robocalling surveillance platforms that federal agencies like the FCC and privately run organizations like the Industry Traceback Group rely on to collect data on robocalls, told CyberScoop that protocols like STIR/SHAKEN have yet to prove that they are capable of meaningfully denting the deluge of automated spam and marketing calls that Americans receive every day on their own.
“I think the FCC is institutionally out of touch with what is actually happening in the robocall ecosystem,” Frankel told CyberScoop. “They are toiling to fix gaps in the STIR/SHAKEN regime, when we are not even making use of what has already been put in place.”
While Frankel emphasized that he believes that the underlying logic for STIR/SHAKEN protocols is sound, he continues to see evidence every day that even more modern VOIP service providers aren’t using the information to cut off carriers with known reputations for servicing robocallers.
“We’ve spent perhaps a quarter of a billion dollars putting this in place, and tell me how you benefitted from it?” Frankel said. “When I talk to people in the industry and I ask what they’re doing with this information, there’s silence.”
Frankel said he does not believe that the FCC needs any new laws or authorities to address a large chunk of the robocalling problem. He cited a custom tool he had created — called “007” as a play-off of STIR/SHAKEN — that identifies calls from networks that are known or suspected to be friendly to robocallers and sends them straight to voicemail.
He demonstrated how it worked by having CyberScoop call his phone twice. The first time, the call went through and Frankel answered.
The second time, after he had flagged the reporter’s carrier and number, the call went straight to an automated message stating “the party you dialed has chosen not to be interrupted by the calls carrying the signature of your service provider” while routing the call to voicemail.
Frankel said he’s not the first person to come up with the idea and isn’t looking to sell the tool. His point is that something like this would be relatively easy to implement at scale for their users and would have a dramatic impact on robocalling frequency.
While robocalls may originate from a smaller network, Frankel said the overwhelming majority of calls in the U.S. are touched at some point by three major carriers: AT&T, T-Mobile and Verizon. Frankel said agencies like the FCC should be focused on regulation and oversight of those providers first, as the trickle-down effect could be substantial.
“Go call up the heads of those three companies and say don’t give me lip service, don’t kick the can down the road, don’t tell me we’re working on it and it’s due for release in 2026,” Frankel said. “You go figure out how to do this next month.”
The post FCC looking to expand anti-robocalling initiative appeared first on CyberScoop.
–
Read More – CyberScoop
