Congress passes anti-robocall bill

Credit to Author: Danny Bradbury| Date: Mon, 23 Dec 2019 13:20:16 +0000

A bill to punish robocallers has finished its passage through Congress and is expected to become law any day now.

US phones now get 200m robocalls each day, and lawmakers have had enough. They hope that the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act currently on its way to the President’s desk will put a stop to it.

The bill, introduced in the Senate on 16 January 2019, already passed a Senate vote in May before going to the House of Representatives, where it finally passed with amendments in early December. That sent it back to the Senate, which passed it with a final vote, meaning that once the President signs it, it will be law.

What will this Act do to stop robocallers from polluting US phones with timeshare offers, payday loan scams and other predatory messages? The headline is the $10,000 penalty per violation that the Federal Communications Commission (FCC) could impose on them. It would also force carriers to use a call authentication framework called Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENs (STIR/SHAKEN).

These two protocols use digital certificates to ensure that the number showing up on your phone really is the number calling you. Without that technology, it’s simple for scammers to pretend they’re calling from any number. This is a partial solution, though, as it only identifies legitimate callers, not scammers. Neither can it trace those bad actors when they do call.

To cope with the tracking problem, the Act does provide for a consortium of private companies that will focus on tracing robocalls back to their senders. The Commission can take action against voice carriers that don’t participate.

The law will also force the FCC to review its policies on how carriers sell lists of telephone numbers, examining registration and compliance obligations to avoid bad actors getting hold of number lists. It will also require the Commission to create a database of disconnected telephone numbers, to stop companies calling their new owners.

Alongside general nuisance robocallers, the law singles out some specific attacks and victims for special treatment. It explicitly calls upon the FCC to tackle one-ring scams, in which a bot calls long enough for the victim’s phone to ring just once. The curious victim then returns the call using the number that showed up on caller ID, incurring charges. The act also establishes a hospital robocall protection group to tackle the rising problem of robocalls that jam hospital lines.

The real question is whether the FCC will step up to the plate and use the law to tackle robocallers. It already imposes stiff penalties, sometimes reaching into the millions of dollars, but isn’t too keen on collecting them. A March 2019 Wall Street Journal investigation into the Commission’s follow-through on fines found that it had collected just $6,790 of the $208m in penalties that it imposed on robocallers since 2015.

http://feeds.feedburner.com/NakedSecurity

Leave a Reply