Maybe we’ll be able to answer our phones again after all. A cybersecurity expert is hopeful.

We in the Guild are not quite ready to break out the chilled sparkling cider and start dialing random numbers to celebrate… but Scientific American has us cautiously optimistic about using our phones as phones once again. They spoke with Adam Doupé, a cybersecurity expert at Arizona State University, about the FCC’s recent ruling that requires phone companies to block calls from known car-warranty robocall scammers:

The FCC is claiming that one auto warranty scam operation is responsible for making more than eight billion robocall messages since 2018—that’s just staggering. That’s two billion a year from one campaign. Companies are sending out billions of messages, and that’s inherently going to affect you; you’ll get one to three a day.

There is a protocol that was created called STIR/SHAKEN, [or secure telephony identity revisited/signature-based handling of asserted information using tokens, which the FCC began requiring in 2021]. It adds a field when you’re making a voice call that says, “I am this entity, and I have verified the caller ID.” This allows anyone who’s transmitting that request to look at that header message and say, “Okay, I can verify with cryptography that, yes, this actually is the originator [of the call].”

Now the problem is if a call comes in from a VoIP [voice-over-Internet protocol] provider overseas. How does the U.S. carrier verify that phone number? What the FCC has done is create this system where it has a Robocall Mitigation Database. U.S. companies that act as connection points between foreign VoIP and other phone services have to register and say, “These are the steps we’re taking to verify these [overseas] phone numbers.” The [U.S.] phone providers are now allowed to drop traffic from providers that are not following these standards. The FCC actually orders companies to block [the known auto warranty] robocall scam calls.

So STIR/SHAKEN is not a defense against robocalling per se. It’s a defense against changing the caller ID, which is an important part of these scams.

I think disincentives will make businesses say, “As a legitimate business, we shouldn’t do this.” There was a $225-million fining of Texas-based health insurance telemarketers that made about a billion robocalls. You can see a combination of technical measures and policy measures designed to try to close these loopholes. Is that going to stop criminals located in other countries who are trying to defraud people? Probably not. One thing we could do is make the cost of making a billion calls more expensive. I’m hopeful that this will help stem the tide.