Phone Companies Are Testing Tech to Catch Spam Calls. Let’s Hope It Works.

https://www.nytimes.com/2019/04/26/your-money/robocalls-spam-calls.html

Version 0 of 1.

Anthony Marino set his mobile phone to “Do Not Disturb” before going to bed, but he sensed it flicker in the dark. The next morning, he saw he had missed roughly 30 calls: at 4:15 a.m., 4:34, 4:45, 5:08 and 5:12, and for two hours after that. Most appeared as “Lithuania” on his caller ID, although they could have come from anywhere.

“I hate to say it, but I don’t pick up the phone anymore, which is crazy,” said Mr. Marino, 37, a real estate agent in Brooklyn. “I have missed calls from attorneys and other agents I am doing deals with.”

The seemingly endless stream of robocalls reached a new monthly high of 5.23 billion nationwide in March, according to the call-blocking service YouMail. Some were spammy pitches for unwanted vehicle warranties or debt-relief services. Nearly half were straight-up scams. And there was often one common thread: They frequently came from somewhere other than they said they did.

New technology is providing a glimmer of hope that, someday, you might be able to safely pick up your phone again. Mostly, you’ll now be more likely to know callers are who they say they are.

But don’t expect any silver bullets that will put an end to robocalls. Pending regulatory changes could even add to the flood.

“It is a cat-and-mouse game, and there are a lot of mice out there who are really motivated,” said Alex Quilici, chief executive officer of YouMail, which estimated there were 47.8 billion robocalls last year, up nearly 57 percent from 2017.

Many of the larger carriers are finally testing and adopting technical standards intended to ensure callers are using legitimate phone numbers. Currently, scammers often display bogus numbers — sometimes spoofing official or local numbers meant to inspire trust, or faraway ones meant to play on your curiosity. (The ostensibly Lithuanian callers that Mr. Marino encountered typically hang up before the targets can answer, aiming to bill them, like a 900 number, when they call back. It’s known as a wangiri scam — Japanese for “one ring and cut.”)

Anti-spoofing technology won’t end spam, experts said, but it should help.

“It means I know where the number is coming from — it doesn’t mean it’s not a spam call,” said Jim McEachern, principal technologist at the Alliance for Telecommunications Industry Solutions, an association that focuses on industrywide problems. “But once we know the caller ID is accurate, we can begin to address the problem.”

T-Mobile was the first to install the new standard — known by the acronym Stir/Shaken, a tortured reference to James Bond and martini preparation — in January, although it’s currently compatible only with certain devices. AT&T and Comcast have worked together to verify calls across their networks, and Verizon said it expected to finish rolling out the standard within the next few months.

For the new approach to be most effective, the vast majority of the industry, from cable landlines to mobile providers, must use the new protocol. That way, both ends of a call — a Verizon customer calling, say, a Comcast customer — can be verified.

Gaps would still exist, however. Most older landlines, the kind found more often in rural areas, cannot adopt the new protocol. And international calls cannot yet be fully traced, so scams originating overseas using a spoofed domestic number could slip through. But experts said the new standard would still make it easier to more quickly identify schemes coming from overseas — and other calls that couldn’t be fully authenticated — if the industry’s biggest companies adopted it.

“We believe that we will begin to see value once a critical mass of deployment has taken place, a bit like vaccinations, and the top dozen or so carriers should get us to that point,” Mr. McEachern said.

While the Federal Communications Commission has said robocalls are a top priority, critics have long complained that the industry and its regulators have been slow to address the problem. The industry has been working on the new protocol since at least 2013, and the F.C.C. has been criticized for not requiring a firmer deadline for its adoption.

A Senate bill that would establish a deadline has gained bipartisan traction. The Traced Act, introduced by Senators John Thune, Republican of South Dakota, and Edward J. Markey, Democrat of Massachusetts, passed a committee vote this month. Along with stiffening penalties and giving the F.C.C. more time to punish perpetrators, the bill would require all voice service providers — including those over the internet, such as Skype and Google Voice — to adopt call authentication technology within 18 months of the bill’s enactment.

“The phone companies say they are working toward this, but we really think it’s important to be required to implement this by a certain deadline,” said Maureen Mahoney, a policy analyst at Consumer Reports.

Authentic caller ID information isn’t a cure-all. The new standard hasn’t yet been rolled out, and there are already cheap and easy ways to circumvent it. Scammers who can’t hide behind spoofed numbers can just buy real ones — for $1 a month or less — and make tens of thousands of calls from each of them.

“Many such services today require only a credit card, so that a robocaller can easily acquire a number, use it for robocalls until the number makes its way onto too many blacklists to be useful and then pick a new one,” said Henning Schulzrinne, a professor of computer science at Columbia University who was a chief technology officer at the F.C.C. from 2012 to 2014 and again in 2017.

Even fraudulent callers using real numbers should be easier to ferret out, however, because their calls will, in a sense, have fingerprints.

Attempts to weed out bogus calls have also spawned a movement to verify the calls you might want to pick up. Many businesses and governments use bulk calling services to provide critical information: credit-card fraud alerts from banks, product recalls and even alerts to crime victims that an offender has been released from custody. Such calls have been mislabeled as scams or even mistakenly blocked by apps after being reported as spam, experts said.

A company called Numeracle is working with the industry to ensure that such calls get through by vetting and registering businesses and other organizations, then sharing their numbers with the industry.

“If we accidentally start to catch good calls, there can be serious consequences,” said Rebekah Johnson, the founder and chief executive officer of Numeracle.

Regulators have made headway against illegal calls: The F.C.C. has issued fines for spoofing, and the Federal Trade Commission recently shut down four companies that made billions of illegal calls.

But consumer advocates are concerned that regulators could add to the volume of robocalls that are legally permitted.

The F.C.C. is working on a new definition of auto-dialers — the systems that make robocalls — to clarify what technology it covers. The previous interpretation was struck down by a federal court in a case brought by ACA International, a trade group for the credit- and debt-collection industries.

Consumer advocates fear the F.C.C., under the business-friendly Trump administration, will narrow the definition. That could make it easier for robocallers — from telemarketers to debt collectors — to call without consumer consent, which is currently required when calls are made using an auto-dialer or a prerecorded voice.

“If they define auto-dialer the way the industry wants it defined, it will be so narrow it won’t cover any of the auto-dialers out there,” said Margot Saunders, senior counsel at the National Consumer Law Center. “The scourge of robocalls will skyrocket.”

The F.C.C. said those concerns were speculative. The agency has solicited public comments on the issue twice last year, but declined to say how long it might take to come up with a new definition. A spokesman said the commission “will continue to combat all illegal robocalls with every tool we have.”

Consumers, meanwhile, just want to be able to pick up their phones again. Matt Kumagai of Los Angeles recently received a barrage of calls purporting to be from Honduras, Belarus and Lithuania.

“I just ignore calls that are not a contact in my phone, because it has become so overwhelming,” Mr. Kumagai, 27, said.

After receiving a dozen spam calls in two days, he vented on Twitter: “If I get 1 more call from Belarus I’m gonna lose it.”