Should robocall traceback information be made public?

Should information gathered in robocall traceback be made publicly available? Arguments have been made on both sides. Let’s have a look at the issues.

Reasons to make robocall traceback public

The Electronic Privacy Information Center and National Consumer Law Center filed comments with the FCC in response to proposed rules on robocall mitigation and call authentication. In their comments, EPIC and NCLC urged the FCC to make all tracebacks conducted by the ITG be made public within 24 hours of the traceback. They believe that making traceback information publicly available would enable the following:

1. Providers could identify and avoid accepting calls directly from upstream providers that have been found in previous tracebacks to have repeatedly transmitted illegal calls.
2. Scam victims and consumer advocates could identify complicit providers and hold them liable.
3. Legal robocallers could identify and avoid providers that are transmitting illegal calls, so their calls wouldn’t get mixed with the scam calls and mislabeled as scam call or scam likely.

Reasons to restrict access to robocall tracebacks information

In their letter, the Industry Traceback Group (ITG) wrote that raw traceback data can be both misleading and harmful. The data can understate the complicity of bad actors and overstate the responsibility of a voice provider, including lesser-known small providers. The ITG explained this with several observations they have made in conducting tracebacks.

The ITG shares traceback information with relevant parties.

Information is shared with federal and state law enforcement agencies. This information includes providers that appear most prolifically in tracebacks or are responsible for specific robocall campaigns. The ITG has responded to over 300 investigation demands from federal and state agencies. More recently, the ITG launched a platform to provide law enforcement with real time data on traceback results. The ITG also shares traceback information with other providers in the ITG portal.

Some providers appear in many tracebacks for a week or two then cease to appear in subsequent tracebacks.

The ITG letter describes tactics that bad actors use to evade detection. These tactics work for a while, and downstream providers may appear to be complicit in transmitting the illegal calls. However, once the downstream providers learn of the robocall campaigns, often from participating in the traceback program, they stop accepting traffic from complicit upstream providers.

Some providers seem to be nonresponsive to traceback requests at first, but then they come around.

Some traceback requests go to the wrong individual or end up in a spam email folder. Once they become familiar with the process, many of these providers respond appropriately. The ITG has changed processes to help overcome these processes, such as notifying downstream providers when an upstream provider is unresponsive, which sometimes resolves the issue.

Robocall tactics evolve.

Robocall-friendly providers use a variety of tactics to confound the traceback process, such as shell companies and squatting on websites with similar names. Traceback can be falsely associated with a provider that never had illegal robocall traffic on its network.

Our thoughts

The EPIC/NCLC suggestion seems reasonable: publicize traceback information to put pressure on robocall-friendly providers that are complicit in transmitting illegal calls.

The ITG cautions us that, just because a provider appeared in a traceback investigation, that doesn’t mean they are complicit in illegal robocalls.

The success of the proposed measures depends on differentiating robocall-friendly providers complicit in transmitting illegal robocalls from legitimate providers trying to do the right thing, but who are sometimes fooled by robocall tactics—at least, for a while. Not every provider that appears in a traceback is a willing accomplice in illegal robocalls. (However, they could protect their reputation by tightening up their vetting and call analytics.)

How do you tell the good guys from the bad guys?

The ITG knows which providers seem to be bad actors. They make referrals to law enforcement. Couldn’t they just publicize traceback information about those providers?

Yes, they could. However, that would give the ITG vast power over the reputation and survival of businesses without much due process. One benefit of the current system is that the ITG turns information over to law enforcement. From that point, there’s an investigation and due process to treat suspects fairly.

As frustrating as it seems to protect traceback information—“You know who the bad guys are… just tell us!”—considerations about fairness and due process make us think that it’s best to share this information with other providers in the ITG portal and law enforcement. If enforcement authorities find wrongdoing, then the rest of us will know soon enough.

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.