FTC Promises To Play Hardball With Robocall-Enabling VOIP Providers

from the whac-a-mole dept

Every year or so, the FCC unveils a new plan to combat robocalls it claims will finally tackle the annoying menace. Granted, year after year, the problem either gets worse or stays relatively the same. We've already noted that this is generally due to few things: one, a steady erosion by the courts (and lobbyists) of what the FCC can or can't actually do when it comes to various annoyances like automated spam texts or live robocalls.

The other issue is that regulators and policymakers tend to frame the problem as one exclusive to scammers -- when a wide variety of telecoms, marketing, and debt collection companies use all the same dodgy tactics to annoy consumers they often know can't pay anyway. If you hadn't noticed, trying to craft rules that leave huge carve outs for "legitimate" companies while still hamstringing outright scammers generally doesn't work very well. You've also got to craft rules and systems that allow robocalls people want (medical and dental appointment reminders, for example).

Even when only talking about scam robocalls, there's still room for meaningful improvement. The steady adoption of SHAKEN/STIR authentication technology has helped crack down on phone number spoofing. Targeting "gateway providers," who act as a proxy here in the U.S. for robocalls originating overseas, could also help.

Meanwhile the FTC says it's also going to start filing lawsuits against voice over IP (VOIP) companies that fail to cooperate with investigations into illegal robocalls:

"Companies that receive FTC Civil Investigative Demands must promptly produce all required information,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “These demands are not voluntary. Companies that don’t respond fully, or don’t respond at all, will have to answer to a federal district court judge, as these cases demonstrate."

The agency receives upwards of two million consumer complaints about robocalls every nine months. The YouMail Robocall Index indicates that there are still 3.9 billion robocalls placed to U.S. consumers alone every single day, or 5.3 million robocalls per hour. And again, contrary to the narrative generally seeded by regulators, most U.S. robocallers aren't "scammers": they're cable companies, banks, and debt collectors.

And while a lot of the calls are companies calling about overdue bills, many of these calls cross a line into outright harassment. Many of these companies know the customers they're reaching out to can't pay; yet the National Consumer Law Center (NCLC) has repeatedly testified before Congress that these robocallers can sometimes call folks upwards of hundreds of times a day, even after being asked to stop. And they often use many of the same tactics used by outright scammers.

As with everything at the FTC, it's a matter of resources. The agency is tasked with tackling everything from bleach labeling to home heating system repair scams, generally with limited staff and funds. And while the FCC and FTC dole out a ton of fines against robocallers, the vast majority of them are simply never paid or collected. Either because the target company is a scammer that's hard to find, or they're a deep-pocketed corporation that can litigate any penalties for ignoring robocall rules into oblivion.

Again though, you'll notice focus remains on "illegal" robocalls, which is a problem when the courts and lobbyists keep weakening the definition of what constitutes a "legal" robocall and what regulators can do about it. The broader the definition and the more loopholes allowed to make sure large, "legitimate" companies can continue to annoy and harrass people, the easier they are for outright scam robocallers to exploit.

Filed Under: ftc, robocalls, voip

Texas Power, Phone Outages Again Highlight How Infrastructure Underinvestment Will Be Fatal Moving Forward

from the things-will-need-to-change,-quickly dept

If you hadn't noticed, the United States isn't really prepared for climate change. In part because corporations and disinformation mills have convinced countless Americans a destabilizing climate isn't actually happening. But also because we were already perpetually underinvesting in our core infrastructure before the symptoms of an unstable climate began to manifest. It's a massive problem that, as John Oliver highlighted six years ago, doesn't get the same attention as other pressing issues of the day. You know, like the latest influencer drama or mortal threat posed by TikTok.

Infrastructure policy is treated as annoying and boring... until a crisis hits and suddenly everybody cares. As millions of Texans found out this week when the state's energy infrastructure crumbled like a rotten old house under the weight of heating energy demands, leaving millions without power during a major cold snap. While outlets like the Wall Street Journal and Fox News quickly tried to weaponize the crisis by blaming the renewable energy sector for the problems, deeper, more technical dives seem to indicate a lack of wind power output wasn't the underlying problem:

"While some early reports indicated that frozen wind turbines were causing significant shortfalls, 30GW is roughly equal to the entire state's wind capacity if every turbine is producing all the power it's rated for. Since wind in Texas generally tends to produce less during winter, there's no way that the grid operators would have planned for getting 30GW from wind generation; in fact, a chart at ERCOT indicates that wind is producing significantly more than forecast."

While it will obviously require a deeper investigation to flesh out the failure points, the real culprit appears to be entirely predictable and notably more banal. Namely, inconsistent regulatory oversight and a systemic underinvestment in essential infrastructure:

"Ed Hirs, an energy fellow in the Department of Economics at the University of Houston, blamed the failures on the state’s deregulated power system, which doesn’t provide power generators with the returns needed to invest in maintaining and improving power plants.

“The ERCOT grid has collapsed in exactly the same manner as the old Soviet Union,” said Hirs. “It limped along on underinvestment and neglect until it finally broke under predictable circumstances."

Texas' issues are somewhat unique by nature of the way the Texas utility grid is structured. It's isolated in part because of the state's unwillingness to be regulated by the federal government. And while deregulation efforts in the late nineties and early aughts were supposed to fix the state's power monopoly problems, the policy wound up being a bit of a mixed bag:

"from 2002 to 2013, the average household in deregulated areas paid a total of about $4,800 more than residents of cities — like Austin and San Antonio — served by just one municipal utility, or those served by electric cooperatives, the analysis said."

Either way, these problems could have been avoided. In fact, a decade-old report pointed out precisely how to avoid them via weatherization, investment, and greater emergency natural gas reserves. Many Texas utilities talked about how they were doing these things, but didn't actually follow through, the 2011 report politely noted:

"Although generators and gas producers reported having winterization procedures and practices in place, responses were generally reactive in their approach to winterization and preparedness."

And of course because gutting state and federal regulatory oversight is treated as a panacea on many fronts, government didn't do enough to ensure these companies were disaster-proofing their network. Going this extra mile also requires spending money on preparing for climate change, something that's hard to do when you've got millions of folks running around -- especially in Ted Cruz' state of Texas -- who don't believe in climate change. In fact as the crisis has become more and more pronounced, many political leaders did the exact opposite of responsible leadership, by turning infrastructure investment and competent regulatory oversight into another idiotic political trolling opportunity:

In addition to the power outages, millions of Texans lost access to voice services. While old copper phone lines still work, cable voice or VOIP services quickly fell apart -- in part because we stopped mandating back up batteries in many internet-based phone services. Meanwhile, cell phones don't work if there's no power going to your local tower, and a lack of backup power options at those sites:

After Hurricane Katrina, in 2008, the FCC passed rules mandating that cellular towers be upgraded to include battery backups or generators capable of delivering at least 8 hours of backup power, if not 24 or more. But the US cellular industry, you know, the one whose rates are some of the highest in the developed world, cried like a petulant child about the requirement and sued to scuttle the rules.

Backed by the then Bush White House, cellular carriers told anybody who'd listen that the requirement would create "a huge economic and bureaucratic burden" for the industry. A better approach, the industry proclaimed, would be to let the industry self-regulate and adhere to entirely voluntary guidelines, leaving it with the "flexibility" to adapt to problems as the industry saw fit. It didn't work, and as a result outages were equally dire during Hurricanes Katrina, Sandy, and Irma. And now again in Texas.

Infrastructure policy is often dismissed as droll wonkery and largely ignored... until a crisis. But these problems are made all the more frustrating because experts know what to do to prevent disruption and save lives... we just refuse to do it. Regardless, it's increasingly clear that letting powerful regional companies (be they in energy or telecom) self-regulate, while underinvesting all the while, is going to prove increasingly fatal as the climate increasingly destabilizes. The real question is: how many people are going to die before we actually learn something from the experience?

Filed Under: broadband, electricity, infrastructure, power, storms, texas, voip

Ajit Pai Again (Falsely) Claims States Are Powerless To Protect Broadband Consumers

from the good-luck-with-that dept

For much of the last year ISPs like Comcast have been successfully lobbying to eliminate most meaningful oversight of their broadband monopolies. On the federal level, that has involved convincing Ajit Pai to neuter the FCC's authority over ISPs, then shoveling any remaining authority to an FTC that's ill-equipped to actually do the job. On the state level, that has involved lobbying Pai (who again was happy to oblige) to include language in the FCC net neutrality repeal attempting to "pre-empt" (read: ban) states from also protecting consumers.

These efforts haven't gone well so far. Charter (Spectrum) tried to lean on this language to recently wiggle out of a New York State lawsuit over terrible speeds and poor service, only to have the courts reject its argument. And lawyers have argued that when the FCC abdicated its authority over ISPs, it ironically also eroded its rights to tell states what they can do, spelling trouble for any ISP plans to kill state level net neutrality rules.

Undaunted, Pai's FCC continues to insist it has this authority anyway. Last week, the US Court of Appeals for the 8th Circuit ruled (pdf) that Minnesota's state government cannot regulate VoIP phone services offered by Charter and other cable companies because VoIP is an "information service" under federal law. Charter had sued the state PUC after it filed a complaint noting that Charter had split off its voice service from its regulated wholesale telecommunications business, dubbing it an "information service" in a bid to avoid state oversight.

Ajit Pai was quick to take a victory lap in a statement praising the ruling (pdf), insisting that the court victory portends success in the FCC's goal of stopping states from protecting net neutrality:

"A patchwork quilt of 50 state laws harms investment and innovation in advanced communications services. That’s why federal law for decades has recognized that states may not regulate information services. The Eighth Circuit’s decision is important for reaffirming that well-established principle: ‘[A]ny state regulation of an information service conflicts with the federal policy of nonregulation’ and is therefore preempted. That is wholly consistent with the approach the FCC has taken under Democratic and Republican Administrations over the last two decades, including in last year’s Restoring Internet Freedom Order."

So for one, there wouldn't be a "patchwork quilt of 50 states" trying to protect net neutrality if Pai hadn't almost-gleefully assaulted popular (and modest by international standards) federal rules. Two, Pai's endless claim that net neutrality stifles investment has never been supported by the facts. Three, you'll probably be surprised to learn that the ruling doesn't do anything close to what Pai says it does:

"The net neutrality case is being handled by the US Court of Appeals for the District of Columbia Circuit, so it will be decided by different judges. The details are also different in the net neutrality case, said attorney Andrew Schwartzman, who represents the Benton Foundation in the case against the FCC.

In the net neutrality case, "the Pai FCC definitively said that it has no jurisdiction under either Title I or Title II [of the Communications Act] to regulate broadband Internet access service," Schwartzman told Ars. "As the governmental parties explained at pp. 39-56 their brief, when an agency lacks authority to regulate, it also lacks authority to preempt.

The VoIP case also differs from the net neutrality case in that there was "no FCC decision at issue" because "the FCC has repeatedly refused to decide what regulatory classification... should be applied to VoIP," Schwartzman said. "Thus, it was left to the court to consider the question in a case between the state and Charter."

In other words, these are completely different rulings in a different court saying completely different things, something you imagine Pai (as a lawyer) would understand. And again, when the FCC killed its own ability to regulate ISPs as common carriers under Title II of the Communications Act, it simultaneously eliminated its authority to thwart states from filling the void. That's a bit weedy, but it's going to be very important should ISPs follow through on their promise to sue any states that pass their own state-level net neutrality protections.

Again, the pretense is that by killing state and federal oversight of natural monopolies, magical things will happen, ranging from more investment to lower prices and more competition. But that's not how the telecom sector works. Freeing Comcast from meaningful oversight in the absence of healthy competition only gives Comcast carte blanche to do whatever it damn well pleases. And as we've made pretty clear, what Comcast wants is to be able to find new and creative ways to rip people off with neither regulatory oversight nor competition having much of a say about it.

Filed Under: ajit pai, authority, broadband, fcc, net neutrality, regulations, states, states rights, voip

DOJ Asking Court To Force Facebook To Break Encryption On Messenger Voice Calls

from the with-an-eye-on-undermining-all-encrypted-messaging-services dept

The DOJ's war on encryption continues, this time in a secret court battle involving Facebook. The case is under seal so no documents are available, but Reuters has obtained details suggesting the government is trying to compel the production of encryption-breaking software.

The U.S. government is trying to force Facebook Inc to break the encryption in its popular Messenger app so law enforcement may listen to a suspect’s voice conversations in a criminal probe, three people briefed on the case said, resurrecting the issue of whether companies can be compelled to alter their products to enable surveillance.

The request seeks Facebook's assistance in tapping calls placed through its Messenger service. Facebook has refused, stating it simply cannot do this without stripping the protection it offers to all of its Messenger users. The government disagrees and has asked the court for contempt charges.

Underneath it all, this is a wiretap order -- one obtained in an MS-13 investigation. This might mean the government hasn't used an All Writs Acts request, but is rather seeking to have the court declare Messenger calls to be similar to VoIP calls. If so, it can try to compel the production of software under older laws and rulings governing assistance of law enforcement by telcos.

A federal appeals court in Washington D.C. ruled in 2006 that the law forcing telephone companies to enable police eavesdropping also applies to some large providers of Voice over Internet Protocol, including cable and other broadband carriers servicing homes. VoIP enables voice calls online rather than by traditional circuit transmission.

However, in cases of chat, gaming, or other internet services that are not tightly integrated with existing phone infrastructure, such as Google Hangouts, Signal and Facebook Messenger, federal regulators have not attempted to extend the eavesdropping law to cover them, said Al Gidari, a director of privacy at Stanford University Law School’s Center for Internet and Society.

Calls via Messenger are still in a gray area. Facebook claims calls are end-to-end encrypted so it cannot -- without completely altering the underlying software -- assist with an interception. Regular messages via Facebook's services can still be decrypted by the company but voice calls appear to be out of its reach.

Obviously, the government would very much like a favorable ruling from a federal judge. An order to alter this service to allow interception or collection could then be used against a number of other services offering end-to-end encryption.

It's unknown what legal options Facebook has pursued, but it does have a First Amendment argument to deploy, if nothing else. If code is speech -- an idea that does have legal precedent -- the burden falls on the government to explain why it so badly needs to violate a Constitutional right with its interception request.

This is a case worth watching. However, unlike the DOJ's very public battle with Apple in the San Bernardino case, there's nothing to see. I'm sure Facebook has filed motions to have court documents unsealed -- if only to draw more attention to this case -- but the Reuters article says there are currently no visible documents on the docket. (The docket may be sealed as well.) There is clearly public interest in this case, so the presumption of openness should apply. So far, that hasn't worked out too well for the public. And if the DOJ gets what it wants, that's not going to work out too well for the public either.

Filed Under: doj, encryption, facebook messenger, voip, wiretapping
Companies: facebook

United Arab Emirates Makes Using A VPN A Crime... To Protect The Local Telcos From VoIP Competition

from the also-helps-with-surveillance dept

Article 1 provides for replacing the text of Article 9 of Federal Law No. 9/2012 as follows:

Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery, shall be punished by temporary imprisonment and a fine of no less than Dh500,000 and not exceeding Dh2,000,000, or either of these two penalties.

Previously, the understanding of UAE internet law was that VPN or proxy use would be prosecuted under the Telecom Law only if it was used in connection to another crime – this is now going to be set law with a set fee and mandatory jail time. Now, with President Khalifa’s newest proclaimed laws, it is OK for the UAE police to go after individual VPN users for any criminal infraction. Currently, such crimes include accessing blocked services or websites, which can only be done with a VPN or proxy, use that the UAE considers fraudulent use of an IP address. That means watching pornography (a worry for tourists) and calling home on unlicensed VoIP services (a worry for most UAE residents) such as WhatsApp, FaceTime, or SnapChat. Internet users in the UAE, especially the large masses of immigrant labor, use VPN services to get past this geographical VoIP ban to talk to relatives and friends back home.

Filed Under: competition, encryption, net neutrality, privacy, surveillance, uae, united arab emirates, voip, vpn
Companies: du, etisiat

Moroccan Telcos Block Free VoIP Calls To Protect Their Bottom Lines

from the VoIP-providers-lacking-proper-license-to-print-money-for-telcos dept

American telcos don't have a monopoly on monopolies. Foreign telcos can be just as inappropriately (and pehaps illegally) protective of their turf profits.

Moroccans and expatriates have taken their fury against the blocking of voice over IP (VoIP) calls to social networks, and have called for the boycott of the North African country's telecommunication operators that implemented the ban.

There are now growing calls for Moroccan king’s intervention to put pressure on the firms to restore internet call services.

Morocco’s Telecommunications Regulatory National Agency (ANRT), which was behind the ban, justified its decision by stating that none of the services providing voice over IP (VoIP) or other "free internet calls" had the required licenses.

The three telecom operators have lost more than 100,000 “like” mentions within 48 hours of the launch of #OPEUnlike campaign by Marouane Lamharzi Alaoui on Facebook.

Alaoui created a webpage that allows the tracking in real time of the number of people who have unsubscribed from Facebook pages of the three operators.

For some, the ban is illegal, arguing that ANRT has within its powers the ability to "propose" laws, but not to enact them.

"In its 2004 decision subjecting VoIP to a prior license, ANRT wanted to apply a legal regime and therefore exceeded its powers. The decision can be challenged before the administrative court of Rabat by filing for an annulment for abuse of power," wrote Alaoui.

Filed Under: anrt, blocking, competition, morocco, telcos, voip
Companies: skype

Saudi Arabia Starts Clamping Down On Encrypted VoIP Services; US And UK Strangely Silent On The Moves

from the awkward dept

Earlier this month, the messaging service Viber was blocked in Saudi Arabia. This was not entirely unexpected, since the authorities had been trying to come to grips with the service and its ability to encrypt messages for a while according to Viber's founder, as a BBC News report explains:

Mr Marco told the BBC that Saudi internet service providers and mobile operators started asking for information about the internal workings of the service a couple of months ago.

"We assumed that the reason they wanted it was to try to figure out ways to tap into our conversations, listen to what our users are saying, read messages," he said.

A few weeks ago, this clear attempt to ensure that citizens in Saudi Arabia could be routinely spied upon when using popular new communication services would doubtless have prompted denunciations from Western countries of these clear threats to privacy and personal freedom. But in the light of the revelations about the large-scale snooping being carried out by the NSA in the US and GCHQ in the UK, that is hardly an option. This shows once more how increasing surveillance in the West gives those in other parts of the world a free pass to do the same.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: encryption, saudi arabia, surveillance, voip

Here We Go Again: FBI Wants Backdoors To Snoop On Nearly All Internet Communications

from the sure,-they-want-it... dept

Filed Under: encryption, fbi, voip, wiretapping