How different companies (and industries) are trying to fight spam calls

What I like at how companies are tackling spam calls and robocalling is that the solutions they bring to the table are based a lot on their DNA.

There is more than one way to solve a problem. There is usually more than one way to solve a problem effectively. Which means that it isn’t that easy to pick the best solution – simply because there are a few good alternatives. This is the case with spam calls. These spam calls are also called robocalls, which we’ll get to later.

When I wanted to explain it through an analogy – it hit me!

It is akin to the many lightbulb jokes. At the end of the day, in each industry or persona type, a different approach is taken to change a lightbulb.

Let’s change the subject instead of the lightbulb though. We’re talking about calls. Here in Israel we get a few unsolicited spam calls. Not that many if you consider what’s going on in the US – and it is still not that fun.

My own spam calls experience(s) – or lack of

I used to live in a rather religious city a few years back. We are a secular family. The neighborhood and the city around us changed to become more religious over time through a kind of natural selection. At that time, I used to get a call or two a week, starting with a recording with a wording that can roughly be translated to a preacher saying “Precious Jews!” – that’s the point where I hung up automatically, so I have no clue how that “conversation” progressed.

This miraculously stopped as we moved to a city nearby. This time a secular one (almost too secular). It stopped not only in our landline but also in our mobile phones, which was interesting. This week though, I started receiving different calls, probably due to the upcoming election here. These calls start with something like “Save Liberalism” – which I again identified as my cue to hang up the call.

Here in Israel? This isn’t such a big deal. Probably due to the exorbitant cost of call automation or simply because the market is too small or too immature for it. In the US? It seems like there this plague is so common that many people don’t answer their phones for numbers they don’t have in their address book.

Here’s what Andy Abramson has to say about his spam calling experience:

Sure my regular dial up and mobile phone numbers rings throughout the day with calls from toll-free and from numbers that look like they’re from a neighbor, when they’re nothing but spam like calls. 

Most of his conversations take place over OTTs these days, which don’t carry spam.

Up until recently, this seemed like a necessary evil that no one is going to really handle. But something has changed this last year. So much so that this now looks to be the main issue in phone calling. Especially if what we’re looking for is maintaining a semblance of usefulness to using telecom carriers to handle our phone conversations.

How did we get to this point?

I get a feeling that it involves a mixture of reasons:

1. The low cost of calling (or sending an SMS) to people
2. The ability to programmatically automate that process and leave humans out of the equation for the spammer
3. We’ve gone through a digital transformation in telecom – from analog to digital communications – which made the interfaces towards telecommunication networks easier and more accessible via the internet. At the same time, the capacity of these networks to handle calls grew significantly
4. When carriers interconnected with each other, they didn’t really think that far into the future of the types of abuse and attack vectors available today

Remember that just until a few years ago, the concept of encrypting traffic other than financial transaction seemed an exaggeration (encryption and cryptographic authentication in communications was not part of an MVP, a version 1 or a version 2 of a product, and it almost never interoperated well out of the box). Today? We’re discussing end to end encryption as if that’s a human right and zero trust networks as if that’s the norm.

–

There is no doubt a problem. And this problem is getting bigger each year. How are companies tackling it? Each one with the tools its has available and the DNA it has.

Carriers: Lets standardize

One of the main concerns with spam calls is based on spoofing. The ability of the originator of the call to masquerade as any number he wants, including local numbers, close to that of the called number. This technique tries to add trust to the originating call, to pass the automated response of people (not answering calls that look somewhat fishy).

You’d think that by 2019 this wouldn’t be such a simple thing to do (zero trust anyone?), but it is. So much so that the standards suggested – SHAKEN/STIR – a cryptographic authentication of caller IDs. As explained by the FCC on combating spoofing:

This means that calls traveling through interconnected phone networks would have their caller ID “signed” as legitimate by originating carriers and validated by other carriers before reaching consumers. SHAKEN/STIR digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person making it.

For the FCC and carriers such a solution makes a lot of sense:

1. You start by better defining the problem – it isn’t spam calls but rather caller identity spoofing
2. Then you continue by picking a solution – authentication of caller identity
3. And then you go spec it out as a standard – SHAKEN/STIR
4. Last but not least, you get all carriers (100’s of them) to implement the new standard

In the US, AT&T, T-Mobile and Comcast have started implementing SHAKEN/STIR (PDF). I didn’t find much information about other carriers around the globe.

Here are a few challenges with this approach:

1. SHAKEN/STIR doesn’t block calls. Just indicate if they are authenticated or not. Think of it as the green indicator of the past on your browser bar for websites served via HTTPS. Or even worse – the Extended Validation Certificates for HTTPS (now officially dead and useless). In other words, you will keep getting spam calls, but something on your display will allow you to better decide if you wish to answer or ignore
2. It requires software changes on mobile devices (and landline phones). Since it blocks no calls, the indication of unauthenticated caller ID needs to appear on your display when there’s an incoming call
3. It requires all carriers to be effective. Otherwise, a lot of them phone numbers will come unauthenticated adding too much noise
4. It requires OTTs, CPaaS vendors, UC vendors, contact centers, enterprises and anyone interconnecting with carriers for his voice traffic to authenticate his numbers using the same standard specification

These challenges means that until we see value in this initiative, we will be well into 2025 or something similar.

The “go it alone” carriers

There are instances where carriers are going it alone, trying to solve spam on their own.

The notable example here is Verizon, offering free and paid call filtering services, targeted at robocalling. They are now pre-enable it on Android phones.

Frankly? This approach is again within the realm of carriers-DNA. From Verizon’s website:

• With carriers, everything has a price. Caller ID – if that means authentication like SHAKEN/STIR (or SHAKEN/STIR itself), then why only under a paid plan? Aren’t carriers supposed to take care of spam similarly to how most email services do today?
• Automated call blocking by filtering them as spam is great, but what about false positives? How many important calls from businesses is this going to block? (and yes, I know I complained before about SHAKEN/STIR not blocking calls)

Verizon isn’t alone in this approach. Other carriers are offering similar solutions as well.

My challenge here? I’ve never seen a carrier app on mobile that works well. They always seem and feel half baked.

There’s an app for that

And a lot more than a single app.

Since our smartphones allow for apps, there are those who created apps that allow blocking incoming calls based on who the caller is. The intent is to be able to block robocalls/spam from coming in. Which is great.

The challenges are?

• Not all call blocking apps are created equal. Some offer an abysmal user experience while others integrate nicely with the operating system. It is left to the user to pick one that works for him
• These apps often build their database via crowdsourcing the spam indication from users. While great, this did block calls from my insurance company a few times when I really needed to receive these calls. This also means that different people have a different definition of what spam is and that will affect what gets blocked on your phone
• They are selling your data. Or at least that’s the current news. Robocall blocking apps collect more data than they should and use it for unknown reasons (it might just be developer log collection data, but some of these apps actually might sell data)
• You need to actively install these apps on your phone. Select one and register to it. So not frictionless

Operating systems: power to the user

Mobile operating systems allow some semblance of control that is/can be given to the user.

If you are using Google’s phone application on your Android device, then you can use Android’s caller ID & spam protection.

This relies on Google to decide if an incoming call is suspect of spam or not (more on that later), and be able to simply block it. Users also have the ability to mark calls as spam, which I am sure Google then uses as crowdsourced information as well.

Why this approach by Google? Google is a data-first company, so any challenge gets first solved using data.

Apple, on the other hand, decided to not look or rely on their users’ data. What they did was add a simple rule in iOS 13 to silence unknown callers. This will just not ring your phone if the caller ID isn’t found in your address book. While a nice feature, this doesn’t really scale and the result is too aggressive.

Why can Apple take this route? To get more businesses into its Apple Business Chat solution – effectively enticing businesses to communicate with iPhone users via Apple, and getting them into the user’s address book.

Google: AI

There’s one more thing Google is now doing for their new Pixel phones, called Call Screen.

Call Screen is a kind of a virtual assistant or a voicebot that “lives” in your phone. It can answer calls on your behalf, transcribing and checking on your behalf who is calling and why. You will then be continue interacting with the caller via menu buttons on the screen, instead of actually talking to him.

Why this approach?

It does what only Google can do. Run speech to text as well as text to speech on device, in real time, and do that with an accuracy that is good enough.

The funny thing is that it gets robocalls interacting with voicebots. I wonder if this is communications or can we start talking here about the M2M (machine to machine) market instead…

The problems? You still need to man-handle all these spam calls. Would be better if we could just make them go away to begin with. Oh… and it is available only on Pixel phones for now.

Twilio: Programmable Identification

In their recent Signal event, Twilio announced Verified by Twilio.

The idea here is to create a kind of a marketplace where Twilio customers add metadata to their outgoing calls to users – like who is calling and the reason for the call. And then that data gets picked up by caller id apps and shown to the users when that call rings on their smartphone.

This is a nice thing, but it does have its own set of challenges:

• It requires businesses to identify their intent via APIs. And they can do it only through Twilio today. This isn’t an open standard
• As a user you still need to install an app to make this work
• And it doesn’t block the calls – just gives you a bit more information before you answer it

That said, if Twilio can pull it off, it will secure its lead even further in the CPaaS market.

Is all robocalling spam?

No.

A lot of it is transactional.

I get a call every 6 months from the dentist. An automated reminder a day before a visit. If I don’t answer it and press “1”, it tries to hunt me down. Never checked what happens to my appointment if it fails to do so.

That term digital transformation is old by now, but the transition we are going through towards digitizing and automating interactions between businesses and users is a real one, and it is a growing trend. The purpose of it isn’t just to deflect incoming calls and communications so customers don’t bother “us businesses”. The purpose is to genuinely improve the customer experience and to do so at scale, while relying less on human agents (or at least not relying on them in the boring and the trivial).

Then how do we filter out these spam calls from the automated transactional ones that we really want to receive?

Today, it seems, there are two main solutions:

1. Block “spam”, which might catch real calls and block them as well. My guess is that false positives here are higher than what email spam shields are doing – think of it as being 10-20 years behind in the technology curve
2. Mark intent of the calls or “manage” incoming calls, which means users are still being bothered with it, just a bit less so

Not a good solution in sight yet.

Back to lightbulbs

I started with lightbulbs so better finish with that. Especially since there’s no aha-moment here for us, or a great lightbulb idea to work with when it comes to spam calls.

So… How many board meetings does it take to get a light bulb changed? (or to fight spam calls)

This topic was resumed from last week’s discussion, but is incomplete pending resolution of some action items. It will be continued next week. Meanwhile . . .