Monthly Archives: May 2014

The $25,000 MS Paint Picture

You’ve probably received the calls many times.

“This is Rachel from Cardholder Services”, says the obviously pre-recorded message, making you instantly cringe, believing that this is perhaps a notification that one of your credit cards has been compromised.

“There is nothing wrong with your account,” she continues.   Well, that’s a relief.  But why is she calling?

“Please press 1 for an important message about how you can lower your interest rates…”

Ah, so it’s telemarketing BS, so you instantly hang up.  Slightly annoying, but not the end of the world, and you forget about it.

It turns out that “Rachel” isn’t actually working for any banks where you have credit cards.  In fact, this company has no idea who you are.  It’s known as a “robocall” — an automated telemarketing call attempting to reach an interested, live human being, at which point they are connected to a salesperson.

These “Rachel” calls were so numerous and so persistent for years, that they achieved a degree of infamy.  There are actually a number of videos on YouTube of people “reverse pranking” the Rachel calls, where they feign interest and waste the telemarketer’s time.

But how was this possible?  Hasn’t there been a “Do Not Call” anti-telemarketing registry, which has existed for more than 10 years?  Aren’t there stiff fines for violating this registry?

Supposedly, yes.  But the FTC hasn’t been aggressively pursuing these violators, and as a result, companies like “Rachel” have run wild.

Indeed, Rachel was a lot more sinister than her friendly message portrays.  If you expressed interest in lowering your interest rates, you would be connected to an aggressive (and dishonest) salesperson, who would sell you an interest-lowering “package” for as much as $3,000.  What would you get for all that money?  Very little, as their lofty promises were left unfulfilled once they had your money.  In some cases, salespeople lied about the fact that there was a charge, and claimed they were taking customers’ credit card information just to lower their interest rates.  In reality, they were charging the credit card for their “services”.  Even though there was supposedly a 100% moneyback guarantee, very few people were ever able to actually obtain a refund.  It was a full-blown scam, and it was perpetrated for years by various different companies.

In 2012, the FTC finally took action, shutting down and criminally charging five different telemarketing companies utilizing “Rachel” for their scams.

Truth be told, that action was a lot more about the fraud than the unauthorized telemarketing calls.

Around the same time, the FTC took an unusual step.  Rather than attempting to solve the unwanted telemarketing issue themselves, they offered a $50,000 cash prize for anyone who could come up with a working solution to the problem.

This was a rarity for the government.  Rather than waste untold amounts of taxpayer money and get little done, they appealed to the public for help with the issue.  While $50,000 is a lot of money for most individuals, it’s a mere pittance to the federal government.  From all appearances, it seemed that they would have an excellent group of contestants to choose from (due to the generous, well-publicized prize money), and would likely finally solve the problem of unwanted telemarketing phone calls.  This would all be accomplished for less money than it takes to pay one federal employee’s yearly salary.  For once, the government was spending efficiently!

Or were they?

The offending companies were violating Caller ID laws.  It is not illegal for individuals to spoof caller ID when calling one another, but commercial phone calls are required to display a true and accurate Caller ID.  This, in turn, allows people on the Do Not Call Registry to accurately report offenders who bother them with telemarketing calls.  Unfortunately, the requirement and what actually occurs are two different things.  Telemarketing companies quickly realized that they would be foolish to display their real phone numbers if they were violating the Do Not Call Registry.  Instead, they chose to either hide their caller ID or display a false one.

This is the digital equivalent to wearing gloves when you’re breaking  into a house.  Even if there were a law banning the use of gloves, criminals would wear them anyway, as hiding their fingerprints is essential to not being caught.  So that’s what these telemarketers have been doing for years — hiding their fingerprints when they make these calls.

Of course, that’s not to say the FTC is powerless.  Since the telemarketers are selling something, all the FTC has to do is “follow the money” when these fraudulent packages are sold, and they can bust the perpetrators.  And that’s exactly what they did in the case of “Rachel”, albeit a bit too late.

But back to the contest.  The contest was from a techincal standpoint.  It was asking for a technical solution to allow consumers to take matters into their own hands, and avoid receiving these annoying calls in the first place.

The contest, which took place from late 2012 to early 2013, was described as follows:

The Federal Trade Commission (FTC) is challenging innovators to create solutions that will block illegal robocalls. These solutions should block robocalls on landlines and mobile phones and can operate on a proprietary or non-proprietary device or platform. Entries can be proposed technical solutions or functional solutions and proofs of concept.”

The winning solution would receive $50,000, if it were to be developed by an individual or a company of fewer than 10 people.  Oddly, solutions submitted by companies with 10 or more employees would be given an honorary award, but no money.

The contest ended a year ago, and the winners were crowned.  Are you curious who won, or more importantly, what solutions these people came up with?

I definitely was, so I checked out the winner’s circle.  It turns out that two people tied for first, and an honorary prize was also given to two Google employees for their solution.

So here’s the first of the two winners, each of whom received $25,000.

That’s it.  It came with a brief description of, “Robocall filtering system and device which autonomously compiles whitelisted, blacklisted and graylisted numbers databases. These databases are then used for appropriate call processing. The filter system and device is able to detect caller ID spoofing by the caller.”

And that’s all we get to see.  No technical specs or details.  No proof of concept.  Those are to remain private, according to contest rules.

One commenter on the page bluntly asked, “This is a joke, right?”  Another commenter mused that perhaps this was an April Fool’s prank by the FTC.

There were accusations by other contestants that this winner (and the other, which provides even less detail) simply stole their idea from earlier-submitted ideas, which had already been submitted and shown publicly.  There were others who found it ridiculous that the public (whose tax dollars funded the contest) was unable to see the more detailed descriptions of these proposals.

But more importantly, neither this nor the other “winning” solution could possibly work.

This solution involves an application or device keeping blacklists and whitelists of phone numbers, and blocking the ones that the customer blacklists.  It also supposedly blocks numbers using spoofed Caller IDs.

This all sounds well and good, but there is no way for phone companies to determine if the Caller ID is spoofed, under the current switching technology.  So this solution lives in fantasyland.  It would require a complete reworking of how Caller ID is processed and transmitted, and would require an immense expense for many phone companies — something they would never be willing to do.  This contest required that winners could be “easily rolled out” for immediate implementation, and this one clearly couldn’t.

In fact, if Caller ID spoofing could be detected, it would just be eliminated altogether.  The fact that Caller ID can be spoofed at all is the same reason it’s undetectable when it’s done.

Simply put, this solution is garbage, and fittingly all we get to see is a comically bad MS Paint drawing.

The other solution, entitled NoMoRobo (referring to “No More Robocalls”), is also inept and impractical.  For this, the public got to see no details at all, except a YouTube video marked private.  However, a few people were able to view the video before it went private (why was it private, anyway?) and described it in the comments.

This solution also fails.  It primarily revolves around a telephone version of a Captcha.  When a number calls that isn’t on the whitelist (known trusted numbers), it is then forced into a question and answer system where the caller is required to touch-tone its correct answer to prove it’s human.  But this system has all sorts of flaws.  What if the caller doesn’t speak English?  What if they have a hard time answering the question?  They could get incorrectly blacklisted, and never be able to get through, which is a disaster.  Furthermore, telemarketers would eventually get wise to this, and start spoofing commonly whitelisted numbers, such as those belonging to the local utility companies.

Here’s the bottom line:  There is no way to stop these intrusive telemarketing calls as long as the existing Caller ID technology can be spoofed.  Since changing  that situation is non-trivial, this is a pointless exercise.  No matter what plan you come up with, the telemarketers can easily work around it through creative number spoofing.  The FTC gave away $50,000 for nothing, as they were seeking solutions for an unsolvable (at least at present time) problem.

The greatest irony here is that the FTC has had the power to switfly curtail this mess all along.  It doesn’t involve any brilliant technological solution, but simply by aggressively going after major telemarketing scammers and repeatedly making examples out of them.  That would cripple the industry, and would scare many would-be criminal organizations from getting involved in the future.

Of course, the FTC would still have to contend with foreign telemarketing scammers, but at least an elimination of the domestic telemarketing criminals would put a large dent in the problem.

Instead, the FTC chose to spend $50,000 of taxpayer money, holding a contest to solve an impossible problem.

That’s the federal government I know and love.