If you’ve owned any sort of telephone ever, you are aware of robocalls. Whether it be on your traditional landline, your mobile phone or your softphones, I bet you’ve been made aware of your opportunity to extend your vehicle’s warranty, cash in on a free cruise or explore the need to consolidate student loans.

The practice is incredibly annoying. For a while, cellphones were sacred ground – robocall firms feared calling those devices. Mainly, the lack of contact was related to two issues. The numbers used for mobile devices were often held in high regard by the telecommunications companies –they didn’t reveal the blocks of numbers. And secondly, the federal communications commission (FCC) would likely fine a firm for calling a mobile user: the calling plans were small and charges could accrue quickly.

However, mobile devices are everywhere nowadays. With the ability to port numbers from one carrier to another, an area or prefix signifies very little. Limited calling plans went the way of manual locks and rolldown windows. The field is ripe; there are millions of numbers waiting for a pestering call.

And for the robocaller, the technology has improved. They don’t pay for each outbound call, software manages the entire process, and there isn’t much human labor involved. Disappointingly, the regulatory landscape slid sideways.

The “no call” registries seemed to have flopped. The FCC doesn’t appear to care about the exploding volume of violations of the “no call” registries, despite complaints being at an all-time high.

However, things may be improving for the consumer.

In September 2018, the FCC fired back. They levied fines of $120 million against two US-based companies for violation of numerous laws. Both firms used technology to “spoof” a local number. In one case, a person’s telephone number was “spoofed” over 48,000 times. The person received callbacks for months from angry people, all of whom accused the person of making the robocalls.

What is “spoofing”? Essentially, spoofing is the act of impersonation, using technology to pretend to be someone else. We see this commonly with forged email messages, such as phishing attempts. With telephone calls, spoofing is employed to conceal the caller ID of the true caller. In the past couple of years, the robocall firms have employed a more individualized approach. They realized that people were ignoring the calls, or, placing blocks on their caller IDs.  So they used a simple spoofing technique to present a local telephone number on the inbound caller ID. The idea is appealing. If a call appears to be from a local prefix, then the recipient may be more inclined to answer. The deceptive practice is sometimes called neighbor spoofing.

It worked.

A large number of state attorney generals have written the FCC, seeking for an increase in penalties and enhancement of rules to force telecommunications providers to block spoofed calls.

The relative inexpensive nature of today’s technologies and the ease of deploying spoofing technology suggests that the robocall problem will worsen. The attorney generals want the FCC to increase use of various technology protocols that will prevent spoofing, essentially asking the major telecommunications providers to block the known bad calls before they reach the consumer.

An argument has ensued. The carriers want a bit of safe harbor from the FCC if they implement stringent call-blocking technologies. They fear that the technology might fail on occasion and block legitimate calls, creating an undesirable environment where “false positives” occur. The carriers don’t want to be liable for claims of degraded services, etc. Also, legitimate marketing firms want assurance that the carriers won’t block their traffic.

The FCC accepted public comments on the discussion through this week. We will have to wait and see if the FCC takes any action on the request from the attorney generals.

In the meantime, be on the lookout for those spoofed calls, especially if your phone appears to be calling itself from itself – you probably didn’t win a luxury cruise.

William Greg Price is the Chief Technology and Security officer for Troy University and the Director of the Alabama Computer Forensics Institute. He currently represents District 2 on the Pike County Board of Education.