At some point, our phone habits changed. It used to be that if the phone rang, you answered it. With the advent of caller ID, you’d only pick up if it was someone you recognized. And now, with spoofing and robocalls, it can seem like a gamble to pick up the phone, period. In 2023, robocall blocking service Youmail estimates there were more than 55 billion robocalls in the United States. How did robocalls proliferate so much that now they seem to be dominating phone networks? And can any of this be undone? IEEE Spectrum spoke with David Frankel of ZipDX, who’s been fighting robocalls for over a decade, to find out.

David Frankel is the founder of ZipDX, a company that provides audioconferencing solutions. He also created the Rraptor automated robocall surveillance system.

How did you get involved in trying to stop robocalls?

David Frankel: Twelve years ago, I was working in telecommunications and a friend of mine called me about a contest that the Federal Trade Commission (FTC) was starting. They were seeking the public’s help to find solutions to the robocall problem. I spent time and energy putting together a contest entry. I didn’t win, but I became so engrossed in the problem, and like a dog with a bone, I just haven’t let go of it.

How can we successfully combat robocalls?

Frankel: Well, I don’t know the answer, because I don’t feel like we’ve succeeded yet. I’ve been very involved in something called traceback—in fact, it was my FTC contest entry. It’s a semiautomated process where, in fact, with the cooperation of individual phone companies, you go from telco A to B to C to D, until you ultimately get somebody that sent that call. And then you can find the customer who paid them to put this call on the network.

I’ve got a second tool—a robocall surveillance network. We’ve got tens of thousands of telephone numbers that just wait for robocalls. We can correlate that with other data and reveal where these calls are coming from. Ideally, we stop them at the source. It’s a sort of sewage that’s being pumped into the telephone network. We want to go upstream to find the source of the sewage and deal with it there.

Can more regulation help?

Frankel: Well, regulations are really, really tough for a couple of reasons. One is, it’s a bureaucratic, slow-moving process. It’s also a cat-and-mouse game, because, as quick as you start talking about new regulations, people start talking about how to circumvent them.

There’s also this notion of regulatory capture. At the Federal Communications Committee, the loudest voices come from the telecommunications operators. There’s an imbalance in the control that the consumer ultimately has over who gets to invade their telephone versus these other interests.

Is the robocall situation getting better or worse?

Frankel: It’s been fairly steady state. I’m just disappointed that it’s not substantially reduced from where it’s been. We made progress on explicit fraud calls, but we still have too many of these lead-generation calls. We need to get this whacked down by 80 percent. I always think that we’re on the cusp of doing that, that this year is going to be the year. There are people attacking this from a number of different angles. Everybody says there’s no silver bullet, and I believe that, but I hope that we’re about to crest the hill.

Is this a fight that’s ultimately winnable?

Frankel: I think we’ll be able to take back our phone network. I’d love to retire, having something to show for our efforts. I don’t think we’ll get it to zero. But I think that we’ll be able to push the genie a long way back into the bottle. The measure of success is that we all won’t be scared to answer our phone. It’ll be a surprise that it’s a robocall—instead of the expectation that it’s a robocall.

This article appears in the May 2024 issue as “5 Questions for David Frankel.”

A New Orleans magician was paid to make fake Joe Biden robocalls, reports NBC News.

"I created the audio used in the robocall. I did not distribute it," Carpenter said in an interview in New Orleans, where he is currently residing.

— Read the rest

The post New Orleans magician paid to make fake Joe Biden robocalls appeared first on Boing Boing.

In the days before the U.S. Democratic Party’s New Hampshire primary election on 23 January, potential voters began receiving a call with AI-generated audio of a fake President Biden urging them not to vote until the general election in November. In Slovakia a Facebook post contained fake, AI-generated audio of a presidential candidate planning to steal the election—which may have tipped the election in another candidate’s favor. Recent elections in Indonesia and Taiwan have been marred by AI-generated misinformation, too.

In response to the faux-Biden robocall in New Hampshire, the U.S. Federal Communications Commission moved to make AI-generated voices in robocalls illegal on 8 February. But experts IEEE Spectrum spoke to aren’t convinced that the move will be enough, even as generative AI brings new twists to old robocall scams and offers opportunities to turbocharge efforts to defraud individuals.

The total lost to scams and spam in the United States in 2022 is thought to be US $39.5 billion, according to TrueCaller, which makes a caller ID and spam-blocking app. That same year, the average amount of money lost by people scammed in the United States was $431.26, according to a survey by Hiya, a company that provides call-protection and identity services. Hiya says that amount stands to go up as the usage of generative AI gains traction.

“In aggregate, it’s mind-boggling how much is lost to fraud perpetuated through robocalls,” says Eric Burger, the research director of the Commonwealth Cyber Initiative at Virginia Tech.

“I don’t think we can appreciate just how fast the telephone experience is going to change because of this.” —Jonathan Nelson, Hiya

AI Will Make It Easier for Scammers to Target Individuals

“The big fear with generative AI is it’s going to take custom-tailored scams and take them mainstream,” says Jonathan Nelson, director of product management at Hiya. In particular, he says, generative AI will make it easier to carry out spear-phishing attacks.

The Cost of Phone Fraud

• United States: $431.26
• UK: $324.04
• Canada: $472.87
• France: $360.62
• Germany: $325.87
• Spain: $282.35

Source: Hiya

Generally, phishing attacks aim to trick people into parting with personal information, such as passwords and financial information. Spear-phishing, however, is more targeted: The scammer knows exactly whom they’re targeting, and they’re hoping for a bigger payout through a more tailored approach. Now, with generative AI, Nelson says, a scammer can scrape social-media sites, draft text, and even clone a trusted voice to part unsuspecting individuals from their money en masse.

With the FCC’s unanimous vote to make generative AI in robocalls illegal, the question naturally turns to enforcement. That’s where the experts whom IEEE Spectrum spoke to are generally doubtful, although many also see it as a necessary first step. “It’s a helpful step,” says Daniel Weiner, the director of the Brennan Center’s Elections and Government Program, “but it’s not a full solution.” Weiner says that it’s difficult for the FCC to take a broader regulatory approach in the same vein as the general prohibition on deepfakes being mulled by the European Union, given the FCC’s scope of authority.

Burger, who was the FCC’s chief technology officer from 2017 to 2019, says that the agency’s vote will ultimately have an impact only if it starts enforcing the ban on robocalls more generally. Most types of robocalls have been prohibited since the agency instituted the Telephone Consumer Protection Act in 1991. (There are some exceptions, such as prerecorded messages from your dentist’s office, for example, reminding you of an upcoming appointment.)

“Enforcement doesn’t seem to be happening,” says Burger. “The politicians like to say, ‘We’re going after the bad guys,’ and they don’t—not with the vigor we’d like to see.”

Robocall Enforcement Tools May Not Be Enough Against AI

The key method to identify the source of a robocall—and therefore prevent bad actors from continuing to make them—is to trace the call back through the complex network of telecom infrastructure and identify the call’s originating point. Tracebacks used to be complicated affairs, as a call typically traverses infrastructure maintained by multiple network operators like AT&T and T-Mobile. However, in 2020, the FCC approved a mandate for network operators to begin implementing a protocol called STIR/SHAKEN that would, among other antirobocall measures, make one-step tracebacks possible.

“One-step traceback has been borne out,” says Burger. Traceback, for example, identified the source of the fake Biden calls targeting New Hampshire voters as a Texas-based company called Life Corporation. The problem, Burger says, is that the FCC, the U.S. Federal Bureau of Investigation, and state agencies aren’t providing the resources to make it possible to go after the sheer number of illegal robocall operations. Historically, the FCC has gone after only the very largest perpetrators.

“There is no stopping these calls,” says Hiya’s Nelson—at least not entirely. “Our job isn’t to stop them, it’s to make them unprofitable.” Hiya, like similar companies, aims to accomplish that goal by lowering the amount of successful fraud through protective services, including exposing where a call was created and by whom, to make it less likely that an individual will answer the call in the first place.

However, Nelson worries that generative AI will make the barrier to entry so low that those preventative actions will be less effective. For example, today’s scams still almost always require transferring the victim to a live agent in a call center to close out the scam successfully. With AI-generated voices, scam operators can eventually cut out the call center entirely.

“In aggregate, it’s mind-boggling how much is lost to fraud perpetuated through robocalls.” —Eric Burger, Virginia Tech

Nelson is also concerned that as generative AI improves, it will be harder for people to even recognize that they weren’t speaking to an actual person in the first place. “That’s where we’re going to start to lose our footing,” says Nelson. “We may have an increase in call recipients not realizing it’s a scam at all.” Scammers positioning themselves as fake charities, for example, could successfully solicit “donations” without donors ever realizing what actually happened.

“I don’t think we can appreciate just how fast the telephone experience is going to change because of this,” says Nelson.

One other complicating issue for enforcement is that the majority of illegal robocalls in the United States originate from beyond the country’s borders. The Industry Traceback Group found that in 2021, for example, 65 percent of all such calls were international in origin.

Burger points out that the FCC has taken steps to combat international robocalls. The agency made it possible for other carriers to refuse to pass along traffic from gateway providers—a term for network operators connecting domestic infrastructure to international infrastructure—that are originating scam calls. In December 2023, for example, the FCC ordered two companies, Solid Double and CallWin, to stop transmitting illegal robocalls or risk other carriers being required to refuse their traffic.

“Enforcement doesn’t seem to be happening. . . . not with the vigor we’d like to see.” —Eric Burger, Virginia Tech

The FCC’s recent action against generative AI in robocalls is the first of its kind, and it remains to be seen if regulatory bodies in other countries will follow. “I certainly think the FCC is setting a good example in swift and bold action in the scope of its regulatory authority,” says Weiner. However, he also notes that the FCC’s counterparts in other democracies will likely end up with more comprehensive results.

It’s hard to say how the FCC’s actions will stack up versus other regulators, according to Burger. As often as the FCC is way ahead of the curve—such as in spectrum sharing—it’s just as often way behind, such as the use of mid-band 5G.

Nelson says he expects to see revisions to the FCC’s decision within a couple of years, because it currently prevents companies from using generative AI for legitimate business practices.

It also remains to be seen whether the FCC’s vote will have any real effect. Burger points out that, in the case of calls like the fake Biden one, it was already illegal to place those robocalls and impersonate the president, so making another aspect of the call illegal likely won’t be a game-changer.

“By making it triply illegal, is that really going to deter people?” Burger says.