A Call to Action: Stop the FCC's KYC Regime
blog.lopp.netCitation required.
More widely, however, there do seem to be differences that I don't know the details of. VOIP seems quite different (I use it for my old phones): DID numbers in the US seem extremely cheap and available instantly, with little information, while European ones seem to have an actual verification process and prices that would make large-scale spamming difficult.
Spam calls frequently don't have a source in the same country as their target victim.
Seems that we can’t both get what we want.
A potential solution is that you get your anonymous phone line but my phone provider simply refuses to let you call me with it.
Of course then we need to extend the same principle to data and to IP traffic originating from your device. If you don’t want to be traceable it seems reasonable that services should have the right to refuse to handle IP traffic you generate.
Would such a half-baked level of network access suit your needs?
I would like anonymous political posts to be untraceable by the government.
I can't even get all of what I want.
Why can't you? They don't want to provide info for a credit check, you want human accountability. All that requires is for them to use a debit card for whatever service (prepaid or postpaid). Law enforcement can trace that if needed. No need for credit checks or really any other information directly in the hands of the telco.
I don't think it's necessary to go this far. The provider could indicate something like "CANNOT VERIFY NUMBER". I imagine most people would block such calls.
It's unclear to me how I'd be impacted by these new rules, but I don't believe there's any requirement to provide PII to get a VOIP number.
We're making our law enforcement's job marginally easier, by making the criminals' job infinitely easier by creating millions of juicy PII honeypots.
No, you don't need my phone #, real name, captcha.. if you think you do, realign your incentives, and rethink what else can be used for your real need instead.
Pure insanity.
You can still allow people to hide it, but then by default every non-business phone should block calls with hidden numbers.
Easy fix. It should be opt-in to accept a call that is routed through one of these. I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962 can call her son in New York, but for the rest of us who are not in that situation, we can just blacklist all those calls and lose nothing. This would even fix spam for the people who opt-in, because so few people have grandmas in rural France that it's not worth it for the spammers to bother anymore.
Easier (and correct) fix: Telecoms operators should not be permitted to provide transit to a call that's routed through one of these.
> I know they allow it so some grandma in rural France that still uses a dial phone on a copper line that hasn't been touched since 1962...
This doesn't make sense. Even my inexpensive Mikrotik switches can augment packets with the ID of the port that they originated from. I do not believe for even a second that Telecoms Grade switching equipment is unable to do the same. The fact that that grandma can send and receive calls tells you that both that that equipment exists and that it knows what port her phone is connected to.
The example should rather have been some telecom carrier in Africa or India. Telco equipment is expensive, the technology is ridiculously complex and getting companies especially in less well-off regions to replace aging stuff and updating it to modern standards is next to impossible. Think about it, the globally connected phone system includes countries where you get 10 GBit/s symmetric fiber in your home and it includes countries where people don't even have running water because they're so poor.
The fact that we in Western countries can have a realtime conversation with someone in the Saharan desert or in an Indian village that requires days worth of travel [1] is nothing short of a miracle.
[1] https://www.aljazeera.com/gallery/2024/5/8/an-election-booth...
Sure, agreed.
> ...the technology is ridiculously complex...
Odd. I could have sworn that Caller ID, Customer-initiated Dialback, "Tell me the number of my most recent caller", and "Keep calling this number for the next half hour, and ring me if the call is answered" were features that were available on the POTS since the early 1990s. I agree that the tech's complex, but the R&D for the stuff I'm talking about has been over and done with for at least thirty five years. There are adult HN users who have never lived in a world without this stuff.
> ...getting companies especially in less well-off regions to replace aging stuff and updating it to modern standards is next to impossible.
I don't see how that's the problem of "The West"? If it's actually a problem, instruct "Western" telecoms to send a couple-hundred-million dollars in last-gen equipment, along with the techs required to install it and let them declare its original purchase price and the full cost of the manpower as a tax credit.
> ...is nothing short of a miracle.
If we ignore the existence of long-range radio, and if this were prior to 1965 or -at latest- 1970, I might agree. But, like, we've had satellite telecommunications for nearly sixty years, terrestrial microwave transceivers for a couple of decades longer, and short- and long-wave transceivers for far, far longer than either.
Additionally... I don't know if you've noticed, but it's not uncommon to have a satellite phone in your pocket these days.
Sure, but now have a look at the infrastructure that's physically deployed. Hell in Germany (!), it took until 2020 to finally disable the old and truly horribly aged ISDN infrastructure. When it takes the third-richest nation by GDP that long to replace technology, I am not going to demand better from nations that are a few dozen places below us on the economy rankings.
> I don't see how that's the problem of "The West"? If it's actually a problem, instruct "Western" telecoms to send a couple-hundred-million dollars in last-gen equipment, along with the techs required to install it and let them declare its original purchase price and the full cost of the manpower as a tax credit.
Yeah good luck with getting that past our populations that, no matter if we're talking about the US or Europe, have been riled up by the local far-right and Russia that foreign aid is a bad thing and "national wealth should stay in the nation" (with the end result of course being that Russia has swooped in to replace our foreign aid, and that's why we see so many putsches in Africa).
> But, like, we've had satellite telecommunications for nearly sixty years, terrestrial microwave transceivers for a couple of decades longer, and short- and long-wave transceivers for far, far longer than either.
Sure! But the fact remains that it took a lot of effort to get telephones and their infrastructure deployed effectively worldwide.
> Additionally... I don't know if you've noticed, but it's not uncommon to have a satellite phone in your pocket these days.
In developed economies, sure. But in countries where the iPhone models capable of that (or an outright Starlink terminal) can cost a full year's wages? In South Sudan, the yearly corrected purchase power is about 716 $ per person and year [1].
[1] https://gfmag.com/data/economic-data/poorest-country-in-the-...
It's odd that you talk about "demanding" nations to foot the bill for upgrades even though I talk about paying "Western" telcos to give it to them, install it, and teach them how to use and maintain it for free. You even quote this plan in your next paragraph. Smells like you have an axe to grind or something.
> Yeah good luck with getting that past our populations that...
Oh boy. Hun, the "expense" is gonna be less than a couple billion dollars, and it's not even going to be an appropriation. Unless some politician wants to use it to score points, literally noone in the public will notice.
> But in countries where the iPhone models capable of that (or an outright Starlink terminal) can cost a full year's wages?
Mmm, tell me what the BOM is for the satellite communications package on the phones that I'm talking about. I bet that not only do you have no clue, you're also largely unaware of the state of radio telecommunications in many of the nations in Africa. As a bonus inquiry, do tell me how many of the people who can't afford to buy the cheapest-available satellite phone are running scam/spam phone call operations in those countries. I bet that number is very close to zero. ;)
Do remember that TFA that started all of this conversation discussed the FCC's plans to require government-issued ID in order to get access to the phone network. This is being presented as the "only way" to "solve" spam and scam calls, but even a moment's thought makes it plain that not only is it not the only way, [0] it will be completely unable to achieve the stated goal.
[0] ...tax credits and their equivalents move businesses to solve every problem that can be solved, after all...
Mikrotik is a young spring chick compared to the dinosaurs in telecom.
Given these restrictions, how does one ensure that one can activate the ringer of a single phone (and connect its speaker and mic to that of the caller, and noone else) in a world where all of the human operators were replaced by electromechanical ones, which were then replaced by fully computerized ones? Once one has figured that out, how does one ensure accurate and correct determination of the calling parties, the transit networks, and the duration of the call? One needs to recover your costs, and one uses usage-based billing to do so. [1]
In order to do those things, mightn't the system that that phone is connected to have to have all of the information about the callers, the systems the call flows through, the duration of the call, etc, etc, etc?
[0] Rotary phones are even simpler than touch-tone phones because they replace the tone generator with an elecromechanical gizmo that bangs on the line when it's rotated. Because I vaguely remember hearing that some phone networks were phasing out support for rotary phones, I'm assuming that you're not guaranteed to be able to attach one and have it function.
[1] I'll only briefly mention POTS features from ~35 years ago such as "Caller ID", "Read to me out loud the phone number of my most recent caller", and "Keep calling this number for the next half hour and ring me if they pick up", which had to (and did) work with these dumb-as-bricks phones.
Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should. The government would have to make them do it and they'll pretend upgrading is super expensive.
I'm saying these two categories should be denied by default by my telecom provider, and the user must opt-in to receiving them.
> Now, operators of those legacy links make A LOT of money for operating them since they carry 100% of the country's spam traffic, and they're not going to shut them down just because you think they should.
Those operators are not my concern, they can do whatever they want. I want my telecom provider to block unknown/unverified calls by default. I have no reason to ever receive a call from an unverified source. Some people might, because they have business or relatives or whatever in such a region, and they can opt-in to receiving them if so.
Like what? Who is both a legitimate caller and also trying to call me through one of these unverified legacy services? If their calls stopped going through to a huge chunk of their customers (this is one of the reasons receiving unvalidated calls should be opt in, not opt out), why wouldn't they switch to a verified service?
I always imagined that there are certain shady providers ("grey-market Twilio" sort of idea) that just let you run single outbound call/text requests through a giant pool of numbers shared with other customers of the service. Perhaps specifically a bank of residential numbers plugged into banks of regular cell phones, like a residential IP proxy service provider.
It's very unlikely anybody is placing spam/scam calls with regular cell phones when VoIP numbers are easy and cheap to get, and when VoIP systems are far easier to manage.
It would certainly hurt a consumption-based economy, for starters.
Seems irrelevant to the original point.
- Providers that can't afford it implement it - Non-IP networks - Small voice service providers that originate calls via satellite using U.S. NANP - Providers that lack control over the network infrastructure necessary to implement
Nothing is going to change as long as those holes exist.
Unfortunately there isn’t an easy way to report abuse to the telcos (and regulators).
Almost every spam call has that I get, is spoofed.
Someone here explained it, once.
I think the spoofed calls use a legacy transport tech that can’t be forced to validate.
Not my job to "verify," in the technical sense.
When a call for an Indian crypto pump comes in as "SMITH, ROBERT", and a local exchange, I call that "spoofed."
Hmm...you seem very interested in redirecting this train of conversation. Why?
There was this telco, in Upstate New York, that was infamous for being a firehose of scam/spam robocalls. I think they may have been shut down, though, because I haven’t seen their numbers in the CID for a couple of years.
I would suggest that carriers are limited in what they can do. Crooks be crooks, and many of them are very clever. They usually figure out how to weasel past the guard dogs.
If the FCC implements this, I expect a lot litigation because of the burden and legal liability this would place on telecom and VOIP companies. There are other less burdensome approaches to preventing spam that the FCC has not tried.
First of all, the decision makers at the FCC profit from directly from spam, Christ.
Secondly, the indirect value of spam to the FCC is that it helps to justify initiatives to ruin the privacy of ordinary people via the constant push for KYC.
Just like "age verification", Flock cameras, license plate scanners, ubiquitous IoT with microphones and cameras, etc. Governments and corporations both profit from shredding every molecule of your privacy.
> SHAKEN system, short for Signature-based Handling of Asserted information using toKENs [...]
> The name was inspired by Ian Fleming's character James Bond, who famously prefers his martinis "shaken, not stirred". STIR having existed already, the creators of SHAKEN "tortured the English language until [they] came up with an acronym."
https://en.wikipedia.org/wiki/STIR/SHAKEN
(Unrelatedly, seeing a slash used casually within the URL slug feels so wrong)
So maybe it's bad backronyms that demonstrate the soul. I don't know who's idea it was to allow a computer to generate whimsy, that should be interdicted by a fourth law of robotics.
I would be willing to bet money that any "better call addressing system" would be a design by committee where this just gets litigated there. And we'd end up with either a system that requires KYC per-call, or has compromises similar to what we're complaining about now.
Considering most of those same telcos are donors and employers of large numbers of people across many constituencies of almost every nation, usually no politician has or is willing to spend political capital to shoot themselves in the foot like that. And no nation with a national telco company runs it well enough to ever even dream of spending money for something like IP addresses, they typically barely keep the lights on.
https://help.twilio.com/articles/223133767-International-sup...
I find that abusive on its own but let’s not forget about the fact that now you have victims of domestic violence being forced to answer hidden numbers in case it’s welfare, or the cops, or their abusive spouse.
I don’t think caller id blocking would work with the police, they almost certainly have the ability to unmask your number if they want.
If your carrier accepts a spoofed call they're already violating FCC recommendations.
Preventing number spoofing would help significantly with spam calling. At least the ones from local numbers.
Is there really not a way to submit an express FCC comment that avoids all my personal info being publicly published to the web? Yeesh.
And if you think your name and address are private, then I have some bad news for you.
(Don't quote me on this, if somebody knows better please fill me in)
Publication is probably a bit much as a default and chills speech a bit, but it’s also important that the federal register can remain public with all public comment on the web. These are official comments on the record.
don't see the harm in this? isn't this already the case for 99.9% of phoneline havers already?
I can think of a half dozen ways that can get abused. Remember that in the states policing is decentralized. There is always some department somewhere willing to abuse their power. Look at how flock has been used to stalk partners, or how geofencing was used to sweep up everyone in the area of a protest, or how stingray is used to listen to all calls in an area. This is opening up avenues of abuse for almost no benefit.
More concretely, famous for supplying bulk data to the surveillance industry for a nominal fee. That is ostensibly the goals behind this development - all of these companies demanding phone numbers for "verification" and snake oil "2FA" want to reliably dox 100% of their users rather than just 80%.
Neither of these are true anymore.
Also, the tone is set from the top.
Do you think the current admin cares about actually tackling fraud and abuse?
The US seems so backwards at times.
Nonsense TDS.
there are many, many public reports of ICE detaining individuals merely for having a spanish accent. they've detained US citizens multiple times, even deported some, because they were hispanic.
I highly recommend reading the news...
Back in the days of rotary phones, not only did the phone providers have your name, they even listed it, your home address, and your phone number in the white pages of the phone book, and everyone in town had a copy of it. Before the rise of microcomputers which enabled data tracking and robocalls, which in turn gave rise to demand for privacy from spam, having that information out in public wasn't a problem except for edge cases like domestic abuse victims or people in a witness protection program. The 99.9%, though, are still getting tracked no matter what, and I sometimes wonder if we've sacrificed the convenience and confidence of the phone-book age for an illusion of privacy that relies on anxiety.
Instead of the government actually trying to catch money laundering, they just make 3rd parties like banks and payment processors judge, jury, executioner. Effectively giving them the power to decide who can do business. And if they decide you can’t, you have no recourse. If the government didn’t give this power to private companies, they would have to prove in court that you are doing something unsavory. And to people saying KYC/AML works, sure. HSBC was laundering billions and these guys know how to get around KYC. You’re just screwing over common people at this point and giving banks and financial institutions power to skirt due process.
This seems so clear to me; KYC is an end run around the constitution.
But how do we stop it? If we legislate "no KYC" then what is my recourse when an imposter empties my accounts? You'd want it to be at least allowed.
But if we allow industry to require KYC "we will only deposit your pay to a verified bank account" then you may end up with de facto KYC if not de jure. But if you tell businesses they may not require it, it enables other kinds of fraud.
Legislation does not constrain people who will to do evil.
Use Monero as much as possible. If enough people adopted it, there's absolutely nothing they could do to stop it short of turning off the internet entirely. Even China, with the strictest internet controls in the world, hasn't managed to stop people paying for banned goods and services in crypto there.
Ever since 2020, I've seen more stores that won't take cash, and refuse to go there on principle even if I was going to pay with card anyway.
That's already an issue with most cell phones. Making this apply to prepaid phones is even worse.
Like that is Carr's FCC in a nutshell - he wants to control speech by controlling the airwaves. That is a raw fact in his behavior. But when the news stations say the thing they want them to say, what happens next other than slightly extending the definitions of public good to the internet and then restricting speech?
We have a real problem with people in government buying into the idea that it's basically a private company set up for the benefit of one man in particular.
What they'll do, what they always do, what you can see them actively doing (albeit on other policy axis) even at the local government level, is simply scrutinize these people for other laws they've broken or rules they've run afoul of and then enforce the shit out of those.
https://www.pcmag.com/news/apple-expands-this-location-focus...
My purchasing data is not much better, two purchases so far this year other than my three monthly bills and groceries once or twice a week where I also get cash for my other expenses. I don't do this out of concern about being tracked, just how I live my life. Sometimes I leave my phone off for a week, nothing bad happens, at least nothing that having my phone on would have prevented.
A) Be tracked
B) Use a phone not connected to your identity
C) Go without a phone sometimes
The FCC's proposed change would remove one of those options.
Sure, not much money to be had by fighting that fight but basically any PAC should have the means to do this and by claiming money is at stake and not people's actual safety you do have a better chance at this not being dismissed because of how your justice system /is/.
One could argue that it's a failure of law enforcement or telcos or regulators to do enough to prevent fraud and maaaaybe bring a class action or something, but that's a massive stretch.
Suggest phone scams are a $26 B per year industry.
Not every unjust, stupid, or evil thing is illegal.
Even when something is illegal, that doesn't mean you have standing to challenge it in court, or that a given court has jurisdiction to do anything about it.
Courts (theoretically) follow rules. They can't just randomly set things aside without some basis in those rules. Lawsuits are not a magic universal remedy.
You could definitely argue that courts don't always follow rules, and that the Trump administration is doing everything it can to make that worse, but the changes they're making aren't going to work in your favor, because those changes are in the nature of "we can do whatever we want, and fuck the courts if they don't like it".
The true american dream.
What they did not do was to sue their way into power. I mean, yes, they used the courts at a few key points, but that wasn't the core of it, and the smart money says they could have done it without, say, Bush v. Gore.
The new court approaches of the 1950s through 1970s were a product of politics way, way more than a driver of it, and so is the present reactionary judicial backlash. In fact, the biggest thing I'd say you could argue was the courts leading, Roe v. Wade, worked for a few decades, but at the same time set up a ton of resentment that was later exploited to help blow up the whole system around it.
And if you go back far enough, you run up against a violent revolution, also not conducted in court. Although even there it's important to remember that revolutions invariably fail if they don't have huge political support first.
So, if you want to actually do something, go elect some politicians who will clean up the mess. By the way, that doesn't just mean going back to the way things were one day before Trump. It means fixing the long-term institutional decay that let Trump and his manipulators cause so much chaos when they happened to win an election with honestly not overwhelming support.
[By the way, I need to edit this: This particular authoritarian move is relatively bipartisan and represents an attitude that's become depressingly common all over the planet. Nonetheless, if you want to do something even about this, the answer is still political.]
>AI slop art right at the start
Instant close
My guess is that there's some requirement that if it's a working number, it must be able to dial emergency services and that's the loophole that's being exploited. So the FCC's answer is if all numbers must work, push the check directly on the subscriber.
To your point about emergency services—while it's true that any unactivated phone must be allowed to dial 911, that rule only opens a one-way path to emergency dispatch. It doesn't give a device the ability to place outbound calls to everyday citizens. The real loophole isn't a public safety mandate; it's the wholesale VoIP market.
Patrick: Yes, so "Know Your Customer" (KYC) and "Anti-Money Laundering" (AML)
are mandatory elements of the international compliance regime that have been
in place in the United States since the early 1980s. Over time, this regime
spread globally, largely fueled by the U.S. leveraging the dollar as a tool
of foreign policy—a point where I find myself agreeing with critiques from
the crypto community. Their complaints about this are largely accurate. You
can see this clearly in the documents as these laws were passed and as
supranational bodies increasingly tightened regulations on banking secrecy
havens.
https://www.bitsaboutmoney.com/archive/kyc-and-aml-beyond-th...
https://www.bitsaboutmoney.com/archive/nonprofit-indicted-ba...
https://www.complexsystemspodcast.com/episodes/splc-financia...
https://www.complexsystemspodcast.com/episodes/defendant-cen...
In the era of Target specialized AI that can mimic voices, writing styles, communication is now fundamentally compromised without some sort of actual reform
For example, why isn't it the default that when a telemarketer calls me it's not a video call? And why can't I preview their video stream prior to answering?
I get its "impossible" to make everyone change, but i do think we should push forwards...
They may or may not be better. What they _aren't_ is "widely available."
Also I feel like a lot of people forget that phones still work even if the power grid is disabled. Your replacement should have the same attribute.
> why isn't it the default that when a telemarketer calls me it's not a video call?
How about when I block you I block the underlying service number and not the fake caller ID number. If a company gets blocked by too many customers it is automatically disconnected from the network.
This is _our_ network. Not the spammers. All companies use it by our leave. They wanted common carrier status and that should have a price.
- It is kind of expensive,
- You are forced to provide it to many official institutions,
- It is the default or mandatory insecure 2FA for many institutions,
- It always get leaked somewhere and is one of the most common/reliable identifier.
We still have them around governments and telcos love it and old people and scammers are its last users.
We've been paying for v4 and v6 for decades but somehow we cannot get rid of v4. My guess is there are a lot of interests at play.
Most major telcos worldwide outside the US have strict KYC rules, this is not a battle you are going to win, because there are very few legitimate reasons in support.
This means the parents of adult scammers too. Every scammer has a mother and father who are failing them. If they were doing their jobs, this wouldn't be happening.
https://www.federalregister.gov/documents/2026/05/26/2026-10...
I think that gets you most of the way to a link that somebody on HN dropped a few days ago:
https://www.fcc.gov/ecfs/filings/express
It requires the docket-id to complete:
Docket No: 17-59
You can double check that Docket Number here: https://www.fcc.gov/document/fcc-seeks-comment-enhanced-know...
Our democracy in action.
Phone numbers were designed with the idea that they need to be easily memorizable in your head but I don't think that's really needed today.
At any moment I should be able to discard my contact and redistribute it on my own.
The idea that old numbers get recycled is completely ridiculous as well.
The problem is, with a phone number anyone can. Phone numbers need to operate more like a shared secret.
I was getting an oil change the other day and the guy asked me for my phone number...
I said why? Do you need to call me?
He said, no we just need it to put in the system and it won't let me proceed without one.
I said ok well here is a fake number since you don't need to contact me.
He was visibily frustrated with me, yet inputed the fake number and it allowed him to proceed.
My point with sharing this story is it seems like we have forgotten as a society what the purpose of the phone number is. Your supposed share it when you want to be able to communicate that's it.
It's turned into a required chokepoint to do anything.
Maybe I haven't tried playing with enough "burner" phones :\
Also blanking on a time when you legitimately need to have a phone and not provide your name... anyone have examples?