“Consumers need and deserve a regulatory regime that safeguards the reliability of the voice network for legitimate calls as much as they deserve protection from unwanted calls.”1 In its comments in this proceeding, NTCA—The Rural Broadband Association summarized in one sentence what took us at Numeracle 43 pages to explain. The Commission should use the above statement as a guiding principle as it contemplates how it should regulate blocking and labeling spam calls and how the caller’s name is presented to the call recipient. Numeracle enthusiastically supports presenting verified, accurate information about the caller to the call recipient. Different names have been used with different technologies for caller name display: branded calling, rich call data, CNAM, caller name delivery, and verified identity presentation. The name currently in widespread use in the industry is branded calling. But Numeracle does not support all implementations of branded calling. Branded calling should: 1) have standards-based Rich Call Data (“RCD”) with caller identity information vetted pursuant to strict Know Your Customer (“KYC”) requirements that is securely embedded in call signaling and presented to the call recipient; and 2) be sold in a free and fair market that is not controlled by a consortium of analytics engines2 (“AE”) whose inaccurate labeling has created the need for branded calling in the first place. CTIA’s comments introduced its BCID initiative, which satisfies the above requirements. Numeracle is a participant in and supporter of CTIA’s initiative as we think it provides the best pathway for presenting accurate caller information to the recipient. CTIA summarized its initiative in its comments:
CTIA is currently developing an RCD-based service called Branded Calling ID (“BCID”), which will utilize ATIS’s RCD standard for purposes of branded calling. Consistent with other branded calling approaches, RCD leverages the STIR/SHAKEN framework. The FCC’s Call Authentication First Report and Order, which mandated deployment of the STIR/SHAKEN framework, noted that the framework is “a flexible solution with an industry-led governance system that can adapt and respond to new developments.” Consistent with that guidance, ATIS has adopted the RCD Standard, which governs the use of PASSporT extensions defined in the SHAKEN ecosystem specifically for RCD. Importantly, the RCD Standard incorporates robust vetting practices, which is consistent with industry trends to enhance KYC activities and will further help to enhance trust in call authentication approaches. Indeed, the cornerstone of RCD includes thorough vetting and KYC protocols, which ensures that the call originator is who they claim to be.3
Numeracle is assisting in this advancement by using its robust KYC experience and technical expertise to help CTIA and other participants develop a process to display the caller’s identity to American consumers in a secure and competitively fair manner.
Numeracle supports branded calling. We sell it. We think it is helpful for some entities making outbound calls. But not all branded calling is the same. All implementations of branded calling have the same goal of presenting identifying information to the call recipient, but current in-market solutions are closed garden, proprietary systems requiring a specific AE provider or the installation of a specific app on the phone. Other recently proposed types of branded calling are based on neutral industry-adopted standards. Security varies—some existing solutions can easily be fooled by spoofing the telephone number, resulting in maliciously spoofed calls receiving the same display as legitimate calls. The type of presentation also varies—a limited number of devices currently support displaying the caller’s logo, while most simply display the name. CTIA’s implementation, which CTIA refers to as BCID, is a well-crafted solution that provides innovations in security, fairness, openness, and accuracy. It is a far superior solution for presenting the caller’s information than trying to rework CNAM as CNAM was never secure and cannot be retroactively secured:
Specifically, because branded calling leverages the STIR/SHAKEN framework, it introduces mechanisms for authentication, verification, and transport of calling name, call reason, and other enhanced caller identity information, such as brand images or company logos. In general, branded calling solutions are designed to establish or rely on a chain of trust throughout the call path, starting with the call originator, then the originating voice provider, through to the terminating provider, and ultimately to the consumer’s handset device. In short, while CNAM databases continue to serve a role in enhancing trust in caller ID, branded calling solutions that rely on data from the STIR/SHAKEN framework are particularly promising because STIR/SHAKEN has been specifically designed as an authentication solution, unlike CNAM.4
As proposed by CTIA, BCID is a superior solution to the branded calling products on the market today that suffer from security concerns and control by a small number of gatekeepers.
The comments submitted in this proceeding show widespread support for RCD from across the ecosystem as a method to ensure the accurate display of caller information to the call recipient. CTIA, the Ad Hoc Telecom Users Committee, the Cloud Communications Alliance, INCOMPAS, Neustar, Somos, TransNexus, and Verizon all support the use of RCD.5
Commenters agree with Numeracle that attested calls from known callers should not have their caller name presentation overridden by spam labels.6
The only defender of traditional CNAM in the comments is the company that operates and sells the “Largest Line Information Database (LIDB) in North America” for CNAM—Neustar.7 Other commenters universally pointed out the security flaws and other limitations of traditional CNAM.
Numeracle agrees with bolstering security in branded calling. But it should be done with a focus on identity and based on broadly applicable standards like RCD and not a proprietary solution for a company that participated in creating the problem it now purports to solve. Numeracle stated in its comments that current branding solutions are not secure. That was an incomplete response. There is a proprietary solution developed by one AE to combat the insecurity in its earlier branding solution. Specifically, because branded calling is susceptible to spoofing, one AE has an out-of-band call announcement to inform the terminating device that a branded call is on its way. This particular AE’s process reduces the security flaws inherent to the branded calling solutions currently supported by AEs, which Numeracle detailed in its previous comments. Use of this more secure solution is not enabled by default but requires callers to pay the AE more for this additional optional feature. Numeracle is not aware of other AEs offering similar security improvements. While we appreciate the recognition of the problem by this AE, the introduction of security improvements as an additional paid feature is concerning. Securely transmitted, reliable caller identity is in the public interest and requires common standards to effectively promote consumer trust. While we respect and appreciate that private companies need a return on investment in order to justify improvements, this is precisely why a common standard should be established for secure caller identity.
Numeracle was not the only commenter to point out the conflict of interest inherent in the business model where the company doing spam labeling and blocking is the same one with paid solutions. The Insights Association joint comments also highlighted this conflict:
[T]he Commission should recognize that current redress options available in the marketplace are not working adequately. Calling parties have little choice but to purchase solutions to prevent improper blocking and mislabeling from the very same analytics providers that make blocking and labeling decisions. Analytics providers have a strong incentive to overblock and mislabel since they sell both the disease and the cure. Paying analytics providers to resolve issues can cost medium-sized firms hundreds of thousands of dollars a year. As a result of these marketplace dynamics, consumers lose out on calls that they may want, and calling parties cannot afford to pursue opportunities to reach members of the public who may wish to hear from them. The Commission should conduct a thorough review of existing redress mechanisms in the marketplace and demand better.15
Joint comments filed by the American Bankers Association and other financial institutions and trade associations also noted that the purchase of branded calling services is necessary to ensure that the caller’s name appears to the call recipient.16 The problem with the AEs selling branded calling and doing spam labeling can be distilled into a simple Catch 22: If a caller is making spam calls, the AE should not sell it branded calling as a bypass to spam labeling. And if a caller is making legal calls, the AE should not be labeling the calls as spam in the first place. Numeracle customers have informed us that soon after registering their outbound telephone numbers at www.freecallerregistry.com—the joint registry established by the three major AEs to facilitate phone number registration—they received a solicitation from one of the three AEs to purchase branded calling. The conflict of interest Numeracle pointed out in its comments is further exemplified by this example of an AE apparently using the free registration process as sales lead generation for its branded calling product.
The Commission’s diligent efforts to fight robocalls through STIR/SHAKEN will be for naught if the remaining TDM gaps in IP networks are not eliminated.17 Neustar estimates that 80 percent of enterprise-to-mobile calls do not have any STIR/SHAKEN attestation.18 Given that most STIR/SHAKEN extensions and exceptions have been eliminated, the low rate of STIR/SHAKEN attestations at the terminating end of calls is likely due to call signatures being dropped because the call transits a TDM network or because noncompliant carriers are not following the Commission’s rules.19 The Commission should collect data about the low rates of signed calls making their way all the way to the terminating device.
Verizon and Neustar both pointed out that signing fraud is rampant. Calls that should not have been signed at all or should have received a B or C attestation are instead receiving A attestations.20 Verizon’s perspective highlights that because attestation is inherently a voluntary designation by the signing service provider, which may or may not be the true originating service provider, it is not considered an actionable source of trust information by terminating providers. RCD-based branded calling as created by CTIA creates actionable information verified through a trust framework that requires rigorous KYC and embedding the caller’s identity—not just a phone number—in the call signaling.
Numeracle was created to support callers and their service providers in navigating the problems created by inaccurate AE call analysis. Our business has grown in part because the problem of inaccurate labeling by AEs has grown. Numeracle’s customers are willing to complete a rigorous KYC process to avoid spam labeling. For more than five years, Numeracle has helped almost a thousand customers with hundreds of thousands of phone numbers aggrieved by inaccurate labeling.21 No company would purchase our services if there wasn’t a need for them. Interestingly, no commenter vouched for the accuracy of labeling except for the AE companies doing the labeling. The following comments show the widespread concerns about the AEs imposing inaccurate label on legal and wanted calls:
The comments filed in this proceeding by the First Orion and TNS concede that their algorithms and the data that feed those algorithms are often inadequate to accurately label calls because they lack essential information. In fact, the high success rate that Numeracle has usually had with the AEs when contesting spam ratings shows that the AEs implicitly agree that rigorous KYC and knowledge of a customer’s calling practices as done by Numeracle achieves a better determination of whether a call is spam than an automated algorithm operating without this information. First Orion commented that “false positive rates are extremely low” and that “[b]y registering business information and numbers associated with call campaigns, callers provide important information to the AEs for use in analytics thus greatly reducing the likelihood of erroneous labeling and blocking.”28 The reality is that the minimal caller data currently utilized by AEs, even for registered phone numbers, limits their ability to accurately assess their own false positive rates. In its comments, First Orion appears to be agreeing with Numeracle that receiving vetted information about callers improves the accuracy of spam labeling. Let’s take that one step further and embed that information in the call signaling to minimize the need for registration and remediation in the first place. Numeracle is ready and willing to share what we have learned over years of verifying caller identities and to collaborate with all parties in establishing open standards to improve the accuracy of caller identity and call intelligence. TNS urged the Commission to promote best practices to combat inaccurate labeling:
By promoting best practices, the Commission can assist legitimate callers in avoiding the mislabeling of their calls. Highlighting these best practices will mean a lower likelihood that legal callers mistakenly engage in actions that analytics associate with bad actors, resulting (even temporarily) in negative call labels. Increased diligence by legitimate callers will benefit both call originators and call recipients as illegitimate calls will be easier to detect.29
By urging legal callers to use so-called “best practices,” TNS is implicitly indicating that 1) its analysis is based largely on call activity and not the identity or trustworthiness of the caller, and 2) it cannot currently differentiate between legal and illegal calls without callers acceding to TNS’s preferences on how phone calls should be initiated. If TNS’s algorithms to identify spam cannot detect when “legal callers mistakenly engage in actions that [TNS] associate[s] with bad actors,” TNS has no compelling rationale to be applying spam labels to those calls. TNS stated in its comments that it “receives very few, if any, complaints about its call labeling practices.” Numeracle considers every remediation request for an undeserved “Potential Spam” label to be a complaint.30 Numeracle submitted 254,571 such complaints to TNS during the first five months of 2023, or an average of more than 11,000 per week. Since Numeracle filed its comments on August 8, we have made great progress with Hiya on resolving spam labeling issues for Numeracle’s customers. Hiya’s registration and remediation process is free of charge,31 and while we previously had issues with its accuracy and effectiveness, we appreciate Hiya’s willingness to work with Numeracle to deliver accurate information that benefits both callers and call recipients. Numeracle remains willing to work in good faith with all AEs and voice service providers to improve labeling accuracy and security.
Several commenters pointed out that inaccurate labels harm consumers because important calls are labeled as spam and consumers are less likely to answer calls with a spam label. “[T]he mislabeling of an outbound calling number can significantly impair a lawful company’s ability to communicate with its customers. Moreover, the customer is harmed by being misled into believing what may be a critical informational call is spam or a scam call.”32 The banking industry reported that fraud alert calls have been labeled as spam.33 INCOMPAS noted that inaccurate spam labeling “leads to a guilty until proven innocent ecosystem that ultimately harms the consumer.”34 INCOMPAS further noted that calls are labeled as spam that consumers specifically consented to receiving. “[B]anking institutions place numerous calls for fraud alerts and debt collection that may look like unlawful robocalls to a software program, but not only are they legal, they are explicitly consented to by the called party in its contract with the banking institution. This blocking is occurring even when those calls have earned an “A” attestation level in the STIR/SHAKEN call authentication framework.”35 Reply Comments filed by the National Consumer Law Center, Electronic Privacy Information Center, and Public Knowledge concur that consumers are harmed because the “torrent of illegal calls” mixed with legal calls results in “legal calls end[ing] up mislabeled or blocked by downstream providers seeking to protect subscribers from illegal calls.”36 Labeling is in many ways more pernicious than blocking. Call blocking results in an indication of call failure reported back to the caller and the recipient is unaware of the blocking. Labeled calls result in no notification to the caller and create an active negative impression to the consumer, reducing the consumer's trust in communicating with a caller even if a label is subsequently removed. This harms the caller’s relationship with the call recipient. YouMail, an independent AE, noted that spam labeling dramatically decreases call answer rates: “In one case, the answer rate for legal and desired calls from a number later labeled as “scam” was more than50% over all three major mobile carriers. After one carrier mislabeled calls from the same number as “scam,” answer rates for just that carrier’s end user customers dropped below 10%,virtually the same as if the carrier had blocked the number outright.”37 INCOMPAS shared Numeracle’s concern that inaccurate spam labeling and the lack of feedback on labeling threatens the future viability of the PSTN. “In fact, the "black box" of terminating provider’s call analytics is a threat to the Commission’s efforts to ensure that calls are delivered in a non-discriminatory and competitively neutral manner, and it is becoming clearer that these analytics are deployed unevenly and without transparency and accountability .Indeed, the continued lack of effective feedback to upstream providers from terminating providers and their analytics companies disclosing both blocking and call presentation determinations is significantly impacting the health and future viability of the entire PSTN.”38
TNS touts the example of a college admissions office as to how the process is workingproperly.39 On the contrary, this example shows everything that has gone wrong with labeling and remediation of incorrect labels. The college admissions office in question is a Numeracle customer that signed a contract with a Numeracle partner for telephone number registration, monitoring, and remediation because the college’s calls had been labeled in the past as spam. This college makes outbound calls for a variety of purposes, including responding to inquiries from prospective students, communicating with successful applicants, administering financial aid programs, and providing information to current students. Numeracle registered the college’s telephone numbers with TNS in March of this year. This is in conformity with TNS’s public statements that registration helps legitimate callers avoid spam tags.40 Nevertheless, a week later, TNS labeled several of this college’s outbound calling numbers as “Potential Spam.” Did TNS first contact Numeracle or the college before labeling the calls? No. TNS had the caller’s name and phone numbers, as well as Numeracle’s contact information. Did TNS claim these calls were illegal—either then or in its FCC filing? No. TNS cites a spike in call volume, which can be for any number of legitimate reasons. TNS’s comments establish that there was no indication that the phone number had been spoofed by a bad actor. Rather, TNS objected to this legal caller’s individual calling pattern. These calls were wanted—in fact requested—by the recipients. But because of earlier experiences with unfixable spam labels, the caller rotated through outbound phone numbers to fresh numbers when existing numbers had received unjustified and unfixable spam labels.41TNS rejected several of Numeracle’s initial remediation submissions on behalf of the college. Numeracle’s general counsel escalated the issue to TNS’s outside counsel. A temporary override was done for some numbers the following day. Three days later, one of the college’s phone numbers was still being labeled as “Potential Spam.” A month later, other numbers used by the college were again flagged as “Potential Spam.” The last spam tag was June 5, which was also the date Numeracle began submitting number registrations to TNS under a renewed paid agreement between Numeracle and TNS for phone number reputation monitoring. As described in Numeracle’s comments,42 once Numeracle resumed paying for monitoring, TNS’s spam tagging decreased dramatically across the board. This example confirms that pattern. None of the college’s phone numbers have been labeled as spam by TNS since Numeracle resumed paying for monitoring. TNS’s counsel communicated to Numeracle that “if the applicants know and recognize the college’s admissions number (or had it in their contacts), then the recipient can answer.” Is TNS’s solution for mislabeled calls really that American consumers have to memorize (or add to contacts) every phone number for every business or institution they interact with? When filling out a webform to request a callback, the number that will call is generally not provided. Expecting consumers to add to their contacts all phone numbers for every entity they may interact with in the future is impossible and not a viable solution to inaccurate spam labeling. This college hired Numeracle, registered its numbers, engaged the assistance of Numeracle to advocate for it, got a temporary override through Numeracle’s counsel’s engagement with TNS’s outside counsel, and still had its calls labeled as “Potential Spam.” The spam labels did not disappear until Numeracle resumed purchasing monitoring services from TNS. If this is success and the process legal callers are expected to follow to avoid spam labels, we are all left to wonder what failure looks like.
Since Numeracle submitted its initial comments, additional specific instances of inaccurate spam labeling have come to our attention.
As stated in Numeracle’s initial comments, the only entities with comprehensive data about the prevalence of spam labeling and the success rates for registration and remediation are the carriers and the AEs. The Commission should conduct a robust data gathering effort as suggested by the Enterprise Communications Advocacy Coalition43 so that the Commission can make policy in this field with hard facts.
Numeracle was not the only commenter to note the problem that newly issued numbers are routinely being labeled as spam by the AEs. The Cloud Communications Alliance and INCOMPAS shared Numeracle’s concerns.44 YouMail, an independent AE that works closely with the Industry Traceback Group, noted that number rotation to avoid phone numbers tainted with spam labels is contributing to exhausting the telephone number pool.45 While Numeracle does not advocate number rotation, number rotation is increasingly being used by even legitimate callers who are frustrated with ongoing false labeling and the difficulties of remediation.
In its comments, Numeracle proposed that identified callers who embed their identity in the call signaling should receive notification of spam labeling. Many commenters in this proceeding made similar proposals to require notification of labeling or the removal of call presentation information.46 For example, the Cloud Communications Alliance urged the Commission to require labeling feedback and redress for labeling: “To protect legitimate callers from having their legal and often wanted calls mislabeled, and consumers potentially missing important notifications that are mislabeled as spam or scam calls, the Commission should promptly act to extend existing notification and redress protections to labeling.”47
The oft-quoted statement that “every system is perfectly designed to get the results it gets” rings true for the problem of caller identification. The companies currently charged with filtering out illegal calls for the largest consumer phone networks in the United States are mired in conflicting interests, which limit their ability and incentive to perform that role effectively. To the contrary, by controlling sole access to solutions for call reputation and branded calling solutions that meaningfully impact their own labeling, these companies have an incentive not to effectively solve for trusted caller identity so that the market for their own solutions persists indefinitely. Many have said “there is no silver bullet” in the fight against robocalls. That phrase has been used 79 times in FCC filings in the robocall dockets. It is time to retire “silver bullets” and solve the problem. To Numeracle, this phrase is acknowledging failure as though the problem is insurmountable and endemic. We do not accept this view. The problem is surmountable. It is a matter of the right information being acquired through KYC and made actionable through secure transmission of this information to the call recipient.
Respectfully submitted,
NUMERACLE
Keith Buell
General Counsel and Head of Global Public Policy
Rebekah Johnson
Founder and CEO
Sarah Delphey
Vice President - Trust Solutions
Pierce Gormana
Distinguished Member of the Technical Staff
Brett Nemeroff
Vice President of Engineering - Voice
7918 Jones Branch Drive
4th Floor
McLean, VA, US 22102
October 3, 2022
