Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The solution is simple, and I've proposed it before.

If someone used spoofing to break the law, there's strict liability for some kind of statutory damages, say $100, applicable to everyone across the chain. I.e. I can sue Verizon for sending the call to my phone, Verizon can sue whoever connected to their network, they can sue whoever spoofed on their network, etc.

This will quickly lead to networks requiring proof of authorization or at least posting some kind of bond to be allowed to spoof numbers.

And there's no real downside. Nobody has a pressing need to spoof but not enough to post a bond convincing the phone networks that they won't break the law.



> The solution is simple, and I've proposed it before.

Actually, I think the solution is even simpler, and is already in place here in Europe: Make all calls cost a minimum of $0.25 to the caller.

The issue right now is that having a robot call a million phone lines costs basically peanuts. If a million phone calls cost $250,000 instead, then this sort of spam calling wouldn't be effective anymore.

And you don't have to wonder what it looks like. In Europe and the UK, the caller has always paid for the entire connection, including the airtime of mobile phones. It doesn't cost you a dime to receive calls on your mobile phone in the UK; but it costs the caller around 20p per minute. As a result, robocalling mobile phones is not cost effective.

No need for complicated regulatory intervention in this case.


So if I buy a $20 prepaid cell phone for cash and use it to robocall ten of my friends, they'd share $1000?


A network shouldn't allow a $20 prepaid cell phone to spoof numbers. Give it one number, if it starts spamming it can easily be blocked.


Yes, my $20 prepaid cell phone would only have one number, and would be blocked after my friends report the robocalls.

But whence comes the $1000 my friends are now owed, for the calls made before their complaints were filed?


I specified the fine would be for spoofing that broke the laws.

That would eliminate spoofing, which would make it much easier to identify where the bad calls are actually coming from.


Stating the obvious: you won't be able to buy a $20 burner without an ID and deposit if it can cause your carrier to incur a $1000 fine.


Yeah, a fail2ban would be great. Bell labs ushered in a lot of our infrastructure, it isn't like baby bells haven't been involved in the ecosystem that creates these tools, it looks like they aren't willing to lose any traffic.


Yeah, let's throw out the entire idea, because it is not perfect. Spoofing is the main problem here. If that was blocked the $20 disposable phone would be much harder and more expensive to exploit (his many disposable phones they would have to use to perform a single successful campaign?


Clearly you missed the part where the OP said SPOOFING of numbers.

Spoofing is a huge security issue, robocalling is annoying.


Things don't happen in a vacuum, don't be so dismissive. There would probably have been put something in place to stop a $20 sim from doing these things in the first place.


You could, but you also need to take into account the number travels with the SIM, not the handset.

The SIM is you. People already buy burner SIM's, and many countries have started to implement tighter controls on SIM purchasing in order to aid law enforcement's ability to track down telephony enabled crime.


So carriers are responsible for policing the content of calls?

I can think of no more blatant way to ruin net neutrality.


Not the content. The caller ID.


I agree, anyone, everywhere and anywhere in "the chain" is liable immediately - - that will change things promptly as Telecoms will not allow themselves to be liable . . .




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: