Why Controlling Spam is a Tough Job

  • Post author:
  • Post category:
    regulation

I did not consent to any of the political text messages I received in the last election cycle. Not one. It didn’t matter whether I endorsed the candidate or supported the cause—no one got my permission to bombard me with text messages. And yet they did, many times. 

Will the FCC’s Notice of Proposed Rulemaking (NPRM) 21-402 solve this problem? 

Short answer: no. 

The FCC NPRM

The FCC is considering implementing new rules it thinks will clamp down on unwanted messaging. The document outlines the scope and urgency of the issue and how the commission thinks about the problem. However, it is easy to get misled by the inquisitive tone of the document. 

An NPRM lays out the rules the FCC wants to implement. It’s a trial balloon about what it plans on doing. Sometimes it follows through and adopts the rules as proposed. Other times it makes changes, and in rare cases it completely shelves the idea. For planning purposes, however, it is safe to say that an NPRM is a rule in draft form. 

Before we dissect why this NPRM is unlikely to solve the spam text problem, let’s define spam. This is tough and risky. In fifteen years, I’ve never met a company that claims it sends spam. Even the FCC has never defined spam. Doing so would require too much context. Instead, it primarily relies on its definition of  “telemarketing” as a proxy for spam. 

A Non-Telemarketing Definition of Spam

Calling all unwanted messages spam gives no room for an in-depth discussion about permission-based messaging. Trust is at the center of permission. 

If your dentist sends you an appointment reminder, that’s wanted. However, if she sends you coupons offering 50% off your next cleaning without giving you a heads up, that’s unwanted. If a dentist you don’t know texts you discount offers on teeth whitening, that’s spam. If an unknown number sends you a funky URL to claim your free teeth whitening package, that’s phishing. 

This practical, example-based definition works for understanding the issue and thinking through possible solutions. Under the FCC’s pseudo definition, the political messages I got wouldn’t be impacted. Political messages don’t meet its definition of “telemarketing” (though some argue political messages should be considered telemarketing). In the dentist example, even with a prior existing relationship, it would skid into telemarketing without giving the dentist any notice or the receiver any recourse. 

The NPRM’s Big Picture

The FCC’s reform proposals fall into three broad buckets. First, use something built for the phone call (STIR/SHAKEN) in text messaging. It works on voice, so why not make it work for text? The second is to expand the Do Not Originate (DNO) database from which all messages are blocked. The third is mandatory blocking from any unassigned phone number or unknown number. 

Proposal 1: STIR/SHAKEN Worked for Voice; Let’s Use It for Text

Uneven implementation aside, STIR/SHAKEN has improved the quality of voice traffic. It has created a “heads up” that lets a recipient network know if a call can be trusted. Before, the only way to know an unknown caller ID was to either answer the call or let it go to voicemail. STIR/SHAKEN gives carriers a choice. But while it has made spoofing caller ID harder, it hasn’t stopped spam calls. I still get roof repair and solar panel replacement offers nearly everyday. Blocking a number only makes them use a different caller ID.

Additionally, spoofing of caller IDs is peculiar to voice calls. In the US, SMS requires a valid long code (ten-digit number) or a short code number (five- to seven-digit number). Caller ID spoofing in SMS is nearly impossible. Even in foreign markets where alphanumeric (text) caller IDs are allowed, verified sender programs are clamping down on this practice.

Moreover, STIR/SHAKEN would solve neither the issue of political messaging nor the dentists (including phishing). All these players use a STIR/SHAKEN-compliant phone number from a verified CPaaS player. The phone number itself is verified, even if the one sending may not have been vetted.  

Also, because much of the enforcement of STIR/SHAKEN is left to the recipient networks, almost all traffic goes through. Any rejection of traffic is after spam is reported (and the reason why everyone in the industry hates STIR/SHAKEN). This, combined with the fact that there is no way to pretend to be a number, makes the investment in a text-messaging version of the framework not worth the marginal improvements. 

But Is There Another Way? 

In computation, text will always be easier to process than sound. When it comes to text, the message has already been composed on some screen, then stored on some server before it enters the network. Unlike a phone call, text messaging is asynchronous and can be moderated in different ways. It can be decoded offline. 

Machine-learning frameworks such as GoogleNLP can classify in real time if a message is in one of the SHAFT (sex, hate, alcohol, firearms, tobacco) categories. I’ve seen GoogleNLP look at a seemingly innocuous one- to three-word text message back and forth and rightly classify the conversation as adult content.

Any network can use this technology to tag the message appropriately and decide delivery. In light of these AI advances, using STIR/SHAKEN for SMS would be like frisking every shopper when the shoplifter is in plain sight. 

Proposals 2 & 3: Let’s Expand the DNO and Then Block Messages Coming from Them

In addition to solving a problem that doesn’t exist (spoofing), there is one big reason why expansion of a DNO database would not work. 

A globally callable phone number can be up to sixteen digits long. As such, the universe of unassigned numbers will always be larger than the one of assigned numbers. Moreover, an unassigned number can be assigned to a sender in seconds. 

In our example, if the political campaign were assigned a new number, the risk of getting a non-functional one would be high. If there is a lag between database updates, you could punish a number before it has the chance to become useful. 

Having a database is an after-the-fact correction. It will never be able to keep up with the speed of phone-number provisioning. This solution, too, falls into the “barely keeping up” category.

Is Spam a Big Enough Problem?

Yes. It’s not that the spam message counts are low (they are) relative to the total traffic, but even small, well-crafted phishing scams can cause big damage. SMS is the bullhorn in my phone that can be used by anyone who knows my number. It can be easily misused to destroy economic value and privacy. 

As an industry insider, I know that not all phone numbers are created equal. I know that a short code is more trustworthy than a toll-free number, which is more trustworthy than a generic ten-digit number. Many don’t. If my bank texts me a personalized message from a random ten-digit number, I reflexively ignore it. I know some who wouldn’t, and that is a serious problem. 

The FCC is right to ask the industry to do something about the levels of spam. It’s not that the proposed methods won’t work but that they won’t do enough. Yet, if this NPRM is adopted as is, the FCC will mandate, the industry will comply, and unwanted messaging will continue. A true opportunity to preserve the power of text messaging would have been lost.  

This Is Personal

While the political messages I received may have been unwanted, some of them were useful. There were issues at play that I didn’t know about, and some races were tighter than I had suspected. If those messages had been blocked by a carrier or an intermediary, arguably, I wouldn’t have known the stakes. 

Free-speech proponents will pounce on this statement and ask for no blocking. That’s idealistic, self-serving, and tone deaf. Some of these campaigns had no respect for consent or peace of mind, texting me several times a day and from different phone numbers. Opting out on one didn’t automatically opt me out of another.

Unwanted messaging is a serious problem, not only for the messaging industry but also for the senders of the content. There is a need for a clear expectation and enforcement of responsible behavior that only the FCC can provide. 

Finally

Every network has a spam problem, and every spam problem becomes a content moderation issue. Twitter, WhatsApp, Signal, and Telegram all have one. Once a network scales, spam, even in small percentages, can kill it (just ask Friendster and MySpace). Unlike these single-administrator platforms, the phone network is a kluge of networks that are interconnected with and layered on each other. This makes spam containment harder and requires creative solutions.

Any solution should include robust information exchange among providers in the text flow to identify and deter spam before it’s launched. The real solution, therefore, requires group work driven by a shared vision of universal, end-to-end interoperability. The best solution gives the user the choice. The simplest solution makes interoperability a top priority.