Canning Spam: Getting Rid of Robocalls

[music]

00:05 Paul Matzko: Welcome to Building Tomorrow, a podcast about the ways tech and innovation are making the world a healthier, wealthier and more connected place. I’m your host, Paul Matzko and I’m joined by Aaron Powell. Now, if your phone habits are anything like mine, you’re familiar with this pattern. It’s the middle of the morning, you’re at your desk, about half an hour into a work project when your cell phone rings. You glance at the screen, you see, it’s not a number, you know, but it is from your area code so you take the call. And then an automated voice tries to sell you, I don’t know, an extended warranty for your car or tells you the IRS is auditing you or something or the other. And you realize you’ve been the recipient of a robo-​call, you hang up in disgust and you try to get your head back into your work annoyed by the distraction. And this can happen multiple times a day. If you’re an ordinary American this happens as often as 150 times per year. The number of robo-​calls has exploded to nearly 48 billion calls in the US alone, last year. It’s a big problem and it’s gotten to the point where people are increasingly unwilling to use their phones as, well, as phones. Today we’re gonna talk with someone who has a possible solution for that problem. We’re here with Ethan Garr, Vice-​President of TelTech Systems. We’re gonna talk about his company’s solution for that problem. A piece of software called RoboKiller. Welcome to the show, Ethan.

01:23 Ethan Garr: Hey, thanks for having me.

01:24 Paul Matzko: Now to start us off, can you walk us through, first of all, what the robo-​caller people are doing. On their side, how do they make our phones think they’re receiving a call from another number? What’s their process?

01:38 Ethan Garr: Sure. Most of these automated calls you’re getting are auto-​dialed meaning they’re just automatically dialed and most of the time it’s pretty random. They’re not calling you because you’re on a list, they’re calling you because you’re the next number up. They start with everybody in your area code and they work their way up. But what you’re specifically referring to is known as spoofing and spoofing is the process by which you can change your caller ID. Spoofing’s a tool, but on the surface, it’s nothing more than a tool that helps or helps people in protect their privacy and security, but it can be misused for nefarious purposes, and that’s the problem. It has been used by telemarketers, especially in the last few years as a weapon against consumers. When they spoof their caller ID, they’re changing those phone numbers, mostly to try to dupe you into picking up the phone, phone call that you wouldn’t normally pick up. Neighbor spoofing where the phone number looks local to you is a very common one. We think it’s well more than 60% of the calls that are being made now.

02:44 Ethan Garr: Neighbor spoofing makes the phone number, look local to you. You live in the 732 area code, the next number that rings to you is a 732-555 number or a 566 number, that number comes to you and now you have a decision to make. Is it my child’s school calling, is it my pharmacy calling letting me know that my prescription’s ready. Or is it another scammer? More and more, increasingly, it’s becoming the latter. It’s the scammer calling you. But how do you make that decision? How do you know it’s safe to pick up the phone. So, RoboKiller is a tool that we’ve created that gets in that call path and makes the decision for you. It decides what calls are wanted versus unwanted based on a very complex and thoughtful algorithm that uses different tools, like audio fingerprinting, machine learning, and user feedback to power a block-​list in real time. And when we do that, we’re able to make those good decisions for consumers. So, we know which calls are the ones you want, we know when it’s your child’s school calling or your pharmacy versus someone just spoofing a phone number.

03:50 Aaron Ross Powell: How does this fingerprinting or machine learning work? Because… To analogize this to spam filtering, so I get, we get… Extraordinary amounts of spam e-​mails are sent out all the time but we seem to have mostly solved that problem and I basically never see them. But one of the advantages that the spam filter has is, it can, it doesn’t just know the sender, and recipient, but it can see the content of the email. So it can check that against patterns and whatnot, but with a call it seems like, just by its very nature, you don’t know what the content of that call is until you pick up the phone.

04:30 Ethan Garr: Exactly and that of course is the big challenge but RoboKiller actually can get in the call path on many of these calls. Your point is, is exactly what the problem is, if the phone number is spoofed, then whether you know that number… Whether you have that number on… If you don’t have that number on a list, or that number is changing every time it’s called, it’s gonna be hard to know which ones to block and which not to block. It’s not to say that we can’t use caller ID as a signal, but we are trying not to use it exclusively as a signal and instead use the audio within those calls. We’re doing a couple of things in terms of audio analysis. One is this audio fingerprinting. If you’ve ever held up your phone and said, “What song was playing?” Maybe you’ve used a product like Shazam, that’s audio fingerprinting. And that’s the process where audio is turned into data, and then data is compared from one data set to another and you can do some extraordinary things with that. On the surface, we can just simply look at one audio clip versus another and we can see if they’re the same audio clip. If it is we know it’s a Robo-​call, because humans can’t speak the exact same way every call.

[music]

05:38 Paul Matzko: How useful… When you say you fingerprint a phone call is the matter of… Is essentially like the, you can identify one robot that speaks two different messages, in other words like, is it the timbre of their voices or is it the words they’re saying, what’s being fingerprinted?

06:00 Ethan Garr: So, both of those things might be signals in an audio fingerprinting process. Essentially when we… When we look at audio fingerprints, one is just simply comparing blocks of audio against another. But we’re also using signals within the audio to look for different patterns that we know are specific to a recording of a human voice versus a human voice in a conversation. So the one nice thing is when a telemarketer calls you, there are certain things that they have to do in the patterns of their conversation that are pretty distinct because if they just take a break and they’ll talk to you for a few minutes, which might be more part of a conversation, that doesn’t bode well for trying to, for a sales pitch. So there’s different things like that that we can look at. But we’re looking at hundreds of signals all at once. I mean we’re looking at the time of day, we’re looking at where the calls appear to be coming from, we’re looking at caller ID and those things. But in certain cases, we can actually answer the call and do that audio analysis before we actually pass the call to you, and we’re getting better and better at that every day. And I think that’s really where our future is because we believe that as long as spoofing is growing and how it’s being misused, that you have to use audio to fight this problem. If you just use caller ID, your effectiveness is just gonna continue to go further down.

07:20 Paul Matzko: This sounds like Google’s Call Screen program, where it answers the call for you and says, “Who are you? Why are you calling?” It’s a robot interrogating their robot. And based on what it says, you can see a transcription on your phone and then decide whether to take the call or to mark it as spam. Is that a similar system?

07:46 Ethan Garr: Yeah, there’s definitely similarities there, of course. What we’re trying to do though is take the headache off the consumer, away from the consumer. If you have to screen every call, if you have to look at every call, we’re probably not helping you as much as you would like. Most people want their phone not to ring. You just described how every morning you’re getting five or six of these calls. The average American is actually getting 22 calls per month based on our statistics, and that means that every day, it’s your meetings, your dinner, your time with your family, that’s being interrupted. With RoboKiller, we’re able to intercept these calls for you, block them so that you don’t actually get or have a ringing phone. So I think it’s better than a screener from that perspective ’cause we’re taking that piece of it out of your hands. But what’s neat about RoboKiller is that we’re actually answering those calls in the background. So after we block those calls, that call gets forwarded to our servers. Your phone’s not busy, it’s not taking up your minutes, but that phone call from the scammers now go into one of our answer bots and answer bots are robots of our own that actually talk back to the spammers and waste their time, which is incredibly fun, can be hilarious.

08:58 Ethan Garr: And the conversations between the spammers and the answer bots are recorded, so you can listen to them, you can share them with your friends, and you can actually get a little bit of revenge, which we think is important. I think enough people have had enough of getting their lives interrupted by these calls. If you think about it, at 5.6 billion robo calls a month, this has really reached epidemic proportions, it’s not just a minor problem, it’s a gigantic problem. And sure, for most of us, it’s the annoyance and the interruption. And that’s bad enough, but at the worst iteration of this, people are having their entire wealth stolen from them. The elderly, they’re losing, their identities are being stolen, their pockets are being picked. Sometimes these scams result in hundreds of thousands of dollars in loss and someone has to do something about it, someone has to get in the way. And I think most people have had the experience, they’ve had a long day and they get that call and they pick it up and it’s just another… It’s so frustrating they start screaming back at the tele-​marketer.

10:00 Ethan Garr: This is a great way to do that. You can create your own answer bot, and that answer bot will take every spammers call who calls you and waste their time. And last month, we estimate, we stole 113,000 hours of spammers time ’cause the answer bots are smart. They actually know how to press one or press nine to get to the human being. So they’re a great tool in this fight.

[music]

10:23 Aaron Ross Powell: It seems like why isn’t this happening on the carriers end? So, AT&T or Verizon gets much more call volume than I assume you guys do because it requires, in order to use your service, I have to download the app and install it. And only a fraction of people who have an iPhone, have Robocaller installed. So why is this up to start-​ups like you and not happening at the carrier level?

10:52 Ethan Garr: So it’s a great question. I think, typically, people look at this problem and they want the government or carriers to solve it. They’re constantly complaining to the FCC and the FTC. I think it’s the largest complaints… Largest block of complaints they get are about robo calls and telemarketing calls, and people are constantly complaining to their carriers and saying, “Hey, we want you to solve this problem for us,” but it’s not an easy problem to solve. There’s a couple of things. One is there is no switch to flip off spoofing, and if you did, you’d have a gigantic problem ’cause spoofing isn’t only used for nefarious purposes. Every time you call a, many businesses that use what are called PBX phone systems, hosted phone systems, they use spoofing so that you see a consistent number from that business. If you could turn off spoofing, which you can’t, it would break all of those systems tomorrow. So it’s not an easy problem to solve from that perspective. Also, our phone network has developed over a couple of, over 100 years, and every call goes through many hops between you and me. So if I’m on AT&T and you’re on T-​Mobile, it may go through seven or eight hops before it goes from here to Washington, DC.

12:10 Ethan Garr: And in that process, a lot of things can happen to that call and caller ID can be changed and it can be misused as it is. So it’s a hard problem to solve, and there’s always a question as to how eager the carriers are to solve it because to some degree, they do get paid to connect calls. So there’s a question as to how motivated they are to take out that part of their income. They’ll argue that the cost of servicing all these calls, the clogging of the network makes it so that they would love to get rid of them. But I don’t know if the truth is somewhere in between. The government is limited in what they can do. Many of these calls are originating overseas, so even if the FCC or FTC have jurisdiction over those calls, it’s very hard for them to enforce, I mean, two guys sitting in a room in Malaysia making phony IRS phone calls, that would be very hard for law enforcement to tackle. So, ultimately, I think it comes down to, you have a technology problem and you’re looking for technological solutions, to that problem. For us, it was actually the government that got us into this fight.

13:15 Ethan Garr: So TelTech has been, we’ve been making privacy and security apps for several years and we’re always looking to help people solve these problems on their mobile phones, whether it was with TrapCall our product, we’re able to help people solve the problem of block call harassment. We have a product called TapeACall that allows you to record calls on your iPhone. So we’ve always been in, sort of in this game, but about four years ago, the FTC held a competition called Robocalls: Humanity Strikes Back, which we participated in, and we actually won, and I think it was…

13:49 Paul Matzko: Cool movie title.

13:51 Ethan Garr: Yeah. And I think the FTC very, very smartly said, “Look this is a problem that legislation and enforcement alone is not going to tackle”. So they said, “How do we get technology people involved?” and they put out a $25,000 prize and it got people like us excited about solving that problem. And at first we looked at it as, “Oh there’s this technology audio fingerprinting. We think we could use it to solve this problem,” we got excited about the innovation side of it, but very quickly we learned just how serious the problem is and how it was affecting people’s lives every day. It wasn’t just the harassment, it wasn’t just the annoyance it really was impacting people’s lives, very negatively. And we said, “Let’s try to tackle that” and then we got excited about and passionate about it, and now it’s really the focus of our business. We have about 80 people who are really passionate and concerned about the robo-​call problem and we’re looking to solve it and make our algorithms better everyday.

[music]

14:52 Paul Matzko: Now that we’ve had a chance to discuss the robo-​call phenomenon and the possible solutions to it, Aaron and I thought we bring in Will Duffield to join us to discuss some of the precedents for how to handle robo calls specifically the deluge of email spam that hit American inboxes in the mid to late 90s and early aughts. There’s a lot of panic about what to do about this spam, the law proposed responses and yet email spam has became a much more manageable problem since.

[music]

15:24 Will Duffield: When we speak about the decline of spam, the fact that the problem was solved vis-​a-​vis email for the most part, we also need to look to the law and the fact that in a case called Cyber Promotions v America Online, AOL’s ability to screen spam was legally challenged, and then upheld by the courts. This, we might call them a direct mail advertising firm, we might call them a spammer… A group called Cyber Promotions alleged that in filtering its emails out of their network, AOL was acting like a state actor, is exercising the municipal powers or public services, traditionally provided by the state and sought to bring it back to Marysville Alabama, the old company town, case. Now it seems laughable today to think that you’d receive an AOL CD in the mail, put it into your computer and suddenly by interacting with this find yourself living in some kind of company town. But it was important that the law clarified this.

16:40 Paul Matzko: So why does the company town ruling matter what was banned for company towns?

16:45 Will Duffield: Well, company towns were essentially treated as state actors for First Amendment purposes. So, while they were private towns, they still couldn’t, say, prevent you from receiving certain mail or preventing someone from walking around to proselytize perhaps. There were different standards and restrictions.

17:10 Paul Matzko: And so, if AOL’s a company town, they… Same thing, they can’t…

[overlapping conversation]

17:15 Will Duffield: Well, if they’re a state actor for First Amendment purposes, then they can’t be filtering mail and this case, now applies to some extent sets case law for how we treat platforms ability to moderate speech.

17:31 Aaron Ross Powell: This was an instance where there was a problem. Spam was a big problem that made at times, email, feel unusable and it was getting in the way of a revolutionary technology that we make gripe about a lot now as we are, just our inboxes fill and filled with stuff that we don’t get around to responding to and whatnot, but I mean email changed the world, and lots of people when the things were getting bad, less people calling, “Well we need laws to fix this, we need criminal penalties, we need state methods to solve this problem.”

18:08 Will Duffield: But what the state could do was provide clarity.

18:10 Aaron Ross Powell: Right but this is an instance where basically what the state did was got out of the way. It said… It, said like, “No look this is…

18:17 Will Duffield: And committed to getting out of the way.

18:19 Aaron Ross Powell: We can let people innovate, in this area. We’re not going to hold them to this particular set of standards. We’re gonna let technology happen and technology happened and in a decade, decade and a half, we had basically solved this extraordinary problem, and it was all through just tech and innovation and not, “We’re going to criminally punish spammers, we’re going to sue people, we’re gonna set up laws,” which would not have solved the problem at all.

18:47 Paul Matzko: The historical perspective is this shift, and I think this happened in the 80s, and 90s, for variety of reasons, from an understanding of corporations as primarily thinking of them as extensions of the public will that the reason why a corporation exists is to promote the public interest and in that sense, they should have a tight relationship with government authority with regulators. So, a railroad isn’t just a company trying to make money. No, it’s providing transportation for the public… Common wheel for the public good, and it needs to be tightly regulated by government agency that will set how much they can charge and will determine where routes can go and can’t go, and it’s a very different way about thinking about companies where as opposed to how we started thinking about companies and digital companies in the online revolution in Silicon Valley. So it’s not just the 90s story but the idea of companies as things not that serve the public interest per se, they might they’ll produce things that serve the public interest, but they do. So by trying to make profit off of coming up with cool new disruptive ideas, it’s a different way of thinking about corporate innovation and I think that also played role here as well.

20:09 Paul Matzko: So they said with the internet, hands off, I mean there’s a variety of laws, the Internet Tax Freedom Act, the Telecommunications Act and Communication Decency Act of the 90s. There’s rulings like the one you’re talking about, Will, for AOL where the government said we’re gonna let them experiment and do what they will, and we got some good things out of that and other things we fixed, we fixed the email spam problem. Even today, my understanding is that over half of all emails sent are spam, they just don’t show up in your inbox anymore.

20:39 Aaron Ross Powell: Right? So it’s a problem in the sense that this is costing it’s traffic and it would be nice if so much of the pipes weren’t tied up with a series of tubes, it weren’t tied up with spam but the real cost of spam was me having to filter it and that’s that problem has been alleviated.

20:56 Paul Matzko: So, let’s apply that kind of thinking to robo-​calls where do we see that same kind of… Where do we see the bad reasoning? There’s people who over reacted to spam problem called for bad solutions but then there’s also the actual solutions that worked. Where do you see that happening in the robo-​call space?

21:14 Will Duffield: I am for, I guess greater deterrence-​oriented solutions. I’d like to see a private right of action kind of revived when it comes to…

21:25 Paul Matzko: What does that mean?

21:27 Will Duffield: Well, there’s the idea that when someone hits you with these spam calls, especially when they’re disguising where they’re coming from, they’re pretending to be your neighbor, when they aren’t, they’re often engaged in outright fraud in terms of the sorts of products or claims they’re making to you and often prey upon the mentally infirm and weak in that respect. They’re preventing you from using this wonderful piece of technology that you carry around. Obviously, it’s not just a phone anymore, but that was its original stated purpose. You can call people on it, you can expect that when someone’s calling you, they are who they seem to be, for the most part, but when you’re getting 10, 20 spoofed spam calls a day, you really just can’t trust that phone function of your phone anymore. And traditionally, within the common law, we’ve had a tort called trespass to chattels, chattels being your property, some possession of yours, and these are trespasses that don’t amount to a full taking but prevent you for making use of something you own.

22:46 Aaron Ross Powell: So does this then… Does the hardness of this problem? And there are other reasons why blocking robo calls has been a problem, too, but it’s a more difficult problem. Does the difficulty of that problem then? And the super irritating nature of it, because in some ways, it’s… We get… Over the course of a day, you get fewer robo calls, then like I used to get spam, in my inbox, but the robo-​calls are more disruptive because they’re ringing and I have to look and answer them and they’re interrupting me, whereas my email, I can just… If I don’t check it all day, then I might have a bunch of stuff, but it’s on my terms.

23:24 Will Duffield: And you don’t have to pick to receive each individual email.

23:27 Aaron Ross Powell: Right.

23:28 Will Duffield: So, receiving spam wont then discourage you from receiving other emails in general, the way it does when it comes to picking up your phone.

23:36 Aaron Ross Powell: Yes. So my question is, does these additional problems with robo calls, the difficulty of filtering them and their disruptiveness. And so they kind of become more and more irritating, does that mean that we are more susceptible to jumping into heavy-​handed, state solutions. Because it’s harder for the tech to solve this problem? So even these robo-​call blockers, you read the reviews of them and they work. And I have one installed on my phone It works fairly well, but it’s not… Its success rate is no where near Gmail spam filter success rate that we will rush into things because we just can’t take it anymore. Is this a problem where it solves itself? Not by… Not even by technological changes in the way that we get phone calls, but that we just simply stop getting phone calls that I don’t get…

24:33 Paul Matzko: It’s all void.

24:34 Aaron Ross Powell: I can place voice… Yeah, I can place voice calls through Telegram, I can place voice calls. Can you through WhatsApp? I don’t use WhatsApp, I’m not that hip. But through all of these messaging services you can do it through Facebook Messenger, and we don’t get spam through those because those have rules in place. This might be one of these issues, and we see issues like this where everyone is just convinced like, “Oh my God, there’s this problem and we gotta try to fix it within the sphere that it’s happening, but it eventually gets solved because we just kind of that sphere, just declines in significant so much that we’re not really concerned about it anymore, and we’re in a new sphere where things work better.

25:13 Paul Matzko: But it’s kind of sad though because there is still… There are people who want to use their phones as phones to take voice and they’re not, because of the clogging going on by robo-​calls. So you’re not wrong. People are solving it by taking fewer calls from any number I don’t recognize, I don’t take it.

25:31 Will Duffield: On Aaron’s kind of broader technological switch-​over point. I think that holds true but at the same time, during that last phase the issue or problem posed by phone spamming is exacerbated because only those left in the phone pool at that point are going to be those probably most susceptible to spam. The least technologically literate will be the slowest to move, and then you’ll have a target-​rich environment for spammers for a while, which seems unfortunate for those folk.

26:12 Paul Matzko: It’s like with email, late adopters, the elderly were slowest to get email accounts on average. We’re the ones who are most vulnerable to email phishing attacks and the like, right? So I think it’s a point well made. My inclination is to say, rather than just giving up on voice altogether, there are hopeful signs of changes that are coming. So right now the big carriers have been testing successfully something called, it’s around, I put it here, it’s a new protocol. So instead of VoIP, which is the standard, what is that, voice over IP. Instead of the VoIP protocol, which is what robo calls typically use, they’re doing a new one called SHAKEN/STIR. So SHAKEN/STIR is gonna replace VoIP, which your phone, every phone would have a unique authenticating certificate. The carrier would check when you make a call, that the certificate token matches an encrypted private key to make sure it’s not spoofed, it actually is that phone making the call. So when your phone buzzes, you would have some kind of check mark so the number is actually the number. It’s not, this would target spoofing, basically make spoofing harder.

27:27 Paul Matzko: That tokenization and encryption process, that’s what the internet does. SSL certification, that’s what that is. We’re just now, this new protocol is going to apply it to voice, to phones. Which raises the question of like, why have we not been… It’s crazy, like we’ve been… Our phone technology, our phone protocol is half a century out of date, functionally. It’s not up to Web 1.0, right. Even SSL keeps getting updates and there’s new protocols being introduced and developed. And again some of this goes back to an issue of government intervention creating unintended consequences. There’s been a disincentive from the FCC to update the protocol. But now the FCC is saying, “Okay, go ahead guys, you should update this. It’s okay if that, if… We’re gonna let you even potentially charge your customers more under the new protocol to reflect the cost difference of running a new protocol in this encryption system. Just do this so we can solve the spoofing problem.” So that’s hopeful. We can… Spoofing might be on the way out in the next year or two.

28:35 Will Duffield: That’s hopeful, but the other side, the spammers, they aren’t technologically static either. And particularly as natural language processing advances, right now, the spam call follows a recorded script. It might have some variation within that based upon inputs, but there are pre-​recorded phrases that are spat at you by a machine. When we look at something like Google’s latest iteration of its voice assistant, that sort of technology deployed as the payload of a spam call. Some algorithm designed to deceive and get you to make the buy, give your credit card information, whatever is set as its goal, particularly if they have some information about you that can be fed into it to make it sound realistic. A pressing call from your sister’s physician, something like that, we can imagine it doing a lot of damage. The kind of concerning thing about voice in general, is that by the time you receive it, the payload has been delivered. It’s not like you need to click one link further. That information is spooled out over the course of the call. So I want to be hopeful, but I am concerned that the other side will just up its game.

30:09 Paul Matzko: Well that’s all we have time for today. Until next week, try not to answer any phone calls from numbers you don’t recognize on your phone. And until next week’s episode be well. Thanks for listening. Building tomorrow is produced by Tess Terrible. If you enjoy Building Tomorrow, please subscribe to us on iTunes or wherever you get your podcasts. If you’d like to learn more about libertarianism, find this on the web at www​.lib​er​tar​i​an​ism​.org.