September 23, 2020

Unwanted Calls and Spam on VoIP

Fred Cohen is predicting that VoIP will bring with it a flood of unsolicited commercial phone calls. (VoIP, or “Voice over Internet Protocol,” systems deliver telephone-like service, making connections via the Internet rather than using the wires of the plain old telephone system.) Cohen argues that VoIP will drive down the cost of international calling to nearly zero, thereby making international telemarketing calls very cheap. He also argues that small overseas call centers will violate the U.S. Do Not Call List with impunity.

This comes on top of concerns about SPIT, or Spam over Internet Telephony. SPIT sends machine-generated voice calls to the phones or voicemail boxes of VoIP users; Cohen worries about VoIP-mediated calls from live people. In a previous article about SPIT, VoIP vendors argue, unconvincingly, that they can handle the SPIT problem.

The root cause of this problem is the same as for email spam. Whenever a communication technology (1) allows anybody to communicate with anybody else, (2) at very low cost, unsolicited and unwanted communication will be a problem. We saw it with spam, and now we’ll see it with SPIT and VoIP telemarketing.

End-users can try to protect themselves from VoIP annoyances by using some of the same methods used against email spam. Whitelists (lists of trusted people), blacklists (lists of suspected spammers), challenge-response, and ultimately even automatic classification and filtering of voice messages, all seem likely to be tried at some point in the future. But as with email spam, don’t expect them to solve the problem, but only to reduce the annoyance level somewhat.

An even more interesting question is whether service providers can address the problem, perhaps by ejecting bad actors from their networks. This depends on how a particular network is structured. Some networks are closely controlled; these will have some chance of ejecting villains. Some networks rely on open protocols, so that nobody is in a position of control – the villains will just connect to the network as they please, and perhaps reconnect periodically under new names. Things get more challenging when different networks connect to each other, so that their legitimate clients can talk to each other. If a closed network connects to an open one, villains on the open network may be able to reach customers of the closed network, despite the best efforts of the closed network’s administrator.

Can’t we just use closed networks instead of open ones? If only it were so simple. Open networks have important advantages over closed ones; and many people will choose open networks because of these advantages, and in spite of the possibly heavier spam load on open networks. They may well be right to make that choice.

Because all of this calling will be done on the Internet, an open and tremendously flexible network, there are many creative attacks on these problems. For example, an open authentication infrastructure might provide a kind of CallerID service for VoIP, or even a certification of non-spammerness. Expect the technological battle to go on for years.


  1. SPIT?
    I’m also concerned about PAE (promiscuous acronym explosion.)
    – PB

  2. Because all of this calling will be done on the Internet, an open and tremendously flexible network, there are many creative attacks on these problems.

    Great spin, Ed! “Because of the marvellous openness and flexibility of the Internet, the imagination is free to run wild, inventing new and creative ways to combat the hellish chaos unleashed by the marvellous openness and flexibility of the Internet.”

    You’re absolutely right, of course, that some people will choose cheap, freewheeling, crappy VoIP service over (relatively) expensive, well-regulated, reliable POTS. And I certainly wouldn’t want to interfere with anyone who makes that choice. But I hope and expect that the operators of today’s telephone services will know better than to open up their networks to the kind of nonsense that plagues Internet users. I don’t see why it should be too hard to protect against–all the phone companies have to do is subject VoIP gateways to the same charging structure and usage rules as apply to normal telephone lines.

  3. VoIP may be crappy now, but it probably won’t stay that way. There are significant incentives to improve it directly, and also as a byproduct of other services.

    I think that VoIP will make it easier to prove a violation by a company that is using a telemarketer, and to fine that vendor. The telemarketer may be anywhere, but the vendor is almost guarenteed to be in my home country.

    A number not on my whitelist hits my PC. The caller is warned that I am a “do not call number” and that I don’t accept telemarketing calls. If a telemarketer choses to use the override, I have a complete copy of the call on my PC. I can send it to the FTC with a mouse click. It is the vendor, not the telemarketer who is responsible for the violation.

    The “do not call” registry in place in the US is working fairly well. And this is under circumstances where an errant vendor has little to fear from prosecution. So far only two cases have gone to settled fines. They are not going after small violators.

    I believe VoIP calls screened by a PC or other smart device can work better than the system we have now.

  4. M, when you send your complaint to the FTC and it turns out that the telemarketer is working out of Nigeria, spamming you for a company in Indonesia, how do you expect the US government to enforce a law that is null and void in those countries?

    The sad answer is, you don’t. And even if you could, they would just disappear for a day and show up under a new name.

    Perhaps the real answer is to go after the people who purchase anything from spam. Make it a nice fine, say, $50,000US. Then have a few high-profile busts and … okay, time to wake up. 🙂