by Ross McKillop
When Ofcom announced General Condition C6, and the promise that it would ensure valid Network Numbers that could identify the origin of a call, we were pleased it signalled a potential change that could reduce spam calls (or at least make the perpetrators easier to find).
Our interpretation, and technical implementation, of the regulations ensured that any call leaving the Simwood network (irrespective of the presentation number) had a Network Number that identified us, and our customers, ensuring that any calls could be robustly traced to their origin.
We’ve seen from our own records, and calls from members of the public having seen our article about 08979 numbers, that many other CPs also embraced this, inserting 08979 numbers to ensure that the origin of the call could be identified,
These calls from individual subscribers of other mobile networks also brought to the fore how widespread the issue of networks displaying the Network Number instead of the Presentation Number erroneously by failing to comply with a 15 year old NICC standard (ND1016:2004/09) was.
Put simply every call originating from a Simwood customer could easily be traced back to Simwood. If every CP did the same thing, CLI spoofing would be a thing of the past as those responsible could be identified.
It seems, however, that Ofcom didn’t intend this use, and they have recently confirmed that their view is since all of our customers are bound by the General Conditions we shouldn’t insert an “Inserted Network Number” and it’s up to each and every PATS or PECN to provide a valid number, and we should simply include the requirements of the GCs in [our] contracts and agreements.
The newly clarified Ofcom position seems to be that CPs should allow the transmission of any ostensibly valid CLI through their network and our only obligation is to ensure it is ‘valid and dialable’.
This, of course, has the effect of defeating any certainty of the authenticity of the Network Number and potential benefits to reduce spam calling and consumer harm that our (and that shared by many industry contemporaries and friends) interpretation would have provided.
What are we changing?
Firstly, we will still require valid Caller ID on all calls.
From later this week, we will stop inserting a Network Number where the provided Caller ID is off-net, however customers can still provide the Network Number and Presentation Number separately in the P-Asserted-Identity and From headers, and we will pass these onto the PSTN or destination network unaltered, although we make no guarantees what the destination network or anyone in between will do with them.
This has been frustrating, not to mention expensive, both in terms of development time implementing a solution to comply with the guidance issued, and the support overhead it’s caused – not to mention the inconvenience some of our customers have suffered.
Worse still, new rules mean that, as CPs start to block obviously invalid CLIs, the scammers seem just to move to spoofing “valid” numbers – as a result the chances of a real number being spoofed meaning return calls go to an innocent party have also increased.
It seems that until true CLI authentication (e.g. STIR/SHAKEN, which we touched on at SimCon2) makes its way across the pond, we’re still stuck in the “Wild West” when it comes to CLI, and spoofed calls are near impossible to detect, prevent, or track.