Telephone is a Dead Man Walking
Matthew Fisch, CISSP
Founder ? FortMesa ?? I help MSPs build cyber business by owning their customer’s security roadmap.
Is the (PSTN) phone system a dead man walking?
So in the last day I’ve talked to colleagues one-on-one on Slack, I’ve had meetings with customers using Google Hangouts, talked to some friends and family via WhatsApp — and I’ve had several junk calls come into my PSTN cell phone (that I sometimes answer and sometimes ignore).
Anyone else on trend here? Messaging apps mostly eliminate spam and blow away the quality available over even phone network calls (yes even VoLTE).
How do you talk to your family and friends? What’s the best channel you use to communicate with colleagues and customers?
Is it PSTN (Public Switched Telephone Network) phone really?
The Fix Is In
People keep asking me when “they” are going to fix this junk call thing.
Although it may not be what you’re looking for, in my opinion the fix is in — catch up.
While the legacy concept of PSTN is attractive in that “public good, international standard, regulated” type of way. The nail is already in the coffin.
There are some options, you can apply spam blocking technology at the network level (ask your cellular provider) or with an app (think Hiya) — but ultimately this is problematic.
It’s not possible to use the same methods that (barely work) with email to fix something as temporal as a phone call.
Noone is going to sit on hold for up to 30 days waiting for you to fish them out of your junk folder.
At least with email we’ve got optional authentication methods (this is me!) that mostly work.
For real though, the government is going to do something right?
I’ve talked to people about this before, and they always insist “Someone will fix this.”
Of course, that “someone” ultimately can only be the FCC and despite assurances that they’re working on a “Framework” — all they’ve really done is recommend that NANPA (the industry body in charge of these things) look into it (July 2017).
Here are some totally out of context excerpts from the latest NANPA working group status report:
“it will not be technologically feasible to implement the standard in a uniform timeframe throughout the industry.”
No rush please, we’ve already got our 10-year deployment lifecycle.
“Mandates should be unnecessary as service providers voluntarily implement SHAKEN/STIR consistent with technologically pragmatic timelines”
Yeah and don’t tell us what to do, we’re on it, sorta.
“As a complementary measure, the Commission should establish a categorical exemption for small providers”
And remember we’re not going to fix caller id everywhere.
“The SHAKEN/STIR framework will not “solve” illegal caller ID spoofing”
Don’t get upset when our solution doesn’t _really_ solve the problem.
Right, so status quo then right?
Now the FCC has been kicking around the idea of enforcing authentication on caller id for about two decades.
Phreakers (phone hackers) have been having fun here since the early 1990s, but over the early 2000’s the swatting (prank calls to emergency services) phenomenon became a widespread issue that has resulted in multiple fatalities.
Wheeler (Obama era FCC Chair) tried to form industry consensus on how to fix this issue, but ultimately industry just couldn’t care less — so short of an act of congress (ha-ha) we can’t really make them (carriers) do anything.
In fact, spammers have had the technology to fake caller id for a really long time, it’s the degradation of regulatory authority here that has led to our current crisis.
Enter Pai
Around the time Pai announced it wasn’t really the FCC’s job to regulate internet communications (so go bother someone else like the FTC or Congress) — he issued a not very strongly worded message to NANPA (the industry association in charge of coordinating this type of stuff).
“Go figure out something” prompting the aforementioned “okay, eventually, but we won’t work too hard at it” response I cited above.
If you read the FCC’s website you’d be lured into believing there’s a solution just around the corner. But dig a little further you find out it has not even been decided who’s going to be in charge of caller id authentication, we’re still in the nascent bureaucratic “we’re thinking about the problem” stage.
It’s late 2018 (over a year from the “strongly worded call to action”) and latest word is:
The FCC asked NANPA who established a working group who recommended a “Governance Authority” of 10-15 board members that have not yet been selected to represent the industry who isn’t very interested in resolving a problem to govern the deployment of a technology that isn’t expected to stop fake caller id spam.
RIP PSTN
So I don’t exactly have a crystal ball — but it’s obvious that we’re only going to be increasing dependence on alternative communications channels over time.
The telcos who made nice premiums on per minute billing to pay for their capital network investments no longer care now that they’re giving it away flat rate.
Telcos are now in the business of selling data network access, and while they have to give away voice calls for free for competitive reasons, they can charge for data. AND the FCC just gave them the green light to charge _more_ for good data (this if the FCC has their way in telling the states they can’t have net neutrality either).
Parting Questions
- Will anyone use PSTN in 10 years now that half of PSTN calls are scams or spam and you can’t trust anyone’s identity?
- If we all continue to use alternative methods will there be any legit PSTN traffic left?
- Do you answer your phone calls when they ring every time?
- Do you let them go to voicemail?
I don’t see the ingredients for a prompt fix materializing anytime soon.
RIP PSTN.
Matthew Fisch, is a career information technology veteran and founder of FortMesa (stop your cyber risk).
He can be reached on Google Hangouts at [email protected] or WhatsApp at +1 518 444 4181. More at blog.mfisch.com/ .
Chief Marketing Officer | Product MVP Expert | Cyber Security Enthusiast | @ GITEX DUBAI in October
1 年Matthew, thanks for sharing!
Software Engineer - All opinions are my own and do not reflect those of my employer or colleagues.
5 年PSTN has the advantage HAM radio has. It's a pretty easy to deploy fallback. Though if you have HAM, who needs PSTN?
E2E Testing | Test Management
5 年PSTN is more powerful than folk think in THIS day and age.......?? PSTN ——> mobile network operator ——-> SS7 ———> Valhalla in (some) OSCP circles!! Remembering the days of using a Coke can ring pull to spoof DT commands down a phone line!!! And WHERE do you think THAT little sequence of events would lead if Hiscox (or someone equally proficient) got their hands on it! PSTN is massive, both Regulatory and underdeveloped infrastructures (around the world) points of view and means it’s (PSTN) going nowhere anytime soon. Opo’s will patch/etc. which will leave various cyber holes . PSTN still a major backbone in some (still to be) developing countries! ??
Author/Telecom Analyst / Consultant, Real Estate Advisor
5 年I reluctantly agree with this but I do think the PTSN lifeline will have a very long, and expensive tail - think about copper cables. Cu has been obsolete since the '80s and yet it is still being placed. I really think we will ultimately have a highly modified PTSN that is entirely wireless - 5G or later. I've worked in this area now for well over 5 decades and it is hard to think of all that investment, talent and technology as obsolete, but I don't answer our land line either. Clif
HVAC Sales at Cottam Heating and Air Conditioning
5 年Great read and I agree. Almost everyone these days simply lets unknown numbers go to voicemail first due to so many spoof calls and telemarketers.