It was reported that the secretive NSA, the organization within the Federal Government responsible for collecting and analyzing "Signals Intelligence", was receiving a record of every single phone call made from or to a telephone serviced by the Verizon telephone company for a period of three months. It is since come out that this is a routine procedure. The authorization for the NSA to sweep up this information from Verizon must be renewed every three months. So the specific authorization leaked is one of a series of standard authorizations issued routinely every three months. And it appears that similar requests are made every three months to all the other telephone companies too. So apparently the NSA has a record of every phone call made to or from a U.S. phone number for a period of years.
This revelation is very troubling. Yet it has been coupled with other revelations. It appears that the intelligence community has ways (the details are still being argued about) of getting access to the text of emails, web search histories, pictures, all kinds of web postings (like private blog postings), and other "content" information. It may also be that the actual contents of phone conversations (e.g. if they used Skype or if a leg of the conversation transited an IP phone link) may be available some or all of the time. The official stance of the security services is that spying only takes place if there is a foreigner on one or both ends. But much of the legal opinions, court proceedings, rules and procedures, etc. are top secret. As an example the FBI can issue something called a "National Security Letter". The recipient of one of these is directed to provide all kinds of personal and private information. They are also required to keep the National Security Letter itself a secret. So the target of one of these letters can't even find out that he is the target of the letter, let alone whether the justification for issuing the letter in the first place is valid.
So you can't find out what's going on because it is secret. You can't find out if whoever did it acted legally or properly according to the appropriate laws and regulations because when and how the laws and regulations are applied is secret. In fact, you can't even find out what the laws and regulations say because even that is secret. This situation is correctly described as Kafkaesque (after actions described in a novel called "The Trial" written by Franz Kafka and first published in 1925). The primary legal foundation for these activities lies with a law called the "USA PATRIOT Act" (originally passed in 2001 shortly after 9/11 and reauthorized and updated a couple of times since) and the "FISA Amendments Act" (one of a series of laws relating to "FISA" courts, this specific one was originally passed in 2008 and reauthorized with minor modifications in 2012). The provisions authorized in these laws essentially eviscerate the Fourth Amendment to the U.S. Constitution ("The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"). I think that major provisions of both acts are completely unconstitutional. But what do I know? As I have remarked elsewhere, (http://sigma5.blogspot.com/2013/01/second-amendment-rights.html), the Constitution means what the Supreme Court says the Constitution means.
And here I am refighting a fight that has been going on at least since the PATRIOT act was first passed. The fact that Congress has chosen by big bipartisan margins to authorize and reauthorize these laws in spite of the many people who agree with me means that it is old news that I am on the wrong side of this argument. In fact, these new revelations have been greeted widely with a reaction of "no big deal" by large segments of the general population, legislators, and the media. So what I want to do instead is move on to an issue that is peripheral to the recent revelations but central to the whole issue of Malicious Phone Calls.
One of the big problems with dealing with "Rachel" and her ilk is the problem of tracing the call. I date back a while. I remember old movies and TV shows where the cops were trying to trace a phone call, say in a kidnapping situation. Back in the old days it would take a couple of minutes to trace a call so if the bad guy hung up quickly enough the cops were foiled. Things progressed to the point where in the movie "Three Days of the Condor" (1975) our hero had to wire together a bunch of pay phones in phone booths (kids: ask your parents if you don't know what I am talking about) to avoid having his calls traced. Theoretically, tracing a call is now a simple and instantaneous process. You just get Caller ID and it tells you what the caller's phone number is. But the "Rachel" people have been able to block (no caller ID shown) or "spoof" (cause a bogus number to be displayed) Caller ID so it doesn't work. I didn't really know how to get around this. So I came up with the complicated plan described in the "FCC" post.
But a detail in the recent NSA revelations indicates that call tracing information is available after the call is completed. Apparently Verizon ships the call data to the NSA about a day after the calls happen. And I am confident that the data the NSA gets includes the real originator of the call. If the bad guys could just block or spoof Caller ID then they would and the data would do the NSA no good. What this means is that in the hunt for "Rachel" nothing has to be done while the call is still in progress. And all the Rachel types have an "instant hangup" device so they can and will cut the call off any time they want. But they can no longer beat the "trace" by just doing an instant hangup. This ability to get usable trace data after the call is over makes everything much simpler.
Having gotten this far, my next thought was to use a telephone "star" code. You know those star-this and star-that codes that do interesting things. For instance, if you dial "*69" it will dial back the person whose call you just missed. Or in the old dial up modem days we would add a "*70" on the front of phone numbers so that your computer session would not be disrupted by a "call waiting" announcement. My thought was to add a new standard star code so that you could report a Rachel call after it ended. But it turns out there is a standard list. You can find it in Wikipedia (where else) in an article titled "Vertical service codes". And we don't have to add a new code. "*57" is defined as "Malicious Caller Identification". "*57" is also sometimes referred to as "MCT - Malicious Call Trace" or, even better, "CAMCT - Caller Activated Malicious Call Trace". This code is perfect for our purposes.
I had never heard of "*57" before so I suspect few people know about it. That leads me to believe its implementation is spotty and inconsistent. But I really don't know. So, on the theory that it is spottily or inconsistently implemented, here's my plan for how it should be implemented:
Basic version
All telephone companies would be required to implement "*57". Whenever a customer received a Malicious call that call would eventually come to an end. After the call ended the customer would, using the same phone line, pick up the handset, get a dial tone, then dial "*57". (On cell phones the user would enter "*57" then hit the "dial" button.) The phone system would recognize the code. This would cause the phone system to locate the call record for the previous call to the same line and instantly forward it to the FCC. The record would be tagged with the phone number of the line that had entered the "*57".
Over time the FCC would accumulate a database of Malicious calls. The call originator would be easily identified. If an originator accumulated a sufficient number of malicious calls then the FCC would investigate and act accordingly. The telephone business is a business. This means that someone "owns" every phone number in the sense that some phone company bills someone for every "in use" phone number. The Malicious call origination data should be aggregated by the person or company that owns the number the call originates from. If I own a thousand numbers then all the Malicious calls that originate from any of those thousand numbers should be bundled together. This would take care of the situation where a Malicious caller distributes the originating numbers over a large group so that no single number stands out. To discourage misbehavior by the phone companies the FCC should allocate Malicious calls from numbers where the owner can't easily be determined to the phone company that controls the number.
This basic version would go a long ways toward a fix to the problem. But more could easily be done.
Advanced version
This would work like the basic version but in addition the caller would be automatically connected to the FCC. We are all familiar with how complex automated answering systems can be so by "FCC" I really mean an automated answering system managed by the FCC. This automated answering system could collect additional data by running the customer down an "answer tree". Here are some ideas for what data could be collected:
- Was the caller an individual or a company?
- Was the call associated with a police related matter (e.g. violation of a "no contact" order)?
- Should the information from this call be made available to law enforcement (e.g. authorization to release the information to law enforcement without requiring a search warrant)?
- Was the call associated with a potential scam (e.g. "Rachel")?
- Was it an annoying but probably not illegal call (e.g. survey or charitable solicitation)?
- Did the call appear to be a prank or annoying call rather than a serious threat?
- Does the caller wish to remain anonymous or can the reporter's billing information be forwarded to the FCC?
- Does the caller want to leave a voice message with additional information ("This is a "Rachel" call" or "This is a call from my ex-husband Frank")?
With the advanced version it would be possible for a person who received a threatening call from someone under a "no contact" order to "*57" at then end of the call, select the "release the data to law enforcement" option, hang up, then call 911. The 911 operator could then query the FCC database through a "law enforcement" portal and be immediately shown the call information of the released call. I don't know what the current procedure is for these situations but I can't imagine it operates as smoothly, efficiently, or potentially effectively as the scenario I have outlined.
In the case of "Rachel" calls the current procedure is to go to the FCC web site and fill out an online complaint form. But "Rachel" has spoofed or blocked the caller ID, if it is available. And when you get through to a person they do not provide you with the name or contact information of the "Rachel" people. So you don't have the information the FCC needs most to be able to effectively deal with these people. You have to leave key entries in the complaint form blank or enter "don't know".
My "Rachel" calls started years ago. They kind of reached a steady state where I would get a "Rachel" call perhaps once per week. Then the FCC filed suit against 5 "Rachel" companies and things went blissfully quiet for a few months. Then they started back up. Only now besides "Rachel" I get calls from people who want to clean my ducts or drapes or carpets or something else. All these calls are completely illegal. But the people behind these calls know it is extremely unlikely that they will ever be caught. And if they are caught they will receive a slap on the wrist and they can open up again in a few days under a different name. So I now get more of these kinds of calls than ever. And I also get tons of "survey" calls, "political" calls, charitable solicitation calls, and other legal or quasi-legal but quite annoying calls. Its worse than ever.
No comments:
Post a Comment