Is the (PSTN) phone system a dead man walking?

So in the last day I’ve talked to colleagues one-on-one on Slack, I’ve had meetings with customers using Google Hangouts, talked to some friends and family via WhatsApp — and I’ve had several junk calls come into my PSTN cell phone (that I sometimes answer and sometimes ignore).

Anyone else on trend here? Messaging apps mostly eliminate spam and blow away the quality available over even phone network calls (yes even VoLTE).

How do you talk to your family and friends? What’s the best channel you use to communicate with colleagues and customers?

Is it PSTN (Public Switched Telephone Network) phone really?

The Fix Is In

People keep asking me when “they” are going to fix this junk call thing.

Although it may not be what you’re looking for, in my opinion the fix is in — catch up.

While the legacy concept of PSTN is attractive in that “public good, international standard, regulated” type of way. The nail is already in the coffin.

Old School CallerID Box

The 1990s called — they want their technology back.

There are some options, you can apply spam blocking technology at the network level (ask your cellular provider) or with an app (think Hiya) — but ultimately this is problematic.

It’s not possible to use the same methods that (barely work) with email to fix something as temporal as a phone call.

Noone is going to sit on hold for up to 30 days waiting for you to fish them out of your junk folder.

At least with email we’ve got optional authentication methods (this is me!) that mostly work.

For real though, the government is going to do something right?

I’ve talked to people about this before, and they always insist “Someone will fix this.”

Of course, that “someone” ultimately can only be the FCC and despite assurances that they’re working on a “Framework” — all they’ve really done is recommend that NANPA (the industry body in charge of these things) look into it (July 2017).

Here are some totally out of context excerpts from the latest NANPA working group status report:

“it will not be technologically feasible to implement the standard in a uniform timeframe throughout the industry.”

No rush please, we’ve already got our 10-year deployment lifecycle.

“Mandates should be unnecessary as service providers voluntarily implement SHAKEN/STIR consistent with technologically pragmatic timelines”

Yeah and don’t tell us what to do, we’re on it, sorta.

“As a complementary measure, the Commission should establish a categorical exemption for small providers”

And remember we’re not going to fix caller id everywhere.

“The SHAKEN/STIR framework will not “solve” illegal caller ID spoofing”

Don’t get upset when our solution doesn’t _really_ solve the problem.

FCC Source: Call Authentication Trust Anchor: Selection of Governance Authority and Timely Deployment of SHAKEN/STIR

Right, so status quo then right?

Now the FCC has been kicking around the idea of enforcing authentication on caller id for about two decades.

Phreakers (phone hackers) have been having fun here since the early 1990s, but over the early 2000’s the swatting (prank calls to emergency services) phenomenon became a widespread issue that has resulted in multiple fatalities.

Wheeler (Obama era FCC Chair) tried to form industry consensus on how to fix this issue, but ultimately industry just couldn’t care less — so short of an act of congress (ha-ha) we can’t really make them (carriers) do anything.

In fact, spammers have had the technology to fake caller id for a really long time, it’s the degradation of regulatory authority here that has led to our current crisis.

Enter Pai

Around the time Pai announced it wasn’t really the FCC’s job to regulate internet communications (so go bother someone else like the FTC or Congress) — he issued a not very strongly worded message to NANPA (the industry association in charge of coordinating this type of stuff).

“Go figure out something” prompting the aforementioned “okay, eventually, but we won’t work too hard at it” response I cited above.

If you read the FCC’s website you’d be lured into believing there’s a solution just around the corner. But dig a little further you find out it has not even been decided who’s going to be in charge of caller id authentication, we’re still in the nascent bureaucratic “we’re thinking about the problem” stage.

It’s late 2018 (over a year from the “strongly worded call to action”) and latest word is:

The FCC asked NANPA who established a working group who recommended a “Governance Authority” of 10-15 board members that have not yet been selected to represent the industry who isn’t very interested in resolving a problem to govern the deployment of a technology that isn’t expected to stop fake caller id spam.

RIP PSTN

So I don’t exactly have a crystal ball — but it’s obvious that we’re only going to be increasing dependence on alternative communications channels over time.

The telcos who made nice premiums on per minute billing to pay for their capital network investments no longer care now that they’re giving it away flat rate.

Telcos are now in the business of selling data network access, and while they have to give away voice calls for free for competitive reasons, they can charge for data. AND the FCC just gave them the green light to charge _more_ for good data (this if the FCC has their way in telling the states they can’t have net neutrality either).

My question is this:

Will anyone use PSTN in 10 years now that half of PSTN calls are scams or spam and you can’t trust anyone’s identity

If we all continue to use alternative methods will there be any legit PSTN traffic left?

Do you answer your phone calls when they ring every time?

Do you let them go to voicemail?

I don’t see the ingredients for a prompt fix materializing anytime soon.

RIP PSTN.

Matthew Fisch, career information technology veteran and Founder of FortMesa (a cybersecurity software firm) can be reached on Google Hangouts at [email protected] or WhatsApp at +1 518 444 4181.