Welcome to tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio, and how the tech are you? My tech is going bananas today. I've been having some issues with the computer I used to record episodes, and a little bit of issues with my recording equipment, so I've swapped some stuff out so that I can quickly do this because I need to troubleshoot for the rest of the day. Fix fix this so I can keep getting episodes out. But I don't want to ever leave you without an episode if I can help it. So what we're gonna do is we're actually going to listen to an episode that I originally published on July fourteenth, one called Spoofing and Color I D. And the reason I picked this is because we've had a lot of news recently here in the United States about the Federal Communication Commission, or f CC, going after telecommunications companies for allowing these sorts of activities to happen, along with the related activity of robocall practices. And of course there's nothing inherently illegal about robo calls, but there's often use of robo calls to perpetuate scams and to defraud people, and that's really a major issue, so much so that recently the f c C sent a cease and desist letter to a telecom as a service like a communications platform as a service business called Twilio. Twilio is a big deal, like it does multiple billions of dollars of business every year. So this is unlike those cases where the FCC went after some tiny, little regional telecommunications company, which some have pointed out. You know, when you squash one of those tiny companies, typically the people behind it will incorporate as a different but similar company, like in other words, they'll they'll have a new name and maybe a new address and everything, but it's the same scheme as before. This is not one of those cases. This is a much larger company, not on the scale of something like a T and T, but a big, big company. And one of the reasons that these companies get so much flak is for the allowance of these kinds of practices. So to understand what spoofing is and how that affects color I D I thought it would be good to listen to this episode from a couple of years ago, and we'll be back later this week with brand new episodes as soon as I figure out what gremlins are infecting all of my hardware. If it's not one thing, it's another. Okay, I'll chat with you at the end of this episode. So today I thought I would talk a bit about Color I D, spoofing and robo calls. Mostly color I D and spoofing robot calls, I think I'm gonna have to say for another episode. But here in the United States, the major telecommunications companies, those being Verizon, T Mobile, and A T and T now have to work together to fight spam calls due to a mandate from the Federal Communications Commission, or f c C. Now, the too Long Didn't Listen message behind this, as opposed to too Long Didn't Read, is that the goal is to eliminate spam robo calls going to your phone so that you don't act like your phone is a bomb about to go off every time it rings. But to understand why this is necessary and how it all works, we have to go much deeper. So if you, dear listener, are of a certain age, you might remember a time when we didn't all carry smartphones around with us all the time. You might even remember a time before we even carried simple cell phones with us. In fact, some of you might remember being on a telephone handset that was tethered to a phone that was mounted to the wall, or sitting on top of an end table or something. And back in those days, dear friends, if someone called you, you really had no way of knowing who that someone was. I know, it's terrifying, right the phone rings, and there's no way to know who or what is on the other side. Could it be Grandpa Joe and he's found a golden ticket. Could it be the local food bank calling to see if you'll volunteer this year. Could it be a wrong number? The only way to find out was to answer the phone, or if you were a fancy person, you might let the call go to an answering machine. Side note. The answering machine traces its history all the way back to the nineteen thirties. But when I was going up in the seventies and eighties, they were still relatively uncommon from most of the people I knew. But by the mid eighties that that had totally changed, and we started seeing commercials for like novelty answering machine outgoing messages, Yeah, I used to be a thing. There was this incredible pressure to create the perfect outgoing message to convey to those calling that you had a personality. But I digress, let's get back on track. Many answering machines would play incoming messages out loud on a loudspeaker as someone was making the message, which meant that you could use an answering machine to screen your calls, and a lot of people did so. If you had anxiety about answering the phone, you could just wait for the answering machine to activate and then see if the other person on the other end of the call was going to wait around long enough to actually leave a message after hearing You're hilarious and yet incredibly effective outgoing message. Then upon recognizing the voice, you could choose to either interrupt the machine by picking up the phone and having the call initiate, or just letting it go. Simpler times, really not that color I D wasn't a thing back then. The foundation of color i D technology has a history that dates back to the late nineteen sixties, and to really understand all this, we should take get another step back and just talk about phone calls in general, and we'll build from there. So when Alexander Graham Bell made his first call, arguably not the first call, but that's a story for another time, it was a direct line from his station to that of his assistant, Thomas Watson. There was no need to route that call anywhere. It was a straight road, if you will, from one point to another. Now, let's say we've got a group of four people, and we want to connect these four people with phone lines so they can talk to each other on the phone. We could do this directly as well. Right, A simple way to draw this out would be just draw four points as corners of a square. Uh. Those corners represent our four phone friends, and we draw straight lines from each point to each other point. So what you end up with is a square with a couple of diagonal lines crossing through the center, and boom, you've got your four person network. Each person has a direct line to each other person in the network. But as we try to add more people to a system like this, we quickly see the limitations that we face. Each new connection means we have to establish cables between that person and every other person on the network. This gets expensive and complicated and messy and unsustainable. A phone network in which every single person with a phone has a direct line with every single other person with the phone is just impossible. You wouldn't even be able to move around because of all the cables everywhere, and so an important development in the history of the telephone system was the creation of the local exchange. The local exchange is a centralized point that you dial into and then the exchange could switch on a connection between your line and the line of whomever it was you wanted to call. So in the early days of telephones, this was done with actual human beings sitting at a switchboard and manually plugging cables into complete calls from one person to another. So now rather than having direct connections with every other phone in existence, you really just needed a direct connection from your phone to an exchange. This cuts way back on the amount of cables that you need in order to create a network. Now, this works fine for local calls, like you know, within a city, everyone can connect to that one local exchange, but the word local gives us a hint that there isn't one single exchange for every phone line out there. Now local exchanges will cover a specific region, but beyond that you have other local exchanges. And to connect these exchanges together, phone companies laid out what we're called trunk lines. These are cables capable of carrying multiple phone signals simultaneously, which is a good thing too. Otherwise a single long distance call would prevent anyone else from making a similar sort of call between you know, those two specific exchanges. The networks grew organically, connecting to one another and forming what we call the public switched Telephone network or p s t N. You could look at it as a sort of hierarchy as more of the world built out phone systems. At the very bottom of this hierarchy, you had your individual landline phones the stuff and homes and offices and phone booths and stuff like that. We used to have these things called phone booths, Superman, which change in them doesn't matter. One level up from this level and you have your local exchanges, right, These are the ones that connect local calls to each other. And as I said, in the old day, this was done with human operators moving physical plugs into physical outlets to complete circuits and switch on a phone call. But didn't take long before the complexity of phone systems necessitated innovation to create automated ways of handling this. One level up from local exchanges are your trunk exchanges. The trunk exchange is to local exchanges, as local exchanges are too individual landlines. The trunk exchanges allow the various local exchanges within a country to connect to one another. A level above the trunk exchanges, you have international gateways, which interconnect the phone system of one country with other countries. Often you end up having super long cables connecting these, including cables that run under the ocean. You know, there's cables under the Atlantic that connect Europe to North America, for example. All right, so now let's get a bit more complicated by throwing cellular phones into the mix. Sell phones communicate to cell towers, which you can think of as being kind of similar to the local exchange I was talking about earlier. So cell towers are essentially antenna, and the cell phones communicate with cell towers through electromagnetic radiation, specifically radiation that falls into the microwave frequency range. But they're not the same microwaves that we use to zap our popcorn and microwave ovens. It's not that level of frequency. It's also a very low wattage that we use for cell phones now. The microwave acts as a carrier wave, and I've talked a bit about carrier waves in the past with stuff like radio signals. Each phone is using a slightly different frequency, otherwise you would run into issues with phones interfering with one another. All right, So cell phone towers are at the heart of the cells that make up a service area. One really clever thing about this approach is the handshake that happens as you move across a region. So you can be on a phone call, and you can be let's say, in a car, and you pass out of the range of one cell phone or cell tower rather and you enter into the range of another, and your call continues on as if you had a solid connection on a single cell tower the entire time. I'm gonna leave it at that, because getting into the tech of all that would really get us off course. This episode would end up being like three hours long. But maybe I'll do a full episode about how cell towers work. It is really fascinating because they have to be very careful with the frequencies they use in order to both service everyone who's within range of a specific cell tower and not interfere with anyone who's at a neighboring cell tower anyway. Connecting the towers is the Mobile Telephone Switching Office or mt s O. Each service provider has its own empty s O in regions, So if the person you're talking with is in the same region, such as like in the same city as you, and they happen to be on the same carrier, one MT s O pretty much handles every thing. The call signals go through the cell towers to one another through the m t s O, but the calls are not made directly phone to phone. It's not like your phone is acting like a radio directly with the other phone. Now, if you're calling someone who's on the other side of the country, it's a little bit different. Typically, your call would go from your phone to a cell tower, and from the cell tower to the local MT s O of your carrier, then from there to the ps TN, that big public switching telephone network, and that would then route your call to the MT s O relevant to whomever it was your calling on the other end. So even cell calls can rely upon the old phone system. Getting back to call or I D. Back in the nineteen sixties, there was an engineer named Theodore Paris Cavacos. It still is, I mean, he's still alive today. He developed a way to send electronic data over telephone lines. In one he filed and received a patent for are a quote decoding and display apparatus for groups of pulse trains end quote. This would become the basis of color i D, in which the telephone of the person making the call will send data relating to the phone number of that originating call along with the call itself, and a device on the other end on the receiveing end could get this information, decode it, and display the incoming phone number and thus identify the incoming call. Other engineers around the same time period began to develop similar technologies and approaches, and so the early days of color I D are a bit muddled, as there are numerous patents assigned to different inventors, some of which acknowledged the existence of other inventions as prior art. One of those inventors was Katsuo Hashimoto for a quote Telephone Information Displaying Device end quote. The abstract of that patent essentially lays out what we think go as color I D. So I'm going to read to you the abstract of this patent. Here he goes a calling parties telephone number displaying device, in which, while the telephone set of a subscriber is ringing in response to calling signals from a telephone exchange office, the telephone number of a calling party and information are displayed on digital display units at high speed before lifting the handset. Accordingly, the subscriber can determine whether or not he should answer the call before picking up the handset. Thus his privacy can be protected from a variety of telephone troubles such as wrong number and nuisance calls. The display is maintained as it is even if the handset is put back after the talk, but it will be cleared automatically upon reception of the next call to display the telephone number of the next calling party. When the subscriber picks up the handset to make a call, the internal circuit is automatically changed to display a telephone number dialed by him. That's it. So that patent pretty much explains that the invention would allow telephones to send and receive signals between successive ringing signals. So In other words, when the phone company isn't sending the signal to make the receiving phone ring, it could send the signal containing information about the origin of that call. And that's why if you're using a landline and you get a phone call with a system that had color I D, you would only see the I D stuff pop up after the first ring happened. The method for sending the information was a type of frequency modulation that's changing the frequency of a signal in order to encode information on it, called frequency shift keying or f s K. Applying f s K to a carrier signal alters that carrier signal in a way that can be interpreted on the other side in some manner. So in the case of color I D, that some manner is that the transmitting side can encode the phone number in that carrier way, and the receiving side can decode that carrier wave and get back at that number. FSK is used in lots of applications, not just Color I D. But for our purposes, it's just important that we know that this is the methodology that the phone companies used to transmit the info of Hey, this is the phone number that just dialed you. But this wasn't going to be a service that phone companies were going to throw in for free. No, this would be something that companies would charge for on top of the normal phone bill. Now, the story goes that the phone companies at first planned to offer this service as an audio one. So in other words, you could opt into this service and you would get a verbal alert when you picked up the phone telling you the phone number that the call originated from. UH and the phone companies were hoping to charge on a per use basis, so every time you did this you get charged a little amount. That's not how things eventually turned out. We'll get into color I D a little bit more after the break, and then we'll talk about the systems that enable spoofing. But first let's take that quick break. So, phone companies were licensing technologies to enable color I D in the nineteen seventies, but it wasn't until the mid nineteen eighties that we saw the first pilot program of color I D here in the United States. That took place in Orlando, Florida, where you know, the characters from Book of Mormon really wanted to go. And that happened back In nine four, Bell South offered a service called Touch Star, and Color i D was one of the features that you could opt into with Touch Star. It was called Custom Local Area Signaling Service, but it would become known as Color i D. Now, if you weren't around in the nineteen eighties, you might be surprised to hear that the emergence of color i D was viewed with suspicion from multiple fronts in the US. Paul piticians were asking if perhaps Color i D would violate wire tapping laws, and others were likening it to tracing a phone call, kind of like what you see in movies, where you know, the police are trying to track a specific criminal as they talk on the phone. But in fact, it was such a controversial subject that it took more than a decade for all fifty states in the US to actually adopt the technology. California held out the longest. California only incorporated color i D in nineteen twelve years after Orlando, Florida got in on it. And by the mid nineties, there was another big concern to think about, and that was privacy. We weren't quite at the same level that we are now, not by a long shot, where the average medicine has generated tons of information about themselves that can link back to them. But we were entering into an era in which certain companies were building out comprehensive databases about consumers, and so you started to see companies building out profiles or even dossiers on people. Now, if you want to be charitable, you could argue this helped those companies serve their customers more effectively. But if you want to be cynical, you could say that this gave companies more information to leverage while trying to sell goods or services to a potential customer. The truth is probably somewhere in the middle. But what concerned privacy advocates is that a business could theoretically rely on caller I D. So if someone were to call in, let's say that someone needs to talk to a customer service rep, then that rep could do a reverse phone number, look up on that call, and pull up a full profile of the person calling. And there were a lot of privacy implications that we're concerning. Actually kind of seems quaint in comparison to what we deal with today, at least if you look into how private information gets handled. These days. For that reason, tell A phone companies introduced an option to allow customers to opt into color I D blocking. Now, if you did this, it meant that your number would not be displayed when you called someone else. You were effectively blacklisted for color I D. And so you know, if I opted into this and I called you, you would probably see some sort of message like color unknown or something similar to that, which probably means you wouldn't likely pick up my call. To be fair, you probably wouldn't anyway, I'm kind of a drag to speak to on the phone. It took time for attitudes around color I D to change, but we did obviously see that happen today. For many people, including myself, we don't pick up the phone if we don't recognize the number that's displayed on our phone screen, and that means that if the call comes up as unknown or something along those lines, we're not likely to answer it. We'll probably let it go to voicemail. In fact, these days, I feel a sense of anxiety even if I do recognize the number, which is weird because I was one of those folks who back in the eighties and nineties I love to talk on the phone now it seems kind of odd. I have a small group of friends and family with whom I'll chat with on the phone, but they are truly the exception and not the rule. Anyway, Color I D made the transition from being viewed as being invasive or creepy as to being necessary in order to function as a human being in the modern technical age. And there's a related thing I should talk about quickly for folks in the United States, and that's the Calling Name presentation. That's c NAP or Color Name Delivery, that's c NAM systems. These are systems that can provide a name to go with a phone number. So with these systems, you don't just get a telephone number, you get a person or business name that is associated with that phone number. So here's how it works. In the United States. I'd say we've got two people. We've got Max and Chris. And Max is in New York and Chris is in California. What's more, Max is a T mobile customer and Chriss carrier is a T and T. And both Max and Chris are using smartphones, so they're on cellular networks. So Max calls Chris. Max's smartphone is connected to a nearby cell tower, nearby T Mobile cell tower, and that routes the call through T Mobiles M T s O in that particular region, and the empty s O then routes the call through the ps t N, the Public Switching Telephone network, and that then routes the call to the A T and T M T s O all the way out in California. That connects to a cell tower that's in Chris's area, and it sends the call to Chris's smartphone. Now it's at this stage, the A T and T stage, where we see the system call up the name. So, in other words, the name look up is on the receiver's end. It doesn't originate from the the phone that's making the call. It's all down to whichever carrier is an operation on the receiving end, and A T and T sees that Max's phone number is coming in, so it recognizes the number. But to associate that number with Max as a person that requires a database look up. And because Max is a T mobile customer not an A T and T customer, A T and T technically has to pay a very small fee called a DIP fee to look up the information and then to send that on to Chris. Then Chris sees that Max is calling and picks up, or Chris ghosts Max. I don't know what their friendship looks like, to be honest, my point being that the name associated with a phone number isn't magically connected to that number. Rather, there are these massive databases of phone customers out there, typically at the local level, and these databases match numbers two names. There's no universal database out there that has every name and every number, So phone companies have these ongoing agreements to charge these small dip fees to dip into the databases and retrieve relevant information. All right, So that's color I D and I think it's pretty easy to understand from a high level how it works. But then what about spoofing. Well, spoofing is a practice in which the number that pops up on a color I D system is not the same as the actual number making the call, And there are legitimate reasons to do this that have nothing to do with scams or crimes. So spoofing as it stands is not illegal on its own. It's only illegal if you're using spoofing to purposefully mislead or scam people. Then you can face a pretty big fine in the United States. But spoofing is just a thing, not illegal. So let me give you a scenario where it's it's allowed. Let's say that you work at an accounting firm and you're in charge of making some follow up calls relating to a specific account. Now, you have your own phone at your desk, but and your own phone actually has its own extension, you can make calls within your department, you know two, directly to your coworkers, no problem. But chances are you would rather have your outgoing calls, the ones you make outside of your company, map not to your desk's phone number, but to the number for the accounting firm as a whole. That way, anyone on the receiving end would see that it's a call coming from this big accounting company, not some unknown desk phone. You would need a way to replace your desk phone's number with the overall company's phone number. This happens all the time with big companies and doctor's offices and stuff like that, So you can probably think of lots of legitimate uses where the call going out seems to be coming from a very large, known entity rather than an individual phone located within that entity. But to make this happen, you have to have some sort of technology that does the old switcherou with the phone numbers. Now, as I mentioned earlier, color I D in the old phone system involves using f s K or frequency shift keying, to alter a carrier signal in a specific way to transmit information about a phone number in between the signals that cause the receiving phone to ring. And it turned out that if you could figure out the f s K process and build the right technology, you could build out a system that would use FSK to transmit false information, allowing you to mask the true originating number of a call and substitute in something else will let you spoof a phone number. In other words, And this again was was made on purpose eventually, like when once we got to the point where we had big companies with these kind of phone systems, it was sort of a necessity. So it's not like this was an oversight or or rather it wasn't a vulnerability. It ended up being an opportunity. But if you wanted to take advantage of it, it wasn't really easy to do. Back in the early two thousands, for example, it was actually pretty challenging. With the right hardware and software, and with a digital phone line, you could manage it, but it was beyond most people. Some big businesses used it for the purposes I mentioned earlier, but that was kind of the extent of it. Now, part of what makes this possible is a system called a private branch exchange or p b X, So this doesn't fit neatly into that hierarchy I mentioned earlier. A p b X is a telephone system that's typically within a really big organization, like a big business, And essentially what it does is it allows for an internal telephone system, that is, one that connects all the internal phones with each other or but it keeps a limited number of external phone lines that connect outward to the general you know, public switching telephone network or PSTN. So let's say we're looking at a corporation with like five thousand employees. Rather than making sure every single employee has a direct phone line to the outside world, the business chooses to set up a PBX while there's a phone at every employee's desk, and these phones can make direct calls to one another within the businesses local network. To make a call to the outside world. First, you might have to do something like dial A nine and that actually opens up one of the business is limited external phone lines. So let's say that this particular business has one hundred dedicated external phone lines, which sounds like a lot, but it's way fewer than the five thousand you would need for every single employee to have their own personal external line. As long as fewer than one hundred employees are making calls to the outside world at any given to, i'm there's not really a problem here. There are different flavors of p b X, and they date back even to when the phone system was purely running on analog signals and there were no digital signal phone lines. Today, p b X has include technologies like voice over Internet Protocol or void an I p p b X or Internet Protocol. Private branch exchange can sometimes include the ability to spoof a phone number. It can be built into the system. Sometimes it's got a very easy way to access and make these changes. You'll just have like a little online form and you can go in and you can select what you want the outgoing call number to look like. But you know, it's really handy if you want everything to look like it's coming from a major office phone number. But it's also opened up the opportunity to start a new kind of fraudulent business. One early company that try to create a business out of spoofing was founded by a dude named Jason Jepson, who launched a service called Star thirty eight dot com with start customers who from the beginning, we're supposed to be limited to people like licensed private investigators, law enforcement and debt collectors would be allowed to pay a fee and that would let them make phone calls while disguising the phone number that they were using as you know, something else. Now that the thinking was that the average person isn't keen to pick up the phone if they happen to know that there's a private investigator on the line or a debt collection agency, you know, they would rather ghost that call. So the thinking was it sure would be useful to be able to hide that information and convince the person on the other end of that that line to actually pick up the phone. So the best way to do that is to hide who you are. Start three eight dot com didn't have a long and illustrious history in its original form. Three days after he launched the service, Jepson announced he was looking to sell the business. He had received numerous threats and harassing calls and felt it was just, you know, not the right line of work for him. Other services like one called Camo Phone, you know, like camouflage, but Camo Phone, those kind of surfaced, and Star thirty eight actually did come back as a service marketed as being exclusive to law enforcement agencies, and that was really the beginning of spoofing. But when we come back, we'll talk about how spoofing really proliferated as VOIPE systems grew in popularity, and how the FCC is responding to the issue today. But first let's take another quick break. The emergence of voice over Internet protocol was one of those truly disruptive technologies. In this case, it was disrupting the telecommunications business that got you know, totally turned on its head. Because of this Voice would allow people to make phone calls using the Internet as the transmission system, essentially bypassing the phone companies in the process, at least on one end of the call. Possibly both void phones can connect to one another over the Internet and not even touch the phone system, at least not the way that normal telephone calls do. But what if someone were to use a voice system to call someone in a with a phone that's connected to the old public Switching Telephone network or ps t N. Well, any voice call connecting to the ps t N has to go through what's called a void gateway, which serves as a bridge between the two systems. See voice traffic over the Internet protocol. UH. That that's using packet switching protocols. That's what the Internet at large uses in order to send data. It divides up files into packets of information and then sends them across the network to be essentially reassembled on the other side. But this is incompatible with how phone calls are transmitted across the ps t N. It's two totally different systems. So the gateway has to decompress the digital packets from the voice call and turn it into a digital signal that then can be converted into an analog signal to cross the ps t N, which is pretty wild right. Gateways also come in different flavors. There are standalone gateways UH, then there are gateway functions that can be built into specific types of routers. H. There's also the I P P B X that I mentioned earlier. Those can act as gateways. The important part for our discussion is that many of these voice services allow users to take advantage of p b X features. Traditionally only big companies could use, including spoofing the phone number. So as void technology proliferated and as more providers began to offer up spoofing services, including ones that just they allow you to start up an account and you pay a certain amount and then from that point forward you get just have your account deducted whenever you're making calls using spoofing. This kind of of technology really allowed bad actors to see potential for spoofing numbers for malicious purposes. The goal is always to convince someone to pick up the ding dang phone, and while the popular approaches centered around spoofing is to create a number that is similar to the target number you're calling, so in other words, trying to get something within the same area code, maybe even the same phone prefix. I get this all the time with with spoofed numbers. So the idea is that if you see a number pop up on caller I D and it appears to be a local number, you're more likely to pick up the phone because you're more likely to feel that the person on the other end of that call is someone you know, or at least it's something relevant to you as how they get you. Well, it's one way. Another way is to use databases of personal information to create spear fishing attempts, though not every scammer goes to that kind of trouble, but they could attempt to spoof specific numbers that you might know, so you might think, oh, it's my auntie calling. I wonder what's up, and you answer and you find out it's not your auntie, it's a scammer. Uh. A lot of these hackers and scammers just sort of cast a very wide net to see if they catch anything. If you pick up a phone that is a catch. At that point, you might be prompted to say press a number in response to a specific direction, you know, like press two to speak with a representative. Don't do it, it's a bad idea. A lot of these are actually worked into systems where if you do a button press, it gets interpreted as an authorization for a charge, and the scammers are making money off of this, and you're getting charged through your phone company and you get these you know, fraudulent charges on your account, so don't fall for that. Um Uh, this is essentially illegal. I mean, it is illegal, but doesn't stop people from doing it because it's kind of hard to catch them. Uh. You might also get someone who's on the other end of the call and they're looking to get valuable information from you, like a bank account number or something. Obviously, is a bad idea to engage in this sort of stuff. In fact, it's bad enough that some phone companies and the FCC have argued that if you don't recognize a number, don't answer it. Think about that for a moment. This you have companies like phone companies, their business is charging customers for this inner connectivity, this ability to have communication channels open. And then they're saying, by the way, if you don't recognize the number, don't use our services, which we are charging you for. It's kind of wild, right, because you would think, if this is that big of a problem, surely there has to be some measure you can take to kind of curtail this problem. Because what you're telling me right now is that your service isn't good enough for me to rely upon all the time. Because there are people who are leveraging it to try and take advantage of me. That's not a great marketing message right now. The use of numbers that are similar to your own typically gets called neighbor spoofing or neighborhood spoofing, and it's a pretty irritating tactic. Uh. It's also possible that someone could spoof your phone number while they are calling someone else, So for them, it's going to come up on color I D that you're the person making the call, right, it's gonna be your own number, even though you're not the one doing it. It's because it's been spoofed. So the question is what do you do if that happens to you. You are not going to like the answer, because there's not much you can do other than try to explain to anyone who's calling you up angry that you're making these calls that you're not the one making the calls that are upsetting them. That's kind of difficult to get across because people are looking at their color I D and say no, I see on my idea that you are the one calling me. I'm telling you to stop, and you're might. Meanwhile, you're trying to say no, no, I promise it's not me. Someone is spoofing my phone number. Depending upon the person on the other end of the line, they might not have any idea of what that means or even know that that's possible. Now, I've had this happened to me in the past, however not on my personal phone. So many years ago, I was working at a consulting firm and I was getting calls from UH a woman who was angry that I was calling her, and I was making these crazy machine noises into her phone. Now I figured out that what was happening was that some fax machine was calling her landline as if it were another fax machine, and since her phone is not a fax machine, she was just getting that garbled electronic mass of sounds whenever she picked up the receiver. And she said that the number that was associated on color I D belonged to the company I worked for. So I had her read me the number, and sure enough, it was our office's main phone number, but it wasn't our facts number, it wasn't the number for the fax machine we had. And I even went over to our fax machine and I used a report to generate a report to that told me about all the outgoing calls that had been made, every single facts that had been sent. And this was in a day where we still facts occasionally anyway, And I checked it against this woman's number, and I saw there was no call from our facts machine going out to her number. There was nothing coming out from our office that was going to her. But it appeared as though someone had been spoofing our office's phone number for facts no less and was sending out stuff to people like this woman. And there wasn't anything I could do about it because we had nothing to do with the situation in the first place. We were victims just as she was. Someone else had picked our number to use a mask for some reason, and because the voice system they were using allowed for this kind of thing, there was really no way for us to even know who was doing it, much less stop them. It was frustrating for the woman, and it was not super great for me either, because I genuinely wanted to help her. I don't want anyone to be, you know, aggravated and harassed in this way, and that really stinks, right, I mean, if someone makes use of your number and then harasses another person, you could be left holding the bag and your defenses it wasn't me. Someone spoofed my phone number. That is pretty hard to prove to someone unless you can actually show them that your phone did not make those outgoing calls by just showing them a record of every call you've made over you know, whatever length of time. But more frequently we find ourselves on the receiving end of these calls, which I guess we should be thankful for because it's irritating, but nause irritating as being blamed for them. And the frequency of these calls have picked up the pace over the years. Now twenty twenty was actually a bit of an outlier. We saw a dip and spoofed robo calls in but in June one there were more than four billion robot calls. So it's not like that's a problem that's gonna go away. I mean, that's nearly a hundred fifty million robo calls per day. That being said, the FCC and major phone carriers are trying to fight back a bit. The f c C past a mandate actually Congress past the law that requires all the major carriers in the US, those being A T and T, Verizon Anti Mobile to comply with the rule that requires them to incorporate a technology called stir slash shaken, which is very James Bondish, you know. Now. The idea behind this is that stir slash shaken is supposed to verify that a number that pops up on color I D is in fact the number that belongs to the line that's making that phone call in the first place. In other words, it's supposed to help detect spoofing. It would mean that phone companies could filter calls and potentially block some of them, or at least label them as spam before they get to your your phone. Now, those three carriers have said that they have all enabled this technology on their own networks, which is good because the deadline for doing so was this past June je to be precise. Smaller regional carriers in the Unit States currently have a deadline of June three to implement this technology, though that could change. The FCC might step up that deadline. So what's going on with this technology? Well, first let's talk about what these names stand for. Though I suspect there's some backronym shenanigans going on here. That is that, you know, they came up with the names and then tried to figure out what they stood for as opposed to the other way around. Anyway, STIR stands for Secure Telephony Identity revisited and SHAKEN stands for secure handling of asserted information using tokens. So the Ken part of SHAKEN comes from tokens, And you cannot convince me that this wasn't some crazy backronym thing. Anyway, these two technologies work in tandem. SHAKEN is honestly just sort of a broader thing. We'll get to it. So STIR comes out of a working group of the organization i e. T F that stands for Internet Engineering Task Force. The group figured out a way to append digital signatures on a call as a means of authenticating that a call comes from a specific phone number for real zes. SHAKEN refers to the standards that service providers are supposed to follow while they're deploying STIR in their networks. So SHAKEN really is here's how you use this technology that is STIR. The protocols give three levels of attestation that carriers can assign to a call or service providers, I think is how they were that service providers can assign to a call, So full attestation means that the service provider has a call originating out of their service and they say that that call is in fact coming from a number that this particular customer is authorized to use, so, in other words, it's legit. Then you have partial a testation, and that means that the carrier has authenticated the customer making the call. They're saying, we know who is making the call. However, we cannot verify that this customer is actually authorized to use the number in question. Then there's gateway at a station, means that the service provider can authenticate where it received a call, but can't authenticate the source, can't say who for certain sent it. The information is meant to be shared between carriers so that one carrier can essentially say to another, hey, here's this call that needs to go over your network to get to your customer, but I totes can't verify that the call is legit, so it maybe suss just a heads up, and then your carrier might block the call or append to label, alerting you the end customer that the call could be spam. The way this works in practice is you've got someone making a call. Let's say it's scuzzy scumbag who's posing as a member of the Internal Revenue Service, but Scuzzy really just wants to fish personal information out of you. Scuzzy picks up the phone or more likely uses an automated robo dialer and calls your number and spoofs their own number in the process to make it seem as if it's the I r S calling you. The call goes out over Scuzzies service provider, whomever that may be. The service provider takes a look at the originating number and the source of the call to determine what level of attestation to assign to that call. Then it makes use of an authentication service to create a digital certificate that holds onto this information, then passes both the call and the certificate on so that it ultimately ends at the terminating service provider. This would be whatever service provider you use. So let's say it's like a T and T. So now it gets sent to a T and T. So a T and T. Your service provider, upon receiving this signal and digital certificate, sends the certificate to a verification service, which attempts to verify if the originating source of the call is authorized to make calls from that number it claims to be calling from. Then it returns this information to a T and T and then a T and T can either block the call or label it or pass it on to you. So this approach is not like a catch all for all robo calls and spam or even for spoofing. It's not going to put an end to it, but it is meant to help cut back on those practices. There are other companies trying to address this issue in other ways. There are companies that have blocking services that you can use. There's the Do Not Call Registry that you can be part of, and then companies like Verizon or trying something different like Verizon has introduced an updated call filter app that will send suspected spam calls that appear to have phone numbers from your area straight to voicemail. So, in other words, those neighborhoods spoofing calls would never even make your phone ring, it would go straight to your voicemail. Of course, this means that if there is someone from your region who is actually trying to call you for real, zes they might end up going straight to voicemail too. Now you can go into the apps filter settings and turn those off for specific numbers. So it's not like, you know, it's an all or nothing, but it does mean that at least in some cases, there might be more hands on work for the consumer to get everything to work out properly. Now, I think we will continue to see companies and governments really try to crack down on this practice because it's so irritating. Like the people in charge don't like it either, right, Politicians do not like robo calls and spam because it affects them too, and so we're likely to see more strides taken to try and combat it. At the same time, we'll see the people who are making use of it try and find way is around the system. So it's going to be a c saw kind of approach, and it's certainly an irritating one. So if, like me, you treat your phone like it's a way to send email and text and that's it, or maybe occasionally, you know, look at pictures of cats, then you're in good company because this approach of robocalls and spoofing has really created a an environment of distrust with our communication devices, so much so that the companies in charge of providing those services are saying yeah, kind of stinks done in it, and and say like, yeah, you should probably not pick up the phone. And again they're the ones providing the service to allow you to get calls in the first place. It's not great, but that's kind of you know how technology can be, right, It's we can create these amazing tools that open up incredible potential possibilities. But it also means that people who are looking at the system from a differ and perspective may find ways to twist it to benefit themselves at the expense of the rest of us, which again kind of stinks. So yeah, this is one of those topics where while I say I love all things tech, I don't love spoofing. I think it's uh. At best, it's misleading, and at worst it is it is predating upon vulnerable populations, which I don't think is cool at all. I hope you enjoyed that episode about spoofing and color I D I apologize once again for not having a brand new episode. I was actually working on one that was going to be a short episode. In fact, it wasn't gonna be one of those fifty minute epics. It was gonna be maybe a half hour, maybe not even that, but uh it's it's about a an invention created by one of the United States founding fathers, and because of the technical issues I've had, I haven't been able to finish it. Hopefully I'll be able to do that for Wednesday's episode because it's just a fun topic. It's a little different from what I typically cover on tech Stuff, but I thought it would be nice to get away from all the social networking platforms and all the wireless communications companies and all that kind of stuff and to to look back at something a little a little less high tech but still really intriguing. So hopefully I'll be able to get back on that once I figure out these little technical glitches, and we'll have a brand new episode on Wednesday. If you have suggestions for topics I should tackle in future episodes of tech Stuff, please reach out to me. You can do so on Twitter. The handle for the show is tech Stuff hs W, or you can download the I Heart radio app. It's free to download, free to use. You can navigate over to tech Stuff by putting it into the little search bar and you'll see a little microphone icon pop up on that page. If you use that microphone icon. You can record a voice message up to thirty seconds in length and let me know what you would like to hear in the future. And again, we'll have new episodes as soon as I get this darn computer fixed. I think my dog got on it and decided to start, you know, surfing for cat videos or something. I don't know. I'll figure it out, but until then, I'll talk to you again, really soon. Y Text Stuff is an I Heart Radio production. For more podcasts from my Heart Radio, visit the I Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.