On Thursday, May 16, 2024 6:18 PM, Brandon Martin wrote:
On 5/16/24 16:05, Josh Luthman wrote:
The FCC has spent the last several years hounding us voice providers over spam calls. They've implemented laws. They have required us to do paperwork. Have they been successful in that task?
Now do you think they're going to properly understand what an SS7 or vulnerability is?
The FCC absolutely is going to have experts in house who know what SS7 is and who are likely aware of the basics of how it works and what vulnerabilities that might "obviously" lead to. Whether they have anyone in house who knows it in technical detail and would be able to audit it from a protocol and implementation level to come up with novel vulnerabilities or even really understand in detail how published vulnerabilities work is perhaps another matter, but they don't necessarily need that to come up with effective advisory guidelines or even mandatory regulations if they invite proper comment from the industry and review them.
I'm not so sure about the FCC or any government agency having technical experts in-house. Possibly they exist, but the chances of their voices being heard are low. Not only that, but I feel that any time an expert isn't actually working actively in their field, they quickly stop being an expert.
Regulating the phone system is not exactly a new thing for the FCC, after all.
No, it isn't. And yet, the same old problems seem to persist, primarily caused by the same companies, doing the same things they've always done. When the fines are far lower than the profits, nothing will really change. See rural call termination as an example.
I think the issue with their lack of effectiveness on spam calls is due to the comparatively small number of players in the PSTN (speaking of both classic TDM and modern IP voice-carrying and signaling networks) world allowing lots of regulatory capture. That's going to keep the FCC from issuing mandatory rules much beyond what much of the industry is on the road to implementing already to keep their customers placated.
Rules are issued and the big companies use armies of lawyers to either influence the writing of the regulations or avoid them completely. In the rare case that a fine is levied, it's negotiated down by the same armies of lawyers to the point where it has no impact on the behavior.
The Internet is at least a little different in that it is set up more as a system where every player has some degree of parity in operation regardless of their size or footprint, and the self-governance rulemaking is much more out in the open. I suspect that's why we've had some success with getting BGP security not just addressed in guidance but actually practically improved.
So, the Internet has done a better job of self-regulating than the PSTN being regulated by the FCC? It seems then that the better plan would be to not increase regulation, but decrease it.
That self-governance and openness also improves the FCC's ability to gather information and I suspect also improves the quality and relevance of official public comments that they receive.
The FCC is unfortunately ultimately a political organization. The amount and type of regulation waxes and wanes depending on which party holds the majority of chairs. It would be amazing if that wasn't the case, but it's clear that unless something changes drastically in how the org is structured, that's the reality we have to deal with. Remove politics and money from the process, and we'd see different results.
I do think the FCC should at least consider looking at SS7 security...and perhaps they should attempt to just get rid of it. It's really only relevant for legacy TDM networks at this point, from what I can tell, with essentially all modern IP voice-carrying networks instead using SIP. Maybe it's time for it to just die along with the TDM PSTN which a lot of states are essentially killing off by removing mandatory service offering, anyway.
As much as most of us would like to be 100% SIP, it's the big guys holding us back with legacy TDM networks and lata tandems. There are plenty of telcos that are completely IP-based voice within their networks, and still have to use SS7 connectivity to connect outside. When - RBOC of your choice here - won't connect via SIP, they're stuck with keeping SS7 going. It's getting better, because there are more options all the time to move away from that RBOC connectivity, but we'd have done it years ago if we'd had any cooperation from the RBOCs and tandems. Any order from the FCC to put an end date on SS7 would need to start with forcing the RBOC's and tandems to upgrade their networks to actually support SIP. Good luck with that when your lata tandem is so old and broke they're running Rockwell 3x50's. Jason Baugher, Network Operations Manager 405 Emminga Road | PO Box 217 | Golden, IL 62339-0217 P (217) 696-4411 | F (217) 696-4811 | www.adams.net<http://www.adams.net/> [Adams-Logo]<http://adams.net/> ________________________________ The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, and is intended for the use of the addressee and no one else. If you are not the intended recipient, please do not read, distribute, reproduce or use this email message (or the attachments) and notify the sender of the mistaken transmission. Thank you.