Reform FCC Regulations to require Mandatory Registration of all phone numbers to reduce Spam, Swatting, Phishing, and Unsolicited Telemarketing Calls

I am writing to urge Congress to address the growing epidemic of spam calls, Swatting, phishing scams, and unsolicited telemarketing that plague American citizens daily. These intrusive and often fraudulent communications not only erode public trust in our telecommunications systems but also result in significant financial losses and wasted time. To restore accountability and protect everyday Americans, I propose a bold yet practical overhaul of the Federal Communications Commission’s (FCC) current requirements.

Specifically, I recommend the following reforms:

1. Mandatory Registration of Phone Numbers to Verified Individuals: Require all phone numbers—whether issued by traditional carriers, VoIP providers, or other services—to be registered to an identifiable human being. This would eliminate the anonymity that enables scammers and telemarketers to operate with impunity, ensuring that every call can be traced back to a real person accountable for their actions.

2. Elimination of Caller ID Spoofing: Prohibit the use of technologies that allow callers to mask or falsify their originating number. Spoofing undermines trust in legitimate communications and facilitates fraud. By mandating that all calls display accurate, registered caller information, we can deter bad actors and empower citizens to make informed decisions about answering calls.

3. Enhanced Enforcement and Penalties: Strengthen FCC enforcement mechanisms to swiftly identify and penalize violators of these new requirements. Robust fines and, where applicable, criminal charges should be levied against individuals or entities that exploit our telecommunications infrastructure for fraud or harassment.

The benefits of these changes would be transformative. By tying phone numbers to real people and eliminating spoofing, we can drastically reduce fraudulent schemes that prey on vulnerable populations, such as the elderly, and curb the billions of dollars lost annually to phone-based scams. Moreover, reducing the volume of unwanted calls would free up countless hours for American workers and families, boosting productivity and quality of life.

I recognize that implementing these reforms may require updates to existing telecommunications frameworks and coordination with service providers. However, the technology to verify identities and block spoofed calls already exists—Congress need only mandate its universal adoption. This is a common-sense solution to a pervasive problem, one that prioritizes the security and well-being of everyday citizens over the interests of bad actors.

I respectfully request that you champion this cause by introducing or supporting legislation to enact these changes. Americans deserve a telecommunications system that works for them, not against them. Thank you for your time and consideration—I am eager to see Congress take decisive action on this pressing issue.

I am a telecommunications engineer, and much of what you are calling for is already in force by the FCC.

While they are not registered with the FCC, they are registered with the phone carriers. I manage 10’s of thousands of numbers for my employer, and we can’t just use a number at random.

Every carrier has to register with the FCC, so there is an audit trail of each operator, and there is a central database that shows what carrier holds what numbers.

Likewise every US based telemarketer has to register with the FTC, including what numbers they are calling from (for robocalling), there are strict rules for compliance including when they can call, Do Not Call lists, etc.

The FCC adopted a regulation in 2020 called “STIR/SHAKEN”. It is a multi-part methodology that is now being enforced to reduce SPAM and unsolicited telemarketers -

First, a carrier is not to allow a call to originate on their network unless the caller ID is verified being assigned/registered to the originating customer.

Second, it “signs” the call with a certificate to attest that it passed that verification. These certificates are issued by the FCC as part of their registration, and remain attached to every call as it passes through the network (creating a trail of where the call went)

If the call comes from outside the US, the “gateway” that accepts the call must attest that it is “unverified” from outside the country, and “sign” it accordingly.

As calls go from carrier to carrier, each carrier looks at the “signed” certificates and applies a level of “trust” to the previous carrier.

When the call reaches the called parties carrier, the “signed” certificates are evaluated again, and the carrier may reject the call if it is below a defined threshold - meaning your phone never rings. If it’s unsure, you may see on your phone “Scam Risk” (or similar) show on your phone.

Many of the “bad actors” originating the calls are from outside the US, and thus beyond the reach of US laws. The FCC has an enforcement mechanism built into “STIR/SHAKEN” just for that reason.

The FCC will notify a “gateway” of calls entering the US network that are clear violations, and give the “gateway” operator a short period of time to stop that traffic, if the “gateway” fails to respond in a timely manner, they will proceed to issuing fines.

If that still does not bring the “gateway” into compliance, the FCC will order all of the carriers that accept traffic from that “gateway” to disconnect the “gateway” from the US network. The “gateway’s” certificate is invalidated and their authorization to operate is revoked (including the individuals that are part of the registration). The individuals that operated the “gateway” are therefore blacklisted and can not just go and register a new “gateway” under a new business name and resume operating).

There have already been several of these “gateways” taken offline, and that has had a significant impact of the volume of spam and unsolicited telemarketers in the last 18 months (but alas some of the players are getting around the blacklist by creating new “gateways” under other people’s names - but given time they’ll run out of relatives (and money) and they’ll be gone for good).

The next big change as part of the next phase is “Do Not Originate”, where registered phone numbers are looked up when a call is placed to see if the point of origin is authorized to send that caller ID, if not the calls are blocked (this is aimed at the [Insert Government Agency] calling you and threaten arrest unless you pay them in gift cards, but I suspect it will be expanded as part of the fight against Swatting).

This is a fantastic reply. Thank you for taking the time to educate me and others!

I too appreciate your insight on what’s supposed to be happening.
The problem is, it’s not working, or the carriers are not enforcing it. When I asked the phone company to trace a caller for me, a caller who used my parent’s phone number as their ID, I was informed they could not trace it and that “spoofing” is required to be allowed in order to protect its use by law enforcement in domestic violence cases. Thus, any call center can legally spoof, use a random number generation technique to prevent being blocked by us victims.

Daniel, those are valid concerns, but I’m going to break them down one by one:

It is working, and the volume of spam is decreasing. The enforcement mechanisms are clear that if a carrier (“gateway” or otherwise) is non-compliant and ordered to be disconnected from the rest of the US network, then all of the “peer” providers must do so, or risk facing their own disconnect order for non-compliance (not to mention hefty fines).

Recently: https://docs.fcc.gov/public/attachments/DOC-408083A1.pdf
(Yes, 2,400 - it’s a huge problem, so it takes time to pursuit the providers and give them time to come into compliance)

Sure, there’s still room for improvement, as the operators of that spam have the financial resources to make it lucrative for players to try and circumvent blocks, but over time those paths will be cut.

Tracing calls is not easy, and can really only be done while in progress. Likewise, there’s a good possibility that the call may have gone through multiple carriers (phone companies) and it’s even possible your parent’s phone company never handled the call.

While I can trace a call digitally from where it enters my network to the end user in mere moments, it takes engaging resources at the carriers that I interconnect with to trace it and so on (thus the human element takes the most time tracing a call).

The movies make it look easy in typical Hollywood fashion, but it’s anything but. Here’s a couple of videos from the Connections Museum in Seattle doing tracing on equipment that was in common use up until the 1980’s:

Part 1: https://youtu.be/4qG5-NntLwA?si=FjYyJ3L7Vn8VCS47
Part 2: https://youtu.be/WuLrhJ5jETg?si=SeFp4yNhyfXwRr1B

That statement is partially true. Law enforcement have special phone lines that allow them to “reverse 911” and present any number they need to in an attempt to get the called party to answer. Many times this is used by officers working a case that needs to reach a victim or other resource but don’t want to share their direct mobile number (the dispatchers will “patch” the call between the two). Otherwise callers can restrict the presentation of caller ID, but the carriers will still have visibility to the number and the STIR/SHAKEN certification discussed in my earlier post can still be verified - only the called party will see something like “Private Number”.

In the US, outbound call centers (the ones that call you) are required to register with the FTC under the “Telephone Consumer Protection Act” (or “TCPA”). As part of that registration, the call center has to identify every possible caller ID they are going to send when making these calls (a mortgage company I used to work for had registered several hundred numbers with the FTC for this purpose) and they also have to prove ownership of those numbers.

The carrier I connect to also keeps us honest. If I register 212-555-0123 (not a real number in New York City) as my number with the FTC, and if you call that number you got my call center, then we’re good. If I all of as sudden started sending a caller ID of 415-555-0147 (also not a real number in San Francisco) my carrier would reject the call, saying I’m not authorized to use that number, as I don’t “own” it.

The problem as it exists right now is (as I stated in my earlier post) most of the “bad actors” that are doing the spoofing are originating from outside the United States (there’s a significant underground industry in parts of India that runs a good portion of them, but they also come from other parts of the world as well). Obviously anyone outside the United States is not required to comply with our laws. That’s why STIR/SHAKEN is being used from the point the call enters the US.

Calls that enter the US are not facing the same scrutiny that calls originating in the US face with the originating caller ID. That should change with the “Do Not Originate” requirement, which says if they present a caller ID from somewhere other than where its expected, the call should be rejected (so a non-US caller presenting a US caller ID should be blocked).