Geneva, Switzerland, 2 June 2014 Collaborative policy development at M3AAWG VTASIG and LAP DNC Hein Dries-Ziekenheiner VIGILO ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014)
Geneva, Switzerland, 2 June Introduction VIGILO M3AAWG (Mobile Messaging Malware Anti Abuse Workgroup) LAP (London Action Plan)
Geneva, Switzerland, 2 June VTASIG Formed out of M3AAWG membership Larger (North American, European carriers, ISPs, Senders) In co-operation with LAP (especially DNC group) Text book definition: public private partnership
Geneva, Switzerland, 2 June VTASIG Goal: bring down complaints on Voip abuse Robocalls Illegal telemarketing Fraud Policy development for three phases: Short term Mid term Long term
Geneva, Switzerland, 2 June Short term *50 -> CDRs to regulator Next hop Find Originator of abuse (enforcement) Charge back? Agency determines applicability Consumer Carrier “Charges Back” upstream carriers VoIP, Cable-Co, Telco and OTT must adhere to abuse reporting standard Honeypots Trace back (P-ANI)
Charge-Back Model *50 M3AAWG 30th General Meeting | San Francisco, February 2014 ConsumerMiscreantVoIP Provider International Carrier Telco / Cable Co Initiates *50 Agencies Regulators Agencies Regulators CDR Sharing Charge Back Bad CDR’s $10/call $12/call $15 / Call $5/call Charge Back In or Out of Band Abuse Reporting / Billing
Geneva, Switzerland, 2 June (P)Honey Pots Goal: gather intelligence using honey pots Currently: large data set gathered from TNs that were abandoned for abuse CDRs of incoming calls(+1) CRTC Working on receiving regular numbers from telco’s (more +1) Georgia Tech: currently working on data to gather information and actionable intelligence
Geneva, Switzerland, 2 June Honey Pots
Geneva, Switzerland, 2 June Honey Pots
Geneva, Switzerland, 2 June Mid term Do Not Call list Abuse from outside SS7 network Intended mostly for VOIP->SS7 gateways Compares CgPN to list of “Do not Spoof” (SS7 based consumer) numbers
Mid Term User initiated blocking? Taking away legal/regulatory barriers Geneva, Switzerland, 2 June
Mid Term RFC 3325 P-Asserted-Identity PAI Header for carriers to assert identiy (CID) of user Also for privacy options Creates a Trusted domain Subject to common spec(T) Could even work in hybrid networks (SS7/VOIP with SS7/ISUP trust bits) Geneva, Switzerland, 2 June
Mid Term Geneva, Switzerland, 2 June
Mid Term User initiated blocking? Taking away legal/regulatory barriers Geneva, Switzerland, 2 June
Geneva, Switzerland, 2 June Long term STIR Others will present on this M3AAWG/LAP follow development Consider implications
Geneva, Switzerland, 2 June Conclusions and recommendations No silver bullet International co- operation (PPP) required National level: keep eye out for complaint levels..And respond with Best Practices defined internationally For regulators: join LAP Industry: join M3AAWG Together:VTASIG Brussels, Montreal, Boston, SF Further info: