Connect with us

Privacy

Experts Warn Against Private Right to Action Laws on Data Privacy Day

If laws are robust enough and enforcement agencies are well-resourced, states should avoid implementing right to privacy action legislation.

Published

on

Jessica Rich speaking at a 2015 AdExchanger event while serving as director of the Bureau of Consumer Protection at the FTC. Photo from AdExchanger.

WASHINGTON, January 31, 2022 – Experts gathered virtually on Data Privacy Day on Thursday to revisit strategies to best hold companies accountable for the information they collect on their users.

Much of the conversations that took place on Thursday centered on the private right of action – whereby private citizens can legally pursue companies in lieu of government action. Though some experts view the practice favorably, most speakers were hesitant to support it.

“[Private right of action] has historically been used as a tool to harass businesses and create opportunities for frivolous claims,” ACT state policy associate Caleb Williamson said during a panel with the Information Technology Innovation Foundation. ACT is a trade organization that represents thousands of small tech companies and app makers.

Carl Holshouser, TechNet vice president for operations and strategic initiatives, pointed out that though the spirit of enabling private right to action may be to target big tech companies, small businesses are often caught in the crossfire and are the ones that get left paying the price. TechNet is a network of technology executives with the goal of promoting growth and innovation in the tech sector.

He acknowledged that while there can be benefits to right to action laws, they have resulted in more harm than good. “We all agree that where there is malfeasance and bad actors and consumers are harmed, there needs to be a mechanism with which to deal with that,” Holshouser said.

“But a wide private right of action leads to something that we have seen with the California privacy law. Since [2020], when it was enacted, there have been nearly 200 lawsuits that have been brought against companies who do business in California digitally but are looking at somewhere else that are mostly small businesses,” Holshouser added.

“Now, imagine if you’re a smaller startup that is in Kansas and your website reaches California. Here comes a lawyer that is suing you and says there is malfeasance, and you need to be sued and there has to be a settlement,” Holshouser continued. “This is a chilling effect on innovation and on small businesses that shows you why private right of action is too far.”

Private right of action alternatives

During an R Street event on Thursday, Jessica Rich, former Federal Trade Commission director of the Bureau of Consumer Protection, enumerated a list of items that should be employed as an alternative to right of action laws.

“If a law is strong enough in its provisions – in terms of protecting consumers plus the FTC is given adequate enforcement authority and resources plus the state and [attorneys general] can enforce that [law] – maybe you are making it less necessary to have a private right of action,” Rich said.

“Another solution that I am seeing in some legislation is that in addition to state agencies being able to enforce the law, other agencies in the state with jurisdiction over privacy,” Rich continued. “[They] could enforce the law, which could include more local agencies, and as long as they’re enforcing those same laws and the same standards, there could be that could even cover the field even more without me for a private right of action.”

Reporter Ben Kahn is a graduate of University of Baltimore and the National Journalism Center. His work has appeared in Washington Jewish Week and The Center Square, among other publications. He he covered almost every beat at Broadband Breakfast.

Expert Opinion

Dmitry Sumin: What to Do About Flash Calls, the New SMS Replacement

Why are flash calls on the rise and how do operators handle them to maximize revenue?

Published

on

The author of this Expert Opinion is Dmitry Sumin, AB Handshake Corporation Head of Products

Chances are you’ve received several flash calls this week when registering for a new app or verifying a transaction. Flash calls are almost instantly dropped calls that deliver one-time passcodes to users, verifying their phone numbers and actions. Many prominent apps and companies, such as Viber, Telegram, WhatsApp, and TikTok, use flash calls as a cheaper, faster, and more user-friendly alternative to application-to-person SMS.

With the flash call volume expected to increase 25-fold from 2022 to 2026, from five to 130 billion, it’s no wonder they’re a hot topic in the telecom industry.

But what’s the problem, you may ask?

The problem is that there is currently no way for operators to bill zero-duration calls. This means operators don’t make any termination revenue from flash calls, which overload networks. What’s more, operators lose SMS termination revenues as businesses switch to flash calls. SMS business messaging accounts for up to five percent of total operator-billed revenue in 2021, so you can see the scale of potential revenue losses for operators. 

In this article, I’ll discuss why flash calls are on the rise, why it’s difficult to detect and monetize them, and what operators can do about this.

Why are flash calls overtaking SMS passcodes?

Previously, application-to-person SMS was a popular way to deliver one-time passwords. But enterprises and communication service providers are increasingly switching to flash calls because they have several disruptive advantages over SMS.

First and foremost, flash calls are considerably cheaper than SMS, sometimes costing up to eight times less. Cost of delivery is, of course, a prime concern for apps and enterprises.

Second, flash calls ensure smooth user interaction, which boosts user satisfaction and retention. On Androids, mobile apps automatically extract flash call passcodes. This makes the two-factor authentication process fast and frictionless. In comparison, SMS passcodes require users to read the SMS and sometimes insert the code manually.

Third, on average flash calls reach users within 15 seconds, while SMS sometimes take 20 seconds or longer. The delivery speed of flash calls also improves the user experience.

The problem: Flash calls erode operators’ SMS revenues

While offering notable advantages for apps, flash call service providers, and end users, flash calls create numerous challenges for operators and transit carriers.

As we discussed before, flash calls erode operators’ SMS revenues because much of the new flash call traffic will be shifted away from current SMS business messaging. The issue is only going to become more pressing as the volume of flash calls grows.

So from the operator’s standpoint, flash calls reduce revenue, disrupt relations with interconnect partners, and overload networks. However, there is still no industry consensus on how to handle flash calls: block them like spam and fraudulent traffic or find a monetization model for this verification channel, like for application-to-person SMS.

Accurate detection of flash calls is a challenge

The first crucial step that gives operators the upper hand is accurately detecting flash calls.

This is difficult because operators have no way of discerning legitimate verification flash calls from fraud schemes that rely on drop calls, such as wangiri. The wangiri fraud scheme uses instantly dropped calls to trick users into calling back premium rate numbers. In addition, flash calls need to be distinguished from genuine missed calls placed by customers.

The problem is that even advanced AI-powered fraud management systems struggle to accurately differentiate between various zero-duration calls. The task requires AI engines to be trained on large volumes of relevant traffic coupled with analysis of hundreds of specific call parameters.

Dedicated anti-fraud solutions are the answer

There are only a few solutions on the market that are capable of accurately distinguishing flash calls from other zero-duration calls. Dedicated fraud management vendors have made progress on this difficult task.

The highest accuracy of flash call detection now available on the market is 99.92 percent. Such tools allow operators to precisely determine the ranges from which flash calls are sent. As a result, operators can make an informed decision on how to treat flash calls to maximize revenue and can proactively negotiate with flash call providers.

Flash call detection creates new opportunities

Our team estimates that flash calls make up to four percent of Tier one operators’ international voice traffic. Without accurate detection and a billing strategy, this portion of traffic overloads operators’ networks and offers no revenue. However, with proper detection flash calls offer a new business opportunity.

Now is a crucial time for operators to start implementing flash call detection into their system and capitalize on the trend.

There are a few anti-fraud solutions on the market that give operators all the necessary information to negotiate a billing agreement with a flash call provider. Once an agreement has been reached, all flash calls coming from this provider will be monetized, much like SMS.

All flash calls not covered by agreements can be blocked automatically. This will help to restore SMS revenues. Once a flash call has been blocked, subscribers will most likely receive an SMS passcode sent as a fallback.

Moreover, modern solutions don’t affect any legitimate traffic because they only block selected ranges. This also helps to prevent revenue loss.

Essentially, the choice of how to handle flash calls comes down to each operator. However, without a powerful anti-fraud solution capable of accurately detecting flash calls in real time, it’s nearly impossible to monetize flash calls effectively and develop a billing strategy.

Dmitry Sumin is the Head of Products at the AB Handshake Corporation. He has more than 15 years of experience in international roaming, interconnect and fraud management. Since graduating from Moscow State University, he has worked for both vendors and network operators in the MVNO and telecommunications market. This piece is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Cybersecurity

FCC Halts Authorization of Equipment That Threatens National Security

The FCC’s order prevents future authorizations of equipment on the commission’s “Covered List” of national security threats.

Published

on

Photo of FCC Commissioner Brendan Carr

WASHINGTON, November 28, 2022 – The Federal Communications Commission published Friday a modification of certification rules that will bar from United States markets technologies that are considered threats to national security.

The commission’s action seeks to prevent Chinese tech companies deemed to be national security threats – such as Huawei and ZTE – from gathering data on and surveilling American citizens. The Chinese Communist government can force, under law, private companies to hand over data from their products, thus putting Americans at risk, experts and government officials have said.

Friday’s action bars the commission from issuing further authorizations for covered technologies, without which those technologies may not be imported to or marketed in the United States. The action also closes loopholes that would allow certain products to skirt the authorization process.

“That does not make any sense,” said FCC Chairwoman Jessica Rosenworcel in a statement. “After all, there is little benefit in having these lists and these bans in place just to leave open other opportunities for this equipment to be present in our networks. So today we are taking action to align our equipment authorization procedures with the rest of our national security policies.”

The FCC already publishes a list of entities and products, on the advice of Public Safety and Homeland Security,  that pose national security risks. The commission has long shown skepticism toward such risky technologies, notably disallowing the use of universal service funds to buy certain products in 2019.

The rule covers many types of equipment, including base stations, phones, cameras, and Wi-Fi routers.

With this decision, the FCC has fulfilled a congressional mandate to enact a moratorium on equipment on the covered list within 12 months. The statute followed a notice of proposed rulemaking it issued last year.

Congress in 2017 forbade the Department of Defense from using telecommunications equipment or services from Huawei or ZTE. Building on that effort, Congress the next year expanded prohibitions on federal use of technology from those companies and three others. In 2019, in response to concerns over the integrity of communications networks and supply chains, the White House declared a national emergency.

In March 2020, then-President Donald Trump signed into law the Secure Networks Act, requiring the FCC to prohibit the use of moneys it administers for the acquisition of designated communications equipment. The act promoted the removal of existing compromised equipment through a reimbursement program – called Rip and Replace – and further directed the commission to create and maintain the covered list.

FCC Commissioner Brendan Carr, outspoken on national security issues, celebrated Friday’s decision, but called for further action.

“We must also vigilantly monitor compliance with the rules we’ve established today, including by ensuring that entities do not make an end run around our decision by ‘white labeling’ covered gear – a process that involves putting a benign or front group’s name on equipment that would otherwise be subject to our prohibitions,” Carr said in a statement.

Rosenworcel said in her statement that the order covers “re-branded or ‘white label’ equipment that is developed for the marketplace. In other words, this approach is comprehensive.”

Carr also once again called for federal action against TikTok, the Chinese built social media app. The video-sharing app gathers extensive data on users, and despite protestations to the contrary, the platform routinely feeds Americans’ information to the Chinese government, reports say.

“Secure networks mean little if insecure applications are allowed to run, sweep up much of the same sensitive data, and send it back to Beijing,” Carr said.

Continue Reading

Robocall

FCC Cracks Down on Straight-to-Voicemail Robocalls

The commission’s ruling follows a notice of inquiry the agency approved last month.

Published

on

Photoillustration of a mobile phone, used with permission

WASHINGTON, November 21, 2022 – The Federal Communications Commission on Monday took another step to combat telephone spammers by ruling that straight-to-voicemail robocalls are “call(s)” under the 1991 Telephone Consumer Protection Act and will be subject to the law’s consumer protections.

According to the TCPA, before any call using an automatic dialing system or artificial or prerecorded voice is made to a wireless number, the recipient must provide affirmative consent. In 2017, All About the Message – the owner of a proprietary ringless, straight-to-voicemail calling software – petitioned the FCC to allow its software to operate outside of TCPA’s constraints. After the FCC received more than 8,000 comments and replies on the matter, nearly all opposing the petition, All About the Message sought to withdraw its request.

The FCC pushed forward, nonetheless. “Because the Petition drew substantial attention from commenters and members of Congress, and the applicability of the TCPA to ringless voicemail technology has been the subject of considerable recent litigation,” Monday’s ruling read, “We believe this declaratory ruling is necessary to resolve a controversy and remove uncertainty about ringless voicemail.”

“Imagine finding robocallers leaving junk voicemails on your phone without it ever having rung.” said FCC ChairwomanJessica Rosenworcel. “It’s annoying and it’s happening to too many of us.  Today we’re taking action to ensure these deceptive practices don’t find a way around our robocall rules and into consumers’ inboxes.”

The FCC’s ruling follows an anti-robocall notice of inquiry the agency approved last month. The commission is exploring how best to crack down on illegal robocalls occurring over non–internet protocol networks, which are technologically incompatible with the prevailing STIR/SHAKEN protocol.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending