Phone security for Canadians: taking too long

They keep coming, day after day, those calls from scammers and spoofers looking to steal our money, identity, or otherwise cause you and I and millions of other Canadians anxiety, hardship, and grief.

I’ve been increasingly bothered by scammer phone calls since I became a senior. Most days I get at least one, sometimes two or more. My caller ID display now often shows a three-digit prefix indicating a local call, making it more likely people will pick up and answer. I fell for that a few days ago: without giving myself a moment to think, I answered the call on my cell phone. Big mistake? I still don’t know for sure.

But one thing I am quite sure of, based on my own instincts, it was a scam/spoofer call of some sort, and it was trying to exploit the ongoing Covid-19 crisis.

The robocall message said, “This is a test. Stay home. Stay home and stay safe.” That was all.

I was immediately suspicious. I did not think for one moment the local public health unit or the Ontario government were calling to check if I was following Covid-19-related protective guidelines, including to stay home.

But I had no idea what harm I might have done by simply answering the call, except perhaps to confirm I was indeed at home. And then I made what may have been my biggest mistake: I tried to call the number back and got the recorded message, “the number you have dialed is not in service, please hang up and try again.”

And that just led to more anxiety. Was that what it was about? By calling back had I facilitated the takeover of my cell phone and laptop computer via a ‘spoofing’ bug implanted in the phone. I had a ‘smart phone’ briefly for a few weeks last month. But I stopped using it to access the internet via a ‘hotspot’ and went back to a simple cell phone. Still, the not-knowing fed growing anxiety.

I called Rogers, my cell-phone provider, to ask if they could block such nuisance/scamming calls. A pleasant enough chat agent told me there was nothing Rogers could do. I asked the agent to pass on my concerns to higher ups about the need for Rogers to find a way block such calls. “People are being victimized,” I said.

I visited the Canadian Anti-Fraud Centre (CAFC) website. I saw a prominent notice saying they were having “ongoing technical issues and you may experience difficulties reporting online or reaching the CAFC by phone. We are currently working to resolve the issue.” Good heavens, I wondered, have they been hacked. I did manage to get through by phone, but finally gave up waiting. So far, my search for reassuring information wasn’t finding any.

Therein lies a big problem: a lot of us of a certain age especially are in the proverbial dark, and nowhere near as computer-savvy as our children and grandchildren. And so, we are vulnerable, and need understandable information to help us navigate the new and fast-changing world in which we live. That perplexing fraudulent call I got has led me to the realization that, not just seniors, but the Canadian public in general are being badly let down in the regard.

I decided to take my search to Canada’s national regulatory agency, the Canadian Radio-Television and Telecommunications Commission (CRTC) to find out what they’re doing about the problem of fraudulent nuisance calls. And that’s where it really got interesting, and revealing:

Yes, the CRTC website is a treasure-trove of information if you know how to dig for it. That’s where my journalism experience came in handy as I discovered the Commission, and Canada’s telecommunication service providers (TSPs) have been spinning their wheels for more than a decade on the fraudulent call file. I was amazed at the number of times the CRTC has threatened the TSPs with “further action” as time after time the Commission extended deadlines for the providers to do something, anything. Most recently, that has included implementing a system called STIR/SHAKEN developed by experts in the U.S. and the U.K for blocking fraudulent calls.

On Sept. 15, 2020, the CRTC for the second time extended the implementation date for TSPs to begin using STIR/SHAKEN. That was after the Commission received a letter from Rogers Communications Canada Inc. on June 29, 2020, requesting a postponement of the launch date from Sept. 30, 2020, to June 30, 2021.

The CRTC had publicly announced the Sept. 30, 2020 date on Dec. 9, 2019 with a news release that had a tone of finality and accomplishment about it. “Nuisance calls are a major irritant for many Canadians. We are committed to addressing this issue and are working with the industry and our partners to better protect consumers. The new STIR/SHAKEN framework will enable Canadians to know, before they answer the phone, whether a call is legitimate or whether it should be treated with suspicion,” said Ian Scott, the Commissions chairman and CEO.

But in its June 29, 2020 letter Rogers cited several reasons, according to a CRTC documentary record (2019-402-2). They included “the re-allocation of resources during the COVID-19 crisis, the need to renegotiate contracts with vendors and contractors and to reacquire financial capital for STIR/SHAKEN implementation after the disruption caused by the COVID-19 crisis; and the fact STIR/SHAKEN implementation in the (U.S.) is June 30, 2021, the CRTC document says.

It continues, “Quebecor Media Inc., on behalf of Videotron Ltd. (Videotron), and Shaw Communications Inc. (Shaw) filed letters supporting RCCI’s request, substantially invoking the same reasons.” It adds, “Although it also supported RCCI’s request for an extension, the Independent Telecommunications Providers Association (ITPA) submitted that the Commission should consider whether nine months is sufficient for all TSPs – especially small ones, such as ITPA members – to be able to implement STIR/SHAKEN.”

The CRTC itself cites numerous ongoing technical and other issues in its lengthy ‘determination’ before deciding “In light of all the above” to approve Rogers’ request to extend the deadline for the implementation of STIR/SHAKEN to the new, “no later than,” June 30, 2021 implementation date. The commission then adds, “The extension will apply to all TSPs.”

That of course included Bell Canada. Coincidentally, on June 9, 2020 the CRTC had approved an application from Bell and its affiliates to block certain  fraudulent and scam voice calls on a 90-day trial basis. The Commission agreed with Bell to keep some aspects of details of their methodology confidential, to guard against disclosing information that could be useful to scammers and spoofers.

The results of the Bell Canada trial-run, “pilot project” were “impressive,” a CRTC spokesperson told me in an email response to a request for more information.

“In its first 61 days, the system blocked more than 200 million fraudulent calls, said Anne Brodeur. “Bell has since filed an application to make this initiative a permanent solution—and we are assessing that application. If those early returns are any indication, this type of approach, which relies on using emerging technologies, could be an impressive new tool in Canada’s arsenal.”

Brodeur also referred to STIR/SHAKEN, describing it as “a protocol designed to restore trust in caller ID. It will allow TSPs to verify that the caller ID displayed on a phone is authentic and pass that information along to the call recipient permitting them to choose to answer the call or not,” she said, noting the current June 30, 2021 implementation date.

So, it can be done, and there is hope.

Meanwhile, however, Canadians continue to be victimized. So far this year, according to the CRTC, as of Oct. 31 there have been 42,984 reports of fraud, with 19,641 victims losing $79.5 million. The number of victims in 2019 was 19,922, and their losses, $104 million. And those are the just the scams that get reported.

Brodeur said “the growing numbers of fraudulent and scam calls continues to represent a significant threat to Canadians and we can assure you this issue is something that the Commission takes very seriously and, as indicated, is actively addressing using several different approaches.”

Yes, the shear volume of the CRTC documentary record shows a lot of time, energy and discussion has happened over the years. But more than a decade, and still counting, is far too long for Canadian agencies and telecommunication providers to come up with solutions that protect Canadians from high-tech telecommunication predators.

The old telephone system, and its first line of phone security.

6 thoughts on “Phone security for Canadians: taking too long

  1. Have you registered with the National Do Not Call List? I did that several years ago and verify each year and found it helps. We got that covid call as well. We have a cell phone but it is only used when travelling otherwise it is Amtelecom land line here in Miller Lake.

    I do agree big telecom is negligent in their security efforts and big gov is too lieniant.
    Good to hear from you again.


    • I had an Eastlink (formerly Amtelecom) until fairly recently but found I was even getting scam-spoofer calls on it. Nowadays even so-called ‘land line’ calls are transmitted via VoIP (Voice over Internet Protocol)


  2. Thanks, Phil, for your journalistic digging – not that I understood much if any of it, except that we’re pretty much on our own!. I too am totally baffled by today’s commonplace technologies, sceptical about much of it and helpless when things “happen “. I Google information and use e- mail, but that’s it. No Facebook or any other social media or Apps. No smartphone or smart anything else. How much longer one can resist is a big question.
    So I absolutely share your feeling “at risk” by doing something as simple as answering the phone!


  3. Phil,

    I would like to repost to Facebook and Twitter but the option to do that does not appear in the article.

    There is not much left to the Sun Times. Most of their articles come from other papers, and they are no longer a “daily” newspaper. You seem to be one of the few voices out there, particularly ones that are challenging or raising questions about anything local.

    Hope your “holidays” are going well,




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s