Brazilians receive more unwanted calls than any other nationality. We discuss the reasons why with representatives of the Brazilian comms regulator, Anatel, before examining their radical plan to restore confidence in telemarketing calls.
Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.
Transcript (auto-generated)
Hello, this is the Communications Risk Show and I'm your host Eric Priezkalns. Each Wednesday we talk about the risks faced by comms providers and their customers, including interviews with experts from around the planet. It's a conversation show and you can join the conversation. Share your comments by typing into the window immediately beneath the live stream on our website at tv.commsrisk.com. Messages are anonymous, so include your name if you want me to read it out. The show is also streamed live to LinkedIn, so feel free to leave your comments over there. A member of our team will pass them along. I'll read out as many of your observations as time permits. Today we'll be showing a recorded interview with two men from the Brazilian telecoms regulator Anatel. Gustavo Borges, Superintendent of Control of Regulatory Obligations, and Sami Benakouche, Manager of Control of Regulatory Obligations, will discuss the reasons why Brazilians receive more unwanted calls than any other nationality and the country's unique plan to reverse the growth of spam telemarketing calls and restore trust in the telemarketing calls that will remain. But before we play that interview, let's chat about some other hot topics in the global communications industry with my colleagues Ed Finegold and Lee Scargill. Ed Finegold joins us from Chicago. He's a respected author, analyst, and strategic advisor to tech and telecoms businesses. Lee Scargill is in Bahrain. He's an executive and consultant who's managed the risks of communications providers in the Middle East, Europe, Caribbean, and Asia. Welcome to you both today. Now a topic that has been bugging me for a while, which finally prompted me to do some research recently, was the consistency or lack of consistency in how data protection rules are enforced in practice, even in countries that seemingly have the same rules. Now data is pretty much the same everywhere, people are pretty much the same everywhere, but data protection rules are wildly different and their enforcement wildly different from one country to another. Now one of the key concepts in the data protection legislation that began being drafted in the 90s was the rule to prevent certain abuses of personal data, which would inevitably occur if you just let people transfer data from the country to another country where different laws apply. So the idea is put in place provisions that either prohibit the transfer of the data, or only allow the transfer of data where it's a country with equivalent laws, or where there's a contract in place so you can use the contract to enforce the same requirements as the law, no matter where the data goes. Now a big history lesson, apologies not always appreciated by Americans, is that US has a demonstrably weaker data protection regime than Europe, twice leading to the European Union's top court striking down agreements between the European Commission, the top executive body of the EU, and the US government. Those agreements designed to allow the free transfer of personal data from Europe to the USA. So we know already that there's a problem at the biggest level between governments, politicians saying that they want consistent application of data protection rules between countries, and then actively working in the opposite way to try to cover up the fact that these things are inconsistent, as beautifully demonstrated by Ed Snowden, who pointed out how much personal data was being souped up by the NSA from telcos in the USA. So international consistency is key, but even within the European Union, not every GDPR fine is made public, but huge inconsistencies in who's getting fined for GDPR. And the data analysis I did a few days ago, Spain, just one of 31 countries that has GDPR, and yet it has handed out 103 separate GDPR fines to the top four Spanish telcos since GDPR began in 2018. To put that into perspective, all the other 30 countries which have GDPR, between them, have only issued 111 fines, very slightly more, across all the kinds of businesses that are active in telecoms, media, and broadcasting. Now, one small caveat, not every fine gets published by every country, but nevertheless, a lot of fines being issued to Spanish telcos, compared to the fines received by telcos in other countries. So to get the chat started here, Lee, obviously, you are Brit, but you've worked in many countries around the world. Does the issue of different data protection expectations ever cause a headache for you, or are data protection rules so weakly enforced that they never come up in practice? When the rules are enforced, are they likely to be enforced, or are you generally in a position where the laws are going to get ignored because it's so rare for any enforcement action to occur? So it's a bit of both, Eric, if I'm being honest, but yeah, I'd describe it as a lot more worse than a headache. Yeah, that would be probably describing it on a good case. But yeah, so first of all, you need to know, right, there's all different laws around the world in each different country, but then it gets a little bit more complex than that, because if you take the USA, for example, the laws tend to vary there from state to state. So the privacy laws in California, they're completely different to the laws in Colorado. So compliance can be very difficult, right, even on a country level basis, right? If there was ever a topic that needed like a globally adopted standard, then data privacy is it, right? Now, to answer the second part of your question, you said, you know, from my experience, like, it's the enforcement of these laws, right, especially in countries outside of the EU, outside the EU, right, that's relatively, from my experience, is non-existent. I've seen so many violations of data privacy around the world, right? So unless you have a desire from the government or from international regulators to enforce it, then nothing happens. But that's the problem, Eric, right? There is no single authority that enforces privacy laws worldwide. So in a way, it's not a headache for you, because as a professional who works for a big business that handles a lot of personal data, you're not getting hit a lot. But as a consumer, as somebody who uses phones, you're aware that you're not being protected either. Yeah, you're right. I mean, we still have to comply, although there might not be a single authority out there, we have to comply at the end of the day. But as a user, then yeah, I mean, it's bad news that your private data, your personal data is just being bandied around on insecure servers, and they're not being, you know, your data is not being looked after responsibly. Now, Ed, apologies here that I have to talk about the USA being the big bad of the data protection world. But it is, because the tech industry is so driven from the USA. There is a movement, I appreciate there's a movement in the USA to implement some laws in the style of GDPR. But there's also a lot of resistance to those laws in the USA. And, you know, this is very problematic for how we manage data globally, including in the telecoms industry, because so much data ends up being processed in the USA. There's so many businesses based in the USA, there's so much capacity to process data in the USA. But the rules, the enforcement regime are considered weak compared to those find in Europe. And attempts, as I say, to authorize the flow of data between Europe and the US, one can sympathize with the European activists who are very worried about their data, personal data being transferred to the USA. There's been a whole host of cases involving companies like Facebook, for example, where there's been a lot of criticism that personal data will be abused if it's allowed to go to the USA. Do you expect, Ed, that US citizens will ever force meaningful change within the USA? Or would you advise, Peter, the inhabitants of other countries to always be wary about having their personal data transferred to the USA, where it's scrutinized and potentially could be abused by somebody without them having much recourse? Yeah, I mean, I think, so there's sort of two separate questions there, right? The latter part, I think, you know, yes, people should be wary, right, of their, all of their data and transactions in their digital life, but especially if it's going to a country that's like pretty cavalier about privacy, if that's an issue for you, and the US is. So I agree with you on all those things. As far as whether the, like, this will become an issue for the US public, you know, before the show, I really tried to think about that. And it's really not on the political agenda now. So I asked myself, well, what would put it on the political agenda? And it would take, like, some kind of catastrophe or something really, really visible to make that happen. And then I thought about it and said, well, something like that is happening. There kind of is this ongoing catastrophe occurring when you think about, like, the scams, you know, that we're talking about, there's the sheer volume of scams and the number of victims and everything else. And yet that doesn't, you know, turn the page, I think, because people don't, it's a complex issue, right, that people don't understand well. And then, if I come back, you know, to some of the other themes of the show, if you think about, like, how much we've talked about stir shaken, and how much money and time and effort has gone into that system, and all the flaws that we're talking about, and that we'll talk more a little bit about today. How much energy has been put into that, and relatively how little has been put into data protection in the US, by comparison, I think, right? Like, there isn't a similar banner being held up for reasons I don't necessarily understand. And so, I just find that to be really odd, and inconsistent, and maybe even reckless, right, to that point of view. So, again, do I think the US public is going to do anything about it? I don't think so, because I just don't think anyone would understand what to, what do you do? You know, maybe that's what we're supposed to tell people on this show. But what's the barriers? What's the barrier to the US federal government simply copying what's been done in Europe, and hence providing consistency from state to state to state, so we don't have this? I find it strange, and you know, Lee's already commenting on this, I find it strange that this is being dealt with at state level within the USA. And yet, this is a problem which can't be solved unless you're conscious of the difficulty created by the fact that data can travel anywhere in the world. If you move data from one place to another, you have to have the same principles applied to protecting that data in the other place you move the data to, otherwise, the rules you have in one place become redundant. So, for me, it would seem to be this very little point to having a federal government, unless a federal government is the kind of government dealing with an issue like this. This is clearly not to do with what's suitable for local people who live in Pennsylvania, or Alabama, or Arkansas. This is obviously a federal government issue. So, explain to me as an outsider, why isn't the federal government able to act on this topic in the USA? I wish that I understood. I mean, I honestly, I follow this. And it's just a really weird, murky crossroads, I think, of a lot of strange political angles, from conspiracy theories to the Ed Stoden stuff you talked about, to this like fierce, rugged individualism, you know, thing, which you'd think would make people more worried about data privacy, but somehow it makes them more opposed to having any extra regulation, right? So, it's a really bizarre conflict of ideologies that just sort of leads to this, this ongoing inaction, I think, probably because no one would benefit politically from championing it, or they would have done so, right? And again, it's probably because it's too hard for people to understand, unfortunately. Yeah, go ahead. I mean, when you mentioned people not politically benefiting from it, I'm very, you know, I'm very cognizant that Ro Khanna, a very successful, very powerful senator in the USA, led the campaign to get Bernie Sanders nominated for the Democrat nomination, is often considered to be a likely nominee, Democrat nominee for future presidential elections. Huge backing from the West Coast, where he's got tremendous support amongst high tech businesses, often considers to be one of the leaders in terms of articulating what needs to be done in terms of regulation law around the technology industry. Even he, given where he comes from, you know, the wing of the political factions in the USA, that's more likely to be keen on government intervention. Even he said GDPR would be too extreme for the United States of America. He talked about the GDPR, I think he used a kind of metaphor where GDPR would, if it was ranking 10 in terms of the extent of the provisions put in place, the USA needed something like 5 out of 10, rather than 10 out of 10. And I found that very strange, because, again, my simple understanding of US politics there, this is surely somebody who should be ideally placed to say, well, we should be having all the privacy rights that Europeans have, rather than making the case that Americans don't need all the privacy rights that Americans, that Europeans have. Well, I may be standing up just for the interests of corporations that don't want to spend the money to implement and have to comply with a new thing. And I don't know that the argument goes any further than that, because it doesn't hold water. It doesn't make sense for the exact reason we just, I'm actually annoyed by it, you know, for the exact reason we just talked about, you know, like on the stir shake inside, they'll specify the heck out of that thing and force it on everybody. Sure. That's not too much. This technical standard that only works on SIP, you know, we're going to get into it. That's not to put GDPR, which is like a list of 10 recommendations of how you manage data and databases and how you tag things and what you're allowed to not allowed to do and when you have to or not have to get consent. That's too much. Right. To build into a website and a database. I mean, come on. That's ridiculous. Ridiculous. Okay. Okay. Hold that thought. We'll, we'll, we'll, we'll spread the pain by being critical about some Europeans where we come back after the short ad break, because each week we have our sponsored features. And the first sponsored feature is from our friends at Symmetry Solutions. Now their PRISM fraud intelligence team provides us with an interesting fact of the week. And this week's fact relates to the scams that play customers of phone companies. A snapshot of data maintained in Symmetry's PRISM database shows there has been a 114% increase in toll-free numbers offered to fraudsters since April of this year. Not a very long period of time for such a huge increase. These numbers are being used to dupe ordinary phone users into transferring money or sharing their personal information. Criminals may be switching to toll-free numbers because ordinary people are more inclined to trust those numbers and call them back. Are you worried that your business might be carrying scam calls like these? Do you need new intelligence about the numbers used by scammers so you can block these calls proactively and protect your customers? Then contact the PRISM team at Symmetry Solutions, and they'll help you shut down these calls before anyone is harmed. The URL SymmetrySolutions.co.uk. Now back to the chat here. So let's pick on the Europeans a little bit here. Lee, I'm going to bring you in on this one. 5% of all known GDPR fines. Now, again, I emphasize that not every authority publicizes every GDPR enforcement decision, but most of them publish most of them. Let's put it that way. 5% of all the known GDPR fines have been issued to Spanish telcos. That seems remarkable to me. In fact, Spain's Data Protection Authority has issued more fines to telcos than most national authorities have issued GDPR fines to any kind of business. 30% of all the GDPR fines that have been known to have been issued have come from Spain. So my question to you, Lee, is there also a problem here that some regulators, they're going overboard? Is the Spanish regulator here, by the very fact that they're issuing way more fines than other countries, is this an indication that they are finding trivial things that most other regulators would say there's no real need to have a fine here? Look, you have to comply with the laws, right? No matter where you are in the world, right? So, whether you're in Spain or somewhere else, or whether you're in Asia, a company which is processing data of an EU citizen, they still have to comply, right? So, for me, and I mentioned this earlier, it's actually the issue here is about the enforcement and having this lack of this global authority to clamp down on non-compliance, right? Now, I just want to kind of expand this a little bit further onto a related topic, right? Now, I know a country, right, it actually has a national identity card, right? And everything that's related to the government, right? So, things like health services, immigration, access to telecommunications, right? So, services like immigration, access to telecommunications, this type of stuff, even the banks, when they send you messages, they encrypt that data or they password protect it using the last six digits of your national identity number, right? Now, the problem is this, is that the demand, right, to prove your identity, right, has crept into almost every, it's like day-to-day activities. So, things that if you're receiving a parcel from DHL, you have to give them your national identity card. If you're going to go to a store, you want to get a loyalty card, right? Again, you have to show them your identity card. And basically, you have, they take a copy of it, but then you have all of this information, right, which is kind of stored on these insecure databases, which are all over the place. And these are liable to get hacked, right? So, you have this kind of classic example of how the misuse of personal information, right, which was actually originally designed to prevent identity fraud, right, that ends up becoming an enabler, right, if you know where to look for this type of information. I think you make a very valid point here, but I want to come back to this question about, is Spain out of line? And I know you're not an expert on the Spanish market, so I'm not asking you for analysis there, but let me make the following observation. Vodafone, their business in Spain, has been fined over 70 times for GDPR violations since those rules came into effect in 2018. The UK, never been fined once. It seems to me improbable that the business that they're running in Spain is so much more terrible than the business that they're running in the UK, in Romania, in Italy, my point being that they're getting fined a lot more in Spain than anywhere else. And in fact, Spain is handing out a lot more fines than whole countries hand out to any business whatsoever. So there's something out of line here. My question here now to you Lee is, if you were say working at group level for a telecoms operator, you can't not comply with local laws, you'll comply with local laws. But if you're working at group level, wouldn't you just say to yourself, let's avoid doing any data processing in the country that hands out all the fines. We'll just make sure that whenever we have a choice, we'll do our data processing somewhere where it's a lax, lenient environment. Isn't that the danger that even when fines seem like a good thing, all that it does is it acts like a flag saying don't process data here if you can avoid it, put it over there in that country where nobody ever gets fined. Yeah, look, you've made a very good point there that there are some group companies which operate in Spain, which also operate in the UK. So you'd probably expect, if it's a group mentality, there's group policies. Yeah, it's pretty much done on, you know, it's done, it's done on the same way. Now, it comes back to is why are 5% of the fines then in Spain on Spanish telcos, but not in UK telcos, right? And is this because in the UK, they're not enforcing, we don't have this, there's no, there's no compliancy check? I don't know the answer. And I can't, I don't want to speak on behalf, because I don't know too much about these situations. But you make a valid point, Eric, is that these are group companies, yet in Spain, Spanish telcos seem to have an issue with this, but it's not replicated across the rest of Europe. And apologies to Vodafone here, I don't mean to just pick on them. My point would also be the other groups like Telefonica, they're more likely to get fined in Spain, then they're going to be fined in other countries too. So again, even that pattern suggests is to do with the enforcement regime, rather than the just particulars of the business. Guys, I'd like to keep on talking about data protection, but time keeps marching on. And we have this superb interview lined up with the guys from Anatel. So before we bring on those guys from Anatel, let's just quickly have another sponsored feature. Every week, Geoffrey Ross of Call Authentication, Fraud Prevention and Geolocation Specialists, OneRoute, takes us on the tour of the world in our phone. This week, we're going to Singapore. Roll VT! Hey everyone, from OneRoute, I'm Geoffrey Ross, and this is the world in your phone. Let's talk about Singapore. The skyscrapers, nightlife, cleanliness, and beautiful architecture make Singapore ideal for anyone to enjoy. Singapore is a massive city and country with so much history and facts to learn. But did you know that in July 2023, the Infocom Media Development Authority, IMDA, announced that the city-state's three main MNOs will fully retire their 3G networks by July 31, 2024. This comes as a result of the legacy technology largely being replaced by 4G and 5G, and less than one percent of connections in Singapore are currently for 3G. It'll be interesting to see what other countries follow suit in this short timeline as the next generation of networks continues to expand globally. Some other interesting facts that I found was Singapore is one of three surviving city-states in the world. Singapore doesn't have a capital city, since it's a city-state, a country that is literally just a city. The other two are Monaco and the Vatican City. Singapore is made up of 64 islands, and the Lion City's symbol is the Mayor Lion, a half-lion, half-fish creature. Singapore held the world's first Formula One night race, and it holds the Guinness Book Record for the longest human domino chain, which was comprised of 9,234 students, and was set in Singapore in 2000. Be sure to subscribe to OneRoute on YouTube, where you can catch up on the world in your phone, and watch the OneRoute Roundup, the show that spotlights individuals and companies making a positive difference in the telecom industry. One more fun fact I found out about Singapore, the World Toilet Organization was formed in Singapore in 2001. This was after the city-state proposed making November 19th the World Toilet Day. On that note, Eric, back to you and the Communications Risk Show. Cheers! Thanks, Jeffrey, and good on you and Singapore for highlighting the importance of sanitation. Like many of the topics we discuss in this show, it's easy to take sanitation for granted when you already have it, but it makes a huge difference to the quality of life, which leads me nicely to the topic of hygiene for communications, and more specifically, the need to keep our phone networks from being clogged up by bad and unwanted calls. I spoke earlier with Gustavo Borges and Sami Benakouche of Anatel, the telecoms regulator in Brazil, and they were telling me about Brazil's plans for clearing up a lot of the spammy and silent calls that plague Brazilians. Other countries should take note because there are some very significant differences between Brazil's plans for reducing unwanted calls and the measures that have been proposed and adopted elsewhere. With a population of over 200 million people and more unwanted calls than any other country, there's a lot to be learned from the Brazilian experience. I'm also keen for your audience feedback, so do continue to leave your comments, get typing away at your keyboard whilst the interview is playing, and we'll read them out afterwards. So without further ado, here's the interview. Roll VT. Hello Gustavo, hello Sami. Thank you for joining us from Brasilia, where you both work for Brazil's communications regulator Anatel. Now Gustavo, you are the Superintendent of Control of Regulatory Obligations at Anatel. Sami, you're a manager in the Control of Regulatory Obligations team. Those are the English versions of your job titles. I appreciate you're taking the trouble to discuss the exciting work you're doing in Brazil so it can be understood by our international audience. Of course, the problem of unwanted nuisance calls is high on the agenda in very many countries, so it's really good. I really appreciate that regulators like yourself are taking the time to explain to regulators and communications providers in other countries what you're doing, the unique approach you're following in Brazil. It sounds absolutely fascinating and when I've spoken to people around the world about the work that you're doing in Brazil, people are really keen to learn more about the approach, so I really appreciate you taking the time today to speak to us. Now, Brazilians receive more unwanted phone calls than any other nationality. Can you please explain, beginning with you Gustavo, who is making all of these phone calls? Where do they come from? Are they from telemarketers? Are they from scammers? Do they originate inside Brazil or are they international calls? Hi, Erick. First, thank you for the invitation to stay here and talk about the subject that challenges us daily. First, it's important to mention that the most calls originate in Brazil and, in your case, the previous recorded calls are not representative, which defers our challenge from other countries. Our biggest problem is related to the call center industry in their activities of sales or debt collection, which tariff inappropriated prices. They are using random numbers to force consumers to pick up the phone as they don't know if it's an important call. Also, this practice is spoofing, so it's not good to the telecommunications health. Also, the call center industry is using predictive software that triggers a certain volume of simultaneous calls already considering the attendance rates as a solution to keep their work team productive. But the season's experience became awful, receiving incessant calls from random numbers that often, when answered, do not produce communication and are disconnected when the software already acquired the attendance and abandoning most of the calls triggered. That's our problem. Sami, do you wish to jump in here as well and comment on this? I'm particularly interested here in terms of the fact that there's some spoofing, though I also understand that there's an 0303 number range, so these are spoofing numbers in that range or outside of that range? Well, to the first question about the calls, Gustavo has already touched on it. One thing that you mentioned about talking to people in other countries and other regulators, and of course that's something that we looked at to do what we're doing, and we noticed really early that the situation in Brazil is different for a lot of reasons that we'll get into. But, for example, if you look at the States, if you look at the UK, you guys get a lot of calls from other countries that speak English, so you have a lot of scam calls and telemarketers and whatever that they do speak English. So in Brazil, mostly the calls originate from Brazil, just because not that many people speak Brazilian Portuguese, so that's the main reason we are dealing with telemarketers and scammers specifically from Brazil, which kind of helps, I guess. And what you asked about the 0303 and what was that? I'm sorry if you could repeat. So to explain 0303, that's the number that telemarketers are supposed to use in Brazil. When we talk about spoofing numbers, are the people doing the spoofing spoofing 0303, or are they spoofing a completely different number instead? Just me, they were using aleatory numbers, but then Anatel has prohibited these calls and determined operators to block these calls of random or unregulated numbers fighting against these spoofing methods. So nowadays they are using the 0303, which is a number, a specific number that Anatel has determined to be used in the sales calls in Brazil. Right, I see. Thank you for explaining that, Gustavo. So staying with you, Gustavo, when a call begins 0303, so it's using this special range for making sales calls, making telemarketing calls to people, how many of those calls are actually picked up by Brazilians? Once the citizens know that the 0303 are for sales activity, there is a low response rate. The numbers indicate cases where the success rate on useful calls is about 5%, 10%. It's a little bit. Call centers are calling 100 people to get five calls answered. 95 people were connected without the work team being able to respond. And so they use software that calls to a lot of people trying to get five. And so 95 people were contacted without attendance to maintain a conversation. And Gustavo, is this therefore related to, I understand there's a problem in Brazil with calls lasting less than three seconds in duration. There's supposed to be very many calls that have this very short duration. Is that connected to what you're saying in terms of these automatic calls that nobody picks up? Yes, perfect. What we noticed is that it is automatically dealers are receiving already considered that 10% of the calls will be answered. So as soon as by all the answering capacity, they abandon the other calls already dialed. Some of the 90 of consumers try to say hello and pick up the phone and say hello, but the calls drops within three seconds. In the CDR, which is the database of calls in the network, we noticed that more than a half of the calls in Brazil had a profile of duration within three seconds. So this is what's going on. These are calls that abandoned by the predatory software. We do not produce communication cause nightmares in the consumer's experience. So each consumer receiving those enough calls a day with no communication objective is not a pleasant situation. So, and I tell determined limits on the volume of daily calls from the same originating company, as well as limits on unproductive calls. Telecommunications operators were required to monitor these limits and block companies that exceed these limits for 15 days. As a reference month prior to the decision, we had 28 billion calls on the network on which 18 billion workshop calls, 60%. In the same month of the following year, this year already, we are around 21 billion total calls with 10 billion short calls, almost 50%. That represents a reduction of 8 billion calls by month or 96 billion calls by year. That's it. Yeah. It's terrible. Sami, let me bring you in here because this, this sounds like a situation, which if you don't address, we'll only get worse and worse because you have the telemarketers. They want to get the call through the people, get annoyed. They don't answer the call when they do answer the call. There's nothing that no one's speaking to. So even more calls are made. So then people get more annoyed. It sounds like it's been in a downward cycle, perhaps for a while, Sami. Yeah, I think you said it perfectly. You can see a pattern. You can see that in the last, let's say decade, people have started to move away from voice calls and people have been using less voice and telemarketers and collection agencies, they still use it as a main way of contacting users and consumers. So what happens is like you said, people are using less the phone as a phone. They need to talk to you. So they will call you. People don't pick up because now we have caller ID and we know who's calling and people are in the habit of not picking up numbers that they don't know who they are. So what happens is telemarketers have to get assertive in the sense that, yeah, they have to use those softwares that Gustavo mentioned to make sure that, okay, if people don't pick up, let's call more people and then we'll talk to those who pick up. And then people stop picking up the same way and start blocking numbers. So they say, okay, so let's random, like let's poof random numbers so that the numbers that were blocked still go through. And you got into a cycle. You get into a cycle when these people need to talk, they will call more, people answer less, the less they answer, the more they call. And it becomes a little bit like a denial of service attack in the sense of people simply stop using the system. Yeah, exactly. And like Gustavo said, one of the things that we did was, okay, if you make that many calls a day, the user has to be blocked. So because you get to a point where it's like, okay, you are not trying to communicate, you are trying to spam calls. And just touching on another thing that you mentioned, the three seconds, one thing that's relevant, I think is there was an old regulation in Brazil that said, that was from the times where calls would get dropped when calls were charged by the minute, by the second, there was a rule that said, okay, if your call gets dropped, if your call gets dropped in under three seconds, it's not billable. Just because people would be calling somebody, the call would get dropped on pickup. And then they would have to call again and pay twice. So three seconds, we felt at the time that it was something reasonable to, okay, this is not a communication, this can't be built. And then companies just seized upon it in the sense that, oh, so we can make all these calls. And those that we hang up before three seconds, we won't be charged for them. So of course, last year, Anatel worked to remove that regulation. So that regulation is no longer working, is no longer under act. And now all those calls have to be called, have to be charged. So yeah, it is the cycle that you mentioned. Yeah. Good idea. And that's not the only area where Anatel has been active. So let's talk about something else that's also new this year. So earlier this year, Anatel launched a web portal called, and please forgive that my Portuguese skills are not like your English skills, Cal Empresa Miligu, which company called me? I hope I said that correctly. Thank you. Thank you. So this portal gives Brazilians the opportunity to check which business is behind the phone number used to make a call that they didn't want to receive. Gustavo, what was the thinking behind providing this portal? And how do ordinary people use this portal, Cal Empresa Miligu, in practice? The portal is about important users, about knowing who has reiterated a call then, and which company was irritating them or being a nuisance. So people in Brazil got into the habit of blocking nuisance calls, but some companies just use different numbers. So we felt that important then to know specifically which companies were calling them was an important step. Knowing who is causing that nuisance is useful to complain to the company directly, or in consumer protection bodies or in court. So I think that this portal has some audience. It's not a big audience, but those who are using it, they take the information, they go through the bodies, making complaints, and it's a good thing that those companies were not being affected by this behavior. And now they are being asked to change this behavior. I see, I see. So I could say it's a thing, it helps, but it's not the big thing. Let's talk about the big thing. Now, Brazil has a telemarketing association that includes the businesses which run the big call centers. In English, we would call that association the Association of Brazilian Teleservices, ABT. Viewers in the USA, they would find ABT to be similar to something they called the Professional Association for Customer Engagement, which was previously called the American Teleservices Association. Now, it's been reported in the press that ABT volunteered in Brazil to implement and pay for stir shaking in Brazil. Before we discuss the detail of what will actually be implemented, Gustavo, can you please help me to understand, why did ABT volunteer to pay for this technology to authenticate calls made by their members without being forced to do it by you, the regulator, Anatel? It's an interesting situation. When Anatel's blocking measures were adopted, the call center industry felt the brutal drop in the results, and they sought out Anatel supporting the sanitation measures, but looking for solutions that would enable the maintenance of their industry. Identified and authenticated calls help the Brazilian case, importing consumers even more with more assertive and online information about who is calling, its difference about the portal, and the SUSEX rate in answer calls tends to be higher than when using generic numbers like 03, 03, or random numbers. If you know who is calling, maybe you could be more okay to pick up the phone. When they came to us asking for the solution, we warned them that it was very expensive, so they looked for suppliers to understand this expensive and to evaluate the possibilities, and then they understood that it was possible to divide the central investment between the different companies considering the billions of monthly calls, and then they proposed the implementation to Anatel. This was an important, provocative movement, but there will still be high investments in the network. The biggest problem is the investment in the network, so the strategy we set up to deal with the internal costs needed to network evolution was that offering identified and authenticated calls is not mandatory, so it's not an obligation, but an option for each telecommunications company, but this option is encouraged as call centers that use identified and authenticated calls will not need to use the specific number 03, 03, so they will be very interested in using it. The telecommunications company that does not offer SteerShake, and that is the solution that we are implementing, will naturally be losing out to the competition. In this model, call centers companies want to use SteerShake to upgrade attendance sources, and the telecommunications companies that do not offer this solution will lose market share, so there are companies with IP and basic, very plug-in to the solution, low costs to offer this, and they will be offering it. The major operators that are very long-term, TGN-based, they will have some problems with that, but they will handle with it, they will make investments in the part of their networks to attend call centers, their clients, so I think that's a market solution. Amazing, yeah, amazing, sounds incredible Gustavo, and Sami, let me bring you in here as well, because I'm not aware of any country where so much is being driven by the businesses in the marketplace, so much is coming from the marketplace, and the regulators working with the marketplace, as opposed to just imposing the solution, so we have a situation here where the big call center firms, they want the calls to be connected, so they're saying rather than use these 0303 numbers, we will voluntarily implement this technology, so that when the customer sees the handset, the number ringing, they also get the confirmation where it's coming from really, so they have some confidence which business is calling them, which increases the chances that they will answer the call, but also interestingly, the market forces also is being applied to the telecoms business, because if they don't support the supply of this information to the customer, the call center probably doesn't want to be using that business as much as they can, so Sami, this is something that just happened organically, or is, I mean, what's the process like in terms of, was it just that the telemarketing companies came first, and then there was a need to respond from the telcos, it sounds amazing that you managed to find this consensus in Brazil, when other countries they really struggle with this. Well Eric, to be honest, I wouldn't say organically, because we have been working on this and discussing this with companies, with regulators, with stakeholders for a lot of time, for a long time, so it is something that you kind of like, like I said in the beginning, you look at how other countries are doing it, how, what works, what seems to not work as well, and you end up looking for different approaches, and what we noticed was exactly like you said, you have a heavy user base, like we said, it's 20 million calls, 20 billion calls a month that they want that call to go through, they need to reach their audience, and they are a big, they are a relevant player in terms of consumers for the company, for the phone companies, so you have people that need to make those calls, and like you said, the companies know that they, if they don't get into this framework of authentication and identification, those big users won't be there, they won't, they won't be on their networks, and on the other hand, one thing that I think it's relevant to also, is like we, also like we talked about, people, the level of irritation, and the level of just lack of peace for consumers, got to a point that I think that the providers realized that being able to say, oh, we are a company, that if you are our consumer, our consumer, you will get safe calls, you won't get scam calls, you will get identified calls, this is something that is interesting, because in the end, it's all about adding value to the service, to a service that today is not like it was 15, 20 years ago, and you add value to it, because there's still people interested in it, and then you say, okay, this is the value that we're adding to it, the people that are interested can get on, can get aboard, the people that don't want to, you don't have to, and we kind of hope and feel that this meeting between the people that need to use the service, the service, and the people that are interested in it, will be enough to show people that, okay, if I don't get in, I'm staying behind. I think you're right, I really admire the way you've done this, I appreciate, I make it sound like it's organic, it's easy, I'm sure there was very many conversations to get to this point, but this is why I admire what you're doing, and I think it's very important to show as an example to other countries, because there will be sometimes in other countries, a skepticism, a disbelief that it's even possible to arrive at this kind of agreement between all the businesses involved. Sometimes they just don't have the belief, and they just say, we will impose the solution, but if you can find a solution that everybody will agree to voluntarily, then there is a greater chance that I believe that it will actually succeed in practice, because then people are all working towards making it a success, rather than, forgive me, sometimes happens in some countries, people play games, I didn't want it to succeed anyway, so they do some things that induce the chance of it succeeding. So I think this is a great example that I expect other countries will look at closely, in terms of when they're having their conversation, and people say, we can't do this, we can't do that, they'll be saying, but look at Brazil, this is a big country, they were able to find a way forward, we can be finding a way forward by talking to each other. Now, forgive me, my next question is a very involved question, and it's to do with the technical detail, because the words stir, shake, and get used a lot, but sometimes they're not always used in exactly the same way. So I want to be very precise with this question. Now, stir, shake, and refers to two sets of standards. Stir is from the Internet Engineering Task Force, the IETF, and shaken is from the Alliance for Telecommunications Industry Solutions, ATIS. Most people know about stir, shake, and because the US regulator made it mandatory for all calls over IP networks in their country. So their rule only applies to IP networks, because the stir digital signature is transmitted in band using SIP signaling, and only IP networks have SIP signaling. We've already said that Brazil is going to be different because ABT wanted to voluntarily implement authentication, and because the telcos, you rely upon market forces to encourage them to implement in the country. Am I also correct? Please explain to me if I'm wrong. Am I also correct in my belief that Brazil intends to use some of the same technologies USA, but you will allow the signatures to be sent out of band as opposed to requiring it to being in band? Was an out of band version of this technology chosen to overcome the problems the US has with IP networks, or am I mistaken in my understanding? Gustavo? Just the information before. After some debates, the model that won was to have a governance group composed of Anatel telecommunications companies and the call centers industry, like ABT. This group directed the guidelines to implementation group, and so this implementation group has led by ABR. ABR is an association of telcos operators, so the costs of centralized solution will be divided among the telecommunications companies, which will naturally charge the call centers company for the added value of authenticated calls. So nowadays, ABR is implementing this solution. And about your question, implementing the solution in Brazil has to take into account that Brazil has a part of its network that is still TDM, no IP-based. For a call to be identified and authenticated, therefore, it's necessary that the origin and destination company are able to establish a flow of generation and verification of tokens. Even if a company in transit is TDM, it's possible to check at the destination company of the call with token management that the call data has not been tampered with. We already have an agreement with the largest traffic generation companies in Brazil and also with the big telcos in mobile telephony, signing the contract with the vendor and dividing the costs of the centralized solution. So the contract will be signed today. Today, good stuff. We're hot news, we're hot news. And I'll be sure to include in the details when the show goes out, the details of which companies have won that contract. So Sami, I'm still not entirely clear. Help me out in this in terms of will the signatures been applied in cases where part of the call is being carried over a TDM network as opposed to an IP network? So I think Gustavo has a point. You raised your hand. Yes, go ahead Gustavo. We'll have a flow for calls that involve IP-based providers, fully comply with still shaking solutions and an out-of-band flow for calls that go through companies with TDM networks and comply with the OOB, which is not a variant but a delivery mechanism of still shaking. It's defined in the specification by 80s. So the solution in Brazil will be interoperable with the USA, Canada and France. Okay. So both in-band and out-of-band methods will be used in Brazil. Yes. If I can add something, Eric. I'm not the best technical person. I'm not an engineer. I'm a lawyer. But just going back to what we talked about is Anatel made it known that, okay, those calls can be offered. They can be made available to users to add that value that we mentioned. But it's not whatever different company can just pop up and offer this kind of service. Because when you're talking about network security and authentication and things like that, it does have to be like some kind of centralized structure. Otherwise, the identification part of it and even the authentication part of it becomes a little bit complicated. So what we did was, okay, those services can be offered and they need to reach certain levels of reliability, of authenticity. And then the company, the phone companies that are interested in it, we are having currently pretty much daily, weekly meetings, technical meetings, in which they are looking at their own network and looking at the technical provider that they have selected and looking at the networks and saying, okay, how can we make that work? So it will be complicated for Anatel to just say, okay, you're going to use those technical specs, those technical manners of looking at it. Because to be honest, we don't know the network, the phone company network as well as they do. There's a lot of different phone companies. So it was the same thing. It was, okay, we need to get there and we need you all to get together and figure out a technical way that your networks can handle and at the same time gets to where we need to go. So like Gustavo said, when you look at TDM networks, and you look at the way American Stir Shaken works, with the need of the header and the token and everything to go through the network, the solution that was found was the possibility of part of it going out of band and then being reunited at the end of the call. I have to admire what you're doing. So I want to be very clear for the sake of the audience listening to this interview. It's not just that you are implementing Stir Shaken in Brazil, you're actually going technologically in advance of what's been implemented in other countries for Stir Shaken. Because although it's not mandatory, it's voluntary for the businesses doing it. I don't believe there's any large scale implementation of an out of band solution for Stir Shaken anywhere in the world. The only solutions that have been implemented in countries like the US, Canada, France is the inbound solution, not the out of band solution. So in that sense, you are leading the way. And I can imagine, I'm not an engineer, but I can imagine this is going to be technologically challenging. This is some new work, never been done on this scale with networks before. But at the same time, it proves that the idea can be applied across all phones, all networks. Because if you don't do it with the out of band solution, then a lot of the value is lost, because you're already very limited in which calls this technology can be applied to. So I think it's fascinating that you are going down this route. And that's another reason why I expect other countries will be following very closely the technology of the implementation. But I won't pressure you for more about the technology. We'll bring on some Brazilian engineers in the future to discuss the technology with us in the future episode. Coming back to payments, Gustavo, who pays for the solutions here. Now, you mentioned that we talked about ABT volunteering for Storeshake and wanting Storeshake. And then you mentioned, of course, ABR Telecom. Also, now there's a model here in terms of how the costs will be allocated between the businesses. As a regulator, how easy was it for you to get everybody to an agreement as to how the costs would be applied in practice? Look, the call center industry sees the identified calls as the reception of their business. So they are in a hurry. And that's why they are being so dedicated. However, the implementation of Storeshake involves investments in their networks. And it's a security thing. It's not a simple thing. It's a complexity of project. And so once operators asked for leadership and committed to speed implementation, it was the most natural path. So the operators saw that the investment would be covered by the added value in their calls. So with demand, they may offer the solution. Fantastic. And Sami, bringing you in here again, this model that's been applied in practice for managing the costs, is that publicly aware? I'm thinking here that other regulators may be interested in seeing how the costs are managed in Brazil, again, as an example that they may want to follow. It is ongoing. The negotiation between companies and between the provider, the technical provider, everything is ongoing. It's moving. And I'm sure at some point, some of it will be available. I don't know, because at the end, you are looking at financial information and technical information from networks. But the good news is that it is going. And just touching back on something that you mentioned before, which was how easy was it to get everybody involved? I think, of course, it wasn't easy. It took a long time. But it was just the perfect moment between, like we said, the service losing value, those big, heavy users, those telemarketers, having to make 100 calls to talk to five people, that's expensive for them. So I'm sure they did the math and it was like, OK, I might have to pay more for a call. But if I get from 5% to 10% people picking up, that's twice as much business as I'm doing. If you have those 5%, because we know that there's people that they have to answer every call just because of family situation, work situation, and there's people that won't answer any calls if they don't know who's calling. But there is a lot of people in the middle that will be like, OK, if I had known that this call was going to be from my phone provider that wants to sell me a better plan, or this is from my bank that wants to tell me that there was an issue with my credit card and I can trust that, I will pick up the phone if I know who's calling. So it wasn't easy getting everybody to think the same. But I think it reached just the perfect storm of the heavy users needing it to be different. The companies, the phone companies, investing a lot of money maintaining that network and seeing that, OK, it's not getting as many calls, completed calls as we want. And at the same time, user complaints. Because the truth is, if your phone, if you get 10 calls a day, and you don't know which company is calling you, you are going to complain to Anatel, you are going to complain to your phone company because you don't know who is calling. So that's one of the things of Qual Empresa Milagro is, OK, now you know that those 20 calls that you got, even though you're complaining to your phone company, it has nothing to do with that. It's just the user that is making those calls. So I think it was a lot of work to get to this specific situation. 0303 was something that let telemarketers know that they would have to comply to a different way of working. Anatel's blocking order for calls that were more than 100,000 a day was something that showed them, OK, this is something that we can just do however we want to. So once that pressure starts to, you know, accumulate on different points, then everybody just says, OK, we might be needing to find a new way to do business. It's so true, and I'm so glad that you've been able to make the progress you've had. I wouldn't expect you to share sensitive commercial details about how much people are spending for things, but I would encourage you to help regulators also in the world when there's an appropriate time, share some case studies, some knowledge about the way in general the costs have been split between the businesses so that this could again be an example that informs other countries to say it can be a rational self-interest that everybody pays something towards the cost of this rather than years of wasted arguing about the cost and then the situation gets worse and actually everybody's worse off. So let me finish today's interview. Again, I really appreciate your time, guys, for the time you spent today. Let's finish today. We talked a lot about the technical side, the commercial side, the regulatory side of authenticating calls in Brazil. Let's talk about the difference it makes to the actual ordinary phone user. What will they see when they have the handset and the call is ringing? What will they actually see on their hand? Will people still be receiving calls from 0303 as well as having these other calls, or is there some plan to get rid of 0303 in the future? So help me to understand, Gustavo, the impact on the ordinary person. Look, the model that Anatel is implementing is in another way different from the USA because our solution will be centralized and this will bring us control over the actors authorizing to generate, identify and authenticate calls in a simple way, as well as we can we can monitor their behavior. So it's easier to inspect their functioning. After testing the implemented solution and their effectiveness, verifying its suitability, the agents will announce to citizens that identified and authenticated calls have a lower risk of being associated with a fraud. Customers will be shown the caller's identification, such as number, name, brand and even the reason for the call. Call authenticating stamp will also be displayed. This is of great importance to recover the usefulness of calls in Brazil, promoting consumers with better information for their decisions on whether or not to answer the call. It will also be helpful to understand about the lower likelihood of fraud. Steer-shaking will not end the problem of massive calls, but if consumer knows which company is calling, there are ways to generate a report of evidence of the disturbance and claim their rights. This tends to inhibit companies that care about their reputation from promoting exaggeration in dialing and the use of useless calls. We are already talking with the handset manufacturers to synchronize the implementation with any updates they need to enable, like Apple and Samsung and things like that. The call center industry will not need to use O3O3 if they use the identified calls and it's a good thing to everybody. As more than half of calls in Brazil has been related to call center activity, we imagine that by next year we could reach between a quarter or half of identified calls in Brazil. Like we have said, there are legitimate businesses that still rely a lot on voice services to communicate, such as banks for dealing with their clients, telemarketers, companies to sell products and services, and collection companies to go after credits that are due. Today, the pickup rate of phones in Brazil is very low, so we believe that adding value to those phone calls would benefit not only those companies, but also and especially the consumer experience, so it's a big deal. It is a big deal. It's a very big deal because, again, you're being very advanced in your approach. Some businesses will still use O3O3, but those businesses that move ahead with the new technology are also going to have the phone user, the phone recipient, seeing the brand, possibly the reason for the call as well. Again, this is very advanced, Sami. I don't know if you looked at this when you were reviewing the options here. This is something that has been discussed in some countries, some ideas around doing this, but it seems like there's no shortage of ambition, let's put it this way, in Brazil. This would be a very radical change for the user experience in terms of how they see calls and therefore which calls to trust when they receive them, Sami. Yeah, I mean, that's the plan. That's the aim, to be ambitious and to look for ways to better everything, to better regulate telecoms, but for users to have a better experience, but at the same time for phone companies to be able to do their business and provide those services. So, yeah, it is a bit ambitious, and to be honest, it is a little bit of the advantage of having other experiences to learn from. This is something, it's not, call identification is not something new. So, being able to look at other experiences and learn from them and take the good part of it and try to solve difficulties, it is easier to arrive a little bit later sometimes because you do have a little bit of a roadmap, but then you kind of have to work on your specificities because Brazil is a really big country with a really big network. So, yeah. Don't be modest. Don't be modest because we've been hearing stories in the USA, some problems with the labelling of calls, so calls incorrectly labelled. So, again, don't be shy. This is a lot of ambition. Even if people have attempted to do similar things, they haven't always completely succeeded when they've done it. So, let's not be shy about ambition. One very quick last question for you, Sami. Does the end user know this is coming? Have they been aware? Are they informed about these changes yet? Or is that still something that they're going to hear about in future? Just another, before I answer you, I'm sorry, before I answer you, just another thing. Like you said, it is ambitious. It is complicated, technically complicated. So, to be honest, I'm sure there will be mishaps, there will be difficulties, there will be adaptations that will be needed. We are in no way thinking that the implementation will work perfectly from day one and then just solve everything. I think call authentication and identification would be a great, a big step in empowering the users, would be a big step in fighting scam calls. But we are not under the impression or the delusion that that would just magically resolve everything. So, it is just a big step. And what was the original question? I'm sorry. Well, the phone users, are they aware of the changes and how it will affect them yet? Or have they yet to be informed about it? Okay, there have been news about it. If you go into the specialized media or telecom media, and even some places it has been talked about, I wouldn't think a regular consumer knows about it yet. But I'm sure since it is market forces driving the initiative, I'm sure the phone companies will have every interest in marketing it before it comes out and positioning themselves as, okay, we are a company that provides this special value-added call. So, it will be made known. Today it is in the news, but it isn't something that is in the zeitgeist. Well, I look forward to seeing all the announcements that are made. And I'm sure that everybody worldwide will be taking an interest in this because one of the things about marketing is that people in marketing, they take an interest in what happens in marketing in other countries too. So, I'm sure they'll be fascinated in many countries to see whether this impacts, say, the rate at which people pick up their telephone, whether it leads to an increase in the success rate for telemarketing calls in future. And I'm sure everybody will be very keen as well to hear. I look forward to hearing from Anatole in terms of whether we also see a reduction in fraudulent calls, scam calls, and spam calls, and all of that as well. It's been a good conversation, Gustavo, Sami. I'm very grateful for your time today. We've had a very thorough conversation, but it's very exciting work. Thank you both for appearing on today's show. Thank you, Eric, and congratulations. You all have a good job, a great job on commsrisk. We are reading a lot of papers there, and it's very important to us to understand the problems that other countries are facing. And so, it's important to talk about, to understand the opportunities, to make difference. And so, thank you for this opportunity, and it's a great job from you. Yes, thank you for having us, for the opportunity. And you mentioned that maybe other countries would be interested in it and would be interested in our experience and how we are looking at things here. And we didn't mention in our answers, but just to make it clear, I think Anatel is really open to talking to other regulators and exchanging experiences. There's a lot for us to learn from other experiences. There's a lot, I wouldn't say teach, but share that we can share from the things that we have been going through in the last years. So yeah, thank you for having us. And also being here and talking and sharing this is also a really good opportunity just to get the word out and be a little bit more detailed on what the work that we're doing. Well, it's great work. And it's conversations like this that gives me the encouragement to keep going with Commerce Risk Every Day. So thank you again, Gustavo, Sami, I really appreciate having you on the show. I hope you'll be back on a future show and maybe talking a little bit more about the success as it gets rolling out in Brazil. Thank you again. Okay, thank you very much. Thank you, Eric. Well, it was absolutely a pleasure to have Gustavo Borges and Sami Benakouche of Anatel for that recorded interview. We're back again live. I think we have learned a tremendous amount from that interview. And for those of you who are waiting out for the information, it was mentioned during the interview. It hasn't been, as far as I know, publicly confirmed yet, but my understanding is that the contract for this work that's taking place in Brazil with the implementation of stir shaking both inbound and outbound in Brazil, that's gone to a consortium that involves both ClearTech and Newstar. But don't take my word entirely for it because I haven't seen it independently stated anywhere else yet. Guys, thank you for listening into that conversation. I'm really keen to get your feedback, your input, your observations about what's happening in Brazil, because I really do think it's dramatically different from what we're hearing elsewhere in the world. Ed, starting with you, are you surprised that Brazil's big telemarketing businesses volunteered instead of being compelled, they volunteered to clear up the problem of spoofing that occurs with calls made from call centers? Obviously, they're motivated to save their own businesses by weeding to save their own businesses by weeding out the companies that make the majority of bad calls. But nevertheless, I've not heard of any other country where the big telemarketing businesses have chosen to voluntarily take action in this area. If they saw that the wind was blown in this direction, from a regulatory standpoint, political standpoint, then maybe, and I don't know the history of that, but maybe that was part of why they got behind it more readily than they would elsewhere. But it doesn't surprise me at all, just in the sense that I think, even if in the end, what you end up doing is separating the bad spammers from the good spammers, you've accomplished something. And I think that telemarketers to some extent will benefit from that. And you made the point about how it's a centralized system, which means someone's deciding who falls on what side of the good and bad line, for simplicity's sake. And I think you want to cooperate because you want to be on the good side of the line, not on the bad side of the line. And so let me turn it around then. Let me turn it around then. You're in the USA, the Brazilian telemarketing association that was talked about during the interview, pretty similar to a big telemarketing association for similar kinds of companies in the USA. But we haven't heard about US companies doing this kind of work voluntarily. What would need to be done to motivate them further to them to be more proactive rather than just complying with what the law requires them to do? And in particular, I focus here upon the fact that we can tend to talk about technology quite a lot, but when it comes to things like know your customer controls, they're just as important too. So if you're running a call center, you're running a business that handles a lot of phone calls, generates a lot of phone calls on behalf of other people, there's got to be an obligation that you're aware of who you're working for and what messages are going out to people. So why aren't we seeing that voluntary willingness for those companies to preserve themselves in the US market? Yeah. I mean, I think it's a legitimate question. I'd like to understand better why. I think the thing that stood out to me from the regulators perspective that was really important from that interview right in Brazil was that they may seem to make it clear that their goal is to make sure that the person being called knows who's calling them and maybe even why they're calling them, which I think gets a little bit out ahead of where the US is, which is sort of just like, let's verify if this is a number that lights up, which is kind of, it's almost like, let's make sure we don't step on any toes at all as we do this. We're just going to do something as neutral as possible. And I think it's a very different approach and maybe not as potentially not as effective one. It'll be interesting to see, I think what happens with the approach in Brazil. But again, I think the important point here is that we have to look at this from the customer perspective. The phone exists for your convenience, right? You, Eric, you, Lee, me, right? It's there for your convenience. It's really not there for the convenience of the telemarketer to make their sales quota. So that's the approach I think we need to take. And that's what I liked about what they said, which is like, let the person answering the phone, make a decision about whether or not to pick up. That's what we should be trying to solve. Leave it there. I think that's great insight. Now, Lee, you often work with telcos, but in the past, you've also given advice to governments, to regulators. You're at the forefront of what's going on in this industry. So they listen to you, Lee. And they sometimes hire you to write lengthy reports about what's coming up in the future and how they should manage their risks. Based upon what you've heard there, the Brazilian experience, would you give the recommendation to countries now to say telemarketing should go first when it comes to solving the spam problem? Rather than trying to have a universal solution to identifying good from bad cause, does it make sense to follow the Brazilian approach and say, why don't we clean up the bad telemarketing cause first by looking at telemarketing companies initially? And then when we've done that, we can start looking at the cause. Or is that the wrong way to go about it? I don't think there's a silver bullet to any of this, Eric. But I think it does make perfect sense that you would want to sort out the telemarketing stuff first. If you could get these on side, get them all coordinated. I think what they've done over in Brazil is that this is a great example of how everybody can come together to solve this issue. Slightly different in Brazil in that a lot of those calls originating from Brazil, whereas I think the US has a slightly different issue and the rest of the world. But yeah, I agree with you, Eric. I think it does make perfect sense. Sort out telemarketing first, and then you can deal with the rest of the stuff. Well, I mean, I think you're right there. Obviously, there are different countries, different profiles in terms of how much of the traffic is proportionately generated within the country, how much of it is proportionally generated outside the country. And yet at the same time, I do think there's perhaps sometimes a mistake to focus too much on the calls that originate outside of the country. Why? Well, those are the harder ones to deal with. They're harder to deal with to some extent. So maybe get your own house in order, first of all, and see some immediate benefits to consumers within the country, because it seems to me to make no sense whatsoever to focus on the bad calls that originate outside the country if you're not going to deal with the bad calls in the country. Now, that's not the experience, obviously, of countries where there's a really big difference in terms of how many very few domestic calls, very many international calls. Ireland, very clear, very explicit. They didn't think that there was going to be significant volumes of bad calls originating in Ireland. So their focus is on the international calls. But most of the countries that are talking about doing something in this arena, they're the larger countries. They're the larger countries with the bigger population. So I think that weighs heavily. Do you not think, Lee, in terms of you should always get your own house in order first before you start pointing fingers or trying to control things that are harder for you to control? Absolutely. I mean, you have to get your own house in order first, sort that out, and then you can deal with other things further down the line. Like I say, each country, from my experience working in different countries, you have different, there's different problems or issues in each particular one, and they all require slightly different solutions to fix those problems. Well, let's leave it at that. Thank you, guys. I really appreciate your feedback to that interview. And I do look forward to hearing more from Anatel again in future. That's all we have time for today. Next Wednesday, September 20th, the show will feature a live interview with Ian Deakin, Principal Technologist at the Alliance for Telecommunications Industry Solutions, ATIS. Ian will talk to us about quantum computing and why it's already a threat to the privacy of communications, even though quantum computers are not widespread yet. He'll also be talking about why businesses like Google and standards bodies like Etsy are already revamping cryptography to make it quantum safe for our calls and messages. Live broadcast will begin at 11 a.m. U.S. East, 4 p.m. U.K., 8.30 p.m. India on Wednesday. And if I've not listed your time zone, well, simplify the process of saving next week's live stream to your diary by clicking the appropriate link at our homepage, tv.com.com, or simply subscribe to the communications show broadcast and have it scheduled and have every weekly show added to your diary automatically. Thanks to my co-presenters today, Ed Finegold, Lee Scargall, who's going to be back next Wednesday. But Ed is taking a one week break. So filling his shows next week will be guest presenter Sarah Delphi. She's vice president of Trust Solutions at Numerical and formerly director of abuse and risk operations at Bandwidth. Thanks also to our production team, James Greenley and Matthew Carter. The show wouldn't be possible without them. This was episode four of the second season of the communications risk show. And I've been your host, Eric Priezkalns. Complete recordings of all our shows from this season and before are available from the communications risk show website, tv.commsrisk.com. Keep visiting our main site at commsrisk.com to stay up to date with the best source of news and opinion about risks in the communications industry. And there are plenty of free resources for risk managers at the website of the Risk and Assurance Group. Their URL is riskandassurancegroup.org. Thanks for watching. We'll see you next Wednesday.